Beruflich Dokumente
Kultur Dokumente
Objective
Configure a switch with a name and an IP address. Configure passwords to ensure that access to the CLI is secured. Configure switch port speed and duplex properties for an interface. Save the active configuration. View the switch browser interface.
Background/Preparation
Cable a network similar to the one in the diagram. Start a HyperTerminal session.
_______________________________________________________________
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 1
Step 8 Verify the management LANs settings (1900: Skip to Step 10)
Verify the interface settings on VLAN 1 as follows: ALSwitch#show interface VLAN 1 What is the bandwidth on this interface? ______________________________ What are the VLAN states: VLAN1 is __________, Line protoc ol is __________ Enable the virtual interface using the no shutdown command ALSwitch(config)#interface VLAN 1 ALSwitch(config-if)#no shutdown ALSwitch(config-if)#exit What is the queuing strategy? ______________________________________
Step 10 Examine the startup configuration file (1900: Skip to Step 11)
To see the configuration that is stored in NVRAM, type show startup-config from the privileged EXEC (enable mode) ALSwitch#show startup-config What is displayed? __________________________________________________________ Are all the changes that were entered recorded in the file? ____________________________
Tel: 5867776-5837968
Objective
Demonstrate the commands to enter a message-of-the-day (MOTD) on the router. This procedure allows all users to view the message upon entering the router. Set up a network similar to the one in the previous diagram.
Background/Preparation
In this lab the Cisco Discovery Protocol (CDP) commands will be used. CDP discovers and shows information about directly connected Cisco devices (routers and switches). Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session as performed in the Establishing a HyperTerminal session lab.
From the global configuration mode enter banner motd # message #. The _#_ signs are used as delimiters and the message_ is the banner message c hosen in the previous step.
Tel: 5867776-5837968
Objective
Create a basic switch configuration and verify it. Determine the switch firmware version. Create two VLANs, name them and assign member ports to them.
Background/Preparation
When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains . Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a Us er Interface Menu. Select the Command Line_ option from the menu to perform the steps for this lab. Start a HyperTerminal session.
Tel: 5867776-5837968
What version of the switch IOS is displayed? ______________________________________ Does this switch have standard edition or Enterprise edition software? ___________________ What is the Firmware version of the switch? ______________________________________
Step 13 Look at only VLAN2 information with a different command (1900: Omit this step)
Instead of displaying all of the VLANs type the show vlan name VLAN2 command at the privileged EXEC mode prompt. Switch_A#show vlan name VLAN2 Does this command supply any more information than the show VLAN command? __________ Once the steps are completed, log off by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Tel: 5867776-5837968
Objective
Create a basic switch configuration and verify it. Create two VLANs. Name the VLANs and assign multiple member ports to them. Test functionality by moving a workstation from one VLAN to another.
Background/Preparation
When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains. Cable a network similar to the one in the diagram. Start a HyperTerminal session.
Tel: 5867776-5837968
Switch_A(vlan)#vlan 3 name VLAN3 Switch_A(vlan)#exit 1900: Switch_A#config terminal Switch_A(config)#vlan 2 name VLAN2 Switch_A(config)#vlan 3 name VLAN3 Switch_A(config)#exit
Switch_A(config-if)#switchport access vlan 3 Switch_A(config-if)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config-if)#end 1900: Switch_A#config terminal Switch_A(config)#interface ethernet 0/7 Switch_A(config-if)#vlan static 3 Switch_A(config-if)#interface ethernet 0/8 Switch_A(config-if)#vlan static 3 Switch_A(config-if)#interface ethernet 0/9 Switch_A(config-if)#vlan static 3 Switch_A(config-if)#end
Enter into the privileged EXEC mode by typing enable. If prompted for a password, enter class (if that does not work, ask the instructor). Switch>enable Remove the VLAN database information file. Switch#delete flash:vlan.dat Delete filename [vlan.dat]?[Enter] Delete flash:vlan.dat? [confirm] [Enter] If there was no VLAN file, this message is displayed. %Error deleting flash:vlan.dat (No such file or directory) Remove the switch startup configuration file from NVRAM. Switch#erase startup-config The responding line prompt will be: Erasing the nvram filesystem will remove all files! Continue? [confirm] Press Enter to confirm. The response should be: Erase of nvram: complete Check that VLAN information was deleted.
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 12
Verify that the VLAN configuration was deleted in Step 2 using the show vlan command. If previous VLAN configuration information (other than the default management VLAN 1) is still present it will be necessary to power cycle the switch (hardware restart) instead of is suing the reload command. To power cycle the switch, remove the power cord from the back of the switch or unplug it. Then plug it back in. If the VLAN information was successfully deleted in Step 2, go to Step 5 and restart the switch using the reload command. Software restart (using the reload command) At the privileged EXEC mode enter the command reload. Switch(config)#reload The responding line prompt will be: System configuration has been modified. Save? [yes/no]: Type n and then press Enter. The responding line prompt will be: Proceed with reload? [confirm] [Enter] The first line of the response will be: Reload requested by console. After the switch has reloaded, the line prompt will be: Would you like to enter the initial configuration dialog? [yes/no]: Type n and then press Enter. The responding line prompt will be: Press RETURN to get started! [Enter] 1900 Series Switches Remove VLAN Trunking Protocol (VTP) information. #delete vtp This command resets the switch with VTP parameters set to factory defaults. All other parameters will be unchanged. Reset system with VTP parameters set to factory defaults, [Y]es or [N]o? Enter y and press Enter. Remove the switch startup configuration from NVRAM. #delete nvram This command resets the switch with factory defaults. All system parameters will revert to their default factory settings. All static and dynamic addresses will be removed. Reset system with factory defaults, [Y]es or [N]o? Enter y and press Enter.
Tel: 5867776-5837968
Objective
Create a basic switch configuration and verify it. Create two VLANs. Name the VLANs and assign multiple member ports to them. Delete VLANs Understand why it is not possible to delete VLAN 1.
Background/Preparation
When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.
Switch_A(vlan)#vlan 3 name VLAN3 Switch_A(vlan)#exit 1900: Switch_A#config terminal Switch_A(config)#vlan 2 name VLAN2 Switch_A(config)#vlan 3 name VLAN3
Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/7 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config)#interface fastethernet 0/8 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config-if)#end
To remove an entire VLAN, enter the VLAN database mode and use the negative form of the command. Switch_A#vlan database Switch_A(vlan)#no vlan 3 Deleting VLAN 3 Switch_A(vlan)#exit 1900: Switch_A#config terminal Switch_A(config)#no vlan 3 Switch_A(config)#exit
Tel: 5867776-5837968
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Create an 802.1q trunk line between the two switches to allow communication between paired VLANs. Test the VLANs functionality by moving a work station from one VLAN to another.
Background/Preparation
Trunking changes the formatting of the packets. The ports need to be in agreement as to which format is being used to transmit data on the trunk or no data will be passed. If there is different trunking encapsulation on the two ends of the link they will not able to communicate. Similar situation will occur if one of your ports is configured in trunking mode (unconditionally) and the other one as in access mode (unconditionally). When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains. Start a HyperTerminal session.
Switch_A#show vlan
Move the host in Switch_A from port 0/12 to port 0/8. Wait until the port LED goes green and then go to the next step.
Tel: 5867776-5837968
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Create an ISL trunk line between the two switches to allow communication between paired VLANs. Test the VLANs functionality by moving a work station from one VLAN to another.
Background/Preparation
Note: The use of Catalyst 2950 switches is not appropriate for this lab as they only support 802.1q trunking. Trunking changes the formatting of the pack ets. The ports need to be in agreement as to which format is being used to transmit data on the trunk or no data will be passed. If there is different trunking encapsulation on the two ends of the link they will not able to communicate. A similar situation will occur if one of the ports is configured in trunking mode, unconditionally, and the other one as in access mode, unconditionally. When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains. Start a HyperTerminal session.
Were the pings successful? __________________________________________________ If the answer is no, troubleshoot the host and switches configurations.
Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/12 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#end
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Configure the VTP protocol to establish Server and client switches. Create an 802.1q trunk line between the two switches to allow communication between paired VLANs. Then test the VLANs functionality by moving a work station from one VLAN to another.
Background/Preparation
When managing a switch, the Management Domain is always VLAN 1. The Network Administrators workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. Cable a network similar to the one of in diagram. Start a HyperTerminal session.
did not provide this information, VLANs would have to be created on all switches individually. By default, the Catalyst switch series are configured as VTP servers. In the event that the sever services are turned off, use the following command to turn it back on. Switch_A#vlan database Switch_A(vlan)#vtp server Switch_A(vlan)#exit
Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/11 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/12 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#end
Do VLANs 10, 20, and 30 show without having to type them in? ____________________ Why did this happen? ______________________________________________________
Switch_A#show vlan Are ports 0/10 through 0/12 assigned to VLAN 30? _________________________________
Tel: 5867776-5837968
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Configure the VTP protocol to establish Server and client switches. Create an 802.1q trunk line between the two switches to allow communication between paired VLANs. Then test the VLANs functionality by moving a work station from one VLAN to another.
Background/Preparation
When managing a switch, the Management Domain is always VLAN 1. The Network Administrators workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. Cable a network similar to the one of in diagram. Start a HyperTerminal session.
did not provide this information, VLANs would have to be created on all switches individually. By default, the Catalyst switch series are configured as VTP servers. In the event that the sever services are turned off, use the following command to turn it back on. Switch_A#vlan database Switch_A(vlan)#vtp server Switch_A(vlan)#exit
Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/11 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/12 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#end
Do VLANs 10, 20, and 30 show without having to type them in? ____________________ Why did this happen? ______________________________________________________
Switch_A#show vlan Are ports 0/10 through 0/12 assigned to VLAN 30? _________________________________
Tel: 5867776-5837968
Objective
Create a static address entry in the switch MAC table. Remove the created static MAC addres s entry.
Background/Preparation
Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch used may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the command Line option from the menu to perform the steps for this lab. Start a HyperTerminal session.
Step 5 Determine what MAC addresses that the switch has learned
To determine what MAC addresses the switch has learned use the show mac-address-table command as follows at the privileged exec mode prompt:
Join NETS Be The Best 36
Tel: 5867776-5837968
ALSwitch#show mac-address-table How many dynamic addresses are there? ________________________________________ How many total MAC addresses are there? _______________________________________ Do the MAC addresses match the host MAC addresses? _____________________________
How many total MAC addresses are there now? ___________________________________ How many static addresses are there? __________________________________________ Under what circumstances can other static or dynamic learning of addresses occur on port 4? ________________________________________________________________________
Switch#exit Once the steps are completed, logoff, by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Tel: 5867776-5837968
Objective
Create a basic switch configuration. Manage the switch MAC table.
Background/Preparation
Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch used may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the command Line_ option from the menu to perform the steps for this lab. Start a HyperTerminal session.
Step 5 Determine the MAC addresses that the switch has learned
To determine the what MAC addresses the switch has learned use the show mac-address- table command as follows at the privileged EXEC mode prompt:
Join NETS Be The Best 39
Tel: 5867776-5837968
ALSwitch#show mac-address-table How many dynamic addresses are there? ________________________________________ How many total MAC addresses are there? _______________________________________ Why are there more MAC addresses than ports on the switch? __________________________________________________________________________ How many addresses have been user defined? ___________________________________ Do the MAC addresses match the host MAC addresses? _____________________________
Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname ALSwitch ALSwitch(config)#enable secret class ALSwitch(config)#enable password cisco ALSwitch(config)#line con 0 ALSwitch(config-line)#password cisco ALSwitch(config-line)#login ALSwitch(config-line)#line vty 0 15 ALSwitch(config-line)#password cisco ALSwitch(config-line)#login ALSwitch(config-line)#interface Vlan1 ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0 ALSwitch(config-if)#no shutdown ALSwitch(config-if)#ip default-gateway 192.168.1.1 ALSwitch(config)#exit ALSwitch#show mac-address-table Mac Address Table Vlan Mac Address Type Ports ---- ----------- -------- ----All 0009.b7f6.61c0 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0001.0276.8eec DYNAMIC Fa0/1 1 0001.0276.90dd DYNAMIC Fa0/4 Total Mac Addresses for this criterion: 6 ALSwitch#show mac-address-table ? address address keyword aging-time aging-time keyword count count keyword dynamic dynamic entry type interface interface keyword multicast multicast info for selected wildcard notification MAC notification parameters and history table static static entry type vlan VLAN keyword | Output modifiers <cr> ALSwitch#show mac-address-table dynamic Mac Address Table ------------------------------------------Vlan Mac Address Type Ports ---- ----------- -------- ----1 0001.0276.8eec DYNAMIC Fa0/1 1 0001.0276.90dd DYNAMIC Fa0/4
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 41
Total Mac Addresses for this criterion: 2 ALSwitch#clear mac-address-table % Incomplete command. ALSwitch#clear mac-address-table ? dynamic dynamic entry type notification Clear MAC notification Global Counters ALSwitch#clear mac-address-table dynamic ALSwitch#show mac-address-table Mac Address Table ------------------------------------------Vlan Mac Address Type Ports ---- ----------- -------- ----All 0009.b7f6.61c0 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU Total Mac Addresses for this criterion: 4 ALSwitch#clear mac-address-table ? dynamic dynamic entry type notification Clear MAC notification Global Counters ALSwitch#show mac-address-table Mac Address Table ------------------------------------------Vlan Mac Address Type Ports ---- ----------- -------- ----All 0009.b7f6.61c0 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0001.0276.8eec DYNAMIC Fa0/1 1 0001.0276.90dd DYNAMIC Fa0/4
Tel: 5867776-5837968
Objective
Create a basic switch configuration and verify it. Determine which switch is selected as the root switch with the factory default settings. Force the other switch to be selected as the root switch.
Background/Preparation
Cable a network similar to the one in the diagram. The c onfiguration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Start a HyperTerminal session.
Tel: 5867776-5837968
Which switch should be the root of the spanning tree for VLAN 1? ______________________
What is the priority of the root switch? ___________________________________________ Which ports are forwarding on the root switch? ____________________________________ Which ports are blocking on the root switch? ______________________________________ What is the priority of the non-root switch? _______________________________________ Which ports are forwarding on the non-root switch? _________________________________ Which ports are blocking on the non-root switch? __________________________________ What is the status of the link light on the blocking port? ______________________________
Tel: 5867776-5837968
Objective
Create and verify a basic switch configuration. Configure port security on individual FastEthernet ports.
Background/Preparation
Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are intended to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the Command Line_ option from the menu to perform the steps for this lab. Start a HyperTerminal session.
Tel: 5867776-5837968
PC2____________________________________________________________________
Step 5 Determine what MAC addresses that the switch has learned
Determine what MAC addresses the switch has learned by using the show mac-address-table command, as follows, at the privileged exec mode prompt: ALSwitch#show mac-address-table How many dynamic addresses are there? ________________________________________ How many total MAC addresses are there? _______________________________________ Do the MAC addresses match the host MAC addresses? _____________________________
maximum Max secure addrs violation Security Violation Mode <cr> To allow the switchport FastEthernet 0/4 to accept only one device enter port security as follows: ALSwitch(config-if)#switchport mode access ALSwitch(config-if)#switchport port-security ALSwitch(config-if)#switchport port-security mac-address sticky 1900: ALSwitch(config-if)#port secure
What other action options are available with port security? ____________________________ If necessary, ping the switch address 192.168.1.2 from the PC 192.168.1.7. This PC is now connected to interface FastEthernet 0/4. This ensures that there is traffic from the PC to the switch. Record any observations. __________________________________________________________________________ __________________________________________________________________________
Tel: 5867776-5837968
Objective
Configure static routes between routers to allow data transfer between routers without the use of dynamic routing protocols.
Background/Preparation
Setup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
Tel: 5867776-5837968
Pinging 192.168.16.2 with 32 bytes of data: Reply from 192.168.16.2: bytes=32 time=20ms TTL=254 Reply from 192.168.16.2: bytes=32 time=20ms TTL=254 Reply from 192.168.16.2: bytes=32 time=20ms TTL=254 Reply from 192.168.16.2: bytes=32 time=20ms TTL=254 Ping statistics for 192.168.16.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 20ms, Average = 20ms If the ping was not success ful, check routing table to make sure static routes are entered correctly. Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Tel: 5867776-5837968
Objective
Configure RIP routing and add default routes (gateways) to the routers. Remove RIP and the default routes. Configure IGRP routing and add default routes (gateways) to the routers.
Background/Preparation
This lab shows the purpose of the gateway of last resort, also known as the default gateway. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, and 2600 routers, or a combination may be used. Start a HyperTerminal session.
Step 2 Configure hosts with the proper IP address, subnet mask and default gateway Step 3 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the hos t attached to GAD, is it possible to ping the BHM router FastEthernet interface? __________________________________________________________________________ From the hos t attached to BHM, is it possible to ping the GAD router FastEthernet interface? __________________________________________________________________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 9 Remove the default route from just the GAD router
Remove the gateway of last resort on the GAD router by typing the no ip route 0.0.0.0 0.0.0.0 172.17.0.2 at the configuration mode prompt on the GAD router. Type show ip route at the privileged exec mode. What is the Gateway of last resort listed? ________________________________________ Why is the gateway gone? ___________________________________________________ Ping the FastEthernet 0 interface on the GAD router from the BHM router. What were the results of the ping? _____________________________________________ Why was the ping successful? ________________________________________________ Ping the FastEthernet 0 interface on the BHM router from the GAD router. What were the results of the pings? ____________________________________________ Why was the ping unsuccessful? ______________________________________________ Remove the gateway of last resort from the BHM router.
Step 10 Remove RIP routing from the routers and use IGRP instead
Remove the RIP routing by using the no form of the RIP routing command. Then set up IGRP routing using 30 as the AS number. Remember to wait for the routes to propagate to the other router. Check the new routing protocol by typing show ip route at the privileged exec mode prompt. There should be two connected and IGRP route in the listing.
Tel: 5867776-5837968
Objective
Setup an IP addressing scheme using class B networks. Configure the RIP dynamic routing protocol on routers.
Background/Preparation
Setup a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Tel: 5867776-5837968
Step 7 Configure hosts with the proper IP address, subnet mask and default gateway Step 8 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to GAD, is it possible to ping the BHM router FastEthernet interface? _________________________________________________________________ From the host attached to BHM, is it possible to ping the GAD router FastEthernet interface? _________________________________________________________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Tel: 5867776-5837968
Objective
Configure RIP v1 on routers. Convert to RIP v2 on routers.
Background/Preparation
Cable a network similar to the shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500 and 2600 or any such combination can be used. Start a HyperTerminal session.
Step 5 Save the Birmingham router configuration Step 6 Configure hosts with the proper IP address, subnet mask, and default gateway Step 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to GAD, ping the other host attached to the BHM router. Was the ping successful? ___________________________________________________________ From the host attached to BHM, ping the other host attached to the GAD router. Was the ping successful? ___________________________________________________________
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 57
If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 9 Ping all of the interfaces on the network from each host
Were all of the interfaces still able to be pinged? ___________________________________ If not, troubleshoot the network and ping again. Once the previous steps are completed, logoff by typing exit, and turn the router off. Then remove and store the cables and adapter.
Tel: 5867776-5837968
Objective
Setup IP an addressing scheme using class C network s. Configure IGRP on routers.
Background/Preparation
Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, and 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 6 Configure hosts with the proper IP address, subnet mask and default gateway Step 7 Verify that the internetwork is functioning by pinging the FastEthernet
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 59
What is the minimum bandwidth? ______________________________________________ What is the Reliability of this route? ____________________________________________ What is the minimum MTU size for this route? _____________________________________ Type show ip route for another network address on the router. What is the total delay for this route? ______________________________________________ What is the minimum bandwidth? ________________________________________________ What is the Reliability of this route? ______________________________________________ What is the minimum MTU size for this route? ______________________________________ Upon completion of the previous steps, log off by typing exit and turn the router off.
Tel: 5867776-5837968
Objective
Configure a default route and use RIP to propagate this default information to other routers. Migrate the network from RIP to IGRP. Configure default routing to work with IGRP
Background/Preparation
In this lab, a default route will be configured and RIP used to propagate this default information to other routers. When this configuration is working properly, the network will be migrated from RIP to IGRP and default routing will be configured to work with that protocol as well. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 2 Configure hosts with the proper IP address, subnet mask and default gateway
Test the configuration by pinging all interfaces from each host. If the pinging is not successful, troubleshoot the configuration.
Tel: 5867776-5837968
Step 5 Configure Centre as the connection to the Internet Service Provider (ISP)
Configure Centre to simulate the exis tence of an outside network. The link between the company and its ISP is simulated by configuring a loopback interface with an IP address. Enter the following commands on the Centre router: Centre(config)#interface loopback0 Centre(config-if)#ip address 172.16.1.1 255.255.255.255 Note: If 172.16.1.1 is pinged from the Centre console, the loopback interface replies. From the Boaz console, attempt to ping 172.16.1.1. This ping should fail because the 172.16.0.0/16 network is not in the Boaz routing table. If no default route exists, what does a router do with a pack et destined for a network that is not in its table? _____________________________________________________________________
Centre(config)#router igrp 24 Centre(config-router)#network 192.168.2.0 Centre(config-router)#network 192.168.3.0 Use ping and show ip route to verify that IGRP is working properly. Do not worry about the 172.16.1.1 loopback address on Centre yet.
Step 9 Check Centres routing table for the static default route
Check the Centre routing table. The static default route to 0.0.0.0/0 should still be there. To propagate this route with RIP, the default-information originate command was issued. Depending on the IOS version, this might not be necessary. The default-information originate command is not available in an IGRP configuration. Therefore, it may be necessary to use a different method to propagate default information in IGRP. On Centre, issue the following commands: Centre(config)#router igrp 24 Centre(config-router)#network 172.16.0.0 Centre(config-router)#exit Centre(config)#ip default-network 172.16.0.0 These commands configure IGRP to update its neighbor routers about the network 172.16.0.0/16, which includes the simulated ISP link or loopback 0. Not only will IGRP advertise this network, but the ip default-network command also will flag this network as a candidate default route. This will be shown by an asterisk in the routing table. When a network is flagged as a default, that flag stays with the route as it passed from neighbor to neighbor by IGRP. Check the routing tables of Mobile and Boaz. If they do not yet have the 172.16.0.0/16 route with an asterisk, it may be necessary to wait for another IGRP update. This may take up to 90 seconds. Issue the clear ip route * command on all three routers in order to force them to immediately s end new updates. When the 172.16.0.0/16 route appears as a candidate default in all three routing tables, proceed to the next step.
Step 10 Create a second loopback interface on Centre to test the default route
Because the 172.16.0.0/16 network is known explicitly by Mobile and Boaz, it will be necessaryto create a second loopback interface on Centre to test the default route. Issue the followingcommands on Centre: Centre(config)#interface loopback1 Centre(config-if)#ip address 10.0.0.1 255.0.0.0 This loopback interface simulates another external network. Return to Mobile and c heck its routing table using the show ip route command. Is there a route to the 10.0.0.0/8 network? _______________________________________ From Mobile, ping 10.0.0.1. This ping should be successful. If there is no route to 10.0.0.0/8 and no route to 0.0.0.0/0, why does this ping succeed? ______________________________________________________________________________
Tel: 5867776-5837968
Objective
Configure RIP v1 and v2 on routers. Use show commands to verify RIP v2 operation.
Background/Preparation
Cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used.
Step 5 Save the Birmingham router configuration Step 6 Configure hosts with the proper IP address, subnet mask, and default gateway Step 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to the GAD, ping the other host attached to the BHM router. Was the ping successful? ________ From the host attached to the BHM, ping the other host attached to the GAD router. Was the ping
Join NETS Be The Best 65
Tel: 5867776-5837968
successful? ________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 11 Change the Fast Ethernet IP subnet mask on the Gadsden router
Change the subnet mask on router GAD from a class B (255.255.0.0) to a Class C (255.255.255.0). Use the same IP address. GAD(config)#interface fastethernet 0 GAD(config-if)#ip address 172.16.0.1 255.255.255.0 GAD(config-if)#exit How does this change affect the address for the FastEthernet interface? __________________________________________________________________________
Step 18 Ping all of the interfaces on the network from each host
Were all of the interfaces still able to be pinged? __________________________________ If not, troubleshoot the network and ping again.
Tel: 5867776-5837968
Objective
Set up an IP addressing scheme using class B networks. Configure RIP on routers. Observe routing activity using the debug ip rip command. Examine routes using the show ip route command.
Background/Preparation
Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session as performed in the Establishing a HyperTerminal session lab.
Step 2 Configure the hosts with the proper IP address, subnet mask and default gateway Step 3 Make sure that routing updates are being sent
Type command debug ip rip and the privileged EXEC mode prompt. Wait for at least 45 seconds. Was there any output from the debug command? __________________________________ What did the output show ? __________________________________________________ To turn off specific debug commands type the no option, for example no debug ip rip events. To turn off all debug commands type undebug all.
Tel: 5867776-5837968
Step 5 Show the RIP routing table entries for each router
Enter show ip route rip List the routes listed in the routing table? _________________________________________ What is the administrative distance? ____________________________________________
Step 6 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to GAD, is it possible to ping the BHM router FastEthernet interface? __________________________________________________________________________ From the host attached to BHM, is it possible to ping the GAD router FastEthernet interface? __________________________________________________________________________ If the answer is no for either question, troubleshoot the router configurations using show ip route to find the error. Also check the workstation IP settings. Then do the pings again until the answer to both questions is yes. Upon completion of the previous steps, log off by typing exit and turn the router off.
Tel: 5867776-5837968
Objective
Observe unequal-cost load balancing. Tune IGRP networks by using advanced debug commands.
Background/Preparation
In this lab, a default route will be configured and RIP used to propagate this default information to other routers. When this configuration is working properly, the network will be migrated from RIP to IGRP and default routing will be configured to work with that protocol as well. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Tel: 5867776-5837968
MAD(config-if)#bandwidth 384 MAD(config-if)#no ip route-cache Because the IGRP metric includes bandwidth in its calculation, bandwidth must be manually configured on the serial interfaces in order too ensure accuracy. For the purposes of this lab, the alternative paths to network 192.168.41.0 from the Madison router are not of unequal cost until the appropriate bandwidths are set. Use the show interface command output to verify the correct bandwidth settings and the show ip interface command to ensure that fast switching is disabled. Can the bandwidth of Ethernet interfaces be set manually? _______________________________
Step 3 Configure hosts with the proper IP address, subnet mask and default gateway
Test the configuration by pinging all interfaces from each host. If the pinging is not successful, troubleshoot the configuration.
Examine and record part of the debug output. What is the evidence of load balancing in the output? ____________________________________
Tel: 5867776-5837968
Objective
Setup an IP addressing scheme for the network . Configure and verify Enhanced Interior Gateway Routing Protocol (EIGRP) routing.
Background/Preparation
Cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used. Start a HyperTerminal session.
Step 2 Save the configuration information from the privileged EXEC command mode
Paris#copy running-config startup-config Destination filename [startup-config]? [Enter]
Step 3 Configure hosts with the proper IP address, subnet mask and default gateway
Each workstation should be able to ping the attached router. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start > Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window. At this point the workstations will not be able to communicate with each other. The following steps will demonstrate the process required to get communication working using EIGRP as the routing protocol.
Tel: 5867776-5837968
Using the show ip interface brief command, check the status of each interface. What is the state of the interfaces on each router? Paris: FastEthernet 0: ______________________________________________________ Serial 0: ____________________________________________________________ Warsaw: FastEthernet 0: ______________________________________________________ Serial 0: ____________________________________________________________ Ping from one of the connected serial interfaces to the other. Was the ping suc cessful? ___________________________________________________ If the ping was not successful, troubleshoot the routers configuration, until the ping is successful.
Tel: 5867776-5837968
Objective
Setup an IP addressing scheme for OSPF area 0. Configure and verify Open Shortest Path First (OSPF) routing.
Background/Preparation
Cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used. Start a HyperTerminal session.
Step 2 Save the configuration information from the privileged EXEC command mode
BERLIN#copy running-config startup-config Destination filename [startup-config]? [Enter] Why save the running configuration to the startup configuration? __________________________________________________________________________ __________________________________________________________________________
Step 3 Configure the hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start >Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window. At this point the workstations will not be able to communicate with each other. The following steps will demonstrate the process required to get communication working using OSPF as the routing protocol.
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 76
If there were no changes to the running configuration, type the following commands: Rome(config)#router ospf 2 Rome(config-router)#log-adjacency-changes Rome(config-router)#end Show the routing table for the Rome router: Rome#show ip route Are there any OSPF entries in the routing table now? __________________________ What is the metric value of the OSPF route? _________________________________ What is the VIA address in the OSPF route? _________________________________ Are routes to all networks shown in the routing table? __________________________ What does the O mean in the first column of the routing table? ___________________
Tel: 5867776-5837968
Objective
Configure routers with a Class C IP addressing scheme. Observe the election process for designated routers (DR) and back up designated routers (BDR) on the multiaccess network. Configure loopback addresses for Open Shortest Path First (OSPF) stability. Assign each OSPF interface a priority to force the election of a specific router as DR.
Background/Preparation
Cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used. Start a HyperTerminal session.
Step 3 Configure hosts with the proper IP address, subnet mask and default gateway
Each workstation should be able to ping all of the attached routers. That is because they are all part of the same subnetwork. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start > Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window.
Tel: 5867776-5837968
At the privileged EXEC mode prompt type: show running-config Using the show ip interface brief command, check the status of each interface. What is the state of the interfaces on each router? London: FastEthernet 0: _______________________________________________________ Serial 0: _____________________________________________________________ Serial 1: _____________________________________________________________ Loopback0: __________________________________________________________ Ottawa: FastEthernet 0: _______________________________________________________ Serial 0: _____________________________________________________________ Serial 1: _____________________________________________________________ Loopback0: __________________________________________________________ Brasilia: FastEthernet 0: _______________________________________________________ Serial 0: _____________________________________________________________ Serial 1: _____________________________________________________________ Loopback0: __________________________________________________________
Examine the Ottawa running configuration file. Did the IOS version automatically add any lines under router OSPF 1? ___________________ If there were no changes to the running configuration, type the following commands. Ottawa(config)#router ospf 1 Ottawa(config-router)#log-adjacency-changes Ottawa(config-router)#end
After s aving the configurations on all of the routers, power them down and back up again.
Tel: 5867776-5837968
Objective
Use the show ip route and show ip protocol commands to diagnose a routing configuration problem.
Background/Preparation
Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the hostname, passwords and interfaces on the Gadsden router
On the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Configure interfaces as shown in the table.
Tel: 5867776-5837968
Step 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From GAD, is it possible to ping the BHM router FastEthernet interface? _________________ From BHM, is it possible to ping the GAD router FastEthernet interface? _________________
From the Gadsden router, type the following: GAD#show ip route Is there a route to the Birmingham LAN? _____________________
Tel: 5867776-5837968
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Create a basic configuration on a router. Create an 802.1q trunk line between the switch and router to allow communication between VLANs. Test the routing func tionality.
Background/Preparation
When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains. Cable a network similar to the one in the diagram. Start a HyperTerminal session.
Tel: 5867776-5837968
Enter the following commands to add ports 0/9 to 0/12 to VLAN 20: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/10 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/11 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet0/12 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#end 1900: Switch_A#config terminal Switch_A(config)#interface ethernet 0/9 Switch_A(config-if)vlan static 20 Switch_A(config-if)#interface ethernet 0/10 Switch_A(config-if)vlan static 20 Switch_A(config-if)#interface ethernet 0/11 Switch_A(config-if)vlan static 20 Switch_A(config-if)#interface ethernet 0/12 Switch_A(config-if)vlan static 20 Switch_A(config-if)#end
Step 10 Save the router configuration Step 11 Display the router routing table
Type show ip route at the privileged EXEC mode prompt. Are there entries in the routing table? ___________________________________________ What interface are they all pointing to? __________________________________________ Why is there not a need to run a routing protocol? __________________________________
Tel: 5867776-5837968
Objective
Configure a router for Dynamic Host Configuration Protocol (DHCP) to dynamically assign addresses to attached hosts.
Background/Preparation
Routing between the ISP and the campus router uses a static route between the ISP and the gateway, and a default route between the gateway and the ISP. The ISP connection to the Internet is identified by a loopback address on the ISP router. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers. Conduct the following steps on each router unless specifically instructed otherwise. Start a HyperTerminal session.
Tel: 5867776-5837968
ip route command to create the static route: ISP(config)#ip route 172.16.12.0 255.255.255.0 172.16.1.6 Is the static route in the routing table? ___________________________________________
Tel: 5867776-5837968
Objective
Configure the serial interfaces on two routers with the PPP protocol. Test the link for connectivity.
Background/Preparation
Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.
Tel: 5867776-5837968
Step 10 Verify that the serial connection is functioning by pinging the serial interface of the other router
Washington#ping 192.168.15.2 Dublin#ping 192.168.15.1 Can the serial interface on the Dublin router be pinged from Washington? ________________ Can the serial interface on the Washington router be pinged from Dublin? ________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes. Upon completion of the previous steps, finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Tel: 5867776-5837968
Objective
Configure PPP authentication using CHAP on two routers .
Background/Preparation
Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.
Tel: 5867776-5837968
Step 7 Verify that the serial connection is functioning by pinging the serial interface of the other router
Madrid#ping 192.168.15.2 Tokyo#ping 192.168.15.1 If the pings are unsucces sful, troubleshoot the router c onfigurations to find the error. Then do the pings again until both pings are successful.
Tel: 5867776-5837968
Objective
Configure a serial interface on two routers with the PPP protocol. Verify and test the link for connectivity.
Background/Preparation
Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.
Tel: 5867776-5837968
Objective
Configure PPP on the serial interfaces of two routers. Use show and debug commands to troubleshoot connectivity issues.
Background/Preparation
Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers.
Tel: 5867776-5837968
Step 10 Enter the command debug ppp negotiation on the Paris router
Enter the command debug ppp negotiation on the Paris router at the privileged EXEC mode prompt. Is there any output from the debug command? ____________________________________
Is there any output from the debug command? ____________________________________ Does it confirm link establishment? ____________________________________
Step 13 Verify that the serial connection is functioning by pinging the serial interface of the other router
London#ping 192.168.15.1 Paris#ping 192.168.15.2 From London, c an the serial interface ping the Paris router? ____________________ From Paris, can the serial interface ping the London router? ____________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Tel: 5867776-5837968
Objective
Configure a serial interface on two routers. Use show commands to troubleshoot connectivity issues.
Background/Preparation
Configure the appropriate serial interfaces to allow connectivity between the two routers. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.
Step 9 Verify that the serial connection is functioning by pinging the serial interface of the other router
London#ping 192.168.15.2 Paris#ping 192.168.15.1 Can the serial interface on the Paris router be pinged from London? __________________ Can the serial interface on the London router be pinged from Paris? __________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes. Upon completion of the previous steps, finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Tel: 5867776-5837968
Objective
Configure an ISDN router to make a successful connection to a local ISDN switch.
Background/Preparation
This lab assumes that a router with an ISDN BRI U interface is available. An Adtran Atlas550 ISDN emulator is used to simulate the ISDN switch and cloud. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Conduct the following steps on each router unless specifically instructed otherwise. Start a HyperTerminal session.
Tel: 5867776-5837968
Ottawa#configure terminal Ottawa(config)#isdn switch-type ? How many different switch types are available? ____________________________________ To configure the router to communicate with a National ISDN-1 switch type: Ottawa(config)#isdn switch-type basic-ni
Tel: 5867776-5837968
Objective
Configure ISDN Dialer Profiles on the routers enabling a dial-on-demand routing (DDR) call to be made from two remote routers simultaneously into a central ISDN BRI router.
Background/Preparation
In this lab, 3 ISDN routers are required.. An Adtran Atlas550 ISDN emulator is used to simulate the switch/ISDN cloud. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Conduct the following steps on each router unless specifically instructed otherwise. Start a HyperTerminal session.
Tokyo(config-if)#isdn spid1 51055510000001 5551000 Tokyo(config-if)#isdn spid2 51055510010001 5551001 Tokyo(config-if)#no shutdown Router(config)#hostname Moscow Moscow(config)#enable secret class Moscow(config)#isdn switch-type basic-ni Moscow(config)#interface fastethernet 0 Moscow(config-if)#ip address 192.168.2.1 255.255.255.0 Moscow(config-if)#no shutdown Moscow(config-if)#exit Moscow(config)#interface bri 0 Moscow(config-if)#isdn spid1 51055520000001 5552000 Moscow(config-if)#isdn spid2 51055520010001 5552001 Moscow(config-if)#no shutdown Router(config)#hostname Sydney Sydney(config)#enable secret class Sydney(config)#isdn switch-type basic-ni Sydney(config)#interface fastethernet 0 Sydney(config-if)#ip address 192.168.3.1 255.255.255.0 Sydney(config-if)#no shutdown Sydney(config-if)#exit Sydney(config)#interface bri 0 Sydney(config-if)#isdn spid1 51055530000001 5553000 Sydney(config-if)#isdn spid2 51055530010001 5553001 Sydney(config-if)#no shutdown
Sydney(config-if)#dialer-group 1 Tokyo#configure terminal Tokyo(config)#dialer-list 1 protocol ip permit Tokyo(config)#interface dialer 1 Tokyo(config-if)#description The Profile for the Moscow router Tokyo(config-if)#dialer-group 1 Tokyo(config-if)#interface dialer 2 Tokyo(config-if)#description The Profile for the Sydney router Tokyo(config-if)#dialer-group 1
Sydney(config-if)#ip address 192.168.254.2 255.255.255.0 Sydney(config-if)#interface bri 0 Sydney(config-if)#encapsulation ppp Sydney(config-if)#ppp authentication chap Sydney(config-if)#interface dialer 0 Sydney(config-if)#encapsulation ppp Sydney(config-if)#ppp authentication chap Sydney(config-if)#no shutdown Sydney(config-if)#exit Sydney(config)#username Tokyo password class
Moscow(config-if)#interface dialer 0 Moscow(config-if)#dialer pool 1 Use the same commands to configure the Sydney router.
Tel: 5867776-5837968
Objective
Configure two routers back-to-back as a Frame Relay permanent virtual circuit (PVC). This will be done manually, in the absence e of a Frame Relay switch, and therefore there will be no Local Management Interface (LMI).
Background/Preparation
Cable a network similar to the one in diagram above. Any router that meets interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Conduct following steps on each router unless specifically instructed otherwise. Start a HyperTerminal session.
addressed frame can be created locally for this PVC. Since there is no way of mapping DLCI automatically with LMI disabled, this map must be created manually, using the frame-relay map command. The broadcast parameter also allows for IP broadcasts to use the same mapping for crossing this PVC: Washington(config-if)#frame-relay map ip 192.168.1.2 102 ietf broadcast
Tel: 5867776-5837968
Objective
Configure three routers in a full mesh Frame Relay Network. An organization with three offices in different cities has to connect its offices through Frame Relay cloud. Offices are situated in Amsterdam, Paris and Berlin. A router at each branch site is connected with the Frame Relay Service Provider as depicted in the diagram.
Tel: 5867776-5837968
Berlin(config)#interface serial 0 Berlin(config-if)#encapsulation frame-relay ietf Berlin(config-if)#frame-relay lmi-type ansi Berlin(config-if)#description Circuit #DTK465866 Berlin(config-if)#no shutdown
Paris(config-router)#network 192.168.2.0 Paris(config-router)#network 192.168.4.0 Paris(config-router)#network 192.168.6.0 Berlin(config-if)#router igrp 100 Berlin(config-router)#network 192.168.3.0 Berlin(config-router)#network 192.168.5.0 Berlin(config-router)#network 192.168.6.0
Tel: 5867776-5837968
Objective
Plan, configure, and apply a standard ACL to permit or deny specific traffic and test the ACL to determine if the desired results were achieved. The company home office in Gadsden (GAD) provides services to branch offices such as the Birmingham (BHM) office. These offices have some minor security and performance concerns. Standard ACL need to be implemented as a simple and effective tool to control traffic. Host #3 represents the kiosk station that needs to have its access limited to the local network. Host #4 represents another host in the Birmingham office Loopback 0 on the GAD router represents the Internet.
GAD(config-if)#^z
Now the text file configuration needs to be applied to the router. Enter the configuration mode on the appropriate router and copy and paste the configuration. Observe the CLI display to ensure no errors were encountered.
Tel: 5867776-5837968
Objective
Configure, and apply a standard ACL to permit or deny specific traffic. Test the ACL to determine if the desired results were achieved.
Background/Preparation
Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 3 Save the configuration information from the privileged EXEC command mode
GAD#copy running-config startup-config
Step 4 Confirm connectivity by pinging the default gateway from both hosts
If the pings are not successful, correct the configuration and repeat until they are successful.
GAD(config)#access-list 1 deny 192.168.14.0 0.0.0.255 GAD(config)#access-list 1 permit any Why is the second statement needed? __________________________________________
Tel: 5867776-5837968
Objective
Configure, and apply an extended ACL to permit or deny specific traffic. Test the ACL to determine if the desired results were achieved.
Background/Preparation
Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 3 Save the configuration information from the privileged EXEC command mode
GAD#copy running-config startup-config
Step 4 Confirm connectivity by pinging the default gateway from both hosts
If the pings are not successful, correct the configuration and repeat until they are successful.
Step 6 Prevent access to HTTP (port 80) from the Ethernet interface hosts
Create an access list that will prevent Web browsing access to FastEthernet 0 from the 192.168.14.0 network. At the router configuration prompt type the following command: GAD(config)#access-list 101 deny tcp 192.168.14.0 0.0.0.255 any eq 80 GAD(config)#access-list 101 permit ip any any Why is the second statement needed? __________________________________________
Tel: 5867776-5837968
Objective
Configuring extended access lists to filter network to network, host to network, and network to host traffic.
Scenario
A marketing company has two locations. The main site is in Birmingham (BHM) and the branch site is in Gadsden (GAD). The telecommunication administrator for both sites needs to plan and implement access control lists for security and performance. At the Birmingham site, there are two groups of network users. These groups are an Administrative group and a Production group and each are on separate networks. Both networks are interconnected with a router. The Gadsden site is a stub network and only has a LAN connected to it.
BHM#show running-config <Output Omitted> hostname BHM enable secret class interface FastEthernet0 ip address 192.168.1.17 255.255.255.240 interface Serial0 ip address 172.16.1.2 255.255.255.0 clock rate 56000 interface FastEthernet0/1 ip address 192.168.1.33 255.255.255.240 router rip network 172.16.0.0 network 192.168.1.0 line vty 0 4 password cisco login end BHM# GAD#show running-config <Output Omitted> hostname GAD enable password class interface FastEthernet0 ip address 172.16.2.1 255.255.255.0 interface Serial0 ip address 172.16.1.1 255.255.255.0 router rip network 172.16.0.0 line vty 0 4 password cisco login no scheduler allocate end GAD# Configure the hosts with the appropriate information using the information previously defined. Before applying any type of access list, it is important to verify reachability between systems. Verify reachability by pinging all systems and routers from each system. All hosts should be able to ping each other and the router interfaces. If pings to some interfaces are not successful, the problem will need to be located and corrected. Always verify the Physical layer connections, as they seem to be the more common source of connectivity problems. Next, verify the router interfaces. Make sure they are not shutdown, improperly configured, and that RIP is correctly configured. Finally, remember that along with valid IP addresses, hosts must also have default gateways specified. Now that the infrastructure is in place, it is time to begin securing the internetwork.
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 125
Step 2 Prevent the Production Users from Accessing the Gadsden Network
Company policy specifies that only the Administrative group should have access to the Gadsden site. The Production group should be restricted from accessing that network. Configure an extended access list to allow the Administrative group access to the Gadsden site. The production group should not have access to the Gadsden site. After careful analysis, it is decided that it would be best to use an extended access list and apply it to the outgoing 0 interface on the BHM router. Note: Remember that when the access list is configured, each statement in the list is processed by the router in the order it was created. It is not possible to reorder an access list, skip statements , edit statements, or delete statements from a numbered access list. For this reason, it may be beneficial to create the access-list in a text editor such as Notepad and then paste the commands to the router, instead of being typed in directly on a router. Enter the following: BHM#conf terminal Enter configuration commands, one per line. End with CNTL/Z. BHM(config)#access-list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255 This statement defines an extended access list called _100_. It will deny ip access for any users on the 192.168.1.32 192.168.1.47 network if they are trying to access network 172.16.2.0. Although a less specific access list could be defined, this access list could allow the production users to access other sites (if available) through the S0 interface. Remember that there is an implicit deny all at the of every access list. We must now make sure to let the administrative group access the Gadsden network. Although we could be more restrictive, we will simply let any other traffic through. Enter the following statement: BHM(config)#access-list 100 permit ip any any Now we need to apply the access list to an interface. We could apply the list to any incoming traffic going to the production network Fa0/1 interface. However, if there were a great deal of traffic between the administrative network and the production network , the router would have to check every packet. There is concern that this would add unwanted overhead to the router. Therefore the access list is applied to the any outgoing traffic going through the BHM router S0 interface. Enter the following: BHM(config)#interface s0 BHM(config-if)#ip access-group 100 out Verify the syntax of the access-list with the show running-config command. The following lists the valid statements that should be in the configuration. interface Serial0 ip access-group 100 out <Output Omitted> access-list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255 access-list 100 permit ip any any Another valuable command is the show access-lists command. The following is a sample output. BHM#show access-lists Extended IP access list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255 permit ip any any
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 126
The show access-lists command also displays counters, indicating how many times the list has been used. No counters are listed here since we havent attempted to verify it yet. Note: Use the clear access-list counters command to restart the access list counters Now test the access list by verifying reachability to the Gadsden network by the administrative and production hosts. Can the production host (B) ping the Gadsden host (D)? __________________________________ Can the production host (C) ping the Gadsden host (D)? __________________________________ Can the administrative host (A) ping the Gadsden host (D)? _______________________________ Can the production host (B) ping the administration host (A)? _____________________________ Can the production host (B) ping the Gadsden router Serial interface? _______________________ The production hosts (B) and (C) should be able to ping the administrative host (A) and Gadsden router Serial interface. However, they should not be able to ping the Gadsden host (D). The router should return a reply message to the host stating destination net unreachable. Issue the show access-lists command. How many matches are there? ________________ Note: The show access-lists command displays the number of matches per line. Therefore the number of deny matches may seem odd until it is realized that the pings matched the deny statement and the permit statement. To help understand how the access list is operating, keep periodically issuing the show access-lists command.
Therefore, the access list permits the production host (B) access to the Gads den network. Now deny all of the remaining production hosts access to the Gadsden network and permit any on else. Refer to the previous step for the next two lines of the configuration. The show accesslist command would display output similar to the following: BHM#show access-lists Extended IP access list 100 permit ip host 192.168.1.34 172.16.2.0 0.0.0.255 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255 permit ip any any BHM# Now test the access list by verifying reachability to the Gadsden network by the administrative and production hosts. Can the production host (B) ping the Gadsden host (D)? ___________________________________ Can the production host (C) ping the Gadsden host (D)? ___________________________________ The production host (B) should now be able to ping the Gadsden host (D). However, all other production hosts (C) should not be able to ping the Gadsden host (D). Again, the router should return a reply message to the host stating destination net unreachable for host (C).
address 192.168.1.18. What could we have defined instead of using the keyword any? _____________________________________________________________________________ What could we have defined instead of using the keyword host_? _____________________________________________________________________________ What could we have defined instead of using the keyword ftp_? _____________________________________________________________________________ Now configure the next line of the access list to permit HTTP access to the payroll server. The access list statement should be similar to the following: GAD(config)#access-list 110 permit tcp any host 192.168.1.18 eq http This line will permit any host from the Gadsden network FTP access to the payroll server at address 192.168.1.18. What else could we have defined instead of using the keyword http? _____________________________________________________________________________ Now configure the next line of the access list to permit ICMP access to the payroll server. The access list statement should be similar to the following: GAD(config)#access-list 110 permit icmp any host 192.168.1.18 This line will permit any host from the Gadsden network to ping the payroll server at address 192.168.1.18. Finally, no Gadsden user should be able access any other host on the Administration network. Although it is not required, it is always a good idea to include a deny statement. Adding the statement is a good reminder and makes it easier to read_ the access list. The access list statement should be similar to the following: GAD(config)#access-list 110 deny ip any 192.168.1.16 0.0.0.15 Now we need to apply the access list to an interface. To reduce unwanted WAN traffic, it is decided to apply the access list to the any outgoing traffic going through the Gadsden routers S0 interface. Enter the following: GAD(config)#interface s0 GAD(config-if)#ip access-group 110 out Now test the access list by verifying reachability to the payroll server by a Gadsden host (D). Can the Gadsden host (D) ping the payroll server? ______________________________________ Can the Gadsden host (D) ping the host (A)? __________________________________________ The Gads den host should be able to ping the payroll server only. The router should return the destination net unreachable when it tries to ping the administrative host (D).
Tel: 5867776-5837968
Objective
Create a named ACL to permit or deny specific traffic. Test the ACL to determine if the desired results were achieved.
Background/Preparation
Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 3 Save the configuration information from the privileged EXEC command mode
GAD#copy running-config startup-config
Step 4 Confirm connectivity by pinging the default gateway from both hosts
If the pings are not successful, correct the configuration and repeat until they are successful.
Tel: 5867776-5837968
network. At the configuration prompt type the following command: GAD(config)#ip access-list standard no_access GAD(config-std-nacl)#deny 192.168.14.0 0.0.0.255 GAD(config-std-nacl)#permit any Why is the third statement needed? ____________________________________________
Tel: 5867776-5837968
Objective
Use the access-class and line commands to control telnet access to the router.
Scenario
Company home office in Gadsden (GAD) provides services to branch offices such as Birmingham (BHM) office. Only system with in the local network should be able to telnet to router. To do this standard access-list will be created that will permit users on network the local network to telnet to local router. The access-list will then be applied to the Virtual Terminal (vty) lines.
Step 3 Create the Access List that Represents the Gadsden LAN
The Local Area Network in Gadsden has a network address of 192.168.1.0 /24. To create the access list to permit this use the following commands: GAD(config)#access-list 1 permit 192.168.1.0 0.0.0.255
Step 4 Apply the Access List to Permit Only the Gadsden LAN
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 132
Now that the list is created to represent traffic, it needs to be applied to the vty lines. This will restrict any telnet access to the router. While these could be applied separately to each interface, it is easier to apply the list to all vty lines in one statement. This is done by enter the interface mode for all 5 line with the global config command line vty 0 4. For the Gadsden router type: GAD(config)#line vty 0 4 GAD(config-line)#access-class 1 in GAD(config-line)#^Z
Tel: 5867776-5837968
Objective
Backup a copy of a router IOS from flash to a TFTP server. Reload the back up IOS software image from a TFTP server into flash on a router.
Background/Preparation
For recovery purposes it is important to keep backup copies of router IOS images. These can be stored in a central location such as a TFTP server and retrieved if necessary. Cable a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
Issue the show flash command. Is there a file already stored in flash? ___________________________________________ If so, what is the exact name of that file? _________________________________________ How much of flash is available or unused? _______________________________________ Note: If there is a file in flash, it will probably need to be erased before a new one is loaded. That choice will be offered in the copy tftp flash command in a later step. However, it is possible to save a copy of that file with the command copy flash tftp. If there is a possibility of ever having to revert to that software version, follow the instructions in the Copy IOS to TFTP server section.
Tel: 5867776-5837968
Source filename []? flash:c1700-y-mz.122-11.T.bin Address or name of remote host []? 192.168.14.2 Destination filename [c1700-y-mz.122-11.T.bin]? y After entering this command and answering the process requests, the student should see the following output on the console. Do not interrupt this process. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 4284648 bytes copied in 34.012 secs (125975 bytes/sec)
Verifying checksum... OK (0x9C8A) 4284648 bytes copied in 26.584 secs (555739 bytes/sec) The router may prompt to erase flash. Will the image fit in available flash? _____________ If the flash is erased, what happened on the router console screen as it was doing so? __________________________________________________________________________ What is the size of the file being loaded? __________________Do not interrupt the process. What happened on the router console screen as the file was being downloaded? __________________________________________________________________________ Was the verification successful? __________________ Was the whole operation successful? __________________
Tel: 5867776-5837968
Objective
Gain access to a router with an unknown privileged mode (enable) pass word.
Background/Preparation
This lab demonstrates gaining access s to a router with an unknown privileged mode (enable) password. One point to be made here is that anyone with this procedure and access to a console port on a router can change the password and take control of the router. That is why it is of critical importance that routers also have physical security to prevent unauthorized access. Setup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
rommon 1 >? alias set and display aliases command boot boot up an external process break set/show/clear the breakpoint confreg configuration register utility context display the context of a loaded image dev list the device table dir list files in file system dis display instruction stream help monitor builtin command help history monitor command history meminfo main memory information repeat repeat a monitor command reset system reset set display the monitor variables sysret print out info from last system return tftpdnld tftp image download xmodem x/ymodem image download
Step 5 Change the configuration register setting to boot without loading configuration file
From the ROM Monitor mode, type confreg 0x2142 to change the config-register. rommon 2 >confreg 0x2142
Verify that the last line of the output reads: Configuration register is 0x2142 (will be 0x2102 at next reload). Use the reload command to restart the router.
Tel: 5867776-5837968
Objective
Check and document the configuration register settings related to boot method. Configure the router to boot using the configuration file in NVRAM and reload the router.
Background/Preparation
Setup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
Tel: 5867776-5837968
Would you like to enter the initial configuration dialog? [yes/no]:n Type n and press Enter.
Step 8 Change the config-register to boot from NVRAM, save, and reload the router
Enter global configuration mode and enter the following commands: Router>enable GAD#configure terminal GAD(config)#config-register 0x2102 GAD(config)#exit GAD#copy running-config startup-config Destination filename [startup-config]?[Enter] GAD#reload Proceed with reload? [confirm][Enter]
Now at the privileged EXEC mode, enter the command reload. Router(config)#reload The responding line prompt will be: System configuration has been modified. Save? [yes/no]: Type n and then press Enter. The responding line prompt will be: Proceed with reload? [confirm] Press Enter to confirm. In the first line of the response will be: Reload requested by console. After the router has reloaded the line prompt will be: Would you like to enter the initial configuration dialog? [yes/no]: Type n and then press Enter. The responding line prompt will be: Press RETURN to get started! Press Enter.
Tel: 5867776-5837968
Objective
Configure a router to use network address translation (NAT) to convert internal IP addresses, typically private addresses, into outside public addresses.
Background/Preparation
An ISP has allocated a company the public classless interdomain routing (CIDR) IP address 199.99.9.32/27. This is equivalent to 30 public IP addresses. Since the company has an internal requirement for more than 30 addresses, the IT manager has decided to implement NAT. The addresses 199.99.9.33 199.99.9.39 for static allocation and 199.99.9.40 199.99.9.62 for dynamic allocation. Routing will be done between the ISP and the gateway router used by the company. A static route will be used between the ISP and gateway router and a default route will be used between the gateway router and the ISP. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.
Step 3 Configure the hosts with the proper IP address, subnet mask, and default gateway
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 144
Each workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a s pecific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher, check using ipconfig in a DOS window.
Step 8 Define an access list that will match the inside private IP addresses
To define the access list to match the inside private addresses, use the access list command: Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255
Step 9 Define the NAT translation from inside list to outside pool
To define the NAT translation, use the ip nat inside source command: Gateway(config)#ip nat inside source list 1 pool public-access
The inside local address is assigned by? Upon completion of the previous steps finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Gateway(config)#fastethernet 0 Gateway(config-if)#ip add 10.10.10.1 255.255.255.0 Gateway(config-if)#no shutdown Gateway(config-if)#exit Gateway(config)#interface serial 0 Gateway(config-if)#ip add 200.2.2.18 255.255.255.252 Gateway(config-if)#no shutdown Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17
Tel: 5867776-5837968
Objective
Configure a router to use Port Address Trans lation (PAT) to convert internal IP addresses, typically private addresses, into an outside public address.
Background/Preparation
Aidan McDonald has just received a DSL line Internet connection to a local ISP in his home. The ISP has allocated only one IP address to be used on the serial port of his remote access device. Thus all PCs on Aidans LAN, each with its own private IP address, will share one public IP address on the router using PAT. Routing from the home or gateway router to the ISP will be done by using a default route to Serial 0 of the Gateway router. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.
Step 3 Configure hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a s pecific IP address and default gateway. If running Windows 98, check using Start > Run >
Join NETS Be The Best 148
Tel: 5867776-5837968
winipcfg. If running Windows 2000 or higher, check using ipconfig in a DOS window.
Step 6 Define an access list that will match the inside private IP addresses
To define the access list to match the inside private addresses, use the access list command: Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255
Step 7 Define the PAT translation from inside list to outside address
To define the PAT translation, use the ip nat inside source command. This command with the overload option will create port address translation using the serial 0 IP address as the base: Gateway(config)#ip nat inside source list 1 interface serial 0 overload
Router#configure terminal Router(config)#hostname ISP ISP(config)#enable password cisco ISP(config)#enable secret class ISP(config)#line console 0 ISP(config-line)#password cisco ISP(config-line)#login ISP(config-line)#exit ISP(config)#line vty 0 4 ISP(config-line)#password cisco ISP(config-line)#login ISP(config-line)#exit ISP(config)#interface loopback 0 ISP(config-if)#ip address 172.16.1.1 255.255.255.255 ISP(config-if)#no shutdown ISP(config-if)#exit ISP(config)#interface serial 0 ISP(config-if)#ip address 200.2.2.17 255.255.255.252 ISP(config-if)#no shutdown ISP(config-if)#clockrate 64000 ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18 ISP(config)#end ISP#copy running-config startup-config Gateway Router#configure terminal Router(config)#hostname Gateway Gateway(config)#enable password cisco Gateway(config)#enable secret class Gateway(config)#line console 0 Gateway(config-line)#password cisco Gateway(config-line)#login Gateway(config-line)#exit Gateway(config)#line vty 0 4 Gateway(config-line)#password cisco Gateway(config-line)#login Gateway(config-line)#exit Gateway(config)#interface fastethernet 0 Gateway(config-if)#ip address 10.10.10.1 255.255.255.0 Gateway(config-if)#no shutdown Gateway(config-if)#exit Gateway(config)#interface serial 0 Gateway(config-if)#ip address 200.2.2.18 255.255.255.252 Gateway(config-if)#no shutdown Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17
Join NETS Be The Best 150
Tel: 5867776-5837968
Objective
Configure a router for Network Address Translation (NAT) and Port Address Translation (PAT) Troubleshoot NAT and PAT using debug
Background/Preparation
The ISP has allocated a company the public CIDR IP address 199.99.9.32/30. This is equivalent to four public IP addresses. Since the company has an internal requirement for more than 30 addresses, the IT manager has decided to use NAT with PAT. Routing between the ISP and the gateway router is done using a static route between the ISP and the gateway, and a default route between the gateway and the ISP. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.
Step 3 Configure hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher check using ipconfig in a DOS window.
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 151
Step 8 Define an access list that will match the inside private IP addresses
To define the access list to match the inside private addresses, use the access list command: Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255
Step 9 Define the NAT translation from inside list to outside pool
To define the NAT translation, use the ip nat inside source command: Gateway(config)#ip nat inside source list 1 pool public-access overload
From the work stations, ping 172.16.1.1 If the ip nat outside statement was entered correctly there should be output from the debug ip nat command. What does the NAT*: S=10.10.10.? -> 199.99.9.33 mean? To stop the debug output, type undebug all at the privileged EXEC mode prompt. Upon completion of the previous steps finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Gateway(config)#line vty 0 4 Gateway(config-line)#password cisco Gateway(config-line)#login Gateway(config-line)#exit Gateway(config)#interface fastethernet 0 Gateway(config-if)#ip add 10.10.10.1 255.255.255.0 Gateway(config-if)#no shutdown Gateway(config-if)#exit Gateway(config)#interface serial 0 Gateway(config-if)#ip add 200.2.2.18 255.255.255.252 Gateway(config-if)#no shutdown Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17
Tel: 5867776-5837968