CCNA-Practicals NETS Final

CISCO Certified Network Associate CCNA-PRACTICAL LABS
A Name in Career Building
Lab-1: Basic Switch Configuration
Objective
Configure a switch with a name and an IP address. Configure passwords to ensure that access to the CLI is secured. Configure switch port speed and duplex properties for an interface. Save the active configuration. View the switch browser interface.
Background/Preparation
Cable a network similar to the one in the diagram. Start a HyperTerminal session.
Step 1 Enter privileged mode

Privileged mode gives access to all the switch commands. Many of the privileged commands configure operating parameters. Therefore, privileged access should be password-protected to prevent unauthorized use. The privileged command set includes those commands contained in user EXEC mode, as well as the configure command through which access to the remaining command modes is gained. Switch>enable Switch# 1900: >enable # Notice the prompt changed in the configuration to reflect privileged EXEC mode.
Step 2 Examine the current switch configuration

Examine the following current running configuration file: Switch#show running-config How many Ethernet or Fast Ethernet interfaces does the switch have? ___________________ What is the range of values shown for the VTY lines? _______________________________ Examine the current contents of NVRAM as follows: Switch#show startup-config %% Non-volatile configuration memory is not present Why does the switch give this response?
_______________________________________________________________
National Engineers Training Services (NETS) Tel: 5867776-5837968 Join NETS Be The Best 1

Step 3 Assign a name to the switch

Enter enable and then the configuration mode. The configuration mode allows the management of the switch. Enter AL Switch, the name this switch will be referred to in the following: Switch#configure terminal Enter the configuration commands, one for each line. End by pressing Ctrl-Z. Switch(config)#hostname ALSwitch ALSwitch(config)#exit Notice the prompt changed in the configuration to reflect its new name. Type exit or press Ctrl-Z to go back into privileged mode.
Step 4 Examine the current running configuration

Exam the current configuration that follows to verify that there is no configuration except for the hostname: ALSwitch#show running-config Are there any passwords set on the lines? _______________________________________ What does the configuration show as the hostname of this switch? ______________________
Step 5 Set the access passwords (1900: Skip to Step 6)

Enter config-line mode for the console. Set the password on this line as cisco for login. Configure the vty lines 5 to 15 with the pass word cisco as follows: ALSwitch#configure terminal Enter the configuration commands, one for each line. End by pressing Ctrl-Z. ALSwitch(config)#line con 0 ALSwitch(config-line)#password cisco ALSwitch(config-line)#login ALSwitch(config-line)#line vty 0 15 ALSwitch(config-line)#password cisco ALSwitch(config-line)#login ALSwitch(config-line)#exit
Step 6 Set the command mode passwords

Set the enable password to cisco and the enable secret password to class as follows: ALSwitch(config)#enable password cisco 1900: ALSwitch(config)#enable password level 15 cisco ALSwitch(config)#enable secret class Which password takes precedence, the enable password or enable secret password? _______
Step 7 Configure the layer 3 access to the switch

Set the IP address of the switch to 192.168.1.2 with a subnet mask of 255.255.255.0 as follows: Note: This is done on the internal virtual interface VLAN 1. ALSwitch(config)#interface VLAN 1 ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0 ALSwitch(config-if)#exit 1900: ALSwitch(config)#ip address 192.168.1.2 255.255.255.0 ALSwitch(config)#exit Set the default gateway for the switch and the default management VLAN to 192.168.1.1 as follows:

ALSwitch(config)#ip default-gateway 192.168.1.1 ALSwitch(config)#exit 1900: ALSwitch(config)#ip default-gateway 192.168.1.1 ALSwitch(config)#exit
Step 8 Verify the management LANs settings (1900: Skip to Step 10)
Verify the interface settings on VLAN 1 as follows: ALSwitch#show interface VLAN 1 What is the bandwidth on this interface? ______________________________ What are the VLAN states: VLAN1 is __________, Line protoc ol is __________ Enable the virtual interface using the no shutdown command ALSwitch(config)#interface VLAN 1 ALSwitch(config-if)#no shutdown ALSwitch(config-if)#exit What is the queuing strategy? ______________________________________
Step 9 Save the configuration

The basic configuration of the switch has just been completed. Back up the running configuration file to NVRAM as follows : ALSwitch#copy running-config startup-config Destination filename [startup-config]?[Enter] Building configuration... [OK] ALSwitch# 1900: The configuration is automatically saved to NVRAM within approximately one minute of entering a command. To save the configuration to a TFTP server, enter the following: ALSwitch#copy nvram tftp://tftp server ip add/destination_filename Configuration upload is successfully completed.
Step 10 Examine the startup configuration file (1900: Skip to Step 11)
To see the configuration that is stored in NVRAM, type show startup-config from the privileged EXEC (enable mode) ALSwitch#show startup-config What is displayed? __________________________________________________________ Are all the changes that were entered recorded in the file? ____________________________
Step 11 Exit the switch

Leave the switch welcome screen by typing exit as follows : ALSwitch#exit Once these steps are completed, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
National Engineers Training Services (NETS)
Tel: 5867776-5837968
Join NETS Be The Best 3

Lab-2: Configuring Message-Of-The-Day (MOTD)
Objective
Demonstrate the commands to enter a message-of-the-day (MOTD) on the router. This procedure allows all users to view the message upon entering the router. Set up a network similar to the one in the previous diagram.
In this lab the Cisco Discovery Protocol (CDP) commands will be used. CDP discovers and shows information about directly connected Cisco devices (routers and switches). Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session as performed in the Establishing a HyperTerminal session lab.
Step 1 Configure basic router information

On the Gadsden router, enter the global configuration mode. Configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Enter the show running-config command to verify the configuration that was just entered. Save the configuration information from the privileged EXEC command mode. GAD#copy running-config startup-config
Step 2 Enter Global Configuration mode

Enter configure terminal at the router prompt. Notice the change in the router prompt.
Step 3 Display help for the banner motd command

Enter banner motd ? at the router prompt. What is the character called that is used to indicate the beginning and end of the banner? __________________________________________________________________
Step 4 Choose a description for the interface

The login banner should be a warning not to attempt login unless authorized. In the following space, enter an appropriate warning banner. The message can contain any printable character as well as spaces and carriage returns . ________________________________________________________________________
Step 5 Enter the desired banner message


From the global configuration mode enter banner motd # message #. The _#_ signs are used as delimiters and the message_ is the banner message c hosen in the previous step.
Step 6 Test the MOTD display

Exit the console session. Reenter the router to display the mess age-of-the-day. This is done by pressing the Enter key. This will display the message entered into the configuration.
Step 7 Verify the MOTD by looking at the router configuration

Enter the show running-config command. How does the banner MOTD show in the configuration listing? _______________________________________________________________________ Save the configuration information from the privileged EXEC command mode. Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Erasing and reloading the router

Enter into the privileged EXEC mode by typing enable. If prompted for a password, enter class. If class_ does not work, ask the instructor for assistance. Router>enable At the privileged EXEC mode, enter the command erase startup-config. Router#erase startup-config The responding line prompt will be: Erasing the nvram filesystem will remove all files! Continue? [confirm] Press Enter to confirm. The response should be: Erase of nvram: complete Now at the privileged EXEC mode, enter the command reload. Router(config)#reload The responding line prompt will be: System configuration has been modified. Save? [yes/no]: Type n and then press Enter. The responding line prompt will be: Proceed with reload? [confirm] Press Enter to confirm. In the first line of the response will be: Reload requested by console.
Tel: 5867776-5837968

Lab-3: Configuring Static VLANs
Objective
Create a basic switch configuration and verify it. Determine the switch firmware version. Create two VLANs, name them and assign member ports to them.
When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains . Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a Us er Interface Menu. Select the Command Line_ option from the menu to perform the steps for this lab. Start a HyperTerminal session.
Step 1 Configure the switch

Configure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switch

Configure the host to use the same subnet for the address, mask , and default gateway as on the switch.
Step 3 Verify connectivity

To verify that the host and switch are correctly configured, ping the switch from the host. Was the ping suc cessful? ____________________________________________ If the answer is no, troubleshoot the host and switch configurations.
Step 4 Show the IOS version

It is very important to know the version of the operating system. Differences between versions may change how commands are entered. Type the show version command at the user EXEC or privileged EXEC mode prompt as follows: Switch_A#show vlan
Tel: 5867776-5837968

What version of the switch IOS is displayed? ______________________________________ Does this switch have standard edition or Enterprise edition software? ___________________ What is the Firmware version of the switch? ______________________________________
Step 5 Display the VLAN interface information

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan 1900: Switch_A#show vlan-membership Which ports belong to the default VLAN? ________________________________________ 1900: Switch_A#show vlan How many VLANs are set up by default on the switch? ______________________________ What does the VLAN 1003 represent? __________________________________________ How many ports are in the 1003 VLAN? _________________________________________
Step 6 Create and name two VLANs

Check prompts on 2950 Enter the following commands to create and name two VLANs: Switch_A#vlan database Switch_A(vlan)#vlan 2 name VLAN2 Switch_A(vlan)#vlan 3 name VLAN3 Switch_A(vlan)#exit 1900: Switch_A#config terminal Switch_A(config)#vlan 2 name VLAN2 Switch_A(config)#vlan 3 name VLAN3

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan Are there new VLANs in the listing? _____________________________________ 1900: Switch_A#show vlan-membership Do they have any ports assigned to them yet? ______________________________
Step 8 Assign ports to VLAN 2

Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add port 2 to VLAN 2: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/2 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 2 Switch_A(config-if)#end 1900: Switch_A#config terminal Switch_A(config)#interface Ethernet 0/2 Switch_A(config-if)#vlan static 2 Switch_A(config)#end


On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan 1900: Switch_A#show vlan-membership Is port 2 assigned to VLAN 2? ___________________________________________ Is the port still listed in the default VLAN? _________________________________
Step 10 Assign a port to VLAN 3

Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add port 3 to VLAN3 Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/3 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config-if)#end 1900: Switch_A#config terminal Switch_A(config)#interface Ethernet 0/3 Switch_A(config)#vlan static 3 Switch_A(config)#end
Step 11 Look at the VLAN interface information

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan 1900: Switch_A#show vlan-membership Is port 3 assigned to VLAN 3? ________________________________________________ Is the port still listed in the default VLAN? ________________________________________
Step 12 Look at only VLAN2 information

Instead of displaying all of the VLANs type the show vlan id 2 command at the privileged EXEC mode prompt as follows: Switch_A#show vlan id 2 1900: Switch_A#show vlan 2 Does this command supply any more information than the show VLAN command? __________
Step 13 Look at only VLAN2 information with a different command (1900: Omit this step)
Instead of displaying all of the VLANs type the show vlan name VLAN2 command at the privileged EXEC mode prompt. Switch_A#show vlan name VLAN2 Does this command supply any more information than the show VLAN command? __________ Once the steps are completed, log off by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Tel: 5867776-5837968

Lab-4: Verifying VLAN Configurations
Objective
Create a basic switch configuration and verify it. Create two VLANs. Name the VLANs and assign multiple member ports to them. Test functionality by moving a workstation from one VLAN to another.
When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains. Cable a network similar to the one in the diagram. Start a HyperTerminal session.

Configure the hostname, access and command mode passwords, as well as the management LAN settings.


To verify that the host and switch are correctly configured, ping the switch from the host. Was the ping successful? __________________________________________________ If the answer is no, troubleshoot the host and switch configurations.

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan 1900: Switch_A#show vlan-membership Which ports belong to the default VLAN? ________________________________________

Enter the following commands to create and name two VLANs: Switch_A#vlan database Switch_A(vlan)#vlan 2 name VLAN2
Tel: 5867776-5837968

Switch_A(vlan)#vlan 3 name VLAN3 Switch_A(vlan)#exit 1900: Switch_A#config terminal Switch_A(config)#vlan 2 name VLAN2 Switch_A(config)#vlan 3 name VLAN3 Switch_A(config)#exit

Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 4,5 and 6 to VLAN 2. Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/4 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 2 Switch_A(config-if)#interface fastethernet 0/5 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 2 Switch_A(config-if)#interface fastethernet 0/6 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 2 Switch_A(config-if)#end 1900: Switch_A#config terminal Switch_A(config)#interface ethernet 0/4 Switch_A(config-if)#vlan static 2 Switch_A(config-if)#interface ethernet 0/5 Switch_A(config-if)#vlan static 2 Switch_A(config-if)#interface ethernet 0/6 Switch_A(config-if)#vlan static 2 Switch_A(config-if)#end
Step7 Display the VLAN interface information

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan 1900: Switch_A#show vlan-membership Are ports 4 through 6 assigned to VLAN 2? __________________________________________________________________________
Step 8 Asign ports 7, 8, and 9 to VLAN 3

Enter the following commands to add prot 3 to VLAN 3: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/7 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config-if)#interface fastethernet 0/8 Switch_A(config-if)#switchport mode access

Switch_A(config-if)#switchport access vlan 3 Switch_A(config-if)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config-if)#end 1900: Switch_A#config terminal Switch_A(config)#interface ethernet 0/7 Switch_A(config-if)#vlan static 3 Switch_A(config-if)#interface ethernet 0/8 Switch_A(config-if)#vlan static 3 Switch_A(config-if)#interface ethernet 0/9 Switch_A(config-if)#vlan static 3 Switch_A(config-if)#end

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan 1900: Switch_A#show vlan-membership Are ports 7 through 9 assigned to VLAN 3? _________________________________________________________________________
Step 10 Test the VLANs

Ping from the host in port 0/4 to the host in port 0/1. Was the ping successful? ____________________________________________________ Why? ___________________________________________________________________ Ping from the host in port 0/1 to the host in port 0/4. Was the ping successful? ____________________________________________________ Why? ___________________________________________________________________ Ping from the host in port 0/4 to the switch IP 192.168.1.2. Was the ping successful? ____________________________________________________ Why? ___________________________________________________________________ Ping from the host in port 0/1 to the switch IP 192.168.1.2. Was the ping successful? ____________________________________________________ Why? ___________________________________________________________________
Step 11 Move a host

Move the host in port 0/4 to port 0/3. Wait until the port LED goes green and then go to the next step.

Ping from the host in port 0/3 to the host in port 0/1. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in port 0/1 to the host in port 0/3. Was the ping successful? ____________________________________________________ Ping from the host in port 0/3 to the switch IP 192.168.1.2. Was the ping successful? ____________________________________________________

Step 13 Move hosts

Move the hosts in port 0/3 to port 0/4 and the host in port 0/1 to port 0/5. Wait until the port LED goes green and then go to the next step.

Ping from the host in port 0/4 to the host in port 0/5. Was the ping successful? ____________________________________________________ Why? ___________________________________________________________________ Ping from the host in port 0/5 to the host in port 0/4. Was the ping successful? ____________________________________________________ Ping from the host in port 0/4 to the switch IP 192.168.1.2. Was the ping successful? ____________________________________________________ Ping from the host in port 0/5 to the switch IP 192.168.1.2. Was the ping successful? ____________________________________________________ Why? ___________________________________________________________________
Step 15 Move hosts

Move the hosts in port 0/4 to port 0/8. Wait until the port LED goes green and then go to the next step.

Ping from the host in port 0/4 to the host in port 0/8. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in port 0/8 to the host in port 0/4. Was the ping successful? ___________________________________________________ Ping from the host in port 0/4 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Ping from the host in port 0/8 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________
2900 and 2950 Series Switches
Enter into the privileged EXEC mode by typing enable. If prompted for a password, enter class (if that does not work, ask the instructor). Switch>enable Remove the VLAN database information file. Switch#delete flash:vlan.dat Delete filename [vlan.dat]?[Enter] Delete flash:vlan.dat? [confirm] [Enter] If there was no VLAN file, this message is displayed. %Error deleting flash:vlan.dat (No such file or directory) Remove the switch startup configuration file from NVRAM. Switch#erase startup-config The responding line prompt will be: Erasing the nvram filesystem will remove all files! Continue? [confirm] Press Enter to confirm. The response should be: Erase of nvram: complete Check that VLAN information was deleted.

Verify that the VLAN configuration was deleted in Step 2 using the show vlan command. If previous VLAN configuration information (other than the default management VLAN 1) is still present it will be necessary to power cycle the switch (hardware restart) instead of is suing the reload command. To power cycle the switch, remove the power cord from the back of the switch or unplug it. Then plug it back in. If the VLAN information was successfully deleted in Step 2, go to Step 5 and restart the switch using the reload command. Software restart (using the reload command) At the privileged EXEC mode enter the command reload. Switch(config)#reload The responding line prompt will be: System configuration has been modified. Save? [yes/no]: Type n and then press Enter. The responding line prompt will be: Proceed with reload? [confirm] [Enter] The first line of the response will be: Reload requested by console. After the switch has reloaded, the line prompt will be: Would you like to enter the initial configuration dialog? [yes/no]: Type n and then press Enter. The responding line prompt will be: Press RETURN to get started! [Enter] 1900 Series Switches Remove VLAN Trunking Protocol (VTP) information. #delete vtp This command resets the switch with VTP parameters set to factory defaults. All other parameters will be unchanged. Reset system with VTP parameters set to factory defaults, [Y]es or [N]o? Enter y and press Enter. Remove the switch startup configuration from NVRAM. #delete nvram This command resets the switch with factory defaults. All system parameters will revert to their default factory settings. All static and dynamic addresses will be removed. Reset system with factory defaults, [Y]es or [N]o? Enter y and press Enter.
Tel: 5867776-5837968

Lab-5: Deleting VLAN Configurations
Objective
Create a basic switch configuration and verify it. Create two VLANs. Name the VLANs and assign multiple member ports to them. Delete VLANs Understand why it is not possible to delete VLAN 1.
When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.

Configure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart


To verify that the host and switch are correctly configured, ping the switch from the host. Was the ping suc cessful? __________________________________________________ If the answer is no, troubleshoot the host and switch configurations.

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan 1900: Switch_A#show vlan-membership Which ports belong to the default VLAN? ________________________________________

Enter the following commands to create and name two VLANs: Switch_A#vlan database Switch_A(vlan)#vlan 2 name VLAN2

Switch_A(vlan)#vlan 3 name VLAN3 Switch_A(vlan)#exit 1900: Switch_A#config terminal Switch_A(config)#vlan 2 name VLAN2 Switch_A(config)#vlan 3 name VLAN3

Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 4, 5 and 6 to VLAN 2. Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/4 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 2 Switch_A(config-if)# interface fastethernet 0/5 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 2 Switch_A(config-if)# interface fastethernet 0/6 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 2 Switch_A(config-if)#end 1900: Switch_A#config terminal Switch_A(config)#interface Ethernet 0/4 Switch_A(config-if)#vlan static 2 Switch_A(config-if)#interface Ethernet 0/5 Switch_A(config-if)#vlan static 2 Switch_A(config-if)#interface Ethernet 0/6 Switch_A(config-if)#vlan static 2 Switch_A(config)#end

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan 1900: Switch_A#show vlan-membership Are ports 4 through 6 assigned to VLAN 2? _______________________________________ 1900: Switch_A#config terminal Switch_A(config)#interface Ethernet 0/4 Switch_A(config-if)#vlan static 2 Switch_A(config-if)#interface Ethernet 0/5 Switch_A(config-if)#vlan static 2 Switch_A(config-if)#interface Ethernet 0/6 Switch_A(config-if)#vlan static 2 Switch_A(config)#end
Step 8 Assign Ports to VLAN 3


Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/7 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config)#interface fastethernet 0/8 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 3 Switch_A(config-if)#end
Step 9 Display the VLAN Interface Information

On Switch_A, type the command show vlan at the privileged EXEC prompt. Switch_A#show vlan Are ports 7-9 as signed to VLAN 3? _____________________________________________

Ping from the host in port 0/4 to the host in port 0/1. Was the ping suc cessful? _____________________________________________ Why? _____________________________________________ Ping from the host in port 0/1 to the host in port 0/4. Was the ping suc cessful? _____________________________________________ Why? _____________________________________________ Ping from the host in port 0/4 to the switch IP 192.168.1.2. Was the ping successful? _____________________________________________ Why? _____________________________________________ Ping from the host in port 0/1 to the switch IP 192.168.1.2. Was the ping suc cessful? _____________________________________________ Why? _____________________________________________
Step 11 Delete a Host from a VLAN

To remove a host from a VLAN, use the no form of the switchport commands in the port interface configuration mode. Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/4 Switch_A(config-if)#no switchport mode access Switch_A(config-if)#no switchport access vlan 2 1900: Switch_A#config terminal Switch_A(config)#interface Ethernet 0/4 Switch_A(config-if)#no vlan static 2 Switch_A(config-if)#end

On Switch_A, type the command show vlan at the privileged EXEC prompt. Switch_A#show vlan Is port 0/4 removed from VLAN 2? _____________________________________________
Step 13 Delete a VLAN


To remove an entire VLAN, enter the VLAN database mode and use the negative form of the command. Switch_A#vlan database Switch_A(vlan)#no vlan 3 Deleting VLAN 3 Switch_A(vlan)#exit 1900: Switch_A#config terminal Switch_A(config)#no vlan 3 Switch_A(config)#exit

On Switch_A, type the command show vlan at the privileged EXEC prompt. Switch_A#show vlan Is VLAN 3 removed? _______________________________________________________ What happened to the ports that were released from the VLANs? ______________________
Step 15 Delete VLAN 1

Try to delete VLAN 1, which is the default VLAN, the same way that you deleted VLAN 3. Switch_A#vlan database Switch_A(vlan)#no vlan 1 A default VLAN may not be deleted. Switch_A(vlan)#exit 1900: Switch_A#config t Switch_A(config)#no vlan 1 Switch_A(config)#no vlan 1 ^ % Invalid input detected at '^' marker. Switch_A(config)#exit The default VLAN cannot be deleted.
Tel: 5867776-5837968

Lab-6: Trunking with 802.1q
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Create an 802.1q trunk line between the two switches to allow communication between paired VLANs. Test the VLANs functionality by moving a work station from one VLAN to another.
Trunking changes the formatting of the packets. The ports need to be in agreement as to which format is being used to transmit data on the trunk or no data will be passed. If there is different trunking encapsulation on the two ends of the link they will not able to communicate. Similar situation will occur if one of your ports is configured in trunking mode (unconditionally) and the other one as in access mode (unconditionally). When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains. Start a HyperTerminal session.

Configure the Hostname, access/command mode passwords, and the management LAN settings.

Configure the host to use the same subnet for the address, mask , and default gateway on switch.

To verify that the host and switch are correctly configured, ping the switch from the hosts. Were the pings successful? __________________________________________________ If the answer is no, troubleshoot the host and switches configurations.

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows:

Switch_A#show vlan
Step 5 Create and name three VLANs

Enter the following commands to create and name three VLANs: Switch_A#vlan database Switch_A(vlan)#vlan 10 name Accounting Switch_A(vlan)#vlan 20 name Marketing Switch_A(vlan)#vlan 30 name Engineering Switch_A(vlan)#exit
Step 6 Assign ports to a VLAN 10

Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/4 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 10 Switch_A(config-if)#interface fastethernet 0/5 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 10 Switch_A(config-if)#interface fastethernet 0/6 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 10 Switch_A(config-if)#end

Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/7 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/8 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#end

Enter the following commands to add ports 0/7 to 0/9 to VLAN 20: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/10 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/11 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/12 Switch_A(config-if)#switchport mode access

Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#end
Step 9 Create VLANs on Switch_B

Repeat Steps 5 through 9 on Switch_B to create its VLANs

On both switches, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan Are ports 0/10 through 0/12 assigned to VLAN 30? _____________________________________

Ping from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12. Was the ping suc cessful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________
Step 12 Create the trunk

On both switches, Switch_A and Switc h_B, type the following command at the fastethernet 0/1 interface command prompt. Note that it is not necessary to specify the encapsulation on a 2950, since it only supports 802.1Q. Switch_A(config)#interface fastethernet 0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#end Switch_B(config)#interface fastethernet 0/1 Switch_B(config-if)#switchport mode trunk Switch_B(config-if)#end 2900: Switch_A(config)#interface fastethernet0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#switchport trunk encapsulation dot1q Switch_A(config-if)#end Switch_B(config)#interface fastethernet0/1 Switch_B(config-if)#switchport mode trunk Switch_B(config-if)#switchport trunk encapsulation dot1q Switch_B(config-if)#end
Step 13 Verify the trunk

To verify that port Fast Ethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt.
Step 14 Test the VLANS and the trunk

Ping from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________
Step 15 Move host.


Move the host in Switch_A from port 0/12 to port 0/8. Wait until the port LED goes green and then go to the next step.

Ping from the host in Switch_A port 0/8 to the host in Switch_B port 0/12. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________
Step 17 Move host

Move the host in Switch_B from port 0/12 to port 0/7. Wait until the port LED goes green and then go to the next step.

Ping from the host in Switc h_A port 0/8 to the host in Switch_B port 0/7. Was the ping suc cessful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________
Step 19 Move hosts


Ping from the host in Switch_A port 0/2 to the host in Switch_B port 0/7. Was the ping successful? ___________________________________________________ Ping from the host in Switch_A port 0/2 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________
Step 21 Move host


Ping from the host in Switc h_A port 0/2 to the host in Switch_B port 0/3. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.3. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ What conclusions can be drawn from the testing that was just performed in regards to VLAN membership and VLANs across a trunk? __________________________________________________________________________
Tel: 5867776-5837968

Lab-7: Trunking with ISL
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Create an ISL trunk line between the two switches to allow communication between paired VLANs. Test the VLANs functionality by moving a work station from one VLAN to another.
Note: The use of Catalyst 2950 switches is not appropriate for this lab as they only support 802.1q trunking. Trunking changes the formatting of the pack ets. The ports need to be in agreement as to which format is being used to transmit data on the trunk or no data will be passed. If there is different trunking encapsulation on the two ends of the link they will not able to communicate. A similar situation will occur if one of the ports is configured in trunking mode, unconditionally, and the other one as in access mode, unconditionally. When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains. Start a HyperTerminal session.



To verify that the host and switch are correctly configured, ping the switches from the host.

Were the pings successful? __________________________________________________ If the answer is no, troubleshoot the host and switches configurations.

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan



Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/7 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/8 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#end

Enter the following commands to add ports 0/7 to 0/9 to VLAN 20: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/10 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/11

Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/12 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#end
Step 9 Create VLANs on Switch_B

Repeat Steps 5 through 8 on Switch_B to create its VLANs.
Step 10 Display he VLAN interface information

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan Are ports 0/10 through 0/12 assigned to VLAN 30? ____________________________

Ping from the host in Switch_A port 0/12 to the host in Switch_B port 0/12. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________
Step 12 Create the ISL trunk

On both switches, Switch_A and Switc h_B, type the following command at the fastethernet 0/1 interface command prompt Switch_A(config)#interface fastethernet 0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#switchport trunk encapsulation isl Switch_A(config-if)#end Switch_B(config)#interface fastethernet 0/1 Switch_B(config-if)#switchport mode trunk Switch_B(config-if)#switchport trunk encapsulation isl Switch_B(config-if)#end
Step 13 Verify the ISL trunk

To verify that port fastethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt. What type of trunking encapsulation is shown on the output results? __________________ According to the output with show interface fastethernet 0/1 switchport on Switch_B, is there a difference from the Administrative Trunking Encapsulation from the Operational Trunking Encapsulation? ______________________________________________________________

Ping from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12. Was the ping suc cessful? ___________________________________________________ Why? ___________________________________________________________________ Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? ___________________________________________________________________

Step 15 Move host


Ping from the host in Switch_A port 0/8 to the host in Switch_B port 0/12. Was the ping successful? ___________________________________________________ Why? ___________________________________________________________________ Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? ___________________________________________________________________
Step 17 Move host


Ping from the host in Switc h_A port 0/8 to the host in Switch_B port 0/7. Was the ping successful? ___________________________________________________ Why? ___________________________________________________________________ Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? ___________________________________________________________________
Step 19 Move host


Ping from the host in Switc h_A port 0/2 to the host in Switch_B port 0/7. Was the ping successful? ___________________________________________________ Ping from the host in Switch_A port 0/2 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? ___________________________________________________________________
Step 21 Move host


Ping from the host in Switc h_A port 0/2 to the host in Switch_B port 0/3. Was the ping successful? ___________________________________________________ Why? ___________________________________________________________________ Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? ___________________________________________________________________ Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.3. Was the ping successful? ___________________________________________________ Why? ___________________________________________________________________ What conclusions can be drawn from the testing that was just performed in regards to VLAN membership and VLANs across a trunk? ________________________________________________________________________

Lab-8: VTP Client and Server Configurations
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Configure the VTP protocol to establish Server and client switches. Create an 802.1q trunk line between the two switches to allow communication between paired VLANs. Then test the VLANs functionality by moving a work station from one VLAN to another.
When managing a switch, the Management Domain is always VLAN 1. The Network Administrators workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. Cable a network similar to the one of in diagram. Start a HyperTerminal session.

Configure the hostname, access, and command mode passwords, as well as the management LAN settings. These values are shown in the chart.

Configure the host to use the same subnet for the address, mask, and default gateway on switch.


Step 5 Configure VTP

VLAN Trunking Protocol (VTP) needs to be configured on both switches. VTP is the protocol that will communicate information about which VLANs exist from one switch to another. If VTP

did not provide this information, VLANs would have to be created on all switches individually. By default, the Catalyst switch series are configured as VTP servers. In the event that the sever services are turned off, use the following command to turn it back on. Switch_A#vlan database Switch_A(vlan)#vtp server Switch_A(vlan)#exit



Enter the following commands to add ports 0/7 to 0/9 to VLAN 20: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/7 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/8 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#end

Enter the following commands to add ports 0/10 to 0/12 to VLAN 30: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/10 Switch_A(config-if)#switchport mode access

Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/11 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/12 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#end

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan Are ports 0/10 through 0/12 assigned to VLAN 30? __________________________________________________________________________
Step 11 Configure VTP client

Enter the following commands to configure Switch_B to be a VTP client: Switch_B#vlan database Switch_B(vlan)#vtp client Switch_B(vlan)#vtp domain group1 Switch_B(vlan)#exit

On both switches, Switch_A and Switch_B, type the following command at the fastethernet 0/1 interface command prompt. Note that it is not necessary to specify the encapsulation on a 2950, since it only supports 802.1Q. Switch_A(config)#interface fastethernet 0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#end Switch_B(config)#interface fastethernet 0/1 Switch_B(config-if)#switchport mode trunk Switch_B(config-if)#end 2900: Switch_A(config)#interface fastethernet0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#switchport trunk encapsulation dot1q Switch_A(config-if)#end Switch_B(config)#interface fastethernet0/1 Switch_B(config-if)#switchport mode trunk Switch_B(config-if)#switchport trunk encapsulation dot1q Switch_B(config-if)#end

To verify that port fastethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt What type of trunking encapsulation is shown on the output results? ____________________


Do VLANs 10, 20, and 30 show without having to type them in? ____________________ Why did this happen? ______________________________________________________

Although the VLAN definitions have migrated to Switch_B using VTP, it is still necessary to assign ports to these VLANs on Switch_B. Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10. Switch_B#configure terminal Switch_B(config)#interface fastethernet 0/4 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 10 Switch_B(config-if)#interface fastethernet 0/5 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 10 Switch_B(config-if)#interface fastethernet 0/6 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 10 Switch_B(config-if)#end

Enter the following commands to add ports 0/7 to 0/9 to VLAN 20: Switch_B#configure terminal Switch_B(config)#interface fastethernet 0/7 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 20 Switch_B(config-if)#interface fastethernet 0/8 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 20 Switch_B(config-if)#interface fastethernet 0/9 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 20 Switch_B(config-if)#end


On Switch_B, type the command show vlan at the privileged EXEC prompt as follows:

Switch_A#show vlan Are ports 0/10 through 0/12 assigned to VLAN 30? _________________________________

Step 20 Move hosts


Ping from the host in Switc h_A port 0/8 to the host in Switch_B port 0/12. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Once the steps are complete, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Tel: 5867776-5837968

Lab-9: VTP Client and Server Configurations
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Configure the VTP protocol to establish Server and client switches. Create an 802.1q trunk line between the two switches to allow communication between paired VLANs. Then test the VLANs functionality by moving a work station from one VLAN to another.
When managing a switch, the Management Domain is always VLAN 1. The Network Administrators workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. Cable a network similar to the one of in diagram. Start a HyperTerminal session.


Configure the host to use the same subnet for the address, mask , and default gateway on switch.


Step 5 Configure VTP

VLAN Trunking Protocol (VTP) needs to be configured on both switches. VTP is the protocol that will communicate information about which VLANs exist from one switch to another. If VTP

did not provide this information, VLANs would have to be created on all switches individually. By default, the Catalyst switch series are configured as VTP servers. In the event that the sever services are turned off, use the following command to turn it back on. Switch_A#vlan database Switch_A(vlan)#vtp server Switch_A(vlan)#exit



Enter the following commands to add ports 0/7 to 0/9 to VLAN 20: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/7 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/8 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#end

Enter the following commands to add ports 0/10 to 0/12 to VLAN 30: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/10 Switch_A(config-if)#switchport mode access

Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/11 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#interface fastethernet 0/12 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 30 Switch_A(config-if)#end

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan Are ports 0/10 through 0/12 assigned to VLAN 30? __________________________________________________________________________
Step 11 Configure VTP client

Enter the following commands to configure Switch_B to be a VTP client: Switch_B#vlan database Switch_B(vlan)#vtp client Switch_B(vlan)#vtp domain group1 Switch_B(vlan)#exit

On both switches, Switch_A and Switch_B, type the following command at the fastethernet 0/1 interface command prompt. Note that it is not necessary to specify the encapsulation on a 2950, since it only supports 802.1Q. Switch_A(config)#interface fastethernet 0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#end Switch_B(config)#interface fastethernet 0/1 Switch_B(config-if)#switchport mode trunk Switch_B(config-if)#end 2900: Switch_A(config)#interface fastethernet0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#switchport trunk encapsulation dot1q Switch_A(config-if)#end Switch_B(config)#interface fastethernet0/1 Switch_B(config-if)#switchport mode trunk Switch_B(config-if)#switchport trunk encapsulation dot1q Switch_B(config-if)#end

To verify that port fastethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt What type of trunking encapsulation is shown on the output results? ____________________


Do VLANs 10, 20, and 30 show without having to type them in? ____________________ Why did this happen? ______________________________________________________

Although the VLAN definitions have migrated to Switch_B using VTP, it is still necessary to assign ports to these VLANs on Switch_B. Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10. Switch_B#configure terminal Switch_B(config)#interface fastethernet 0/4 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 10 Switch_B(config-if)#interface fastethernet 0/5 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 10 Switch_B(config-if)#interface fastethernet 0/6 Switch_B(config-if)#switchport mode access Switch_B(config-if)#switchport access vlan 10 Switch_B(config-if)#end



On Switch_B, type the command show vlan at the privileged EXEC prompt as follows:

Switch_A#show vlan Are ports 0/10 through 0/12 assigned to VLAN 30? _________________________________

Step 20 Move hosts


Ping from the host in Switc h_A port 0/8 to the host in Switch_B port 0/12. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________ Why? __________________________________________________________________ Once the steps are complete, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Tel: 5867776-5837968

Lab-10: Configuring Static MAC Addresses
Objective
Create a static address entry in the switch MAC table. Remove the created static MAC addres s entry.
Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch used may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the command Line option from the menu to perform the steps for this lab. Start a HyperTerminal session.


Configure the hosts to use the same IP subnet for the address, mas k, and the default gateway on the switch.

To verify that the hosts and switch are correctly configured, ping the switch IP address from the hosts. Were the pings successful? __________________________________________________ If the answer is no, troubleshoot the hosts and switch configurations.
Step 4. Record the host MAC addresses

Determine and record the layer 2 addresses of the PC network interface cards. If running Windows 98, check by using Start > Run > winipcfg. Click on More info. If running Windows 2000, check by using Start > Run > cmd > ipconfig /all. PC1: ___________________________________________________________________ PC4: ___________________________________________________________________
Step 5 Determine what MAC addresses that the switch has learned
To determine what MAC addresses the switch has learned use the show mac-address-table command as follows at the privileged exec mode prompt:
Tel: 5867776-5837968

ALSwitch#show mac-address-table How many dynamic addresses are there? ________________________________________ How many total MAC addresses are there? _______________________________________ Do the MAC addresses match the host MAC addresses? _____________________________
Step 6 Determine the show MAC table options

To determine the options the mac-address-table command has use the ? option as follows: ALSwitch(config)#mac-address-table ? How many options are available for the mac-address-table command? _______________ There is an option to set a static MAC address in the table. Under what circumstances would this option be utilized? ____________________________________________________________
Step 7 Setup a static MAC address

Setup a static MAC address on Fast Ethernet interface 0/4 as follows: Note: Use the address that was recorded for PC4 in step 4. The MAC address 00e0.2917.1884 is used in the ex ample statement only. ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 1 2900: ALSwitch(config)#mac-address-table static 00e0.2917.1884 fastethernet 0/4 vlan 1 1900: ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet 0/4
Step 8 Verify the results

Enter the following to verify the macaddress table entries.
ALSwitch#show mac-address-table
How many total MAC addresses are there now? ___________________________________ How many static addresses are there? __________________________________________ Under what circumstances can other static or dynamic learning of addresses occur on port 4? ________________________________________________________________________
Step 9 Remove the static MAC entry

The static mac-address-table entry may need to be reversed. To do this, enter the configuration mode and reverse the command by putting a no in front of the entire old command string as follows: Note: The MAC address 00e0.2917.1884 is used in the example statement only, use the MAC address that was rec orded for the host on port 0/4. ALSwitch(config)#no mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 1 2900: ALSwitch(config)#no mac-address-table static 00e0.2917.1884 fastEthernet 0/4 vlan 1 1900: ALSwitch(config)#no mac-address-table permanent 00e0.2917.1884 ethernet 0/4

Enter the following to verify that the static MAC address was cleared: ALSwitch#show mac-address-table static How many total static MAC addresses are there now? _______________________________

Type exit, as follows, to leave the switch welcome screen

Switch#exit Once the steps are completed, logoff, by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Erasing and Reloading the Switch

As done in previous labs.
Tel: 5867776-5837968

Lab-11: Managing the MAC Address Table
Objective
Create a basic switch configuration. Manage the switch MAC table.
Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch used may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the command Line_ option from the menu to perform the steps for this lab. Start a HyperTerminal session.


Configure the hosts to use the same IP subnet for the address, mask, and default gateway as on the switch.

To verify that hosts and switch are correctly configured, ping the switch IP address from the hosts. Were the pings successful? __________________________________________________ If the answer is no, troubleshoot the hosts and switch configurations.
Step 4 Record the MAC addresses of the host

a. Determine and record the layer 2 addresses of the PC network interface cards. If running Windows 98, check by using Start > Run > winipcfg, then click on More info. If running Windows 2000, check by using Start > Run > cmd > ipconfig /all. PC1: ___________________________________________________________________ PC4: ___________________________________________________________________
Step 5 Determine the MAC addresses that the switch has learned
To determine the what MAC addresses the switch has learned use the show mac-address- table command as follows at the privileged EXEC mode prompt:
Tel: 5867776-5837968

ALSwitch#show mac-address-table How many dynamic addresses are there? ________________________________________ How many total MAC addresses are there? _______________________________________ Why are there more MAC addresses than ports on the switch? __________________________________________________________________________ How many addresses have been user defined? ___________________________________ Do the MAC addresses match the host MAC addresses? _____________________________

To determine the options the show mac-address-table command has use the ? option as follows: ALSwitch#show mac-address-table ? How many options are available for the show mac-address-table command? __________ Show only the mac-address-tables that were learned dynamically. How many are there? _______________________________________________________
Step 7 Clear the MAC address table

To remove the existing MAC addresses use the clear mac-address-table command from the privileged EXEC mode prompt as follows: ALSwitch#clear mac-address-table dynamic

Verify that the mac-address-table was cleared as follows: ALSwitch#show mac-address-table How many total MAC addresses are there now? ___________________________________ Why are there so many? ____________________________________________________ How many dynamic addresses are there? ________________________________________
Step 9 Determine the clear MAC table options

To determine the options available use the command clear mac-address-table ? at the privileged EXEC mode prompt as follows: ALSwitch#clear mac-address-table ? How many options are there? _________________________________________________ In what circumstances would these options be used? _______________________________
Step 10 Examine the MAC table again

Look at the MAC address table again using the show mac-address-table command at the privileged EXEC mode prompt as follows: ALSwitch#show mac-address-table How many dynamic addresses are there? ________________________________________ Why did this change from the last display? _______________________________________ The table has not changed yet, ping the switch IP address from the hosts two times each and repeat Step 10.

Type exit, as follows to leave the switch welcome screen witch#exit Once the steps are completed, logoff, by typing exit, and turn all the devices off. Then remove and store the cables and adapter. Switch>enable Switch# Switch#configure terminal

Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname ALSwitch ALSwitch(config)#enable secret class ALSwitch(config)#enable password cisco ALSwitch(config)#line con 0 ALSwitch(config-line)#password cisco ALSwitch(config-line)#login ALSwitch(config-line)#line vty 0 15 ALSwitch(config-line)#password cisco ALSwitch(config-line)#login ALSwitch(config-line)#interface Vlan1 ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0 ALSwitch(config-if)#no shutdown ALSwitch(config-if)#ip default-gateway 192.168.1.1 ALSwitch(config)#exit ALSwitch#show mac-address-table Mac Address Table Vlan Mac Address Type Ports ---- ----------- -------- ----All 0009.b7f6.61c0 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0001.0276.8eec DYNAMIC Fa0/1 1 0001.0276.90dd DYNAMIC Fa0/4 Total Mac Addresses for this criterion: 6 ALSwitch#show mac-address-table ? address address keyword aging-time aging-time keyword count count keyword dynamic dynamic entry type interface interface keyword multicast multicast info for selected wildcard notification MAC notification parameters and history table static static entry type vlan VLAN keyword | Output modifiers <cr> ALSwitch#show mac-address-table dynamic Mac Address Table ------------------------------------------Vlan Mac Address Type Ports ---- ----------- -------- ----1 0001.0276.8eec DYNAMIC Fa0/1 1 0001.0276.90dd DYNAMIC Fa0/4

Total Mac Addresses for this criterion: 2 ALSwitch#clear mac-address-table % Incomplete command. ALSwitch#clear mac-address-table ? dynamic dynamic entry type notification Clear MAC notification Global Counters ALSwitch#clear mac-address-table dynamic ALSwitch#show mac-address-table Mac Address Table ------------------------------------------Vlan Mac Address Type Ports ---- ----------- -------- ----All 0009.b7f6.61c0 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU Total Mac Addresses for this criterion: 4 ALSwitch#clear mac-address-table ? dynamic dynamic entry type notification Clear MAC notification Global Counters ALSwitch#show mac-address-table Mac Address Table ------------------------------------------Vlan Mac Address Type Ports ---- ----------- -------- ----All 0009.b7f6.61c0 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0001.0276.8eec DYNAMIC Fa0/1 1 0001.0276.90dd DYNAMIC Fa0/4

Tel: 5867776-5837968

Lab-12: Selecting the Root Bridge
Objective
Create a basic switch configuration and verify it. Determine which switch is selected as the root switch with the factory default settings. Force the other switch to be selected as the root switch.
Cable a network similar to the one in the diagram. The c onfiguration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Start a HyperTerminal session.
Step 1 Configure the switches

Step 2 Configure the hosts attached to the switches

Configure the host to use the same subnet for the address, mask, and default gateway on switch.

To verify that the hosts and switches are correctly configured, ping the switches from the hosts. Were the pings successful? __________________________________________________ If the answer is no, troubleshoot the hosts and switches configurations.
Step 4 Display the show interface VLAN options

Type show interface vlan1. List some of the options available: ________________ _______________ _____________
Step 5 Display VLAN interface information

On Switch_A, type the command show interface VLAN1 at the privileged EXEC mode prompt as follows: Switch_A#show interface vlan 1 What is the MAC address of the s witch? _________________________________________ On Switch_B type the command show interface VLAN1 at the privileged EXEC mode prompt as follows: Switch_B#show interface vlan 1 What is the MAC address of the s witch? _________________________________________
Tel: 5867776-5837968

Which switch should be the root of the spanning tree for VLAN 1? ______________________
Step 6 Display the spanning tree table on each switch

At the privileged EXEC mode prompt, type the following on Switch_A: Type show spanning-tree brief if running version 12.0 of the IOS. If running version 12.1 of the IOS, type show spanning-tree. Switch_A#show spanning-tree brief On Switch_B type show spanning-tree brief at the privileged EXEC mode prompt as follows: Switch_B#show spanning-tree brief Examine the output and ans wer the following questions. Which switch is the root switch? _______________________________________________ What is the priority of the root switch? ___________________________________________ What is the bridge id of the root switch? _________________________________________ Which ports are forwarding on the root switch? ____________________________________ Which ports are blocking on the root switch? ______________________________________ What is the priority of the non-root switch? _______________________________________ What is the bridge id of the non-root switch? ______________________________________ Which ports are forwarding on the non-root switch? _________________________________ Which ports are blocking on the non-root switch? __________________________________ What is the status of the link light on the blocking port? ______________________________
Step 7 Reassign the root bridge

It has been determined that the switch selected as the root bridge, by using default values, is not the best choice. It is necessary to force the ther_ switch to become the root s witch. In the example output given the root switch by default, is Switch_A. Switch_B is preferred as the root switch. Go to the console and enter configuration mode if necessary. Determine the parameters that can be configured for the Spanning-Tree Protocol by issuing the following: Switch_B(config)#spanning-tree ? List the options. _____________ _____________ _____________ _____________ _____________ _____________ _____________ _____________ Set the priority of the switch that is not root to 4096. If version 12.0 is used, enter the following: Switch_B(config)#spanning-tree priority 1 Switch_B(config)#exit If version 12.1 is used, enter the following: Switch_B(config)#spanning-tree vlan 1 priority 4096 Switch_B(config)#exit
Step 8 Display the switch spanning tree table

At the privileged EXEC mode prompt, type the following on Switch_A: Note: Type show spanning-tree brief if running version 12.0 of the IOS. If running version 12.1 of the IOS, type show spanning-tree. Switch_A#show spanning-tree brief On Switch_B type show spanning-tree brief at the privileged EXEC mode prompt as follows: Switch_B#show spanning-tree brief Examine the output and ans wer the following questions. Which switch is the root switch? _______________________________________________

What is the priority of the root switch? ___________________________________________ Which ports are forwarding on the root switch? ____________________________________ Which ports are blocking on the root switch? ______________________________________ What is the priority of the non-root switch? _______________________________________ Which ports are forwarding on the non-root switch? _________________________________ Which ports are blocking on the non-root switch? __________________________________ What is the status of the link light on the blocking port? ______________________________
Step 9 Verify the running configuration file on the root switch

On the switch that was changed to be the root bridge, type show running-config at the privileged EXEC mode prompt. Is there an entry in the running configuration file that s pecifies the spanning tree priority of this router? ______________________________________________________________ What does that entry say? ___________________________________________________ Note: The output is different depending on if the IOS used is vers ion 12.0 or version 12.1. Once the steps are complete, log off by typing exit, and turn all the devices off. Then remove and store the cables and adapter.

Tel: 5867776-5837968

Lab-13: Configuring Port Security
Objective
Create and verify a basic switch configuration. Configure port security on individual FastEthernet ports.
Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are intended to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the Command Line_ option from the menu to perform the steps for this lab. Start a HyperTerminal session.


Configure the hosts to use the same IP subnet for the address, mas k, and default gateway as on the switch. There is a third host needed for this lab. It needs to be configured with the address 192.168.1.7. The subnet mask is 255.255.255.0 and the default gateway is 192.168.1.1. Note: Do not connect this PC to the switch yet.

To verify that hosts and switch are correctly configured, ping the switch IP address from the hosts. Were the pings successful? __________________________________________________ If the answer is no, troubleshoot the hosts and switch configurations.
Step 4 Record the host MAC addresses

Determine and record the layer 2 addresses of the PC network interface cards. If running Windows 98, check by using Start > Run > winipcfg. Click on More info. If running Windows 2000, check by using Start > Run > cmd > ipconfig /all. PC1____________________________________________________________________
Tel: 5867776-5837968

PC2____________________________________________________________________
Step 5 Determine what MAC addresses that the switch has learned
Determine what MAC addresses the switch has learned by using the show mac-address-table command, as follows, at the privileged exec mode prompt: ALSwitch#show mac-address-table How many dynamic addresses are there? ________________________________________ How many total MAC addresses are there? _______________________________________ Do the MAC addresses match the host MAC addresses? _____________________________

Enter the following to determine the options the mac-address-table command has use the ? option: ALSwitch(config)#mac-address-table ?
Step 7 Setup a static MAC address

Setup a static MAC address on FastEthernet interface 0/4 as follows: Note: Use the address that was recorded for PC4 in Step 4. The MAC address 00e0.2917.1884 is used in the ex ample statement only. ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 1 2900: ALSwitch(config)#mac-address-table static 00e0.2917.1884 fastethernet 0/4 vlan 1 1900: ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet 0/4

Enter the following to verify the macaddress table entries. ALSwitch#show mac-address-table How many total MAC addresses are there now? ___________________________________
Step 9 List port security options

Determine the options for setting port security on interface FastEthernet 0/4. Type port security ? from the interface configuration prompt for FastEthernet port 0/4 as follows: ALSwitch(config)#interface fastethernet 0/4 ALSwitch(config-if)#switchport port-security ? aging Port-security aging commands mac-address Secure mac address maximum Max secure addrs violation Security Violation Mode <cr> 1900: ALSwitch(config)#interface ethernet 0/4 ALSwitch(config-if)#port secure ? max-mac-count Maximum number of addresses allowed on the port <cr> 2950: ALSwitch(config-if)#switchport port-security ? aging Port-security aging commands mac-address Secure mac address

maximum Max secure addrs violation Security Violation Mode <cr> To allow the switchport FastEthernet 0/4 to accept only one device enter port security as follows: ALSwitch(config-if)#switchport mode access ALSwitch(config-if)#switchport port-security ALSwitch(config-if)#switchport port-security mac-address sticky 1900: ALSwitch(config-if)#port secure

Enter the following to verify the mac address table entries: ALSwitch#show mac-address-table How are the address types listed for the two MAC addresses? ______________________ Show port security settings ALSwitch#show port-security 1900: ALSwitch#show mac-address-table security
Step 11 Show the running configuration file

Are there statements that directly reflect the security implementation in the listing of the running configuration? ____________________________________________________________ What do those statements mean? __________________________________________________________________________
Step 12 Limit the number of hosts per port

On interface FastEthernet 0/4 set the port security maximum MAC count to 1 as follows: ALSwitch(config)#interface fastethernet 0/4 ALSwitch(config-if)#port security max-mac-count 1 1900: ALSwitch(config)#interface Ethernet 0/4 ALSwitch(config-if)#port secure max-mac-count 1 2950: ALSwitch(config-if)#switchport port-security maximum 1 Disconnect the PC attached to FastEthernet 0/4. Connect to the port on the PC that has been given the IP address 192.168.1.7. This PC has not yet been attached to the switch. It may be necessary to ping the switch address 192.168.1.2 to generate some traffic. Record any observations. ___________________________________________________ __________________________________________________________________________
Step 13 Configure the port to shut down if there is a security violation

It has been decided that in the event of a security violation the interface should be shut down. Enter the following to make the port security action to shutdown: ALSwitch(config-if)#switchport port-security violation shutdown 2900XL: ALSwitch(config-if)#port security action shutdown 1900: The default action upon address violation is uspend

What other action options are available with port security? ____________________________ If necessary, ping the switch address 192.168.1.2 from the PC 192.168.1.7. This PC is now connected to interface FastEthernet 0/4. This ensures that there is traffic from the PC to the switch. Record any observations. __________________________________________________________________________ __________________________________________________________________________
Step 14 Show port 0/4 configuration information

To see the configuration information for just FastEthernet port 0/4, type show interface fastethernet 0/4, as follows, at the privileged exec mode prompt: ALSwitch#show interface fastethernet 0/4 1900: ALSwitch#show interface ethernet 0/4 What is the state of this interface? FastEthernet0/4 is _________________________, line protocol is ____________________ 1900: ALSwitch#show interface ethernet 0/4 What is the state of this interface? Ethernet 0/4 is _________________________, line protocol is _______________________
Step 15 Reactivate the port

If a security violation occurs and the port is shut down, use the no shutdown command to reactivate it. Try reactivating this port a few times by switching between the original port 0/4 host and the new one. Plug in the original host, type the no shutdown command on the interface and ping using the DOS window. The ping will have to be repeated multiple times or use the ping 192.168.1.2 n 200 command. This will set the number of ping packets to 200 instead of 4. Then switch hosts and try again.

Type exit, as follows, to leave the switch welcome screen: Switch#exit Once the steps are completed, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Tel: 5867776-5837968

Lab-14: Configuring Static Routes
Objective
Configure static routes between routers to allow data transfer between routers without the use of dynamic routing protocols.
Setup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
Step 1 Configure both routers

Enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords.
Step 2 Configure the workstations

Configure the workstations with the proper IP address, subnet mask, and default gateway. Check connectivity between the workstations using ping. C:\>ping 192.168.16.2 Pinging 192.168.16.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.16.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Was the ping successful? __________________________________________________ Why did the ping fail? ______________________________________________________
Step 3 Check interface status

Check the interfaces on both routers with the command show ip interface brief. Are all the necessary interfaces up? ____________________________________________
Tel: 5867776-5837968

Step 4 Check the routing table entries

Using the command show ip route, view the IP routing table for GAD. GAD>show ip route output eliminated Gateway of last resort is not set C 192.168.14.0/24 is directly connected, FastEthernet0 C 192.168.15.0/24 is directly connected, Serial0 Use the command show ip route, view the IP routing table for BHM. BHM>show ip route Output eliminated. Gateway of last resort is not set C 192.168.15.0/24 is directly connected, Serial0 C 192.168.16.0/24 is directly connected, FastEthernet0 Are all of the routes needed in the routing tables? __________________________________ Can a host on subnet 192.168.16.0 see a host on network 192.168.14.0? _________________ If a route is not in the routers to which the host is connected, the host cannot reach the destination host.
Step 5 Adding static routes

How can this situation be changed so that the hosts can ping each other? Add static routes to each router or run a routing protocol. In global configuration mode, add a static route on Router1 to network 192.168.16.0 and on Router2 to network 192.168.14.0. GAD(config)#ip route 192.168.16.0 255.255.255.0 192.168.15.2 BHM(config)#ip route 192.168.14.0 255.255.255.0 192.168.15.1 Why is a static route needed on both routers? ___________________________________
Step 6 Verify the new routes

Use the command show ip route, view the IP routing table for GAD. GAD>show ip route output eliminated Gateway of last resort is not set C 192.168.14.0/24 is directly connected, FastEthernet0 C 192.168.15.0/24 is directly connected, Serial0 S 192.168.16.0/24 [1/0] via 192.168.15.2 Using the command show ip route, view the IP routing table for BHM. BHM>show ip route Output eliminated. Gateway of last resort is not set S 192.168.14.0/24 [1/0] via 192.168.15.1 C 192.168.15.0/24 is directly connected, Serial0 C 192.168.16.0/24 is directly connected, FastEthernet0 Are all of the routes needed in the routing tables? __________________________________ Can a host on subnet 192.168.16.0 see a host on network 192.168.14.0? _________________
Step 7 ping host to host again

Check connectivity between the workstations using ping. C:\>ping 192.168.16.2

Pinging 192.168.16.2 with 32 bytes of data: Reply from 192.168.16.2: bytes=32 time=20ms TTL=254 Reply from 192.168.16.2: bytes=32 time=20ms TTL=254 Reply from 192.168.16.2: bytes=32 time=20ms TTL=254 Reply from 192.168.16.2: bytes=32 time=20ms TTL=254 Ping statistics for 192.168.16.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 20ms, Average = 20ms If the ping was not success ful, check routing table to make sure static routes are entered correctly. Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Tel: 5867776-5837968

Lab-15: Gateway of Last Resort
Objective
Configure RIP routing and add default routes (gateways) to the routers. Remove RIP and the default routes. Configure IGRP routing and add default routes (gateways) to the routers.
This lab shows the purpose of the gateway of last resort, also known as the default gateway. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, and 2600 routers, or a combination may be used. Start a HyperTerminal session.
Step 1 Configure the routers

On the routers, enter the global configuration mode and configure the hostname as shown in chart. Then configure the console, virtual terminal and enable passwords.
Step 2 Configure hosts with the proper IP address, subnet mask and default gateway Step 3 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the hos t attached to GAD, is it possible to ping the BHM router FastEthernet interface? __________________________________________________________________________ From the hos t attached to BHM, is it possible to ping the GAD router FastEthernet interface? __________________________________________________________________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 4 Make sure that routing updates are being sent

Type the command debug ip rip and the privileged exec mode prompt. Wait for at least 45 seconds. Was there any output from the debug command? __________________________________ What did the output display? _________________________________________________ Type undebug all to turn off debugging.
Step 5 Show the routing tables for each router

Examine the routing table entries, by using show ip route command on each router. What are the entries in the GAD routing table? __________________________________________________________________________

What are the entries in the BHM routing table? __________________________________________________________________________
Step 6 Add the default route to the BHM router

Enter the command ip route 0.0.0.0 0.0.0.0 172.17.0.1 at the configuration mode prompt. Type show ip route at the privileged exec mode. What is the Gateway of last resort listed? ________________________________________ What does the gateway of last resort mean? ______________________________________
Step 7 Add the default route to the GAD router

Enter the command ip route 0.0.0.0 0.0.0.0 172.17.0.2 at the configuration prompt. Type show ip route at the privileged exec mode. What is the Gateway of last resort listed? ________________________________________ Are there any other new entries in the routing table? ________________________________
Step 8 Remove RIP routing from both routers

To remove RIP routing type the no router rip command at the configuration mode prompt. Then ping the FastEthernet 0 interface on the GAD router from the BHM router. What were the results of the ping? _____________________________________________ Why was the ping successful? ________________________________________________
Step 9 Remove the default route from just the GAD router
Remove the gateway of last resort on the GAD router by typing the no ip route 0.0.0.0 0.0.0.0 172.17.0.2 at the configuration mode prompt on the GAD router. Type show ip route at the privileged exec mode. What is the Gateway of last resort listed? ________________________________________ Why is the gateway gone? ___________________________________________________ Ping the FastEthernet 0 interface on the GAD router from the BHM router. What were the results of the ping? _____________________________________________ Why was the ping successful? ________________________________________________ Ping the FastEthernet 0 interface on the BHM router from the GAD router. What were the results of the pings? ____________________________________________ Why was the ping unsuccessful? ______________________________________________ Remove the gateway of last resort from the BHM router.
Step 10 Remove RIP routing from the routers and use IGRP instead
Remove the RIP routing by using the no form of the RIP routing command. Then set up IGRP routing using 30 as the AS number. Remember to wait for the routes to propagate to the other router. Check the new routing protocol by typing show ip route at the privileged exec mode prompt. There should be two connected and IGRP route in the listing.
Step 11 Enter a default network entry on the BHM router

Enter the command ip default-network 172.17.0.0 at the configuration mode prompt Type the show ip route command at the privileged exec mode. Is there a default route listed? ________________________________________________
Tel: 5867776-5837968

Lab-16: Configuring RIP
Objective
Setup an IP addressing scheme using class B networks. Configure the RIP dynamic routing protocol on routers.
Setup a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.

From the global configuration mode, configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords.
Step 2 Check the routing table entries

Using the command show ip route, view the IP routing table for GAD. GAD>show ip route output eliminated Gateway of last resort is not set C 172.16.0.0/24 is directly connected, FastEthernet0 C 172.17.0.0/24 is directly connected, Serial0 Using the command show ip route, view the IP routing table for BHM. BHM>show ip route output eliminated Gateway of last resort is not set C 172.17.0.0/24 is directly connected, Serial0 C 172.18.0.0/24 is directly connected, FastEthernet0
Step 3 Configure the routing protocol on the Gadsden router

From the global configuration mode, enter the following: GAD(config)#router rip GAD(config-router)#network 172.16.0.0
Tel: 5867776-5837968

GAD(config-router)#network 172.17.0.0 GAD(config-router)#exit
Step 4 Save the Gadsden router configuration

GAD#copy running-config startup-config
Step 5 Configure the routing protocol on the Birmingham router

From the global configuration mode, enter the following: BHM(config)#router rip BHM(config-router)#network 172.17.0.0 BHM(config-router)#network 172.18.0.0 BHM(config-router)#exit BHM(config)#exit
Step 6 Save the Birmingham router configuration

BHM#copy running-config startup-config
Step 7 Configure hosts with the proper IP address, subnet mask and default gateway Step 8 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to GAD, is it possible to ping the BHM router FastEthernet interface? _________________________________________________________________ From the host attached to BHM, is it possible to ping the GAD router FastEthernet interface? _________________________________________________________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.

From the enable or privileged EXEC mode, examine the routing table entries using the show ip route command on each router. What are the entries in the GAD routing table? ______________________________________________________________________ What are the entries in the BHM routing table? ______________________________________________________________________ Upon completion of the previous steps, log off by typing exit and turn the router off.
Erasing and reloading the router As done previously.
Tel: 5867776-5837968

Lab-17: Converting RIP v1 to RIP v2
Objective
Configure RIP v1 on routers. Convert to RIP v2 on routers.
Cable a network similar to the shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500 and 2600 or any such combination can be used. Start a HyperTerminal session.

On the routers, configure the hostnames as well as the console, virtual terminal, and enable passwords. Next configure the serial IP address and clock rate and the Fast Ethernet IP address interfaces. Finally configure IP host names.

Go to proper command mode and configure RIP routing on the Gadsden router according to chart.

Any time that changes are correctly made to the running configuration, they should be saved to the startup configuration. Otherwise, if the router is reloaded or power cycled, the changes that are not saved in the startup configuration will be lost.

Go to proper command mode and configure RIP routing on the Birmingham router according to chart.
Step 5 Save the Birmingham router configuration Step 6 Configure hosts with the proper IP address, subnet mask, and default gateway Step 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to GAD, ping the other host attached to the BHM router. Was the ping successful? ___________________________________________________________ From the host attached to BHM, ping the other host attached to the GAD router. Was the ping successful? ___________________________________________________________

If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 8 Enable RIP version 2 routing

Enable version 2 of the RIP routing protocol on both of the routers Gadsden and Birmingham. GAD(config)#router rip GAD(config-router)#version 2 GAD(config-router)#exit GAD(config)#exit BHM(config)#router rip BHM(config-router)#version 2 BHM(config-router)#exit BHM(config)#exit
Step 9 Ping all of the interfaces on the network from each host
Were all of the interfaces still able to be pinged? ___________________________________ If not, troubleshoot the network and ping again. Once the previous steps are completed, logoff by typing exit, and turn the router off. Then remove and store the cables and adapter.
Tel: 5867776-5837968

Lab-18: Configuring IGRP
Objective
Setup IP an addressing scheme using class C network s. Configure IGRP on routers.
Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, and 2600 routers, or a combination, may be used. Start a HyperTerminal session.

On the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords.

Configure IGRP using AS 101 on GAD. Go to the proper command mode and enter the following: GAD(config)#router igrp 101 GAD(config-router)#network 192.168.22.0 GAD(config-router)#network 192.168.20.0


Configure IGRP using AS 101 on BHM. Go to the proper command mode and enter the following: BHM(config)#router igrp 101 BHM(config-router)#network 192.168.25.0 BHM(config-router)#network 192.168.22.0

BHM#copy running-config startup-config
Step 6 Configure hosts with the proper IP address, subnet mask and default gateway Step 7 Verify that the internetwork is functioning by pinging the FastEthernet

interface of the other router

From the hos t attached to GAD, is it possible to ping the BHM host? ____________________ From the hos t attached to BHM, is it possible to ping the GAD host? ____________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.

From the enable or privileged exec mode do the following: Examine the routing table entries by using the show ip route command on each router. What are the entries in the GAD routing table? _______________________________________________________________________________ ______________________________________________________________________________ _ _______________________________________________________________________________ What are the entries in the BHM routing table? _______________________________________________________________________________ _______________________________________________________________________________ ______________________________________________________________________________
Step 9 Verify the routing protocol

Type show ip protocol on both routers to verify IGRP is running and that it is the only protocol running. Is IGRP the only protocol running on GAD? ______________________________________ Is IGRP the only Protocol running on BHM? ______________________________________
Step 10 Verify IGRP statements in the running configuration of both routers

Use the show run | begin igrp command on both routers. List the IGRP part of the configuration for GAD: __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________
Step 11 Verify IGRP routing updates

Type debug ip igrp events on the GAD router at the privileged exec mode. Are routing updates being displayed? ___________________________________________ Where are the updates being sent to? ___________________________________________ Where are the updates being received from? _____________________________________ Turn off debugging.
Step 12 Verify IGRP routing updates

Type debug ip igrp transactions on the GAD router at the privileged exec mode. How are the outputs of these two debug commands debug ip igrp events and debug ip igrp transactions different? __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ Turn off debugging.
Step 13 Analyze specific routes

Type show ip route 192.168.25.0 on the GAD router at the privileged exec mode What is the total delay for this route? ___________________________________________

What is the minimum bandwidth? ______________________________________________ What is the Reliability of this route? ____________________________________________ What is the minimum MTU size for this route? _____________________________________ Type show ip route for another network address on the router. What is the total delay for this route? ______________________________________________ What is the minimum bandwidth? ________________________________________________ What is the Reliability of this route? ______________________________________________ What is the minimum MTU size for this route? ______________________________________ Upon completion of the previous steps, log off by typing exit and turn the router off.

As done previously.
Tel: 5867776-5837968

Lab-19: Default Routing with RIP and IGRP
Objective
Configure a default route and use RIP to propagate this default information to other routers. Migrate the network from RIP to IGRP. Configure default routing to work with IGRP
In this lab, a default route will be configured and RIP used to propagate this default information to other routers. When this configuration is working properly, the network will be migrated from RIP to IGRP and default routing will be configured to work with that protocol as well. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the hostname and passwords on the routers

On the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords.
Step 2 Configure hosts with the proper IP address, subnet mask and default gateway
Test the configuration by pinging all interfaces from each host. If the pinging is not successful, troubleshoot the configuration.
Step 3 Check Basic Routing Configuration

Enter show ip protocol command on each router. In the configuration, is Router RIP displayed? ________________________________________

To verify connectivity of the network just setup, ping all interfaces from each of the attached hosts. If all interfaces can not be pinged, correct the configuration until all interfaces can be pinged.
Tel: 5867776-5837968

Step 5 Configure Centre as the connection to the Internet Service Provider (ISP)
Configure Centre to simulate the exis tence of an outside network. The link between the company and its ISP is simulated by configuring a loopback interface with an IP address. Enter the following commands on the Centre router: Centre(config)#interface loopback0 Centre(config-if)#ip address 172.16.1.1 255.255.255.255 Note: If 172.16.1.1 is pinged from the Centre console, the loopback interface replies. From the Boaz console, attempt to ping 172.16.1.1. This ping should fail because the 172.16.0.0/16 network is not in the Boaz routing table. If no default route exists, what does a router do with a pack et destined for a network that is not in its table? _____________________________________________________________________
Step 6 Setup up a default route on the Centre router

A default route must be c reated on the Centre router pointed at the simulated ISP. Issue the following command on the Centre router in the configuration mode. Centre(config)#ip route 0.0.0.0 0.0.0.0 loopback0 This command static ally configures the default route. The default route directs traffic destined for network s that are not in the routing table to the ISP WAN link or loopback 0. Unless IOS version 12.1 is used, RIP automatically propagates statically defined default routes. Therefore, depending on the IOS version, RIP may need to be explicitly configured to propagate this 0.0.0.0/0 route. Enter these commands on the Centre router in the proper command mode: Centre(config)#router rip Centre(config-router)#default-information originate
Step 7 Verify the routing tables

Now check the routing tables of Mobile and Boaz using the show ip route command. Verify that they both have received and installed a route to 0.0.0.0/0 in their tables . On Boaz, what is the metric of this route? ________________________________________ On Mobile, what is the metric of this route? _______________________________________ Mobile and Boaz still do not have routes to 172.16.0.0/16 in their tables. From Boaz, ping 172.16.1.1. This ping should be successful. Why does the ping to 172.16.1.1 work, even though there is no route to 172.16.0.0/16 in the Boaz routing table? _____________________________________________________________ Check to be sure that Mobile can also ping 172.16.1.1. Troubleshoot, if nec essary.
Step 8 Migrate the network from RIP to IGRP

With default routing now work ing, it is necessary to migrate the network from RIP to IGRP for testing purposes. Issue the following command on all three routers : Mobile(config)#no router rip With RIP removed from each routers configuration, configure IGRP on all three routers using AS 24, as shown: Mobile(config)#router igrp 24 Mobile(config-router)#network 192.168.1.0 Mobile(config-router)#network 192.168.5.0 Boaz(config)#router igrp 24 Boaz(config-router)#network 192.168.1.0 Boaz(config-router)#network 192.168.2.0 Boaz(config-router)#network 192.168.4.0

Centre(config)#router igrp 24 Centre(config-router)#network 192.168.2.0 Centre(config-router)#network 192.168.3.0 Use ping and show ip route to verify that IGRP is working properly. Do not worry about the 172.16.1.1 loopback address on Centre yet.
Step 9 Check Centres routing table for the static default route
Check the Centre routing table. The static default route to 0.0.0.0/0 should still be there. To propagate this route with RIP, the default-information originate command was issued. Depending on the IOS version, this might not be necessary. The default-information originate command is not available in an IGRP configuration. Therefore, it may be necessary to use a different method to propagate default information in IGRP. On Centre, issue the following commands: Centre(config)#router igrp 24 Centre(config-router)#network 172.16.0.0 Centre(config-router)#exit Centre(config)#ip default-network 172.16.0.0 These commands configure IGRP to update its neighbor routers about the network 172.16.0.0/16, which includes the simulated ISP link or loopback 0. Not only will IGRP advertise this network, but the ip default-network command also will flag this network as a candidate default route. This will be shown by an asterisk in the routing table. When a network is flagged as a default, that flag stays with the route as it passed from neighbor to neighbor by IGRP. Check the routing tables of Mobile and Boaz. If they do not yet have the 172.16.0.0/16 route with an asterisk, it may be necessary to wait for another IGRP update. This may take up to 90 seconds. Issue the clear ip route * command on all three routers in order to force them to immediately s end new updates. When the 172.16.0.0/16 route appears as a candidate default in all three routing tables, proceed to the next step.
Step 10 Create a second loopback interface on Centre to test the default route
Because the 172.16.0.0/16 network is known explicitly by Mobile and Boaz, it will be necessaryto create a second loopback interface on Centre to test the default route. Issue the followingcommands on Centre: Centre(config)#interface loopback1 Centre(config-if)#ip address 10.0.0.1 255.0.0.0 This loopback interface simulates another external network. Return to Mobile and c heck its routing table using the show ip route command. Is there a route to the 10.0.0.0/8 network? _______________________________________ From Mobile, ping 10.0.0.1. This ping should be successful. If there is no route to 10.0.0.0/8 and no route to 0.0.0.0/0, why does this ping succeed? ______________________________________________________________________________
Tel: 5867776-5837968

Lab-20: Verifying RIP v2 Configuration
Objective
Configure RIP v1 and v2 on routers. Use show commands to verify RIP v2 operation.
Cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used.

On the routers, configure the hostnames as well as the console, virtual terminal, and enable passwords. Next configure the serial interface IP address and clock rate and the Fast Ethernet interface IP address. Finally configure IP host names. . Optional interface descriptions and message of the day banners may also be configured. Be sure to save the configurations just created.

Go to the correct command mode and configure RIP routing on the Gadsden router according to the chart.

Any time that changes are correctly made to the running configuration, they should be saved to the startup configuration. Otherwise, if the router is reloaded or power cycled, the changes that are not saved in the startup configuration will be lost.

Go to the correct command mode and configure RIP routing on the Birmingham router according to the chart.
Step 5 Save the Birmingham router configuration Step 6 Configure hosts with the proper IP address, subnet mask, and default gateway Step 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to the GAD, ping the other host attached to the BHM router. Was the ping successful? ________ From the host attached to the BHM, ping the other host attached to the GAD router. Was the ping
Tel: 5867776-5837968

successful? ________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.

From the enable privileged EXEC mode, examine the routing table entries using command show ip route command on each router. What are the entries in the GAD routing table? __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ What are the entries in the BHM routing table? __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________
Step 9 Enable RIP v2 routing

Enable version 2 of the RIP routing protocol on both of the routers, Gadsden and Birmingham. GAD(config)#router rip GAD(config-router)#version 2 GAD(config-router)#exit GAD(config)#exit BHM(config)#router rip BHM(config-router)#version 2 BHM(config-router)#exit BHM(config)#exit
Step 10 Show the routing tables

Show the routing tables on both routers again. Have they changed now that RIP v2 is now being used instead of RIP v1? ________________ What is the difference between RIP v2 and RIP v1? ________________________________ What must be done in order to see a difference between RIP v2 and RIP v1? __________________________________________________________________________
Step 11 Change the Fast Ethernet IP subnet mask on the Gadsden router
Change the subnet mask on router GAD from a class B (255.255.0.0) to a Class C (255.255.255.0). Use the same IP address. GAD(config)#interface fastethernet 0 GAD(config-if)#ip address 172.16.0.1 255.255.255.0 GAD(config-if)#exit How does this change affect the address for the FastEthernet interface? __________________________________________________________________________
Step 12 Show the GAD routing table

Show the GAD routing table. Has the output changed with the addition of a subnetted IP address? ________________ How has it changed? _______________________________________________________
Step 13 Show the BHM routing table

Show the BHM routing table. Has the output changed with the addition of a subnetted IP address? _____________

Step 14 Change the network addressing scheme

Change the addressing scheme of the network to a single c lass B network with a class C subnet (8-bits of subnetting). On the BHM router: BHM(config)#interface serial 0 BHM(config-if)#ip address 172.16.1.2 255.255.255.0 BHM(config-if)#exit BHM(config)#interface fastethernet 0 BHM(config-if)#ip address 172.16.3.1 255.255.255.0 BHM(config-if)#exit BHM(config)#exit On the GAD router: GAD(config)#interface serial 0 GAD(config-if)#ip address 172.16.1.1 255.255.255.0 GAD(config-if)#exit
Step 15 Show the routing table

Show the GAD routing table. Has the output changed with the addition of subnetted IP addresses? ________________ How has it changed? _______________________________________________________

Show the BHM routing table. Has the output changed with the addition of a subnetted IP address? ________________
Step 17 Change the host configurations

Change the host configuration to reflect the new IP addressing scheme of the network
Step 18 Ping all of the interfaces on the network from each host
Were all of the interfaces still able to be pinged? __________________________________ If not, troubleshoot the network and ping again.
Step 19 Use show ip route to see different routes by type

Enter show ip route connected on the GAD router. What networks are displayed? ________________________________________________ What interface is directly connected? ___________________________________________ Enter show ip route rip List the routes listed in the routing table? _________________________________________ What is the administrative distance? ____________________________________________ Enter show ip route connected on the BHM router. What networks are displayed? ________________________________________________ What interface is directly connected? ___________________________________________ Enter show ip route rip List the routes listed in the routing table? _________________________________________
Step 20 Use the show IP protocol command

Enter show ip protocol on the GAD router. When will the routes be flushed? ______________________________________________ What is the default distance listed for RIP? _______________________________________
Step 21 Remove the version 2 option

Remove the version 2 option on the RIP configuration for both routers.


Show the GAD routing table. Has the output changed now that version 2 of RIP was removed? ______________________

Show the BHM routing table. Has the output changed now that version 2 of RIP was removed? ______________________ Once the previous steps are completed, log off by typing exit, and turn the router off. Then remove and store the cables and adapter.
Tel: 5867776-5837968

Lab-21: Troubleshooting RIP
Objective
Set up an IP addressing scheme using class B networks. Configure RIP on routers. Observe routing activity using the debug ip rip command. Examine routes using the show ip route command.
Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session as performed in the Establishing a HyperTerminal session lab.

On the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords according to the chart.
Step 2 Configure the hosts with the proper IP address, subnet mask and default gateway Step 3 Make sure that routing updates are being sent
Type command debug ip rip and the privileged EXEC mode prompt. Wait for at least 45 seconds. Was there any output from the debug command? __________________________________ What did the output show ? __________________________________________________ To turn off specific debug commands type the no option, for example no debug ip rip events. To turn off all debug commands type undebug all.

From the enable or privileged EXEC mode, examine the routing table entries, using show ip route command on each router. What are the entries in the GAD routing table? __________________________________________________________________________ What are the entries in the BHM routing table? __________________________________________________________________________
Tel: 5867776-5837968

Step 5 Show the RIP routing table entries for each router
Enter show ip route rip List the routes listed in the routing table? _________________________________________ What is the administrative distance? ____________________________________________
Step 6 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to GAD, is it possible to ping the BHM router FastEthernet interface? __________________________________________________________________________ From the host attached to BHM, is it possible to ping the GAD router FastEthernet interface? __________________________________________________________________________ If the answer is no for either question, troubleshoot the router configurations using show ip route to find the error. Also check the workstation IP settings. Then do the pings again until the answer to both questions is yes. Upon completion of the previous steps, log off by typing exit and turn the router off.

As done Previously
Tel: 5867776-5837968

Lab-22: Unequal Cost Load Balancing with IGRP
Objective
Observe unequal-cost load balancing. Tune IGRP networks by using advanced debug commands.
In this lab, a default route will be configured and RIP used to propagate this default information to other routers. When this configuration is working properly, the network will be migrated from RIP to IGRP and default routing will be configured to work with that protocol as well. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the hostname and passwords on the routers

On the routers, enter the global configuration mode and configure the hostname Finally configure IGRP routing on the routers using the Autonomous System (AS) of 34.
Step 2 Configure bandwidth on the Madison router interfaces

In order to make unequal cost load balancing to work, it is necessary need to establish different metrics for the IGRP routes. This is done with the bandwidth command. The serial 0 interface will be set to a bandwidth of 56K and the serial 1 interface will be set to a value of 384K. The route-cache must also be turned off for load balancing. Both serial interfaces must use process switching. Process switching forces the router to look in the routing table for the destination network of each routed packet. In contras t fast-switching, which is the default, stores the initial table lookup in a high-speed cache and uses the info to route packets to the same destination. Enter the following statements on the Madison router: MAD(config)#interface serial 0/0 MAD(config-if)#bandwidth 56 MAD(config-if)#no ip route-cache MAD(config-if)#interface serial 0/1
Tel: 5867776-5837968

MAD(config-if)#bandwidth 384 MAD(config-if)#no ip route-cache Because the IGRP metric includes bandwidth in its calculation, bandwidth must be manually configured on the serial interfaces in order too ensure accuracy. For the purposes of this lab, the alternative paths to network 192.168.41.0 from the Madison router are not of unequal cost until the appropriate bandwidths are set. Use the show interface command output to verify the correct bandwidth settings and the show ip interface command to ensure that fast switching is disabled. Can the bandwidth of Ethernet interfaces be set manually? _______________________________
Test the configuration by pinging all interfaces from each host. If the pinging is not successful, troubleshoot the configuration.
Step 4 Use the variance command to configure unequal-cost load balancing

The variance value determines whether IGRP will accept unequal-cost routes. An IGRP router will only accept routes equal to the loc al best metric for the destination multiplied by the variance value. So if the local best metric of an IGRP router for a network is 10476, and the variance is 3, the router will accept unequal-cost routes with any metric up to 31428 or 10,476 x 3. This is as long as the advertising router is closer to the destination. An IGRP router accepts only up to four paths to the same network Note: An alternate route is added to the route table only if the next-hop router in that path is closer to the destination (has a lower metric value) than the current route. By default, IGRP variance is set to 1, which means that only routes that are exactly 1 times the local best metric are installed. Therefore, a variance of 1 disables unequal-cost load balancing. Configure the Madison router to enable unequal-cost load balancing using the following commands: MAD(config)#router igrp 34 MAD(config-router)#variance 10 According to the help feature, what is the maximum variance value? _______________________ Check the Madison routing table. It should have two routes to network 192.168.33.0 with unequal metrics. What is the IGRP metric for the route to 192.168.33.0 through serial 0? ______________________ What is the IGRP metric for the route to 192.168.33.0 through serial 1? ______________________
Step 5 Check Basic Routing Configuration

Enter show ip protocol command on each router. Enter the command show ip route on both routers. List how the route is connected (directly, IGRP), the IP address and via through what network . There should be four routes in each table. Circle the evidence of load balancing in the above output.
Step 6 Verify per-packet load balancing

Because there are two routes to the destination network , half the packets will be sent along one path, and half will travel over the other. The path selection alternates with each packet received. Observe this process by using the debug ip packet command on the Madison router. Send a 30 ping packets across the network from the host attached to Milwaukee router to the host attached to the Madison router

Examine and record part of the debug output. What is the evidence of load balancing in the output? ____________________________________
Step 7 Verify per-destination load balancing

After verifying per-packet load balancing, configure the router to use per-destination load balancing. Both serial interfaces must use fast switching s o that the route-cache can be used after the initial table lookup. Use the command ip route-cache on both serial interfaces of the Madison router. Use the show ip interface to verify that fast switching is enabled. Is fast switching enabled? ________________________________________________________ The routing table is consulted only once per destination. Therefore, packets that are part of a packet train to a specific host will all follow the same path. Only when a second destination forces another table lookup or when the cached entry expires will the alternate path be used. Use the debug ip packet command and ping across the network. Note which serial interface the packet was sent out on. Use the debug ip packet command and ping across the network. Note which serial interface the packet was sent out on. Examine and record part of the debug output. Which serial interface was the packet sent out on? ________________________________________ Upon completion of the previous steps, log off by typing exit and turn the router off.
Tel: 5867776-5837968

Lab-23:Configuring EIGRP Routing
Objective
Setup an IP addressing scheme for the network . Configure and verify Enhanced Interior Gateway Routing Protocol (EIGRP) routing.
Cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used. Start a HyperTerminal session.

On the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Next configure the interfaces according to the chart. Finally, configure the IP hostnames. Do not configure the routing protocol until specifically told to
Step 2 Save the configuration information from the privileged EXEC command mode
Paris#copy running-config startup-config Destination filename [startup-config]? [Enter]
Each workstation should be able to ping the attached router. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start > Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window. At this point the workstations will not be able to communicate with each other. The following steps will demonstrate the process required to get communication working using EIGRP as the routing protocol.
Step 4 View the routers configuration and interface information

At the privileged EXEC mode prompt type: Paris#show running-config
Tel: 5867776-5837968

Using the show ip interface brief command, check the status of each interface. What is the state of the interfaces on each router? Paris: FastEthernet 0: ______________________________________________________ Serial 0: ____________________________________________________________ Warsaw: FastEthernet 0: ______________________________________________________ Serial 0: ____________________________________________________________ Ping from one of the connected serial interfaces to the other. Was the ping suc cessful? ___________________________________________________ If the ping was not successful, troubleshoot the routers configuration, until the ping is successful.
Step 5 Configure EIGRP routing on router Paris

Enable the EIGRP routing process on Paris, and configure the networks it will advertise. Use EIGRP autonomous system number 101. Paris(config)#router eigrp 101 Paris(config-router)#network 192.168.3.0 Paris(config-router)#network 192.168.2.0 Paris(config-router)#network 192.168.0.0 Paris(config-router)#end Show the routing table for the Paris router. Paris#show ip route Are there any entries in the routing table? _____________________________________ Why? __________________________________________________________________
Step 6 Configure EIGRP routing on router Warsaw

Enable the EIGRP routing process on Warsaw, and configure the networks it will advertis e. Use EIGRP autonomous system number 101. Warsaw(config)#router eigrp 101 Warsaw(config-router)#network 192.168.2.0 Warsaw(config-router)#network 192.168.1.0 Warsaw(config-router)#end Show the routing table for the Warsaw router. Warsaw#show ip route
Step 7 Test network connectivity

Ping the Paris host from the Warsaw host. Was it successful? ____________________________
Tel: 5867776-5837968

Lab-24: Configuring the OSPF Routing Process
Objective
Setup an IP addressing scheme for OSPF area 0. Configure and verify Open Shortest Path First (OSPF) routing.

On the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Next configure the interfaces according to the chart. Finally, configure the IP hostnames. Do not configure the routing protocol until specifically told to.
BERLIN#copy running-config startup-config Destination filename [startup-config]? [Enter] Why save the running configuration to the startup configuration? __________________________________________________________________________ __________________________________________________________________________
Step 3 Configure the hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start >Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window. At this point the workstations will not be able to communicate with each other. The following steps will demonstrate the process required to get communication working using OSPF as the routing protocol.


At the privileged EXEC mode prompt type: Berlin#show running-config Using the show ip interface brief command, check the status of each interface. What is the state of the interfaces on each router? Berlin: FastEthernet 0: _____________________________________________ Serial 0: ___________________________________________________ Serial 1: ___________________________________________________ Rome: FastEthernet 0: _____________________________________________ Serial 0: ___________________________________________________ Ping from one of the connected serial interfaces to the other. Was the ping successful? __________________________________________ If the ping was not successful, troubleshoot the router configuration, until the ping is successful.
Step 5 Configure OSPF routing on router Berlin

Configure an OSPF routing process on router Berlin. Use OSPF process number 1 and ensure all networks are in area 0. Berlin(config)#router ospf 1 Berlin(config-router)#network 192.168.1.128 0.0.0.63 area 0 Berlin(config-router)#network 192.168.15.0 0.0.0.3 area 0 Berlin(config-router)#end Examine the routers running configurations files. Did the IOS version automatically add any lines under router OSPF 1? _______________ If so, what did it add? _________________________________________________ If there were no changes to the running configuration, type the following commands: Berlin(config)#router ospf 1 Berlin(config-router)#log-adjacency-changes Berlin(config-router)#end Show the routing table for the Berlin router. Berlin#show ip route Are there any entries in the routing table? __________________________ Why? _______________________________________________________
Step 6 Configure OSPF routing on router Rome

Configure an OSPF routing process on each router Rome. Use OSPF process number 1 and ensure all networks are in area 0. Rome(config)#router ospf 1 Rome(config-router)#network 192.168.0.0 0.0.0.255 area 0 Rome(config-router)#network 192.168.15.0 0.0.0.3 area 0 Rome(config-router)#end Examine the Rome running configuration files. Did the IOS version automatically add any lines under router OSPF 1? _______________ If so, what did it add? _________________________________________________

If there were no changes to the running configuration, type the following commands: Rome(config)#router ospf 2 Rome(config-router)#log-adjacency-changes Rome(config-router)#end Show the routing table for the Rome router: Rome#show ip route Are there any OSPF entries in the routing table now? __________________________ What is the metric value of the OSPF route? _________________________________ What is the VIA address in the OSPF route? _________________________________ Are routes to all networks shown in the routing table? __________________________ What does the O mean in the first column of the routing table? ___________________

Ping the Berlin host from the Rome host. Was it succ essful? ___________________ If not troubleshoot as necessary. Once the previous steps are completed, log off by typing exit, and turn the router off. Then remove and store the cables and adapter.
Tel: 5867776-5837968

Lab-25: Configuring OSPF with Loopback Addresses
Objective
Configure routers with a Class C IP addressing scheme. Observe the election process for designated routers (DR) and back up designated routers (BDR) on the multiaccess network. Configure loopback addresses for Open Shortest Path First (OSPF) stability. Assign each OSPF interface a priority to force the election of a specific router as DR.

On the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Next configure the interfaces according and the IP hostnamesDo not configure loopback interfaces and routing protocol yet.
Step 2 Save the configuration information for all the routers

Why save the running configuration to the startup configuration? __________________________________________________________________________
Each workstation should be able to ping all of the attached routers. That is because they are all part of the same subnetwork. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start > Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window.

Tel: 5867776-5837968

At the privileged EXEC mode prompt type: show running-config Using the show ip interface brief command, check the status of each interface. What is the state of the interfaces on each router? London: FastEthernet 0: _______________________________________________________ Serial 0: _____________________________________________________________ Serial 1: _____________________________________________________________ Loopback0: __________________________________________________________ Ottawa: FastEthernet 0: _______________________________________________________ Serial 0: _____________________________________________________________ Serial 1: _____________________________________________________________ Loopback0: __________________________________________________________ Brasilia: FastEthernet 0: _______________________________________________________ Serial 0: _____________________________________________________________ Serial 1: _____________________________________________________________ Loopback0: __________________________________________________________
Step 5 Verify connectivity of the routers

Ping all of the connected FastEthernet interfaces from each other. Were the pings successful? __________________________________________________ If the pings were not succ essful, troubleshoot the router configuration, until the ping is successful.
Step 6 Configure OSPF routing on router London

Configure an OSPF routing process on the router London. Use OSPF process number 1 and ensure all networks are in area 0. London(config)#router ospf 1 London(config-router)#network 192.168.1.0 0.0.0.255 area 0 London(config-router)#end Examine the London router running configuration file. Did the IOS version automatically add any lines under router OSPF 1? ___________________ If there were no changes to the running configuration, type the following commands. London(config)#router ospf 1 London(config-router)#log-adjacency-changes London(config-router)#end Show the routing table for router: London#show ip route Are there any entries in the routing table? ___________________ Why? __________________________________________________________________
Step 7 Configure OSPF routing on router Ottawa

Configure an OSPF routing process on the router Ottawa. Use OSPF process number 1 and ensure all networks are in area 0. Ottawa(config)#router ospf 1 Ottawa(config-router)#network 192.168.1.0 0.0.0.255 area 0 Ottawa(config-router)#end

Examine the Ottawa running configuration file. Did the IOS version automatically add any lines under router OSPF 1? ___________________ If there were no changes to the running configuration, type the following commands. Ottawa(config)#router ospf 1 Ottawa(config-router)#log-adjacency-changes Ottawa(config-router)#end
Step 8 Configure OSPF routing on router Brasilia

Configure an OSPF routing process on the router Brasilia. Use OSPF process number 1 and ensure all networks are in area 0. Brasilia(config)#router ospf 1 Brasilia(config-router)#network 192.168.1.0 0.0.0.255 area 0 Brasilia(config-router)#end Examine the Brasilia router running configuration file. Did the IOS version automatically add any lines under router OSPF 1? ___________________ What did it add? __________________________________________________________ If there were no changes to the running configuration, type the following commands: Brasilia(config)#router ospf 1 Brasilia(config-router)#log-adjacency-changes Brasilia(config-router)#end

Ping the Brasilia router from the London router. Was it successful? ___________________ If not troubleshoot as necessary.
Step 10 Show OSPF adjacencies

Type the command show ip ospf neighbor on all routers to verify that the OSPF routing has formed adjacencies. Is there a designated router identified? __________________________________________ Is there a backup designated router? ___________________________________________ Type the command show ip ospf neighbor detail for more information. What is the neighbor priority of 192.168.1.1 from router Brasilia? _______________________ What interface is Identified as being part of Area 0? _________________________________
Step 11 Configure the loopback interfaces

Configure the loopback interface on each router to allow for an interface that will not go down due to network change or failure. This task is performed by typing interface loopback # at the global configuration mode prompt, where the # represents the number of the loopback interface from 0 -2,147,483,647. London(config)#interface loopback 0 London(config-if)#ip address 192.168.31.11 255.255.255.255 London(config-router)#end Ottawa(config)#interface loopback 0 Ottawa(config-if)#ip address 192.168.31.22 255.255.255.255 Ottawa(config-router)#end Brasilia(config)#interface loopback 0 Brasilia(config-if)#ip address 192.168.31.33 255.255.255.255 Brasilia(config-router)#end
Step 12 Save the configuration information for all the routers


After s aving the configurations on all of the routers, power them down and back up again.
Step 13 Show OSPF adjacencies

Type the command show ip ospf neighbor on all routers to verify that the OSPF routing has formed adjacencies. Is there a designated router identified? __________________________________________ Write down the router ID and link address of the DR. _______________ ________________ Is there a backup designated router? ___________________________________________ Write down the router ID and link address of the BDR. _______________ _______________ What is the third router referred to as? __________________________________________ Write down that Routers ID and link address __________________ __________________ Type the command show ip ospf neighbor detail for more information. What is the neighbor priority of 192.168.1.1 from router Brasilia? _______________________ What interface is Identified as being part of Area 0? _________________________________
Step 14. Verify OSPF interface configuration

Type show ip ospf interface fastethernet 0 on the London router. What is the OSPF state of the interface? _________________________________________ What is the default priority of the interface? _______________________________________ What is the network type of the interface? ________________________________________
Step 15 Configure London to always be the DR

To ensure that London router always becomes the DR for this multi-access segment, the OSPF priority must be set. London is the most powerful router in the network and so best suited to become DR. To as sign the London loopback a higher IP address is not advised, as the numbering system has advantages for troubles hooting. Also London is not to act as DR for all segments to which it may belong. Set the priority of the interface to 50 on the London router only.
Step 16 Watch election process

To watch the OSPF election process restart all of the routers and as soon as the router prompt is available type: Ottawa>enable Ottawa#debug ip ospf events Which router was elected DR? ________________________________________________ Which router was elected BDR? _______________________________________________ Why? __________________________________________________________________ To turn off all debugging type undebug all.
Step 17 Show OSPF Adjacencies

Type the command show ip ospf neighbor on the Ottawa router to verify that the OSPF routing has formed adjac encies. What is the priority of the DR? ________________________________________________ Once the previous steps are completed log off by typing exit, and turn the router off. Then remove and store the cables and adapter.

As done previously.
Tel: 5867776-5837968

Lab-26: Troubleshooting Routing Issues with show ip route/show ip protocols
Objective
Use the show ip route and show ip protocol commands to diagnose a routing configuration problem.
Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the hostname, passwords and interfaces on the Gadsden router
On the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Configure interfaces as shown in the table.

Go to the proper command mode and enter the following: GAD(config)#router rip GAD(config-router)#network 192.168.1.0 GAD(config-router)#network 192.168.2.0 GAD(config-router)#exit GAD(config)#exit

GAD#copy running-config startup-config Destination filename [startup-config]? [Enter]
Step 4 Configure the hostname and passwords on the Birmingham router

On the Birmingham router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Finally, configure the interfaces on each router.

Go to the proper command mode and enter the following: BHM(config)#router rip
Tel: 5867776-5837968

BHM(config-router)#network 192.168.2.0 BHM(config-router)#network 192.168.1.0 BHM(config-router)#exit BHM(config)#exit

BHM#copy running-config startup-config Destination filename [startup-config]? [Enter]
Step 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From GAD, is it possible to ping the BHM router FastEthernet interface? _________________ From BHM, is it possible to ping the GAD router FastEthernet interface? _________________
Step 8 Examine the routing table

After an unsuccessful ping, check the routing table with the show ip route command. From the Gadsden router, type the following: GAD#show ip route Is there a route to the Birmingham Ethernet LAN? _____________________
Step 9 Examine the routing protocol status

After examining the routing tables, it is discovered that there is no route to the Birmingham Ethernet LAN. So use the show ip protocol command to view the routing protocol status. From the Birmingham router, type the following: BHM#show ip protocol What networks is RIP routing? _____________________ _____________________ Are these the correct networks? _____________________
Step 10 Change the configuration to route correct networks

After examining the show ip protocol command results, it is noticed that the network on the Ethernet LAN is not being routed. After examining it further, it is found that there is a network that does not belong has been configured to be advertised. It is decided this is a typo, and it is necessary to correct it. Enter the router RIP configuration mode and make the appropriate changes. From the Birmingham router, type the following: BHM#configure terminal BHM(config)#router rip BHM(config-router)#no network 192.168.1.0 BHM(config-router)#network 192.168.3.0 BHM(config-router)#^Z
Step 11 Confirm RIP is routing the correct networks

Now confirm the new statement corrected the RIP configuration problem. So again type the show ip protocol command to observe what networks are being routed. From the Birmingham router, type the following: BHM#show ip protocol What networks is RIP routing? _____________________ _____________________ Are these the correct networks? _____________________
Step 12 Verify the routing table

Now having confirmed that the configuration problem is corrected, verify that the proper routes are now in the routing table. So again issue the show ip route command to verify that the router now has the proper route.

From the Gadsden router, type the following: GAD#show ip route Is there a route to the Birmingham LAN? _____________________
Step 13 Verify connectivity between Gadsden router and host in Birmingham

Use the ping command to verify connectivity from Gadsden router to a host in Birmingham. From the Gadsden router, type the following: GAD#ping host-ip For example for host with IP Address, type the following: GAD#ping 192.168.3.2 Was the ping successful? _____________________ Upon completion of the previous steps, log off by typing exit and turn the router off.
Tel: 5867776-5837968

Lab-27: Configuring Inter-VLAN Routing
Objective
Create a basic switch configuration and verify it. Create multiple VLANs, name them and assign multiple member ports to them. Create a basic configuration on a router. Create an 802.1q trunk line between the switch and router to allow communication between VLANs. Test the routing func tionality.
When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains. Cable a network similar to the one in the diagram. Start a HyperTerminal session.


Configure the hosts using the following information. For the host in port 0/5: IP address 192.168.5.2 Subnet mask 255.255.255.0 Default gateway 192.168.5.1 For the host in port 0/9: IP address 192.168.7.2 Subnet mask 255.255.255.0 Default gateway 192.168.7.1
Tel: 5867776-5837968


To verify that the host and switch are correctly configured, ping the switch from the hosts. Ping the switch IP address from the hosts. Were the pings successful? __________________________________________________ Why or why not? __________________________________________________

Enter the following commands to create and name two VLANs: Switch_A#vlan database Switch_A(vlan)#vlan 10 name Sales Switch_A(vlan)#vlan 20 name Support Switch_A(vlan)#exit 1900: Switch_A#config terminal Switch_A(config)#vlan 10 name Sales Switch_A(config)#vlan 20 name Support Switch_A(config)#exit
Step 5 Configure VTP protocol

Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/5 to 0/8 to VLAN 10: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/5 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 10 Switch_A(config-if)#interface fastethernet 0/6 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 10 Switch_A(config-if)#interface fastethernet 0/7 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 10 Switch_A(config-if)#interface fastethernet 0/8 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 10 Switch_A(config-if)#end 1900: Switch_A#config terminal Switch_A(config)#interface ethernet 0/5 Switch_A(config-if)vlan static 10 Switch_A(config-if)#interface ethernet 0/6 Switch_A(config-if)vlan static 10 Switch_A(config-if)#interface ethernet 0/7 Switch_A(config-if)vlan static 10 Switch_A(config-if)#interface ethernet 0/8 Switch_A(config-if)vlan static 10 Switch_A(config-if)#end


Enter the following commands to add ports 0/9 to 0/12 to VLAN 20: Switch_A#configure terminal Switch_A(config)#interface fastethernet 0/9 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/10 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet 0/11 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#interface fastethernet0/12 Switch_A(config-if)#switchport mode access Switch_A(config-if)#switchport access vlan 20 Switch_A(config-if)#end 1900: Switch_A#config terminal Switch_A(config)#interface ethernet 0/9 Switch_A(config-if)vlan static 20 Switch_A(config-if)#interface ethernet 0/10 Switch_A(config-if)vlan static 20 Switch_A(config-if)#interface ethernet 0/11 Switch_A(config-if)vlan static 20 Switch_A(config-if)#interface ethernet 0/12 Switch_A(config-if)vlan static 20 Switch_A(config-if)#end

On Switch_A, type the command show vlan at the privileged EXEC prompt as follows: Switch_A#show vlan Are ports assigned correctly? _________________________________________________

On Switch_A, type the following commands at the Fast Ethernet 0/1 interface command prompt. Note that Ethernet 0/1 and the other access ports on a 1900 switch only support 10 Mbps Ethernet and cannot be used as trunk ports. The trunk ports (if pres ent) on a 24-port 1900 are typically Fast Ethernet 0/26 and 0/27. Switch_A(config)#interface fastethernet0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#end 2900: Switch_A(config)#interface fastethernet0/1 Switch_A(config-if)#switchport mode trunk Switch_A(config-if)#switchport trunk encapsulation dot1q Switch_A(config-if)#end 1900: Switch_A#config terminal

Switch_A(config)#interface fastethernet0/26 Switch_A(config-if)#trunk on
Step 9 Configure the router

Configure the router with the following data. Note that, in order to support trunk ing and interVLAN routing, the router must have a Fast Ethernet interface. Hostname is Router_A Console, VTY, and enable passwords are cisco. Enable secret password is class. Then configure the Fast Ethernet interface using the following commands: Note: If working with a 1900 switch, replace the dot1.q_ encapsulation with isl_ in the following router configuration commands. Router_A(config)#interface fastethernet 0/0 Router_A(config-if)#no shutdown Router_A(config-if)#interface fastethernet 0/0.1 Router_A(config-subif)#encapsulation dot1q 1 Router_A(config-subif)#ip address 192.168.1.1 255.255.255.0 Router_A(config-if)#interface fastethernet 0/1.2 Router_A(config-subif)#encapsulation dot1q 10 Router_A(config-subif)#ip address 192.168.5.1 255.255.255.0 Router_A(config-if)#interface fastethernet 0/0.3 Router_A(config-subif)#encapsulation dot1q 20 Router_A(config-subif)#ip address 192.168.7.1 255.255.255.0 Router_A(config-subif)#end
Step 10 Save the router configuration Step 11 Display the router routing table
Type show ip route at the privileged EXEC mode prompt. Are there entries in the routing table? ___________________________________________ What interface are they all pointing to? __________________________________________ Why is there not a need to run a routing protocol? __________________________________

Ping from the host in Switch_A port 0/9 to the host in port 0/5. Was the ping suc cessful? ___________________________________________________ Why? __________________________________________________________________ Ping from the host in Switch_A port 0/5 to the switch IP 192.168.1.2. Was the ping successful? ___________________________________________________
Step 13 Move the hosts

Move the hosts to other VLANs and try pinging the management VLAN 1. Note the results of the pinging. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ Once the steps are complete, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Tel: 5867776-5837968

Lab-28: Configuring DHCP
Objective
Configure a router for Dynamic Host Configuration Protocol (DHCP) to dynamically assign addresses to attached hosts.
Routing between the ISP and the campus router uses a static route between the ISP and the gateway, and a default route between the gateway and the ISP. The ISP connection to the Internet is identified by a loopback address on the ISP router. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers. Conduct the following steps on each router unless specifically instructed otherwise. Start a HyperTerminal session.

Configure all of the following according to the chart: The hostname/ The console The virtual terminal The enable passwords The interfaces

At the privileged EXEC mode prompt, on both routers, type the command copy running-config startup-config.
Step 3 Create a static route

Addresses 199.99.9.32/27 have been allocated for Internet access outside of the company. Use the
Tel: 5867776-5837968

ip route command to create the static route: ISP(config)#ip route 172.16.12.0 255.255.255.0 172.16.1.6 Is the static route in the routing table? ___________________________________________
Step 4 Create a default route

Use the ip route command to add a default route from the campus router to the ISP router. This will provide the mechanism to forward any unknown destination address traffic to the ISP: campus(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.5 Is the static route in the routing table? ___________________________________________
Step 5 Create the DHCP address pool

To configure the campus LAN pool, use the following c ommands: campus(config)#ip dhcp pool campus campus(dhcp-config)#network 172.16.12.0 255.255.255.0 campus(dhcp-config)#default-router 172.16.12.1 campus(dhcp-config)#dns-server 172.16.1.2 campus(dhcp-config)#domain-name foo.com campus(dhcp-config)#netbios-name-server 172.16.1.1
Step 6 Excluding addresses from pool

To exclude addresses from the pool, use the following commands: campus(dhcp-config)#ip dhcp excluded-address 172.16.12.1 172.16.12.10
Step 7 Verifying DHCP Operation

At each workstation on the directly connected subnet configure the TCP/IP properties so the workstation will obtain an IP address and Domain Name Sys tem (DNS) server address from the DHCP server. After changing and saving the configuration, reboot the workstation. To confirm the TCP/IP configuration information on each host use Start > Run > winipcfg. If running Windows 2000, check using ipconfig in a DOS window. What IP address was assigned to the workstation? _________________________________ What other information was automatically assigned? ________________________ ________________________ ________________________ When was the lease obtained? ________________________________________________ When will the lease expire? __________________________________________________
Step 8 View DHCP bindings

From the campus router, the bindings for the hosts can be seen. To see the bindings, use the command show ip dhcp binding at the privileged EXEC mode prompt. What were the IP addresses assigned? _________________________________________ What are the three other fields listed in the output? ________________________ ________________________ ________________________ Upon completion of the previous steps finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Tel: 5867776-5837968

Lab-29: Configuring PPP Encapsulation
Objective
Configure the serial interfaces on two routers with the PPP protocol. Test the link for connectivity.
Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.

Configure all of the following according to the chart: The hostname / The console The virtual terminal The enable passwords
Step 2 Configure the Dublin interface as shown

Configure the Dublin router serial interface as follows: Dublin(config)#interface serial 0 Dublin(config-if)#ip address 192.168.15.2 255.255.255.0 Dublin(config-if)#no shutdown Dublin(config-if)#exit Dublin(config)#exit
Step 3 Configure the Washington interface as shown

Configure the Washington router serial interface as follows: Washington(config)#interface serial 0 Washington(config-if)#ip address 192.168.15.1 255.255.255.0 Washington(config-if)#clockrate 64000 Washington(config-if)#no shutdown Washington(config-if)#exit Washington(config)#exit

Tel: 5867776-5837968

Washington#copy running-config startup-config Dublin#copy running-config startup-config
Step 5 Enter the command show interface serial 0 on Washington

Washington#show interface serial 0 This will show the details of interface serial 0. Serial 0 is _____________, line protocol is_____________. Internet addres s is _____________________. Encapsulation _________________________
Step 6 Enter the command show interface serial 0 on Dublin

Dublin#show interface serial 0 This will show the details of interface serial 0. Serial 0 is _____________, line protocol is_____________. Internet addres s is _______________. Encapsulation ___________________
Step 7 Change the encapsulation type

Change the encapsulation type to PPP by typing encapsulation ppp at the interface serial 0 configuration mode prompt on both routers. Washington(config-if)#encapsulation ppp Dublin(config-if)#encapsulation ppp
Step 8 Enter the command show interface serial 0 on Washington

Washington#show interface serial 0 Encapsulation ___________________
Step 9 Enter the command show interface serial 0 on Dublin

Dublin#show interface serial 0 Encapsulation ___________________
Step 10 Verify that the serial connection is functioning by pinging the serial interface of the other router
Washington#ping 192.168.15.2 Dublin#ping 192.168.15.1 Can the serial interface on the Dublin router be pinged from Washington? ________________ Can the serial interface on the Washington router be pinged from Dublin? ________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes. Upon completion of the previous steps, finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Tel: 5867776-5837968

Lab-30: Configuring PPP Authentication
Objective
Configure PPP authentication using CHAP on two routers .
Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.

Step 2 Configure the Tokyo interface as shown

Configure the Tokyo router serial interface as follows: Tokyo(config)#interface serial 0 Tokyo(config-if)#ip address 192.168.15.2 255.255.255.0 Tokyo(config-if)#encapsulation ppp Tokyo(config-if)#no shutdown Tokyo(config-if)#exit Tokyo(config)#exit
Step 3 Configure the Madrid interface as shown

Configure the Madrid router serial interface as follows: Madrid(config)#interface serial 0 Madrid(config-if)#ip address 192.168.15.1 255.255.255.0 Madrid(config-if)#clockrate 64000 Madrid(config-if)#encapsulation ppp Madrid(config-if)#no shutdown Madrid(config-if)#exit Madrid(config)#exit
Tel: 5867776-5837968


Madrid#copy running-config startup-config Tokyo#copy running-config startup-config
Step 5 Enter the command show interface serial 0 on Madrid

Madrid#show interface serial 0 Encapsulation _______________________
Step 6 Enter the command show interface serial 0 on Tokyo

Tokyo#show interface serial 0 Encapsulation _______________________
Madrid#ping 192.168.15.2 Tokyo#ping 192.168.15.1 If the pings are unsucces sful, troubleshoot the router c onfigurations to find the error. Then do the pings again until both pings are successful.
Step 8 Configure PPP authentication

Configure usernames and password on the Madrid router. The passwords must be the same on both routers. The username must reflect the other routers hostname exactly. The password and user names are case sensitive: Madrid(config)#username Tokyo password cisco Madrid(config)#interface serial 0 Madrid(config-if)#ppp authentication chap
Step 9 Verify that the serial connection is functioning

Verify that the serial connection is functioning by pinging the serial interface of the other router: Madrid#ping 192.168.15.2 Is the ping successful? _____________________________________________________ Why? __________________________________________________________________
Step 10 Configure PPP authentication

Configure usernames and password on the Tokyo router. The pas swords must be the same on both routers. The username must reflect the other routers hostname exactly. The password and user names are case sensitive: Tokyo(config)#username Madrid password cisco Tokyo(config)#interface serial 0 Tokyo(config-if)#ppp authentication chap

Verify that the serial connection is functioning by pinging the serial interface of the other router: Tokyo#ping 192.168.15.1 Is the ping successful? _____________________________________________________ Why? __________________________________________________________________
Tel: 5867776-5837968

Lab-31: Verifying PPP Configuration
Objective
Configure a serial interface on two routers with the PPP protocol. Verify and test the link for connectivity.
Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.

Step 2 Configure the Warsaw interface as shown

Configure the Warsaw router serial interface as follows: Warsaw(config)#interface serial 0 Warsaw(config-if)#ip address 192.168.15.2 255.255.255.0 Warsaw(config-if)#no shutdown Warsaw(config-if)#exit Warsaw(config)#exit
Step 3 Configure the Brasilia interface as shown

Configure the Brasilia router serial interface as follows : Brasilia(config)#interface serial 0 Brasilia(config-if)#ip address 192.168.15.1 255.255.255.0 Brasilia(config-if)#clockrate 64000 Brasilia(config-if)#no shutdown Brasilia(config-if)#exit Brasilia(config)#exit


Brasilia#copy running-config startup-config Warsaw#copy running-config startup-config
Step 5 Enter the command show interface serial 0 on Brasilia

Brasilia#show interface serial 0 This will show the details of interface serial 0. Encapsulation _______________________
Step 6 Enter the command show interface serial 0 on Warsaw

Warsaw#show interface serial 0 This will show the details of interface serial 0. Encapsulation _______________________
Step 7 Turn on PPP debugging

Turn on the PPP debug function on both routers by typing debug ppp tasks at the privileged EXEC mode prompt. Note: For the 2600 router, use the command debug ppp tasks.
Step 8 Change the encapsulation type

Change the encapsulation type to PPP by typing encapsulation ppp at the interface serial 0 configuration mode prompt on both routers. Brasilia(config-if)#encapsulation ppp Warsaw(config-if)#encapsulation ppp What did the debug function report when the PPP encapsulation was applied to each router? __________________________________________________________________________ Turn off the debug function by typing undebug all at the privileged EXEC mode prompt.
Step 9 Enter the command show interface serial 0 on Brasilia

Brasilia#show interface serial 0
Step 10 Enter the command show interface serial 0 on Warsaw

Warsaw#show interface serial 0

Ping the other router to verify that there is connectivity between the two routers. Brasilia#ping 192.168.15.2 Warsaw#ping 192.168.15.1 Can the serial interface on the Warsaw router be pinged from Brasilia? __________________ Can the serial interface on the Brasilia router be pinged from Warsaw? __________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes. Upon completion of the previous steps, finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Tel: 5867776-5837968

Lab-32: Troubleshooting PPP Configuration
Objective
Configure PPP on the serial interfaces of two routers. Use show and debug commands to troubleshoot connectivity issues.
Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers.

Step 2 Configure the Paris interface as shown

Configure the Paris router serial interface as follows: Paris(config)#interface serial 0 Paris(config-if)#ip address 192.168.15.2 255.255.255.0 Paris(config-if)# clockrate 56000 Paris(config-if)#exit Paris(config)#exit
Step 3 Configure the London interface as shown

Configure the London router serial interface as follows: London(config)#interface serial 0 London(config-if)#ip address 192.168.15.1 255.255.255.0 London(config-if)# encapsulation ppp London(config-if)#no shutdown London(config-if)#exit London(config)#exit

London#copy running-config startup-config
Tel: 5867776-5837968

Paris#copy running-config startup-config
Step 5 Enter the command show interface serial 0 on London

London#show interface serial 0 This will show the details of interface serial 0. List the following information discovered from issuing this command. Serial 0 is ___________________, line protocol is___________________ What type of problem is indicated in the last statement? ___________________ __________________________________________________________________________ Internet address is ____________________ Encapsulation _______________________
Step 6 Enter the command show interface serial 0 on Paris

Paris#show interface serial 0 This will show the details of interface serial 0. List the following information discovered from issuing this command. Serial 0 is ___________________, line protocol is___________________. Internet address is ___________________. Encapsulation _______________________ To what OSI layer is the encapsulation_ referring? _______________________ If the Serial interface was configured, why did the show interface serial 0 output show that the interface is down?
Step 7 Correct the clock location

The clock rate statement has been placed on the wrong interface. It is currently placed on the Paris router, but the London router is the Data Communications Equipment (DCE). Remove the clock rate statement from the Paris router using the no version of the command and then add it to the London routers configuration.
Step 8 Enter the command show cdp neighbors on London

Is there any output from the command? _________________________________________ Should there be output? _____________________________________________________
Step 9 Enter the command debug ppp negotiation on London

It may take 60 seconds or more before output occurs. Is there output? _____________________________________________________ What is the output saying? ___________________________________________________ Is there a problem with PPP encapsulation on the London router or the Paris router? __________________________________________________________________________ Why? __________________________________________________________________ What were the encapsulations listed for the interfaces? London? ______________________ Paris? ____________________________________ Is there an issue with the above statement? ______________________________________ What is the issue? _________________________________________________________
Step 10 Enter the command debug ppp negotiation on the Paris router
Enter the command debug ppp negotiation on the Paris router at the privileged EXEC mode prompt. Is there any output from the debug command? ____________________________________
Step 11 Correct the encapsulation type

Convert the encapsulation to PPP on the Paris router.

Is there any output from the debug command? ____________________________________ Does it confirm link establishment? ____________________________________

Paris#show interface serial 0 Serial 0 is ________________________, line protocol is ________________________. Encapsulation ________________________ What is the difference in the Line and Protocol status recorded on Paris earlier? Why? __________________________________________________________________________
London#ping 192.168.15.1 Paris#ping 192.168.15.2 From London, c an the serial interface ping the Paris router? ____________________ From Paris, can the serial interface ping the London router? ____________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Tel: 5867776-5837968

Lab-33: Troubleshooting a Serial Interface
Objective
Configure a serial interface on two routers. Use show commands to troubleshoot connectivity issues.
Configure the appropriate serial interfaces to allow connectivity between the two routers. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.

Step 2 Configure the Paris interface as shown

Configure the Paris router serial interface as follows: Paris(config)#interface serial 0 Paris(config-if)#ip address 192.168.15.2 255.255.255.0 Paris(config-if)#clockrate 56000 Paris(config-if)#no shutdown Paris(config-if)#exit Paris(config)#exit
Step 3 Configure the London interface as shown

Configure the London router serial interface as follows: London(config)#interface serial 0 London(config-if)#ip address 192.168.15.1 255.255.255.0 London(config-if)#no shutdown London(config-if)#exit London(config)#exit


London#copy running-config startup-config Paris#copy running-config startup-config
Step 5 Enter the command show interface serial 0 on London

London#show interface serial 0 This will show the details of interface serial 0. Answer the following questions: Serial 0 is _____________, line protocol is _____________ What type of problem is indicated in the last statement? __________________________________________________________________________ Internet addres s is ________________________________ Encapsulation ____________________________________

Paris#show interface serial 0 This will show the details of interface serial 0. Answer the following questions: Serial 0 is ___________________, line protocol is___________________ Internet addres s is ___________________. Encapsulation ___________________ To what OSI layer is the encapsulation_ referring? ___________________ Why is the interface down? ______________________________________________________
Step 7 Correct the clock location

The clock rate s tatement has been placed on the wrong interface. It is currently placed on the Paris router, but the London router is the Data Communications Equipment (DCE). Remove the clock rate statement from the Paris router using the no version of the command and then add it to the London router configuration.

Paris#show interface serial 0 Serial 0 is ______________________, line protocol is______________________. What is the difference in the Line and Protocol status recorded on Paris earlier? Why? __________________________________________________________________________
London#ping 192.168.15.2 Paris#ping 192.168.15.1 Can the serial interface on the Paris router be pinged from London? __________________ Can the serial interface on the London router be pinged from Paris? __________________ If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes. Upon completion of the previous steps, finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Tel: 5867776-5837968

Lab-34: Configuring ISDN BRI (U-Interface)
Objective
Configure an ISDN router to make a successful connection to a local ISDN switch.
This lab assumes that a router with an ISDN BRI U interface is available. An Adtran Atlas550 ISDN emulator is used to simulate the ISDN switch and cloud. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Conduct the following steps on each router unless specifically instructed otherwise. Start a HyperTerminal session.

Step 2 Verifying the ISDN BRI switch type

Not all ISDN switch types are the same worldwide and the first step is to configure the following: The ISDN TE1 device The router What ISDN switch type is in use This information will be provided by the ISDN telco provider. In this case, the ISDN Switch type, supported by the Adtran simulator, is National ISDN-1, North America. It is configured, on the router, using the keyword basic-ni. To check the ISDN BRI status, issue the following command before issuing any configuration commands: Ottawa#show isdn status What is the Layer 1 status? ___________________________________________________ What is the ISDN switch type? ________________________________________________
Step 3 Specifying the switch type

To specify ISDN switch type use isdn switch-type command at the global configuration mode prompt. The different switch types available may be reviewed using the isdn switch-type ? command:
Tel: 5867776-5837968

Ottawa#configure terminal Ottawa(config)#isdn switch-type ? How many different switch types are available? ____________________________________ To configure the router to communicate with a National ISDN-1 switch type: Ottawa(config)#isdn switch-type basic-ni
Step 4 Verifying switch status

Check the state of the ISDN Interface again. Ottawa#show isdn status What is the Layer 1 status? ________________________________________________________ What is the ISDN switch type? ________________________________________________
Step 5 Activate the BRI connection

Activate the ISDN BRI using the no shutdown command at the interface configuration prompt. Ottawa#configure terminal Ottawa(config)#interface bri 0 Ottawa(config-if)#no shutdown
Step 6 Review switch status

At this stage the ISDN BRI should be physically active and one TEI should have been negotiated. Ottawa#show isdn status What is the Layer 1 status? ________________________________________________________ What is the ISDN switch type? _____________________________________________________ Has the Layer 2 status changed? ____________________________________________________
Step 7 Configuring ISDN SPIDs

Depending on region, ISDN service profile identifiers (SPIDs) may have to be specified for ISDN Switch to res pond to the ISDN TE1 correctly. The SPIDs, supported by the Adtran simulator, are specified as isdn spid1 and isdn spid2. To configure the SPIDs issue the following commands: Ottawa(config)#interface bri 0 Ottawa(config-if)#isdn spid1 51055510000001 5551000 Ottawa(config-if)#isdn spid2 51055510010001 5551001
Step 8 Review switch status

Check the state of the ISDN Interface again: Ottawa#show isdn status What does the output specify about spid1? ______________________________________ What does the output specify about spid2? ______________________________________ Careful examination of this output shows that the assigned SPID values have not been sent to the ISDN switch and verified. The reason for this is that they were specified after the ISDN interface was enabled. To send the SPID values the interface must be reset.
Step 9 Resetting the interface

To manually reset the ISDN BRI interface issue the command clear interface bri 0. This will cause all ISDN parameters to be renegotiated. Issue the clear command on the router and then check the ISDN interface status. SPID1 and SPID2 will now be sent and validated: Ottawa#clear interface bri 0 Ottawa#show isdn status Have SPID1 and SPID2 been sent and verified? __________________________________________________________________________

Step 10 Save the configuration and reboot

Save the configuration and reboot the router. This time, verify that the ISDN Interface has correctly negotiated with the ISDN switch. Review activity on the ISDN Interface using the show isdn active command: Ottawa#copy running-config startup-config Ottawa#reload Ottawa#show isdn active The history table has a maximum of how many entries? __________________________________________________________________________ History table data is retained for how long? __________________________________________________________________________ Upon completion of the previous steps, finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Tel: 5867776-5837968

Lab-35: Configuring Dialer Profiles
Objective
Configure ISDN Dialer Profiles on the routers enabling a dial-on-demand routing (DDR) call to be made from two remote routers simultaneously into a central ISDN BRI router.
In this lab, 3 ISDN routers are required.. An Adtran Atlas550 ISDN emulator is used to simulate the switch/ISDN cloud. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Conduct the following steps on each router unless specifically instructed otherwise. Start a HyperTerminal session.
Step 1 Configure the router

Configure the following according to the chart: The hostname / The console The virtual terminal The enable passwords
Step 2 Define switch type and spid numbers

To configure the s witch type and spid numbers use the following commands. Router(config)#hostname Tokyo Tokyo(config)#enable secret class Tokyo(config)#isdn switch-type basic-ni Tokyo(config)#interface fastethernet 0 Tokyo(config-if)#ip address 192.168.1.1 255.255.255.0 Tokyo(config-if)#no shutdown Tokyo(config-if)#exit Tokyo(config)#interface bri 0

Tokyo(config-if)#isdn spid1 51055510000001 5551000 Tokyo(config-if)#isdn spid2 51055510010001 5551001 Tokyo(config-if)#no shutdown Router(config)#hostname Moscow Moscow(config)#enable secret class Moscow(config)#isdn switch-type basic-ni Moscow(config)#interface fastethernet 0 Moscow(config-if)#ip address 192.168.2.1 255.255.255.0 Moscow(config-if)#no shutdown Moscow(config-if)#exit Moscow(config)#interface bri 0 Moscow(config-if)#isdn spid1 51055520000001 5552000 Moscow(config-if)#isdn spid2 51055520010001 5552001 Moscow(config-if)#no shutdown Router(config)#hostname Sydney Sydney(config)#enable secret class Sydney(config)#isdn switch-type basic-ni Sydney(config)#interface fastethernet 0 Sydney(config-if)#ip address 192.168.3.1 255.255.255.0 Sydney(config-if)#no shutdown Sydney(config-if)#exit Sydney(config)#interface bri 0 Sydney(config-if)#isdn spid1 51055530000001 5553000 Sydney(config-if)#isdn spid2 51055530010001 5553001 Sydney(config-if)#no shutdown
Step 3 Defining static routes for DDR

Use static and default routes instead of dynamic routing, in order to reduce the cost of the dialup connection. To configure a static route, the network address of the network that is going to be reached must be known. The IP address of the next router on the path to this destination must be known as well. Moscow#configure terminal Moscow(config)#ip route 0.0.0.0 0.0.0.0 192.168.253.1 Sydney#configure terminal Sydney(config)#ip route 0.0.0.0 0.0.0.0 192.168.254.1 Tokyo#configure terminal Tokyo(config)#ip route 192.168.2.0 255.255.255.0 192.168.253.2 Tokyo(config)#ip route 192.168.3.0 255.255.255.0 192.168.254.2
Step 4 Specifying interesting traffic for DDR

Traffic mus t be defined as interesting to cause the DDR interface to dialup the remote router. For the moment, declare that all IP traffic is interesting using the dialer-list command. Moscow(config)#dialer-list 1 protocol ip permit Moscow(config)#interface dialer 0 Moscow(config-if)#dialer-group 1 Sydney(config)#dialer-list 1 protocol ip permit Sydney(config)#interface dialer 0

Sydney(config-if)#dialer-group 1 Tokyo#configure terminal Tokyo(config)#dialer-list 1 protocol ip permit Tokyo(config)#interface dialer 1 Tokyo(config-if)#description The Profile for the Moscow router Tokyo(config-if)#dialer-group 1 Tokyo(config-if)#interface dialer 2 Tokyo(config-if)#description The Profile for the Sydney router Tokyo(config-if)#dialer-group 1
Step 5 Configuring DDR dialer information

Configure the correct dialer information so that the dialer profile and dialer interface function correctly. This includes all of the following: IP address information PPP configuration Name Passwords Dial number Tokyo(config)#interface dialer 1 Tokyo(config-if)#ip address 192.168.253.1 255.255.255.0 Tokyo(config-if)#interface dialer 2 Tokyo(config-if)#ip address 192.168.254.1 255.255.255.0 Tokyo(config-if)#interface bri 0 Tokyo(config-if)#encapsulation ppp Tokyo(config-if)#ppp authentication chap Tokyo(config-if)#interface dialer 1 Tokyo(config-if)#encapsulation ppp Tokyo(config-if)#ppp authentication chap Tokyo(config-if)#interface dialer 2 Tokyo(config-if)#encapsulation ppp Tokyo(config-if)#ppp authentication chap Tokyo(config-if)#exit Tokyo(config)#username Moscow password class Tokyo(config)#username Sydney password class Moscow(config)#interface dialer 0 Moscow(config-if)#ip address 192.168.253.2 255.255.255.0 Moscow(config-if)#interface bri 0 Moscow(config-if)#encapsulation ppp Moscow(config-if)#ppp authentication chap Moscow(config-if)#interface dialer 0 Moscow(config-if)#encapsulation ppp Moscow(config-if)#ppp authentication chap Moscow(config-if)#no shutdown Moscow(config-if)#exit Moscow(config)#username Tokyo password class Sydney(config)#interface dialer 0

Sydney(config-if)#ip address 192.168.254.2 255.255.255.0 Sydney(config-if)#interface bri 0 Sydney(config-if)#encapsulation ppp Sydney(config-if)#ppp authentication chap Sydney(config-if)#interface dialer 0 Sydney(config-if)#encapsulation ppp Sydney(config-if)#ppp authentication chap Sydney(config-if)#no shutdown Sydney(config-if)#exit Sydney(config)#username Tokyo password class
Step 6 Configure dialer information

Next, the dial information must be configured to specify the remote name of the remote router in the Dialer Profile. The dial string, or phone number to use to contact this remote device must also be spec ified. Use the following commands to do this: Tokyo(config)#interface dialer 1 Tokyo(config-if)#dialer remote-name Moscow Tokyo(config-if)#dialer string 5552000 Tokyo(config-if)#dialer string 5552001 Tokyo(config-if)#interface dialer 2 Tokyo(config-if)#dialer remote-name Sydney Tokyo(config-if)#dialer string 5553000 Tokyo(config-if)#dialer string 5553001 To configure the dial information on Moscow, use the following: Moscow(config-if)#interface dialer 0 Moscow(config-if)#dialer remote-name Tokyo Moscow(config-if)#dialer string 5551000 Moscow(config-if)#dialer string 5551001 To configure the dial information on Sydney, use the following: Sydney(config-if)#interface dialer 0 Sydney(config-if)#dialer remote-name Tokyo Sydney(config-if)#dialer string 5551000 Sydney(config-if)#dialer string 5551001
Step 7 Associate dialer profiles

Finally, associate the Dialer Profiles with the Dialer Interfaces that will be used, when needed. Create a Dialer Pool, and put the interfaces and the associated Dialer Profiles in a common pool. The commands for doing this are as follows: Tokyo(config-if)#interface bri 0 Tokyo(config-if)#dialer pool-member 1 Tokyo(config-if)#interface dialer 1 Tokyo(config-if)#dialer pool 1 Tokyo(config-if)#interface dialer 2 Tokyo(config-if)#dialer pool 1 On Moscow, the commands issued would be as follows: Moscow(config-if)#interface bri 0 Moscow(config-if)#dialer pool-member 1

Moscow(config-if)#interface dialer 0 Moscow(config-if)#dialer pool 1 Use the same commands to configure the Sydney router.
Step 8 Configure dialer timeouts

Configure a dialer idle-timeout of 60 seconds for each of the dialer interfaces : Tokyo(config)#interface dialer 1 Tokyo(config-if)#dialer idle-timeout 60 Tokyo(config-if)#interface dialer 2 Tokyo(config-if)#dialer idle-timeout 60 Repeat these c ommands on Moscow and Sydney.
Step 9 View the Tokyo router configuration

To view the configuration, use the show running-config command: Tokyo#show running-config How many username statements are there? _______________________________________ What authentication type is being used for PPP? ___________________________________ Which sections of the configuration list the authentication type? __________________________________________________________________________ What are the dialer strings on the Tokyo router? ___________________________________
Step 10 Verifying the DDR Configuration

Now, generate some interesting traffic across the DDR link from Moscow and Sydney to verify that connections are made correctly and the dialer profiles are functioning: Moscow#ping 192.168.1.1 Were the pings successful? ____________________________________________________ If not troubleshoot the router configurations. What other information was displayed when the ping was issued? _________________________________________________________________ Sydney#ping 192.168.1.1 Were the pings successful? ____________________________________________________ If the pings were not successful troubleshoot the router configurations. Use the show dialer command to see the reason for the call. This information is shown for each channel: Tokyo#show dialer Which dialer strings are associated with Dialer1?___________________________________ What is the last status for dial string 5553000 in the Dialer2 readout? ____________________ Use the show interface command and note that the output shows that the interface is spoofing. This provides a mechanism for the interface to simulate an active state for internal processes, such as routing, on the router. The show interface command can also be used to display information about the B channel: Tokyo#show interface bri 0 Upon completion of the previous steps, finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Tel: 5867776-5837968

Lab-36: Configuring Frame Relay PVC
Objective
Configure two routers back-to-back as a Frame Relay permanent virtual circuit (PVC). This will be done manually, in the absence e of a Frame Relay switch, and therefore there will be no Local Management Interface (LMI).
Cable a network similar to the one in diagram above. Any router that meets interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Conduct following steps on each router unless specifically instructed otherwise. Start a HyperTerminal session.

Configure the following according to the chart: The hostname / The console The virtual terminal The enable passwords The Fast Ethernet interfaces
Step 2 Configuring the Washington serial interface

First, define the Frame Relay frame type to be used on this link. To configure the encapsulation type, use the command encapsulation frame-relay ietf. Disable keepalive messages since there is no Frame Relay switch in this configuration and consequently no Frame Relay DCE: Washington#configure terminal Washington(config-if)#interface serial 0 Washington(config-if)#encapsulation frame-relay ietf Washington(config-if)#no keepalive Washington(config-if)#ip address 192.168.1.1 255.255.255.0 Washington(config-if)#no shutdown
Step 3 Configure the Frame Relay map on Washington

When sending an Ethernet frame to a remote IP address, remote MAC address must be discovered, so that correct frame type can be constructed. Frame Relay needs a similar mapping. The remote IP address needs to be mapped to the local DLCI (Layer 2 address), so the correctly

addressed frame can be created locally for this PVC. Since there is no way of mapping DLCI automatically with LMI disabled, this map must be created manually, using the frame-relay map command. The broadcast parameter also allows for IP broadcasts to use the same mapping for crossing this PVC: Washington(config-if)#frame-relay map ip 192.168.1.2 102 ietf broadcast
Step 4 Configure the DCE on Washington

In this configuration, when DCE cables are used, a clock signal is necessary. The bandwidth command is optional, but wise to use to verify bandwidth transmission. Another option is to title the connection using the description command. It is very useful to record information in the description about the PVC, such as remote contact person and the leased line circuit identifier: Washington(config-if)#clock_rate 64000 Washington(config-if)#bandwidth 64 Washington(config-if)#description PVC to Dublin, DLCI 102, Circuit Washington(config-if)#DASS465875, Contact John Tobin (061-8886745)
Step 5 Configure Dublin router

Configure the Dublin router using the following commands. Dublin#configure terminal Dublin(config-if)#interface serial 0 Dublin(config-if)#encapsulation frame-relay ietf Dublin(config-if)#no keepalive Dublin(config-if)#no shutdown Dublin(config-if)#ip address 192.168.1.2 255.255.255.0 Dublin(config-if)#frame-relay map ip 192.168.1.1 102 ietf broadcast Dublin(config-if)#bandwidth 64 Dublin(config-if)#description PVC to Washington, DLCI 102, Circuit Dublin(config-if)#DASS465866 Contact Pat White (091-6543211)
Step 6 Verifying Frame Relay PVC

On the Washington router, type the command show frame-relay pvc: Washington#show frame-relay pvc What is the DLCI number reported? _______________________________________________ What is the PVC status? ________________________________________________________ What is the value of the DLCI USAGE? ____________________________________________
Step 7 Showing Frame Relay map

To view the Layer 2 to Layer 3 mapping, use this command at the privileged EXEC mode prompt: Washington#show frame-relay map What is the IP address shown? ___________________________________________________ What state is interface serial 0 in? ________________________________________________
Step 8 Verify Frame Relay connectivity

From the Washington router, ping the Dublin router serial interface. Was the ping suc cessful? ________________________________________________________ If the ping was not successful, troubleshoot the router configurations. Upon completion of the previous steps, finish the lab by doing the following: Logoff by typing exit Turn the router off then Remove and store the cables and adapter


As Done in previous labs.
Tel: 5867776-5837968

Lab-37: Configuring Frame-Relay Sub-interfaces
Objective
Configure three routers in a full mesh Frame Relay Network. An organization with three offices in different cities has to connect its offices through Frame Relay cloud. Offices are situated in Amsterdam, Paris and Berlin. A router at each branch site is connected with the Frame Relay Service Provider as depicted in the diagram.

Configure the following according to the chart: The hostname / The console password The virtual terminal password The enable secret password The Fast Ethernet interface according to the chart
Step 2 Configure the Serial 0 Interfaces

The Frame Relay encapsulation type to be used on this link must be defined by commands: Amsterdam# configure terminal Amsterdam(config)# interface serial 0 Amsterdam(config-if)# encapsulation frame-relay ietf Amsterdam(config-if)# frame-relay lmi-type ansi Use a description field to store relevant information, such as the circuit number in case a line fault has to be reported: Amsterdam(config-if)#description Circuit #KPN465555 Amsterdam(config-if)#no shutdown The same commands are used to configure the Berlin and Paris routers: Paris(config)#interface serial 0 Paris(config-if)#encapsulation frame-relay ietf Paris(config-if)#frame-relay lmi-type ansi Paris(config-if)#description Circuit #FRT372826 Paris(config-if)#no shutdown
Tel: 5867776-5837968

Berlin(config)#interface serial 0 Berlin(config-if)#encapsulation frame-relay ietf Berlin(config-if)#frame-relay lmi-type ansi Berlin(config-if)#description Circuit #DTK465866 Berlin(config-if)#no shutdown
Step 3 Create subinterfaces on the Amsterdam router

For each of the permanent virtual circuits (PVCs), create a subinterface on the serial port. This subinterface will be a point-to-point configuration. For consistency and future troubleshooting, use the data-link connection identifier (DLCI) number as the subinterface number. The commands to create a subinterface are as follows: Amsterdam(config-if)#interface serial 0.102 point-to-point Amsterdam(config-if)#description PVC to Paris, DLCI 102 Amsterdam(config-if)#ip address 192.168.4.1 255.255.255.0 Amsterdam(config-if)#frame-relay interface-dlci 102 Amsterdam(config-if)#interface serial 0.103 point-to-point Amsterdam(config-if)#description PVC to Berlin, DLCI 103 Amsterdam(config-if)#ip address 192.168.5.1 255.255.255.0 Amsterdam(config-if)#frame-relay interface-dlci 103
Step 4 Create subinterfaces on the Paris router

To configure the subinterfaces on the Paris router, use the following commands: Paris(config-if)#interface Serial 0.201 point-to-point Paris(config-if)#description PVC to Amsterdam, DLCI 201 Paris(config-if)#ip address 192.168.4.2 255.255.255.0 Paris(config-if)#frame-relay interface-dlci 201 Paris(config-if)#interface Serial 0.203 point-to-point Paris(config-if)#description PVC to Berlin, DLCI 203 Paris(config-if)#ip address 192.168.6.1 255.255.255.0 Paris(config-if)#frame-relay interface-dlci 203
Step 5 Create subinterfaces on the Berlin router

To configure the subinterfaces on the Berlin router, use the following commands: Berlin(config-if)#interface Serial 0.301 point-to-point Berlin(config-if)#description PVC to Amsterdam, DLCI 301 Berlin(config-if)#ip address 192.168.5.2 255.255.255.0 Berlin(config-if)#frame-relay interface-dlci 301 Berlin(config-if)#interface Serial 0.302 point-to-point Berlin(config-if)#description PVC to Paris, DLCI 302 Berlin(config-if)#ip address 192.168.6.2 255.255.255.0 Berlin(config-if)#frame-relay interface-dlci 302
Step 6 Configure IGRP routing

To configure the routing protocol Interior Gateway Routing Protocol (IGRP) 100, syntax is: Amsterdam(config-if)#router igrp 100 Amsterdam(config-router)#network 192.168.1.0 Amsterdam(config-router)#network 192.168.4.0 Amsterdam(config-router)#network 192.168.5.0 Paris(config-if)#router igrp 100

Paris(config-router)#network 192.168.2.0 Paris(config-router)#network 192.168.4.0 Paris(config-router)#network 192.168.6.0 Berlin(config-if)#router igrp 100 Berlin(config-router)#network 192.168.3.0 Berlin(config-router)#network 192.168.5.0 Berlin(config-router)#network 192.168.6.0
Step 7 Verifying Frame Relay PVC

On the Amsterdam router, issue the command show frame-relay pvc: Amsterdam#show frame-relay pvc
Step 8 Show the Frame Relay maps

Look at the frame relay maps by typing following command at the privileged EXEC mode prompt: Amsterdam#show frame-relay map
Step 9 Show LMIs

Look at the Local Management Interface (LMI) statistics using following command: Amsterdam#show frame-relay lmi
Step 10 Check routing protocol

Use the show ip route command to verify that the PVCs are up and active: Amsterdam#show ip route
Frame Relay Switch Configuration

To simulate Frame Relay Cloud, use a router with three serial interfaces to emulate frame relay switch. We name this router as FRS, Its Serial 1/1 is connected with Amsterdam, Serial 1/2 is connected with Paris, Serial 2/1 is connected with Berlin. The required command for Frame Relay switch is as follows. FRS(config)# frame-relay switching Interface serial 1/1 Encapsulation frame-relay ietf Frame-relay lmi-type ansi Frame-relay route 102 interface serial 1/2 201 Frame-relay route 103 interface serial 2/1 301 No shut Interface serial 1/2 Encapsulation frame-relay ietf Frame-relay lmi-type ansi Frame-relay route 201 interface serial 1/2 102 Frame-relay route 203 interface serial 2/1 302 No shut Interface serial 2/1 Encapsulation frame-relay ietf Frame-relay lmi-type ansi Frame-relay route 301 interface serial 1/2 103 Frame-relay route 302 interface serial 2/1 203 No shut
Tel: 5867776-5837968

Lab-38: Standard ACLs
Objective
Plan, configure, and apply a standard ACL to permit or deny specific traffic and test the ACL to determine if the desired results were achieved. The company home office in Gadsden (GAD) provides services to branch offices such as the Birmingham (BHM) office. These offices have some minor security and performance concerns. Standard ACL need to be implemented as a simple and effective tool to control traffic. Host #3 represents the kiosk station that needs to have its access limited to the local network. Host #4 represents another host in the Birmingham office Loopback 0 on the GAD router represents the Internet.
Step 1 Basic Router Interconnection

Interconnect the routers as shown in the diagram.
Step 2 Basic Configuration

The router may contain configurations from a previous use. For this reason, erase the startup configuration and reload the router to remove any residual configurations. Using the information previously in the tables, setup the router and host configurations and verify reachablilty by pinging all systems and routers from each system. To simulate the Internet, add the following configuration to the GAD router. GAD(config)#interface loopback0 GAD(config-if)#address 172.16.1.1 255.255.255.0 GAD(config-if)#exit GAD(config)#router rip GAD(config-router)#network 172.16.0.0

GAD(config-if)#^z
Step 3 Establish Access List Requirements

The kiosk station (host 3) needs to have its access limited to the local network. It is determined that a standard access list needs to be created to prevent traffic from this host from reaching any other networks. The access control list should block traffic from this host and not affect other traffic from this network. Using a standard IP ACL is adequate for as it filters based on the source address to any destination. What source address of the kiosk? ____________________________
Step 4 Plan the Access List Requirements

As with any project, the most important part of the process is the planning. First, the information needed to create the ACL need to be defined. An access list is made up a series of ACL statements . Each of these statements adds sequentially to the ACL. Since the list will consist of more than one statement, the order of the statement needs to be planned carefully. It has been determined that for this ACL will require 2 logical steps . Each of these steps can be accomplished with one statement each. As a planning tool, a text editor like Notepad can be used to organize the logic and then write the list. In the text editor enter the logic by typing: stop traffic from host 3 permit all other traffic From this logic the actual ACL will be written. Using the tables below, doc unmet the information for each statement. stop traffic from host 3 List # permit or deny Source address Wildcard mask permit all other traffic List # permit or deny Source address Wildcard mask What would be the result of not including a statement at to permit all other source addresses? ___________________________________________________________________________ What would be the result of reversing the order of the 2 statements in the list? ___________________________________________________________________________ Why are both statements using the same ACL number? ___________________________________________________________________________ The final step in the planning process is to determine the best location for the access list and the direction the list should be applied. Examine the internetwork diagram and choose the appropriate interface and direction. Document this in the table below: Router Interface Direction
Step 5 Write and Apply the ACL

Using the previously constructed logic and information of the access list, complete the commands in the text editor. The list syntax should look similar to: stop traffic from host 3 access-list #deny address wildcard permit all other traffic access-list #permit address wildcard Add to this text file the configuration statements to apply the list. The configuration s statements take e the form of: interface type #/# ip access-group #{in, out}

Now the text file configuration needs to be applied to the router. Enter the configuration mode on the appropriate router and copy and paste the configuration. Observe the CLI display to ensure no errors were encountered.
Step 6 Verify the ACL

Now that the ACL is completed, the ACL needs to be confirmed and tested. First step is to check the list to see if it was configured properly in the router. To check the ACL logic use the show access-list command. Record the output ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ Next, verify that the access list was applied to the proper interface and in the correct direction. To do this examine the interface with the show ip interface command. Look at the output from each interface and record the lists applied to the interface. Interface _______________________________________________________________ Outgoing access list is ____________________________________________________ Inbound access lis t is ____________________________________________________ Finally, test the functionality of the ACL by trying to send packets from the source hos t and verify that is to be permitted or denied as appropriate. In this case, ping will be used to test this. [ ] verify that host 3 CAN ping host 4 [ ] verify that host 3 CANNOT ping host 1 [ ] verify that host 3 CANNOT ping host 2 [ ] verify that host 3 CANNOT ping GAD Fa0/0 [ ] verify that host 3 CANNOT ping GAD LO0 [ ] verify that host 4 CAN ping host 1 [ ] verify that host 4 CAN ping host 2 [ ] verify that host 4 CAN ping GAD Fa0/0 [ ] verify that host 4 CAN ping GAD LO0
Step 7 Document the ACL

As a part of all network management, documentation needs to be created. Using the text file reated for the configuration, add additional comments. This file should also contain output from the show access-list and the show ip interface commands. The file should be saved with other network documentation. The file naming convention should reflect the function of the file and the date of implementation. That should complete the ACL project. Once finished, eras e the start-up configuration on routers, remove and store the cables and adapter. Also logoff and turn the router off.
Tel: 5867776-5837968

Lab-39: Configuring Standard Access Lists
Objective
Configure, and apply a standard ACL to permit or deny specific traffic. Test the ACL to determine if the desired results were achieved.
Step 1 Configure the hostname and passwords on the Gadsden router

On the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Configure the FastEthernet interface on the router according to the chart.
Step 2 Configure the hosts on the Ethernet segment

Host 1 IP address 192.168.14.2 Subnet mask 255.255.255.0 Default gateway 192.168.14.1 Host 2 IP address 192.168.14.3 Subnet mask 255.255.255.0 Default gateway 192.168.14.1
Step 4 Confirm connectivity by pinging the default gateway from both hosts
If the pings are not successful, correct the configuration and repeat until they are successful.
Step 5 Prevent access to the Ethernet interface from the hosts

Create an access list that will prevent access to FastEthernet 0 from the 192.168.14.0 network. At the router configuration prompt type the following command:

GAD(config)#access-list 1 deny 192.168.14.0 0.0.0.255 GAD(config)#access-list 1 permit any Why is the second statement needed? __________________________________________
Step 6 Ping the router from the hosts

Were these pings successful? ________________________________________________ If they were, why? _________________________________________________________
Step 7 Apply the Access list to the interface

At the FastEthernet 0 interface mode prompt type the following: GAD(config-if)#ip access-group 1 in

Step 9 Create a new access list

Now create an access list that will prevent the even numbered hosts from pinging but permit the odd numbered one. What will that access list look like? Finish this command with an appropriate comparison IP address (aaa.aaa.aaa.aaa) and wildcard mask (www.www.www.www): ip access-list 2 permit aaa.aaa.aaa.aaa www.www.www.www Why was it not necessary to have the permit any statement at the end this time? __________________________________________________________________________
Step 10 Apply access list to the proper router interface

First remove the old access list application by typing no ip access-group 1 in at the interface configuration mode. Apply the new access list by typing ip access-group 2 in
Step 11 Ping the router from each hosts

Was the ping from host 1 successful? ___________________________________________ Why or why not? __________________________________________________________ Was the ping from host 2 successful? ___________________________________________ Why or why not? __________________________________________________________
Tel: 5867776-5837968

Lab-40: Configuring Extended Access Lists (1)
Objective
Configure, and apply an extended ACL to permit or deny specific traffic. Test the ACL to determine if the desired results were achieved.

On the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Configure the FastEthernet interface on the router according to the chart. Allow HTTP access by issuing the ip http server command in global configuration mode.

Step 5 Connect to the router using the Web browser

Connect to the router using a Web browser to ensure that the Web server function is active.

Step 6 Prevent access to HTTP (port 80) from the Ethernet interface hosts
Create an access list that will prevent Web browsing access to FastEthernet 0 from the 192.168.14.0 network. At the router configuration prompt type the following command: GAD(config)#access-list 101 deny tcp 192.168.14.0 0.0.0.255 any eq 80 GAD(config)#access-list 101 permit ip any any Why is the second statement needed? __________________________________________
Step 7 Apply the access list to the interface

At the FastEthernet 0 interface mode prompt type: GAD(config-if)#ip access-group 101 in

Step 9 Connect to the router using the web browser

Was the browser able to connect? _____________________________________________
Step 10 Telnet to the router from the hosts

Were you able to Telnet successfully? __________________________________________ Why or why not? __________________________________________________________ Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Tel: 5867776-5837968

Lab-41: Simple Extended Access Lists (2)
Objective
Configuring extended access lists to filter network to network, host to network, and network to host traffic.
Scenario
A marketing company has two locations. The main site is in Birmingham (BHM) and the branch site is in Gadsden (GAD). The telecommunication administrator for both sites needs to plan and implement access control lists for security and performance. At the Birmingham site, there are two groups of network users. These groups are an Administrative group and a Production group and each are on separate networks. Both networks are interconnected with a router. The Gadsden site is a stub network and only has a LAN connected to it.
Step 1 Basic Router and Host Configurations

Interconnect the routers and hosts as shown in the diagram. Configure all router basics such as hostname, enable password, telnet access, router interfaces. The configurations on each router should be as follows:

BHM#show running-config <Output Omitted> hostname BHM enable secret class interface FastEthernet0 ip address 192.168.1.17 255.255.255.240 interface Serial0 ip address 172.16.1.2 255.255.255.0 clock rate 56000 interface FastEthernet0/1 ip address 192.168.1.33 255.255.255.240 router rip network 172.16.0.0 network 192.168.1.0 line vty 0 4 password cisco login end BHM# GAD#show running-config <Output Omitted> hostname GAD enable password class interface FastEthernet0 ip address 172.16.2.1 255.255.255.0 interface Serial0 ip address 172.16.1.1 255.255.255.0 router rip network 172.16.0.0 line vty 0 4 password cisco login no scheduler allocate end GAD# Configure the hosts with the appropriate information using the information previously defined. Before applying any type of access list, it is important to verify reachability between systems. Verify reachability by pinging all systems and routers from each system. All hosts should be able to ping each other and the router interfaces. If pings to some interfaces are not successful, the problem will need to be located and corrected. Always verify the Physical layer connections, as they seem to be the more common source of connectivity problems. Next, verify the router interfaces. Make sure they are not shutdown, improperly configured, and that RIP is correctly configured. Finally, remember that along with valid IP addresses, hosts must also have default gateways specified. Now that the infrastructure is in place, it is time to begin securing the internetwork.

Step 2 Prevent the Production Users from Accessing the Gadsden Network
Company policy specifies that only the Administrative group should have access to the Gadsden site. The Production group should be restricted from accessing that network. Configure an extended access list to allow the Administrative group access to the Gadsden site. The production group should not have access to the Gadsden site. After careful analysis, it is decided that it would be best to use an extended access list and apply it to the outgoing 0 interface on the BHM router. Note: Remember that when the access list is configured, each statement in the list is processed by the router in the order it was created. It is not possible to reorder an access list, skip statements , edit statements, or delete statements from a numbered access list. For this reason, it may be beneficial to create the access-list in a text editor such as Notepad and then paste the commands to the router, instead of being typed in directly on a router. Enter the following: BHM#conf terminal Enter configuration commands, one per line. End with CNTL/Z. BHM(config)#access-list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255 This statement defines an extended access list called _100_. It will deny ip access for any users on the 192.168.1.32 192.168.1.47 network if they are trying to access network 172.16.2.0. Although a less specific access list could be defined, this access list could allow the production users to access other sites (if available) through the S0 interface. Remember that there is an implicit deny all at the of every access list. We must now make sure to let the administrative group access the Gadsden network. Although we could be more restrictive, we will simply let any other traffic through. Enter the following statement: BHM(config)#access-list 100 permit ip any any Now we need to apply the access list to an interface. We could apply the list to any incoming traffic going to the production network Fa0/1 interface. However, if there were a great deal of traffic between the administrative network and the production network , the router would have to check every packet. There is concern that this would add unwanted overhead to the router. Therefore the access list is applied to the any outgoing traffic going through the BHM router S0 interface. Enter the following: BHM(config)#interface s0 BHM(config-if)#ip access-group 100 out Verify the syntax of the access-list with the show running-config command. The following lists the valid statements that should be in the configuration. interface Serial0 ip access-group 100 out <Output Omitted> access-list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255 access-list 100 permit ip any any Another valuable command is the show access-lists command. The following is a sample output. BHM#show access-lists Extended IP access list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255 permit ip any any

The show access-lists command also displays counters, indicating how many times the list has been used. No counters are listed here since we havent attempted to verify it yet. Note: Use the clear access-list counters command to restart the access list counters Now test the access list by verifying reachability to the Gadsden network by the administrative and production hosts. Can the production host (B) ping the Gadsden host (D)? __________________________________ Can the production host (C) ping the Gadsden host (D)? __________________________________ Can the administrative host (A) ping the Gadsden host (D)? _______________________________ Can the production host (B) ping the administration host (A)? _____________________________ Can the production host (B) ping the Gadsden router Serial interface? _______________________ The production hosts (B) and (C) should be able to ping the administrative host (A) and Gadsden router Serial interface. However, they should not be able to ping the Gadsden host (D). The router should return a reply message to the host stating destination net unreachable. Issue the show access-lists command. How many matches are there? ________________ Note: The show access-lists command displays the number of matches per line. Therefore the number of deny matches may seem odd until it is realized that the pings matched the deny statement and the permit statement. To help understand how the access list is operating, keep periodically issuing the show access-lists command.
Step 3 Allow a Production User Access to the Gadsden Network

A call is received from a user in the production group (B). They are responsible for exchanging certain files between the production network and the Gadsden network. The ex tended access list needs to be altered to allow them access to the Gadsden network, while denying everyone else on the production network. Configure an extended access-list to allow that user access to Gadsden. Unfortunately, it is not possible to reorder an access list, skip statements , edit statements, or delete statements from a numbered access lis t. With numbered access lists, any attempt to delete a single statement results in the entire lists deletion. Therefore the initial extended access list needs too be deleted and a new one created. To delete access-list 100, enter the following: BHM#conf t Enter configuration commands, one per line. End with CNTL/Z. BHM(config)#no access-list 100 Verify that it has been deleted with the show access-lists command. Now create a new extended access list. Always filter from the most specific to the most generic. Therefore the first line of the access list should allow the production host (B) access to the Gadsden network. The remainder of the access-list should be the same as the previous we had entered. To filter the production host (B) the first line of the access list should be as follows: BHM(config)#access-list 100 permit ip host 192.168.1.34 172.16.2.0 0.0.0.255

Therefore, the access list permits the production host (B) access to the Gads den network. Now deny all of the remaining production hosts access to the Gadsden network and permit any on else. Refer to the previous step for the next two lines of the configuration. The show accesslist command would display output similar to the following: BHM#show access-lists Extended IP access list 100 permit ip host 192.168.1.34 172.16.2.0 0.0.0.255 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255 permit ip any any BHM# Now test the access list by verifying reachability to the Gadsden network by the administrative and production hosts. Can the production host (B) ping the Gadsden host (D)? ___________________________________ Can the production host (C) ping the Gadsden host (D)? ___________________________________ The production host (B) should now be able to ping the Gadsden host (D). However, all other production hosts (C) should not be able to ping the Gadsden host (D). Again, the router should return a reply message to the host stating destination net unreachable for host (C).
Step 4 Allow Gadsden Users Access to the Administration Payroll Server

The administration group houses the payroll server. Users from the Gadsden site need FTP and HTTP access the payroll server from time to time to upload and download payroll reports. Configure an extended access-list to allow users from the Gads den site FTP, HHTP access to the payroll server only. It is decided to also allow ICMP access for them to ping the server. Gadsden users should not be able to ping any other host on the Administration network. We do not want unnecessary traffic between the sites therefore it is decided to configure an extended access list on the Gadsden router. I was anticipated that privileged EXEC access to the Gadsden would be required from time to time. That is why Telnet access to it is configured. Otherwise travel would be required to the Gadsden site to configure it. Telnet to the Gadsden router from the Birmingham router and enter enable mode. Troubleshoot as necessary. Note: A common pitfall when configuring access lists on remote routers is to inadvertently lock yourself_ out. This is not a big problem when the router is physically located loc al. However, this could be a huge problem if the router is physically located in another geographical location. For this reason, it is strongly suggest that the reload in 30 command be issued on the remote router. This would automatically reload the remote router within 30 minutes of issuing the command. Therefore, if the administrator was locked out, it would eventually reload to the previous configuration, allowing access to the router again. Use the reload cancel command to deactivate the pending reload. Configure an extended access list to allow FTP access to the payroll server. The access list statement should be similar to the following: GAD(config)#access-list 110 permit tcp any host 192.168.1.18 eq ftp This line will permit any host from the Gadsden network FTP access to the payroll server at

address 192.168.1.18. What could we have defined instead of using the keyword any? _____________________________________________________________________________ What could we have defined instead of using the keyword host_? _____________________________________________________________________________ What could we have defined instead of using the keyword ftp_? _____________________________________________________________________________ Now configure the next line of the access list to permit HTTP access to the payroll server. The access list statement should be similar to the following: GAD(config)#access-list 110 permit tcp any host 192.168.1.18 eq http This line will permit any host from the Gadsden network FTP access to the payroll server at address 192.168.1.18. What else could we have defined instead of using the keyword http? _____________________________________________________________________________ Now configure the next line of the access list to permit ICMP access to the payroll server. The access list statement should be similar to the following: GAD(config)#access-list 110 permit icmp any host 192.168.1.18 This line will permit any host from the Gadsden network to ping the payroll server at address 192.168.1.18. Finally, no Gadsden user should be able access any other host on the Administration network. Although it is not required, it is always a good idea to include a deny statement. Adding the statement is a good reminder and makes it easier to read_ the access list. The access list statement should be similar to the following: GAD(config)#access-list 110 deny ip any 192.168.1.16 0.0.0.15 Now we need to apply the access list to an interface. To reduce unwanted WAN traffic, it is decided to apply the access list to the any outgoing traffic going through the Gadsden routers S0 interface. Enter the following: GAD(config)#interface s0 GAD(config-if)#ip access-group 110 out Now test the access list by verifying reachability to the payroll server by a Gadsden host (D). Can the Gadsden host (D) ping the payroll server? ______________________________________ Can the Gadsden host (D) ping the host (A)? __________________________________________ The Gads den host should be able to ping the payroll server only. The router should return the destination net unreachable when it tries to ping the administrative host (D).

As a part of all network management, documentation needs to be created. Using the text file created for the configuration, add additional comments. This file should also contain output from the show access-list and the show ip interface commands. The file should be saved with other network documentation. The file naming convention should reflect the function of the file and the date of implementation. That should complete this extended ACL lab. Once finished, eras e the start-up configuration on routers, remove and store the cables and adapter. Also logoff and turn the router off.
Tel: 5867776-5837968

Lab-42: Configuring a Named Access List
Objective
Create a named ACL to permit or deny specific traffic. Test the ACL to determine if the desired results were achieved.

On the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords. Configure the FastEthernet interface on the router according to the chart.

Step 5 Prevent access to the Ethernet interface from the hosts

Create a named access list that will prevent access to FastEthernet 0 from the 192.168.14.0
Tel: 5867776-5837968

network. At the configuration prompt type the following command: GAD(config)#ip access-list standard no_access GAD(config-std-nacl)#deny 192.168.14.0 0.0.0.255 GAD(config-std-nacl)#permit any Why is the third statement needed? ____________________________________________

Step 7 Apply the Access list to the interface

At the FastEthernet interface mode prompt type the following: GAD(config-if)#ip access-group no_access in

Were these pings successful? ________________________________________________ Why or why not? __________________________________________________________ Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Tel: 5867776-5837968

Lab-43: VTY Restriction
Objective
Use the access-class and line commands to control telnet access to the router.
Scenario
Company home office in Gadsden (GAD) provides services to branch offices such as Birmingham (BHM) office. Only system with in the local network should be able to telnet to router. To do this standard access-list will be created that will permit users on network the local network to telnet to local router. The access-list will then be applied to the Virtual Terminal (vty) lines.
Step 1 Basic Router Interconnection

Interconnect the routers as shown in the diagram.
Step 2 Basic Configuration

The router may contain configurations from a previous use. For this reason, erase the startup configuration and reload the router to remove any residual configurations. Using the information previously in the tables, setup the router and host configurations and verify reachablilty by pinging all systems and routers from each system. Then telnet from the hosts to both the local router and the remote router.
Step 3 Create the Access List that Represents the Gadsden LAN
The Local Area Network in Gadsden has a network address of 192.168.1.0 /24. To create the access list to permit this use the following commands: GAD(config)#access-list 1 permit 192.168.1.0 0.0.0.255
Step 4 Apply the Access List to Permit Only the Gadsden LAN

Now that the list is created to represent traffic, it needs to be applied to the vty lines. This will restrict any telnet access to the router. While these could be applied separately to each interface, it is easier to apply the list to all vty lines in one statement. This is done by enter the interface mode for all 5 line with the global config command line vty 0 4. For the Gadsden router type: GAD(config)#line vty 0 4 GAD(config-line)#access-class 1 in GAD(config-line)#^Z
Step 5 Test the Restriction

Test the functionality of the ACL by trying to telnet host and verify that is to be permitted or denied as appropriate. [ ] verify that host 1 CAN telnet GAD [ ] verify that host 2 CAN telnet GAD [ ] verify that host 3 CANNOT telnet GAD [ ] verify that host 4 CANNOT telnet GAD
Step 6 Create the Restrictions for Birmingham Router

Repeat the above process to restrict the telnet access to BHM. Thus restriction should allow only hosts in the Birmingham LAN to telnet to BHM Test the functionality of the ACL by trying to telnet host and verify that is to be permitted or denied as appropriate. [ ] verify that host 1 CANNOT telnet BHM [ ] verify that host 2 CANNOT telnet BHM [ ] verify that host 3 CAN telnet BHM [ ] verify that host 4 CAN telnet BHM

As a part of all network management, documentation needs to be created. Capture a copy of the configuration and add additional comments to explain the purpose to ACL code. The file should be saved with other network documentation. The file naming convention should reflect the function of the file and the date of implementation. Once finished, erase the start-up configuration on routers, remove and store the cables and adapter. Also logoff and turn the router off.
Tel: 5867776-5837968

Lab-44: Managing IOS Images with TFTP
Objective
Backup a copy of a router IOS from flash to a TFTP server. Reload the back up IOS software image from a TFTP server into flash on a router.
For recovery purposes it is important to keep backup copies of router IOS images. These can be stored in a central location such as a TFTP server and retrieved if necessary. Cable a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
Step 1 Configure the Gadsden router

Verify the routers configurations by performing a show running-config on each router. If not correct, fix any configuration errors and verify.
Step 2 Configure the workstation

The configuration for the host connected to the Gadsden Router is: IP Address 192.168.14.2 IP subnet mask 255.255.255.0 Default gateway 192.168.14.1
Step 3 Login to the router in user mode

Connect to the Gadsden router and login.
Step 4 Collect information to document the new router

Issue the show version command. What is the current value of the config-register?____0x ______________________________ How much flash memory does this router have? ___________________________________ Is there at least 4mb (4096K) of flash? ____________________ What is the version number of boot ROM? ____________________ Is the boot ROM version 5.2 or later? ____________________
Step 5 Collect more information to document the new router


Issue the show flash command. Is there a file already stored in flash? ___________________________________________ If so, what is the exact name of that file? _________________________________________ How much of flash is available or unused? _______________________________________ Note: If there is a file in flash, it will probably need to be erased before a new one is loaded. That choice will be offered in the copy tftp flash command in a later step. However, it is possible to save a copy of that file with the command copy flash tftp. If there is a possibility of ever having to revert to that software version, follow the instructions in the Copy IOS to TFTP server section.
Step 6 Start and configure the Cisco TFTP Server

Check with the instructor as to the IP address of the Cisco TFTP server.

Ping the TFTP server from the Gadsden router. If the ping fails, review host and router configurations to resolve the problem.
Step 8 Copy IOS to TFTP server

Before copying the files, verify that the TFTP server is running. What is the IP address of the TFTP server? ______________________________________ From the console session, enter show flash. What is the name and length of the Cisco IOS image stored in flash? __________________________________________________________________________ What attributes can be identified from codes in the Cisco IOS filename?
Step 9 Write the configuration

Write the configuration mode commands to specify what the IOS image should be loaded from: Flash: __________________________________________________________________ TFTP server: _____________________________________________________________ ROM: __________________________ Will this be a full IOS image? __________
Step 10 Copy the IOS image to the TFTP server

From the cons ole session in the privileged EXEC mode, enter the copy flash tftp command. At the prompt enter the IP address of the TFTP server: GAD#copy flash tftp
Tel: 5867776-5837968

Source filename []? flash:c1700-y-mz.122-11.T.bin Address or name of remote host []? 192.168.14.2 Destination filename [c1700-y-mz.122-11.T.bin]? y After entering this command and answering the process requests, the student should see the following output on the console. Do not interrupt this process. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 4284648 bytes copied in 34.012 secs (125975 bytes/sec)
Step 11 Verify the transfer to the TFTP server

Check the TFTP server log file by clicking View > Log File. The output should resemble the following output: Mon Sep 16 14:10:08 2002: Receiving c1700-y-mz.122-11.T.bin in binary mode Mon Sep 16 14:11:14 2002: Successful. Verify the flash image size in the TFTP server directory. To locate it, click on View > Options. This will show the TFTP server root directory. It should be similar to the following, unless the default directories were changed: C:\Program Files\Cisco Systems\Cisco TFTP Server Locate this directory using the File Manager. Look at the detail listing of the file. The file length in the show flash command should be the same file size as the file stored on the TFTP server. If the file sizes are not identical, check with the instructor.
Step 12 Copy the IOS image from the TFTP server

Now that the IOS is backed up, the image must be tested and the IOS restored to the router. Verify again that the TFTP server is running, sharing a network with the router, and can be reached. Ping the TFTP server IP address. Record the IP address of the TFTP server. _______________________________________ Copy from the privileged EXEC prompt. GAD#copy tftp flash Address or name of remote host 192.168.14.2 Source filename c1700-y-mz.122-11.T.bin Destination filename [c1700-y-mz.122-11.T.bin]? [Enter] Accessing tftp://192.168.14.2/c1700-y-mz.122-11.T.bin... Erase flash: before copying? [confirm][Enter] Erasing the flash filesystem will remove all files! Continue? [confirm][Enter] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee erased Erase of flash: complete Loading c1700-y-mz.122-11.T.bin from 192.168.14.2 (via FastEthernet0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 4284648 bytes]

Verifying checksum... OK (0x9C8A) 4284648 bytes copied in 26.584 secs (555739 bytes/sec) The router may prompt to erase flash. Will the image fit in available flash? _____________ If the flash is erased, what happened on the router console screen as it was doing so? __________________________________________________________________________ What is the size of the file being loaded? __________________Do not interrupt the process. What happened on the router console screen as the file was being downloaded? __________________________________________________________________________ Was the verification successful? __________________ Was the whole operation successful? __________________
Step 13 Test the restored IOS image

Verify that the router Image is correct. Cycle the router power and observe the startup process to confirm that there were no flash errors. If there are none, then the router IOS should have started correctly. Further verify IOS image in flash by issuing the show version command which will show output similar to: System image file is "flash:c1700-y-mz.122-11.T.bin" Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Tel: 5867776-5837968

Lab-45: Password Recovery Procedures
Objective
Gain access to a router with an unknown privileged mode (enable) pass word.
This lab demonstrates gaining access s to a router with an unknown privileged mode (enable) password. One point to be made here is that anyone with this procedure and access to a console port on a router can change the password and take control of the router. That is why it is of critical importance that routers also have physical security to prevent unauthorized access. Setup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
Step 1 Attempt login to the router

Make the necessary console connections and establish a HyperTerminal session with the router. Attempt to logon to the router using the enable password cisco. The output should look like the following: Router>enable Password: Password: Password: % Bad secrets Router>
Step 2 Document the current config-register setting

At the user EXEC prompt type show version. Record the value displayed for configuration register ___________ . For example 0x2102.
Step 3 Enter the ROM Monitor mode

Turn the router off, wait a few seconds and turn it back on. When the router starts displaying system Bootstrap, Version on the HyperTerminal screen, press the Ctrl key and the Break key together. The router will boot in ROM monitor mode. Depending on the router hardware, one of several prompts such as: "rommon 1 >" or simply _>_ may show.
Step 4 Examine the ROM Monitor mode help

Type ? at the prompt. The output should be similar to this:

rommon 1 >? alias set and display aliases command boot boot up an external process break set/show/clear the breakpoint confreg configuration register utility context display the context of a loaded image dev list the device table dir list files in file system dis display instruction stream help monitor builtin command help history monitor command history meminfo main memory information repeat repeat a monitor command reset system reset set display the monitor variables sysret print out info from last system return tftpdnld tftp image download xmodem x/ymodem image download
Step 5 Change the configuration register setting to boot without loading configuration file
From the ROM Monitor mode, type confreg 0x2142 to change the config-register. rommon 2 >confreg 0x2142
Step 6 Restart Router

From the ROM Monitor mode, type reset or power cycle the router. rommon 2 >reset Due to the new configuration register setting, the router will not load the configuration file. The system prompts: "Would you lik e to enter the initial configuration dialog? [yes]:" Enter no and press Enter.
Step 7 Enter Privileged EXEC mode and change password

Now at the user mode prompt Router> Type enable Press Enter to go to the privileged mode without a password. Use the command copy startup-config running-config to restore the existing configuration. Since the user is already in privileged EXEC no password is needed. Type configure terminal to enter the global configuration mode. In the global configuration mode type enable secret class to change the secret password. While still in the global configuration mode, type config-register xxxxxxx. xxxxxxx is the original configuration register value recorded in Step 2. Press Enter. Use the Ctrl z combination to return to the privileged EXEC mode. Use the copy running-config startup-config command to save the new configuration. Before restarting the router, verify the new configuration setting. From the privileged EXEC prompt, enter the show version command and press Enter.

Verify that the last line of the output reads: Configuration register is 0x2142 (will be 0x2102 at next reload). Use the reload command to restart the router.
Step 8 Verify new password and configuration

When the router reloads the password should be class. Upon completion of the previous steps, logoff by typing exit. Turn the router off.

Enter into the privileged EXEC mode by typing enable. If prompted for a password, enter class. If class does not work, ask the instructor for assistance. Router>enable At the privileged EXEC mode, enter the command erase startup-config. Router#erase startup-config The responding line prompt will be: Erasing the nvram filesystem will remove all files! Continue? [confirm] Press Enter to confirm. The response should be: Erase of nvram: complete Now at the privileged EXEC mode, enter the command reload. Router(config)#reload The responding line prompt will be: System configuration has been modified. Save? [yes/no]: Type n and then press Enter. The responding line prompt will be: Proceed with reload? [confirm] Press Enter to confirm. In the first line of the response will be: Reload requested by console. After the router has reloaded the line prompt will be: Would you like to enter the initial configuration dialog? [yes/no]: Type n and then press Enter. The responding line prompt will be: Press RETURN to get started! Press Enter. The router is ready for the assigned lab to be performed.
Tel: 5867776-5837968

Lab-46: Troubleshooting Configuration Register Boot Problems
Objective
Check and document the configuration register settings related to boot method. Configure the router to boot using the configuration file in NVRAM and reload the router.
Setup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
Step 1 Login to the router

Connect to the router and login.
Step 2 Configure the router name and configuration register setting

Enter the following commands: Router>enable Router#configure terminal Router(config)#hostname GAD GAD(config)#config-register 0x2142 GAD(config)#exit
Step 3 Save the existing running-config to the startup-config

At the privileged EXEC command prompt enter: GAD#copy running-config startup-config Destination filename [startup-config]?[Enter]
Step 4 Restart the router

At the privileged EXEC command prompt enter: GAD#reload Proceed with reload? [confirm][Enter] This will save the current blank configuration and reload the router. After the reload the router will respond with: --- System Configuration Dialog --Join NETS Be The Best 141
Tel: 5867776-5837968

Would you like to enter the initial configuration dialog? [yes/no]:n Type n and press Enter.
Step 5 View the running configuration file

Enter show running-config at the privileged EXEC mode prompt. The router will display information on the running configuration file stored in RAM. Is the configuration that was just entered shown? __________________________________
Step 6 Reload the saved configuration

At the privileged EXEC command prompt enter: Router#copy startup-config running-config Destination filename [running-config]?[Enter]
Step 7 Display IOS version and other important information

Enter show version command at the router prompt. The router will return information about the IOS that is running in RAM. Once the command is entered, notice that at the end of the output shows a configuration register setting of 0x2142. This is the problem. This configuration register setting is set to boot up in the password recovery mode. This is why the configuration saved to NVRAM is not showing.
Step 8 Change the config-register to boot from NVRAM, save, and reload the router
Enter global configuration mode and enter the following commands: Router>enable GAD#configure terminal GAD(config)#config-register 0x2102 GAD(config)#exit GAD#copy running-config startup-config Destination filename [startup-config]?[Enter] GAD#reload Proceed with reload? [confirm][Enter]
Step 9 Verify the configuration register setting

Once the router has rebooted, it should boot from NVRAM. Verify this by issuing the command, show version. GAD#show version The results will be shown. You should be able to see the config-register 0x2102. Upon completion of the previous steps, logoff by typing exit. Turn the router off.

Enter into the privileged EXEC mode by typing enable. If prompted for a password, enter class. If assistance. Router>enable At the privileged EXEC mode, enter the command erase startup-config. Router#erase startup-config The responding line prompt will be: Erasing the nvram filesystem will remove all files! Continue? [confirm] Press Enter to confirm. The response should be: Erase of nvram: complete
lass_ does not work, ask the instructor for

Now at the privileged EXEC mode, enter the command reload. Router(config)#reload The responding line prompt will be: System configuration has been modified. Save? [yes/no]: Type n and then press Enter. The responding line prompt will be: Proceed with reload? [confirm] Press Enter to confirm. In the first line of the response will be: Reload requested by console. After the router has reloaded the line prompt will be: Would you like to enter the initial configuration dialog? [yes/no]: Type n and then press Enter. The responding line prompt will be: Press RETURN to get started! Press Enter.
Tel: 5867776-5837968

Lab-47: Configuring NAT
Objective
Configure a router to use network address translation (NAT) to convert internal IP addresses, typically private addresses, into outside public addresses.
An ISP has allocated a company the public classless interdomain routing (CIDR) IP address 199.99.9.32/27. This is equivalent to 30 public IP addresses. Since the company has an internal requirement for more than 30 addresses, the IT manager has decided to implement NAT. The addresses 199.99.9.33 199.99.9.39 for static allocation and 199.99.9.40 199.99.9.62 for dynamic allocation. Routing will be done between the ISP and the gateway router used by the company. A static route will be used between the ISP and gateway router and a default route will be used between the gateway router and the ISP. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.

Configure all of the following according to the chart: The hostname / The console The virtual terminal The enable passwords The interfaces

Step 3 Configure the hosts with the proper IP address, subnet mask, and default gateway

Each workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a s pecific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher, check using ipconfig in a DOS window.
Step 4 Verify that the network is functioning

From the attached hosts, pings the FastEthernet interface of the default gateway router. Was the ping from the first host successful? ________________________________ Was the ping from the second host successful? ______________________________ If the answer is no for either question, troubleshoot the router and host configurations to find the error. Then ping again until they both are successful.

Create a static route from the ISP to the Gateway router. Addresses 199.99.9.32/27 have been allocated for Internet access outside of the company. Use the ip route command to create the static route. ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18 Is the static route in the routing table? What command checks the routing table contents? If the route was not in the routing table, give one reason why this might be so ?

Add a default route, using the ip route command, from the Gateway router to the ISP router. This will forward any unknown destination address traffic to the ISP. Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17
Step 7 Define the pool of usable public IP addresses

To define the pool of public addresses, use the ip nat pool command: Gateway(config)#ip nat pool public-access 199.99.9.40 199.99.9.62 netmask 255.255.255.224
Step 8 Define an access list that will match the inside private IP addresses
To define the access list to match the inside private addresses, use the access list command: Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255
Step 9 Define the NAT translation from inside list to outside pool
To define the NAT translation, use the ip nat inside source command: Gateway(config)#ip nat inside source list 1 pool public-access
Step 10 Specify the interfaces

The active interfaces on the router, need to be specified as either inside or outside interfaces with respect to NAT. To do this, use the ip nat inside or ip nat outside command: Gateway(config)#interface fastethernet 0 Gateway(config-if)#ip nat inside Gateway(config-if)#interface serial 0 Gateway(config-if)#ip nat outside
Step 11 Testing the configuration

Configure a workstation on the internal LAN with the IP address 10.10.10.10/24 and a default gateway 10.10.10.1. From the PC, ping 172.16.1.1. If successful, look at the NAT translation on the Gateway router, using the command show ip nat translations. What is the translation of the inside local host addresses? The inside global address is assigned by?

The inside local address is assigned by? Upon completion of the previous steps finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter
Configuration reference sheet

This sheet contains the basic configuration commands for the ISP and Gateway routers: ISP Router#configure terminal Router(config)#hostname ISP ISP(config)#enable password cisco ISP(config)#enable secret class ISP(config)#line console 0 ISP(config-line)#password cisco ISP(config-line)#login ISP(config-line)#exit ISP(config)#line vty 0 4 ISP(config-line)#password cisco ISP(config-line)#login ISP(config-line)#exit ISP(config)#interface loopback 0 ISP(config-if)#ip add 172.16.1.1 255.255.255.255 ISP(config-if)#no shutdown ISP(config-if)#exit ISP(config)#interface serial 0 ISP(config-if)#ip add 200.2.2.17 255.255.255.252 ISP(config-if)#no shutdown ISP(config-if)#clockrate 64000 ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18 ISP(config)#end ISP#copy running-config startup-config Destination filename [startup-config]?[Enter] Gateway Router#configure terminal Router(config)#hostname Gateway Gateway(config)#enable password cisco Gateway(config)#enable secret class Gateway(config)#line console 0 Gateway(config-line)#password cisco Gateway(config-line)#login Gateway(config-line)#exit Gateway(config)#line vty 0 4 Gateway(config-line)#password cisco Gateway(config-line)#login Gateway(config-line)#exit

Gateway(config)#fastethernet 0 Gateway(config-if)#ip add 10.10.10.1 255.255.255.0 Gateway(config-if)#no shutdown Gateway(config-if)#exit Gateway(config)#interface serial 0 Gateway(config-if)#ip add 200.2.2.18 255.255.255.252 Gateway(config-if)#no shutdown Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17
Tel: 5867776-5837968

Lab-48: Configuring PAT
Objective
Configure a router to use Port Address Trans lation (PAT) to convert internal IP addresses, typically private addresses, into an outside public address.
Aidan McDonald has just received a DSL line Internet connection to a local ISP in his home. The ISP has allocated only one IP address to be used on the serial port of his remote access device. Thus all PCs on Aidans LAN, each with its own private IP address, will share one public IP address on the router using PAT. Routing from the home or gateway router to the ISP will be done by using a default route to Serial 0 of the Gateway router. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Start a HyperTerminal session.


Step 3 Configure hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a s pecific IP address and default gateway. If running Windows 98, check using Start > Run >
Tel: 5867776-5837968

winipcfg. If running Windows 2000 or higher, check using ipconfig in a DOS window.

From the attached hosts, ping the FastEthernet interface of the default gateway router. Was the ping from the first host successful? _____________ Was the ping from the second host successful? _____________ If the answer is no for either question, troubleshoot the router and host configurations to find the error. Then ping again until they both are successful.

Add a default route to the serial 0 interface of the gateway router. This will forward any unknown destination address traffic to the ISP. Use the ip route command to create the default route: Gateway(config)#ip route 0.0.0.0 0.0.0.0 serial 0 Is the route in the routing table? _______________________________________________ Try to ping from one of the workstations to the ISP serial interface IP address. Was the ping suc cessful? ____________________________________________________ Why? __________________________________________________________________ What command checks the routing table contents? _________________________________
Step 7 Define the PAT translation from inside list to outside address
To define the PAT translation, use the ip nat inside source command. This command with the overload option will create port address translation using the serial 0 IP address as the base: Gateway(config)#ip nat inside source list 1 interface serial 0 overload

The active interfaces on the router need to be specified as either inside or outs ide interfaces with respect to PAT. To do this, use the ip nat inside or ip nat outside command: Gateway(config)#interface fastethernet 0 Gateway(config-if)#ip nat inside Gateway(config-if)#interface serial 0 Gateway(config-if)#ip nat outside

Configure a PC on the internal LAN with the IP address 10.10.10.10/24 and a default gateway 10.10.10.1. From the PCs, ping the Internet address 172.16.1.1. If succ essful, Telnet to the same IP address. Then look at the PAT translation on the gateway router, using the command show ip nat translations. What is the translation of the inside local host addresses ? What does the number after the colon represent? Why do all of the commands for PAT say NAT? Upon completion of the previous steps finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter

This sheet contains the basic configuration commands for the ISP and Gateway routers: ISP

Router#configure terminal Router(config)#hostname ISP ISP(config)#enable password cisco ISP(config)#enable secret class ISP(config)#line console 0 ISP(config-line)#password cisco ISP(config-line)#login ISP(config-line)#exit ISP(config)#line vty 0 4 ISP(config-line)#password cisco ISP(config-line)#login ISP(config-line)#exit ISP(config)#interface loopback 0 ISP(config-if)#ip address 172.16.1.1 255.255.255.255 ISP(config-if)#no shutdown ISP(config-if)#exit ISP(config)#interface serial 0 ISP(config-if)#ip address 200.2.2.17 255.255.255.252 ISP(config-if)#no shutdown ISP(config-if)#clockrate 64000 ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18 ISP(config)#end ISP#copy running-config startup-config Gateway Router#configure terminal Router(config)#hostname Gateway Gateway(config)#enable password cisco Gateway(config)#enable secret class Gateway(config)#line console 0 Gateway(config-line)#password cisco Gateway(config-line)#login Gateway(config-line)#exit Gateway(config)#line vty 0 4 Gateway(config-line)#password cisco Gateway(config-line)#login Gateway(config-line)#exit Gateway(config)#interface fastethernet 0 Gateway(config-if)#ip address 10.10.10.1 255.255.255.0 Gateway(config-if)#no shutdown Gateway(config-if)#exit Gateway(config)#interface serial 0 Gateway(config-if)#ip address 200.2.2.18 255.255.255.252 Gateway(config-if)#no shutdown Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17
Tel: 5867776-5837968

Lab-49: Troubleshooting NAT and PAT
Objective
Configure a router for Network Address Translation (NAT) and Port Address Translation (PAT) Troubleshoot NAT and PAT using debug
The ISP has allocated a company the public CIDR IP address 199.99.9.32/30. This is equivalent to four public IP addresses. Since the company has an internal requirement for more than 30 addresses, the IT manager has decided to use NAT with PAT. Routing between the ISP and the gateway router is done using a static route between the ISP and the gateway, and a default route between the gateway and the ISP. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.


Step 3 Configure hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher check using ipconfig in a DOS window.


From the attached hosts, ping the FastEthernet interface of the default gateway router. Was the ping from the first host successful? _____________ Was the ping from the second host successful? _____________ If the answer is no for either question, troubleshoot the router and host configurations to find the error. Then ping again until they both are successful.

Create a static route from the ISP to the Gateway router. Addresses 199.99.9.32/27 have been allocated for Internet access outside of the company. Use the ip route command to create the static route: ISP(config)#ip route 199.99.9.32 255.255.224.0 200.2.2.18 Is the static route in the routing table? ___________________________________________ What command checks the routing table contents? _________________________________ If the route was not in the routing table, give one reason why this might be so?

Add a default route, using the ip route command, from the Gateway router to the ISP router. This will forward any unknown destination address traffic to the ISP: Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17 Is the static route in the routing table? ___________________________________________ Try to ping from one of the workstations to the ISP serial interface IP address. Was the ping successful? ____________________________________________________ Why? __________________________________________________________________
Step 7 Define the pool of usable public IP addresses

To define the pool of public addresses, use the ip nat pool command: Gateway(config)#ip nat pool public-access 199.99.9.32 199.99.9.35 netmask 255.255.255.252
Step 9 Define the NAT translation from inside list to outside pool
To define the NAT translation, use the ip nat inside source command: Gateway(config)#ip nat inside source list 1 pool public-access overload

On the active interfaces on the router, it needs to be specified as either inside or outside interfaces with respect to NAT. To do this, use the ip nat inside command: Gateway(config)#interface fastethernet 0 Gateway(config-if)#ip nat inside

Turn on debugging for NAT process by typing debug ip nat at the privileged EXEC mode prompt. Does the debug command show any output? _____________________________________ If translation were taking place there would be output from the debug command. While reviewing the running configuration of the gateway router, it is seen that the ip nat outside statement has not been entered on the serial 0 interface. To configure this enter the following: Gateway(config)#interface serial 0 Gateway(config-if)#ip nat outside

From the work stations, ping 172.16.1.1 If the ip nat outside statement was entered correctly there should be output from the debug ip nat command. What does the NAT*: S=10.10.10.? -> 199.99.9.33 mean? To stop the debug output, type undebug all at the privileged EXEC mode prompt. Upon completion of the previous steps finish the lab by doing the following: Logoff by typing exit Turn the router off Remove and store the cables and adapter

This sheet contains the basic configuration commands for the ISP and Gateway routers: ISP Router#configure terminal Router(config)#hostname ISP ISP(config)#enable password cisco ISP(config)#enable secret class ISP(config)#line console 0 ISP(config-line)#password cisco ISP(config-line)#login ISP(config-line)#exit ISP(config)#line vty 0 4 ISP(config-line)#password cisco ISP(config-line)#login ISP(config-line)#exit ISP(config)#interface loopback 0 ISP(config-if)#ip add 172.16.1.1 255.255.255.255 ISP(config-if)#no shutdown ISP(config-if)#exit ISP(config)#interface serial 0 ISP(config-if)#ip add 200.2.2.17 255.255.255.252 ISP(config-if)#no shutdown ISP(config-if)#clockrate 64000 ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18 ISP(config)#end ISP#copy running-config startup-config Destination filename [startup-config]?[Enter] Gateway Router#configure terminal Router(config)#hostname Gateway Gateway(config)#enable password cisco Gateway(config)#enable secret class Gateway(config)#line console 0 Gateway(config-line)#password cisco Gateway(config-line)#login Gateway(config-line)#exit

Gateway(config)#line vty 0 4 Gateway(config-line)#password cisco Gateway(config-line)#login Gateway(config-line)#exit Gateway(config)#interface fastethernet 0 Gateway(config-if)#ip add 10.10.10.1 255.255.255.0 Gateway(config-if)#no shutdown Gateway(config-if)#exit Gateway(config)#interface serial 0 Gateway(config-if)#ip add 200.2.2.18 255.255.255.252 Gateway(config-if)#no shutdown Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17
Tel: 5867776-5837968

CCNA-Practicals NETS Final

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CCNA-Practicals NETS Final

Hochgeladen von

Copyright:

Verfügbare Formate

CISCO Certified Network Associate CCNA-PRACTICAL LABS

A Name in Career Building

Lab-1: Basic Switch Configuration

Step 1 Enter privileged mode

Step 2 Examine the current switch configuration

CISCO Certified Network Associate CCNA-PRACTICAL LABS

Step 3 Assign a name to the switch

Step 4 Examine the current running configuration

Step 5 Set the access passwords (1900: Skip to Step 6)

Step 6 Set the command mode passwords

Step 7 Configure the layer 3 access to the switch

CISCO Certified Network Associate CCNA-PRACTICAL LABS

ALSwitch(config)#ip default-gateway 192.168.1.1 ALSwitch(config)#exit 1900: ALSwitch(config)#ip default-gateway 192.168.1.1 ALSwitch(config)#exit

Step 9 Save the configuration

Step 11 Exit the switch

National Engineers Training Services (NETS)

Join NETS Be The Best 3

CISCO Certified Network Associate CCNA-PRACTICAL LABS

Lab-2: Configuring Message-Of-The-Day (MOTD)

Step 1 Configure basic router information

Step 2 Enter Global Configuration mode

Step 3 Display help for the banner motd command

Step 4 Choose a description for the interface

Step 5 Enter the desired banner message

CISCO Certified Network Associate CCNA-PRACTICAL LABS

Step 6 Test the MOTD display

Step 7 Verify the MOTD by looking at the router configuration

Erasing and reloading the router

National Engineers Training Services (NETS)

Join NETS Be The Best 5

CISCO Certified Network Associate CCNA-PRACTICAL LABS

Lab-3: Configuring Static VLANs

Step 1 Configure the switch

Step 2 Configure the hosts attached to the switch

Step 3 Verify connectivity

Step 4 Show the IOS version

National Engineers Training Services (NETS)

CISCO Certified Network Associate CCNA-PRACTICAL LABS

Step 5 Display the VLAN interface information

Step 6 Create and name two VLANs

Step 7 Display the VLAN interface information

Step 8 Assign ports to VLAN 2

CISCO Certified Network Associate CCNA-PRACTICAL LABS

Step 9 Display the VLAN interface information

Step 10 Assign a port to VLAN 3

Step 11 Look at the VLAN interface information

Step 12 Look at only VLAN2 information

National Engineers Training Services (NETS)

Join NETS Be The Best 8

CISCO Certified Network Associate CCNA-PRACTICAL LABS

Lab-4: Verifying VLAN Configurations

Step 1 Configure the switch

Step 2 Configure the hosts attached to the switch

Step 3 Verify connectivity

Step 4 Display the VLAN interface information

Step 5 Create and name two VLANs

National Engineers Training Services (NETS)

CISCO Certified Network Associate CCNA-PRACTICAL LABS

Step 6 Assign ports to VLAN 2

Step7 Display the VLAN interface information

Step 8 Asign ports 7, 8, and 9 to VLAN 3

CISCO Certified Network Associate CCNA-PRACTICAL LABS

Step 9 Display the VLAN interface information