You are on page 1of 28

CCNA Labs

Cisco Icons and Symbols

DSP
Switch Router Access Server

Multilayer Switch

Digital Signal Processor

Personal Computer

File Server Cisco CallManager Server

Cisco IP Phone

Voice Gateway Router

WAN Cloud

VLAN or Cluster (Color May Vary)

PBX

PSTN Cloud

Ethernet

Fast Ethernet

Serial Line

Circuit-Switched Line
2

Cisco Icons and Symbols

Im

po

rt

10

0: 10

Metro Network DWDM/SONET/Ethernet

LabS2- Basic Router Configuration


172.16.X.0/24 RA RA:+1 RB:+2 RC:+3 RD:+4 RE:+5 RF:+6 Lab1, Lab2:Y=6 Lab3: Y=8 S0/0 1 S0/1 RB S0/0 F0/0 .11 2 S0/1 F0/0 .12 RC S0/0 3 S0/1 F0/0 .13 RD S0/0 4 S0/1 F0/0 .14 RE S0/0 5 S0/1 F0/0 .15 RF

F0/0 .10

10.0.Y.0/24 SW1

Lab-SW

TFTP Server

Objectives:
In this lab, students configure some basic router settings: 1. Router name. 2. Router passwords:console, vty, enable password, perform password encryption. 3. Serial interfaces, FastEthernet interfaces. 4. Interface description. 5. Login banners. 6. Host name resolution. 7. Using Router show commands. 8. Making configuration changes. 9. Backing up configuration files, IOS on TFTP servers. 10. Capture the configuration . 11. Verifying and Troubleshooting: show, telnet, ping, traceroute
4

LabS2- Managing Cisco IOS Software


Network:10.0.Y.0/24 Lab1, Lab2:Y=6 Lab3: Y=8
RA RB RC

F0/0 .10

F0/0 .11

F0/0 .12

LAB-SW

RD

F0/0 .13 RE

F0/0 .14

F0/0 .15

RF

TFTP Server

Objectives: 1. Using the boot system command 2. Configuration Register 3. Managing configuration files using TFTP 4. Managing configuration files using copy and paste 5. Managing IOS images using TFTP 6. Download using TFTP from ROMmon 7. Password Recovery 8. Verifying and Troubleshooting: show, telnet, ping, traceroute
5

LabS3-RIP-OSPF-EIGRP
Default route1: 20.0.0.0/24

Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7

OFF1

GATE1
3

RIP ver2 174.18.X.0/24

key-id=1 key-string=green123" mode MD5 level 7 OSPF, 172.16.X.0/24

SW1

Default route2: 30.0.0.0/24

BORDER GATE2
4 5

Objectives: 1. Configuring RIP ver2, EIGRP, OSPF routing protocols 2. Propagating a default route (use one and only): 1. Default route 1 2. Default route 2 3. Default route 3 3. Redistrbute RIP, OSPF, EIGRP routes 4. Enable MD5 authentication 5. Verifying and Troubleshooting

EIGRP 88, 173.17.X.0/24

Key=2 key-string=blue123" mode MD5 OFF2

SW2 OFF3
8 9 7

GATE3

Default route3: 40.0.0.0/24

LabS2b-RIP-EIGRP-OSPF
EIGRP 22, 122.22.X.0/24
1

OSPF authentication: key-id=1 password=red123 MD5 level 7 RIP authentication: key=2 key-string=blue123 MD5 EIGRP authentication: key=3 key-string=green123 MD5 Objectives: 1. Propagate the default route (use one and only): Default route 1 or Default route 2 or Default route 3 2. OFF router: Disable routing protocol 3. GATE1: configure and redistribute static routes to 16,17,18 subnets

Default route2: 2.0.0.0/24


3

GATE2
6 2

BR2

Default route1: 1.0.0.0/24

Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7

CENTER OSPF, 133.33.X.0/24 EIGRP 55, 155.55.X.0/24


7

GATE1
13 14

RIP ver2 144.44.0/24

15

Disable routing protocol

Default route3: 3.0.0.0/24

18

17

BR3
8 12

OFF
16

GATE3
10 11

OSPF, 166.66.X.0/24

(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
7

LabS2-OpenLab2
OSPF, 177.77.X.0/24 key-id=1 password=green123" MD5 GATE1

Default route1: 1.1.1.0/24


4

2 1

BR1
5

Default route2: 2.2.2.0/24


6

Objectives: 1. Propagate the default route (use one and only): Default route 1 or Default route 2 or Default route 3 2. Redistrbute RIP, OSPF, EIGRP routes 3. Enable MD5 authentication

EIGRP 88, 155.55.X.0/24 Key=4 Key-string=cyan123" MD5


7

BR2

8 9

GATE2
10 11

15

RIP ver2 122.22.X.0/24


14

OSPF, 133.33.X.0/24 key-id=3 password=red123" MD5


16

BR3
12

Key=2 Key-string=blue123" MD5

GATE3
13

Default route3: 3.3.3.0/24

(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }

Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7

LabS2- RIPv2-EIGRP-OSPF
2 5

Ext LANs 172.0.0.0/16 172.255.0.0/16

SITE1 S0/0
1 4

BR1
6

S0/1
3

S0/0
7

Default route: 200.200.200.0/24 GATE

EIGRP AS=44, 144.44.X.0/24


Ext LANs 173.0.0.0/16 173.255.0.0/16 SITE2 F0/1
19 18

S0/1

F0/0
SW2

F0/1 SW1

F0/0
9

RIPver2, 133.33.X.0/24

S0/0
11

BR2

10

EIGRP AS=55, 155.55.X.0/24


15

OSPF 122.22.X.0/24

Ext LANs 174.0.0.0/16 174.255.0.0/16

S0/1
14 16

BR3
12

S0/1 SITE3
17

S0/0

13

Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7

(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
9

LabS3-Switch Configuration
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 Sw1:+8 Sw2:+9 Sw3:+10
RIP ver2 172.16.X.0/24 PC11 PC12

TFTP Server1

SW1
3

GATE2 TFTP Server2


1 2

Objectives: 1. Configuring RIP routing protocol 2. Resetting the switch defaults 3. Assigning the switch host name and password 4. Assigning the switch IP address and Default gateway 5. Enabling HTTP service and port on all switchs 6. Configuring static MAC addresses 7. Configuring port security 8. Back up the IOS to a local TFTP server 9. Password recovery (reference: CCNA3_lab_6_2_8_en.pdf ) 10. Verifying and Troubleshooting: show, debug, ping, traceroute, telnet on switchs: debug ip packet, debug ip icmp, show macaddress-table, show arp, clear mac-address-table dynamic ...

GATE1

SW2 SW3

PC21

PC22

PC23

PC24

10

LabS4-NAT-DHCP-PPP
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7

OSPF Key-id=1 Pass=student MD5 level 7 ISP1

4
SW1

5
ISP2

6
ISP3 200.0.X.0/24 CHAP 3 USER2 NAT DHCP NAT DHCP 200.0.X.0/24

CHAP 1

CHAP 2

USER1
NAT DHCP

USER3

172.16.X.0/24

Objectives: 1. Configuring OSPF routing protocol in ISP area 2. Configuring PPP-Multilink, CHAP (one-way), NAT, DHCP, ACLs 3. Verifying and Troubleshooting
11

LabS4-NAT-DHCP-PPP-VLANs
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7
NAT CHAP USER1 1 4 CHAP 2 CHAP 5 3 172.16.X.0/24 DNS server 192.168.2.1

Lab1:Y=6 Lab2:Y=6 Lab3:Y=8

ISP1

ISP2

ISP3 10.0.Y.0/24

USER2

USER3

NAT DHCP

192.168.X.0/24
6 VLAN2 T VLAN3 7 SW1 (Server) T

Objectives: 1. Configuring OSPF routing protocol in user area 2. Configuring PPP, CHAP (bidirection), NAT, DHCP, ACLs 3. Configuring Vlans, VTP 4. Verifying and Troubleshooting: all PCs can access Internet

OSPF Key-id=1 Pass=student MD5 level 7

SW2 (Client) VTP ver2 Domain: bkacad Pass=redblue Vlan2: Technical Vlan3: Admin

SW3 (Client)

12

Open Lab 1
DNS Server WEB Server1 (www.cisco.com) TFTP Server Switch3 LAN3 Loopback3 WAN F0/1 Router1 S0/1 F0/0 Switch4 Router2 S0/0 F0/1 LAN5 Loopback6 Loopback7 LAN6 LAN7 WEB Server2 (www.yahoo.com)

LAN4

LAN2 Loopback2 DHCP Server1 PC1 LAN1

F0/0
DHCP Server2 PC4 LAN8

Switch1

Switch2

PC2

PC3

13

NS2 Skill Practice


100

HUB SP1
+CA +EzVPN server for mobile users
3

+DHCP server +EzVPN server for SP2

SP5
+EzVPN server for mobile users
5

ISP

SP2
+EzVPN client
2

SP4
+EzVPN server for mobile users
4

100

SP3
+DHCP client

Mobile users
3

14

NS1- OpenLab1
Network address 1: 10.0.0.0/24 2,7: 172.16.0.0/24 3,4,5,6: X.0.0.0/24

ISP Outside User

RIP ver2 Outside Network 192.168.131.0/24 3 WEB FTP

SW-2950 F0/0 GATE1 F0/1 SW-2950 4 5 GATE2 6 F0/1 SW-2950 E0 AAA Server PIX1 T E1 E1 SW-2950 INSIDE1 1 INSIDE2 PIX2 T E2 SW-3550 TECH2 WEB FTP F0/0

DMZ1
E2 SW-3550 TECH1

E0

DMZ2

Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM Configure 802.1X on SW-2950 for Inside users. Inside users can access to DMZ, Internet. Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts. Tech networks can access into together.
15

NS1- OpenLab2
Network address 1: 10.0.0.0/24 2,7: 172.16.0.0/24 3,4,5,6: X.0.0.0/24

ISP Outside User

RIP ver2 Outside Network 192.168.131.0/24 3 WEB FTP

SW-2950 F0/0 GATE1 F0/1 SW-2950 4 5 GATE2 6 F0/1 SW-2950 E0 AAA Server PIX1 T E1 E1 SW-2950 INSIDE1 1 INSIDE2 PIX2 T E2 SW-3550 TECH2 WEB FTP F0/0

DMZ1
E2 SW-3550 TECH1

E0

DMZ2

Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM Configure 802.1X on SW-2950 for Inside users. Inside users can access to DMZ, Internet. Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts. Tech networks can access into together.
16

NS1- OpenLab2
Network address 1,2,3,4,12: 10.0.X.0/24 5: 100.0.0.0/24 6,7,8,9: 200.0.X.0/24 10,11: 172.16.0.0/24
F0/0 BKACAD network 192.168.131.0/24 WEB FTP GATE1 F0/1 SW-3550 E0 SW-2950 E2 5 DMZ1 E1 Outside User SITE1 SITE2 F0/1.1 F0/1.2 ENG1 F0/1.2 ENG2 F0/1.1 F0/0
10

Lab-SW

SW-2950 F0/0 GATE2 F0/1 SW-3550 SW-2950


11

9 E0

WEB

FTP

F0/0 Outside User SITE3 SITE4

E2 E1 DMZ4

SW-2950
12

SW-2950 INSIDE1 1 INSIDE2 2 AAA Server INSIDE3 3 INSIDE4 4

Basic configurations: NAT, ACL, Object-group, Vlan, Trunking, Routing Outside user can access to the devices by SSH Inside user can access to the devices by Telnet, SDM or ASDM Outside user can access to DMZ servers Eng1 and Eng2 can access into together

Enable Authentication-Proxy, Cut-through Configure FTP, HTTP Inspection Mitigate layer 2 attack

17

LabS2- RIP version1


WEB (www.bkacad.com)
2

DNS

ISP
1

TFTP

GATE

3 8

SITE3
5

7 6

PC1

Tasks: Basic Router configuration: Hostname Passwords Banner Message Descriptions Host Table disable the Name Service Logging Synchronous 200.200.X.0/24 Basic RIPv1 configuration : Enable RIP RIP Passive interfaces 172.16.X.0/24 Configure and propagate the default route Create and redistribute the static route SITE1 Configuring the Servers, PCs Backing up configuration files on the TFTP server 4 Verifying and Troubleshooting: Show SITE2 Telnet Ping Traceroute, Tracert External LAN Debug 30.30.30.0/24
18

SITE1:+1 SITE2:+2 SITE3:+3 GATE:+4 ISP:+5

RIP version1
10.0.0.1/16 10.1.0.1/16 10.0.0.2/24 10.2.0.1/16

19

LabS2- OpenLab1
Default Route 200.200.200.0/24

Key=3 Key-string=cyan123" MD5

EIGRP 55 155.55.X.0/24

OSPF 133.33.X.0/24
8

HaiBaTrung
9 10

RIP ver2 177.77.X.0/24

Key=2 Key-string=blue123" MD5

6 5

16

18

TayHo
1 4 3

(DR)

CauGiay
20

HoanKiem

SW1

BaDinh

17 19

Ext LANs 172.0.0.0/16 172.127.0.0/16 password=green123" clear text

(BDR)
11 12

key-id=1 password=green123" MD5

Ext LANs 172.128.0.0/16 172.255.0.0/16

ThanhXuan
13

HaTay
15 14

Backup Route 100.100.100.0/24 (HaTay only)

Ext LANs 192.168.0.0/24 192.168.255.0/24

(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU } 20

LabS4-Load Balancing
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 Lab1,2:Y=6 Lab3:Y=8 Lab4,5:Y=4 Lab6:Y=5
SW-A

Lab-SW

10.0.Y.0/24
NAT/PAT FPT F0/0
4 5

VNN

F0/0 F0/0

VIETTEL

200.0.X.0/24
PAP NAT/PAT RIP ver2

CHAP

PAP

CHAP

PAP

CHAP

F0/0 MD1
2

MD2
3

F0/0 F0/0
4

MD3

172.16.X.0/24

Vlan2 Vlan3 Tasks: SW-B Multilink: use interface Multilink T F0/0 DHCP Load Balancing: enable Process Switching GATE DHCP RIP ver2: F0/1 5 Vlan4 MD1, MD2, MD3, GATE GATE: propagate subnets 172.16.X.0/24 only Change RIP timer SW-C distribute-list command: (config-router)# distribute-list {access-list} { in | out } [ interface ] Adjust static route: (config)# ip route static adjust-time {seconds} 21

LabS3- STP
Lab-SW

Tasks: Configuring VTP: VTP ver2 VTP domain: ccna VTP password: cisco123 SW1: server; SW2,SW3: clients Vlan10: teacher Vlan20: student Vlan30: admin Vlan99: management; 10.0.X.0/24 Configuring STP: SW1: root bridge PortFast UplinkFast BackboneFast Troubleshooting: show, debug

F0/9

SW1
F0/3

F0/1

F0/4 F0/2

T
F0/1 F0/2 F0/5 F0/5 F0/4

T
F0/3

SW3
F0/10 F0/6 F0/6

SW2 T
F0/10

22

LabS3- OpenLab1

VTP: Ver 2 Default route: Domain: ccna 200.200.200.0/24 Password: 1234 SW1: server; SW2,SW3: client 1 VLANs: Vlan20: teacher; 144.44.20.0/24 Vlan30: student; 144.44.30.0/24 Vlan99: management; 144.44.99.0/24 OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7 RIPv2 Authentication: key=2 key-string=blue123 MD5 EIGRP Authentication: key=3 key-string=red123 MD5

GATE 2 S0/0 3 S0/1 BR F0/0 20

RIP ver2 133.33.X..0/24 OSPF 144.44.X..0/24

Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 SW1:+8


13 SITE2

EIGRP,66 166.66.X..0/24
SITE1
10

SW1 (Server)

T
F0/0 S0/0 S0/1 11

T
F0/0 SITE3 S0/0 S0/1 8 5

EIGRP,55 155.55.X..0/24

SW3 (Client)

SW2 (Client)

30

SITE4 6

SW2:+9 SW3:+10
12 7

23

LabS3- OpenLab2
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 SW1:+8 SW2:+9 SW3:+10 SITE2
40

Default route: 200.200.200.0/24


1

GATE
2 10

SITE1
4

3 T

SW1 (server)
20

5
6

30

BR1

WLAN Local IP:172.16.0.0/24 DNS: 203.162.0.181 210.245.0.11 Mode: Mixed SSID: CCNA Channel: 11 Authentication: Auto Encryption: WPA2 Access Restriction: - deny access to www.bbc.com website - deny Telnet traffics VLANs Vlan10: technic AP Vlan20: staff Vlan30: admin RIP ver2 133.33.X.0/24 VTP ver2 domain name: BKACAD password: cisco VLANs Vlan40: teacher Vlan50: student

OSPF 155.55.X.0/24 SW3 (client)


50

SW2 (server)

OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7 RIPv2 Authentication: key=2 key-string=blue123 MD5 EIGRP Authentication: key=3 key-string=red123 MD5

BR2
9

EIGRP, AS=77 177.77.X.0/24

10

11

SITE3
12

24

LabS3- OpenLab4
ftp://121.100.48.11 WLAN Username:cisco Local IP:172.16.0.0/24 Password: sadikhov DNS: 203.162.0.181 Default route: Lab-SW 208.67.222.222 192.168.X.0/24 Mode: Mixed SSID: CCNA GATE Channel: 11 Authentication: Auto 5 6 Encryption: WPA Access Restrictions: - deny access to www.24h.com website SITE1 SITE2 - deny Telnet, FTP traffics 50 10 20 40 VLANs T Vlan10: student; 144.44.10.0/24 Vlan20: teacher; 144.44.20.0/24 SW1 SW2 Vlan30: sale; 144.44.30.0/24 (client) T (client) T Vlan99: management; 144.44.99.0/24 VTP ver2 SW3 Domain name: STUDENT 30 T (server) Password: cisco123 SW1: server; SW2,SW3: client BR STP SW1: the primary root for Vlan10 3 the secondary root for Vlan20 SW2: the primary root for Vlan20 2 4 the secondary root for Vlan30 SW3: the primary root for Vlan30 BackboneFast, UplinkFast, PortFast, udld, BPDU Guard SITE3
1

NAT/PAT (Configure by Instructor)


EIGRP, AS=33

133.33.X.0/24 key=1 key-string=blue123 MD5

OSPF 144.44.X.0/24 key-id=2 password=red123 MD5

RIP ver2 155.55.X.0/24 key=3 key-string=cyan123 MD5

25

LabS4- PAP - CHAP


Subnet address: 172.16.X.0/24 Authentication password: 0101X; X=[1,3,5,7,9]
CHAP 5 PAP S0/1 SITE4 S0/0 PAP 7 S0/1 CHAP S0/0 9 8 SITE5 PAP CHAP S0/1
10

4 3 S0/1 PAP SITE3 CHAP S0/0

S0/1 PAP SITE2 CHAP


12

S0/0

S0/0 SITE1 S0/1 CHAP SITE6


11

PAP S0/0

Objectives: 1. Configuring PPP 2. Configuring PAP, CHAP authentication: the username must match the hostname 3. Verifying and Troubleshooting: - show - debug ppp authentication - debug ppp packet - ... 4. Other: - The hostname on one router dont match the username that the other router has configured. - The passwords dont match (PAP only)
26

LabS4- Full Mesh Frame Relay


SITE1
S0/1 S0/0 S0/0 S0/1 S0/3 S0/2 S0/0 S0/1

SITE2

SITE4

SITE3

27

LabS4- NAT/PAT
Lab-SW SW1

10.0.Y.0/24 Y=[4,5,6,8]
F0/0 F0/0

F0/0

MD1
S0/0 1 S0/1 S0/0 2 S0/1

PAT (Interface) MD2


S0/0 3

MD3
NAT Pool: 192.168.X.10 192.168.X.20/24

192.168.X.0/24

FW2

S0/1

NAT (Dynamic)/ DHCP FW3 DHCP Pool:


Excluded-Address: 172.16.X.1 172.16.X.10 DNS server: 203.162.0.181,

FW1 172.16.X.0/24

F0/0
10

F0/0

20 30

F0/0

SW2 PC1 PC2 PC3

210.245.0.11 Duration: 3days, 3hours, 30 minutes

Notes: MD1,MD2,MD3: Enable PAT with the interface FW1,FW2,FW3: Enable dynamic NAT with the pool. Configure DHCP servers. SW2: Create Vlans 10,20,30 MD1,MD2,MD3: Interface F0/0 assigned an IP address automatically

28