En DRSEnt SLM 40 Ahmad Sandy 1106995
En DRSEnt SLM 40 Ahmad Sandy 1106995
En DRSEnt SLM 40 Ahmad Sandy 1106995
Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Discovery Introducing Routing and Switching in the Enterprise course as part of an official Cisco Networking Academy.
CCNA Discovery
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 8
1. Before starting the server, be sure to connect the computer NIC to a switch or router port using an appropriate cable. 2. To start the Discovery Server Live CD, insert the CD into the CDROM drive and reboot the machine. 3. During startup, you will be presented with a list of boot options. At the first options menu, select a. All other options are provided in the event that a does not run properly on your machine. During the booting process you may notice that the eth0 address and the DHCP daemon (dhcpd) fail. This is normal on some machines and these functions will be started manually. Allow the server to boot fully into the KDE graphical environment.
Start Menu
Terminal
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 8
Quick Info
Root Password: User Accounts: Server Name: IP Address: Subnet Mask: Default Gateway: discoverit 20 ordinary user accounts set up as userX with a password of cheetahX where X is any number between 1 and 20 inclusive server.discovery.ccna 172.17.1.1 255.255.0.0 172.17.0.1
DHCP Pool Address Range: Lease: Default Gateway: Domain Name: 172.17.1.50 to 172.17.1.254 4 hours 172.17.1.1 discovery.ccna
DNS Resolves names for the discovery.ccna domain server.discovery.ccna server-1.discovery.ccna server-2.discovery.ccna resolves to 172.17.1.1 resolves to 172.17.1.1 (for the troubleshooting labs in CCNA Discovery 1) resolves to 172.17.1.2 (for the troubleshooting labs in CCNA Discovery 1)
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 8
Figure 2: The Network Configuration Window 3. On the Network Configuration window, click the Devices tab.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 8
4. Select eth0 or the interface that corresponds to your first Ethernet card and then click Edit. This should display the Ethernet Device configuration pane shown in Figure 3.
Figure 3: The Ethernet Device Configuration Pane 5. To set the IP addressing information, click the Statically set IP addresses radio button and enter the following information: Address: 172.17.1.1 Subnet mask: 255.255.0.0 Default gateway address: 172.17.0.1 6. Click OK. 7. Return to the Network Configuration window and click the DNS tab. 8. Enter the following information, as shown in Figure 4: Set hostname: server.discovery.ccna Set Primary DNS: 127.0.0.1
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 8
9. Next, click the Devices tab. 10. Choose eth0. 11. Click Activate. 12. Answer Yes / OK to any questions. 13. Close the Network Configuration window. When prompted, click Yes to save changes.
1. Click Terminal to open a terminal window. 2. Enter su - and click Enter (note that the - is very important). 3. When prompted, enter the root password discoverit. 4. Enter service named restart and press Enter. 5. Enter dhcpd and press Enter.
You should now have a fully operational server. It may take a few minutes for DNS to become fully operational.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 8
After you are logged in as root and have a terminal session open, complete the following steps: 1. Enter cd / to go to the root directory. 2. Enter cd /usr/StreamingServer to go to the directory with the streaming server files. 3. Enter DarwinStreamingServer to start the server. 4. Enter perl streamingadminserver.pl to start the administration server.
When the administration server is running, all further configuration is accomplished using a web browser. 1. Use a web browser to bring up the configuration server by connecting to the server on port 1220 (http://172.17.1.1:1220). All usernames and passwords are stream. 2. Delete any old playlists that may be present. 3. Create a new playlist by dragging the movie file to the right box. Select Sequential Looped for the play mode, name the stream, and click the Save Changes button at the bottom of the screen. 4. Click the button next to the stream name to start the streaming video. 5. To connect to the stream, use the Quicktime Player (free download from Apple Inc. at www.apple.com). 6. Launch Quicktime Player. 7. Under File, click Open URL. 8. Enter the URL rtsp://<server ip>/stream; for example, rtsp://172.17.1.1/MWO.sdp, assuming that the server has the default IP address of 172.17.1.1 and the stream was named MWO.sdp for "Mind Wide Open."
NOTE: The Discovery Server Live CD is provided without warranty of any kind. It is intended to be used only to support the CCNA Discovery labs. For information on the Cisco Networking Academy Program, visit http://cisco.netacad.net.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 8
Problem: Solution:
Problem: Solution:
Problem: Solution:
Problem: Solution:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 8
Objectives
Use Wireshark to capture protocol data packets as they cross the networks. Use Wireshark to analyze protocol data packets from the captured results.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 17
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
This lab focuses on the basic configuration of the Cisco 1841 or comparable routers using Cisco IOS commands. The information in this lab applies to other routers; however, command syntax may vary. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: Cisco 2960 switch or other comparable switch Two Cisco 1841 or comparable routers with minimum one serial and one fast Ethernet interface Two Windows-based PCs, one with a terminal emulation program. Use one PC as the host, and use the other as the server. RJ-45-to-DB-9 connector console cable to configure the routers Two straight-through Ethernet cables One crossover Ethernet cable Access to the PC command prompt Access to PC network TCP/IP configuration
NOTE: Make sure that all routers and the switch have been erased and have no startup configurations. If you need instructions, refer to the end of this lab. Instructions are provided for both the switch and router.
d. RouterB will use a straight-through cable from its Fa0/0 to connect to the switch through the Fa0/1. Configure the routers as shown in the topology diagram above.
Step 2: Connect the host to the switch and configure Step 3: Verify connectivity using ping
a. To verify that the network is set up successfully, ping from the host to the server. b. If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the host, server, and router configurations. c.
Ya, karena adanya reply from. Was the ping successful? __________________________________________________
Step 4: Launch Wireshark NOTE: Wireshark may be downloaded from the Internet at www.wireshark.org and installed on each local host. If this is not possible, Wireshark may be run from the Discovery Live CD. Check with your instructor to determine which procedure to follow.
a. If running Wireshark from the local host, double-click on the icon to begin the application and proceed to step d. If running Wireshark from the Discovery server, proceed to step b. b. From the K Start menu on the server desktop, choose Internet> Wireshark Network Analyzer.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 17
d. To start data capture, go to the Capture menu click Options. The Options dialog provides a range of settings and filters that determine how much data traffic is captured.
e. Ensure that Wireshark is set to monitor the correct interface. From the Interface drop-down list, select the network adapter in use. For most computers, this will be the connected Ethernet Adapter.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 17
Setting Wireshark to capture packets in promiscuous mode Setting Wireshark for network name resolution Clicking the Start button starts the data capture process. A message box displays the progress of this process. Create some traffic to be captured. Issue a ping and tracert from the host and watch for routing updates.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 17
Clicking the Stop button terminates the capture process. The main screen is displayed.
The PDU (or Packet) List pane at the top of the diagram displays a summary of each packet captured. By clicking on packets in this pane, you control what is displayed in the other two panes. The PDU (or Packet) Details pane in the middle of the diagram displays the packet selected in the Packet List Pane in more detail. The PDU (or Packet) Bytes pane at the bottom of the diagram displays the actual data (in hexadecimal form representing the actual binary) from the packet selected in the Packet List pane, and highlights the field selected in the Packet Details pane.
Packet List Pane Each line in the Packet List pane corresponds to one PDU or packet of the captured data. If you select a line in this pane, additional details are displayed in the Packet Details and Packet Bytes panes. The example above shows the PDUs captured when the ping utility was used and http://www.Wireshark.org was accessed. Packet number 1 is selected in this pane. Packet Details Pane The Packet Details pane shows the current packet (selected in the Packet List pane) in a more detailed form. This pane shows the protocols and protocol fields of the selected packet. The protocols and fields of the packet are displayed using a tree, which can be expanded and collapsed.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 17
d. After receiving the successful replies to the ping in the command-line window, stop the packet capture.
b. Look at the packets listed; we are interested in the packets numbered 3 through 10. c. Locate the equivalent packets on the packet list on your computer. The numbers may be different.
d. From the Wireshark Packet List, answer the following questions: 1) What protocol is used by ping? ___________________________________ protocol yang digunakan adalah TCP
Inthernet Protocol, Src : 192.168.174.14 (192.168.174.14) Dst : 2) What is the full protocol name? ___________________________________
3) What are the names of the two ping messages? ___________________________________ and Replay and Request
( 192.168.172.1)
tercantum alamat IP situs 4) Are the listed source and destination IP addresses what you expected?Ya, _____________
5) Why?
yang diharapkan, karena wireshark sudah tersedia program packet list pane dan packet details pane.
Page 7 of 17
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
b. Click each of the four + to expand the information. The packet Detail Pane will now be similar to:
c.
Spend some time scrolling through this information. At this stage of the course, you may not fully understand the information displayed. Make a note of the information you do recognize.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 17
f.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 17
d. Locate and list examples of messages exchanged in the second phase that is the actual download request and the data transfer. e. The third group of PDUs relate to logging out and breaking the connection. List examples of messages exchanged during this process. f. Locate recurring TCP exchanges throughout the FTP process. What feature of TCP does this indicate?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 17
Karena masing masing memiliki fungsi tertentu, misalnya meskipun sama sama menampilkan alamat IP address akan __________________________________________ tetapi yang pertama berfungsi sebagai koneksi dengan alamat tujuan beserta protocol yang digunakan, sedangkan yang kedua berfungsi sebagai penerjemah dari koneksi ping alamat yang dituju. _________________________________________________________________________ d. What protocols are in the Ethernet frame?
As you can see, the details for each section and protocol can be expanded further. Why are there two types?
HTTP ____________________________________________________________________________
What protocols are in the Ethernet frame? ____________________________________________________________________________ For example, if the second line (+ Ethernet II) is highlighted in the Details pane, the Bytes pane now highlights the corresponding values. This example shows the particular binary values that represent that information in the PDU. At this point in the course, it is not necessary to understand this information in detail. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 17
d. When finished, close the Wireshark file and continue without saving.
c.
d. What two protocols are listed in this capture that was not listed in the previous capture? e. Compare the first capture in Step 14 with the second capture. What is one noticeable difference between the HTTP and HTTPS protocols?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 17
CCNA Discovery Introducing Routing and Switching in the Enterprise Erasing and Reloading the Switch
For the majority of the labs in CCNA Discovery, it is necessary to start with an unconfigured switch. Using a switch with an existing configuration may produce unpredictable results. The following instructions prepare the switch prior to performing the lab so that previous configuration options do not interfere. Instructions are provided for the 2900 and 2950 series switches. a. Enter into privileged EXEC mode by typing enable. If prompted for a password, enter class (if that does not work, ask the instructor). Switch>enable b. Remove the VLAN database information file. Switch#delete flash:vlan.dat Delete filename [vlan.dat]?[Enter] Delete flash:vlan.dat? [confirm] [Enter] %Error deleting flash:vlan.dat (No such file or directory) c. Remove the switch startup configuration file from NVRAM. Switch#erase startup-config Erasing the nvram filesystem will remove all files! Continue? [confirm] Erase of nvram: complete d. Check that VLAN information was deleted. e. Restart the software using the reload command. 1) At the privileged EXEC mode, enter the reload command: Switch# reload System configuration has been modified. Save? [yes/no]: 2) Type n, and then press Enter. Proceed with reload? [confirm] [Enter] Reload requested by console. Would you like to enter the initial configuration dialog? [yes/no]: 3) Type n, and then press Enter. Press RETURN to get started! [Enter]
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 16 of 17
CCNA Discovery Introducing Routing and Switching in the Enterprise SDM Router Basic IOS Configuration to Bring Up SDM
If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic config as follows. Further details regarding the setup and use of SDM are can be found in the SDM Quick Start Guide: http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_quick_start09186a0080511c89.html#wp44788 a. Set the router Fa0/0 IP address. Router(config)#interface Fa0/0 Router(config-if)#ip address 10.10.10.1 255.255.255.248 Router(config-if)#no shutdown f. Enable the router's HTTP/HTTPS server, using the following Cisco IOS commands: Router(config)#ip http server Router(config)#ip http secure-server Router(config)#ip http authentication local g. Create a user account with privilege level 15 (enable privileges). Router(config)#username <username> privilege 15 password 0 <password> h. Configure SSH and Telnet for local login and privilege level 15. Router(config)#line vty 0 4 Router(config-line)#privilege level 15 Router(config-line)#login local Router(config-line)#transport input telnet Router(config-line)#transport input telnet ssh Router(config-line)#exit
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 17
VLAN 1 IP Address
Default Gateway
Objectives
Configure static routes. Configure a routing protocol (RIP v2). Configure a switch management VLAN IP address. Test and verify configurations.
Background / Preparation
This lab reviews the primary IOS commands used to manage, configure, and monitor devices in a multirouter network. In this lab, you will configure two routers using static routes and then using a routing protocol; configure a switch, including access to management functions; and configure two hosts. You will make and verify configuration changes on the switch. You will also verify network configurations and connectivity. The following resources are required: Cisco 2960 switch or other comparable switch Two 1841 or other compatible Cisco routers with Fast Ethernet interfaces to connect to switch and host Two Windows-based PCs, at least one with a terminal emulation program At least one RJ45-to-DB-9 connector console cable Two straight-through Ethernet cables One crossover Ethernet cable Access to the PC command prompt Access to PC network TCP/IP configuration
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 11
Password yang sudah kita konfigurasikan di console session yaitu password yang ada pada terminal _______________________________________________________________________ pertama. password yang digunakan ialah cisco
Why?
Karena pada saat pengaturan kita telah memerintahkan setiap melakukan login pada sebuah terminal _______________________________________________________________________ maka kita harus memasukkan password. karena untuk mengakses kelas atau host yang telah dibentuk _______________________________________________________________________ menggunakan konfigurasi pada switch, sehingga kelas tersebut bersifat tertutup, sehingga membutuhkan password untuk login. Step 3: Configure the switch management interface on VLAN 1
a. Enter the interface configuration mode for VLAN 1. Switch1(config)#interface vlan 1 b. Set the IP address, subnet mask, and default gateway for the management interface. Switch1(config-if)#ip address 192.168.1.5 255.255.255.0 Switch1(config-if)#no shutdown Switch1(config-if)#exit Switch1(config)#ip default-gateway 192.168.1.1 c. Why does interface VLAN1 require an IP address in this LAN?
Page 2 of 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
karena jika menggunakan DNS IP address yang telah terdaftar saja yang bisa menggunakan jaringan, karena _______________________________________________________________________ pada pengaturan ini IP address terdaftar secara otomatis. f. Configure the EXEC mode password f. Configure the EXEC mode password.
R1(config)#enable secret class Why is it not necessary to use the enable password password command?
karena telah dikonfigurasi sebelumnya , yaitu member password pada pengaturan host, sehingga _______________________________________________________________________
g. Configure a message-of-the-day banner using the banner motd command. Where does this banner display? _______________________________________________________________________ Banner display berada di atas h. Configure the console and virtual terminal lines to use a password and require it at login. R1(config)#line console 0 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#line vty 0 4 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#end
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 11
d. Create a static route to enable R1 to reach the network attached to the R2 Fa0/0 interface. Use the next hop interface on R2 as the path to this network. R1(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.2 Why is this static route the only one required?
karena Konfigurasi interface dan statis routing pada router R1 telah mendaftarkan terlebih dahulu IP _______________________________________________________________________ address statis yang diperlukan.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
symbol S merupaakn pembatasan hak akses yang berarti security, karena telah dikonfigurasikan _______________________________________________________________________ pada tahapan awal tadi.
e. Verify the router interface configurations using the show ip interface brief command. What should the output indicate for correctly configured, active interfaces?
Step 11: Remove Static Route and configure a routing protocol on router R1
a. Remove the static route to 192.168.3.0. R1(config)#no ip route 192.168.3.0 255.255.255.0 192.168.2.2 b. Enable RIP v2 routing and advertise the participating networks. R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 192.168.1.0 R1(config-router)#network 192.168.2.0 c. Return to privileged EXEC mode.
Step 12: Remove Static Route and configure a routing protocol on router R2
a. Remove the static route to 192.168.1.0. R2(config)#no ip route 192.168.1.0 255.255.255.0 192.168.2.1
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 11
What does the R indicate? _________________________________________________________________ huruf R menunjukkan proses routing yang telah
untuk menghubungkan R1 dan R2 On R1, which route would be displayed with an R? dikonfigurasikan _______________________ pada temapt yang berbeda
e. Verify the router interface configurations using the show ip interface brief command. f. View devices from R1s terminal session using the show cdp neighbors command.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 11
If a host other than PC1 attempts to connect to Fa0/1, what will happen? _______________________________________________________________________ Akan dimatikan secara otomatis. It is sometimes necessary to set the speed and duplex of a port to ensure that it operates in a particular mode. You can set the speed and duplex with the duplex and speed commands while in interface configuration mode. To force FastEthernet port 5 to operate at half duplex and 10 Mbps, issue the following commands: Switch>enable Switch#configure terminal Switch(config-if)#interface fastethernet 0/5 Switch(config-if)#speed 10 Switch(config-if)#duplex half Switch(config-if)#end Switch# h. Issue the show interfaces command. What is the duplex and speed setting for Fa0/5 now? _______________________________________________________________________ i. Enter quit at the switch command prompt to terminate the Telnet session.
bisa di implementasika pada kantor kecil yang jaraknya dekat atau bersebelahan. _______________________________________________________________________
_______________________________________________________________________
congratulation b. Which symbol is used to show a successful ping in the Cisco IOS software?___________
c. Which commands used in this lab would provide the best documentation for this network?
1. Menetukan rute terbaik _______________________________________________________________________ 2. memilih jenis protocol yang digunakan dan membatasi IP address _______________________________________________________________________ 3. mendaftarkan MAC address e. Erase and reload all devices. _______________________________________________________________________
e. Erase and reload all devices.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 11
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 11
r.
Configure SSH and Telnet for local login and privilege level 15. Router(config)#line vty 0 4 Router(config-line)#privilege level 15 Router(config-line)#login local Router(config-line)#transport input telnet Router(config-line)#transport input telnet ssh Router(config-line)#exit
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 11
class
cisco
Objectives
Configure passwords to ensure that access to the CLI is secured. Configure a switch to remove http server status for security. Configure port security. Disable unused ports. Test security configuration by connecting unspecified hosts to secure ports.
Background / Preparation
Set up a network similar to the one in the topology diagram. The following resources are required: One Cisco 2960 or comparable switch Two Windows-based PCs, at least one with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable
Page 1 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
NOTE: Make sure that the switch has been erased and has no startup configurations. Instructions for erasing both switches and routers are provided in the Lab Manual, located on Academy Connection in the Tools section.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
Step 10: Determine what MAC addresses the switch has learned
Determine what MAC addresses the switch has learned by using the show mac-address-table command at the privileged EXEC mode prompt. Switch1#show mac-address-table How many dynamic addresses are there? _____________ How many total MAC addresses are there? ____________ Do the MAC addresses match the host MAC addresses? ____________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
If a host other than PC2 attempts to connect to Fa0/4, what will happen? ________________________________________________________________________
Step 16: Configure the port to shut down if there is a security violation
a. In the event of a security violation, the interface should be shut down. To make the port security shut down, enter the following command: Switch1(config-if)#switchport port-security violation shutdown What other action options are available with port security? ______________________________ _____________________________________________________________________________ b. If necessary, ping the switch address 192.168.1.2 from the PC3 192.168.1.5. This PC is now connected to interface FastEthernet 0/4. This ensures that there is traffic from the PC to the switch.
c.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Objectives
Create a switched network with redundant links. Determine which switch is selected to be the root bridge with the factory default settings. Configure the BID on a switch to control the selection of the root bridge.
Background / Preparation
This lab examines the effect that selection of a root bridge has on traffic patterns in a switched network with redundant links. You will configure the network with default factory settings and then reassign the root bridge by changing the bridge priority value. You will observe the spanning tree as the network adjusts to the changes. The following resources are required: Two Cisco 2960 switches or other comparable switches Two Windows-based PCs, one with a terminal emulation program; one as the host, one as the server At least one RJ-45-to-DB-9 connector console cable to configure the switches Two straight-through Ethernet cables Two crossover Ethernet cables Access to the PC command prompt Access to PC network TCP/IP configuration
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
d. Create a redundant link between the switches by connecting Switch 1 Fast Ethernet port Fa0/4 to Switch 2 Fast Ethernet port Fa0/4, using a crossover Ethernet cable. What typically undesirable traffic pattern have you created by using the two crossover cables between the two switches? __________________________________________________ Predict: What do you think the switches will do to keep this from becoming a problem? _________________________________________________________________________ _________________________________________________________________________
d. Establish a terminal emulation session to Switch 2 from either Host 1 or Host 2. e. Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on Switch 2. f. Save the configuration.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Objectives
Create a switched network with redundant links. Observe how the Spanning Tree Protocol adjusts to changes in the switched network topology. Verify the status of a spanning tree.
Background / Preparation
This lab demonstrates advantages and disadvantages of the Spanning Tree Protocol in dealing with changes to a switched network with redundant links. You will configure the network with default factory settings and then examine the spanning-tree tables for the switches before and after a link is removed. You will use various show commands to verify the operation of the spanning-tree algorithm. The following resources are required: Two Cisco 2960 switches or other comparable switches Two Windows-based PCs, one with a terminal emulation program, one as the host, one as the server At least one RJ-45-to-DB-9 connector console cable to configure the switches Two straight-through Ethernet cables
Page 1 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers - If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Create a redundant link between the switches by connecting Switch 1 Fast Ethernet port Fa0/4 to Switch 2 Fast Ethernet port Fa0/4, using a crossover Ethernet cable. What is the advantage of providing redundant links in a network like this one? __________________________________________________________________________ __________________________________________________________________________
d. Establish a terminal emulation session to Switch 2 from either Host 1 or Host 2. e. Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on Switch 2. f. Save the configuration.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Step 6: Determine the roles of ports participating in the spanning tree on each switch
a. On SwitchA, enter the command show spanning-tree at the privileged EXEC mode prompt. b. On SwitchB, enter the command show spanning-tree at the privileged EXEC mode prompt. Which switch is the root bridge? ________________________________________________ c. The spanning tree is using three ports on each switch. Complete this chart indicating the port state and role for each port. SwitchA Interface
Role
State
SwitchB Interface
Role
State
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Step 9: Reflection
Your networking team is deciding whether to disable Spanning Tree Protocol on the switches in your corporate network. Explain how you would feel about this decision. What are the advantages and disadvantages? How would this decision affect your network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Objectives
Observe default switch VLAN configuration and operation. Configure static VLANs on a switch. Verify VLAN configuration and operation. Modify an existing VLAN configuration.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Background / Preparation
This lab focuses on the basic VLAN configuration of the Cisco 2960 switch (or similar) using Cisco IOS commands. The information in this lab applies to other switches; however, command syntax may vary. Depending upon the switch model, the interface designations may differ. For example, modular switches have multiple slots; therefore, the Fast Ethernet ports may be FastEthernet 0/1 or FastEthernet 1/1, depending on the slot and port. The router used can be any router. The following resources are required: One Cisco 2960 switch or equivalent switch One Cisco 1841 router or equivalent Two Windows-based PCs with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the switch and the router Three straight-through Ethernet cables to connect from the PCs to Switch 1
NOTE: Make sure that the router and all the switches have been erased and have no startup configurations. For detailed instructions, refer to the Lab Manual that is located on Academy Connection in the Tools section. NOTE: SDM Routers If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. Contact your instructor if necessary.
d. Connect a PC with a console cable to perform configurations on the router and switches. e. Configure IP addresses on the hosts as shown in the chart.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Step 8: Reflection
a. Why would VLANs be configured in a network? ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ b. What must be set up to communicate between VLANS? ________________________________________________________________ c. With no configuration, what VLAN are all ports a member of? ___________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Device Switch 1
Objectives
Configure three VLANs on a switch. Verify connectivity.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
This lab focuses on the basic VLAN configuration of the Cisco 2960 switch (or similar) using Cisco IOS commands. The information in this lab applies to other switches; however, command syntax may vary. Depending upon the switch model, the interface designations may differ. For example, modular switches have multiple slots; therefore, the Fast Ethernet ports may be Fast Ethernet 0/1 or Fast Ethernet 1/1, depending on the slot and port. The following resources are required: One Cisco 2960 switch or other comparable switch Three Windows-based PCs with a terminal emulation program One RJ-45-to-DB-9 connector console cable to configure the switch Three straight-through Ethernet cables to connect from the PCs to Switch 1
NOTE: Make sure that the switch has been erased and has no startup configurations. Instructions for erasing the switch are provided in the Lab Manual, located on Academy Connection in the Tools section.
d. Connect PC3 to switch port Fast Ethernet 0/7 with a straight-through Ethernet cable.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Step 5: Reflection
a. Why can PC1 ping Switch1 when PC2 and PC3 cannot?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Objectives
Observe default switch VLAN configuration and operation. Configure static VLANs on a switch. Verify VLAN configuration and operation. Configure trunking between switches.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
This lab focuses on the basic VLAN configuration of the Cisco 2960 switch (or similar) using Cisco IOS commands. The information in this lab applies to other switches; however, command syntax may vary. Depending upon the switch model, the interface designations may differ. For example, modular switches have multiple slots; therefore, the Fast Ethernet ports may be Fast Ethernet 0/1 or Fast Ethernet 1/1, depending on the slot and port. The following resources are required: Two Cisco 2960 switches or equivalent switches Two Windows-based PCs with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the switch and the router Three straight-through Ethernet cables to connect from the PCs to the switches One crossover Ethernet cable to connect S1 to S2
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section.
d. Connect Host 2 Ethernet interface with a straight-through cable to Switch 2 Fa0/2 interface. e. Connect a PC with a console cable to perform configurations on the router and switches. f. Configure IP addresses on the hosts as shown in the chart.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
S2(config)#vlan 2 S2(config-vlan)#name fred S2(config-vlan)#exit S2(config)#vlan 3 S2(config-vlan)#name wilma S2(config-vlan)#exit b. Assign switch ports to VLANs. The ports connecting Hosts 1a and 2 will be assigned to VLAN 2 and the port connecting Host 1b will be assigned to VLAN 3. Save the configurations. S1(config)#int fa0/2 S1(config-if)#switchport access vlan 2 S1(config-if)#exit S1(config)#interface fa0/3 S1(config-if)#switchport access vlan 3 S1(config-if)#end S1#copy running-config startup-config S2(config)#int fa0/2 S2(config-if)#switchport access vlan 2 S2(config-if)#end S2#copy running-config startup-config
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
d. Retest the connectivity between devices. 1) Ping from S1 to S2. Are the pings successful? ____________ 2) Ping from Host 1a to Host 2. Are the pings successful? ____________ 3) Ping from Host 1b to Host 2. Are the pings successful? ____________ 4) Ping from Host 1a to S1. Are the pings successful? ____________ e. The ping test should show that devices that belong to the same VLAN can now communicate with each other across switches, but devices in different VLANs cannot communicate with each other. What would have to be configured to allow devices in different VLANs to communicate with each other? ______________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
Step 8: Reflection
a. Why would trunking be configured in a network? ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________
b. Does trunking allow for communication between VLANS? ________________________________________________________________________________ c. With no configuration, from which VLAN are frames forwarded across the trunk without VLAN tagging added? ________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
Objectives
Configure a router for inter-VLAN communication. Verify connectivity between VLANs.
Background / Preparation
This is a two part lab: Part A configures inter-VLAN routing using separate router interfaces for each VLAN. Part B configures inter-VLAN routing using subinterfaces. It is important to complete both Part A and Part B of the lab. This lab focuses on the basic configuration of the Cisco 1841 router or a comparable router using Cisco IOS commands. Part A of this lab shows how two different VLANs communicate through a router using separate Fast Ethernet interfaces for each VLAN. This is not a recommended practice, because this topology does not scale well. Trunking requires fewer router and switch ports, which will be shown in Part B of this lab. The information in this lab applies to other routers; however, command syntax may vary. The following resources are required: Three Cisco 2960 switches or other comparable switch One router with 2 Ethernet interfaces to connect to switches Four Windows-based PCs, one with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the router and switches Two straight-through Ethernet cables to connect from the router to Switch 1 and Switch 3 Four straight-through Ethernet cables to connect the hosts and server to the switches Two crossover Ethernet cables to connect Switch 1 to Switch 2 and Switch 2 to Switch 3
NOTE: Make sure the router and all the switches have been erased and have no startup configurations. For instructions, refer to the end of this lab. Instructions are provided for both the switch and router. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. Contact your instructor if necessary.
d. Use a straight-through cable to connect the Fa0/1 port of Switch 3 to the Fa0/1 interface of Router A Fa0/1 port. e. Connect a PC with a console cable to perform configurations on the router and switches. f. Connect the remaining PCs as shown in the diagram. Use switchport Fa0/5 on Switches 1, 2, and 3 to connect each PC to each switch. Use Fa0/9 to connect the server to Switch 3.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Host 1 should be able to ping all other devices. a. From Host 1, ping Host 2. Is the ping successful? _______________ b. From Host 1, ping the server. Is the ping successful? ____________ Why can Host 1 ping the server? _____________________________________________ c. From the server, ping Host 1. Is the ping successful? __________ If the pings are not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the router and switch configurations. d. From Switch 3, issue the command show spanning-tree. Which ports are being used on Switch 3? ______________________________________ What is the role of each of these ports? ________________________________________ Which switch is acting as the root? ___________________________________________ What is the protocol that allows VLANs to communicate without switching loops? ________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
VLAN 10
VLAN 20
VLAN 1
IP Address
Trunk Fa0/0
172.16.1.2/24 172.16.1.3/24
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Objectives
Configure two switches, one as a VTP server and the other as a VTP client. Configure three VLANs on the VTP server switch and propagate this information to the VTP client. Configure VLAN configuration on Router A. Configure inter-VLAN routing using a router-on-a-stick configuration. Verify connectivity between the VLANs.
Background / Preparation
This lab focuses on the basic configuration of the Cisco 1841 or comparable router using Cisco IOS commands. The information in this lab applies to other routers; however, command syntax may vary. Depending upon the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or S0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: Two Cisco 2960 switches or other comparable switches One router with Fast Ethernet interface to connect to switch One Windows-based PC with a terminal emulation program One RJ-45-to-DB-9 connector console cable to configure the router and switches One straight-through Ethernet cable to connect from the router to Switch 1 One crossover Ethernet cable to connect Switch 1 to Switch 2
NOTE: Make sure the router and all the switches have been erased and have no startup configurations. For instructions, refer to the end of this lab. Instructions are provided for both the switch and router. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. Contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
d. Configure Switch 2 with the interfaces Fa0/5 and Fa0/6 on VLAN 10. Switch2(config)#interface fa0/5 Switch2(config-if)#switchport mode access
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Objectives
Develop a plan for building a switched network design utilizing best practices Design a switched network capable of handling diverse traffic types Plan and configure VLANs in the network Plan and configure network management of the switched network Design and configure the switched network
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Background / Preparation
This activity focuses on utilizing best practices to plan, design and build a switched network utilizing VLANs. Industry best practices are implemented to help develop a stable, functioning network. As depicted in the drawing there are many elements to a corporate network. Network servers, end devices and various forms of communication and network management are implemented in todays converged networks. All of these things need to be accounted for in a good network design. This activity will provide a scenario to provide requirements for building a switched network.
The following resources are required: Three Cisco 2960 switches or equivalent One Windows-based PC with a terminal emulation program RJ-45-to-DB-9 connector console cable to configure the switch. Two crossover Ethernet cables to connect the switches.
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers - If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. VLAN trunking will be utilized to reduce the number of switch interconnections. e. All IP addresses will be assigned in the range from 172.16.1.x to 172.16.5.x, all with a /24 mask. Given these requirements and the diagram provided, a switched network will be created that meets these needs and implements best practices for network design.
d. Configure Switch1, Switch2 and Switch3 with a hostname and console, telnet and privileged passwords.
c.
Configure all other ports on the switches as access ports. Also, best practices call for all unused switch ports to be disabled, so all of the ports will be shutdown and then brought up as utilized.
Switch2(config)#interface range fa0/2 - 24 Switch2(config-if-range)#switchport mode access Switch2(config-if-range)#shutdown Switch3(config)#interface range fa0/2 - 24 Switch3(config-if-range)#switchport mode access Switch3(config-if-range)#shutdown
Switch2(config)#vtp mode client Switch2(config)#vtp domain cisco Switch2(config)#vtp password myvlans Switch2(config)#end Switch3(config)#vtp mode client Switch3(config)#vtp domain cisco Switch3(config)#vtp password myvlans Switch3(config)#end
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
b. Use the show vtp status command to verify the VTP configuration. Switch1#show vtp status Switch2#show vtp status Switch3#show vtp status
Does the output from switch1 indicate that it is the VTP server? Do the outputs from switches 2 and 3 indicate that they are VTP clients? Record the configuration revision number from each of the switches. Switch1______ Switch2_______ Switch3______
c.
View the VTP status on all of the switches with the show vtp status command. Switch1#show vtp status Switch2#show vtp status Switch3#show vtp status Have the VTP revision numbers changed from the before?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
b.
Verify connectivity by pinging from Switch1 to the other switches. Switch1# ping 172.16.1.2 Switch1# ping 172.16.1.3 Is Switch1 able to ping the other switches?
Step 7: Configure VLAN assignments. In preparation for connecting hosts as shown in the diagram on the first page of this lab, ports must be assigned to the proper VLANs to allow for communication between devices and to allow control of communication between VLANs with access control lists on routers.
a. Assign the ports to the proper VLANs on the switches. Switch2(config)#int fa0/2 Switch2(config-if)#switchport access vlan 40 Switch2(config-if)#int fa0/3 Switch2(config-if)#switchport access vlan 20 Switch2(config-if)#int fa0/4 Switch2(config-if)#switchport access vlan 20 Switch2(config)#int fa0/2 Switch2(config-if)#switchport access vlan 30 Switch2(config-if)#int fa0/3
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 6
With the VLAN assignments made, the switch ports can be brought up as the devices are connected.
Step 8: Reflection
Why is trunking configured in a network? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Why is VTP configured in a network? ______________________________________________________ _____________________________________________________________________________________ Why are unused ports shutdown and assigned to an unused VLAN? _____________________________________________________________________________________ _____________________________________________________________________________________ Why are VLANs used to separate network traffic?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
IP Address VLAN 1: 192.168.1.34 VLAN 1: 192.168.1.66 FA0/0: 192.168.1.33 FA0/1: 192.168.1.65 192.168.1.35 192.168.1.67
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Background / Preparation
This lab is a review of basic subnetting configuration of a router with two switches attached. The following resources are required: One Cisco 1841 router or similar router with two Ethernet interfaces Two Cisco 2960 switches or other comparable switches Two Windows-based PCs, each with a terminal emulation program At least one RJ-45-to-DB-9 connector console cables to configure the switches Four straight-through Ethernet cables Access to the PC command prompt Access to PC network TCP/IP configuration
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers - If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect Switch2 port Fa0/1 to Router1 port Fa0/1, using a straight-through Ethernet cable.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
Ya, saya sukses membuat jaringannya di pakettracet. Was the ping successful? _____________
If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated.
Step 6: Reflection
Subnetting allows the addresses in a network range to be split into smaller groups. This lab split the total number of addresses, 256, into smaller groups of equal size.
32 How many address are in each subnet? _______ 8 How may total subnets were created? _______
The subnet mask is 255.255.255.224. How many host bits were borrowed for subnetting? 3 _______
27 What is the total number of network and subnet bits in each address? _______
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Objectives
Determine the number of subnets needed. Determine the number of hosts needed for each subnet. Design an appropriate addressing scheme using VLSM. Assign IP configurations to device interfaces. Examine the use of the available network address space.
Discovery 3 Ch. 2
Lab 2.3.6
Page 1 of 4
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
This lab explores the use of VLSM to meet the needs of a network topology. In this lab, you will assess the topology, determine the addressing scheme to meet its needs, and prepare documentation for the addressing. You have been assigned the 192.168.1.0/24 network to address this network.
12 e. How many host IP addresses are needed for the smallest LAN? __________
f. How many host IP addresses are needed for each WAN link? 2 __________ g. What is the total number of host IP addresses that are needed for this network? 6 __________ h. What is the total number of host IP addresses that are available in the 192.168.1.0/24 network? 119 __________ i. If the network is subnetted to provide 7 usable subnets, can the addressing requirements be met?
254 _____________________________________________________________________________
Step 2: Design an IP addressing scheme to fit the network requirements
a. Determine the subnet information for the largest subnet needed.
64 What is the smallest size subnet that can be used to meet this requirement? __________
Hampir memungkinkan untuk 20% Will a subnet of this size allow for future growth of 10 15%? Ya. __________
Fill in the chart below with the appropriate information. Assign the first available subnet on the 192.168.1.0 network to this LAN. LAN_A Subnet Network Address Decimal Subnet Mask CIDR Subnet Mask First Usable IP Address Last Usable IP Address Broadcast Address
b. Assign the next available subnet to the next-largest LAN. c. Fill in the chart below with the appropriate information.
LAN_D Subnet Network Address Decimal Subnet Mask CIDR Subnet Mask First Usable IP Address Last Usable IP Address Broadcast Address
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
LAN_B Subnet Network Address Decimal Subnet Mask CIDR Subnet Mask First Usable IP Address Last Usable IP Address Broadcast Address
WAN link between Router0 and Router1 WAN link between Router1 and Router 2 WAN link between Router2 and Router0
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Step 6: Reflection
a. What is the last host IP address that will be used by this VLSM scheme?
192.168.1.150 ________________________________________________
b. Your largest LAN can accommodate 15% growth with your VLSM scheme. Which of the other LANs can also accomplish this goal?
d. What would the new network addresses be for the four LANs?
harus mencakup kemampuan untuk skala jaringan, tambahkan subnet diperlukan, dan menambah ________________________________________________________________________________
________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________
fleksibilitas untuk desain jaringan dengan mampu desain untuk memenuhi kebutuhan pengguna tertentu.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Objectives
Calculate route summarization for each router. Calculate the total summarization so that RouterA can pass a smaller routing table to the ISP.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 2
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
Use the information in the topology to calculate the route summarization for each router. Begin with RouterC, because it has two FastEthernet networks and RouterB has only one. After completing the table for RouterB, calculate the summarization for RouterC (it only advertises one route). Next, calculate the summarization for RouterA. It will summarize its own network on FastEthernet 0/0, the Serial networks, and the summary routes from RouterB and RouterC.
11000000.10101000.00000001.01000000 192.168.1.64
11000000.10101000.00000001.01100000 192.168.1.96
11000000.10101000.00000001.01000000
192.168.1.64/2
11000000.10101000.00000001.00100000
NA NA
192.168.1.32
111000000.10101000.00000001.00100000
192.168.1.32
11000000.10101000.00000001.10000000
NA
192.168.1.128
NA
11000000.10101000.00000001.00000100
192.168.1.4
192.68.1.0/24
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 2
Objectives
Configure routers and hosts to use discontiguous subnets. Observe the effects of discontiguous subnets on routing tables. Modify the existing configuration to improve results.
Page 1 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
Good VLSM implementation requires assigning subnets contiguously. However, meeting network design requirements can result in subnets that are separated by a different network. In this lab, according to a VLSM scheme, subnets assigned to two LANs are separated from each other by a public network connecting the two routers. The results of this condition are seen in the routing tables. After the problem has been identified, you will take steps to improve the ability of the routers to report all the existing routes. The following resources are required: Three routers with 2 serial connections and 1 Ethernet interface to connect to a switch Three Cisco 2960 switches or other comparable switches Three Windows-based PCs, one with a terminal emulation program, and both set up as hosts At least one RJ-45-to-DB-9 connector console cable to configure the routers and switches Six straight-through Ethernet cables to connect from the routers to the switches and from the hosts to the switches
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect the Fa0/0 interface of each router to the Fa0/1 interface on the corresponding switch. e. Connect a PC with a console cable to perform configurations on the routers and switches. f. Connect each host PC to the Fa0/2 interface on its switch using a straight-through cable.
Step 4: Configure the hosts with the proper IP address, subnet mask, and default gateway
Configure each host with the proper IP address, subnet mask, and default gateway. From the configurations given, what would be the next available subnetwork IP address on the 172.30.3.0 172.30.0.0 network? _________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 5
Setiap router hanya melaporkan dua jaringan terhubung What problem do you see in the routing tables? ________________________________________
______________________________________________________________________________ berhubungan rute. Rute subnet yang hilang.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Router menggunakan RIP saat turut berpartisipasi dalam jaringan yg tdk berhubungan tanpa ______________________________________________________________________________
______________________________________________________________________________ b. On each router, issue the commands to correct this problem. A sample command and output for Main is shown. Main(config-router)#version 2 Main(config-router)#end Main#show ip route <<output omitted>> Gateway of last resort is not set 10.0.0.0/30 is subnetted, 3 subnets C 10.0.0.0 is directly connected, Serial0/0/0 C 10.0.0.4 is directly connected, Serial0/0/1 R 10.0.0.8 [120/1] via 10.0.0.2, 00:00:08, Serial002/0 [120/1] via 10.0.0.6, 00:00:02, Serial0/0/1 172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks R 172.30.0.0/16 [120/1] via 10.0.0.2, 00:00:08, Serial0/0/0 [120/1] via 10.0.0.6, 00:00:02, Serial0/0/1 C 172.30.0.0/24 is directly connected, FastEthernet0/0 c. Re-examine the routing tables carefully. Explain why, even though each router now has RIP routes, there is still a problem with the tables. ______________________________________________________________________________ What should be done to correct the problem? ______________________________________________________________________________
menentukan versi 2. RIP versi 1 adalah classful dan tidak melaporkan informasi subnet.
d. On all three routers, issue the command to correct this issue. A sample for Main is shown. Main(config-router)#no auto-summary
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
Main#show ip route <<output omitted>> Gateway of last resort is not set 10.0.0.0/30 10.0.0.0 10.0.0.4 10.0.0.8 is subnetted, 3 subnets is directly connected, Serial0/0/0 is directly connected, Serial0/0/1 [120/1] via 10.0.0.2, 00:00:02, Serial0/0/0 [120/1] via 10.0.0.6, 00:00:02, Serial0/0/1 172.30.0.0/16 is variably subnetted, 4 subnets, 2 masks 172.30.0.0/16 [120/1] via 10.0.0.2, 00:00:32, Serial0/0/0 [120/1] via 10.0.0.6, 00:00:29, Serial0/0/1 172.30.0.0/24 is directly connected, FastEthernet0/0 172.30.1.0/24 [120/1] via 10.0.0.2, 00:00:02, Serial0/0/0 172.30.2.0/24 [120/1] via 10.0.0.6, 00:00:02, Serial0/0/1
C C R
R C R R
Are all expected routes being reported now? __________ Why are there two routes reported to the 10.0.0.8 subnetwork? ______________________________________________________________________________
Step 9: Reflection
a. When would it be important to view all possible routes in a routing table?
selama pemecahan masalah, atau ketika menangkap sepenuhnya berfungsi jaringan sebagai dasar. _______________________________________________________________________________
_______________________________________________________________________________ b. RIP version 2 supports VLSM, but changing to version 2 did not fully resolve the problem. Why?
Apakah versi 1 atau versi 2, RIP masih merupakan protokol distance vector, dan protokol distance _______________________________________________________________________________
_______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Loopback 0 Address
172.16.1.1/32
cisco cisco
Objectives
Configure a router to use network address translation (NAT) to convert internal IP addresses, typically private addresses, into outside public addresses. Verify connectivity. Verify NAT statistics.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
An ISP has allocated to a company the public classless interdomain routing (CIDR) IP address 209.165.200.224/27. This provides them with 30 public IP addresses. Because the company has an internal requirement for more than 30 addresses, the IT manager decides to implement NAT. The addresses 209.165.200.225 to 209.165.200.241 are for static allocation and 209.165.200.242 to 209.165.200.254 are for dynamic allocation. Routing will be done between the ISP and the gateway router used by the company. A static route will be used between the ISP and the gateway router, and a default route will be used between the gateway and the ISP router. The ISP connection to the Internet will be represented by a loopback address on the ISP router. This lab focuses on the basic configuration of the Cisco 1800 router, or comparable router, using Cisco IOS commands. The information in this lab applies to other routers; however, command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network.
The following resources are required: One Cisco 2960 switch or other comparable switch Two routers, each with a serial connection and one Ethernet interface to connect to the switch Two Windows-based PCs for hosts, one with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the router and switches Three straight-through Ethernet cables to connect from the router to Switch 1 and to connect both hosts to the switch One serial cable to connect from Router 1 to Router 2
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
d. Connect both hosts to Fa0/2 and Fa0/3 on the switch using straight-through cables.
Step 5: Configure the hosts with the proper IP address, subnet mask, and default gateway
a. Configure each host with the proper IP address, subnet mask, and default gateway. Host 1 should be assigned 10.10.10.2/24 and Host 2 should be assigned 10.10.10.3/24. The default gateway should be 10.10.10.1. b. Each workstation should be able to ping the attached router. If the ping was not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
b. Try to ping from one of the workstations to the ISP serial interface IP address. Was the ping successful? Tidak __________
Step 10: Define an access list that will match the inside private IP addresses
To define the access list to match the inside private addresses, use the access-list command. Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255
Step 11: Define the NAT translation from inside list to outside pool
To define the NAT translation, use the ip nat inside source command. Gateway(config)#ip nat inside source list 1 pool public_access
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
no Is the ping successful? __________ Tidak ada rute ke 10.10.10.2. Why? ______________________________________________________________________
c. From the ISP router, ping 209.165.200.224. If successful, look at the NAT translation on the Gateway router, using the command show ip nat translations. What is the translation of the inside local host addresses? ____________________________________ = ____________________________________
setiap kali ada tidak cukup alamat IP atau untuk menyembunyikan alamat Why would NAT be used in a network? __________________________________________________
__________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
172.16.1.1/32
cisco cisco
Objectives
Configure a router to use network address translation (NAT) to convert internal IP addresses, typically private addresses, into outside public addresses. Verify connectivity. Verify NAT statistics.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
An ISP has allocated a company the public classless interdomain routing (CIDR) IP address 209.165.200.224/27. This provides them with 30 public IP addresses. Because the company has an internal requirement for more than 30 addresses, the IT manager decides to implement NAT. The addresses 209.165.200.225 to 209.165.200.241 are for static allocation and 209.165.200.242 to 209.165.200.254 are for dynamic allocation. Routing will be done between the ISP and the gateway router used by the company. A static route will be used between the ISP and the gateway router, and a default route will be used between the gateway and the ISP router. The ISP connection to the Internet will be represented by a loopback address on the ISP router. This lab focuses on the basic configuration of the Cisco 2800 router, or comparable router, using Cisco IOS commands. The information in this lab applies to other routers; however, command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: One Cisco 2960 switches or other comparable switch Two routers, each with a serial connection and one Ethernet interface to connect to the switch Two Windows-based PCs for hosts, one with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the router and switches Three straight-through Ethernet cables to connect from the router to Switch 1 and to connect both hosts to the switch One serial cable to connect from Router 1 to Router 2
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect both hosts to Fa0/2 and Fa0/3 on the switch using straight-through cables.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Step 5: Configure the hosts with the proper IP address, subnet mask, and default gateway
a. Configure each host with the proper IP address, subnet mask, and default gateway. Host 1 should be assigned 10.10.10.2 /24 and Host 2 should be assigned 10.10.10.3 /24. The default gateway should be 10.10.10.1. b. Each workstation should be able to ping the attached router. If the ping was not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.
What command checks the routing table contents? _____________________________ If the route was not in the routing table, give one reason why this might be so? ______________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Step 10: Define an access list that will match the inside private IP addresses
To define the access list to match the inside private addresses, use the access-list command. Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255
Step 11: Define the NAT translation from inside list to outside pool
To define the NAT translation, use the ip nat inside source command. Gateway(config)#ip nat inside source list 1 pool public_access
14 How many addresses are in the pool? __________ 2 How many addresses have been allocated so far? __________
Step 15: Reflection
setiap kali ada tidak cukup alamat IP atau untuk menyembunyikan alamat Why would NAT be used in a network? __________________________________________________
__________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
172.16.1.1/32
class class
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
Background / Preparation
An ISP has allocated to a company a single IP address, 209.165.201.33, to be used on the Internet connection from the company gateway router to the ISP. A static route will be used between the ISP and the gateway router, and a default route will be used between the gateway and the ISP router. The ISP connection to the Internet will be represented by a loopback address on the ISP router. In this lab, you will configure the gateway router to use PAT to convert multiple internal addresses into the one usable public address. You will test, view, and verify that the translations are taking place, and you will interpret the NAT/PAT statistics to monitor the process. The following resources are required: One Cisco 2960 switch or other comparable switch Two routers, each with a serial connection and one Ethernet interface to connect to the switch Two Windows-based PCs, one with a terminal emulation program, and both set up as hosts At least one RJ-45-to-DB-9 connector console cable to configure the router and switches Three straight-through Ethernet cables to connect from the router to Switch 1 and to connect both hosts to the switch One serial cable to connect from Router 1 to Router 2
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect both hosts to ports Fa0/2 and Fa0/3 on the switch using straight-through cables.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 5: Configure the hosts with the proper IP address, subnet mask, and default gateway
Configure each host with the proper IP address, subnet mask, and default gateway. Both hosts should receive IP addresses in the 10.10.10.0/24 network. The default gateway should be the FastEthernet interface IP address of the Gateway router.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Ya Jika ping tidak berhasil, memecahkan masalah router dan konfigurasi host Is the ping successful? ______
If the ping is not successful, troubleshoot the router and host configurations and retest.
Step 10: Define an access list that will match the inside private IP addresses
To define the access list to match the inside private addresses, use the access-list command. Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255
Step 11: Define the NAT translation from inside list to outside pool
To define the NAT translation, use the ip nat inside source command. Gateway(config)#ip nat inside source list 1 pool public_access overload
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
How can you tell that PAT is using a single IP address for all translations? _________________ ____________________________________________________________________________ What feature of the translation chart illustrates how PAT is able to keep each data translation separate from the others? _______________________________________________________ Alamat global di dalam tetap sama, terlepas dari alamat lokal di dalamnya. ____________________________________________________________________________
Step 15: Adjust the Gateway configuration to use an alternate PAT approach
a. Clear the NAT translation table. Gateway#clear ip nat translation * b. Remove the command that created a NAT pool. Gateway(config)#no ip nat pool public_access 209.165.201.33 209.165.201.33 netmask 255.255.255.252 c. Remove the command that associated the pool with your ACL. Gateway(config)#no ip nat inside source list 1 pool public_access overload d. Enter a command that associates the source list with the outside interface. Gateway(config)#ip nat inside source list 1 interface serial 0/0/0 overload e. Verify that this alternate approach works by generating traffic from the hosts to the loopback, and then by using the show ip nat statistics and show ip nat translations commands. Results should be similar to those achieved using the NAT pool.
PAT meminimalkan jumlah ruang alamat publik yang diperlukan untuk What advantages does PAT provide? __________________________________________________
__________________________________________________________________________________
menyediakan akses Internet, dan bahwa PAT, seperti NAT, berfungsi untuk menyembunyikan jaringan pribadi dari dunia luar.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Objective
Create an efficient and reliable network design with redundancy
Background / Preparation
Recently the New York router failed and the entire east coast operations lost 16 hours of production. The estimated cost of the outage was $600,000. The network engineering office has been provided additional money to create a more redundant network in an attempt to minimize future outages.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
The head of design office has tasked you as the lead designer. With a budget of $5400 for monthly fees, you must meet the following design requirements. A minimum of three T-1 links must connect the east and west coast operations. Each router must have at least one 64 Kbps redundant link. Each router must also have at least two paths between the east and west coast operations. The failure of one device should not affect the connectivity of another site.
The east coast consist of the New York, Miami, Atlanta, Boston, and Buffalo routers, while the west coast consist of the Phoenix, Denver, Boise, Seattle, and Oakland routers. Cost for new circuits: $400 month 64 Kbps circuit $1900 month - 1.544 Mbps (T-1) circuit
d. Does each site on the west coast have two paths to the east coast? e. Will one device failure affect multiple sites?
Reflection
a. What network topology was implemented before adding redundancy? Extended Star
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
Curriculum Name Course Name: Chapter Name b. What network topology is now implemented after adding redundancy? Partial Mesh
c.
redundancy minimizes the impact that the failure of a single piece of equipment has on the operation of the network.
d. What is a disadvantage to using the topology implemented after redundancy was added?
e. Why would a company, such as the one in this case, suddenly decide to implement the type of topology used in step b? In this case, the company lost 16 hours of production and $600,000 to the company. No
the increased cost of providing redundant links and equipment. Smaller companies may not be able to afford the cost.
company wants to lose sales or time that causes a loss in profit to their company.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 3
Lab 5.2.3 Configuring RIPv2 with VLSM, and Default Route Propagation
Device
Router1 Router2 Router3 Switch1 Switch2 PC 1 PC 2 PC 3
Host Name
R1 R2 R3 S1 S2 Host1 Host2 ISP
Default Gateway
Objectives
Configure a three-router topology using VLSM. Configure RIP version 2 as the routing protocol. Configure and propagate a default route through RIP.
Background / Preparation
Set up a network similar to the one in the topology diagram. This lab presents a three-router corporate network using variably-subnetted private IP addressing. From one router, a public network connection to a
Discovery 3 Ch. 3 Lab 2.3.6 Page 1 of 4
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers - If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect PC1 to Switch1 and PC2 to Switch 2 with straight-through cables. e. Connect PC3 to Router3s Fa0/0 interface with a crossover cable. f. Connect a PC with a console cable to perform configurations on the routers and switches.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Step 4: Configure the hosts with the proper IP address, subnet mask, and default gateway.
a. Configure each host with the proper IP address, subnet mask, and default gateway. Host1 should be assigned 172.16.1.2/24 and Host 2 should be assigned 172.16.2.2 /24. Host3, which is used to simulate Internet access, should be assigned 209.165.201.2/24. All three PCs use their attached routers Fa0/0 interface as the default gateway. b. Each workstation should be able to ping the attached router. If the ping was not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.
Fa0/0, S0/0/0 b. From the network commands, which interfaces are participating in RIP routing? _____________
c. Perform a similar configuration on R2, setting the version, advertising the appropriate networks, and turning off auto-summarization
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
R R C C C S*
How can you tell from the routing table that the subnetted network shared by R1, R2 and R3 has a pathway for Internet traffic?
There is a Gateway of Last Resort, and the default route shows up in the table. ______________________________________________________________________________
b. View the routing tables on R2 and R1. How is the pathway for Internet traffic provided in their routing tables?
There is a Gateway of Last Resort leading to R3, and the default route shows up as a distributed RIP ______________________________________________________________________________ route.
Step 8: Verify connectivity.
a. Simulate sending traffic to the Internet by pinging from the host PCs to 209.165.201.2.
Step 9: Reflection.
a. How did R1 and R2 learn the pathway to the Internet for this network? From RIP routing updates received from the router where the route was configured (R3). _______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Device
Router1
Host Name
Gateway
Router2
Branch1
10.0.0.2/30
DTE
10.0.0.9/30
DCE
class
cisco
Router3
Branch2
10.0.0.6/30
DTE
10.0.0.10/30
DTE
class
cisco
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Objectives
Configure a three-router topology with EIGRP and MD5 authentication. Verify EIGRP configuration and route table population.
Background / Preparation
Set up a network similar to the one in the diagram. This lab presents a two-router corporate network using four Class C private networks. Each router has one LAN attached to a Fast Ethernet interface. There are two serial connections between the two routers. The following resources are required: Two Cisco 1841 or comparable routers (must have at least 1 Ethernet and 2 serial ports) Two Cisco 2960 switches or other comparable switches Two Windows-based PCs, each with a terminal emulation program Two RJ-45-to-DB-9 connector console cables Two serial cables to connect Router1 to Router2 Four straight-through Ethernet cables (PC1 to Switch1, PC2 to Switch2, Switch1 to R1, and Switch2 to Router2) Access to the PC command prompt Access to PC network TCP/IP configuration
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Step 4: Configure MD5 Authentication a. Create a keychain named discchain. b. Configure a key 1 that has a key string of san-fran. c. Enable the workgroup router to utilize EIGRP MD5 authentication with each of your EIGRP neighbors and to use the keychain icndchain.
Branch1(config)#key chain discchain Branch1(config-keychain)#key 1 Branch1(config-keychain-key)#key-string san-fran Branch1(config-keychain-key)#end Branch1#config terminal Branch1(config)#interface serial0/1/1 Branch1(config-if)#ip authentication mode eigrp 100 md5 Branch1(config-if)#ip authentication key-chain eigrp 100 discchain (repeat for all routers on all necessary interfaces)
d. Look at the contents of the Router1 routing table to ensure all routing updates are being accepted.
Gateway#show ip route List the routes that are shown: _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Step_______________________________________________________________________________ 1: Connect the equipment Connect Router1 to Router2 and Router3 using serial cables. _______________________________________________________________________________ Connect Router2 to Router3 using serial cables. Connect a PC with a console cable to perform configurations on the routers. Step 2: Perform basic configurations on the routers Establish a console session with Router1 and configure hostname, passwords, and interfaces as described in the table. Save the configuration. Establish a console session with Router2 and perform a similar configuration, using the addresses and other information from the table. Save the configuration. Establish a console session with Router3. Configure hostname, passwords, and interfaces according to the table. Save the configuration. Step 3: Configure EIGRP routing with default commands On Gateway, configure EIGRP as the routing protocol with an autonomous system number of 100, and advertise the appropriate networks. Gateway(config)#router eigrp 100 Gateway(config-router)#network 10.0.0.0 Gateway(config-router)#network 10.0.0.4 Predict: How will EIGRP report these subnets in the routing table? Step 4: Configure MD5 Authentication Create a keychain named discchain. Configure a key 1 that has a key string of san-fran. Enable the workgroup router to utilize EIGRP MD5 authentication with each of your EIGRP neighbors and to use the keychain icndchain. Step 5: Reflection What is the importance of enabling authentication on the routing updates? Digg
_______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Lab 5.4.2.4 EIGRP Configuring Automatic and Manual Route Summarization and Discontiguous Subnets
Device
Router1
Host Name
Gateway
Router2
Branch1
10.0.0.2/30
DTE
10.0.0.9/30
DCE
class
cisco
Router3
Branch2
10.0.0.6/30
DTE
10.0.0.10/30
DTE
class
cisco
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Background / Preparation
Set up a network similar to the one in the topology diagram. This lab presents a three-router corporate network using variably subnetted private IP addressing. On Branch1and Branch2, loopbacks simulate LANs attached to those routers. The design creates discontiguous subnets on the routers which will be hidden when EIGRP is configured with automatic summarization as the default. You will disable automatic summarization and configure manual summarization to verify that the routers share subnet information. The following resources are required: Three Cisco 1841 routers or comparable routers At least one PC with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable Serial cables to connect R1 to both R2 and R3, and to connect R2 to R3
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
Perform a similar configuration on Branch2, using EIGRP 100 and advertising the appropriate networks.
The subnets configured for the 172.16.0.0 and 172.17.0.0 networks are absent. ______________________________________________________________________________
Why are there two paths reported for the 10.0.0.8/30 route?
Because no bandwidth commands have been configured, EIGRP has two equal-cost paths to report. _______________________________________________________________________________
_______________________________________________________________________________
D D D D D D D D D D
Are all subnets represented in the table? __________ What kind of interface is Null0? _____________________________________________________
On Branch2, configure manual summarization to force EIGRP to summarize only the 172.17.0.0 ______________________________________________________________________________ subnets.
______________________________________________________________________________
Step 7: Reflection
a. Although removing automatic summarization solved the issue of missing subnets, what possible problem could it cause?
The routing table is very long, and that will slow down the lookup process. _______________________________________________________________________________
_______________________________________________________________________________ b. How could removing automatic summarization help in troubleshooting an EIGRP network? _______________________________________________________________________________ Checking the output against all possible subnets will reveal which subnet(s) are missing. Those are the
:Less equipment required, less time to set up and cable equipment. _______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Host Name R1 R2 S1
Objectives
Set up an IP addressing scheme for OSPF Area 0. Configure and verify OSPF routing. View the routing table. Verify connectivity.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
In this lab, you will cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed in the addressing table may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to 1841 routers. Other routers may be used; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: One Cisco 2960 switch or other comparable switch Two routers, each with a serial connection and an Ethernet interface Two Windows-based PCs, each with a terminal emulation program, and each set up as a host At least one RJ-45-to-DB-9 connector console cable to configure the routers and switch Two straight-through Ethernet cables One crossover Ethernet cable One 2-part (DTE/DCE) serial cable
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect Host 1 to the Switch 1 Fa0/2 port using a straight-through cable. e. Connect a crossover cable between Host 2 and the Fa0/0 interface of Router 2.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 5: Configure the hosts with the proper IP address, subnet mask, and default gateway
a. Configure each host with the proper IP address, subnet mask, and default gateway. 1) Host 1 should be assigned 192.168.1.130/26 and the default gateway of 192.168.1.129. 2) Host 2 should be assigned 192.168.0.2/24 and the default gateway of 192.168.0.1. b. Each workstation should be able to ping the attached router. If the ping was not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
Step 9: Reflection
a. What is an advantage of using OSPF as the routing protocol in a network?
that OSPF is efficient, provides fast convergence, and scales well in large networks. ________________________________________________________________________________
b. What is a disadvantage of using OSPF as the routing protocol in a network?
that OSPF is more difficult to configure and requires proper planning. ________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Host Name R1 R2 S1
Objectives
Perform basic router configuration. Perform basic single area OSPF configuration. Configure OSPF authentication. Verify OSPF authentication.
Background / Preparation
In this lab, you will cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed in the addressing table may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, or any combination can be used. The information in this lab applies to 1841 routers. Other routers may be used; however, command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect Host 1 to the Switch 1 Fa0/2 port using a straight-through cable. e. Connect a crossover cable between Host 2 and the Fa0/0 interface of Router 2.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
b. Verify the OSPF configuration using the show ip route command on both routers. R1#show ip route R2#show ip route
Configure single area OSPF on R1 and Does the 192.168.1.0/24 network appear in the routing table of R1? __________
Does the 192.168.0.0/24 network appear in the routing table of R2? __________
R2. All interfaces will belong to Area 0. Verify the OSPF configuration using the show ip route command on both routers.
OSPF allows for both plain text authentication and encrypted authentication. Because plain text authentication is as insecure as having no authentication, Message Digest 5 (MD5) authentication is used. Configuring OSPF authentication is a two-step process. First, it is enabled on a router for an area, and then it is configured on the interfaces in that area. a. Enable MD5 authentication in Area 0 on both routers. R1(config)#router ospf 1 R1(config-router)#area 0 authentication message-digest R2(config)#router ospf 1 R2(config-router)#area 0 authentication message-digest b. Enable OSPF authentication on S0/0/0 of R1. R1(config)#interface s0/0/0 R1(config-if)#ip ospf message-digest-key 10 md5 secretpassword c. Using the show ip ospf neighbor command, view the neighbors known to R1. R1#show ip ospf neighbor Does R1 show any OSPF neighbors? ________________________________________________________________________________ Why or why not? ________________________________________________________________________________ d. Watch the terminal output from R1 for several seconds. What OSPF message was displayed when the MD5 authentication was set on R1 S0/0/0? ________________________________________________________________________________ e. Enable OSPF authentication on S0/0/0 of R2. R2(config)#interface s0/0/0 R2(config-if)#ip ospf message-digest-key 10 md5 secretpassword f. Now, recheck the neighbour status between R1 and R2. R1#show ip ospf neighbor Do R1 and R2 have a neighbor relationship established now? __________ What OSPF console message did you see after the MD5 authentication was set on R2 S0/0? ________________________________________________________________________________ g. Ping from Host 1 to Host 2 to verify connectivity. Can Host 1 ping Host 2? __________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
To prevent unauthorized access to routing information or to prevent unauthorized injection of routing ________________________________________________________________________________ information into the network. Routers in an OSPF area will only form adjacencies with other routers that ________________________________________________________________________________ have authentication set.
________________________________________________________________________________ ________________________________________________________________________________ b. Can one OSPF area have different OSPF configuration parameters than another area?
Yes, different areas can be configured differently as well as different interfaces ________________________________________________________________________________
________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Device R1 R2 R3
Objectives
Configure OSPF routing on all routers. Verify OSPF routing using show commands. Configure loopback addresses to dictate DR/BDR election. Verify DR/BDR election.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Background / Preparation
This lab focuses on the configuration of multiple OSPF routers attached to a muti-access Ethernet network to control the outcome of the DR/BDR election. The lab uses Cisco IOS commands. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to 1841 routers. Other routers may be used; however, command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0, Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. Any Cisco Catalyst switch may be utilized. The default configuration of the switch will perform properly for this exercise. The following resources are required: One Cisco 2960 switch or other comparable switch Three Cisco routers with at least 1 FastEthernet interface (preferably the same model number and IOS version) One Windows-based PC with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the routers Three straight-through Ethernet cables to connect the routers to the switch
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
Do all routers show that they have established a neighbor relationship with the other routers? __________ c. Use the show ip ospf neighbor detail command on R1 to determine which routers are the DR and BDR. Which router is the DR? ___________ Which router is the BDR? __________ What factor determined which router was the DR and which was the BDR in this scenario? ________________________________________________________________________________
What is the default interface priority for the Fa0/0 interfaces? _____________ b. Configure interface priorities on R1 and R2 to determine the DR/BDR election results. R1(config)#interface fa0/0 R1(config-if)#ip ospf priority 25 R1(config-if)#end R2(config)#interface fa0/0 R2(config-if)#ip ospf priority 50 R2(config-if)#end c. Use the show ip ospf neighbor command to determine the DR and BDR. Have the DR and the BDR changed? __________ d. Use the clear ip ospf 1 process command on all of the routers to reset the OSPF processes. e. Again use the show ip ospf neighbor command to determine which router is the DR and which is the BDR. Which router is now the DR? ___________ Which router is now the BDR? __________ f. Use the show ip ospf interface command again on R1 and R2 to confirm the priority settings and DR/BRD status on the routers. R1#show ip ospf interface FastEthernet0/0 is up, line protocol is up Internet Address 192.168.1.1/24, Area 0 Process ID 1, Router ID 10.0.3.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State BDR, Priority 25 Designated Router (ID) 10.0.2.1, Interface address 192.168.1.2 Backup Designated router (ID) 10.0.3.1, Interface address 192.168.1.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:00 Supports Link-local Signaling (LLS) Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 2 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 2, Adjacent neighbor count is 2 Adjacent with neighbor 10.0.1.1 Adjacent with neighbor 10.0.2.1 (Designated Router) Suppress hello for 0 neighbor(s) R2#show ip ospf interface FastEthernet0/0 is up, line protocol is up Internet Address 192.168.1.2/24, Area 0 Process ID 1, Router ID 10.0.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 50 Designated Router (ID) 10.0.2.1, Interface address 192.168.1.2 Backup Designated router (ID) 10.0.3.1, Interface address 192.168.1.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:00 Supports Link-local Signaling (LLS)
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 6
Step 7: Reflection
List the criteria used from highest to lowest for determining the DR on an OSPF network.
Highest is interface priority. Next is highest router ID which is determined by the highest loopback address, or ____________________________________________________________________________________ in the event of no loopbacks being configured, it is the highest active interface address.
____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Device R1
Routing Protocol OSPF area 0 OSPF area 0 OSPF area 0 OSPF area 0 OSPF area 0 OSPF area 0
R2
R3
Objectives
Configure OSPF routing on all routers. Verify OSPF routing using show commands. Configure loopback OSPF cost parameters to influence route selection.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
This lab focuses on the configuration of multiple OSPF routers attached to a muti-access Ethernet network to control the outcome of the DR/BDR election. The lab uses Cisco IOS commands. Any router that meets the interface requirements displayed in the addressing table may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to the 1841 router. Other routers may be used; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0, Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. Any Cisco Catalyst switch may be utilized. The default configuration of the switch will perform properly for this exercise. The following resources are required: Three Cisco routers with at least 2 serial interfaces (preferably the same model number and IOS version) One Windows-based PC with a terminal emulation program At least one RJ-45-to-DB-9 connector console cables to configure the routers Three serial crossover cables to connect the routers
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
C C
Do all routers show that they have paths to all other networks? __________ b. Use the show interfaces serial 0/0/0 command to determine the bandwidth settings on the serial interfaces. Serial0/0/0 is up, line protocol is up Hardware is GT96K Serial Internet address is 192.168.1.1/30 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 <*** output omitted ***> What is the current bandwidth setting of the interface? ____________________ Do the interface bandwidth values match the clock rates set by the configuration__________ What path(s) would R1 take to get to the 10.0.0.0 network? ________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
There is a T1 (1.544 Mbps) speed link from R1 to R3 and a 64 Kbps link How is this cost calculated? ________________________________________________________ from R3 to get to the 10.0.0.0/30 network. The cost of the T1 link is 64 (100,000,000 / 1,544,000) and the cost of the 64 Kbps link is 1562 _______________________________________________________________________________ (100,000,000 / 64,000). 64 + 1562 = 1626 total cost of route from R1 to 10.0.0.0. The router to the 10.0.0.0 network via R3 is now 2000 + 64 = 2064. Step 7: Reflection
_______________________________________________________________________________ a. What determines the path chosen by OSPF?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Device R1
IP Address 172.16.1.17 192.168.10.1 192.168.10.5 10.10.10.1 192.168.10.2 192.168.10.9 172.16.1.33 192.168.10.6 192.168.10.10 172.16.1.20 10.10.10.10 172.16.1.35
Subnet Mask 255.255.255.240 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.248 255.255.255.252 255.255.255.252 255.255.255.240 255.255.255.0 255.255.255.248
Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A N/A 172.16.1.17 10.10.10.1 172.16.1.33
class
cisco
R2
class
cisco
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 19
Objectives
Configure OSPF routing on all routers in a point-to-point WAN environment that includes LANs. Configure OSPF router IDs. Configure interface bandwidth and cost. Verify OSPF routing using show commands.
Background / Preparation
In this lab you will learn how to configure the routing protocol OSPF using the network shown in the topology diagram. The segments of the network have been subnetted using VLSM. OSPF is a classless routing protocol that provides subnet mask information in its routing updates. This allows VLSM subnet information to be propagated throughout the network. This lab uses an 1841 router and Cisco IOS commands. Any router that meets the interface requirements displayed in the addressing table may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to 1841 routers. Other routers may be used; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0, Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: Three Cisco 2960 switches or other comparable switch (optional if using crossover cables between the PCs and routers) Three Cisco 1841 or comparable routers with 2 serial interfaces and 1 FastEthernet interface (preferably the same model number and IOS version) Three Windows-based PCs with a terminal emulation program and set up as hosts At least one RJ-45-to-DB-9 connector console cable to configure the routers and switches Six straight-through Ethernet cables to connect the router to the switch and the switch to the hosts Three serial crossover cables to connect the routers
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 19
Step 3: Configure the router interfaces Step 4: Verify IP addressing and interfaces
a. Use the show ip interface brief or the show protocols command to verify that the IP addressing is correct and that the interfaces are active. b. After all interfaces are verified, be sure to save the running configuration to the NVRAM of the router.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 19
R2#show ip ospf neighbor Neighbor ID 10.3.3.3 10.1.1.1 Pri 0 0 State FULL/FULL/Dead Time 00:00:36 00:00:37 Address 192.168.10.10 192.168.10.1 Interface Serial0/0/1 Serial0/0/0
R3#show ip ospf neighbor Neighbor ID 10.2.2.2 10.1.1.1 Pri 0 0 State FULL/FULL/Dead Time 00:00:34 00:00:38 Address 192.168.10.9 192.168.10.5 Interface Serial0/0/1 Serial0/0/0
g. Use the router-id command to change the router ID on the R1 router. NOTE: Some IOS versions do not support the router-id command. If this command is not available, continue to Step 10. R1(config)#router ospf 1 R1(config-router)#router-id 10.4.4.4 Reload or use the clear ip ospf process command for this to take effect. If this command is used on an OSPF router process that is already active (has neighbors), the new router ID is used at the next reload or at a manual OSPF process restart. To manually restart the OSPF process, use the clear ip ospf process command. R1#(config-router)#end R1#clear ip ospf process Reset ALL OSPF processes? [no]:yes R1# h. Use the show ip ospf neighbor command on router R2 to verify that the router ID of R1 has been changed. R2#show ip ospf neighbor Neighbor ID 10.3.3.3 10.4.4.4 i. Pri 0 0 State FULL/FULL/Dead Time 00:00:36 00:00:37 Address 192.168.10.10 192.168.10.1 Interface Serial0/0/1 Serial0/0/0
Remove the configured router ID with the no form of the router-id command. R1(config)#router ospf 1 R1(config-router)#no router-id 10.4.4.4 Reload or use the clear ip ospf process command for this to take effect.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 19
b. On the R1 router, use the show ip protocols command to view information about the routing protocol operation. The information that was configured in the previous steps, such as protocol, process ID, neighbor ID, and networks, is shown in the output. The IP addresses of the adjacent neighbors are also shown. R1#show ip protocols Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 10.1.1.1 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 172.16.1.16 0.0.0.15 area 0 192.168.10.0 0.0.0.3 area 0 192.168.10.4 0.0.0.3 area 0 Routing Information Sources: Gateway Distance Last Update 10.2.2.2 110 00:11:43 10.3.3.3 110 00:11:43 Distance: (default is 110) The output specifies the process ID used by OSPF. The process ID must be the same on all routers for OSPF to establish neighbor adjacencies and share routing information.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 19
C O C O C C O R1#
Unlike RIPv2 and EIGRP, OSPF does not automatically summarize at major network boundaries.
C O C O C C O R1#
The path cost of 65 to the 10.10.10.0 network results from a WAN serial link cost of 64 plus the LAN FastEthernet link cost of 1.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 19
g. An alternative to using the bandwidth command is to use the ip ospf cost command, which allows you to directly configure the cost. Use the ip ospf cost command to change the bandwidth of the serial interfaces of the R3 router to 1562. R3(config)#interface serial0/0/0 R3(config-if)#ip ospf cost 1562 R3(config-if)#interface serial0/0/1 R3(config-if)#ip ospf cost 1562
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 19
supports VLSM and CIDR, uses cost metrics to choose the best path, and each router has a complete picture ____________________________________________________________________________________
____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 19
Device R1 R2 R3
Objectives
Configure OSPF on a multi-access network. Configure OSPF priority. Control the OSPF election process. Verify the OSPF configuration and DR/BDR/DROTHER status.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 19
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
In this lab, you will learn to configure OSPF on a multi-access Ethernet network. You will also learn to use the OSPF election process to determine the designated router (DR), backup designated router (BDR), and DRother states. This lab uses 1841 routers and Cisco IOS commands. The information in this lab applies to 1841 routers. Other routers may be used; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0, Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: One Cisco 2960 switch or other comparable switch Three Cisco 1841 or comparable routers with 1 FastEthernet interface (preferably the same model number and IOS version) Three Windows-based PCs with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the router Three straight-through Ethernet cables to connect the routers to the switch
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
Step 2: Perform basic configurations on the routers Step 3: Configure and activate Ethernet and Loopback addresses Step 4: Verify IP addressing and interfaces
a. Use the show ip interface brief or the show protocols command to verify that the IP addressing is correct and that the interfaces are active. b. After all interfaces are verified, be sure to save the running configuration to the NVRAM of the router.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 15 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 16 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 19
R3: R3(config)#interface fastethernet0/0 R3(config-if)#shutdown %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down 02:17:22: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.31.22 on FastEthernet0/0 from FULL to Down: Interface down or detached 02:17:22: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.31.11 on FastEthernet0/0 from FULL to Down: Interface down or detached e. Re-enable the FastEthernet 0/0 interface on the R2 router. R2(config-if)#no shut R2(config-if)#end f. Re-enable the FastEthernet 0/0 interface on the R1 router. R1(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up 02:31:43: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.31.22 on FastEthernet0/0 from EXCHANGE to FULL, Exchange Done An adjacency is formed with the R2 router. It may take up to 40 seconds for the R2 router to send a hello packet. g. Use the show ip ospf neighbor command on the R1 router to view the OSPF neighbor information for that router. Even though the R2 router has a higher router ID than R1, the R2 router has been set to a state of DRother because the OSPF priority has been set to 0. R1#show ip ospf neighbor Neighbor ID Pri State 192.168.31.22 0 FULL/DROTHER R1# Dead Time 0:00:33 Address 192.168.1.2 Interface FastEthernet0/0
h. Re-enable the FastEthernet 0/0 interface on the R3 router. R3(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up 02:37:32: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.31.11 on FastEthernet0/0 from LOADING to FULL, Loading Done 02:37:36: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.31.22 on FastEthernet0/0 from EXCHANGE to FULL, Exchange Done An adjacency is formed with the R1 and R2 routers. It may take up to 40 seconds for both the R1 and R2 routers to each send a hello packet.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 18 of 19
Step 9: Reflection
a. When the OSPF process starts, what happens if there is no active interface on the router?
The DR is chosen with the highest OSPF priority value. The BDR is chosen with the second highest ________________________________________________________________________________
________________________________________________________________________________ d. What OSPF interface priority value prevents a router from being elected as a DR? __________ 0
priority value. If the priority is the same, the OSPF election for DR is decided on the highest Router ID.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 19 of 19
Device R1
Router Name R1
R2
R2
R3
ISP
IP Address/Mask Fa0/0 192.168.1.129/26 S0/0/0 = DCE 192.168.1.1/30 Fa0/0 192.168.0.1/24 S0/0/0 192.168.1.2/30 S0/0/1 200.20.20.2/30 S0/0/1 = DCE 200.20.20.1/30
192.168.31.22/32
192.168.1.0 192.168.0.0
class
cisco
138.25.6.33/32
class
cisco
Objectives
Set up an IP addressing scheme for the OSPF area. Configure and verify OSPF routing. Configure the OSPF network so that all hosts in the OSPF area can connect to outside networks.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
This lab focuses on the basic configuration of the Cisco 1800 series or comparable router using Cisco IOS commands. The information in this lab applies to other routers; however, command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0, Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0 or FastEthernet 0/0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: Two Cisco 2960 switches or other comparable switches Three Cisco 1841 or comparable routers with 2 serial interfaces and 1 FastEthernet interface Three Windows-based PCs, each with a terminal emulation program and set up as a host At least one RJ-45-to-DB-9 connector console cable to configure the routers Four straight-through Ethernet cables to connect the routers to the switches and the switches to the hosts Three serial cables to connect the routers
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
Step 5: Configure the hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. At this point, the workstations will not be able to communicate with each other.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
OSPF must know about the network or OSPF must have a default route. _______________________________________________________________________________
_______________________________________________________________________________ b. What does a router use to generate a gateway of last resort?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Objectives
Configure a three-router topology using VLSM. Configure OSPF as the routing protocol. Configure OSPF summary routes. Observe the effect of summarization on the routing table.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
In this lab, you will set up a network similar to the one in the topology diagram. This topology represents a three-router corporate network using variably-subnetted private IP addressing. From one router, a public network connection to a host PC simulates the corporate networks connection to the ISP. You will configure OSPF as the routing protocol for the corporate network You will also adjust the OSPF configuration to reduce the size of the routing tables. The following resources are required: Three Cisco 1841 or comparable routers Two Cisco 2960 or other comparable switches Three Windows-based PCs, at least one with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable Three serial cables One crossover Ethernet cable Four straight-through Ethernet cables Access to the PC command prompt Access to PC network TCP/IP configuration
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect Host 2 to Switch 2 and Host 3 to Switch 3 to the Fa0/2 interface using straight-through cables. e. Connect Host 1 to the Router 1 Fa0/0 interface using a crossover cable. f. Connect a PC with a console cable to perform configurations on the routers and switches.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 4: Configure the hosts with the proper IP address, subnet mask, and default gateway
a. Configure each host with the proper IP address, subnet mask, and default gateway for the network on which it resides. Host 1 should be assigned the address 209.165.201.1/24. Host 2 and Host 3 should be assigned IP addresses in the 192.168.10.0/28 and 192.168.10.32/28 networks respectively. All three PCs use the Fa0/0 interface of their attached router as their default gateway. b. Each workstation should be able to ping the attached router. If the ping is not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned the correct IP address and default gateway.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
b. Configure the summary route in router configuration mode, starting with area 0 range followed by the summary route and its mask. Border(config)#router ospf 1 Border(config-router)#area 0 range 192.168.10.0 255.255.255.128
This makes the job of the Border router simpler and easier, as it can represent the whole network with one __________________________________________________________________________________
__________________________________________________________________________________ Convergence will be improved, as Border will not have to issue updates on every problem on every subnet.
route. The ISP does not care about individual subnets; its job is simply to provide Internet access to the area.
smaller routing table, lower memory and processor requirements, fewer lookups needed. __________________________________________________________________________________
__________________________________________________________________________________ __________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Device
Host Name R1 R2
Router 1 Router 2
Objectives
Configure the serial interfaces on two routers to use PPP. Verify and test the link for connectivity.
Background / Preparation
Cable a network similar to the one shown in the topology diagram. Any router that has a single serial interface may be used for this lab. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination are acceptable. The information in this lab applies to other routers; however, command syntax may vary. Depending on the router model, the interfaces may be identified differently. For example, on some routers, Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The information in this lab applies to routers that use the Serial 0/0/0 notation. If the router in use differs, use the correct notation for the serial interface. The following resources are required: Two routers both with a serial interface Two Windows-based PCs, each with a terminal emulation program
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
show interface serial 0/0/0 (or whichever interface you select). _______________________________________________________________________________
_______________________________________________________________________________ When should you use the debug function in a router?
when you want to troubleshoot or to view what is occurring in real time on the network. Caution should _______________________________________________________________________________ be used to minimize the negative impact debugging has on network performance.
_______________________________________________________________________________ _______________________________________________________________________________ What is the default serial encapsulation on a Cisco router?
HDLC _________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Host Name R1 R2
Objectives
Configure PPP authentication using PAP and CHAP. Verify connectivity using show and debug commands.
Background / Preparation
Cable a network similar to the one shown in the topology diagram. Any router that has a single serial interface may be used for this lab. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination are acceptable. The information in this lab applies to other routers; however, command syntax may vary. Depending on the router model, the interfaces may be identified differently. For example, on some routers, Serial0 may be Serial0/0 or Serial0/0/0 and Ethernet0 may be FastEthernet0/0. The information in this lab applies to routers that use the Serial0/0/0 notation. If the router in use differs, use the correct notation for the serial interface.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
CHAP is the preferred protocol because CHAP periodically verifies the identity of the remote node _______________________________________________________________________________ using a three-way handshake. CHAP provides protection against playback attack through the use of a _______________________________________________________________________________ variable challenge value that is unique and unpredictable. Because the challenge is unique and _______________________________________________________________________________ random, the resulting hash value will be unique and random
_______________________________________________________________________________ b. Which PPP protocol is used for establishing a point-to-point link?
LCP _________________________
c. Which PPP protocol is used for configuring the various Network Layer protocols?
NCP _________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Host Name R1 R2 S1
Objectives
Configure standard ACLs to limit traffic. Verify ACL operation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
In this lab you will work with Standard ACLs to control network traffic based on host IP addresses. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab is based on the 1841 series router. Other routers may be used; however, command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network.
The following resources are required: One Cisco 2960 switch or other comparable switch Two Cisco 1841 series routers or equivalent, each with a serial and an Ethernet interface One Windows-based PC with a terminal emulation program and set up as a host At least one RJ-45-to-DB-9 console cable to configure the routers and switch Two straight-through Ethernet cables One 2-part DTE/DCE serial crossover cable
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 5: Configure the host with IP address, subnet mask, and default gateway
a. Configure the host with the proper IP address, subnet mask, and default gateway. The host should be assigned the address 192.168.200.10/24 and the default gateway of 192.168.200.1. b. The workstation should be able to ping the attached router. If the ping is not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.
Step 6: Configure RIP routing and verify end-to-end connectivity in the network
a. On Router 1, enable the RIP routing protocol and configure it to advertise both connected networks. b. On Router 2, enable the RIP routing protocol and configure it to advertise all three connected networks. c. Ping from Host 1 to the two loopback interfaces on Router 2.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
but there should be at least 8-16 How many matches are there for the first ACL statement (permit)? __________
R2#show access-lists Standard IP access list 1 permit 192.168.200.10 (16 matches) deny any
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
How many matches are there for the second ACL statement (deny)? __________ d. View the routing table on R2 using the show ip route command. What route is missing from the routing table? ________________________________________ The route is missing from the routing table because the ACL only permits packets from 192.168.200.10. RIP update packets from R1 are sourced from the router Serial 0/0/0 interface 192.168.100.1 and are denied by the ACL. Because R1 RIP updates advertising the 192.168.200.0 network are blocked by the ACL, R2 has no knowledge of the 192.168.200.0 network. The pings that were done earlier were not blocked by the ACL. They failed because R2 could not return the echo reply; R2 did not know how to get to the 192.168.200.0 network. This example shows why ACLs must be programmed carefully and tested thoroughly for functionality. e. Recreate the ACL on R2 to allow for routing updates to be received from R1. R2(config)#no access-list 1 R2(config)#access-list 1 permit 192.168.200.10 R2(config)#access-list 1 permit 192.168.100.1 R2(config)#access-list 1 deny any f. Ping 192.168.1.1 and 192.168.2.1 from Host 1. Are the pings now successful? ___________ g. Change the IP address on Host 1 to 192.168.200.11. h. Again ping 192.168.1.1 and 192.168.2.1 from Host 1. Are the pings successful? __________ Display the ACL again using the show access-lists command. Are there matches for the 192.168.100.1 ACL statement? __________ NOTE: You can clear the ACL counters using the clear ip access-list counters command from the privileged EXEC prompt.
Step 9: Reflection
a. Why is careful planning and testing of access control lists required?
To verify that the intended traffic and ONLY the intended traffic is permitted _______________________________________________________________________________
b. What is the main limitation of standard ACLs?
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Host Name R1 R2 S1 H1 H2 H3
Default Gateway
Objectives
Configure Extended ACLs to control traffic. Verify ACL operation.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
In this lab you will work with Extended ACLs to control network traffic based on host IP addresses. Any router that meets the interface requirements displayed on the topology diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to 1841 series routers. It also apples to other routers; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: One Cisco 2960 switch or other comparable switch Two Cisco 1841 or equivalent routers, each with a serial and an Ethernet interface Three Windows-based PCs, at least one with a terminal emulation program, and all set up as hosts At least one RJ-45-to-DB-9 connector console cable to configure the routers and switch Three straight-through Ethernet cables One crossover Ethernet cable One 2-part DTE/DCE serial crossover cable
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect Host 1 to the Fa0/3 port of Switch 1 using a straight-through cable. e. Connect Host 2 to the Fa0/2 port of Switch 1 using a straight-through cable. f. Connect a crossover cable between Host 3 and the Fa0/0 interface of Router 2.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 5: Configure the hosts with IP address, subnet mask, and default gateway
a. Configure the hosts with IP address, subnet mask, and default gateway according to the addressing table and the topology diagram. b. Each workstation should be able to ping the attached router. If the pings are not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.
Step 6: Configure RIP routing and verify end to end connectivity in the network
a. On R1, enable the RIP routing protocol and configure it to advertise both connected networks. b. On R2, enable the RIP routing protocol and configure it to advertise both connected networks. c. Ping from each host to the other two hosts.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
c.
Create an Extended ACL to perform the tasks stated and apply it to R2. R2(config)#access-list 192.168.5.10 R2(config)#access-list 192.168.5.10 R2(config)#access-list R2(config)#access-list 101 permit ip host 192.168.1.10 host 101 deny ip 192.168.1.0 0.0.0.255 host 101 permit ip any any 101 deny ip any any
NOTE: The implicit deny at the end of an access control list performs this same function. However, adding the line to the ACL helps document it and is considered good practice. By explicitly adding this statement, the number of packets matching the statement are tallied, and the administrator can see how many packets were denied. d. Apply the access list on the Fa0/0 interface of R2 in the outbound direction. R2(config)#interface fastethernet 0/0 R2(config-if)#ip access-group 101 out e. Verify the ACL on R2 with the show access-lists command. Does the output of the show access-lists command display the ACL that was created? __________ Does the output of the show access-lists command display how the ACL is applied? __________ f. Use the show ip interface fa0/0 command on R2 to display the application of the ACL. What does the output of the show ip interface command tell you about the ACL? ________________________________________________________________________________
yes Can Host 1 ping Host 3? __________ no Can Host 2 ping Host 3? __________
b. To verify that other addresses can ping Host 3, ping Host 3 from R1.
Step 9: Configure and test the ACL for the next requirement
a. Host 3 is the only host that should be allowed to connect to R1 for remote management. Create an access control list to meet this requirement. This ACL will need to be placed on R1 because R1 is the destination of the traffic. All other hosts will not be allowed access. This is the only traffic being controlled; all other traffic should be allowed. R1(config)#access-list 101 permit ip host 192.168.5.10 host 192.168.15.1
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 5
b. Because the source traffic could come from any direction, this ACL needs to be applied to both interfaces on R1. The traffic to be controlled would be inbound to the router. R1(config)#interface fastethernet 0/0 R1(config-if)#ip access-group 101 in R1(config-if)#interface serial 0/0/0 R1(config-if)#ip access-group 101 in c. Now attempt to telnet to R1 from all hosts and R2. Attempt to telnet to both R1 addresses.
Yes, from Host 3 only. Can you telnet to R1 from any of these devices? If yes, which one(s)? ____________________
d. View the output of the show access-lists command on R1. Does the output of the show access-lists command display that the statements are being matched? __________
To verify that the intended traffic and ONLY the intended traffic is permitted. _______________________________________________________________________________
b. What is an advantage of using Extended ACLs over Standard ACLs?
:Extended ACLs allow you to filter based on more information that just the source address. _______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Host Name R1 R2 S1 H1 H2
Default Gateway
192.168.15.2/24 192.168.15.3/24
192.168.15.1 192.168.15.1
Objectives
Create Standard and Extended Named ACLs. Test the ACLs to determine whether they achieve the desired results. Edit a Named ACL.
Background / Preparation
In this lab you will work with Named Standard and Extended ACLs to control network traffic based on host IP addresses. Any router that meets the interface requirements displayed on the topology diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
R2: FastEthernet 0/0: ____________________ Serial 0/0/0: ________________________ Serial 0/0/1: ________________________ c. Ping from the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of Router 2.
To allow other IP traffic not covered by the ACL. Why do you need the third statement? _______________________________________________
b. Apply the ACL to the interface. R1(config)#interface fastethernet0/0 R1(config-if)#ip access-group H2_no_access in Describe how you should test this ACL: ______________________________________________
Ping from H2 to H1 to verify that H2 can reach hosts on the local network; ping from H2 to R1 and R2. Those pings should ______________________________________________________________________________ fail. Pings from H1 to R1 or R2 should succeed.
c. Conduct the tests to verify that this ACL achieves its goals. If it does not, troubleshoot by viewing the output of a show running-config command to verify that the ACL is present and applied to the correct interface.
Ping successfully from H1 to H2; ping unsuccessfully to R2, but ping successfully to R1 ______________________________________________________________________________
c. Conduct the tests to verify that this ACL achieves its goals. If it does not, troubleshoot by viewing the output of a show running-config command to verify that the ACL is present and applied to the correct interface.
ACLs add many possible error points or places where a mistake results in traffic being disrupted. It is easier to ______________________________________________________________________________ troubleshoot if you can verify that the basic configuration is working before you add ACLs. If the basic configuration fails after adding an ACL, troubleshoot the ACL. ______________________________________________________________________________
b. What advantages do Named ACLs offer?
The ability to give ACLs logical, easy-to-remember names; unlimited numbers, rather than being limited ______________________________________________________________________________ to a specific range of numbers.
______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Host Name R1 R2 S1 S2 H1 H2 H3 H4
Default Gateway
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 4
Background / Preparation
In this lab you will work with vty ACLs to restrict Telnet access to a router. Any router that meets the interface requirements displayed on the topology diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to the 1841 router. Other routers may be used; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: Two Cisco 2960 switches or other comparable switches Two Cisco 1841 or comparable routers, each with a Serial connection and an Ethernet interface Four Windows-based PCs, both with a terminal emulation program, and both set up as hosts At least one RJ-45-to-DB-9 connector console cable to configure the routers and switch Six straight-through Ethernet cables One 2-part (DTE/DCE) serial crossover cable
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect Host 3 to the Fa0/2 port of Switch 2 using a straight-through cable, and connect Host 4 to the Fa0/3 port of Switch 2 using a straight-through cable.
R1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C R C 192.168.15.0/24 is directly connected, FastEthernet0/0 192.168.17.0/24 [120/1] via 192.168.16.2, 00:00:09, Serial0/0/0 192.168.16.0/24 is directly connected, Serial0/0/0 How many routes should appear? __________ d. Verify that all routes appear in the routing table. If a route is missing, troubleshoot the router configuration. e. Telnet from the hosts to both routers. All hosts should be able to Telnet to both routers. If Telnet fails, troubleshoot the router and host configurations.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Step 8: Configure and test an ACL that will limit Telnet access
a. Create a standard ACL that represents the LAN attached to R1. R1(config)#access-list 1 permit 192.168.15.0 0.0.0.255 b. Now that you have defined the LAN traffic, you must apply it to the vty lines. This allows users from this LAN to Telnet to this router, but will block users from other LANs from accessing Telnet on this router. R1(config)#line vty 0 4 R1(config-line)#access-class 1 in R1(config-line)#end Which PCs should be able to Telnet to R1 and which should not? _______________________________________________________________________________ c. Test the restriction.
if ________________________________________________________________________________ foreign hosts can Telnet into a router, they have the ability to view and modify the configuration. Security demands that Telnet be restricted. Because vty ACLs are applied to the vty lines and not to ________________________________________________________________________________ physical interfaces, this controls Telnet access to the router regardless of from where the host(s) attempt to________________________________________________________________________________ connect on the network.
________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 4
Host Name R1 R2 S1 H1 H2
Default Gateway
192.168.1.2/24 192.168.1.3/24
192.168.1.1 192.168.1.1
Objectives
Configure NAT and PAT and verify functionality. Configure and apply an ACL to an interface where NAT occurs. Observe the effects of ACL placement when using NAT.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
Cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the topology diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to the 1841 series of routers. It also applies to other routers; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: One Cisco 2960 switch or other comparable switch Two 1841 or equivalent series routers, each with a serial connection and an Ethernet interface Two Windows-based PCs, both with a terminal emulation program, and both set up as hosts At least one RJ-45-to-DB-9 connector console cable to configure the routers and switch Three straight-through Ethernet cables One 2-part (DTE/DCE) serial cable
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect Host 1 to the Fa0/2 port of Switch 1 using a straight-through cable. e. Connect Host 2 to the Fa0/3 port of Switch 1 using a straight-through cable.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 5: Configure the hosts with IP address, subnet mask, and default gateway
a. Configure each host with the proper IP address, subnet mask, and default gateway. b. Each workstation should be able to ping the attached router. If the ping was not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.
Yes Was the ping from Host 1 successful? __________ Yes Was the ping from Host 2 successful? __________
If the answer is no for either question, troubleshoot the router and host configurations to find the error. Ping again until they are both successful. b. From each host, ping the Serial 0/0/0 interface of R2. Each ping should be successful. If it is not, troubleshoot the static and default route configurations to find the error. Ping again until they are both successful.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
How does the output indicate that PAT is being used? ____________________________________________________________________________
Step 10: Configure and apply an ACL designed to filter traffic from one host
a. Prevent PC1 from reaching R2, while allowing other traffic to flow freely. R1(config)#access-list 10 deny 192.168.1.2 R1(config)#access-list 10 permit any b. Apply the ACL to the serial interface of R1. R1(config)#interface s0/0/0 R1(config-if)#ip access-group 10 out
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Device
Host Name
Router 1
R1
FastEthernet IP Address Fa0/0: none Fa0/0.1: 192.168.1.1/24 Fa0/0.2: 192.168.2.1/24 Fa0/0.3: 192.168.3.1/24 Fa0/0.4: 192.168.4.1/24 192.168.1.2/24 192.168.2.10/24 192.168.3.10/24 192.168.4.10/24
class
cisco
S1 H1 H2 H3
VLAN 1 Native VLAN 10 Servers 192.168.1.1 VLAN 20 Users1 VLAN 30 Users2 192.168.2.1 192.168.3.1 192.168.4.1
class
cisco
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
Background / Preparation
Cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the topology diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to the 1841 router. Other routers may also work; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: One Cisco 2960 or comparable switch One Cisco 1841 or comparable router Three Windows-based PCs, each with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the router and switch Four straight-through Ethernet cables
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 4: Perform basic configuration on Switch 1 Step 5: Create, name, and assign ports to three VLANs on S1
This network contains one VLAN for the server farm and two VLANs for user groups. Why is it good practice to place the server farm in a separate VLAN? _______________________________________________________________________________ a. Enter the following commands to create the three VLANs: S1(config)#vlan S1(config)#name S1(config)#vlan S1(config)#name S1(config)#vlan S1(config)#name 10 Servers 20 Users1 30 Users2
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
b. Assign a port to each VLAN, according to the addressing table. S1#configure terminal S1(config)#interface fastethernet0/2 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 10 S1(config)#interface fastethernet0/5 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 20 S1(config)#interface fastethernet0/8 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 30 NOTE: For the purposes of this lab, only one representative interface is assigned to each VLAN. When assigning multiple ports to a VLAN, use the range parameter. For example, if assigning ports 0/2 through 0/4 to VLAN 10, use this command sequence: S1(config)#interface range fastethernet 0/2 - 4 S1(config-if-range)#switchport mode access S1(config-if-range)#switchport access vlan 10
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
FastEthernet 0/0.1: __________ FastEthernet 0/0.2: __________ FastEthernet 0/0.3: __________ FastEthernet 0/0.4: __________ S1: Interface VLAN1: __________
Step 9: Configure, apply, and test an Extended ACL to filter inter-VLAN traffic
Members of the Users1 VLAN should not be able to reach the server farm, but members of the other VLAN should be able to reach each other and the router. Users1 should be able to reach VLANs other than the server farm. a. Create the extended ACL statements: R1(config)#access-list 100 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 R1(config)#access-list 100 permit ip any any R1 has a FastEthernet 0/0 interface and four subinterfaces. Where should this ACL be placed, and in which direction? Why? ______________________________________________________________________________ b. Apply the ACL, and test by pinging from PC2 to PC1 and to PC3. If the ACL is working properly, pings from PC2 to PC1 should fail. All other pings should succeed. If results fail to meet these criteria, troubleshoot the ACL syntax and placement.
Problems can be traced to the syntax and placement of the ACL. _______________________________________________________________________________
_______________________________________________________________________________ b. What results would have been produced if the ACL had been placed on subinterface FastEthernet 0/0.3 going out and PC2 pinged PC3?
Because the ping packets would first be switched to FastEthernet 0/0.4 and then be forwarded out to _______________________________________________________________________________ the PC3, the ACL would have no effect. Pings from PC2 to the servers would succeed.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Objectives
Configure and verify ACLs to control traffic. Verify ACLs using the logging capabilities of the router.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
Cable a network similar to the one shown in the topology diagram. Any router that meets the interface requirements displayed in the above diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The command syntax given in the lab may vary. For example, the interfaces may differ due to the router model. On some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: One Cisco 2960 switch or other comparable switch Two Cisco 1841 or equivalent routers, both with a Serial connection and an Ethernet interface Two Windows-based PCs, each with a terminal emulation program and set up as a host One PC to act as the Discovery Server One Discovery Live CD for the server At least one RJ-45-to-DB-9 connector console cable to configure the routers and switch Three straight-through Ethernet cables One crossover Ethernet cable One DTE/DCE serial cable
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary. NOTE: This lab makes use of the Discovery Server Live CD. For detailed instructions on the installation and configuration of the Discovery Server Live CD, please refer to the lab manual that is located on Academy Connection in the Tools Section.
d. Connect Host 2 to the Fa0/2 port on Switch 1 using a straight-through cable. e. Connect the Discovery Server to the Fa0/0 interface of Router 2 using a crossover cable.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
b. Apply the ACL to the FastEthernet 0/0 interface on R1 in the inbound direction. R1(config)#interface fastethernet 0/0 R1(config-if)#ip access-group 110 in c. From Host 1, open a web browser and attempt to connect to the web and FTP services on the server. In the web browser address textbox, enter http://172.17.1.1. Is the web connection from Host 1 successful? __________ d. In the web browser address textbox, enter ftp://172.17.1.1. Is the FTP connection from Host 1 successful? __________ e. Attempt to connect to the web and FTP services on the server from Host 2. Are you able to connect from Host 2? __________ f. Attempt to telnet to the server from Host 1 and Host 2? Is the Telnet connection from Host 1 successful? __________ Is the Telnet connection from Host 2 successful? __________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Attempt to telnet from Host 1 to the server. After verifying that Host 1 is unable to make the connection, view the output from the console connection on R1. The output should look similar to this sample: *Oct 18 01:10:57.466: %SEC-6-IPACCESSLOGP: list 110 denied tcp 192.168.1.5(1097) -> 172.17.1.1(23), 1 packet The line displayed is the result of adding the log option to an access-list line. It displays a date and a time (01:10:57.466), the process that generated the console message (%SEC-6IPACCESSLOGP), and detailed information about the message (list 110 denied tcp 192.168.1.5(1097) -> 172.17.1.1(23), 1 packet). In this example, the logging option indicates that an access-list line had a match, and it also indicates the exact source and destination of the matched packet.
j.
Attempt to ping as well as use Telnet, web, and FTP connections from Host 1 and Host 2 to the Discovery Server. Is a log message created each time a connection is attempted? __________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
Step 7: Reflection
a. What is an advantage of using the logging option on an ACL versus the information provided by the show access-lists command?
The logging option gives you more detailed information about what the access list is doing. _______________________________________________________________________________
b. What is a major concern of enabling the logging feature of an access control list?
The amount of router resources that will be used to display the console messages _______________________________________________________________________________
c. Would you normally log more than one line? Why or why not?
the ACL and what you are trying to do with it. If there are two lines that you think are not working ________________________________________________________________________ exactly right, you would log those two lines.
d. If the network is not performing as expected (e.g. routing updates not occurring, name resolution not occurring) which ACL statement would you log? ________________________________________
In this case, log the deny ip any any statement to see what packets are being blocked that should not be. It may be necessary to alter the ACL statements to accommodate this traffic.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Objectives
Configure and verify ACLs to control traffic. Verify ACLs using a syslog server.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
Cable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed in the above diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The command syntax given in the lab may vary. For example, the interfaces may differ due to the router model. On some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: Two Cisco 2960 switch or other comparable switch Two Cisco 1841 or comparable routers, each with a serial connection and an Ethernet interface Two Windows-based PCs, each with a terminal emulation program and set up as a host One Discovery Live CD for the server One PC to use as the Discovery Server At least one RJ-45-to-DB-9 connector console cable to configure the routers and switch Three straight-through Ethernet cables One crossover Ethernet cable One DTE/DCE serial cable Kiwi Syslog Daemon (downloadable from www.kiwisyslog.com or check with your instructor)
NOTE: Make sure that the routers and switch have been erased and have no startup configurations. Instructions for erasing both the switch and router are provided at the end of this lab. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM for basic router configuration, refer to the instructions at the end of this lab or contact your instructor if necessary. NOTE: This lab makes use of the Discovery Server Live CD. For detailed instructions on the installation and configuration of the Discovery Server Live CD, please refer to the lab manual that is located on Academy Connection in the Tools Section.
d. Connect Host 2 to the Fa0/2 port on Switch 1 with a straight-through cable. e. Connect the Discovery Server with a crossover cable to the Fa0/0 interface of Router 2.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
b. Apply the ACL to the FastEthernet 0/0 interface on R1 in the inbound direction. R1(config)#interface fastethernet 0/0 R1(config-if)#ip access-group 110 in c. From Host 1, open a web browser and attempt to connect to the web and FTP services on the server. In the web browser address textbox, enter http://172.17.1.1. Is the web connection from Host 1 successful? __________ d. In the web browser address textbox, enter ftp://172.17.1.1. Is the FTP connection from Host 1 successful? __________ e. Attempt to connect to the web and FTP services on the server from Host 2. Are you able to connect from Host 2? __________ f. Attempt to telnet to the server from Host 1 and Host 2. Is the Telnet connection from Host 1 successful? __________ Is the Telnet connection from Host 2 successful? __________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
A solution that helps with both of these disadvantages is to log the messages to a syslog server. Logging messages to a syslog server reduces the load on the router and provides a destination for the messages. In addition, management tools are available to analyze syslog output to help detect patterns or problems. Install the Kiwi Syslog Daemon on Host 2. If you need assistance with this, contact your instructor. NOTE: A number of commercial and open source syslog servers are available. In this lab, the Kiwi syslog server is used. This software may be downloaded from www.kiwisyslog.com. When the syslog server is running on the server, it should produce a display similar to this one:
The syslog service needs to be configured on the router. To do this properly involves setting the time and date on the router, enabling the timestamp service on the router, and configuring the router to send console messages to the syslog server.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
f.
Because logging is turned on at all levels, all console messages appear on the syslog output, including the configuration messages. To control the message display, set the logging level required to generate a message. NOTE: The time and date appear in both the system message and as a function of the Kiwi syslog server.
g. With the current configuration, syslog messages are displayed on the syslog server and the console. With the syslog server displaying them, console logging can be turned off on router R1. R1(config)#no logging console h. Attempt various Telnet, web, and FTP connections from both hosts to the server and observe the results on the syslog server. In addition to viewing messages from the connection attempts, observe other messages from Hosts 1 and 2, such as NetBIOS broadcasts (UDP port 138).
Step 9: Reflection
a. State the advantages of using a syslog server instead of console logging.
A syslog server takes _______________________________________________________________________________ some of the burden off of the router processor. Even though the router is still generating messages, it can process them more quickly to a server than the console. Also, a constant console connection is not required with the _______________________________________________________________________________ syslog server. A syslog server is also capable of storing a large number of syslog messages, limited only by the size of the What factor determines the maximum number of messages stored on the syslog server? hard drive. ______________________________________________________ The amount of hard disk space available.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 5
Host Name R1 R2 S1 H1 H2
Objectives
Configure RIPv2 on routers. Discover where communication is not possible. Implement solutions to network errors. Examine the routing configuration with the show ip protocols command. Examine routing tables using the show ip route command. Observe routing activity using the debug ip rip command.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
In this lab, you will learn how to troubleshoot the routing protocol RIPv2 using the network shown in the topology diagram. This lab uses an 1841 router and Cisco IOS commands. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to the 1841 router. Other routers may be used; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0, Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: One Cisco 2960 switch or other comparable switch (optional if using crossover cables between the PCs and routers) Two Cisco Routers with 2 serial interfaces and 1 FastEthernet interface (preferably the same model number and IOS version) Two Windows-based PCs, each with a terminal emulation program and set up as a host At least one RJ-45-to-DB-9 connector console cable to configure the routers and switch Two straight-through Ethernet cables to connect from the router to the switch and the switch to the host One crossover cable to connect to the router One 2-part (DTE/DCE) serial cable
NOTE: Make sure that the routers have been erased and have no startup configurations. For instructions on erasing and reloading a switch and a router please refer to the Lab Manual. The Lab Manual can be found and downloaded on the Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM for basic router configuration, refer to the instructions provided in the Lab Manual which can be found and downloaded on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect Host H1 to the Fa0/2 interface of Switch 1 using a straight-through cable. e. Connect Host H2 Fa0/0 interface of the Router 2 using a crossover cable. f. Connect Host H2 to the console of Router 2 using a rollover cable to perform configurations.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 3: Configure the hosts with IP address, subnet mask, and default gateway
e. Configure each host with the proper IP address, subnet mask, and default gateway. 1) H1 should be assigned 172.16.0.2 with a subnet mask of 255.255.0.0 and the default gateway of 172.16.0.1. 2) H2 should be assigned 172.18.0.2 with a subnet mask of 255.255.0.0 and the default gateway of 172.18.0.1. Can H1 ping the FastEthernet interface of R1? __________ If the answer is no, troubleshoot as necessary to determine the problem. Use commands such as show ip interface brief, etc., to identify the problems. Why or why not? _______________________________________________________________ If a problem is found, enter the commands to correct the problem. Each workstation should be able to ping the attached router. If the ping was not successful, troubleshoot further. Check and verify that the workstation has been assigned a specific IP address and default gateway.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
There is no route to H1. a. Ping from Host H1 to Host H2. Is the ping successful? No, _______
If the answer is no, troubleshoot as necessary to determine the problem. Use commands such as show ip interface brief, on R1 and R2, to identify the problems. Are all necessary interfaces up? __________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
Step 6: Show the RIP routing table entries for each router
a. Enter the show ip route rip command on both routers. b. List the routes shown in the routing table. ____________________________________________________________________________ ____________________________________________________________________________ What is the administrative distance of these routes? __________
Step 8: Reflection
a. What does ping test?
tests to see if another network can be reached and the average time it takes a packet to reach the ____________________________________________________________________________ destination and return to the source.
____________________________________________________________________________ b. When should the show ip protocols and show ip route commands be used?
routing related problems. If the problem is not determined, then use debug commands. ____________________________________________________________________________
____________________________________________________________________________ c. When should the debug ip rip command be used?
be used to see if updates are being sent on a network to determine if it is functioning properly. It is a ____________________________________________________________________________ great troubleshooting command but should be used with caution because it can severely interrupt a ____________________________________________________________________________ network.
____________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Device
Host Name
IP Address 192.168.1.1 172.16.7.1 172.16.7.9 10.1.1.1 192.168.2.1 172.16.7.2 172.16.7.5 192.168.3.1 172.16.7.10 172.16.7.6 192.168.1.11 192.168.2.22 192.168.3.33
Subnet Mask 255.255.252.0 255.255.255.252 255.255.255.252 255.255.255.255 255.255.254.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.0 255.255.255.0
Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A 192.168.1.1 192.168.2.1 192.168.3.1
Router 1
R1
class
cisco
Router 2
R2
class
cisco
R3 H1 H2 H3
class
cisco
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 10
Objectives
Load the routers with preconfigurations. Discover where communication is not possible. Gather information about OSPF and other misconfigured portion of the network. Analyze information using show and debug commands to determine connectivity issues. Propose solutions to network errors. Implement solutions to network errors and verify.
Background / Preparation
In this lab, you will build a full-mesh single-area OSPF network using point-to-point WAN links. Router R2 is the Autonomous System Border Router (ASBR) that provides a connection to the Internet through the ISP and propagates a default route to the other routers in Area 0. You will load preconfigurations onto each of the routers, which have intentional errors in them, resulting in connectivity problems. You will use show and debug commands to troubleshoot and identify problems. Then you will correct the misconfigurations to achieve full network connectivity. Cable a network similar to the one shown in the topology diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to the 1841 router. Other routers can be used; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: Three Cisco 2960 switches or other comparable switch. Crossover cables may be used between the hosts and routers and the switches omitted. Three routers, each with 2 serial interfaces and an Ethernet interface Three Windows-based PCs, each with a terminal emulation program and set up as a host At least one RJ-45-to-DB-9 connector console cable to configure the routers Six straight-through Ethernet cables (or 3 crossover cables if omitting switches) Three 2-part (DTE/DCE) serial cables Preconfiguration files (with errors) for each of the three routers (obtain from instructor)
NOTE: Make sure that the routers have been erased and have no startup configurations. For instructions on erasing and reloading a switch and a router, please refer to the Lab Manual. The Lab Manual can be found and downloaded on the Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM for basic router configuration, refer to the instructions provided in the Lab Manual which can be found and downloaded on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 10
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 10
d. List the networks R3 is advertising: _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Is there a problem with the OSPF networks being advertised? __________If so, what? _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ e. If there are any problems with the OSPF configuration, record any commands that will be necessary to correct the configuration errors. Apply the configuration changes now and save the configuration. ________________________________________________________________________________ ________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 10
g. End the Telnet session on router R3 and return to R1 using the quit command. R3#quit [Connection to 172.16.7.10 closed by foreign host] h. Check to see which OSPF routes R1 has learned now using the show ip route command. Are all routes to the 192.168.x.0 LAN networks present now? __________ i. Ping from H1 to H3 to verify that you have corrected the problem. Are you able to ping H3? __________ j. If you are unable to ping H3, continue troubleshooting until you are successful.
Is there a problem with the OSPF network areas defined for the R2 networks? __________If so, what? _____________________________________________________________________________ g. Issue the show ip ospf neighbor command on R2. R2#show ip ospf neighbor Neighbor ID Pri State 192.168.1.1 0 FULL/ Why is only router R1 a neighbor of R2? _____________________________________________________________________________ h. Display the R2 routing table using the show ip route command. What router is the next hop to the 192.168.1.0 network and what is the OSPF Cost? _____________________________________________________________________________ What router is the next hop to the 192.168.3.0 network and what is the OSPF Cost? _____________________________________________________________________________ Why is the route from R2 to the R3 LAN higher than the cost to the R1 LAN? _____________________________________________________________________________ _____________________________________________________________________________ Will the OSPF area mismatch problem on the R2-R3 WAN prevent pings to the LAN hosts from reaching their destination in this topology? __________ Why or why not? _____________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 10
Address 172.16.7.1
Interface Serial0/0/0
d. Issue the show ip route command on R1. Is there a static default route in the routing table and is the gateway of last resort set? __________ e. Press Enter twice to resume the Telnet connection from R1 to R2. R1# [Resuming connection 1 to 172.16.7.2 ... ] R2# f. Telnet from R2 to the R3 router using the IP address of the R3 S0/0/1 interface (172.16.7.6) and enter the vty password (cisco) when prompted. Enter privileged EXEC mode (password class). R2>telnet 172.16.7.6 Trying 172.16.7.6 ... Open User Access Verification Password: R3>enable Password: R3#
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 10
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 10
The student should briefly summarize the errors identified in this lab. ______________________________________________________________________________________
______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 10
Enable Secret
Password
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
Objectives
Configure EIGRP on routers. Discover connectivity issues and implement solutions to network errors. Examine the topology tables with the show ip eigrp topology command. Examine the statistics using the show ip eigrp traffic command. Examine routing tables using the show ip route command. Observe routing activity using the debug ip eigrp command.
Background / Preparation
In this lab, you will learn how to troubleshoot the routing protocol EIGRP using the network shown in the topology diagram. This lab uses an 1841 router and Cisco IOS commands. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to the 1841 router. Other routers may be used; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0, Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network. The following resources are required: Three Cisco Routers with 2 serial interfaces and 1 FastEthernet interface (preferably the same model number and IOS version) One Windows-based PC, with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the routers Three 2-part (DTE/DCE) serial cables Two crossover cables for the hosts to router connections
NOTE: Make sure that the routers have been erased and have no startup configurations. For instructions on erasing and reloading a switch and a router please refer to the Lab Manual. The Lab Manual can be found and downloaded on the Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM for basic router configuration, refer to the instructions provided in the Lab Manual, which can be found and downloaded on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
d. Connect Host H2 to the console of Router 2 using a rollover cable to perform configurations and use a crossover cable to connect the NIC of H2 to the Fa0/0 of R2. e. Connect Host H3 to the console of ISP using a rollover cable to perform configurations.
Step 3: Configure the hosts with IP address, subnet mask, and default gateway
a. Configure each host with the proper IP address, subnet mask, and default gateway. 1) H1 should be assigned 192.168.1.2 with a subnet mask of 255.255.255.0 and the default gateway of 192.168.1.1. 2) H2 should be assigned 192.168.2.2 with a subnet mask of 255.255.255.0 and the default gateway of 192.168.2.1.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
yes Was there any output from the debug commands on R1? __________
What is missing from the debug output on R1? __________________________________________
The installation of a route toward the ISP, EIGRP is not properly configured. _______________________________________________________________________________
b. On R1, use the show ip protocols command to determine the problem. Review the topology diagram and the networks that should be associated with each router interface. What problem is occurring? _______________________________________________________________________________ _______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 6
c.
On R2, use the show ip protocols and show ip route commands to determine the problem. Review the topology diagram and the networks that should be associated with each router interface. What problem is occurring? _______________________________________________________________________________ _______________________________________________________________________________
What is the address type in the 0.0.0.0 route? ______________________________ What does the D mean in the first column of the routing table? _________________ What is the administrative distance of 192.168.1.0 network? ___________________
Step 8: Show the EIGRP topology table entries for each router
a. To view the topology table, issue the show ip eigrp topology command on R1. How many routes are in passive mode? ____________________________________________ b. To view more specific information about a topology table entry, use an IP address with this command: R1#show ip eigrp topology 192.168.2.0 Based on the output of this command, how does R1 know about the 192.168.2.0 network? ____________________________________________________________________________ ____________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
yes From H1, is it possible to ping the FastEthernet interface of R2? __________
From H1, is it possible to ping Host H2? __________ yes From H1, is it possible to ping the S0/0/0 of the ISP? __________ yes
yes From H2, is it possible to ping the FastEthernet interface of R1? __________
yes From H2, is it possible to ping Host H1? __________ yes From H2, is it possible to ping the S0/0/0 of the ISP? ________
If any answer is no, troubleshoot to find the error. Ping again until successful.
it tests to see if another device on a network can be reached and the average time it takes a packet to ____________________________________________________________________________ reach the destination and return to the source.
____________________________________________________________________________ b. When should the show ip protocols and show ip eigrp topology commands be used?
The show ip protocols and show ip eigrp topology commands should be used first to determine ____________________________________________________________________________ routing-related problems. If the problem is not determined, then use debug commands.
____________________________________________________________________________ ____________________________________________________________________________ c. When should the debug ip eigrp command be used?
to see if updates are being sent on a network to determine if it is functioning properly. It is a great ____________________________________________________________________________ troubleshooting command but should be used with caution because it can severely interrupt a network.
____________________________________________________________________________ ____________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6
Fast Ethernet 0/0 Interface IP Address 192.168.1.1/24 10.0.1.1/24 192.168.1.5/24 GW=192.168.1.1 10.0.1.10/24 GW=10.0.1.1
Objectives
Set up network as shown in the topology diagram. Configure and verify single-area OSPF routing. Configure OSPF default route redistribution. Use IOS commands to troubleshoot and verify route redistribution.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 8
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
Cable a network similar to the one shown in the topology diagram. Any router that meets the interface requirements displayed in the diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to the 1841 router. Other routers may be used; however, the command syntax given in the lab may vary. Depending on the router model, the interfaces may differ. For example, the interfaces may differ due to the router model. On some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The following resources are required: Three Cisco routers, two with a serial connection and an Ethernet interface, and one with two serial interfaces One Windows-based PC with a terminal emulation program set up as a host At least one RJ-45-to-DB-9 connector console cable to configure the routers Two crossover Ethernet cables Two DTE/DCE serial cables
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 8
This enterprise network is single-homed, meaning that it only has one connection to the Internet. Therefore, there is no need to run a routing protocol between the enterprise network and the ISP. Static routing will be used here. After a default route to the ISP has been created on the GW router, it is desired to redistribute that default route into the rest of the enterprise network rather than configuring default routes on all enterprise routers. a. Create a static route on the ISP router to the enterprise network. ISP(config)#ip route 192.168.1.0 255.255.255.0 172.16.1.1 b. Create a default route on the GW router to the ISP router. GW(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2 c. Use the show ip route command on the GW router to observe the result from configuring the default route. GW#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 172.16.1.2 to network 0.0.0.0 172.16.0.0/30 is subnetted, 1 subnets 172.16.1.0 is directly connected, Serial0/0/1 192.168.5.0/30 is subnetted, 1 subnets 192.168.5.0 is directly connected, Serial0/0/0 192.168.1.0/24 [110/782] via 192.168.5.1, 00:13:39, Serial0/0/0 0.0.0.0/0 [1/0] via 172.16.1.2
C C O S* GW#
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 8
m. On Router 1, remove the network statement for the 192.168.5.0 network. The output of the debug ip ospf events command is still helpful in this situation. In this case, the hint is in what is not appearing versus what is appearing. Notice that there is never an indication of a hello being sent out the Serial 0/0/0 interface.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 8
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 8
Yes, if the default-information originate always command is configured; otherwise, no. _______________________________________________________________________________
b. List three things that can cause OSPF default route propagation to fail?
any OSPF router configuration error or network issue such as: mismatched areas, mismatched timers, _______________________________________________________________________________ incorrect IP addresses, interfaces down, incorrect networks being advertised, etc.
_______________________________________________________________________________ _______________________________________________________________________________ c. What type of OSPF router does a router that injects a default route into the OSPF process become? An Autonomous System Boundary Router, because the default route points to a network outside of the _ _______________________________________________________________________________ ________________________________________________________________________________ d. What is an advantage and a disadvantage of using the default-information originate command over configuring default routes on all routers?
OSPF domain.
An advantage is that it is much easier to configure and manage a single static route and redistribution ________________________________________________________________________________ command than to have to configure on each device. Disadvantages are that any OSPF error can cause ________________________________________________________________________________ the loss of the default route and it tends to be more difficult to troubleshoot
________________________________________________________________________________ ________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 8
Host Name R1 R2
Objectives
Load the routers with preconfigurations. Discover where communication is failing. Gather information about the misconfigured portion of the network or any other errors. Analyze WAN and PPP related information to determine why communication is failing. Propose solutions to network errors. Implement solutions to network errors.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
CCNA Discovery Introducing Routing and Switching in the Enterprise Background / Preparation
A small company is having problems in their network. You have been called to troubleshoot their problem. The company is using PPP with PAP authentication. Follow the topology diagram and addressing table to determine the physical setup and find where communication is failing. Use the show and debug commands to help locate the problems. When problems are found, implement solutions to repair any network errors. Cable a network similar to the one shown in the topology diagram. Any router that has a single serial interface may be used for this lab. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination are acceptable. The information in this lab applies to the 1841 router. Other routers may be used; however, the command syntax may vary. Depending on the router model, the interfaces may be identified differently. For example, on some routers, Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The information in this lab applies to routers that use the Serial 0/0/0 notation. If the router in use differs, use the correct notation for the serial interface. The following resources are required: Two Routers, each with one Serial interface Two Windows-based PCs, both with a terminal emulation program At least one RJ-45-to-DB-9 connector console cable to configure the routers One 2-part (DTE/DCE) serial cable
NOTE: Make sure that the routers have been erased and have no startup configurations. For instructions on erasing and reloading a switch and a router please refer to the Lab Manual. The Lab Manual can be found and downloaded on the Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM for basic router configuration, refer to the instructions provided in the Lab Manual, which can be found and downloaded on the Academy Connection in the Tools section or contact your instructor if necessary.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Step 4: Troubleshoot R1
a. Enter the command show interfaces serial 0/0/0 to view the details of the interface. What is the status of Serial 0/0/0? __________ Line Protocol is __________ The Internet address is ____________________________________ The subnet mask is _______________________________________ Encapsulation is __________ Is PPP LCP open? __________ Are there any problems? __________ If yes, what are they? _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Issue the show controllers serial 0/0/0 command. What did you find as a result of the command just entered? _______________________________________________________________________________ b. If any errors were found, make the necessary configuration changes to R1.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Step 9: Reflection
a. The IP address and subnet mask for R1 s0/0/0 is 196.168.15.1 and 255.255.255.252. R2s s0/0/0 interface was misconfigured to 192.168.15.2 and an incorrect subnet mask of 255.255.255.254. If all PPP authentication and all other parameters were configured correctly would R1 have been able to there are only two hosts possible with a subnet mask of 255.255.255.254. ping R2? Why or why not? No, __________________________________________________________ b. What command allows you to view the details of a specific interface?
There is only one host bit left and both are invalid as host addresses.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
The student should briefly summarize the errors encountered during troubleshooting. _______________________________________________________________________________
_______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 5
Device Router 1
Subnet Mask 255.255.255.0 255.255.255.252 255.255.255.0 255.255.0.0 255.255.255.252 255.255.255.0 255.255.255.0 255.255.0.0
Default Gateway N/A N/A N/A N/A N/A 172.19.2.1 172.18.2.1 172.17.0.1
HQ H1 H2 H3
class
cisco
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 9
Objectives
Load the routers with preconfigurations. Discover where communication is failing. Gather information about the misconfigured ACLs. Analyze information to determine why communication is not possible. Propose solutions to network errors. Implement solutions to network errors.
Background / Preparation
A small manufacturing company wants to create an awareness of their products over the Internet. Their immediate requirement is to promote their products to potential customers by providing product overviews, reports, and testimonials. Because they need a secure infrastructure to support their internal and external network requirements, you have implemented a two-tier security architecture consisting of an internal corporate network zone and a Demilitarized Zone (DMZ). The corporate network zone would house private servers and internal clients. The DMZ would house only one external server that would provide World Wide Web services. Since the company can only administer their own HQ router and not that of the ISP, all ACLs must be applied to the HQ router. Access list 101 is implemented to limit the traffic out of the corporate network zone, which houses private servers and internal clients. No other network should be able to access it. Protecting the corporate network begins by specifying which traffic can exit out of the network. This may sound strange, but it becomes clearer when it is known that most hackers are internal employees. Access list 102 is implemented to limit the traffic into the corporate network. Traffic entering the corporate network will be coming from either the Internet (ISP) or the DMZ. Only traffic that originated from the corporate network can be allowed back into that network. To make network management and troubleshooting easier, it is also decided to permit ICMP into the network. This will allow internal hosts to receive ICMP messages. At this time, no other traffic is desired into the corporate network. Access list 111 is implemented to control outbound DMZ network traffic. The DMZ network will house only one external server that will provide World Wide Web services. Other services such as email, FTP, and DNS will be implemented at a later time. The traffic that can exit the network is specified here. Access list 112 is implemented to control inbound DMZ network traffic. Traffic entering the DMZ network will be coming from the Internet (ISP) or the corporate network requesting World Wide Web services, which must be allowed in. Allow only corporate users ICMP access into the DMZ network. No other traffic is permitted into the DMZ network. Access list 121 is implemented to deter spoofing. Networks are becoming increasingly prone to attacks from outside users. Hackers maliciously try to break into networks and render networks incapable of responding to legitimate request (Denial of Service (DoS) attacks). The access list should make it difficult for outside users to spoof internal addresses by specifying three common source IP addresses that hackers attempt to forge. These include valid internal private addresses, such as 172.19.2.0, loopback addresses such as 127.0.0.0, and multicast addresses (i.e., 224.x.x.x239.x.x.x).
Cable a network similar to the one shown in the topology diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 1800, 2500, 2600, 2800, or any combination can be used. The information in this lab applies to the 1841 router. Other routers may be used; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. The Cisco Catalyst 2960
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 9
NOTE: Make sure that the routers have been erased and have no startup configurations. For instructions on erasing and reloading a switch and a router please refer to the Lab Manual. The Lab Manual can be found and downloaded on the Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM for basic router configuration, refer to the instructions provided in the Lab Manual which can be found and downloaded on the Academy Connection in the Tools section or contact your instructor if necessary.
d. Connect both hosts on Router 2 to the Fa0/0 and Fa0/1 of Router 2 using crossover cables according to the above topology.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 9
no Can H2 ping the web server? __________ no Can H2 ping H1? __________
no Can H1 ping the web server? __________
yes Is the access list applied in the correct direction on the interface? __________
g. If the web page cannot be viewed, troubleshoot as necessary. If the ping is unsuccessful, continue to troubleshoot the next access control list.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 9
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 9
The student should briefly summarize the errors encountered with the ACLs. _____________________________________________________________________________________
_____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 9 of 9
Objectives
Part A Part B Build a multilayer network and connect to a simulated ISP. Configure basic settings on switches with multiple VLANs and VTP. Configure the STP root bridge. Configure basic settings on routers and inter-VLAN routing. Verify basic connectivity, device configuration, and functionality. Analyze the customer work order and proposed network design. Create a VLSM IP addressing scheme.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 19
Background / Preparation
AnyCompany is opening a new branch office (Remote Office 2) and has contracted you to extend the AnyCompany network into the new facilities. Corporate management has also decided that this would be a good time to restructure the existing network to provide increased levels of security and performance. The existing network consists of a head office, which houses 112 employees, and a business office (remote office 1), which houses 200 employees. The new office space (Remote Office 2) will initially house four distinct groups of employees but will expand as the company grows. For this reason, implement VLANs to help manage the traffic. Also use VTP to simplify the task of managing the VLANs. One of the groups occupying the new office is the sales force. This group requires wireless access to the company network. Because security is of great concern, the wireless network must be on its own VLAN. Initially the network in Remote Office 2 will consist of five VLANs. This lab focuses on the configuration of the Cisco 1800 router and 2960 switch, or comparable equipment, using Cisco IOS commands. The information in this lab applies to other routers and switches; however, the command syntax may vary. Depending on the router model, the interfaces may differ. For example, on some routers Serial 0 may be Serial 0/0 or Serial 0/0/0 and Ethernet 0 may be FastEthernet 0/0. It is recommenced to work in teams of three. Each person can be responsible for one of the three switches and its associated host PC. The team can work together to configure the two company routers.
The following resources are required: One ISP router with one serial and one FastEthernet interface (preconfigured by instructor) Three Ethernet 2960 switches (or comparable) for Remote Office 2 LAN Two 1841 routers (or other routers), one with a FastEthernet interface and one with two serial interfaces One Wireless Access Point (optional) One Ethernet 2960 switch to connect wired PCs Three Windows XP-based PCs to act as wired clients One Discovery CD Server, preconfigured by instructor (optional if a Loopback is on ISP router) Cat 5 cabling as necessary (straight-through and crossover) Two Serial DTE/DCE cables for WAN links ISP work order (included in this lab)
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 19
Part A Review the work order and develop the VLSM subnet scheme
Task 1: Review the customer work order and proposed network.
You have received the following work order from your manager at the ISP. Review the work order to get a general understanding of what is to be done for the customer.
ABC-XYZ-ISP Inc.
Official Work Order
Customer: AnyCompany1 or AnyCompany2 (Circle the customer name assigned by your instructor) Address: 1234 Fifth Street, Anytown Customer Contact: Fred Pennypincher, Chief Financial Officer Phone number: 123-456-7890 Date: _____________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 19
CCNA Discovery Introducing Routing and Switching in the Enterprise Task 2: Develop the network scheme
NOTE: Be sure to have the instructor check your work for each step in this task before going on to Task 3. Step 1: Determine the size of the CIDR address block assigned a. The customer has been assigned CIDR network address: _______________________________ If network customer is AnyCompany1, use 172.20.0.0/22. If network customer is AnyCompany2, use 172.20.4.0/22. b. How many total host IP addresses does this CIDR address block represent? _____________________________________ Using this address block, you will develop a VLSM subnet scheme that will allow AnyCompanyX to support existing HQ and RO1 networks as well as the new RO2 network. Step 2: Determine the size of each VLSM block to accommodate users a. Based on the CIDR address assigned by the ISP and the number of users in each area or VLAN, optimally subnet this block of addresses to provide sufficient addresses for all offices (HQ, RO1, and RO2) and VLAN requirements. b. To start, determine the size of the subnet address block required for a network area or group of users. Fill in the table with this information. Look at the number of users for each area or subnet and determine the smallest power of 2 that will cover the requirement. As an example, if 93 addresses were required, a VLSM block of 128 (2^7) would be needed. The next smallest power of 2 is 64 (2^6), which does not cover the requirement. A block of 128 results in some unused addresses but also allows for growth. VLSM block size / No. of IPs (powers of 2)
Network Area HQ Network RO1 Network RO2 Network / VLANs VLAN 1 (Server Farm) VLAN 2 (Native/mgmt -IP) VLAN 11 (Dept 1) VLAN 12 (Dept 2) VLAN 13 (Dept 3) VLAN 101 (wireless) WAN link (RO2 to HQ) Total users and block sizes for RO2 RO2 block size to subdivide Total users and all VLSM blocks c.
18 users 9 users 75 users 112 users 38 users 52 users 2 306 N/A 618
To optimally allocate addresses from the /22 CIDR address, start by sorting the block sizes from largest to smallest. For this lab, add up the individual smaller blocks for each of the VLANs in the RO2 network and allocate a single larger block that will cover all the smaller block requirements. This keeps all of the subnets together for RO2 and aids in route summarization. Use the table below to order the network areas by the VLSM block size. List the large block for the entire RO2 network first, followed by the others. The larger RO2 block will be broken down into smaller subnets later.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 19
Network Area / VLAN RO2 total block size (will be subdivided into smaller blocks) RO1 Network HQ Network RO2 - VLAN 11 (Dept 1) RO2 - VLAN 12 (Dept 2) RO2 - VLAN 13 (Dept 3s) RO2 - VLAN 101 (wireless) RO2 - VLAN 1 (Server Farm) RO2 - VLAN 2 (Native/mgmt -IP) RO2 - HQ Wan link
Step 3: Determine subnet addresses for the CIDR block a. Determine which blocks of CIDR address to assign to each area of the network or VLAN. Use the VLSM subnet chart (Appendix A) to enter the subnet information for each of the CIDR blocks. b. To determine the subnet addresses for the 172.20.0.0/22 or the 172.20.4.0/22 CIDR block, use the subnet calculator tool on the Cisco Network Academy website. With the subnet calculator tool, enter the Base Network Address (172.20.0.0 or 172.20.4.0) and the value of VLSM Mask 1 in dotted decimal, starting with 255.255.252.0 (/22). Click the Actions button Calculate Subnetting using VLSM. Use the same base address and increase the mask length by one each time to fill in the chart. NOTE: Entries for the subnet numbers for the /29 and /30 mask are not included in the table. Subdivide one of the /28s to a /30 for the WAN link. Step 4: Allocate blocks of addresses to each area of the network a. Fill in the following table based on the subnet information in the CIDR/VLSM Subnet Chart and the sorted table of address requirements. Draw lines around each of the blocks in the address table above, or color them in, and label each one according to the network area or VLAN to which it is assigned.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 19
Network Area / VLAN RO2 total block size (will be subdivided into smaller blocks) RO2 VLAN 11 (Dept 1) RO2 VLAN 12 (Dept 2) RO2 VLAN 13 (Dept 3) RO2 VLAN 101 (wireless) RO2 VLAN 1 (Server Farm) RO2 VLAN 2 (Native/mgmt IP) RO2 - WAN link RO1 Network HQ Network
Subnet Mask
b. Have the instructor verify that your addressing scheme is accurate and assigns address space efficiently. You should not have any overlapping subnets and should have unused contiguous blocks of addresses that can used for future subnets as the company grows.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 19
Step 2: Have the instructor check your work for this task before going on to Part B.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 19
Part B Physically construct the network and perform basic device configuration
Task 1: Build the network and connect cables to the interfaces and ports indicated
Connect your AnyCompanyX network router HQ to the ISP router. The ISP router and the Discovery CD Server should be preconfigured by the instructor. If ISP router is configured with a Loopback address in lieu of the Discovery CD Server, the HTTP server in the router must be enabled. If you are unsure, check with your instructor. NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section. NOTE: SDM Enabled Routers If the startup-config is erased in an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools section or contact your instructor if necessary. The IP addresses used to configure the devices in the following tasks should be based on your solution for the VLSM scheme. NOTE: VLAN Mismatch Messages - You may want to wait until after the switches are configured to connect the trunk links. Otherwise, native VLAN mismatch messages come up until all switches are configured.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 19
Step 3: Create CHAP user ID and password Configure a username for the ISP router on the HQ router with a password of cisco for use with CHAP authentication. Step 4: Save the router running-config configuration to startup-config Step 5: Copy the router running-config to a text editor and save it for later use, if needed a. Open a text editor such as Windows Notepad. b. Issue the show running-config command. c. Copy the output and paste it into the text editor.
Step 3: Save the router running-config configuration to startup-config Step 4: Copy the router running-config to a text editor and save it for later use, if needed a. Open a text editor such as Windows Notepad. b. Issue the show running-config command. c. Copy the output and paste it into the text editor.
d. Save the file on the Windows Desktop as R2.txt. NOTE: If you need to use this file later, you will need to edit it to clean it up and make sure that the necessary interfaces have the no shutdown command applied to them.
Step 2: Configure the VLANs for Remote office 2 on S1 using the VLAN numbers and names shown in the chart below Assign ports to each VLAN as indicated. Use the same chart to configure switches S2 and S3:
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 19
RO2 VLAN Number VLAN 1 (default VLAN) VLAN 2 (Native/mgmt IP) VLAN 11 (Dept 1 users) VLAN 12 (Dept 2 users) VLAN 13 (Dept 3 users) VLAN 101 (wireless)
Step 3: Assign an IP address to the Management VLAN 2 on S1 a. Assign the VLAN 2 address according to the Device Interface / IP Address Chart in Part A, Task 3, Step1. b. Configure the switch with a default gateway to router R2 for VLAN 2. Step 4: Configure S1 switch ports Fa0/1, Fa0/2 and Fa0/3 as 802.1Q trunks The trunks carry VLAN information. Set each trunk to use VLAN 2 as the native VLAN. Step 5: Configure S1 as the root switch for STP Change the priority of native VLAN 2 from the default of 32769 to 4096. Step 6: Configure a VTP domain a. Configure the AnyCompanyX domain name (where X is 1 or 2) on S1 and a password of cisco. b. Configure S1 as the VTP server. Step 7: Save the switch running-config configuration to startup-config Step 8: Copy the switch running-config to a text editor and save it for later use, if needed
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 19
For the ping (icmp) entry, what is the inside local address and port number? ______________________________________________________ For the ping (icmp) entry, what is the inside global address and port number? ______________________________________________________ For the browser connection (tcp) entry, what is the inside local address and port number? ______________________________________________________
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 13 of 19
For the browser connection (tcp), what is the outside global address and port number? _______________ Step 5: Save the router running configuration to NVRAM.
Step 7: Remove the PC H1 cable from switch port Fa0/9 and connect the cable from PC H2 a. Ping from H2 to any IP address to cause a security violation on port Fa0/9. You should see security violation messages. b. Issue the show port-security interface command again for Fa0/9. What is the Port Status? _______________________________________ What is the Security Violation Count? _____________________________ What is the Source Address:Vlan? _______________________________) Step 8: Move the cables for the PCs back to their original ports and restore port Fa0/9 a. Clear the sticky address entry for port Fa0/9. b. To return the interface from error disable to administratively up, enter the shutdown command followed by the no shutdown command. Step 9: Save the switch running-config configuration to startup-config Step 10: Repeat Steps 1 through 6 to set port security for the other two switches, S1 and S2, and save the running config to startup-config
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 15 of 19
CCNA Discovery Introducing Routing and Switching in the Enterprise Task 5: Configure ACL Security on HQ and R2
NOTE: The following commands are based on IP address ranges for one possible solution to the VLSM scheme in part of the lab. Replace the address ranges with those that match the ones that you applied to the Remote Office 2 Hosts and VLANs. Step 1: Create and apply an Extended Numbered ACL on the edge router (HQ) a. The ACL allows replies to requests made by internal hosts to enter the network. Allow internal users to ping or trace any location on the Internet but do not allow any ping or trace access to people external to the enterprise. b. Apply the ACL to the NAT outside interface of the HQ router to protect the AnyCompanyX network. c. Test the ACL by pinging from H1, H2, and H3 to the ISP loopback address or the IP address of the Discovery CD Server. Were the pings successful? __________ d. Using a browser from H1, H2, and H3, enter the ISP router Loopback0 address or the IP address of the Discovery CD Server. Were you able to access the web interface of the router or the Web page from the server? __________ Step 2: Create and apply an Extended Named ACL on R2 a. The ACL allows web requests and pings to leave the Remote Office 2 network if they originated in VLANs 1, 11, 12, 13, or 101. Telnet traffic is permitted if it originated in VLAN 12, and FTP traffic is permitted if it originated in VLAN 13. All other traffic is denied. b. On the R2 router, apply the ACL to each Fa0/0 subinterface except Fa0/0.2, the native VLAN. c. Test the ACL by pinging from H1, H2, and H3 to the ISP loopback address or the IP address of the Discovery CD Server. Were the pings successful? __________ d. Using a browser from H1, H2, and H3, enter the ISP router Loopback0 address or the IP address of the Discovery CD Server. Were you able to access the web interface of the router or the Web page from the server? __________ e. Telnet from Host H1 in VLAN 11 to the HQ router using its S0/0/0 IP address. Were you able to telnet to it? __________ f. Telnet from Host H2 in VLAN 12 to the HQ router using its S0/0/0 IP address. Were you able to telnet to it? __________ g. Use the show access-lists command to verify that the ACL is working. Step 3: Create and apply a standard ACL to control VTY access to the HQ router a. The ACL should deny hosts from all VLANs on Remote Office 2 except for Host H2 on VLAN 12. This will still allow other hosts on VLAN 12 to access router R2 using telnet. b. Apply the ACL to VTY lines 0 through 4 on the R2 router. c. Telnet from Host H2 in VLAN 12 to the HQ router using its S0/0/0 IP address. Were you able to telnet to it? ___
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 16 of 19
NOTE: To find out exactly how the router is configured, look at the interfaces. Doing this will identify the type of router as well as how many interfaces the router has. There is no way to effectively list all of the combinations of configurations for each router class. What is provided are the identifiers for the possible combinations of interfaces in the device. This interface chart does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in IOS command to represent the interface.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 18 of 19
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 19 of 19