NEW CCNA LAB MANUAL-200-120.pdf
Short Description
Download NEW CCNA LAB MANUAL-200-120.pdf...
Description
2
Copyright CTTC Professional Development Program. CCNA Lab Manual (200-120) Copyright@ CTTC Published By CTTC 45-M, Block-6 P.E.C.H.S Karachi-75400 Pakistan. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording and information storage or retrieval system without written permission from the publisher, except for the inclusion of quotation in a review. Warning and Disclaimer This manual is designed to provide information about CCNA (200-120). Every effort Has been made to make this manual as complete and accurate as possible, but no warranty of fitness is implied. The information is provided on as basis and CTTC shall have neither liability nor responsibility to any person or entity with respect to any loss or damage Arising from the information contained in this manual. Authors Mr. Muddasar Sharif (Network Engineer) Mr. Tharpal Das (Associate Network Engineer) Reviewed By Mr. Ahmed Saeed (Head of Department-Cisco Division)
Copyright@ CTTC
3
Table of Contents Topics
page#
Basic Network Using CISCO Switch
6
Accessing Console of the Switch/Router Modes of CLI How to Set Hostname and Configure Console Password How to Set Privilege level password How to Set User Authentication in Switch Password Recovery How to Set Telnet password How to Enable the Device to Establish Telnet/SSH Session Configuring SSH
7 8 9 10 10 12 13 13 13
SWITHCING VLAN Configuration Port security Rapid Spanning Tree Protocol (RSTP) Ether channel Configuration Inter VLAN Routing (IVR)
15 17 20 23
ROUTING Static Routing Enhanced Interior Gateway Routing Protocol (EIGRP) Open Shortest Path First (OSPF)
27 30 33
First Hop Redundancy Protocols Hot Standby Router Protocol (HSRP) Virtual Router Redundancy Protocol(VRRP) Gateway Load balancing Protocol (GLBP)
36 40 43
IPV6 How to Configure IPv6 on CISCO Router Configuring IPv6 Auto configures Configure RIP ng on Router Configuring OSPF V3 Configuring EIGRP
Copyright@ CTTC
47 49 51 55 59
4
WAN Encapsulation Frame Relay Configuring DHCP
62 64 68
ACCESS LIST & N.A.T Standard Acl Extended Acl Static Nat Dynamic Nat Pat
71 74 76 78
TROUBLESHOOTING OF EIGRP
81
SYSLOG
83
Copyright@ CTTC
5
LAB: Basic Network Using CISCO Switch OBJECTIVE: To configure a cisco switch with basic configuration Accessing Console of the Switch/Router
Accessing Console of the Switch/Router Modes of CLI How to Set Hostname and Configure Console Password How to Set Privilege level password How to Set User Authentication in Switch How to Set Telnet password How to Enable The Device to Establish Telnet/SSH Session Configuring SSH
Copyright@ CTTC
6
Topology
PC-1 is directly connected to switch with ip address 192.168.1.1 PC-2 is directly connected to switch with ip address 192.168.1.2 Switch being the intermediate device provide the communication path to both PC’s. Note: Both the PC’s must be on the same network.
Accessing Console of the Switch/Router
Copyright@ CTTC
7
RJ-45 to DB-9 adapter is used on the PC (COM port) to the device console Port through a roll-over cable. Hyper Terminal is used to access the Command Line Interface (CLI) of the Device. (Start --Menu—Programs—Accessories—Communications--Hyper Terminal)
Switch Console Modes of CLI:
User-exec mode Switch> Privilege mode Switch# Global Configuration mode Switch(config)#
How to switch in different modes: Switch> enable Switch# config terminal Switch(config)# Note: To return to the previous mode use “Exit” command in the current mode. Copyright@ CTTC
8
How to Set Hostname and Configure Console Password: Switch(config)# hostname CISCO CISCO(config)#line console 0 CISCO(config-line)#password cisco123 CISCO(config-line)#login
How to Set Privilege level password: !!! Clear Text Password not encrypted(less priority) CISCO(config)#enable password ccna123 !!! Encrypted password (more Priority) CISCO(config)#enable secret cttc123
Verify the Password CISCO(config)#exit CISCO#exit CISCO con0 is now available Press RETURN to get started. User Access Verification !!! TYPE HERE LINE CONSOLE Password Password: CISCO>enable !!! TYPE HERE Privilege Level Password Password:
Copyright@ CTTC
9
How to Set User Authentication in Switch CISCO#config terminal CISCO(config)#line console 0 CISCO(config-line)# login local CISCO(config-line)#exit CISCO(config)#username cttc password ccna123
Copyright@ CTTC
10
Verify the Authentication
CISCO(config)#exit CISCO#exit
Verify the User Status CISCO#show users Line User Host(s) Idle Location * 0 con 0 cttc idle 00:00:00
Copyright@ CTTC
11
Password Recovery
Configuration on Router Router>enable Router#config t Router(config)#line console 0 Router(config-line)Password cisco Router(config-line)#Login Router(config-line)#Exit
For password recovery power cycle the router and press ctrl+break.
After we enter the rommon mode type: Rommon 1 > confreg 0x2142 Rommon 2 > reset
Copyright@ CTTC
12
How to Set Telnet password: CISCO(config)#line vty 0 15 CISCO(config-line)#password cisco CISCO(config-line)#login CISCO(config-line)#exit
How to Enable The Device to Establish Telnet/SSH Session: CISCO(config)#interface vlan 1 CISCO(config-if)#ip address 10.0.0.10 255.0.0.0 CISCO(config-if)#no shutdown Note: VLAN 1 IP address is used to establish the telnet session. Go to command prompt and use telnet command to make a telnet session with the device. C:\>telnet 10.0.0.10
Configuring SSH: CISCO(config)#username taha password abc123 CISCO(config)#ip domain-name cttc.net CISCO(config)#crypto key generate rsa The name for the keys will be: CISCO.cttc.net Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 512 % Generating 512 bit RSA keys ...[OK] CISCO(config)#line vty 0 15 CISCO(config-line)#login local CISCO(config-line)#transport input ssh
Copyright@ CTTC
13
Note: VLAN 1 must be configured as show in TELNET section. Putty software iscommonly used to establish SSH session.
Verify Command’s: CISCO(config)#show line vty 0 15 Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 1 VTY - -13 0 0/0 2 VTY - - - - - 0 0 0/0 3 VTY - - - - - 0 0 0/0 4 VTY - - - - - 0 0 0/0 5 VTY - - - - - 0 0 0/0 6 VTY - - - - - 0 0 0/0 7 VTY - - - - - 0 0 0/0 8 VTY - - - - - 0 0 0/0 9 VTY - - - - - 0 0 0/0 10 VTY - - - - - 0 0 0/0 11 VTY - - - - - 0 0 0/0 12 VTY - - - - - 0 0 0/0 13 VTY - - - - - 0 0 0/0 14 VTY - - - - - 0 0 0/0 15 VTY - - - - - 0 0 0/0 16 VTY - - - - - 0 0 0/0 – !!! ―*‖ show that one VTY Session is active:
Copyright@ CTTC
14
LAB: VLAN Configuration Objective: To Create and Configure VLAN CISCO#config terminal CISCO(config)#vlan 10 CISCO(config-vlan)#name HR CISCO(config-vlan)#exit CISCO(config)#vlan 20 CISCO(config-vlan)#name Sales CISCO(config-vlan)#exit
Verify VLANs CISCO#show vlan brief VLAN Name Status Ports ------- ---------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 HR active 20 Sales active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Note: All ports of the switch are member of VLAN 1 by default.
How to Assign Ports to Different VLANs: CISCO(config)#interface fa0/1 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport access vlan 10 CISCO(config-if)#exit CISCO(config)#interface fa0/2 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport access vlan 20
Copyright@ CTTC
15
Verify Ports in VLANS CISCO#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 HR active Fa0/1 20 Sales active Fa0/2
Copyright@ CTTC
16
LAB:PORT SECURITY OBJECTIVE: TO IMPLEMENT BASIC PORT SECURITY FEATURES ON INTERFACE
CISCO(config)#interface fa0/1 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport port-security CISCO(config-if)#switchport port-security mac-address sticky CISCO(config-if)#switchport port-security maximum 1 CISCO(config-if)#switchport port-security violation shutdown CISCO(config-if)#exit CISCO(config)#interface fa0/2 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport port-security CISCO(config-if)#switchport port-security mac-address sticky CISCO(config-if)#switchport port-security maximum 1 CISCO(config-if)#switchport port-security violation shutdown
Copyright@ CTTC
17
Verify Port-Security MAC Address: CISCO#show port-security address Secure Mac Address Table ------------------------------------------------------------------------------Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------1 0060.705E.07CB SecureSticky FastEthernet0/1 1 0090.21BD.4810 SecureSticky FastEthernet0/2 -----------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024
Verify Port-Security Interface FastEnthernet Fa0/1: CISCO#show port-security interface f0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0060.705E.07CB:1 Security Violation Count : 0 Note: Max Addresses value depends upon the model of the device. Manual MAC address can be entered in port-security instead on using ―sticky‖ command. Violation modes can be set to protect, restrict or shutdown.
What happens if violation occurred: When a new PC is attached to the port on which port-security is enabled then Switch will take an action which is set in the violation mode.
Copyright@ CTTC
18
Verify when violation is occurred: CISCO#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) ------------------------------------------------------------------------------------------------------------Fa0/1 1 1 1 Shutdown Fa0/2
1
1
1
Shutdown
-------------------------------------------------------------------------------------------------------------
Copyright@ CTTC
19
LAB: Rapid Spanning Tree Protocol (RSTP) OBJECTIVE: To Implement STP, It’s Improvement RSTP and To Configure Root Bridges for Different VLANS.
Verify Root Bridge on Switch-1: Switch-1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0002.16EE.8B7E This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0002.16EE.8B7E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/1 Desg FWD 19 128.1 P2p Fa0/2 Desg FWD 19 128.2 P2p Note: If the switch is ―Root Bridge‖, it will display the message ―This bridge is the root‖. Root ID Address and Bridge ID Address will be same in case of Root Bridge. Default priority is 32768. VLAN ID (System Extension ID) is added to the default priority. VLAN 1 is the default VLAN so the priority for VLAN 1 is 32769 (32768+1). Copyright@ CTTC
20
Enabling RSTP: Switch-1(config)#spanning-tree mode rapid-pvst Note: The above command will be issued on all the switches of the network.
Verify RSTP: Switch-1#show spanning-tree VLAN0001
Spanning tree enabled protocol rstp Root ID
Bridge ID
Priority 32769 Address 0002.16EE.8B7E This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 0002.16EE.8B7E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20
Changing Switch-2 to Root Bridge: Switch-2(config)#spanning-tree vlan 1 priority 4096 Note: Priority must be in the multiple 4096. To change the root bridge, you can also use the following command: Switch-2(config)#spanning-tree vlan 1 root primary
Verify Switch-2 as Root Bridge: Switch-2#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 000C.CF21.CBC1 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 000C.CF21.CBC1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20
Copyright@ CTTC
21
Enabling Portfast feature on all switches: Switch-1(config)#spanning-tree portfast default Note: Above command will be issued to all the switches in the network. By enabling portfast feature on all the switches, will disable the STP process on all non-trunk ports. It will cause to take less time to change the state to up on all non-trunking ports. To verify this feature, connect a PC to the switch and the port will be up within 5 seconds.
Copyright@ CTTC
22
Etherchannel Configuration:
Configuring Switch-1: Switch-1(config)#interface range fa0/1 - 2 Switch-1(config-if-range)#channel-group 1 mode on Switch-1(config-if-range)#exit Switch-1(config)#interface port-channel 1 Switch-1(config-if)#switchport mode trunk
Configuring Switch-2: Switch-2(config)#interface range fa0/1 - 2 Switch-2(config-if-range)#channel-group 1 mode on Switch-2(config-if-range)#exit Switch-2(config)#interface port-channel 1 Switch-2(config-if)#switchport mode trunk
Verify Etherchannel: Switch-1#show etherchannel summary …… Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports --------+-----------------+------------+------------------------1 Po1(SU) Fa0/1(P) Fa0/2(P)
Copyright@ CTTC
23
LAB:InterVLAN Routing (IVR): Objective: To Create Vlans &to show Routing B/W the Vlans
Configuring Switch: Switch(config)#vlan 10 Switch(config-vlan)#name HR Switch(config-vlan)#vlan 20 Switch(config-vlan)#name Sales Switch(config-vlan)#exit Switch(config)#interface fa0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config-if)#exit Switch(config)#interface fa0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config-if)#exit Switch(config)#interface fa0/3 Switch(config-if)#switchport mode trunk
Copyright@ CTTC
24
Configuring Router: Router(config)#interface fa0/0 Router(config-if)#no shutdown Router(config-if)#exit
Creating sub-interface for VLAN 10 on router: Router(config)#interface fa0/0.10 Router(config-subif)#encapsulation dot1Q 10 Router(config-subif)#ip address 10.0.0.100 255.0.0.0 Router(config-subif)#exit
Creating sub-interface for VLAN 20 on router: Router(config)#interface fa0/0.20 Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip address 20.0.0.100 255.0.0.0 Router(config-subif)#exit
Configuring IP on PC:
Copyright@ CTTC
25
Verify InterVLAN Routing:
Copyright@ CTTC
26
LAB: Static Routing: Objective: To Implement Stating Routing in IPversion 4
Configuring R1: R1(config)#interface fa0/0 R1(config-if)#ip address 10.0.0.100 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface s0/1/0 R1(config-if)#ip address 192.168.1.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R2(config-if)#exit Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to this.
Configuring R2: R2(config)#interface fa0/0 R2(config-if)#ip address 20.0.0.100 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface s0/1/0 R2(config-if)#ip address 192.168.1.2 255.255.255.252 R2(config-if)#no shutdown R2(config-if)#exit Adding static route on R1 for network 20.0.0.0: R1(config)#ip route 20.0.0.0 255.255.255.0 s0/1/0 Adding static route on R2 for network 10.0.0.0: R2(config)#ip route 10.0.0.0 255.255.255.0 192.168.1.1
Copyright@ CTTC
27
Note: When configuring the static route on router R1 we used the local interface of the router R1 i.e s0/1/0, whereas, when configuring router R2 we use the next hop address as Forwarding router's address.
Verify the routes on Router R1: R1#show ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets S 20.0.0.0 is directly connected, Serial0/1/0 192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, Serial0/1/0
Verify the routes on Router R2: R2#show ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets S 10.0.0.0 [1/0] via 192.168.1.1 20.0.0.0/24 is subnetted, 1 subnets
C 20.0.0.0 is directly connected, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/1/0
Copyright@ CTTC
28
Verifying the ping reply from PC-2 to PC-1:
Copyright@ CTTC
29
LAB: Enhanced Interior Gateway Routing Protocol (EIGRP): Objective: To Implement EIGRP in IP version 4
Configuring R1: R1(config)#interface fa0/0 R1(config-if)#ip address 10.0.0.100 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface s0/1/0 R1(config-if)#ip address 192.168.1.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R2(config-if)#exit Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to this.
Configuring R2: R2(config)#interface fa0/0 R2(config-if)#ip address 20.0.0.100 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface s0/1/0 R2(config-if)#ip address 192.168.1.2 255.255.255.252 R2(config-if)#no shutdown R2(config-if)#exit
Copyright@ CTTC
30
Adding networks for EIGRP on Router R1: R1(config)#router eigrp 100 R1(config-router)#network 10.0.0.0 R1(config-router)#network 192.168.1.0 R1(config-router)#no auto-summary R1(config-router)#exit Note: All directly connected networks will be issued in the router eigrp mode. Autonomous System number must be same on all the routers in the network.
Adding networks for EIGRP on Router R2: R1(config)#router eigrp 100 R1(config-router)#network 20.0.0.0 R1(config-router)#network 192.168.1.0 R1(config-router)#no auto-summary R1(config-router)#exit
Verify the routes on Router R1: R1#show ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets D 20.0.0.0 [90/2172416] via 192.168.1.2, 00:00:16, Serial0/1/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/1/0
Verify the routes on Router R2: R2#sh ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets D 10.0.0.0 [90/2172416] via 192.168.1.1, 00:00:05, Serial0/1/0 20.0.0.0/24 is subnetted, 1 subnets C 20.0.0.0 is directly connected, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/1/0
Copyright@ CTTC
31
Verifying neighbors for R1: R1#sh ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Seq (sec) Num 0 192.168.1.2 Se0/1/0 11
Uptime
SRTT RTO Q
(ms)
Cnt
0:02:05
40
1000
0
Uptime
SRTT RTO
Q
3
Verifying neighbors for R2: R2#sh ip eigrp neighbors R2#sh ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Seq Num (sec) 0
192.168.1.1
Se0/1/0
13
(ms) 00:03:15
Cnt 40
1000
0
Note: To verify the currently enabled routing protocols, use the following command: R1#show ip protocols To view all the routes that has been calculated by EIGRP, use the following command:
R1#show ip eigrp topology.
Copyright@ CTTC
3
32
LAB: Open Shortest Path First (OSPF): Objective: To Implement OSPF in IP version 4
Configuring R1: R1(config)#interface fa0/0 R1(config-if)#ip address 10.0.0.100 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface s0/1/0 R1(config-if)#ip address 192.168.1.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R2(config-if)#exit Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to this.
Configuring R2: R2(config)#interface fa0/0 R2(config-if)#ip address 20.0.0.100 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface s0/1/0 R2(config-if)#ip address 192.168.2.2 255.255.255.252 R2(config-if)#no shutdown R2(config-if)#exit
Copyright@ CTTC
33
Configuring Central Router (ABR): ABR(config)#int s0/1/0 ABR(config-if)#ip add ABR(config-if)#ip address 192.168.1.2 255.255.255.252 ABR(config-if)#no shutdown ABR(config-if)#exit ABR(config)#int s0/1/1 ABR(config-if)#ip address 192.168.2.1 255.255.255.252 ABR(config-if)#clock rate 64000 ABR(config-if)#no shutdown ABR(config-if)#exit
Adding networks for OSPF on Router R1 as Area 0 (Backbone Area): R1(config)#router ospf 10 R1(config-router)#network 10.0.0.0 0.0.0.255 area 0 R1(config-router)#network 192.168.1.0 0.0.0.3 area 0 R1(config-router)#exit
Adding networks for OSPF on Router R2 as Area 1 (Regular Area): R2(config)#router ospf 20 R2(config-router)#network 20.0.0.0 0.0.0.255 area 1 R2(config-router)#network 192.168.2.0 0.0.0.3 area 1 R2(config-router)#exit
Adding networks for OSPF on Router ABR as Area 0 and Area 1: ABR(config)#router ospf 50 ABR(config-router)#network 192.168.1.0 0.0.0.3 area 0 ABR(config-router)#network 192.168.2.0 0.0.0.3 area 1 ABR(config-router)#exit
Verify the routes on Router R1: R1#show ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets O IA 20.0.0.0 [110/129] via 192.168.1.2, 00:09:19, Serial0/1/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/1/0 192.168.2.0/30 is subnetted, 1 subnets O IA 192.168.2.0 [110/128] via 192.168.1.2, 00:09:19, Serial0/1/0
Copyright@ CTTC
34
Verify the routes on Router R2: R2#show ip route: Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets O IA 10.0.0.0 [110/129] via 192.168.2.1, 00:11:48, Serial0/1/0 20.0.0.0/24 is subnetted, 1 subnets C 20.0.0.0 is directly connected, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets O IA 192.168.1.0 [110/128] via 192.168.2.1, 00:11:48, Serial0/1/0 192.1 68.2.0/30 is subnetted, 1 subnets C 192.168.2.0 is directly connected, Serial0/1/0
Verify the routes on Router ABR: ABR#show ip route: Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets O 10.0.0.0 [110/65] via 192.168.1.1, 00:13:30, Serial0/1/0 20.0.0.0/24 is subnetted, 1 subnets O 20.0.0.0 [110/65] via 192.168.2.2, 00:13:11, Serial0/1/1 192.168.1.0/30 is subnetted, 1 subnets
C
192.168.1.0 is directly connected, Serial0/1/0 192.168.2.0/30 is subnetted, 1 subnets 92.168.2.0 is directly connected, Serial0/1/1
C1
Note: More commands to verify OSPF:
R1#show ip ospf neighbor R1#show ip ospf database
Copyright@ CTTC
35
LAB: Hot Standby Router Protocol (HSRP): Objective: How to show Redundancy by using HSRP
Configuring WAN-RT: WAN-RT(config)#interface Loopback0 WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/0 WAN-RT(config-if)#ip address 172.16.2.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/1 WAN-RT(config-if)#ip address 172.16.1.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#router rip WAN-RT(config-router)#version 2 WAN-RT(config-router)#network 172.16.0.0 WAN-RT(config-router)#network 200.0.0.0 WAN-RT(config-router)#no auto-summary WAN-RT(config-router)#exit
Copyright@ CTTC
36
Configuring Master-RT: Master-RT(config)#interface FastEthernet0/0 Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0 Master-RT(config-if)#standby 1 ip 10.0.0.100 Master-RT(config-if)#standby 1 priority 110 Master-RT(config-if)#standby 1 preempt Master-RT(config-if)#standby 1 track FastEthernet0/1 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit
Master-RT(config-if) Master-RT(config )#interface FastEthernet0/1 Master-RT(config-if)#ip address 172.16.1.2 255.255.255.0 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit Master-RT(config)#router rip Master-RT(config-router)#version 2 Master-RT(config-router)#network 10.0.0.0 Master-RT(config-router)#network 172.16.0.0 Master-RT(config-router)#no auto-summary
Configuring Backup-RT: Backup-RT(config)#interface FastEthernet0/0 Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0 Backup-RT(config-if)#standby 1 ip 10.0.0.100 Backup-RT(config-if)#standby 1 priority 95 Backup-RT(config-if)#standby 1 preempt Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#interface FastEthernet0/1 Backup-RT(config-if)#ip address 172.16.2.2 255.255.255.0 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#router rip Backup-RT(config-router)#version 2 Backup-RT(config-router)#network 10.0.0.0 Backup-RT(config-router)#network 172.16.0.0 Backup-RT(config-router)#no auto-summary
Copyright@ CTTC
37
Verify Master-RT: Master-RT#show standby
Note: When the network is perfectly up, Master-RT must be in Active State. If FastEthernet port of Master-RT gone down then Backup-RT will become active. Now check Backup-RT when the Fa0/1 of Master-RT is down
Copyright@ CTTC
38
Verify Backup-RT when Fa0/1 of Master-RT is down: Backup-RT#show standby
Copyright@ CTTC
39
LAB: Virtual Router Redundancy Protocol(VRRP) Objective: How to show Redundancy by using VRRP
Configuring WAN-RT: WAN-RT(config)#interface Loopback0 WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/0 WAN-RT(config-if)#ip address 172.16.2.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/1 WAN-RT(config-if)#ip address 172.16.1.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#router rip WAN-RT(config-router)#version 2 WAN-RT(config-router)#network 172.16.0.0 WAN-RT(config-router)#network 200.0.0.0 WAN-RT(config-router)#no auto-summary WAN-RT(config-router)#exit
Copyright@ CTTC
40
Configuring Master-RT: Master-RT(config)#interface FastEthernet0/0 Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0 Master-RT(config-if)#vrrp 1 ip 10.0.0.100 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit Master-RT(config-if) Master-RT(config )#interface FastEthernet0/1 Master-RT(config-if)#ip address 172.16.1.2 255.255.255.0 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit Master-RT(config)#router rip Master-RT(config-router)#version 2 Master-RT(config-router)#network 10.0.0.0 Master-RT(config-router)#network 172.16.0.0 Master-RT(config-router)#no auto-summary Configuring Backup-RT: Backup-RT(config)#interface FastEthernet0/0 Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0 Backup-RT(config-if)#vrrp 1 ip 10.0.0.100 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#interface FastEthernet0/1 Backup-RT(config-if)#ip address 172.16.2.2 255.255.255.0 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#router rip Backup-RT(config-router)#version 2 Backup-RT(config-router)#network 10.0.0.0 Backup-RT(config-router)#network 172.16.0.0 Backup-RT(config-router)#no auto-summary
Copyright@ CTTC
41
Verify Master-RT: Master-RT# show VRRP
Note: When the network is perfectly up, Master-RT must be in Active State. If FastEthernet port of Master-RT gone down then Backup-RT will become active. Now check Backup-RT when the Fa0/1 of Master-RT is down
Verify Backup-RT when Fa0/1 of Master-RT is down: Backup-RT#show VRRP
Copyright@ CTTC
42
LAB: Gateway Load Balancing Protocol Objective: How to show Redundancy by using GLBP
Configuring WAN-RT: WAN-RT(config)#interface Loopback0 WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/0 WAN-RT(config-if)#ip address 172.16.2.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/1 WAN-RT(config-if)#ip address 172.16.1.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#router rip WAN-RT(config-router)#version 2 WAN-RT(config-router)#network 172.16.0.0 WAN-RT(config-router)#network 200.0.0.0 WAN-RT(config-router)#no auto-summary WAN-RT(config-router)#exit
Copyright@ CTTC
43
Configuring Master-RT: Master-RT(config)#interface FastEthernet0/0 Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0 Master-RT(config-if)#glbp 1 ip 10.0.0.100 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit
Master-RT(config-if) Master-RT(config )#interface FastEthernet0/1 Master-RT(config-if)#ip address 172.16.1.2 255.255.255.0 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit Master-RT(config)#router rip Master-RT(config-router)#version 2 Master-RT(config-router)#network 10.0.0.0 Master-RT(config-router)#network 172.16.0.0 Master-RT(config-router)#no auto-summary
Configuring Backup-RT: Backup-RT(config)#interface FastEthernet0/0 Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0 Backup-RT(config-if)#glbp 1 ip 10.0.0.100 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#interface FastEthernet0/1 Backup-RT(config-if)#ip address 172.16.2.2 255.255.255.0 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#router rip Backup-RT(config-router)#version 2 Backup-RT(config-router)#network 10.0.0.0 Backup-RT(config-router)#network 172.16.0.0 Backup-RT(config-router)#no auto-summary
Copyright@ CTTC
44
Verify Master-RT: Master-RT# show GLBP
Copyright@ CTTC
45
Verify Backup-RT when Fa0/1 of Master-RT is down: Backup-RT#show GLBP
Copyright@ CTTC
46
LAB: How to Configure IPv6 on CISCO Router Objective: To Implement IP Version 6 on Routers
Configure R1’s interface S1/0 with ipv6 address R1(config)#ipv6 unicast-routing R1(config)#interface serial 1/0 R1(config-if)#ipv6 address 2001:abad:beef:1::1/64 R1(config-if)#no shutdown R2(config)#ipv6 unicast-routing R2(config)#interface serial 1/0 R2(config-if)#ipv6 address 2001:abad:beef:1::2/64 R2(config-if)#no shutdown
Verify IPv6 address: R1#show ipv6 interface
Copyright@ CTTC
47
Verify IPv6 communication between R2 and R1 using ping:
Copyright@ CTTC
48
LAB: Configuring IPv6 Auto configures Objective: To Show How Routers Acquire The Ipv6 Address Automatically
Configuring R1#: R1(config)#ipv6 unicast-routing R1(config)#int fa0/0 R1(config-if)#ipv6 address 2001:abad:5001:1::1/64 R1(config-if)#ipv6 nd prefix 2001:abad:5001:1::/64 R1(config-if)#no shutdown
Configuring R2#: R2(config)#ipv6 unicast-routing R2(config)#int fa0/0 R2(config-if)#ipv6 address autoconfig R2(config-if)#no shutdown R2(config-if)#exit
Configuring R3#: R3(config)#ipv6 unicast-routing R3(config)#int fa0/0 R3(config-if)#ipv6 address autoconfig R3(config-if)#no shutdown R3(config-if)#end
Copyright@ CTTC
49
Verify Autoconfigure IPv6 on R2’s interface Fa0/0:
Copyright@ CTTC
50
LAB: Configure RIPng on Router: Background: In this configuration example, routers R1 and R2 are connected via Serial interface and Loopback addresses are configured to generate networks. All the interfaces are configured with the IPv6 addresses.
Configure on R1: R1(config)#ipv6 unicast-routing R1(config)#int s1/0 R1(config-if)#ipv6 address 2001:abad:5001:1::1/64 R1(config-if)#ipv6 rip cttc enable R1(config-if)#no shutdown R1(config-if)#exit R1(config)#int Loopback 10 R1(config-if)#ipv6 address 1:1:1:1::1/64 R1(config-if)#ipv6 rip cttc enable R1(config-if)#no shutdown R1(config-if)#exit R1(config)#int Loopback 20 R1(config-if)#ipv6 address 1:1:1:2::1/64 R1(config-if)#ipv6 rip cttc enable R1(config-if)#no shutdown R1(config-if)#exit
Copyright@ CTTC
51
Configure on R2: R2(config)#ipv6 unicast-routing R2(config)#int s1/0 R2(config-if)#ipv6 address 2001:abad:5001:1::2/64 R2(config-if)#ipv6 rip cttc enable R2(config-if)#no shutdown R2(config-if)#exit R2(config)#int Loopback 0 R2(config-if)#ipv6 address 2:2:2:2::1/64 R2(config-if)#ipv6 rip cttc enable R2(config-if)#no shutdown R2(config-if)#exit R2(config)#int Loopback 1 R2(config-if)#ipv6 address 2:2:2:1::1/64 R2(config-if)#ipv6 rip cttc enable R2(config-if)#no shutdown R2(config-if)#exit Note: In the syntax cttc specified the Process, you can run multiple processes on a Route
Copyright@ CTTC
52
Verify RIPng Routes: R1#show ipv6 route
Copyright@ CTTC
53
Verify information about the current IPv6 RIP process
Verify the reachability between the routers R1 and R2, use the ping command:
Copyright@ CTTC
54
LAB: Configuring OSPF V.3.0 OBJECTIVE: TO IMPLEMENT OSPF ROUTING PROTOCOL IN IPV6
Configure R1: R1(confg)#ipv6 unicast-routing R1(config)#int s1/0 R1(config-if)#ipv6 address 2001:abad:5001:1::1/64 R1(config-if)#no shutdown R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#exit R1(config)#int Loopback 10 R1(config-if)#ipv6 address 1:1:1:1::1/64 R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#int Loopback 20 R1(config-if)#ipv6 address 1:1:1:2::1/64 R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ipv6 router ospf 1 R1(config-rtr)#router-id 1.1.1.1 R1(config-if)#exit
Copyright@ CTTC
55
Configuring R2: R2(confg)#ipv6 unicast-routing R2(config)#int s1/0 R2(config-if)#ipv6 address 2001:abad:5001:1::2/64 R2(config-if)#no shutdown R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#exit R2(config)#int Loopback 0 R2(config-if)#ipv6 address 2:2:2:2::1/64 R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#int Loopback 1 R2(config-if)#ipv6 address 2:2:2:1::1/64 R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#ipv6 router ospf 1 R2(config-rtr)#router-id 2.2.2.2 R2(config-rtr)#exit Configure R1′s Loopback 10, 20 and R2’s Loopback 0, 1 interface to participate in OSPF Area 0 and ensure that R1 & R2 advertises Lo0 as a /64 subnet and not a host route (/128). Note: Loopback interfaces have their own OSPF network type in which case OSPF advertises a host route to the loopback interface and not the configure subnet mask. To change OSPF to advertise the subnet assigned to the loopback interface you’ll need to change the network type to point-to-point as shown below:
For R1: R1(config)#interface loopback 10 R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#ipv6 ospf network point-to-point R1(config-if)#exit R1(config)#interface loopback 20 R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#ipv6 ospf network point-to-point R1(config-if)#exit
Copyright@ CTTC
56
For R2: R2(config)#interface loopback 0 R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#ipv6 ospf network point-to-point R2(config-if)#exit R2(config)#interface loopback 1 R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#ipv6 ospf network point-to-point R2(config-if)#exit
Verify R1′s Loopback0 network is in the IPv6 routing table of R2: R1#show ipv6 route ospf
Copyright@ CTTC
57
Verify R1′s Loopback10 network has IPv6 connectivity to R2′s Loopback0 network using PING:
Copyright@ CTTC
58
LAB: Configuring EIGRP OBJECTIVE: TO Implement EIGRP in IPV6
Configure R1: R1(config)#ipv6 unicast-routing R1(config)#int s1/0 R1(config-if)#ipv6 address 2001:abad:5001:1::1/64 R1(config-if)#no shutdown R1(config-if)#ipv6 eigrp 100 R1(config-if)#exit R1(config)#ipv6 router eigrp 100 R1(config-rtr)#eigrp router-id 1.1.1.1 R1(config-rtr)#exit R1(config)#int Loopback 10 R1(config-if)#ipv6 address 1:1:1:1::1/64 R1(config-if)#no shutdown R1(config-if)#ipv6 eigrp 100 R1(config-rtr)#exit R1(config)#int loopback 20 R1(config-if)#ipv6 address 1:1:1:2::1/64 R1(config-if)#no shutdown R1(config-if)#ipv6 eigrp 100 R1(config-if)#exit
Copyright@ CTTC
59
Configure R2: R2(config)#ipv6 unicast-routing R2(config)#int s1/0 R2(config-if)#ipv6 address 2001:abad:5001:1::2/64 R2(config-if)#no shutdown R2(config-if)#ipv6 eigrp 100 R2(config-if)#exit R2(config)#ipv6 router eigrp 100 R2(config-rtr)#eigrp router-id 2.2.2.2 R2(config-rtr)#exit R2(config)#int Loopback 0 R2(config-if)#ipv6 address 2:2:2:2::1/64 R2(config-if)#no shutdown R2(config-if)#ipv6 eigrp 100 R2(config-rtr)#exit R2(config)#int Loopback 1 R2(config-if)#ipv6 address 2:2:2:1::1/64 R2(config-if)#no shutdown R2(config-if)#ipv6 eigrp 100 R2(config-if)#exit
Copyright@ CTTC
60
Verify R1′s Loopback0 network is in the IPv6 routing table of R2: R1#show ipv6 route eigrp:
Copyright@ CTTC
61
LAB: WAN Encapsulation OBJECTIVE: To Implement authentication method and encapsulation used for WAN
Configuring R1: R1(config)#int s0/3/0 R1(config-if)#ip address 192.168.1.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#encapsulation ppp R1(config-if)#ppp authentication chap pap R1(config-if)#no shutdown R1(config-if)#exit R1(config)#username R2 password cisco
Configuring R2: R2(config)#int s0/3/0 R2(config-if)#ip address 192.168.1.2 255.255.255.252 R2(config-if)#encapsulation ppp R2(config-if)#ppp authentication chap pap R2(config-if)#no shutdown R2(config-if)#exit R2(config)#username R1 password cisco Note: Username R2 must be created on Router R1 and username R1 must be created on Router R2, where usernames R1 and R2 are the hostname of their respective Routers. Passwords on both the routers must be same.
Copyright@ CTTC
62
Verify point-to-point connectivity: R1#ping 192.168.1.2
Copyright@ CTTC
63
LAB:Frame Relay OBJECTIVE: To Show How Router Connects With Each Other Over Cloud Using Frame Relay
Configuring R1: R1(config)#int s0/3/0 R1(config-if)#no shutdown R1(config-if)#encapsulation frame-relay R1(config-if)#exit R1(config)#interface s0/3/0.122 point-to-point R1(config-subif)#ip address 10.1.2.1 255.255.255.0 R1(config-subif)#frame-relay interface-dlci 122 R1(config-subif)#exit R1(config)#interface s0/3/0.123 point-to-point R1(config-subif)#ip address 10.1.3.1 255.255.255.0 R1(config-subif)#frame-relay interface-dlci 123 R1(config-subif)#exit R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-router)#network 10.1.2.0 R1(config-router)#network 10.1.3.0 R1(config-router)#exit
Copyright@ CTTC
64
Configuring R2: R2(config)#int s0/3/0 R2(config-if)#ip address 10.1.2.2 255.255.255.0 R2(config-if)#encapsulation frame-relay R2(config-if)#frame-relay interface-dlci 221 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto-summary R2(config-router)#network 10.1.2.0
Configuring R3: R3(config)#int s0/3/0 R3(config-if)#ip address 10.1.3.2 255.255.255.0 R3(config-if)#encapsulation frame-relay R3(config-if)#frame-relay interface-dlci 321 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#router rip R3(config-router)#version 2 R3(config-router)#no auto-summary R3(config-router)#network 10.1.3.0 R3(config-router)#exit
Copyright@ CTTC
65
Configuring WAN Emulation Cloud:
Note: Click on WAN cloud then click on Config tab. You will see all the interfaces on the left hand side. Now click on Serial0 button and add the DLCI value and Name as shown above and press ―Add‖ button. Serial0 is linked to two DLCI value, therefore both the DLCI values must be added. Now repeat the same procedure for Serial1 and Serial2.
Copyright@ CTTC
66
Configuring Frame Relay:
Note: Now click on ―Frame Relay‖ button and map the DLCI accordingly as shown above and press the ―Add‖ button. You can now verify the connectivity by sending ping packets as follows.
On Router R1: R1#ping 10.1.2.2 R1#ping 10.1.3.2
On Router R2: R2#ping 10.1.3.2
On Router R3: R3#ping 10.1.2.2
Copyright@ CTTC
67
LAB: Configuring DHCP on Cisco ROUTER OBJECTIVE: To Configure DHCP in Order To Show How a Client Can Be Assigned IP Address Automatically
Configuring Router R1: R1(config)#interface fa0/0 R1(config-if)#ip address 192.168.1.1 R1(config-if)#no shutdown R1(config-if)#exit Configuring the DHCP pool: R1(config)#ip dhcp pool cttc-pool R1(dhcp-config)#network 192.168.1.0 255.255.255.0 R1(dhcp-config)#default-router 192.168.1.1 R1(dhcp-config)#exit R1(config)#ip dhcp exclude-address 192.168.1.1 192.168.1.5 R1(config)#end
Copyright@ CTTC
68
Verify DHCP Binding: R1#show ip dhcp binding
Copyright@ CTTC
69
Configuring PC:
Copyright@ CTTC
70
LAB: Standard ACL OBJECTIVE: To Implement Standard ACL in Order To Show How It Does the Filtration Based On Source Address
Copyright@ CTTC
71
Configuration on R1 Router>enable Router#configure t Router(config)#interface f0/0 Router(config-if)#ip address 10.0.0.100 255.255.255.0 Router(config-if)#no shutdown Router(config)#interface f0/1 Router(config-if)#ip add Router(config-if)#ip address 172.16.1.1 255.255.255.0 Router(config-if)#no sh Router(config-if)#no shutdown Router(config-if)#ex
Ping from Pc0 to Pc 1
Router(config)#access-list 50 deny host 10.0.0.1 Router(config)#int f0/0 Router(config-if)#ip access-group 50 in Router(config-if)#ex
Copyright@ CTTC
72
Ping after applying Acl
Copyright@ CTTC
73
LAB: Extended ACL OBJECTIVE: To show How Extended ACL Works by Filtration Based on Source and Destination Address
Copyright@ CTTC
74
Configuration on R0 Router>enable Router#configure t Router(config)#interface f0/0 Router(config-if)#ip address 172.16.1.1 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface f0/1 Router(config-if)#ip address 10.0.0.100 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#ex Router(config)#access-list 100 permit tcp host 10.0.0.1 host 200.1.1.1 eq 80 Router(config)#access-list 100 deny tcp host 10.0.0.2 host 200.1.1.1 eq www Router(config)#access-list 100 permit ip 10.0.0.0 0.0.0.255 any Router(config)#access-list 100 permit ip any any Router(config)#interface f0/0 Router(config-if)#ip access-group 100 out Router(config-if)#ex Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0
Configuration on R1 Router>enable Router#configure t Router(config)#interface f0/0 Router(config-if)#ip address 172.16.1.2 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface f0/1 Router(config-if)#ip address 200.1.1.100 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#ex Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0
Copyright@ CTTC
75
LAB: Static NAT Objective: To Show Static Translation from Public Ip Address to Private Ip Address by Implementing Static Nat
Configuration R0 Router#configure terminal Router(config)#ip nat inside source static 10.0.0.1 172.16.1.3 Router(config)#interface f0/0 Router(config-if)#ip nat outside Router(config-if)#ex Router(config)#interface f0/1 Router(config-if)#ip nat inside Router(config-if)#ex
Copyright@ CTTC
76
Ping from pc 1 to server 1 after that run the show command Router(config)#do sh ip nat translation Pro Inside global Inside local Outside local icmp 172.16.1.3:1 10.0.0.1:1 200.1.1.1:1 icmp 172.16.1.3:2 10.0.0.1:2 200.1.1.1:2 icmp 172.16.1.3:3 10.0.0.1:3 200.1.1.1:3 icmp 172.16.1.3:4 10.0.0.1:4 200.1.1.1:4 icmp 172.16.1.3:5 10.0.0.1:5 200.1.1.1:5 icmp 172.16.1.3:6 10.0.0.1:6 200.1.1.1:6 icmp 172.16.1.3:7 10.0.0.1:7 200.1.1.1:7 icmp 172.16.1.3:8 10.0.0.1:8 200.1.1.1:8 --- 172.16.1.3 10.0.0.1 -----
Copyright@ CTTC
Outside global 200.1.1.1:1 200.1.1.1:2 200.1.1.1:3 200.1.1.1:4 200.1.1.1:5 200.1.1.1:6 200.1.1.1:7 200.1.1.1:8
77
LAB: Dynamic NAT Objective: To Show Dynamic Translation from Public Ip Address to Private Ip Address by Implementing Dynamic Nat
Router(config)#ip nat pool abc 172.16.1.3 172.16.1.4 netmask 255.255.255.0 Router(config)#ip nat inside source list 10 pool abc Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255 Router(config)#interface f0/0 Router(config-if)#ip access-group 10 out
Ping from Pc1 & from Pc2 but not from Pc3 Router# show ip nat translations Pro Inside global Inside local Outside local Outside global tcp 172.16.1.3:1025 10.0.0.1:1025 200.1.1.1:80 200.1.1.1:80 tcp 172.16.1.4:1025 10.0.0.2:1025 200.1.1.1:80 200.1.1.1:80
Copyright@ CTTC
78
LAB: PAT Objective: To Show Translation from One Public Ip Address to Many Private Ip Address by Implementing Pat
Configuration on R1 Router(config)#ip nat pool abc 172.16.1.3 172.16.1.3 netmask 255.255.255.0 Router(config)#ip nat inside source list 10 pool abc overload Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255 Router(config)#interface f0/1 Router(config-if)#ip nat inside Router(config-if)#ex Router(config)#interface f0/0 Router(config-if)#ip nat outside Router(config-if)#ex Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0
Copyright@ CTTC
79
Ping 200.1.1.1 and then check the router translation Router(config)#do sh ip nat translation Pro Inside global Inside local Outside local Outside global icmp 172.16.1.3:5 10.0.0.1:5 200.1.1.1:5 200.1.1.1:5 icmp 172.16.1.3:6 10.0.0.1:6 200.1.1.1:6 200.1.1.1:6 icmp 172.16.1.3:7 10.0.0.1:7 200.1.1.1:7 200.1.1.1:7 icmp 172.16.1.3:8 10.0.0.1:8 200.1.1.1:8 200.1.1.1:8
Copyright@ CTTC
80
LAB:Trouble shooting of EIGRP
Configuration on R1 Router>enable Router#configure terminal Router(config)# interface s0/3/0 Router(config-if)#ip address 10.0.0.1 255.255.255.0 Router(config-if)#clock rate 64000 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface loopback 0 Router(config-if)#ip address 1.1.1.1 255.255.255.0 Router(config-if)#exit Router(config)#router eigrp 9 Router(config-router)#no auto-summary Router(config-router)#network 10.0.0.0 Router(config-router)#network 1.1.1.0 Router(config-router)#exit
Configuration on R2 Router>enable Router#configure terminal Router(config)#interface s0/3/0 Router(config-if)#ip address 10.0.0.2 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface loopback 0 Router(config-if)#ip address 2.2.2.2 255.255.255.0 Router(config-if)#exit Router(config)#router eigrp 100 Router(config-router)#network 10.0.0.0 Router(config-router)#network 2.2.2.0 Router(config-router)#no auto-summary Router(config-router)#exit
Copyright@ CTTC
81
After perform routing there is no ping from Router 1 to loopback 2.2.2.2, Basically the reason is that , Router 1 have the A.S number is 10 and Router 2 have A.S no: 9, that’s why there is no ping. Now I have to change the A.S no: of R2.
Copyright@ CTTC
82
LAB:SYSLOG OBJECTIVE: To Implement Syslog and to Show The Output it Generates On the Syslog Server
Configuration on Router Router>enable Router#conf t Router(config)#int fa0/0 Router(config-if)#ip address 10.0.0.1 255.0.0.0 Router(config-if)#no shut Router(config-if)#exit Router(config)#int fa0/1 Router(config-if)#ip address 20.0.0.1 255.0.0.0 Router(config-if)#no shut Router(config)#service timestamps log datetime msec Router(config)#logging host 20.0.0.2 Router(config)#logging trap debugging Router(config)#end *Mar 01, 00:04:47.044: *Mar 01, 00:04:47.044: %SYS-5-CONFIG_I: Configured from console by console Enter configuration commands, one per line. End with CNTL/Z.
Copyright@ CTTC
83
In order to generate the log do some configuration as below. Router(config)#router eigrp 10 Router(config-router)#exit Router(config)#int fa0/0 Router(config-if)#shutdown *Mar 01, 00:05:50.055: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down *Mar 01, 00:05:50.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down Router(config-if)#no shutdown Router(config-if)# *Mar 01, 00:05:52.055: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up *Mar 01, 00:05:52.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Now click the server to see the syslog messages.
Copyright@ CTTC
84
Copyright@ CTTC
View more...
Comments
