NEW CCNA LAB MANUAL-200-120.pdf

September 19, 2017 | Author: Hebert Ortiz | Category: Internet Standards, Routing, Internet Architecture, Computer Network, Data Transmission
Share Embed Donate


Short Description

Download NEW CCNA LAB MANUAL-200-120.pdf...

Description

2

Copyright CTTC Professional Development Program. CCNA Lab Manual (200-120) Copyright@ CTTC Published By CTTC 45-M, Block-6 P.E.C.H.S Karachi-75400 Pakistan. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording and information storage or retrieval system without written permission from the publisher, except for the inclusion of quotation in a review. Warning and Disclaimer This manual is designed to provide information about CCNA (200-120). Every effort Has been made to make this manual as complete and accurate as possible, but no warranty of fitness is implied. The information is provided on as basis and CTTC shall have neither liability nor responsibility to any person or entity with respect to any loss or damage Arising from the information contained in this manual. Authors Mr. Muddasar Sharif (Network Engineer) Mr. Tharpal Das (Associate Network Engineer) Reviewed By Mr. Ahmed Saeed (Head of Department-Cisco Division)

Copyright@ CTTC

3

Table of Contents Topics

page#

Basic Network Using CISCO Switch

6

Accessing Console of the Switch/Router Modes of CLI How to Set Hostname and Configure Console Password How to Set Privilege level password How to Set User Authentication in Switch Password Recovery How to Set Telnet password How to Enable the Device to Establish Telnet/SSH Session Configuring SSH

7 8 9 10 10 12 13 13 13

SWITHCING VLAN Configuration Port security Rapid Spanning Tree Protocol (RSTP) Ether channel Configuration Inter VLAN Routing (IVR)

15 17 20 23

ROUTING Static Routing Enhanced Interior Gateway Routing Protocol (EIGRP) Open Shortest Path First (OSPF)

27 30 33

First Hop Redundancy Protocols Hot Standby Router Protocol (HSRP) Virtual Router Redundancy Protocol(VRRP) Gateway Load balancing Protocol (GLBP)

36 40 43

IPV6 How to Configure IPv6 on CISCO Router Configuring IPv6 Auto configures Configure RIP ng on Router Configuring OSPF V3 Configuring EIGRP

Copyright@ CTTC

47 49 51 55 59

4

WAN Encapsulation Frame Relay Configuring DHCP

62 64 68

ACCESS LIST & N.A.T Standard Acl Extended Acl Static Nat Dynamic Nat Pat

71 74 76 78

TROUBLESHOOTING OF EIGRP

81

SYSLOG

83

Copyright@ CTTC

5

LAB: Basic Network Using CISCO Switch OBJECTIVE: To configure a cisco switch with basic configuration  Accessing Console of the Switch/Router       

Accessing Console of the Switch/Router Modes of CLI How to Set Hostname and Configure Console Password How to Set Privilege level password How to Set User Authentication in Switch How to Set Telnet password How to Enable The Device to Establish Telnet/SSH Session  Configuring SSH

Copyright@ CTTC

6

Topology

  

PC-1 is directly connected to switch with ip address 192.168.1.1 PC-2 is directly connected to switch with ip address 192.168.1.2 Switch being the intermediate device provide the communication path to both PC’s. Note: Both the PC’s must be on the same network.

Accessing Console of the Switch/Router

Copyright@ CTTC

7

 

RJ-45 to DB-9 adapter is used on the PC (COM port) to the device console Port through a roll-over cable. Hyper Terminal is used to access the Command Line Interface (CLI) of the Device. (Start --Menu—Programs—Accessories—Communications--Hyper Terminal)

Switch Console Modes of CLI:   

User-exec mode Switch> Privilege mode Switch# Global Configuration mode Switch(config)#

How to switch in different modes: Switch> enable Switch# config terminal Switch(config)# Note: To return to the previous mode use “Exit” command in the current mode. Copyright@ CTTC

8

How to Set Hostname and Configure Console Password: Switch(config)# hostname CISCO CISCO(config)#line console 0 CISCO(config-line)#password cisco123 CISCO(config-line)#login

How to Set Privilege level password: !!! Clear Text Password not encrypted(less priority) CISCO(config)#enable password ccna123 !!! Encrypted password (more Priority) CISCO(config)#enable secret cttc123

Verify the Password CISCO(config)#exit CISCO#exit CISCO con0 is now available Press RETURN to get started. User Access Verification !!! TYPE HERE LINE CONSOLE Password Password: CISCO>enable !!! TYPE HERE Privilege Level Password Password:

Copyright@ CTTC

9

How to Set User Authentication in Switch CISCO#config terminal CISCO(config)#line console 0 CISCO(config-line)# login local CISCO(config-line)#exit CISCO(config)#username cttc password ccna123

Copyright@ CTTC

10

Verify the Authentication

CISCO(config)#exit CISCO#exit

Verify the User Status CISCO#show users Line User Host(s) Idle Location * 0 con 0 cttc idle 00:00:00

Copyright@ CTTC

11

Password Recovery

Configuration on Router Router>enable Router#config t Router(config)#line console 0 Router(config-line)Password cisco Router(config-line)#Login Router(config-line)#Exit

For password recovery power cycle the router and press ctrl+break.

After we enter the rommon mode type: Rommon 1 > confreg 0x2142 Rommon 2 > reset

Copyright@ CTTC

12

How to Set Telnet password: CISCO(config)#line vty 0 15 CISCO(config-line)#password cisco CISCO(config-line)#login CISCO(config-line)#exit

How to Enable The Device to Establish Telnet/SSH Session: CISCO(config)#interface vlan 1 CISCO(config-if)#ip address 10.0.0.10 255.0.0.0 CISCO(config-if)#no shutdown Note: VLAN 1 IP address is used to establish the telnet session. Go to command prompt and use telnet command to make a telnet session with the device. C:\>telnet 10.0.0.10

Configuring SSH: CISCO(config)#username taha password abc123 CISCO(config)#ip domain-name cttc.net CISCO(config)#crypto key generate rsa The name for the keys will be: CISCO.cttc.net Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 512 % Generating 512 bit RSA keys ...[OK] CISCO(config)#line vty 0 15 CISCO(config-line)#login local CISCO(config-line)#transport input ssh

Copyright@ CTTC

13

Note: VLAN 1 must be configured as show in TELNET section. Putty software iscommonly used to establish SSH session.

Verify Command’s: CISCO(config)#show line vty 0 15 Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 1 VTY - -13 0 0/0 2 VTY - - - - - 0 0 0/0 3 VTY - - - - - 0 0 0/0 4 VTY - - - - - 0 0 0/0 5 VTY - - - - - 0 0 0/0 6 VTY - - - - - 0 0 0/0 7 VTY - - - - - 0 0 0/0 8 VTY - - - - - 0 0 0/0 9 VTY - - - - - 0 0 0/0 10 VTY - - - - - 0 0 0/0 11 VTY - - - - - 0 0 0/0 12 VTY - - - - - 0 0 0/0 13 VTY - - - - - 0 0 0/0 14 VTY - - - - - 0 0 0/0 15 VTY - - - - - 0 0 0/0 16 VTY - - - - - 0 0 0/0 – !!! ―*‖ show that one VTY Session is active:

Copyright@ CTTC

14

LAB: VLAN Configuration Objective: To Create and Configure VLAN CISCO#config terminal CISCO(config)#vlan 10 CISCO(config-vlan)#name HR CISCO(config-vlan)#exit CISCO(config)#vlan 20 CISCO(config-vlan)#name Sales CISCO(config-vlan)#exit

Verify VLANs CISCO#show vlan brief VLAN Name Status Ports ------- ---------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 HR active 20 Sales active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Note: All ports of the switch are member of VLAN 1 by default.

How to Assign Ports to Different VLANs: CISCO(config)#interface fa0/1 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport access vlan 10 CISCO(config-if)#exit CISCO(config)#interface fa0/2 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport access vlan 20

Copyright@ CTTC

15

Verify Ports in VLANS CISCO#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 HR active Fa0/1 20 Sales active Fa0/2

Copyright@ CTTC

16

LAB:PORT SECURITY OBJECTIVE: TO IMPLEMENT BASIC PORT SECURITY FEATURES ON INTERFACE

CISCO(config)#interface fa0/1 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport port-security CISCO(config-if)#switchport port-security mac-address sticky CISCO(config-if)#switchport port-security maximum 1 CISCO(config-if)#switchport port-security violation shutdown CISCO(config-if)#exit CISCO(config)#interface fa0/2 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport port-security CISCO(config-if)#switchport port-security mac-address sticky CISCO(config-if)#switchport port-security maximum 1 CISCO(config-if)#switchport port-security violation shutdown

Copyright@ CTTC

17

Verify Port-Security MAC Address: CISCO#show port-security address Secure Mac Address Table ------------------------------------------------------------------------------Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------1 0060.705E.07CB SecureSticky FastEthernet0/1 1 0090.21BD.4810 SecureSticky FastEthernet0/2 -----------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024

Verify Port-Security Interface FastEnthernet Fa0/1: CISCO#show port-security interface f0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0060.705E.07CB:1 Security Violation Count : 0 Note:  Max Addresses value depends upon the model of the device.  Manual MAC address can be entered in port-security instead on using ―sticky‖ command.  Violation modes can be set to protect, restrict or shutdown.

What happens if violation occurred: When a new PC is attached to the port on which port-security is enabled then Switch will take an action which is set in the violation mode.

Copyright@ CTTC

18

Verify when violation is occurred: CISCO#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) ------------------------------------------------------------------------------------------------------------Fa0/1 1 1 1 Shutdown Fa0/2

1

1

1

Shutdown

-------------------------------------------------------------------------------------------------------------

Copyright@ CTTC

19

LAB: Rapid Spanning Tree Protocol (RSTP) OBJECTIVE: To Implement STP, It’s Improvement RSTP and To Configure Root Bridges for Different VLANS.

Verify Root Bridge on Switch-1: Switch-1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0002.16EE.8B7E This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0002.16EE.8B7E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/1 Desg FWD 19 128.1 P2p Fa0/2 Desg FWD 19 128.2 P2p Note:  If the switch is ―Root Bridge‖, it will display the message ―This bridge is the root‖.  Root ID Address and Bridge ID Address will be same in case of Root Bridge.  Default priority is 32768. VLAN ID (System Extension ID) is added to the default priority. VLAN 1 is the default VLAN so the priority for VLAN 1 is 32769 (32768+1). Copyright@ CTTC

20

Enabling RSTP: Switch-1(config)#spanning-tree mode rapid-pvst Note: The above command will be issued on all the switches of the network.

Verify RSTP: Switch-1#show spanning-tree VLAN0001

Spanning tree enabled protocol rstp Root ID

Bridge ID

Priority 32769 Address 0002.16EE.8B7E This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 0002.16EE.8B7E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20

Changing Switch-2 to Root Bridge: Switch-2(config)#spanning-tree vlan 1 priority 4096 Note:  Priority must be in the multiple 4096.  To change the root bridge, you can also use the following command: Switch-2(config)#spanning-tree vlan 1 root primary

Verify Switch-2 as Root Bridge: Switch-2#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 000C.CF21.CBC1 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 000C.CF21.CBC1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20

Copyright@ CTTC

21

Enabling Portfast feature on all switches: Switch-1(config)#spanning-tree portfast default Note: Above command will be issued to all the switches in the network. By enabling portfast feature on all the switches, will disable the STP process on all non-trunk ports. It will cause to take less time to change the state to up on all non-trunking ports. To verify this feature, connect a PC to the switch and the port will be up within 5 seconds.

Copyright@ CTTC

22

Etherchannel Configuration:

Configuring Switch-1: Switch-1(config)#interface range fa0/1 - 2 Switch-1(config-if-range)#channel-group 1 mode on Switch-1(config-if-range)#exit Switch-1(config)#interface port-channel 1 Switch-1(config-if)#switchport mode trunk

Configuring Switch-2: Switch-2(config)#interface range fa0/1 - 2 Switch-2(config-if-range)#channel-group 1 mode on Switch-2(config-if-range)#exit Switch-2(config)#interface port-channel 1 Switch-2(config-if)#switchport mode trunk

Verify Etherchannel: Switch-1#show etherchannel summary …… Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports --------+-----------------+------------+------------------------1 Po1(SU) Fa0/1(P) Fa0/2(P)

Copyright@ CTTC

23

LAB:InterVLAN Routing (IVR): Objective: To Create Vlans &to show Routing B/W the Vlans

Configuring Switch: Switch(config)#vlan 10 Switch(config-vlan)#name HR Switch(config-vlan)#vlan 20 Switch(config-vlan)#name Sales Switch(config-vlan)#exit Switch(config)#interface fa0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config-if)#exit Switch(config)#interface fa0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config-if)#exit Switch(config)#interface fa0/3 Switch(config-if)#switchport mode trunk

Copyright@ CTTC

24

Configuring Router: Router(config)#interface fa0/0 Router(config-if)#no shutdown Router(config-if)#exit

Creating sub-interface for VLAN 10 on router: Router(config)#interface fa0/0.10 Router(config-subif)#encapsulation dot1Q 10 Router(config-subif)#ip address 10.0.0.100 255.0.0.0 Router(config-subif)#exit

Creating sub-interface for VLAN 20 on router: Router(config)#interface fa0/0.20 Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip address 20.0.0.100 255.0.0.0 Router(config-subif)#exit

Configuring IP on PC:

Copyright@ CTTC

25

Verify InterVLAN Routing:

Copyright@ CTTC

26

LAB: Static Routing: Objective: To Implement Stating Routing in IPversion 4

Configuring R1: R1(config)#interface fa0/0 R1(config-if)#ip address 10.0.0.100 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface s0/1/0 R1(config-if)#ip address 192.168.1.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R2(config-if)#exit Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to this.

Configuring R2: R2(config)#interface fa0/0 R2(config-if)#ip address 20.0.0.100 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface s0/1/0 R2(config-if)#ip address 192.168.1.2 255.255.255.252 R2(config-if)#no shutdown R2(config-if)#exit Adding static route on R1 for network 20.0.0.0: R1(config)#ip route 20.0.0.0 255.255.255.0 s0/1/0 Adding static route on R2 for network 10.0.0.0: R2(config)#ip route 10.0.0.0 255.255.255.0 192.168.1.1

Copyright@ CTTC

27

Note: When configuring the static route on router R1 we used the local interface of the router R1 i.e s0/1/0, whereas, when configuring router R2 we use the next hop address as Forwarding router's address.

Verify the routes on Router R1: R1#show ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets S 20.0.0.0 is directly connected, Serial0/1/0 192.168.1.0/30 is subnetted, 1 subnets

C 192.168.1.0 is directly connected, Serial0/1/0

Verify the routes on Router R2: R2#show ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets S 10.0.0.0 [1/0] via 192.168.1.1 20.0.0.0/24 is subnetted, 1 subnets

C 20.0.0.0 is directly connected, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/1/0

Copyright@ CTTC

28

Verifying the ping reply from PC-2 to PC-1:

Copyright@ CTTC

29

LAB: Enhanced Interior Gateway Routing Protocol (EIGRP): Objective: To Implement EIGRP in IP version 4

Configuring R1: R1(config)#interface fa0/0 R1(config-if)#ip address 10.0.0.100 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface s0/1/0 R1(config-if)#ip address 192.168.1.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R2(config-if)#exit Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to this.

Configuring R2: R2(config)#interface fa0/0 R2(config-if)#ip address 20.0.0.100 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface s0/1/0 R2(config-if)#ip address 192.168.1.2 255.255.255.252 R2(config-if)#no shutdown R2(config-if)#exit

Copyright@ CTTC

30

Adding networks for EIGRP on Router R1: R1(config)#router eigrp 100 R1(config-router)#network 10.0.0.0 R1(config-router)#network 192.168.1.0 R1(config-router)#no auto-summary R1(config-router)#exit Note: All directly connected networks will be issued in the router eigrp mode. Autonomous System number must be same on all the routers in the network.

Adding networks for EIGRP on Router R2: R1(config)#router eigrp 100 R1(config-router)#network 20.0.0.0 R1(config-router)#network 192.168.1.0 R1(config-router)#no auto-summary R1(config-router)#exit

Verify the routes on Router R1: R1#show ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets D 20.0.0.0 [90/2172416] via 192.168.1.2, 00:00:16, Serial0/1/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/1/0

Verify the routes on Router R2: R2#sh ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets D 10.0.0.0 [90/2172416] via 192.168.1.1, 00:00:05, Serial0/1/0 20.0.0.0/24 is subnetted, 1 subnets C 20.0.0.0 is directly connected, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/1/0

Copyright@ CTTC

31

Verifying neighbors for R1: R1#sh ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Seq (sec) Num 0 192.168.1.2 Se0/1/0 11

Uptime

SRTT RTO Q

(ms)

Cnt

0:02:05

40

1000

0

Uptime

SRTT RTO

Q

3

Verifying neighbors for R2: R2#sh ip eigrp neighbors R2#sh ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Seq Num (sec) 0

192.168.1.1

Se0/1/0

13

(ms) 00:03:15

Cnt 40

1000

0

Note: To verify the currently enabled routing protocols, use the following command:  R1#show ip protocols To view all the routes that has been calculated by EIGRP, use the following command: 

R1#show ip eigrp topology.

Copyright@ CTTC

3

32

LAB: Open Shortest Path First (OSPF): Objective: To Implement OSPF in IP version 4

Configuring R1: R1(config)#interface fa0/0 R1(config-if)#ip address 10.0.0.100 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface s0/1/0 R1(config-if)#ip address 192.168.1.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R2(config-if)#exit Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to this.

Configuring R2: R2(config)#interface fa0/0 R2(config-if)#ip address 20.0.0.100 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface s0/1/0 R2(config-if)#ip address 192.168.2.2 255.255.255.252 R2(config-if)#no shutdown R2(config-if)#exit

Copyright@ CTTC

33

Configuring Central Router (ABR): ABR(config)#int s0/1/0 ABR(config-if)#ip add ABR(config-if)#ip address 192.168.1.2 255.255.255.252 ABR(config-if)#no shutdown ABR(config-if)#exit ABR(config)#int s0/1/1 ABR(config-if)#ip address 192.168.2.1 255.255.255.252 ABR(config-if)#clock rate 64000 ABR(config-if)#no shutdown ABR(config-if)#exit

Adding networks for OSPF on Router R1 as Area 0 (Backbone Area): R1(config)#router ospf 10 R1(config-router)#network 10.0.0.0 0.0.0.255 area 0 R1(config-router)#network 192.168.1.0 0.0.0.3 area 0 R1(config-router)#exit

Adding networks for OSPF on Router R2 as Area 1 (Regular Area): R2(config)#router ospf 20 R2(config-router)#network 20.0.0.0 0.0.0.255 area 1 R2(config-router)#network 192.168.2.0 0.0.0.3 area 1 R2(config-router)#exit

Adding networks for OSPF on Router ABR as Area 0 and Area 1: ABR(config)#router ospf 50 ABR(config-router)#network 192.168.1.0 0.0.0.3 area 0 ABR(config-router)#network 192.168.2.0 0.0.0.3 area 1 ABR(config-router)#exit

Verify the routes on Router R1: R1#show ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets O IA 20.0.0.0 [110/129] via 192.168.1.2, 00:09:19, Serial0/1/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/1/0 192.168.2.0/30 is subnetted, 1 subnets O IA 192.168.2.0 [110/128] via 192.168.1.2, 00:09:19, Serial0/1/0

Copyright@ CTTC

34

Verify the routes on Router R2: R2#show ip route: Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets O IA 10.0.0.0 [110/129] via 192.168.2.1, 00:11:48, Serial0/1/0 20.0.0.0/24 is subnetted, 1 subnets C 20.0.0.0 is directly connected, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets O IA 192.168.1.0 [110/128] via 192.168.2.1, 00:11:48, Serial0/1/0 192.1 68.2.0/30 is subnetted, 1 subnets C 192.168.2.0 is directly connected, Serial0/1/0

Verify the routes on Router ABR: ABR#show ip route: Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets O 10.0.0.0 [110/65] via 192.168.1.1, 00:13:30, Serial0/1/0 20.0.0.0/24 is subnetted, 1 subnets O 20.0.0.0 [110/65] via 192.168.2.2, 00:13:11, Serial0/1/1 192.168.1.0/30 is subnetted, 1 subnets

C

192.168.1.0 is directly connected, Serial0/1/0 192.168.2.0/30 is subnetted, 1 subnets 92.168.2.0 is directly connected, Serial0/1/1

C1

Note: More commands to verify OSPF:  

R1#show ip ospf neighbor R1#show ip ospf database

Copyright@ CTTC

35

LAB: Hot Standby Router Protocol (HSRP): Objective: How to show Redundancy by using HSRP

Configuring WAN-RT: WAN-RT(config)#interface Loopback0 WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/0 WAN-RT(config-if)#ip address 172.16.2.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/1 WAN-RT(config-if)#ip address 172.16.1.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#router rip WAN-RT(config-router)#version 2 WAN-RT(config-router)#network 172.16.0.0 WAN-RT(config-router)#network 200.0.0.0 WAN-RT(config-router)#no auto-summary WAN-RT(config-router)#exit

Copyright@ CTTC

36

Configuring Master-RT: Master-RT(config)#interface FastEthernet0/0 Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0 Master-RT(config-if)#standby 1 ip 10.0.0.100 Master-RT(config-if)#standby 1 priority 110 Master-RT(config-if)#standby 1 preempt Master-RT(config-if)#standby 1 track FastEthernet0/1 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit

Master-RT(config-if) Master-RT(config )#interface FastEthernet0/1 Master-RT(config-if)#ip address 172.16.1.2 255.255.255.0 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit Master-RT(config)#router rip Master-RT(config-router)#version 2 Master-RT(config-router)#network 10.0.0.0 Master-RT(config-router)#network 172.16.0.0 Master-RT(config-router)#no auto-summary

Configuring Backup-RT: Backup-RT(config)#interface FastEthernet0/0 Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0 Backup-RT(config-if)#standby 1 ip 10.0.0.100 Backup-RT(config-if)#standby 1 priority 95 Backup-RT(config-if)#standby 1 preempt Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#interface FastEthernet0/1 Backup-RT(config-if)#ip address 172.16.2.2 255.255.255.0 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#router rip Backup-RT(config-router)#version 2 Backup-RT(config-router)#network 10.0.0.0 Backup-RT(config-router)#network 172.16.0.0 Backup-RT(config-router)#no auto-summary

Copyright@ CTTC

37

Verify Master-RT: Master-RT#show standby

Note: When the network is perfectly up, Master-RT must be in Active State. If FastEthernet port of Master-RT gone down then Backup-RT will become active. Now check Backup-RT when the Fa0/1 of Master-RT is down

Copyright@ CTTC

38

Verify Backup-RT when Fa0/1 of Master-RT is down: Backup-RT#show standby

Copyright@ CTTC

39

LAB: Virtual Router Redundancy Protocol(VRRP) Objective: How to show Redundancy by using VRRP

Configuring WAN-RT: WAN-RT(config)#interface Loopback0 WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/0 WAN-RT(config-if)#ip address 172.16.2.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/1 WAN-RT(config-if)#ip address 172.16.1.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#router rip WAN-RT(config-router)#version 2 WAN-RT(config-router)#network 172.16.0.0 WAN-RT(config-router)#network 200.0.0.0 WAN-RT(config-router)#no auto-summary WAN-RT(config-router)#exit

Copyright@ CTTC

40

Configuring Master-RT: Master-RT(config)#interface FastEthernet0/0 Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0 Master-RT(config-if)#vrrp 1 ip 10.0.0.100 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit Master-RT(config-if) Master-RT(config )#interface FastEthernet0/1 Master-RT(config-if)#ip address 172.16.1.2 255.255.255.0 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit Master-RT(config)#router rip Master-RT(config-router)#version 2 Master-RT(config-router)#network 10.0.0.0 Master-RT(config-router)#network 172.16.0.0 Master-RT(config-router)#no auto-summary Configuring Backup-RT: Backup-RT(config)#interface FastEthernet0/0 Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0 Backup-RT(config-if)#vrrp 1 ip 10.0.0.100 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#interface FastEthernet0/1 Backup-RT(config-if)#ip address 172.16.2.2 255.255.255.0 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#router rip Backup-RT(config-router)#version 2 Backup-RT(config-router)#network 10.0.0.0 Backup-RT(config-router)#network 172.16.0.0 Backup-RT(config-router)#no auto-summary

Copyright@ CTTC

41

Verify Master-RT: Master-RT# show VRRP

Note: When the network is perfectly up, Master-RT must be in Active State. If FastEthernet port of Master-RT gone down then Backup-RT will become active. Now check Backup-RT when the Fa0/1 of Master-RT is down

Verify Backup-RT when Fa0/1 of Master-RT is down: Backup-RT#show VRRP

Copyright@ CTTC

42

LAB: Gateway Load Balancing Protocol Objective: How to show Redundancy by using GLBP

Configuring WAN-RT: WAN-RT(config)#interface Loopback0 WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/0 WAN-RT(config-if)#ip address 172.16.2.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#interface FastEthernet0/1 WAN-RT(config-if)#ip address 172.16.1.1 255.255.255.0 WAN-RT(config-if)#no shutdown WAN-RT(config-if)#exit WAN-RT(config)#router rip WAN-RT(config-router)#version 2 WAN-RT(config-router)#network 172.16.0.0 WAN-RT(config-router)#network 200.0.0.0 WAN-RT(config-router)#no auto-summary WAN-RT(config-router)#exit

Copyright@ CTTC

43

Configuring Master-RT: Master-RT(config)#interface FastEthernet0/0 Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0 Master-RT(config-if)#glbp 1 ip 10.0.0.100 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit

Master-RT(config-if) Master-RT(config )#interface FastEthernet0/1 Master-RT(config-if)#ip address 172.16.1.2 255.255.255.0 Master-RT(config-if)#no shutdown Master-RT(config-if)#exit Master-RT(config)#router rip Master-RT(config-router)#version 2 Master-RT(config-router)#network 10.0.0.0 Master-RT(config-router)#network 172.16.0.0 Master-RT(config-router)#no auto-summary

Configuring Backup-RT: Backup-RT(config)#interface FastEthernet0/0 Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0 Backup-RT(config-if)#glbp 1 ip 10.0.0.100 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#interface FastEthernet0/1 Backup-RT(config-if)#ip address 172.16.2.2 255.255.255.0 Backup-RT(config-if)#no shutdown Backup-RT(config-if)#exit Backup-RT(config)#router rip Backup-RT(config-router)#version 2 Backup-RT(config-router)#network 10.0.0.0 Backup-RT(config-router)#network 172.16.0.0 Backup-RT(config-router)#no auto-summary

Copyright@ CTTC

44

Verify Master-RT: Master-RT# show GLBP

Copyright@ CTTC

45

Verify Backup-RT when Fa0/1 of Master-RT is down: Backup-RT#show GLBP

Copyright@ CTTC

46

LAB: How to Configure IPv6 on CISCO Router Objective: To Implement IP Version 6 on Routers

Configure R1’s interface S1/0 with ipv6 address R1(config)#ipv6 unicast-routing R1(config)#interface serial 1/0 R1(config-if)#ipv6 address 2001:abad:beef:1::1/64 R1(config-if)#no shutdown R2(config)#ipv6 unicast-routing R2(config)#interface serial 1/0 R2(config-if)#ipv6 address 2001:abad:beef:1::2/64 R2(config-if)#no shutdown

Verify IPv6 address: R1#show ipv6 interface

Copyright@ CTTC

47

Verify IPv6 communication between R2 and R1 using ping:

Copyright@ CTTC

48

LAB: Configuring IPv6 Auto configures Objective: To Show How Routers Acquire The Ipv6 Address Automatically

Configuring R1#: R1(config)#ipv6 unicast-routing R1(config)#int fa0/0 R1(config-if)#ipv6 address 2001:abad:5001:1::1/64 R1(config-if)#ipv6 nd prefix 2001:abad:5001:1::/64 R1(config-if)#no shutdown

Configuring R2#: R2(config)#ipv6 unicast-routing R2(config)#int fa0/0 R2(config-if)#ipv6 address autoconfig R2(config-if)#no shutdown R2(config-if)#exit

Configuring R3#: R3(config)#ipv6 unicast-routing R3(config)#int fa0/0 R3(config-if)#ipv6 address autoconfig R3(config-if)#no shutdown R3(config-if)#end

Copyright@ CTTC

49

Verify Autoconfigure IPv6 on R2’s interface Fa0/0:

Copyright@ CTTC

50

LAB: Configure RIPng on Router: Background: In this configuration example, routers R1 and R2 are connected via Serial interface and Loopback addresses are configured to generate networks. All the interfaces are configured with the IPv6 addresses.

Configure on R1: R1(config)#ipv6 unicast-routing R1(config)#int s1/0 R1(config-if)#ipv6 address 2001:abad:5001:1::1/64 R1(config-if)#ipv6 rip cttc enable R1(config-if)#no shutdown R1(config-if)#exit R1(config)#int Loopback 10 R1(config-if)#ipv6 address 1:1:1:1::1/64 R1(config-if)#ipv6 rip cttc enable R1(config-if)#no shutdown R1(config-if)#exit R1(config)#int Loopback 20 R1(config-if)#ipv6 address 1:1:1:2::1/64 R1(config-if)#ipv6 rip cttc enable R1(config-if)#no shutdown R1(config-if)#exit

Copyright@ CTTC

51

Configure on R2: R2(config)#ipv6 unicast-routing R2(config)#int s1/0 R2(config-if)#ipv6 address 2001:abad:5001:1::2/64 R2(config-if)#ipv6 rip cttc enable R2(config-if)#no shutdown R2(config-if)#exit R2(config)#int Loopback 0 R2(config-if)#ipv6 address 2:2:2:2::1/64 R2(config-if)#ipv6 rip cttc enable R2(config-if)#no shutdown R2(config-if)#exit R2(config)#int Loopback 1 R2(config-if)#ipv6 address 2:2:2:1::1/64 R2(config-if)#ipv6 rip cttc enable R2(config-if)#no shutdown R2(config-if)#exit Note: In the syntax cttc specified the Process, you can run multiple processes on a Route

Copyright@ CTTC

52

Verify RIPng Routes: R1#show ipv6 route

Copyright@ CTTC

53

Verify information about the current IPv6 RIP process

Verify the reachability between the routers R1 and R2, use the ping command:

Copyright@ CTTC

54

LAB: Configuring OSPF V.3.0 OBJECTIVE: TO IMPLEMENT OSPF ROUTING PROTOCOL IN IPV6

Configure R1: R1(confg)#ipv6 unicast-routing R1(config)#int s1/0 R1(config-if)#ipv6 address 2001:abad:5001:1::1/64 R1(config-if)#no shutdown R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#exit R1(config)#int Loopback 10 R1(config-if)#ipv6 address 1:1:1:1::1/64 R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#int Loopback 20 R1(config-if)#ipv6 address 1:1:1:2::1/64 R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#ipv6 router ospf 1 R1(config-rtr)#router-id 1.1.1.1 R1(config-if)#exit

Copyright@ CTTC

55

Configuring R2: R2(confg)#ipv6 unicast-routing R2(config)#int s1/0 R2(config-if)#ipv6 address 2001:abad:5001:1::2/64 R2(config-if)#no shutdown R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#exit R2(config)#int Loopback 0 R2(config-if)#ipv6 address 2:2:2:2::1/64 R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#int Loopback 1 R2(config-if)#ipv6 address 2:2:2:1::1/64 R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#ipv6 router ospf 1 R2(config-rtr)#router-id 2.2.2.2 R2(config-rtr)#exit Configure R1′s Loopback 10, 20 and R2’s Loopback 0, 1 interface to participate in OSPF Area 0 and ensure that R1 & R2 advertises Lo0 as a /64 subnet and not a host route (/128). Note: Loopback interfaces have their own OSPF network type in which case OSPF advertises a host route to the loopback interface and not the configure subnet mask. To change OSPF to advertise the subnet assigned to the loopback interface you’ll need to change the network type to point-to-point as shown below:

For R1: R1(config)#interface loopback 10 R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#ipv6 ospf network point-to-point R1(config-if)#exit R1(config)#interface loopback 20 R1(config-if)#ipv6 ospf 1 area 0 R1(config-if)#ipv6 ospf network point-to-point R1(config-if)#exit

Copyright@ CTTC

56

For R2: R2(config)#interface loopback 0 R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#ipv6 ospf network point-to-point R2(config-if)#exit R2(config)#interface loopback 1 R2(config-if)#ipv6 ospf 1 area 0 R2(config-if)#ipv6 ospf network point-to-point R2(config-if)#exit

Verify R1′s Loopback0 network is in the IPv6 routing table of R2: R1#show ipv6 route ospf

Copyright@ CTTC

57

Verify R1′s Loopback10 network has IPv6 connectivity to R2′s Loopback0 network using PING:

Copyright@ CTTC

58

LAB: Configuring EIGRP OBJECTIVE: TO Implement EIGRP in IPV6

Configure R1: R1(config)#ipv6 unicast-routing R1(config)#int s1/0 R1(config-if)#ipv6 address 2001:abad:5001:1::1/64 R1(config-if)#no shutdown R1(config-if)#ipv6 eigrp 100 R1(config-if)#exit R1(config)#ipv6 router eigrp 100 R1(config-rtr)#eigrp router-id 1.1.1.1 R1(config-rtr)#exit R1(config)#int Loopback 10 R1(config-if)#ipv6 address 1:1:1:1::1/64 R1(config-if)#no shutdown R1(config-if)#ipv6 eigrp 100 R1(config-rtr)#exit R1(config)#int loopback 20 R1(config-if)#ipv6 address 1:1:1:2::1/64 R1(config-if)#no shutdown R1(config-if)#ipv6 eigrp 100 R1(config-if)#exit

Copyright@ CTTC

59

Configure R2: R2(config)#ipv6 unicast-routing R2(config)#int s1/0 R2(config-if)#ipv6 address 2001:abad:5001:1::2/64 R2(config-if)#no shutdown R2(config-if)#ipv6 eigrp 100 R2(config-if)#exit R2(config)#ipv6 router eigrp 100 R2(config-rtr)#eigrp router-id 2.2.2.2 R2(config-rtr)#exit R2(config)#int Loopback 0 R2(config-if)#ipv6 address 2:2:2:2::1/64 R2(config-if)#no shutdown R2(config-if)#ipv6 eigrp 100 R2(config-rtr)#exit R2(config)#int Loopback 1 R2(config-if)#ipv6 address 2:2:2:1::1/64 R2(config-if)#no shutdown R2(config-if)#ipv6 eigrp 100 R2(config-if)#exit

Copyright@ CTTC

60

Verify R1′s Loopback0 network is in the IPv6 routing table of R2: R1#show ipv6 route eigrp:

Copyright@ CTTC

61

LAB: WAN Encapsulation OBJECTIVE: To Implement authentication method and encapsulation used for WAN

Configuring R1: R1(config)#int s0/3/0 R1(config-if)#ip address 192.168.1.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#encapsulation ppp R1(config-if)#ppp authentication chap pap R1(config-if)#no shutdown R1(config-if)#exit R1(config)#username R2 password cisco

Configuring R2: R2(config)#int s0/3/0 R2(config-if)#ip address 192.168.1.2 255.255.255.252 R2(config-if)#encapsulation ppp R2(config-if)#ppp authentication chap pap R2(config-if)#no shutdown R2(config-if)#exit R2(config)#username R1 password cisco Note: Username R2 must be created on Router R1 and username R1 must be created on Router R2, where usernames R1 and R2 are the hostname of their respective Routers. Passwords on both the routers must be same.

Copyright@ CTTC

62

Verify point-to-point connectivity: R1#ping 192.168.1.2

Copyright@ CTTC

63

LAB:Frame Relay OBJECTIVE: To Show How Router Connects With Each Other Over Cloud Using Frame Relay

Configuring R1: R1(config)#int s0/3/0 R1(config-if)#no shutdown R1(config-if)#encapsulation frame-relay R1(config-if)#exit R1(config)#interface s0/3/0.122 point-to-point R1(config-subif)#ip address 10.1.2.1 255.255.255.0 R1(config-subif)#frame-relay interface-dlci 122 R1(config-subif)#exit R1(config)#interface s0/3/0.123 point-to-point R1(config-subif)#ip address 10.1.3.1 255.255.255.0 R1(config-subif)#frame-relay interface-dlci 123 R1(config-subif)#exit R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-router)#network 10.1.2.0 R1(config-router)#network 10.1.3.0 R1(config-router)#exit

Copyright@ CTTC

64

Configuring R2: R2(config)#int s0/3/0 R2(config-if)#ip address 10.1.2.2 255.255.255.0 R2(config-if)#encapsulation frame-relay R2(config-if)#frame-relay interface-dlci 221 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto-summary R2(config-router)#network 10.1.2.0

Configuring R3: R3(config)#int s0/3/0 R3(config-if)#ip address 10.1.3.2 255.255.255.0 R3(config-if)#encapsulation frame-relay R3(config-if)#frame-relay interface-dlci 321 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#router rip R3(config-router)#version 2 R3(config-router)#no auto-summary R3(config-router)#network 10.1.3.0 R3(config-router)#exit

Copyright@ CTTC

65

Configuring WAN Emulation Cloud:

Note: Click on WAN cloud then click on Config tab. You will see all the interfaces on the left hand side. Now click on Serial0 button and add the DLCI value and Name as shown above and press ―Add‖ button. Serial0 is linked to two DLCI value, therefore both the DLCI values must be added. Now repeat the same procedure for Serial1 and Serial2.

Copyright@ CTTC

66

Configuring Frame Relay:

Note: Now click on ―Frame Relay‖ button and map the DLCI accordingly as shown above and press the ―Add‖ button. You can now verify the connectivity by sending ping packets as follows.

On Router R1: R1#ping 10.1.2.2 R1#ping 10.1.3.2

On Router R2: R2#ping 10.1.3.2

On Router R3: R3#ping 10.1.2.2

Copyright@ CTTC

67

LAB: Configuring DHCP on Cisco ROUTER OBJECTIVE: To Configure DHCP in Order To Show How a Client Can Be Assigned IP Address Automatically

Configuring Router R1: R1(config)#interface fa0/0 R1(config-if)#ip address 192.168.1.1 R1(config-if)#no shutdown R1(config-if)#exit Configuring the DHCP pool: R1(config)#ip dhcp pool cttc-pool R1(dhcp-config)#network 192.168.1.0 255.255.255.0 R1(dhcp-config)#default-router 192.168.1.1 R1(dhcp-config)#exit R1(config)#ip dhcp exclude-address 192.168.1.1 192.168.1.5 R1(config)#end

Copyright@ CTTC

68

Verify DHCP Binding: R1#show ip dhcp binding

Copyright@ CTTC

69

Configuring PC:

Copyright@ CTTC

70

LAB: Standard ACL OBJECTIVE: To Implement Standard ACL in Order To Show How It Does the Filtration Based On Source Address

Copyright@ CTTC

71

Configuration on R1 Router>enable Router#configure t Router(config)#interface f0/0 Router(config-if)#ip address 10.0.0.100 255.255.255.0 Router(config-if)#no shutdown Router(config)#interface f0/1 Router(config-if)#ip add Router(config-if)#ip address 172.16.1.1 255.255.255.0 Router(config-if)#no sh Router(config-if)#no shutdown Router(config-if)#ex

Ping from Pc0 to Pc 1

Router(config)#access-list 50 deny host 10.0.0.1 Router(config)#int f0/0 Router(config-if)#ip access-group 50 in Router(config-if)#ex

Copyright@ CTTC

72

Ping after applying Acl

Copyright@ CTTC

73

LAB: Extended ACL OBJECTIVE: To show How Extended ACL Works by Filtration Based on Source and Destination Address

Copyright@ CTTC

74

Configuration on R0 Router>enable Router#configure t Router(config)#interface f0/0 Router(config-if)#ip address 172.16.1.1 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface f0/1 Router(config-if)#ip address 10.0.0.100 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#ex Router(config)#access-list 100 permit tcp host 10.0.0.1 host 200.1.1.1 eq 80 Router(config)#access-list 100 deny tcp host 10.0.0.2 host 200.1.1.1 eq www Router(config)#access-list 100 permit ip 10.0.0.0 0.0.0.255 any Router(config)#access-list 100 permit ip any any Router(config)#interface f0/0 Router(config-if)#ip access-group 100 out Router(config-if)#ex Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0

Configuration on R1 Router>enable Router#configure t Router(config)#interface f0/0 Router(config-if)#ip address 172.16.1.2 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface f0/1 Router(config-if)#ip address 200.1.1.100 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#ex Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0

Copyright@ CTTC

75

LAB: Static NAT Objective: To Show Static Translation from Public Ip Address to Private Ip Address by Implementing Static Nat

Configuration R0 Router#configure terminal Router(config)#ip nat inside source static 10.0.0.1 172.16.1.3 Router(config)#interface f0/0 Router(config-if)#ip nat outside Router(config-if)#ex Router(config)#interface f0/1 Router(config-if)#ip nat inside Router(config-if)#ex

Copyright@ CTTC

76

Ping from pc 1 to server 1 after that run the show command Router(config)#do sh ip nat translation Pro Inside global Inside local Outside local icmp 172.16.1.3:1 10.0.0.1:1 200.1.1.1:1 icmp 172.16.1.3:2 10.0.0.1:2 200.1.1.1:2 icmp 172.16.1.3:3 10.0.0.1:3 200.1.1.1:3 icmp 172.16.1.3:4 10.0.0.1:4 200.1.1.1:4 icmp 172.16.1.3:5 10.0.0.1:5 200.1.1.1:5 icmp 172.16.1.3:6 10.0.0.1:6 200.1.1.1:6 icmp 172.16.1.3:7 10.0.0.1:7 200.1.1.1:7 icmp 172.16.1.3:8 10.0.0.1:8 200.1.1.1:8 --- 172.16.1.3 10.0.0.1 -----

Copyright@ CTTC

Outside global 200.1.1.1:1 200.1.1.1:2 200.1.1.1:3 200.1.1.1:4 200.1.1.1:5 200.1.1.1:6 200.1.1.1:7 200.1.1.1:8

77

LAB: Dynamic NAT Objective: To Show Dynamic Translation from Public Ip Address to Private Ip Address by Implementing Dynamic Nat

Router(config)#ip nat pool abc 172.16.1.3 172.16.1.4 netmask 255.255.255.0 Router(config)#ip nat inside source list 10 pool abc Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255 Router(config)#interface f0/0 Router(config-if)#ip access-group 10 out

Ping from Pc1 & from Pc2 but not from Pc3 Router# show ip nat translations Pro Inside global Inside local Outside local Outside global tcp 172.16.1.3:1025 10.0.0.1:1025 200.1.1.1:80 200.1.1.1:80 tcp 172.16.1.4:1025 10.0.0.2:1025 200.1.1.1:80 200.1.1.1:80

Copyright@ CTTC

78

LAB: PAT Objective: To Show Translation from One Public Ip Address to Many Private Ip Address by Implementing Pat

Configuration on R1 Router(config)#ip nat pool abc 172.16.1.3 172.16.1.3 netmask 255.255.255.0 Router(config)#ip nat inside source list 10 pool abc overload Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255 Router(config)#interface f0/1 Router(config-if)#ip nat inside Router(config-if)#ex Router(config)#interface f0/0 Router(config-if)#ip nat outside Router(config-if)#ex Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0

Copyright@ CTTC

79

Ping 200.1.1.1 and then check the router translation Router(config)#do sh ip nat translation Pro Inside global Inside local Outside local Outside global icmp 172.16.1.3:5 10.0.0.1:5 200.1.1.1:5 200.1.1.1:5 icmp 172.16.1.3:6 10.0.0.1:6 200.1.1.1:6 200.1.1.1:6 icmp 172.16.1.3:7 10.0.0.1:7 200.1.1.1:7 200.1.1.1:7 icmp 172.16.1.3:8 10.0.0.1:8 200.1.1.1:8 200.1.1.1:8

Copyright@ CTTC

80

LAB:Trouble shooting of EIGRP

Configuration on R1 Router>enable Router#configure terminal Router(config)# interface s0/3/0 Router(config-if)#ip address 10.0.0.1 255.255.255.0 Router(config-if)#clock rate 64000 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface loopback 0 Router(config-if)#ip address 1.1.1.1 255.255.255.0 Router(config-if)#exit Router(config)#router eigrp 9 Router(config-router)#no auto-summary Router(config-router)#network 10.0.0.0 Router(config-router)#network 1.1.1.0 Router(config-router)#exit

Configuration on R2 Router>enable Router#configure terminal Router(config)#interface s0/3/0 Router(config-if)#ip address 10.0.0.2 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface loopback 0 Router(config-if)#ip address 2.2.2.2 255.255.255.0 Router(config-if)#exit Router(config)#router eigrp 100 Router(config-router)#network 10.0.0.0 Router(config-router)#network 2.2.2.0 Router(config-router)#no auto-summary Router(config-router)#exit

Copyright@ CTTC

81

After perform routing there is no ping from Router 1 to loopback 2.2.2.2, Basically the reason is that , Router 1 have the A.S number is 10 and Router 2 have A.S no: 9, that’s why there is no ping. Now I have to change the A.S no: of R2.

Copyright@ CTTC

82

LAB:SYSLOG OBJECTIVE: To Implement Syslog and to Show The Output it Generates On the Syslog Server

Configuration on Router Router>enable Router#conf t Router(config)#int fa0/0 Router(config-if)#ip address 10.0.0.1 255.0.0.0 Router(config-if)#no shut Router(config-if)#exit Router(config)#int fa0/1 Router(config-if)#ip address 20.0.0.1 255.0.0.0 Router(config-if)#no shut Router(config)#service timestamps log datetime msec Router(config)#logging host 20.0.0.2 Router(config)#logging trap debugging Router(config)#end *Mar 01, 00:04:47.044: *Mar 01, 00:04:47.044: %SYS-5-CONFIG_I: Configured from console by console Enter configuration commands, one per line. End with CNTL/Z.

Copyright@ CTTC

83

In order to generate the log do some configuration as below. Router(config)#router eigrp 10 Router(config-router)#exit Router(config)#int fa0/0 Router(config-if)#shutdown *Mar 01, 00:05:50.055: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down *Mar 01, 00:05:50.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down Router(config-if)#no shutdown Router(config-if)# *Mar 01, 00:05:52.055: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up *Mar 01, 00:05:52.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Now click the server to see the syslog messages.

Copyright@ CTTC

84

Copyright@ CTTC

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF