Você está na página 1de 84

2

Copyright
CTTC Professional Development Program.
CCNA Lab Manual (200-120)
Copyright@ CTTC
Published By
CTTC
45-M, Block-6 P.E.C.H.S Karachi-75400 Pakistan.
All rights reserved. No part of this manual may be reproduced or transmitted in any form
or by any means, electronic or mechanical, including photocopying, recording and
information storage or retrieval system without written permission from the publisher,
except for the inclusion of quotation in a review.
Warning and Disclaimer
This manual is designed to provide information about CCNA (200-120). Every effort
Has been made to make this manual as complete and accurate as possible, but no warranty
of fitness is implied.
The information is provided on as basis and CTTC shall have neither
liability nor responsibility to any person or entity with respect to any loss or damage
Arising from the information contained in this manual.
Authors
Mr. Muddasar Sharif
(Network Engineer)
Mr. Tharpal Das
(Associate Network Engineer)
Reviewed By
Mr. Ahmed Saeed
(Head of Department-Cisco Division)

Copyright@ CTTC

Table of Contents
Topics

page#

Basic Network Using CISCO Switch

Accessing Console of the Switch/Router


Modes of CLI
How to Set Hostname and Configure Console Password
How to Set Privilege level password
How to Set User Authentication in Switch
Password Recovery
How to Set Telnet password
How to Enable the Device to Establish Telnet/SSH Session
Configuring SSH

7
8
9
10
10
12
13
13
13

SWITHCING
VLAN Configuration
Port security
Rapid Spanning Tree Protocol (RSTP)
Ether channel Configuration
Inter VLAN Routing (IVR)

15
17
20
23

ROUTING
Static Routing
Enhanced Interior Gateway Routing Protocol (EIGRP)
Open Shortest Path First (OSPF)

27
30
33

First Hop Redundancy Protocols


Hot Standby Router Protocol (HSRP)
Virtual Router Redundancy Protocol(VRRP)
Gateway Load balancing Protocol (GLBP)

36
40
43

IPV6
How to Configure IPv6 on CISCO Router
Configuring IPv6 Auto configures
Configure RIP ng on Router
Configuring OSPF V3
Configuring EIGRP

Copyright@ CTTC

47
49
51
55
59

WAN Encapsulation
Frame Relay
Configuring DHCP

62
64
68

ACCESS LIST & N.A.T


Standard Acl
Extended Acl
Static Nat
Dynamic Nat
Pat

71
74
76
78

TROUBLESHOOTING OF EIGRP

81

SYSLOG

83

Copyright@ CTTC

LAB: Basic Network Using CISCO Switch


OBJECTIVE: To configure a cisco switch with basic configuration
Accessing Console of the Switch/Router

Accessing Console of the Switch/Router


Modes of CLI
How to Set Hostname and Configure Console Password
How to Set Privilege level password
How to Set User Authentication in Switch
How to Set Telnet password
How to Enable The Device to Establish Telnet/SSH Session
Configuring SSH

Copyright@ CTTC

Topology

PC-1 is directly connected to switch with ip address 192.168.1.1


PC-2 is directly connected to switch with ip address 192.168.1.2
Switch being the intermediate device provide the communication path to both
PCs.
Note: Both the PCs must be on the same network.

Accessing Console of the Switch/Router

Copyright@ CTTC

RJ-45 to DB-9 adapter is used on the PC (COM port) to the device console
Port through a roll-over cable.
Hyper Terminal is used to access the Command Line Interface (CLI) of the
Device.
(Start --MenuProgramsAccessoriesCommunications--Hyper
Terminal)

Switch Console
Modes of CLI:

User-exec mode Switch>


Privilege mode Switch#
Global Configuration mode Switch(config)#

How to switch in different modes:


Switch> enable
Switch# config terminal
Switch(config)#
Note: To return to the previous mode use Exit command in the current mode.
Copyright@ CTTC

How to Set Hostname and Configure Console Password:


Switch(config)# hostname CISCO
CISCO(config)#line console 0
CISCO(config-line)#password cisco123
CISCO(config-line)#login

How to Set Privilege level password:


!!! Clear Text Password not encrypted(less priority)
CISCO(config)#enable password ccna123
!!! Encrypted password (more Priority)
CISCO(config)#enable secret cttc123

Verify the Password


CISCO(config)#exit
CISCO#exit
CISCO con0 is now available
Press RETURN to get started.
User Access Verification
!!! TYPE HERE LINE CONSOLE Password
Password:
CISCO>enable
!!! TYPE HERE Privilege Level Password
Password:

Copyright@ CTTC

How to Set User Authentication in Switch


CISCO#config terminal
CISCO(config)#line console 0
CISCO(config-line)# login local
CISCO(config-line)#exit
CISCO(config)#username cttc password ccna123

Copyright@ CTTC

10

Verify the Authentication

CISCO(config)#exit
CISCO#exit

Verify the User Status


CISCO#show users
Line User Host(s) Idle Location
* 0 con 0 cttc idle 00:00:00

Copyright@ CTTC

11

Password Recovery

Configuration on Router
Router>enable
Router#config t
Router(config)#line console 0
Router(config-line)Password cisco
Router(config-line)#Login
Router(config-line)#Exit

For password recovery power cycle the router and press ctrl+break.

After we enter the rommon mode type:


Rommon 1 > confreg 0x2142
Rommon 2 > reset

Copyright@ CTTC

12

How to Set Telnet password:


CISCO(config)#line vty 0 15
CISCO(config-line)#password cisco
CISCO(config-line)#login
CISCO(config-line)#exit

How to Enable The Device to Establish Telnet/SSH


Session:
CISCO(config)#interface vlan 1
CISCO(config-if)#ip address 10.0.0.10 255.0.0.0
CISCO(config-if)#no shutdown
Note: VLAN 1 IP address is used to establish the telnet session. Go to command
prompt and use telnet command to make a telnet session with the device.
C:\>telnet 10.0.0.10

Configuring SSH:
CISCO(config)#username taha password abc123
CISCO(config)#ip domain-name cttc.net
CISCO(config)#crypto key generate rsa
The name for the keys will be: CISCO.cttc.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 512
% Generating 512 bit RSA keys ...[OK]
CISCO(config)#line vty 0 15
CISCO(config-line)#login local
CISCO(config-line)#transport input ssh

Copyright@ CTTC

13

Note: VLAN 1 must be configured as show in TELNET section. Putty software iscommonly
used to establish SSH session.

Verify Commands:
CISCO(config)#show line vty 0 15
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
1 VTY - -13 0 0/0 2 VTY - - - - - 0 0 0/0 3 VTY - - - - - 0 0 0/0 4 VTY - - - - - 0 0 0/0 5 VTY - - - - - 0 0 0/0 6 VTY - - - - - 0 0 0/0 7 VTY - - - - - 0 0 0/0 8 VTY - - - - - 0 0 0/0 9 VTY - - - - - 0 0 0/0 10 VTY - - - - - 0 0 0/0 11 VTY - - - - - 0 0 0/0 12 VTY - - - - - 0 0 0/0 13 VTY - - - - - 0 0 0/0 14 VTY - - - - - 0 0 0/0 15 VTY - - - - - 0 0 0/0 16 VTY - - - - - 0 0 0/0
!!! * show that one VTY Session is active:

Copyright@ CTTC

14

LAB: VLAN Configuration


Objective: To Create and Configure VLAN
CISCO#config terminal
CISCO(config)#vlan 10
CISCO(config-vlan)#name HR
CISCO(config-vlan)#exit
CISCO(config)#vlan 20
CISCO(config-vlan)#name Sales
CISCO(config-vlan)#exit

Verify VLANs
CISCO#show vlan brief
VLAN Name Status Ports
------- ---------------------------- --------- ------------------------------1 default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 HR active
20 Sales active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Note: All ports of the switch are member of VLAN 1 by default.

How to Assign Ports to Different VLANs:


CISCO(config)#interface fa0/1
CISCO(config-if)#switchport mode access
CISCO(config-if)#switchport access vlan 10
CISCO(config-if)#exit
CISCO(config)#interface fa0/2
CISCO(config-if)#switchport mode access
CISCO(config-if)#switchport access vlan 20

Copyright@ CTTC

15

Verify Ports in VLANS


CISCO#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- ------------------------------1 default
active
Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 HR
active Fa0/1
20 Sales
active Fa0/2

Copyright@ CTTC

16

LAB:PORT SECURITY
OBJECTIVE: TO IMPLEMENT BASIC PORT SECURITY FEATURES
ON INTERFACE

CISCO(config)#interface fa0/1
CISCO(config-if)#switchport mode access
CISCO(config-if)#switchport port-security
CISCO(config-if)#switchport port-security mac-address sticky
CISCO(config-if)#switchport port-security maximum 1
CISCO(config-if)#switchport port-security violation shutdown
CISCO(config-if)#exit
CISCO(config)#interface fa0/2
CISCO(config-if)#switchport mode access
CISCO(config-if)#switchport port-security
CISCO(config-if)#switchport port-security mac-address sticky
CISCO(config-if)#switchport port-security maximum 1
CISCO(config-if)#switchport port-security violation shutdown

Copyright@ CTTC

17

Verify Port-Security MAC Address:


CISCO#show port-security address
Secure Mac Address Table
------------------------------------------------------------------------------Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- ------------1
0060.705E.07CB
SecureSticky FastEthernet0/1 1
0090.21BD.4810
SecureSticky FastEthernet0/2 -----------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024

Verify Port-Security Interface FastEnthernet Fa0/1:


CISCO#show port-security interface f0/1
Port Security :
Enabled
Port Status :
Secure-up
Violation Mode :
Shutdown
Aging Time :
0 mins
Aging Type :
Absolute
SecureStatic Address Aging :
Disabled
Maximum MAC Addresses :
1
Total MAC Addresses :
1
Configured MAC Addresses :
0
Sticky MAC Addresses :
1
Last Source Address:Vlan :
0060.705E.07CB:1
Security Violation Count :
0
Note:
Max Addresses value depends upon the model of the device.
Manual MAC address can be entered in port-security instead on using sticky
command.
Violation modes can be set to protect, restrict or shutdown.

What happens if violation occurred:


When a new PC is attached to the port on which port-security is enabled then Switch
will take an action which is set in the violation mode.

Copyright@ CTTC

18

Verify when violation is occurred:


CISCO#show port-security
Secure Port
MaxSecureAddr
CurrentAddr SecurityViolation
Security Action
(Count)
(Count)
(Count)
------------------------------------------------------------------------------------------------------------Fa0/1
1
1
1
Shutdown
Fa0/2

Shutdown

-------------------------------------------------------------------------------------------------------------

Copyright@ CTTC

19

LAB: Rapid Spanning Tree Protocol (RSTP)


OBJECTIVE: To Implement STP, Its Improvement RSTP and To Configure
Root Bridges for Different VLANS.

Verify Root Bridge on Switch-1:


Switch-1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Priority
32769
Address
0002.16EE.8B7E
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID
Priority
32769 (priority 32768 sys-id-ext 1)
Address
0002.16EE.8B7E
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface
Role Sts
Cost Prio Nbr
Type
---------------- ---- --- --------- -------- -------------------------------Fa0/1
Desg FWD 19
128.1 P2p
Fa0/2
Desg FWD 19
128.2 P2p
Note:
If the switch is Root Bridge, it will display the message This bridge is the root.
Root ID Address and Bridge ID Address will be same in case of Root Bridge.
Default priority is 32768. VLAN ID (System Extension ID) is added to the default
priority. VLAN 1 is the default VLAN so the priority for VLAN 1 is 32769
(32768+1).
Copyright@ CTTC

20

Enabling RSTP:
Switch-1(config)#spanning-tree mode rapid-pvst
Note: The above command will be issued on all the switches of the network.

Verify RSTP:
Switch-1#show spanning-tree
VLAN0001

Spanning tree enabled protocol rstp


Root ID

Bridge ID

Priority 32769
Address 0002.16EE.8B7E
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Priority 32769 (priority 32768 sys-id-ext 1)
Address 0002.16EE.8B7E
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Changing Switch-2 to Root Bridge:


Switch-2(config)#spanning-tree vlan 1 priority 4096
Note:
Priority must be in the multiple 4096.
To change the root bridge, you can also use the following command:
Switch-2(config)#spanning-tree vlan 1 root primary

Verify Switch-2 as Root Bridge:


Switch-2#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID
Priority
24577
Address
000C.CF21.CBC1
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 000C.CF21.CBC1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Copyright@ CTTC

21

Enabling Portfast feature on all switches:


Switch-1(config)#spanning-tree portfast default
Note: Above command will be issued to all the switches in the network. By enabling
portfast feature on all the switches, will disable the STP process on all non-trunk ports.
It will cause to take less time to change the state to up on all non-trunking ports. To
verify this feature, connect a PC to the switch and the port will be up within 5 seconds.

Copyright@ CTTC

22

Etherchannel Configuration:

Configuring Switch-1:
Switch-1(config)#interface range fa0/1 - 2
Switch-1(config-if-range)#channel-group 1 mode on
Switch-1(config-if-range)#exit
Switch-1(config)#interface port-channel 1
Switch-1(config-if)#switchport mode trunk

Configuring Switch-2:
Switch-2(config)#interface range fa0/1 - 2
Switch-2(config-if-range)#channel-group 1 mode on
Switch-2(config-if-range)#exit
Switch-2(config)#interface port-channel 1
Switch-2(config-if)#switchport mode trunk

Verify Etherchannel:
Switch-1#show etherchannel summary
<Output omitted>
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
--------+-----------------+------------+------------------------1
Po1(SU)
Fa0/1(P) Fa0/2(P)

Copyright@ CTTC

23

LAB:InterVLAN Routing (IVR):


Objective: To Create Vlans &to show Routing B/W the Vlans

Configuring Switch:
Switch(config)#vlan 10
Switch(config-vlan)#name HR
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name Sales
Switch(config-vlan)#exit
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#interface fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
Switch(config)#interface fa0/3
Switch(config-if)#switchport mode trunk

Copyright@ CTTC

24

Configuring Router:
Router(config)#interface fa0/0
Router(config-if)#no shutdown
Router(config-if)#exit

Creating sub-interface for VLAN 10 on router:


Router(config)#interface fa0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 10.0.0.100 255.0.0.0
Router(config-subif)#exit

Creating sub-interface for VLAN 20 on router:


Router(config)#interface fa0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 20.0.0.100 255.0.0.0
Router(config-subif)#exit

Configuring IP on PC:

Copyright@ CTTC

25

Verify InterVLAN Routing:

Copyright@ CTTC

26

LAB: Static Routing:


Objective: To Implement Stating Routing in IPversion 4

Configuring R1:
R1(config)#interface fa0/0
R1(config-if)#ip address 10.0.0.100 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface s0/1/0
R1(config-if)#ip address 192.168.1.1 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown
R2(config-if)#exit
Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to this.

Configuring R2:
R2(config)#interface fa0/0
R2(config-if)#ip address 20.0.0.100 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface s0/1/0
R2(config-if)#ip address 192.168.1.2 255.255.255.252
R2(config-if)#no shutdown
R2(config-if)#exit
Adding static route on R1 for network 20.0.0.0:
R1(config)#ip route 20.0.0.0 255.255.255.0 s0/1/0
Adding static route on R2 for network 10.0.0.0:
R2(config)#ip route 10.0.0.0 255.255.255.0 192.168.1.1

Copyright@ CTTC

27

Note: When configuring the static route on router R1 we used the local interface of the
router R1 i.e s0/1/0, whereas, when configuring router R2 we use the next hop address
as Forwarding router's address.

Verify the routes on Router R1:


R1#show ip route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
20.0.0.0/24 is subnetted, 1 subnets
S 20.0.0.0 is directly connected, Serial0/1/0
192.168.1.0/30 is subnetted, 1 subnets

C 192.168.1.0 is directly connected, Serial0/1/0

Verify the routes on Router R2:


R2#show ip route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
S 10.0.0.0 [1/0] via 192.168.1.1
20.0.0.0/24 is subnetted, 1 subnets

C 20.0.0.0 is directly connected, FastEthernet0/0


192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, Serial0/1/0

Copyright@ CTTC

28

Verifying the ping reply from PC-2 to PC-1:

Copyright@ CTTC

29

LAB: Enhanced Interior Gateway Routing Protocol (EIGRP):


Objective: To Implement EIGRP in IP version 4

Configuring R1:
R1(config)#interface fa0/0
R1(config-if)#ip address 10.0.0.100 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface s0/1/0
R1(config-if)#ip address 192.168.1.1 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown
R2(config-if)#exit
Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to
this.

Configuring R2:
R2(config)#interface fa0/0
R2(config-if)#ip address 20.0.0.100 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface s0/1/0
R2(config-if)#ip address 192.168.1.2 255.255.255.252
R2(config-if)#no shutdown
R2(config-if)#exit

Copyright@ CTTC

30

Adding networks for EIGRP on Router R1:


R1(config)#router eigrp 100
R1(config-router)#network 10.0.0.0
R1(config-router)#network 192.168.1.0
R1(config-router)#no auto-summary
R1(config-router)#exit
Note: All directly connected networks will be issued in the router eigrp mode.
Autonomous System number must be same on all the routers in the network.

Adding networks for EIGRP on Router R2:


R1(config)#router eigrp 100
R1(config-router)#network 20.0.0.0
R1(config-router)#network 192.168.1.0
R1(config-router)#no auto-summary
R1(config-router)#exit

Verify the routes on Router R1:


R1#show ip route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C
10.0.0.0 is directly connected, FastEthernet0/0
20.0.0.0/24 is subnetted, 1 subnets
D
20.0.0.0 [90/2172416] via 192.168.1.2, 00:00:16, Serial0/1/0
192.168.1.0/30 is subnetted, 1 subnets
C
192.168.1.0 is directly connected, Serial0/1/0

Verify the routes on Router R2:


R2#sh ip route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
D
10.0.0.0 [90/2172416] via 192.168.1.1, 00:00:05, Serial0/1/0
20.0.0.0/24 is subnetted, 1 subnets
C
20.0.0.0 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C
192.168.1.0 is directly connected, Serial0/1/0

Copyright@ CTTC

31

Verifying neighbors for R1:


R1#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H
Address
Interface
Hold
Seq
(sec)
Num
0
192.168.1.2 Se0/1/0
11

Uptime

SRTT RTO Q

(ms)

Cnt

0:02:05

40

1000

Uptime

SRTT RTO

Verifying neighbors for R2:


R2#sh ip eigrp neighbors
R2#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H
Address
Interface
Hold
Seq
Num
(sec)
0

192.168.1.1

Se0/1/0

13

(ms)
00:03:15

Cnt
40

1000

Note: To verify the currently enabled routing protocols, use the following command:
R1#show ip protocols
To view all the routes that has been calculated by EIGRP, use the following
command:

R1#show ip eigrp topology.

Copyright@ CTTC

32

LAB: Open Shortest Path First (OSPF):


Objective: To Implement OSPF in IP version 4

Configuring R1:
R1(config)#interface fa0/0
R1(config-if)#ip address 10.0.0.100 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface s0/1/0
R1(config-if)#ip address 192.168.1.1 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown
R2(config-if)#exit
Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to
this.

Configuring R2:
R2(config)#interface fa0/0
R2(config-if)#ip address 20.0.0.100 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface s0/1/0
R2(config-if)#ip address 192.168.2.2 255.255.255.252
R2(config-if)#no shutdown
R2(config-if)#exit

Copyright@ CTTC

33

Configuring Central Router (ABR):


ABR(config)#int s0/1/0
ABR(config-if)#ip add
ABR(config-if)#ip address 192.168.1.2 255.255.255.252
ABR(config-if)#no shutdown
ABR(config-if)#exit
ABR(config)#int s0/1/1
ABR(config-if)#ip address 192.168.2.1 255.255.255.252
ABR(config-if)#clock rate 64000
ABR(config-if)#no shutdown
ABR(config-if)#exit

Adding networks for OSPF on Router R1 as Area 0 (Backbone Area):


R1(config)#router ospf 10
R1(config-router)#network 10.0.0.0 0.0.0.255 area 0
R1(config-router)#network 192.168.1.0 0.0.0.3 area 0
R1(config-router)#exit

Adding networks for OSPF on Router R2 as Area 1 (Regular Area):


R2(config)#router ospf 20
R2(config-router)#network 20.0.0.0 0.0.0.255 area 1
R2(config-router)#network 192.168.2.0 0.0.0.3 area 1
R2(config-router)#exit

Adding networks for OSPF on Router ABR as Area 0 and Area 1:


ABR(config)#router ospf 50
ABR(config-router)#network 192.168.1.0 0.0.0.3 area 0
ABR(config-router)#network 192.168.2.0 0.0.0.3 area 1
ABR(config-router)#exit

Verify the routes on Router R1:


R1#show ip route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C
10.0.0.0 is directly connected, FastEthernet0/0
20.0.0.0/24 is subnetted, 1 subnets
O IA 20.0.0.0 [110/129] via 192.168.1.2, 00:09:19, Serial0/1/0
192.168.1.0/30 is subnetted, 1 subnets
C
192.168.1.0 is directly connected, Serial0/1/0
192.168.2.0/30 is subnetted, 1 subnets
O IA 192.168.2.0 [110/128] via 192.168.1.2, 00:09:19, Serial0/1/0

Copyright@ CTTC

34

Verify the routes on Router R2:


R2#show ip route:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
O IA 10.0.0.0 [110/129] via 192.168.2.1, 00:11:48, Serial0/1/0
20.0.0.0/24 is subnetted, 1 subnets
C
20.0.0.0 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
O IA 192.168.1.0 [110/128] via 192.168.2.1, 00:11:48, Serial0/1/0
192.1 68.2.0/30 is subnetted, 1 subnets
C
192.168.2.0 is directly connected, Serial0/1/0

Verify the routes on Router ABR:


ABR#show ip route:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
O
10.0.0.0 [110/65] via 192.168.1.1, 00:13:30, Serial0/1/0
20.0.0.0/24 is subnetted, 1 subnets
O
20.0.0.0 [110/65] via 192.168.2.2, 00:13:11, Serial0/1/1
192.168.1.0/30 is subnetted, 1 subnets

192.168.1.0 is directly connected, Serial0/1/0


192.168.2.0/30 is subnetted, 1 subnets
92.168.2.0 is directly connected, Serial0/1/1

C1

Note: More commands to verify OSPF:

R1#show ip ospf neighbor


R1#show ip ospf database

Copyright@ CTTC

35

LAB: Hot Standby Router Protocol (HSRP):


Objective: How to show Redundancy by using HSRP

Configuring WAN-RT:
WAN-RT(config)#interface Loopback0
WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0
WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#interface FastEthernet0/0
WAN-RT(config-if)#ip address 172.16.2.1 255.255.255.0
WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#interface FastEthernet0/1
WAN-RT(config-if)#ip address 172.16.1.1 255.255.255.0
WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#router rip
WAN-RT(config-router)#version 2
WAN-RT(config-router)#network 172.16.0.0
WAN-RT(config-router)#network 200.0.0.0
WAN-RT(config-router)#no auto-summary
WAN-RT(config-router)#exit

Copyright@ CTTC

36

Configuring Master-RT:
Master-RT(config)#interface FastEthernet0/0
Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0
Master-RT(config-if)#standby 1 ip 10.0.0.100
Master-RT(config-if)#standby 1 priority 110
Master-RT(config-if)#standby 1 preempt
Master-RT(config-if)#standby 1 track FastEthernet0/1
Master-RT(config-if)#no shutdown
Master-RT(config-if)#exit

Master-RT(config-if)
Master-RT(config )#interface FastEthernet0/1
Master-RT(config-if)#ip address 172.16.1.2 255.255.255.0
Master-RT(config-if)#no shutdown
Master-RT(config-if)#exit
Master-RT(config)#router rip
Master-RT(config-router)#version 2
Master-RT(config-router)#network 10.0.0.0
Master-RT(config-router)#network 172.16.0.0
Master-RT(config-router)#no auto-summary

Configuring Backup-RT:
Backup-RT(config)#interface FastEthernet0/0
Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0
Backup-RT(config-if)#standby 1 ip 10.0.0.100
Backup-RT(config-if)#standby 1 priority 95
Backup-RT(config-if)#standby 1 preempt
Backup-RT(config-if)#no shutdown
Backup-RT(config-if)#exit
Backup-RT(config)#interface FastEthernet0/1
Backup-RT(config-if)#ip address 172.16.2.2 255.255.255.0
Backup-RT(config-if)#no shutdown
Backup-RT(config-if)#exit
Backup-RT(config)#router rip
Backup-RT(config-router)#version 2
Backup-RT(config-router)#network 10.0.0.0
Backup-RT(config-router)#network 172.16.0.0
Backup-RT(config-router)#no auto-summary

Copyright@ CTTC

37

Verify Master-RT:
Master-RT#show standby

Note: When the network is perfectly up, Master-RT must be in Active State. If
FastEthernet port of Master-RT gone down then Backup-RT will become active. Now
check Backup-RT when the Fa0/1 of Master-RT is down

Copyright@ CTTC

38

Verify Backup-RT when Fa0/1 of Master-RT is down:


Backup-RT#show standby

Copyright@ CTTC

39

LAB: Virtual Router Redundancy Protocol(VRRP)


Objective: How to show Redundancy by using VRRP

Configuring WAN-RT:
WAN-RT(config)#interface Loopback0
WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0
WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#interface FastEthernet0/0
WAN-RT(config-if)#ip address 172.16.2.1 255.255.255.0
WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#interface FastEthernet0/1
WAN-RT(config-if)#ip address 172.16.1.1 255.255.255.0
WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#router rip
WAN-RT(config-router)#version 2
WAN-RT(config-router)#network 172.16.0.0
WAN-RT(config-router)#network 200.0.0.0
WAN-RT(config-router)#no auto-summary
WAN-RT(config-router)#exit

Copyright@ CTTC

40

Configuring Master-RT:
Master-RT(config)#interface FastEthernet0/0
Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0
Master-RT(config-if)#vrrp 1 ip 10.0.0.100
Master-RT(config-if)#no shutdown
Master-RT(config-if)#exit
Master-RT(config-if)
Master-RT(config )#interface FastEthernet0/1
Master-RT(config-if)#ip address 172.16.1.2 255.255.255.0
Master-RT(config-if)#no shutdown
Master-RT(config-if)#exit
Master-RT(config)#router rip
Master-RT(config-router)#version 2
Master-RT(config-router)#network 10.0.0.0
Master-RT(config-router)#network 172.16.0.0
Master-RT(config-router)#no auto-summary
Configuring Backup-RT:
Backup-RT(config)#interface FastEthernet0/0
Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0
Backup-RT(config-if)#vrrp 1 ip 10.0.0.100
Backup-RT(config-if)#no shutdown
Backup-RT(config-if)#exit
Backup-RT(config)#interface FastEthernet0/1
Backup-RT(config-if)#ip address 172.16.2.2 255.255.255.0
Backup-RT(config-if)#no shutdown
Backup-RT(config-if)#exit
Backup-RT(config)#router rip
Backup-RT(config-router)#version 2
Backup-RT(config-router)#network 10.0.0.0
Backup-RT(config-router)#network 172.16.0.0
Backup-RT(config-router)#no auto-summary

Copyright@ CTTC

41

Verify Master-RT:
Master-RT# show VRRP

Note: When the network is perfectly up, Master-RT must be in Active State. If
FastEthernet port of Master-RT gone down then Backup-RT will become active. Now
check Backup-RT when the Fa0/1 of Master-RT is down

Verify Backup-RT when Fa0/1 of Master-RT is down:


Backup-RT#show VRRP

Copyright@ CTTC

42

LAB: Gateway Load Balancing Protocol


Objective: How to show Redundancy by using GLBP

Configuring WAN-RT:
WAN-RT(config)#interface Loopback0
WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0
WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#interface FastEthernet0/0
WAN-RT(config-if)#ip address 172.16.2.1 255.255.255.0
WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#interface FastEthernet0/1
WAN-RT(config-if)#ip address 172.16.1.1 255.255.255.0
WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#router rip
WAN-RT(config-router)#version 2
WAN-RT(config-router)#network 172.16.0.0
WAN-RT(config-router)#network 200.0.0.0
WAN-RT(config-router)#no auto-summary
WAN-RT(config-router)#exit

Copyright@ CTTC

43

Configuring Master-RT:
Master-RT(config)#interface FastEthernet0/0
Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0
Master-RT(config-if)#glbp 1 ip 10.0.0.100
Master-RT(config-if)#no shutdown
Master-RT(config-if)#exit

Master-RT(config-if)
Master-RT(config )#interface FastEthernet0/1
Master-RT(config-if)#ip address 172.16.1.2 255.255.255.0
Master-RT(config-if)#no shutdown
Master-RT(config-if)#exit
Master-RT(config)#router rip
Master-RT(config-router)#version 2
Master-RT(config-router)#network 10.0.0.0
Master-RT(config-router)#network 172.16.0.0
Master-RT(config-router)#no auto-summary

Configuring Backup-RT:
Backup-RT(config)#interface FastEthernet0/0
Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0
Backup-RT(config-if)#glbp 1 ip 10.0.0.100
Backup-RT(config-if)#no shutdown
Backup-RT(config-if)#exit
Backup-RT(config)#interface FastEthernet0/1
Backup-RT(config-if)#ip address 172.16.2.2 255.255.255.0
Backup-RT(config-if)#no shutdown
Backup-RT(config-if)#exit
Backup-RT(config)#router rip
Backup-RT(config-router)#version 2
Backup-RT(config-router)#network 10.0.0.0
Backup-RT(config-router)#network 172.16.0.0
Backup-RT(config-router)#no auto-summary

Copyright@ CTTC

44

Verify Master-RT:
Master-RT# show GLBP

Copyright@ CTTC

45

Verify Backup-RT when Fa0/1 of Master-RT is down:


Backup-RT#show GLBP

Copyright@ CTTC

46

LAB: How to Configure IPv6 on CISCO Router


Objective: To Implement IP Version 6 on Routers

Configure R1s interface S1/0 with ipv6 address


R1(config)#ipv6 unicast-routing
R1(config)#interface serial 1/0
R1(config-if)#ipv6 address 2001:abad:beef:1::1/64
R1(config-if)#no shutdown
R2(config)#ipv6 unicast-routing
R2(config)#interface serial 1/0
R2(config-if)#ipv6 address 2001:abad:beef:1::2/64
R2(config-if)#no shutdown

Verify IPv6 address:


R1#show ipv6 interface

Copyright@ CTTC

47

Verify IPv6 communication between R2 and R1 using ping:

Copyright@ CTTC

48

LAB: Configuring IPv6 Auto configures


Objective: To Show How Routers Acquire The Ipv6 Address Automatically

Configuring R1#:
R1(config)#ipv6 unicast-routing
R1(config)#int fa0/0
R1(config-if)#ipv6 address 2001:abad:5001:1::1/64
R1(config-if)#ipv6 nd prefix 2001:abad:5001:1::/64
R1(config-if)#no shutdown

Configuring R2#:
R2(config)#ipv6 unicast-routing
R2(config)#int fa0/0
R2(config-if)#ipv6 address autoconfig
R2(config-if)#no shutdown
R2(config-if)#exit

Configuring R3#:
R3(config)#ipv6 unicast-routing
R3(config)#int fa0/0
R3(config-if)#ipv6 address autoconfig
R3(config-if)#no shutdown
R3(config-if)#end

Copyright@ CTTC

49

Verify Autoconfigure IPv6 on R2s interface Fa0/0:

Copyright@ CTTC

50

LAB: Configure RIPng on Router:


Background:
In this configuration example, routers R1 and R2 are connected via Serial interface and
Loopback addresses are configured to generate networks. All the interfaces are
configured with the IPv6 addresses.

Configure on R1:
R1(config)#ipv6 unicast-routing
R1(config)#int s1/0
R1(config-if)#ipv6 address 2001:abad:5001:1::1/64
R1(config-if)#ipv6 rip cttc enable
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#int Loopback 10
R1(config-if)#ipv6 address 1:1:1:1::1/64
R1(config-if)#ipv6 rip cttc enable
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#int Loopback 20
R1(config-if)#ipv6 address 1:1:1:2::1/64
R1(config-if)#ipv6 rip cttc enable
R1(config-if)#no shutdown
R1(config-if)#exit

Copyright@ CTTC

51

Configure on R2:
R2(config)#ipv6 unicast-routing
R2(config)#int s1/0
R2(config-if)#ipv6 address 2001:abad:5001:1::2/64
R2(config-if)#ipv6 rip cttc enable
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#int Loopback 0
R2(config-if)#ipv6 address 2:2:2:2::1/64
R2(config-if)#ipv6 rip cttc enable
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#int Loopback 1
R2(config-if)#ipv6 address 2:2:2:1::1/64
R2(config-if)#ipv6 rip cttc enable
R2(config-if)#no shutdown
R2(config-if)#exit
Note: In the syntax cttc specified the Process, you can run multiple processes on a
Route

Copyright@ CTTC

52

Verify RIPng Routes:


R1#show ipv6 route

Copyright@ CTTC

53

Verify information about the current IPv6 RIP process

Verify the reachability between the routers R1 and R2, use the ping
command:

Copyright@ CTTC

54

LAB: Configuring OSPF V.3.0


OBJECTIVE: TO IMPLEMENT OSPF ROUTING PROTOCOL IN IPV6

Configure R1:
R1(confg)#ipv6 unicast-routing
R1(config)#int s1/0
R1(config-if)#ipv6 address 2001:abad:5001:1::1/64
R1(config-if)#no shutdown
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#exit
R1(config)#int Loopback 10
R1(config-if)#ipv6 address 1:1:1:1::1/64
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#int Loopback 20
R1(config-if)#ipv6 address 1:1:1:2::1/64
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 1.1.1.1
R1(config-if)#exit

Copyright@ CTTC

55

Configuring R2:
R2(confg)#ipv6 unicast-routing
R2(config)#int s1/0
R2(config-if)#ipv6 address 2001:abad:5001:1::2/64
R2(config-if)#no shutdown
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#exit
R2(config)#int Loopback 0
R2(config-if)#ipv6 address 2:2:2:2::1/64
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#int Loopback 1
R2(config-if)#ipv6 address 2:2:2:1::1/64
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#ipv6 router ospf 1
R2(config-rtr)#router-id 2.2.2.2
R2(config-rtr)#exit
Configure R1s Loopback 10, 20 and R2s Loopback 0, 1 interface to participate in
OSPF Area 0 and ensure that R1 & R2 advertises Lo0 as a /64 subnet and not a host
route (/128).
Note: Loopback interfaces have their own OSPF network type in which case OSPF
advertises a host route to the loopback interface and not the configure subnet mask. To
change OSPF to advertise the subnet assigned to the loopback interface youll need to
change the network type to point-to-point as shown below:

For R1:
R1(config)#interface loopback 10
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#ipv6 ospf network point-to-point
R1(config-if)#exit
R1(config)#interface loopback 20
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#ipv6 ospf network point-to-point
R1(config-if)#exit

Copyright@ CTTC

56

For R2:
R2(config)#interface loopback 0
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#ipv6 ospf network point-to-point
R2(config-if)#exit
R2(config)#interface loopback 1
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#ipv6 ospf network point-to-point
R2(config-if)#exit

Verify R1s Loopback0 network is in the IPv6 routing table of R2:


R1#show ipv6 route ospf

Copyright@ CTTC

57

Verify R1s Loopback10 network has IPv6 connectivity to R2s Loopback0


network using PING:

Copyright@ CTTC

58

LAB: Configuring EIGRP


OBJECTIVE: TO Implement EIGRP in IPV6

Configure R1:
R1(config)#ipv6 unicast-routing
R1(config)#int s1/0
R1(config-if)#ipv6 address 2001:abad:5001:1::1/64
R1(config-if)#no shutdown
R1(config-if)#ipv6 eigrp 100
R1(config-if)#exit
R1(config)#ipv6 router eigrp 100
R1(config-rtr)#eigrp router-id 1.1.1.1
R1(config-rtr)#exit
R1(config)#int Loopback 10
R1(config-if)#ipv6 address 1:1:1:1::1/64
R1(config-if)#no shutdown
R1(config-if)#ipv6 eigrp 100
R1(config-rtr)#exit
R1(config)#int loopback 20
R1(config-if)#ipv6 address 1:1:1:2::1/64
R1(config-if)#no shutdown
R1(config-if)#ipv6 eigrp 100
R1(config-if)#exit

Copyright@ CTTC

59

Configure R2:
R2(config)#ipv6 unicast-routing
R2(config)#int s1/0
R2(config-if)#ipv6 address 2001:abad:5001:1::2/64
R2(config-if)#no shutdown
R2(config-if)#ipv6 eigrp 100
R2(config-if)#exit
R2(config)#ipv6 router eigrp 100
R2(config-rtr)#eigrp router-id 2.2.2.2
R2(config-rtr)#exit
R2(config)#int Loopback 0
R2(config-if)#ipv6 address 2:2:2:2::1/64
R2(config-if)#no shutdown
R2(config-if)#ipv6 eigrp 100
R2(config-rtr)#exit
R2(config)#int Loopback 1
R2(config-if)#ipv6 address 2:2:2:1::1/64
R2(config-if)#no shutdown
R2(config-if)#ipv6 eigrp 100
R2(config-if)#exit

Copyright@ CTTC

60

Verify R1s Loopback0 network is in the IPv6 routing table of R2:


R1#show ipv6 route eigrp:

Copyright@ CTTC

61

LAB: WAN Encapsulation


OBJECTIVE: To Implement authentication method and encapsulation
used
for WAN

Configuring R1:
R1(config)#int s0/3/0
R1(config-if)#ip address 192.168.1.1 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap pap
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#username R2 password cisco

Configuring R2:
R2(config)#int s0/3/0
R2(config-if)#ip address 192.168.1.2 255.255.255.252
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap pap
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#username R1 password cisco
Note: Username R2 must be created on Router R1 and username R1 must be created
on Router R2, where usernames R1 and R2 are the hostname of their respective
Routers. Passwords on both the routers must be same.

Copyright@ CTTC

62

Verify point-to-point connectivity:


R1#ping 192.168.1.2

Copyright@ CTTC

63

LAB:Frame Relay
OBJECTIVE: To Show How Router Connects With Each Other Over Cloud
Using Frame Relay

Configuring R1:
R1(config)#int s0/3/0
R1(config-if)#no shutdown
R1(config-if)#encapsulation frame-relay
R1(config-if)#exit
R1(config)#interface s0/3/0.122 point-to-point
R1(config-subif)#ip address 10.1.2.1 255.255.255.0
R1(config-subif)#frame-relay interface-dlci 122
R1(config-subif)#exit
R1(config)#interface s0/3/0.123 point-to-point
R1(config-subif)#ip address 10.1.3.1 255.255.255.0
R1(config-subif)#frame-relay interface-dlci 123
R1(config-subif)#exit
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 10.1.2.0
R1(config-router)#network 10.1.3.0
R1(config-router)#exit

Copyright@ CTTC

64

Configuring R2:
R2(config)#int s0/3/0
R2(config-if)#ip address 10.1.2.2 255.255.255.0
R2(config-if)#encapsulation frame-relay
R2(config-if)#frame-relay interface-dlci 221
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 10.1.2.0

Configuring R3:
R3(config)#int s0/3/0
R3(config-if)#ip address 10.1.3.2 255.255.255.0
R3(config-if)#encapsulation frame-relay
R3(config-if)#frame-relay interface-dlci 321
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 10.1.3.0
R3(config-router)#exit

Copyright@ CTTC

65

Configuring WAN Emulation Cloud:

Note: Click on WAN cloud then click on Config tab. You will see all the interfaces on the
left hand side. Now click on Serial0 button and add the DLCI value and Name as shown
above and press Add button. Serial0 is linked to two DLCI value, therefore both the
DLCI values must be added. Now repeat the same procedure for Serial1 and Serial2.

Copyright@ CTTC

66

Configuring Frame Relay:

Note: Now click on Frame Relay button and map the DLCI accordingly as shown
above and press the Add button.
You can now verify the connectivity by sending ping packets as follows.

On Router R1:
R1#ping 10.1.2.2
R1#ping 10.1.3.2

On Router R2:
R2#ping 10.1.3.2

On Router R3:
R3#ping 10.1.2.2

Copyright@ CTTC

67

LAB: Configuring DHCP on Cisco ROUTER


OBJECTIVE: To Configure DHCP in Order To Show How a Client Can Be
Assigned IP Address Automatically

Configuring Router R1:


R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.1.1
R1(config-if)#no shutdown
R1(config-if)#exit
Configuring the DHCP pool:
R1(config)#ip dhcp pool cttc-pool
R1(dhcp-config)#network 192.168.1.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.1.1
R1(dhcp-config)#exit
R1(config)#ip dhcp exclude-address 192.168.1.1 192.168.1.5
R1(config)#end

Copyright@ CTTC

68

Verify DHCP Binding:


R1#show ip dhcp binding

Copyright@ CTTC

69

Configuring PC:

Copyright@ CTTC

70

LAB: Standard ACL


OBJECTIVE: To Implement Standard ACL in Order To Show How It Does
the Filtration Based On Source Address

Copyright@ CTTC

71

Configuration on R1
Router>enable
Router#configure t
Router(config)#interface f0/0
Router(config-if)#ip address 10.0.0.100 255.255.255.0
Router(config-if)#no shutdown
Router(config)#interface f0/1
Router(config-if)#ip add
Router(config-if)#ip address 172.16.1.1 255.255.255.0
Router(config-if)#no sh
Router(config-if)#no shutdown
Router(config-if)#ex

Ping from Pc0 to Pc 1

Router(config)#access-list 50 deny host 10.0.0.1


Router(config)#int f0/0
Router(config-if)#ip access-group 50 in
Router(config-if)#ex

Copyright@ CTTC

72

Ping after applying Acl

Copyright@ CTTC

73

LAB: Extended ACL


OBJECTIVE: To show How Extended ACL Works by Filtration Based on
Source and Destination Address

Copyright@ CTTC

74

Configuration on R0
Router>enable
Router#configure t
Router(config)#interface f0/0
Router(config-if)#ip address 172.16.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface f0/1
Router(config-if)#ip address 10.0.0.100 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#ex
Router(config)#access-list 100 permit tcp host 10.0.0.1 host 200.1.1.1 eq 80
Router(config)#access-list 100 deny tcp host 10.0.0.2 host 200.1.1.1 eq www
Router(config)#access-list 100 permit ip 10.0.0.0 0.0.0.255 any
Router(config)#access-list 100 permit ip any any
Router(config)#interface f0/0
Router(config-if)#ip access-group 100 out
Router(config-if)#ex
Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0

Configuration on R1
Router>enable
Router#configure t
Router(config)#interface f0/0
Router(config-if)#ip address 172.16.1.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface f0/1
Router(config-if)#ip address 200.1.1.100 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#ex
Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0

Copyright@ CTTC

75

LAB: Static NAT


Objective: To Show Static Translation from Public Ip Address to Private Ip
Address by Implementing Static Nat

Configuration R0
Router#configure terminal
Router(config)#ip nat inside source static 10.0.0.1 172.16.1.3
Router(config)#interface f0/0
Router(config-if)#ip nat outside
Router(config-if)#ex
Router(config)#interface f0/1
Router(config-if)#ip nat inside
Router(config-if)#ex

Copyright@ CTTC

76

Ping from pc 1 to server 1 after that run the show command


Router(config)#do sh ip nat translation
Pro Inside global Inside local
Outside local
icmp 172.16.1.3:1
10.0.0.1:1
200.1.1.1:1
icmp 172.16.1.3:2
10.0.0.1:2
200.1.1.1:2
icmp 172.16.1.3:3
10.0.0.1:3
200.1.1.1:3
icmp 172.16.1.3:4
10.0.0.1:4
200.1.1.1:4
icmp 172.16.1.3:5
10.0.0.1:5
200.1.1.1:5
icmp 172.16.1.3:6
10.0.0.1:6
200.1.1.1:6
icmp 172.16.1.3:7
10.0.0.1:7
200.1.1.1:7
icmp 172.16.1.3:8
10.0.0.1:8
200.1.1.1:8
--- 172.16.1.3
10.0.0.1
-----

Copyright@ CTTC

Outside global
200.1.1.1:1
200.1.1.1:2
200.1.1.1:3
200.1.1.1:4
200.1.1.1:5
200.1.1.1:6
200.1.1.1:7
200.1.1.1:8

77

LAB: Dynamic NAT


Objective: To Show Dynamic Translation from Public Ip Address to Private
Ip Address by Implementing Dynamic Nat

Router(config)#ip nat pool abc 172.16.1.3 172.16.1.4 netmask 255.255.255.0


Router(config)#ip nat inside source list 10 pool abc
Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255
Router(config)#interface f0/0
Router(config-if)#ip access-group 10 out

Ping from Pc1 & from Pc2 but not from Pc3
Router# show ip nat translations
Pro Inside global Inside local
Outside local
Outside global
tcp 172.16.1.3:1025 10.0.0.1:1025
200.1.1.1:80
200.1.1.1:80
tcp 172.16.1.4:1025 10.0.0.2:1025
200.1.1.1:80
200.1.1.1:80

Copyright@ CTTC

78

LAB: PAT
Objective: To Show Translation from One Public Ip Address to Many Private
Ip Address by Implementing Pat

Configuration on R1
Router(config)#ip nat pool abc 172.16.1.3 172.16.1.3 netmask 255.255.255.0
Router(config)#ip nat inside source list 10 pool abc overload
Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255
Router(config)#interface f0/1
Router(config-if)#ip nat inside
Router(config-if)#ex
Router(config)#interface f0/0
Router(config-if)#ip nat outside
Router(config-if)#ex
Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0

Copyright@ CTTC

79

Ping 200.1.1.1 and then check the router translation


Router(config)#do sh ip nat translation
Pro Inside global Inside local
Outside local
Outside global
icmp 172.16.1.3:5
10.0.0.1:5
200.1.1.1:5
200.1.1.1:5
icmp 172.16.1.3:6
10.0.0.1:6
200.1.1.1:6
200.1.1.1:6
icmp 172.16.1.3:7
10.0.0.1:7
200.1.1.1:7
200.1.1.1:7
icmp 172.16.1.3:8
10.0.0.1:8
200.1.1.1:8
200.1.1.1:8

Copyright@ CTTC

80

LAB:Trouble shooting of EIGRP

Configuration on R1
Router>enable
Router#configure terminal
Router(config)# interface s0/3/0
Router(config-if)#ip address 10.0.0.1 255.255.255.0
Router(config-if)#clock rate 64000
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface loopback 0
Router(config-if)#ip address 1.1.1.1 255.255.255.0
Router(config-if)#exit
Router(config)#router eigrp 9
Router(config-router)#no auto-summary
Router(config-router)#network 10.0.0.0
Router(config-router)#network 1.1.1.0
Router(config-router)#exit

Configuration on R2
Router>enable
Router#configure terminal
Router(config)#interface s0/3/0
Router(config-if)#ip address 10.0.0.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface loopback 0
Router(config-if)#ip address 2.2.2.2 255.255.255.0
Router(config-if)#exit
Router(config)#router eigrp 100
Router(config-router)#network 10.0.0.0
Router(config-router)#network 2.2.2.0
Router(config-router)#no auto-summary
Router(config-router)#exit

Copyright@ CTTC

81

After perform routing there is no ping from Router 1 to loopback 2.2.2.2,


Basically the reason is that , Router 1 have the A.S number is 10 and Router 2 have A.S no: 9,
thats why there is no ping.
Now I have to change the A.S no: of R2.

Copyright@ CTTC

82

LAB:SYSLOG
OBJECTIVE: To Implement Syslog and to Show The Output it Generates On
the Syslog Server

Configuration on Router
Router>enable
Router#conf t
Router(config)#int fa0/0
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int fa0/1
Router(config-if)#ip address 20.0.0.1 255.0.0.0
Router(config-if)#no shut
Router(config)#service timestamps log datetime msec
Router(config)#logging host 20.0.0.2
Router(config)#logging trap debugging
Router(config)#end
*Mar 01, 00:04:47.044: *Mar 01, 00:04:47.044: %SYS-5-CONFIG_I: Configured from console by
console
Enter configuration commands, one per line. End with CNTL/Z.

Copyright@ CTTC

83

In order to generate the log do some configuration as below.


Router(config)#router eigrp 10
Router(config-router)#exit
Router(config)#int fa0/0
Router(config-if)#shutdown
*Mar 01, 00:05:50.055: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to
administratively down
*Mar 01, 00:05:50.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to down
Router(config-if)#no shutdown
Router(config-if)#
*Mar 01, 00:05:52.055: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
*Mar 01, 00:05:52.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up

Now click the server to see the syslog messages.

Copyright@ CTTC

84

Copyright@ CTTC