Cisco ICND2 Lab Guide v1.1

Cisco CCNA/ICND2 Lab Guide
Covers all topics for the ICND2 exam
Version 1.1
Written by
Marc Bouchard
www.subnet192.com
© 2011 Marc Bouchard

Contents
Introduction .................................................................................................................................................. 3
Recommended training material .................................................................................................................. 3
Recommended lab equipment ..................................................................................................................... 3
How this guide works… ................................................................................................................................. 4
Lab 1 – VLAN Trunking Protocol (VTP) .......................................................................................................... 5
Lab 2 – Spanning Tree Protocol (STP) ......................................................................................................... 13
Lab 3 – VLAN Routing (Router on-a-stick)................................................................................................... 21
Lab 4 – Routing Protocols ........................................................................................................................... 24
OSPF .................................................................................................................................................... 24
EIGRP ................................................................................................................................................... 28
Lab 5 – WAN................................................................................................................................................ 31
Configuring a hub and spoke topology using Frame Relay ................................................................. 31
Lab 6 – Access Lists ..................................................................................................................................... 37
Lab 7 – Network Address Translation (NAT/PAT) ....................................................................................... 41
Appendix 1 .................................................................................................................................................. 43
Lab 1 Switch configurations ................................................................................................................ 43
Appendix 2 .................................................................................................................................................. 44
Lab 3 Router and switch configurations ............................................................................................. 44
Appendix 3 .................................................................................................................................................. 45
Lab 4 Device configurations ................................................................................................................ 45
Appendix 4 .................................................................................................................................................. 46
Lab 5 Device configurations ................................................................................................................ 46
Appendix 5 .................................................................................................................................................. 47
Lab 7 Routers and switch configurations ............................................................................................ 47
References & Resources ............................................................................................................................. 48
Software ...................................................................................................................................................... 48
Cisco CCNA Lab Guide
Special thanks…........................................................................................................................................... 48
www.subnet192.com 2
Introduction
Studying for the CCENT/CCNA exams is challenging. There are a lot of resources out there, lots of
material but there was nothing I could find to meet my objective: provide me with a challenge, and then
show a step by step explanation to validate the tasks.
This guide is in no way endorsed by Cisco Systems. I created this document out of personal need and to
help myself memorize and learn the various commands and configurations. I thought I should share this
with others to assist in actually learning hands-on skills with Cisco equipment. Also, note that I didn’t
reinvent the wheel here. Most of this is inspired from personal experience in my own lab, from
information gathered on the internet, from some of the simulators, etc.
This guide is provided FREE of charge. If you paid for this guide, you got ripped off. I do however
accept donations of any amount via Paypal at marc@subnet192.com if you find this guide of use and
want to thank me for my efforts. Visit my site at www.subnet192.com for more information and the
latest guides!
Recommended training material

The following are what I personally used to pass the certification. I find that going through a CBT before
hitting the books helps a lot to make the book easier to understand.
 CBT Nuggets ICND2 training by Jeremy Cioara.

 Cisco Press ICND2 by Wendell Odom.
Recommended lab equipment

Finding the right gear to build a lab is quite a daunting task. There is a multitude of models and versions,
as well as modules to customize each device. While you can get by with simulators, (I have tried them
all), nothing compares to working with the real deal.
My recommendations, for a reasonably priced lab that would get you through the CCNA curriculum
would be the following.
3 Cisco 2950 series switches
3 Cisco 2620XM 128/45 series routers
3 WIC-2T serial interfaces

3 DCE/DTE Smart Serial cables (for the WIC-2T to WIC-2T connections)
1 NM-4A/S serial interface
3 Serial to Smart Serial cables (for the NM-4A/S to WIC-2T connections)
3 www.subnet192.com
How this guide works…
First off, this is not intended to explain any of the concepts. There are fantastic books out there for that
job. This guide attempts to make you think about what you need to do, which commands are required
to complete each step and so on.
In this guide, there is no goal topology, as it will change depending on the objectives of each lab. The
various topologies are all based on my recommendations for hardware above. You can also perform
most of the steps using Cisco’s Packet Tracer software if you are part of the Cisco Learning Academy, but
be aware that some commands may not be fully implemented.
Also, by now you should be familiar with the familiar prompts of the IOS (the exec mode #, the config
mode (config)#, etc.) so steps to get you into these modes will not be identified in the walkthrough.
www.subnet192.com 4
Lab 1 – VLAN Trunking Protocol (VTP)
Material required: 3 switches, 1 PC, rollover cable, crossover and standard Ethernet cables.
Objectives
This lab will guide you in configuring VTP in the lab environment.
Preparation
 Configure all three switches using the scripts in appendix 1.
 DISCONNECT all crossover cables from S1.
 Configure your laptop with the IP address 192.168.1.100/24
5 www.subnet192.com
Tasks
 Open a terminal emulator session to S1 (console)
o Display VLAN configuration.
o Display switch ports information from the running-configuration using output modifiers
to begin the display at interface FastEthernet0/1.
o Display the default VTP configuration information.
o Configure all switch ports to access mode.
o Set the VTP mode to Transparent.
o Save the configuration.
o Configure VTP
Set the VTP mode to Server.
Set the VTP domain to CCNALAB.
Set the VTP version to 2.
o Set the VTP mode to Client.
 Experimentation
o Display and compare the VTP configuration information on all 3 switches.
o Connect the topology together using the diagram at the beginning of the lab.
o Telnet to S3.
o Display the VTP configuration information.
Is the domain name set? Why?
 No trunks exist between the switches so VTP doesn’t do anything.
o Configure all the links between switches to trunk mode.
o Display the interface status to confirm trunk is enabled.
o Display the VTP configuration information on S1 and S3.
Is the domain name set? Why?
 S1: Transparent mode switches ignore VTP broadcasts.
 S3: Trunks are enabled and all server and clients receive VTP updates.
However, since no VLANs exist, no VTP traffic is generated so the
domain name might not be configured yet.
www.subnet192.com 6
o Create VLAN 100 on S1.
What happens? Is it propagated to other switches?
 VLAN is created but remains local to this switch.
What happens?
 Unable to create a VLAN, client mode doesn’t allow creation.
Is it propagated to other switches? Which ones?
 Yes it is. S3 receives the update as it is in client mode.
o Display the VLAN and VTP configuration on S3 and observe what has changed.
o Enable debugging of VTP events on S3.
Attempt to perform all the tasks listed above before going through the walkthrough.
7 www.subnet192.com
Walkthrough
On S1:
Display VLAN configuration
S1#show vlan
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs

------------------------------------------------------------------------------
Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------
Display switch ports information from the running-configuration using output

modifiers to begin the display at interface FastEthernet0/1
S1#show running-config | begin interface FastEthernet0/1

interface FastEthernet0/1
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/2
switchport mode access
speed 100
duplex full
…
www.subnet192.com 8
Display the default VTP configuration information
S1#show vtp status

VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 128
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 192.168.1.5 on interface Vl1 (lowest numbered VLAN interface found)
Set all switch ports to Access mode
S1(config)#interface range fa0/1 - 24

S1(config-if-range)#switchport mode access
Set the VTP mode to Transparent
S1(config)#vtp mode transparent

Setting device to VTP TRANSPARENT mode.
On S2:
Same steps as S1.
Configure VTP
S2(config)#vtp mode server

Setting device to VTP SERVER mode.
S2(config)#vtp domain CCNALAB

S2(config)#vtp version 2
On S3:

Same steps as S1.
Set the VTP mode to Client
S3(config)#vtp mode client

Setting device to VTP CLIENT mode.
9 www.subnet192.com
Experimentation:
Display and compare the VTP configuration information on all 3 switches
S1#show vtp status

VTP Version : 2
VTP Operating Mode : Transparent
VTP Domain Name :
S2#show vtp status

VTP Version : 2
VTP Operating Mode : Server
VTP Domain Name : CCNALAB
VTP V2 Mode : Enabled
MD5 digest : 0x88 0x1F 0x98 0xBF 0xFF 0xB8 0x36 0x9B
S3#show vtp status

VTP Version : 2
VTP Operating Mode : Client
VTP Domain Name :
Configure all the links between switches to trunk mode
S1(config)#interface range fa0/2 - 3

S1(config-if-range)#switchport mode trunk
S2(config)#interface fa0/1
S2(config-if)#switchport mode trunk
www.subnet192.com 10
Display the interface status to confirm trunk is enabled
S1#show interface status
Port Name Status Vlan Duplex Speed Type

Fa0/1 notconnect 1 full 100 10/100BaseTX
Fa0/2 connected trunk full 100 10/100BaseTX
Fa0/3 connected trunk full 100 10/100BaseTX
…
Display the VTP configuration information on S1 and S3
S1#show vtp status

VTP Version : 2
VTP Operating Mode : Transparent
VTP Domain Name :
S3#show vtp status

VTP Version : 2
VTP Domain Name :
Create VLAN 100 on S1
S1(config)#VLAN 100

S3(config)#VLAN 300
VTP VLAN configuration not allowed when device is in CLIENT mode.  Unable to create!
S2(config)#vlan 200
11 www.subnet192.com
Display the VLAN and VTP configuration on S3 and observe what has changed
S3#show vlan brief

---- -------------------------------- --------- -------------------------------
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1
Gi0/2
200 VLAN0200 active  Propagated to S3 via VTP.
S3#show vtp status

VTP Version : 2
Configuration Revision : 1  1 VLAN configuration update received
VTP Domain Name : CCNALAB  VTP Domain name has been configured
VTP V2 Mode : Enabled  VTP mode has been configured
MD5 digest : 0x66 0x92 0xDF 0xDD 0xBD 0x35 0x2A 0xAE
Configuration last modified by 192.168.1.6 at 3-1-93 00:29:10  Last update received
from this switch
Enable debugging of VTP events on S3
S3#debug sw-vlan vtp events

vtp events debugging is on
Observe a few events, then disable it using:
S3#no debug all

All possible debugging has been turned off
Lab 2 – Spanning Tree Protocol (STP)
Material required: 3 switches, 1 PC, crossover and standard Ethernet cables.
Objectives
This lab will guide you in configuring STP in the lab environment.
Preparation
 Connect a crossover cables on FastEthernet ports 02 on between S2 and S3.
 Remove VLAN 100 from S1.
 Remove VLAN 200 from S2.
Tasks
 Configure ports FastEthernet 0/2 on S2 and S3 to trunk mode using the dynamic modes.
 Display the trunk interfaces information.
 Display the spanning tree information summary on all switches to identify the root.
 Display the spanning tree information details on the root bridge and the blocking switch.
 On the blocking switch, force a path change by changing the cost of the uplink to the root.
 Disconnect one of the cables going to your root bridge. Observe the spanning tree on the switch
at the other end of that cable (switching between ports, going into listening mode etc.)
 Reconnect the cable.
 Force another switch to become your primary root bridge.
 Disable spanning tree on all switches and cause a broadcast storm. Observe what happens.
 Re-enable spanning tree.
 Enable Rapid STP on all switches and verify STP summary.
 On the blocking switch, enable Spanning Tree events debugging and…
o Disable the root port interface.
o Observe STP events.
o Re-enable the root port interface.

o Observe STP events.
Attempt to perform all the tasks listed above before going through the walkthrough.
Walkthrough
Remove VLAN 100 from S1
S1(config)#no vlan 100
Remove VLAN 200 from S2
S2(config)#no vlan 200
Configure ports Fa0/2 on both switches to trunk mode using the dynamic modes
S2(config)#interface fastEthernet 0/2

S2(config)#switchport mode dynamic desirable

S3(config)#switchport mode dynamic auto
Display the trunk interfaces information
S2#show interface trunk
Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
Port Vlans allowed on trunk

Fa0/1 1-4094
Fa0/2 1-4094
Port Vlans allowed and active in management domain

Fa0/1 1
Fa0/2 1
Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1
Fa0/2 none
S3#show interface trunk
Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1
Fa0/2 auto 802.1q trunking 1
Port Vlans allowed on trunk

Fa0/1 1-4094
Fa0/2 1-4094
Port Vlans allowed and active in management domain

Fa0/1 1
Fa0/2 1
Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1
Fa0/2 1
Display the spanning tree information summary on all switches
S1#show spanning-tree
VLAN0001  Note that a spanning-tree has been defined for each VLAN (PVST)
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000a.4117.5300
This bridge is the root  This is the root bridge in my lab.
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)  Bridge ID/priority

Address 000a.4117.5300
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p  Both ports are designated ports.
Fa0/3 Desg FWD 19 128.3 P2p  No Root ports on the bridge.
VLAN0001
Address 000a.4117.5300
Cost 19
Port 1 (FastEthernet0/1)  I can reach the root through this port.
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0015.2b1c.9a40
Aging Time 300

---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p  Current port to reach the root.
Fa0/2 Altn BLK 19 128.2 P2p  Blocked alternate path.
VLAN0001
Address 000a.4117.5300
Cost 19
Port 1 (FastEthernet0/1)

Address 0013.1a2c.2700
Aging Time 300

---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p  Current port to reach the root.
Fa0/2 Desg FWD 19 128.2 P2p  Alternate path to reach the root.
Display the spanning tree information details on the root bridge and the blocking
switch
On root bridge:
S1#show spanning-tree detail
VLAN0001 is executing the ieee compatible Spanning Tree protocol

Bridge Identifier has priority 32768, sysid 1, address 000a.4117.5300
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Number of topology changes 2 last change occurred 00:14:00 ago
from FastEthernet0/3
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 1, topology change 0, notification 0, aging 300
Port 2 (FastEthernet0/2) of VLAN0001 is forwarding

Port path cost 19, Port priority 128, Port Identifier 128.2.
Designated root has priority 32769, address 000a.4117.5300
Designated bridge has priority 32769, address 000a.4117.5300
Designated port id is 128.2, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 1635, received 1

Designated port id is 128.3, designated path cost 0
On blocking switch:
VLAN0001 is executing the ieee compatible Spanning Tree protocol

Bridge Identifier has priority 32768, sysid 1, address 0015.2b1c.9a40
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32769, address 000a.4117.5300
Root port is 1 (FastEthernet0/1), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 4 last change occurred 00:00:45 ago
from FastEthernet0/2
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Designated port id is 128.2, designated path cost 0  Lower cost
Port 2 (FastEthernet0/2) of VLAN0001 is blocking

Designated bridge has priority 32769, address 0013.1a2c.2700
Designated port id is 128.2, designated path cost 19  Higher cost
On the blocking switch, force a path change by changing the cost…

S2(config-if)#spanning-tree vlan 1 cost 100
Disconnect one of the cables going to your root bridge. Observe…
S2#ping
Protocol [ip]:
Target IP address: 192.168.1.5
Repeat count [5]: 20000
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 20000, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
01:52:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state

to down
01:52:08: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to
down...............!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (1840/1856), round-trip min/avg/max = 1/3/16 ms
You can repeat the following command to see the various status of the interface:
VLAN0001
Address 000a.4117.5300
Cost 38
Port 2 (FastEthernet0/2)

Address 0015.2b1c.9a40
Aging Time 15

---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Root LIS 19 128.2 P2p

---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Root LRN 19 128.2 P2p

---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Root FWD 19 128.2 P2p
Force another switch to become your primary root bridge
S2(config)#spanning-tree vlan 1 root primary
You can then perform a show spanning-tree command to view the changes.
Disable spanning tree on all switches and cause a broadcast storm
Repeat the following steps on all switches:
S1(config)#no spanning-tree vlan 1

No spanning tree instance exists.
To cause the broadcast storm, a simple ping can do…
S1#ping 4.2.2.2
Then watch the port lights on your switch. They should start blinking non-stop. The CLI
will probably be slower to respond while this is happening. To restore everything back to
normal, repeat the following steps on all switches:
S1(config)#spanning-tree vlan 1
Enable Rapid STP on all switches and verify STP summary
Repeat on all switches…
S1(config)#spanning-tree mode rapid-pvst
S1#show spanning-tree summary

Switch is in rapid-pvst mode  Confirm Rapid PVST mode is enabled
Root bridge for: VLAN0001
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 2 2
---------------------- -------- --------- -------- ---------- ----------
1 vlan 0 0 0 2 2
On the blocking switch, enable Spanning Tree events debugging and…
S2#debug spanning-tree events

Spanning Tree event debugging is on
S2(config-if)#shutdown
12:09:04: RSTP(1): updt roles, root port Fa0/1 is going down

12:09:04: RSTP(1): Fa0/2 is now root port
12:09:06: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively
down
to down
S2(config-if)#no shutdown
S2(config-if)#
12:09:20: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
S2(config-if)#
12:09:22: RSTP(1): initializing port Fa0/1
12:09:22: RSTP(1): Fa0/1 is now designated
12:09:22: RSTP(1): transmitting a proposal on Fa0/1
12:09:22: RSTP(1): updt roles, superior bpdu on Fa0/1 (synced=0)
12:09:22: RSTP(1): Fa0/1 is now root port
12:09:22: RSTP(1): Fa0/2 blocked by re-root
12:09:22: RSTP(1): Fa0/2 not in sync
12:09:22: RSTP(1): Fa0/2 is now alternate
12:09:22: RSTP(1): synced Fa0/1
12:09:22: RSTP(1): synced Fa0/1
12:09:22: RSTP(1): transmitting an agreement on Fa0/1 as a response to a proposal
to up
S2#no debug spanning-tree events

Spanning Tree event debugging is off
Lab 3 – VLAN Routing (Router on-a-stick)
Material required: 1 switch, 1 router, 2 PC, 3 standard Ethernet cables.
Objectives
Configuring and understanding inter-VLAN routing.
Preparation
 Disconnect all Ethernet cables from S1.
 Connect R1 to port Fa0/1 on S1.
 Connect PC1 to port Fa0/4 on S1.
 Connect PC2 to port Fa0/5 on S1.
 Configure R1 and S1 using the scripts in appendix 2.
 Prepare two computers using the following configurations.
o Both: 100mbps/full duplex
o PC1: IP address: 10.1.0.5/24, Gateway: 10.1.0.1
PC2: IP address: 10.2.0.5/24, Gateway: 10.2.0.1
Tasks
 On S1, perform the following tasks
o Create VLAN 10, with a description of “Students” and assign port Fa0/4 to it.
o Create VLAN 20, with a description of “Faculty” and assign port Fa0/5 to it.
o Configure port Fa0/1 to forward VLAN information to the router.
 On R1, perform the following tasks
o Create a sub-interface named Fa0/0.10, that is part of VLAN 10.
o Set the sub-interface IP address to 10.1.0.1/24
o Create a sub-interface named Fa0/0.20, that is part of VLAN 20.
o Set the sub-interface IP address to 10.2.0.1/24
o Verify the VLAN configurations summary

o Enable RIPv2 as the routing protocol
o Enable the route
 On either PC, test the connectivity using Ping and Tracert.
Walkthrough
On S1, perform the following tasks…
S1(config)#vlan 10
S1(config-vlan)#name Students
S1(config-vlan)#vlan 20
S1(config-vlan)#name Faculty
S1(config-vlan)#exit
S1(config-if)#switchport access vlan 10
S1(config-if)#interface fastEthernet 0/5
S1(config-if)#switchport access vlan 20
S1(config-if)#exit
S1(config-if)#^Z
S1#show vlan brief

---- -------------------------------- --------- -------------------------------
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
10 Students active Fa0/4
20 Faculty active Fa0/5
On R1, perform the following tasks
R1(config)#interface fastEthernet 0/0.10

R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 10.1.0.1 255.255.255.0
R1(config-subif)#interface fastEthernet 0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/0.10 10.1.0.1 YES manual up up
FastEthernet0/0.20 10.2.0.1 YES manual up up
Serial0/0 unassigned YES unset administratively down down
Serial0/1 unassigned YES unset administratively down down
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 10.0.0.0
R1(config-router)#^Z
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets

C 10.2.0.0 is directly connected, FastEthernet0/0.20
C 10.1.0.0 is directly connected, FastEthernet0/0.10
C 192.168.1.0/24 is directly connected, FastEthernet0/0
You are now able to ping from any VLAN to any device on the network (VLAN1, 10 or 20).
From PC1 (VLAN 10) to PC2 (VLAN 20)
From PC1 (VLAN 10) to S1 (VLAN 1)

Lab 4 – Routing Protocols
Material required: 3 switches, 3 routers, 3 DCE-DTE Smart Serial cables, 3 standard Ethernet cables.
OSPF
Objectives
This lab simulates the connection of three different sites with different subnets using OSPF.
Preparation
 Connect the DCE end of each cable to the Serial0 interface, and the DTE end to Serial1 of the
neighbor router.
 Connect a standard Ethernet cable from Ethernet0 on each router to Port Fa0/1 on each switch.
 Configure the switches and routers using the scripts in Appendix 3.
Tasks
 Complete the following table:
R1 R2 R3 R1-R2 R2-R3 R3-R1 S1 S2 S3

Fa0/0 Fa0/0 Fa0/0 Serial Link Serial Link Serial Link VLAN1 VLAN1 VLAN1
Subnet 10.0.0.0 172.16.5.0 192.168.0.0 10.50.0.0 10.50.0.0 10.50.0.0 10.0.0.0 172.16.0.0 192.168.0.0
Number of hosts 450 75 35 2 2 2 - - -
Subnet Mask bits
IP Address
o Use the first address in each subnet for the router and the last for the switch.
o For the serial links, use the first subnet for R1-R2, the 2nd for R2-R3 and the 3rd for R3-R1.
 Configure the addresses on all interfaces and enable all links, set the clock rates to 64000.
 Verify all links to ensure connectivity between all components.
 Enable OSPF routing using the router number as process ID and enable all routes (summarize if
possible).
 From each router, ping all VLAN interface IPs to verify connectivity.
 Display the protocol information on R3 to confirm published routes and routing protocol used.
 Display the routing table for R2.
 Display the OSPF neighbor list on R2.
 Display the OSPF database on R2.
Walkthrough
Complete the following table…
R1 R2 R3 R1-R2 R2-R3 R3-R1 S1 S2 S3

Fa0/0 Fa0/0 Fa0/0 Serial Link Serial Link Serial Link VLAN1 VLAN1 VLAN1
Subnet 10.0.0.0 172.16.5.0 192.168.0.0 10.50.0.0 10.50.0.0 10.50.0.0 10.0.0.0 172.16.0.0 192.168.0.0
Number of hosts 450 75 35 2 2 2 - - -
Subnet Mask bits 23 25 26 30 30 30 23 25 26
IP Address 10.0.0.1 172.16.5.1 192.168.0.1 10.50.0.1 10.50.0.5 10.50.0.9 10.0.1.254 172.16.5.126 192.168.0.62
10.50.0.2 10.50.0.6 10.50.0.10
Configure the addresses on all interfaces and enable all links
S1(config)#interface vlan 1
S1(config-if)#ip address 10.0.1.254 255.255.254.0
S1(config-if)#exit
S1(config)#ip default-gateway 10.0.0.1
S2(config-if)#exit
S3(config-if)#exit
R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 10.0.0.1 255.255.254.0
R1(config-if)#no shutdown


R1(config)#interface serial 0/0

R1(config-if)#clock rate 64000
R1(config-if)#interface serial 0/1






Verify all links to ensure connectivity between all components
To do so, you can either ping from each end, or use CDP to ensure devices are seen.
R3#ping 192.168.0.62

!!!!!
R1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID

R2.subnet192.com Ser 0/0 151 R S I Cisco 2620Ser 0/1
R3.subnet192.com Ser 0/1 132 R S I Cisco 2620Ser 0/0
S1.subnet192.com Fas 0/0 127 S I WS-C2950-2Fas 0/1
Enable OSPF routing using the router number as process ID and enable all routes…
R1(config-router)#router ospf 0
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0


From each router, ping all VLAN interface IPs to verify connectivity
From each router, ping the 3 IP addresses that were configured on the switches. Successful pings will
confirm that all sub networks are accessible from everywhere.
R3#ping 192.168.0.62
R3#ping 10.0.1.254
R3#ping 172.16.5.126

!!!!!
Display the protocol information on R3 to confirm published routes…
R3#show ip protocols
Routing Protocol is "ospf 3"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 192.168.0.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.50.0.0 0.0.255.255 area 0
192.168.0.0 0.0.255.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
10.50.0.10 110 00:07:43
172.16.5.1 110 00:07:43
Distance: (default is 110)
Display the routing table on R2
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

C 172.16.5.0 is directly connected, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.0.0.0/23 [110/65] via 10.50.0.1, 00:10:25, Serial0/1  OSPF learned route
O 10.50.0.8/30 [110/128] via 10.50.0.6, 00:10:25, Serial0/0  OSPF learned route
[110/128] via 10.50.0.1, 00:10:25, Serial0/1
C 10.50.0.0/30 is directly connected, Serial0/1
O 192.168.0.0 [110/65] via 10.50.0.6, 00:10:26, Serial0/0  OSPF learned route
Display the OSPF neighbor list on R2
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface

10.50.0.10 0 FULL/ - 00:00:34 10.50.0.1 Serial0/1
192.168.0.1 0 FULL/ - 00:00:35 10.50.0.6 Serial0/0
Display the OSPF database on R2

R2#show ip ospf database
OSPF Router with ID (172.16.5.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count

10.50.0.10 10.50.0.10 77 0x80000001 0x00F241 5
172.16.5.1 172.16.5.1 76 0x80000003 0x0087FC 5
192.168.0.1 192.168.0.1 77 0x80000005 0x001FC3 5
EIGRP
Objectives
This lab simulates the connection of three different sites with different subnets using EIGRP.
Preparation
 The topology configured for the OSPF section will be used. No changes required.
Tasks
 Disable OSPF on all routers.
 Enable EIGRP using ASN 1.
 Enable all routes.
 Display the routing table on R2.
 Display the protocol information on R3.
 Display the neighbors list on R2.
 From each router, ping all VLAN interface IPs to verify connectivity.
Walkthrough
Disable OSPF on all routers
R1(config)#no router ospf 1

Enable EIGRP using ASN 1
R1(config)#router eigrp 1
Enable all routes
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

D 172.16.0.0/16 is a summary, 00:00:42, Null0  EIGRP learned route
D 10.0.0.0/23 [90/2172416] via 10.50.0.1, 00:00:40, Serial0/1 EIGRP learned route
D 10.0.0.0/8 is a summary, 00:00:42, Null0  Auto summarized route
[90/2681856] via 10.50.0.1, 00:00:40, Serial0/1
Display the protocol information on R3
R3#show ip protocols
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 1
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is in effect
Automatic address summarization:
192.168.0.0/24 for Serial0/0, Serial0/1
Summarizing with metric 28160
10.0.0.0/8 for FastEthernet0/0
Summarizing with metric 2169856
Maximum path: 4
Routing for Networks:
10.0.0.0
192.168.0.0
Routing Information Sources:
(this router) 90 00:29:36
10.50.0.10 90 00:01:40
10.50.0.5 90 00:01:40
Distance: internal 90 external 170
Display the neighbors list on R2
R2#show ip eigrp neighbors

IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.50.0.1 Se0/1 14 00:00:24 26 200 0 5
0 10.50.0.6 Se0/0 12 00:00:35 25 200 0 9
From each router, ping all VLAN interface IPs to verify connectivity
From each router, ping the 3 IP addresses that were configured on the switches. Successful pings will
confirm that all sub networks are accessible from everywhere.
R3#ping 192.168.0.62
R3#ping 10.0.1.254
…
R3#ping 172.16.5.126

!!!!!
Lab 5 – WAN
Material required: 4 routers, 2 switches, 1 PC, 3 DCE-DTE Serial to Smart Serial cables, 4 standard
Ethernet cables.
Ethernet R1 R2 R3 PC S1 S2
Local IP 10.1.0.1/24 10.2.0.1/24 5.1.1.1/24 10.1.0.5/24 10.1.0.2/24 10.2.0.2/24
Addresses
WAN IP 10.100.0.2 10.200.0.2 10.100.0.1 - - -
Addresses 10.200.0.1
Configuring a hub and spoke topology using Frame Relay

Objectives
Configuring and understanding frame relay topologies. This is a hub and spoke topology, where R3 is the
hub (head office) and R1/R2 are spoke routers (branch offices).
Preparation
 R4 requires the installation of an NM4/S or equivalent serial interface.
NOTE: In my hardware recommendations at the beginning of the document, I recommend 3

routers only, which is enough for the certification. In my case, I went with 4, the fourth being
a 2610 which I used in this lab as the Frame Relay switch (R4). If you do not have a fourth
router, simply remove R2 and S2 from the topology.
 Connect the Serial to Smart Serial cables from R4 Serial 0, 1 and 2 to Smart Serial 0/0 of routers
R1, R2 and R3.
 Connect a standard Ethernet cable from FastEthernet0 on R1 and R2 to Port Fa0/1 on each
switch.
 If available, connect your internet link to the FastEthernet0 port on R3.
 Configure the switches and routers using the scripts in Appendix 4.
Tasks
 First we will configure the Frame Relay switch (FRSwitch).
o Enable Frame Relay switching.
o Configure the serial interfaces.
Enable encapsulation.
Configure the port as a DCE.
Configure the DLCI routes using the following table
 R3 uses DLCI 301 to reach R1 and 302 to reach R2.
 R1 uses DLCI 123 to reach R2 and R3.
 R2 uses DLCI 213 to reach R1 and R3.
 Configure the hub router, using a point-to-point configuration.
 Configure the spoke routers.
 Display the Serial 0/0 interface information on R1.
 Display the frame relay DLCI to Serial interface mappings on R1.
 Display the LMI status information on R1.
 Verify connectivity from the hub to the spokes.
 Display the frame relay routes on FRSwitch.
 Display the PVC statistics on FRSwitch.
 Enable EIGRP routing on all routers.
 Display the routing table on R1.
 Verify connectivity from S1 to all IP addresses on the network.
Walkthrough
Enable Frame Relay switching
FRSwitch(config)#frame-relay switching
Configure the serial interfaces
Link to R1 (Spoke)
FRSwitch(config)#interface serial 1/0
FRSwitch(config-if)#encapsulation frame-relay
FRSwitch(config-if)#frame-relay intf-type dce
FRSwitch(config-if)#clock rate 56000
FRSwitch(config-if)#frame-relay route 123 interface serial 1/2 301
FRSwitch(config-if)#no shutdown
Link to R2 (Spoke)
Link to R3 (Hub)
FRSwitch(config-if)#^Z
Configure the hub router

R3(config)#no shutdown
R3(config-if)#encapsulation frame-relay
R3(config-if)#interface serial 0/0.1 point-to-point
R3(config-subif)#frame-relay interface-dlci 301
R3(config-fr-dlci)#exit
R3(config-if)#interface serial 0/0.2 point-to-point
R3(config-subif)#frame-relay interface-dlci 302

R3(config-fr-dlci)#^Z
Configure the spoke routers

R1(config-if)#encapsultion frame-relay
R1(config-if)#frame-relay interface-dlci 123

R2(config-if)#encapsultion frame-relay
R2(config-if)#frame-relay interface-dlci 213
Display the Serial 0/0 information on R1
R1#show interfaces serial 0/0

Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 10.100.0.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, loopback not set  Frame Relay encapsulation
Keepalive set (10 sec)
LMI enq sent 317, LMI stat recvd 318, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE  LMI DLCI and type, DCE/DTE status
Broadcast queue 0/64, broadcasts sent/dropped 27/0, interface broadcasts 13
Last input 00:00:00, output 00:00:06, output hang never
Last clearing of "show interface" counters 00:53:16
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
557 packets input, 37126 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
397 packets output, 10653 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Display the frame relay DLCI to Serial interface mappings on R1
R1#show frame-relay map

Serial0/0 (up): ip 0.0.0.0 dlci 123(0x7B,0x1CB0)  DLCI for this Serial interface
broadcast,
CISCO, status defined, active

Serial0/0 (up): ip 10.100.0.1 dlci 123(0x7B,0x1CB0), dynamic,
broadcast,, status defined, active
Display the LMI status information on R1
R1#show frame-relay lmi
LMI Statistics for interface Serial0/0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 405 Num Status msgs Rcvd 406
Num Update Status Rcvd 0 Num Status Timeouts 0
Verify connectivity from the hub to the spokes
R3#ping 10.100.0.2

!!!!!
R3#ping 10.200.0.2

!!!!!
Display the frame relay routes on FRSwitch
FRSwitch#show frame-relay route

Input Intf Input Dlci Output Intf Output Dlci Status
Serial1/0 123 Serial1/2 301 active
Display the PVC statistics on FRSwitch
FRSwitch#show frame-relay pvc
PVC Statistics for interface Serial1/0 (Frame Relay DCE)
Active Inactive Deleted Static

Local 0 0 0 0
Switched 1 0 0 0
Unused 0 0 0 0
DLCI = 123, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial1/0
input pkts 21 output pkts 59 in bytes 2114

out bytes 15648 dropped pkts 1 in FECN pkts 0

in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 21
pvc create time 01:05:51, last time pvc status changed 00:36:57
Enable EIGRP on all routers
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

D 10.2.0.0/24 [90/2684416] via 10.100.0.1, 00:16:58, Serial0/0
D 10.200.0.0/24 [90/2681856] via 10.100.0.1, 00:16:58, Serial0/0
Verify connectivity from S1 to all IP addresses on the network
S1#ping 10.1.0.1

!!!!!
S1#ping 10.200.0.1

!!!!!
S1#ping 10.200.0.2

!!!!!
And so on…
Lab 6 – Access Lists
Objectives
Configuring and understanding access lists and their various applications.
Preparation
 This lab uses the WAN topology from Lab 5.
Tasks
Configure and apply the following access lists at the appropriate location, then test the configuration.
Standard Access Lists (use the first access list number available)
 Prevent only the PC from accessing the network where S2 is located. Allow access everywhere
else.
o Verify the access lists to see if they were the ones preventing access.
 Allow only S2 to telnet into R1.
Extended Access Lists (use the first access list number available)
 Prevent pings to the FastEthernet interface 0/0 on R3 from the PC.
Named Access Lists
 Prevent the PC’s subnet from reaching the web management page on R2. Allow all other traffic.
 Add a new rule to also prevent the PC exclusively from using telnet outside its subnet.
 Review the running configuration to see the configured access lists on R1.
Walkthrough
Standard Access Lists
Prevent only the PC from accessing the network where S2 is located. Allow access
everywhere else.
R2#configure terminal
R2(config)#access-list 1 deny host 10.1.0.5
R2(config)#access-list 1 permit any
R2(config)#ip access-group 1 out
Standard access lists should be applied closest to the destination, thus the outbound port of the router
connected to the subnet to block.
Test from the PC.
C:\>ping 10.2.0.2
Pinging 10.2.0.2 with 32 bytes of data:

Reply from 10.200.0.2: Destination net unreachable.
Ping statistics for 10.2.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
C:\>
Verify if the access lists were the ones preventing access.
R2#show access-lists
Standard IP access list 1
10 deny 10.1.0.5 (8 matches)  shows that this rule was “hit” 8 times.
10 permit any (5 matches)  shows that this rule was “hit” 5 times.
Allow only S2 to telnet into R1.
R1(config)#access-list 1 permit 10.2.0.2
R1(config)#line vty 0 4
R1(config-line)#access-class 1 in
R1(config-line)#^Z
Test using telnet from any device (except S2).
The remote system refused the connection.
Test using telnet from S2.
S2#telnet 10.1.0.1
Trying 10.1.0.1 ... Open
User Access Verification

Password:
Extended Access Lists
Prevent pings to the FastEthernet interface 0/0 on R3 from the PC.
R1(config)#access-list 100 deny icmp host 10.1.0.5 host 5.1.1.1 echo
R1(config)#access-list 100 permit ip any any
R1(config)#interface fastethernet 0/0
R1(config-if)#ip access-group 100 in
R1(config-if)#^Z
Extended access lists should be applied closest to the source, thus the inbound port of the router
connected to the subnet to block.
Test from the PC
C:\>ping 5.1.1.1
Pinging 5.1.1.1 with 32 bytes of data:

Ping statistics for 5.1.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
C:\>
Verify if the access lists were the ones preventing access.
10 permit 10.2.0.2 (8 matches)  Standard access list is still present
Extended IP access list 100
10 deny icmp host 10.1.0.5 host 5.1.1.1 echo (8 matches)  New rule blocking pings
20 permit ip any any
Named Access Lists
Prevent the PC’s subnet from reaching the web management page on R2. Allow
all other traffic.
R1(config)#ip access-list extended NOWEB
R1(config-ext-nacl)#deny tcp any 10.2.0.1 0.0.0.0 eq 80
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#interface fastethernet 0/0
R1(config-if)#ip access-group NOWEB in
R1(config-if)#^Z
You can test by opening a web browser on the PC and trying to access http://10.2.0.1
Add a new rule to also prevent the PC exclusively from using telnet outside its
subnet.
R1(config)#ip access-list extended NOWEB

R1(config-ext-nacl)#15 deny tcp 10.1.0.5 0.0.0.0 any eq 23
R1(config-ext-nacl)#^Z
10 permit 10.2.0.2 (8 matches)
Extended IP access list 100
10 deny icmp host 10.1.0.5 host 5.1.1.1 echo (8 matches)
Extended IP access list NOWEB
10 deny tcp any host 10.2.0.1 eq www
15 deny tcp host 10.1.0.5 any eq telnet
R1#show running-config
Building configuration...
<OUTPUT EDITED>
Current configuration : 1385 bytes

!
version 12.4
!
hostname R1
!
ip http server
no ip http secure-server
!
ip access-list extended NOWEB
deny tcp any host 10.2.0.1 eq www
deny tcp host 10.1.0.5 any eq telnet
permit ip any any
access-list 1 permit 10.2.0.2
access-list 100 deny icmp host 10.1.0.5 host 5.1.1.1 echo
access-list 100 permit ip any any
Lab 7 – Network Address Translation (NAT/PAT)
Material required: 2 routers, 1 switch, 1 PC, 1 DCE-DTE Serial to Smart Serial cables, 2 standard Ethernet
cables.
Objectives
Understanding network/port address translation.
Preparation
 Connect the DCE end of each cable to the Serial0 interface, and the DTE end to Serial0 of the
neighbor router.
 Connect a standard Ethernet cable from Ethernet0 on R1 to Port Fa0/1 on S1.
 Connect a standard Ethernet cable from the PC’s Ethernet adapter to Port Fa0/2 on S1.
 Configure the switch and router using the scripts in Appendix 5.
Tasks
 You have been assigned 6 public addresses in the 24.101.12.8/29 subnet.
o Configure Network Address Translation to allow up to 6 connections to the internet.
o Test by pinging 172.16.1.1 from the PC
o Test by pinging 172.16.1.1 from S1
o Review the translation table on R1
 You have been assigned the single public address 200.1.1.18/30 (configured on R1 S0/0).
o Remove the commands from NAT that shouldn’t be there.
o Configure Port Address Translation to share the single IP address.
o Test by pinging 172.16.1.1 from the PC
o Test by pinging 172.16.1.1 from S1
o Review the translation table on R1
Walkthrough
Configure NAT to allow up to 6 connections to the internet.
R1(config)#ip nat pool PUBLIC-ACCESS 24.101.12.9 24.101.12.14 netmask 255.255.255.248
R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255
R1(config)#ip nat inside source list 1 pool PUBLIC-ACCESS
R1(config)#ip nat inside
R1(config)#ip nat outside
Review the translation table on R1
R1#show ip nat translations

Pro Inside global Inside local Outside local Outside global
icmp 24.101.12.9:26 192.168.0.100:26 172.16.1.1:26 172.16.1.1:26
icmp 24.101.12.9:27 192.168.0.100:27 172.16.1.1:27 172.16.1.1:27
icmp 24.101.12.9:28 192.168.0.100:28 172.16.1.1:28 172.16.1.1:28
icmp 24.101.12.9:29 192.168.0.100:29 172.16.1.1:29 172.16.1.1:29
icmp 24.101.12.10:12 192.168.0.2:12 172.16.1.1:12 172.16.1.1:12
icmp 24.101.12.10:13 192.168.0.2:13 172.16.1.1:13 172.16.1.1:13
icmp 24.101.12.10:14 192.168.0.2:14 172.16.1.1:14 172.16.1.1:14
icmp 24.101.12.10:15 192.168.0.2:15 172.16.1.1:15 172.16.1.1:15
One mapping to one device (up to 6 devices).
Remove the commands from NAT that shouldn’t be there.
R1(config)#no ip nat inside source list 1 pool PUBLIC-ACCESS
R1(config)#no ip nat pool PUBLIC-ACCESS 24.101.12.9 24.101.12.14 netmask 255.255.255.248
Configure PAT to share the single IP address.
R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255

R1(config)#ip nat inside source list 1 interface serial 0/0 overload
R1(config)#ip nat inside
R1(config)#ip nat outside
Review the translation table on R1
R1#show ip nat translations

Pro Inside global Inside local Outside local Outside global
icmp 200.1.1.18:34 192.168.0.100:34 172.16.1.1:34 172.16.1.1:34
icmp 200.1.1.18:35 192.168.0.100:35 172.16.1.1:35 172.16.1.1:35
icmp 200.1.1.18:36 192.168.0.100:36 172.16.1.1:36 172.16.1.1:36

icmp 200.1.1.18:37 192.168.0.100:37 172.16.1.1:37 172.16.1.1:37
icmp 200.1.1.18:26 192.168.0.2:26 172.16.1.1:26 172.16.1.1:26
icmp 200.1.1.18:27 192.168.0.2:27 172.16.1.1:27 172.16.1.1:27
icmp 200.1.1.18:28 192.168.0.2:28 172.16.1.1:28 172.16.1.1:28
icmp 200.1.1.18:29 192.168.0.2:29 172.16.1.1:29 172.16.1.1:29
icmp 200.1.1.18:30 192.168.0.2:30 172.16.1.1:30 172.16.1.1:30
One mapping to many devices using different ports.
Appendix 1
Lab 1 Switch configurations

Using a rollover cable, connect to the console port and perform a factory default reset on all switches.
Disconnect all Ethernet cables until all resets have been completed to prevent propagation of certain
parameters.
Switch>enable
Switch#write erase
Switch#delete flash:vlan.dat
Switch#reload
Paste the following script in the CLI on each switch to configure it. Edit to fit your specifications (# of
ports etc.)
Switch 1 (S1) Switch 2 (S2) Switch 3 (S3)

enable enable enable
configure terminal configure terminal configure terminal
hostname S1 hostname S2 hostname S3
service password-encryption service password-encryption service password-encryption
alias exec save copy run start alias exec save copy run start alias exec save copy run start
ip default-gateway 192.168.1.1 ip default-gateway 192.168.1.1 ip default-gateway 192.168.1.1
enable secret ciscosecret enable secret ciscosecret enable secret ciscosecret
ip domain-name subnet192.com ip domain-name subnet192.com ip domain-name subnet192.com
interface range fa0/1 - 24 interface range fa0/1 - 12 interface range fa0/1 - 24
speed 100 speed 100 speed 100
duplex full duplex full duplex full
exit exit exit
interface vlan 1 interface vlan 1 interface vlan 1
ip address 192.168.1.5 255.255.255.0 ip address 192.168.1.6 255.255.255.0 ip address 192.168.1.7 255.255.255.0
no shutdown no shutdown no shutdown
exit exit exit
line con 0 line con 0 line con 0
no exec-timeout no exec-timeout no exec-timeout
password cisco password cisco password cisco
logging synchronous logging synchronous logging synchronous
line vty 0 4 line vty 0 4 line vty 0 4
password remote password remote password remote
login login login
transport input telnet transport input telnet transport input telnet
end end end
save save save
<press enter to save> <press enter to save> <press enter to save>

Appendix 2
Lab 3 Router and switch configurations

Using a rollover cable, connect to the console port and perform a factory default reset on each device.
Router>enable
Router#write erase
Router#reload
Switch>enable
Switch#write erase
Switch#reload
Paste the following scripts in the CLI on the router and switch to reconfigure them.
Router 1 (R1) Switch 1 (S1)

enable enable
configure terminal configure terminal
hostname R1 hostname S1
service password-encryption service password-encryption
alias exec save copy run start alias exec save copy run start
enable secret ciscosecret ip default-gateway 192.168.1.1
ip domain-name subnet192.com enable secret ciscosecret
interface fa0/0 ip domain-name subnet192.com
ip address 192.168.1.1 255.255.255.0 interface range fa0/1 - 24
speed 100 speed 100
duplex full duplex full
no shutdown exit
exit interface vlan 1
line con 0 ip address 192.168.1.5 255.255.255.0
no exec-timeout no shutdown
password cisco exit
logging synchronous line con 0
line vty 0 4 no exec-timeout
no exec-timeout password cisco
password remote logging synchronous
login line vty 0 4
transport input telnet no exec-timeout
line vty 5 15 password remote
no exec-timeout login
password remote transport input telnet
transport input telnet line vty 5 15
end no exec-timeout
save password remote
transport input telnet
<press enter to save> end
save
<press enter to save>
Appendix 3
Lab 4 Device configurations

Router>enable
Router#write erase
Router#reload
Switch>enable
Switch#write erase
Switch#reload
Switch 1 (S1) Switch 2 (S2) Switch 3 (S3)

hostname S1 hostname S2 hostname S3
interface range fa0/1 - 24 interface range fa0/1 - 12 interface range fa0/1 - 24
exit exit exit
login login login
end end end
save save save
Router 1 (R1) Router 2 (R2) Router 3 (R3)

hostname R1 hostname R2 hostname R3
interface fa0/0 interface fa0/0 interface fa0/0
exit exit exit
login login login

end end end
save save save
Appendix 4
Lab 5 Device configurations

Router>enable
Router#write erase
Router#reload
Switch>enable
Switch#write erase
Switch#reload
Switch 1 (S1) Switch 2 (S2) Router 4 (FRSwitch)

enable enable Enable
hostname S1 hostname S2 hostname FRSwitch
ip default-gateway 10.1.0.1 ip default-gateway 10.2.0.1 line con 0
interface vlan 1 interface vlan 1 no exec-timeout
ip address 10.1.0.2 255.255.255.0 ip address 10.2.0.2 255.255.255.0 password cisco
no shutdown no shutdown logging synchronous
interface range fa0/1 - 24 interface range fa0/1 - 12 line vty 0 4
speed 100 speed 100 no exec-timeout
duplex full duplex full password remote
exit exit login
line con 0 line con 0 transport input telnet
no exec-timeout no exec-timeout end
password cisco password cisco save
logging synchronous logging synchronous
line vty 0 4 line vty 0 4 <press enter to save>
no exec-timeout no exec-timeout
password remote password remote
login login
transport input telnet transport input telnet
line vty 5 15 line vty 5 15
no exec-timeout no exec-timeout
password remote password remote
transport input telnet transport input telnet
end end
save save
<press enter to save> <press enter to save>
Router 1 (R1) Router 2 (R2) Router 3 (R3)

hostname R1 hostname R2 hostname R3
interface fa0/0 interface fa0/0 interface fa0/0
ip address 10.1.0.1 255.255.255.0 ip address 10.2.0.1 255.255.255.0 ip address 5.1.1.1 255.255.255.0
no shutdown no shutdown no shutdown
exit exit exit

login login login
end end end
save save save
Appendix 5
Lab 7 Routers and switch configurations

Router>enable
Router#write erase
Router#reload
Switch>enable
Switch#write erase
Switch#reload
Router 1 (R1) Router 2 (ISP) Switch 1 (S1)

Enable enable enable
hostname R1 hostname ISP hostname S1
enable secret ciscosecret enable secret ciscosecret ip default-gateway 192.168.0.1
ip domain-name subnet192.com ip domain-name internet.com enable secret ciscosecret
interface fa0/0 interface s0/0 ip domain-name subnet192.com
ip address 192.168.0.1 255.255.255.0 ip address 200.1.1.17 255.255.255.252 interface range fa0/1 - 24
speed 100 clock rate 64000 speed 100
duplex full no shutdown duplex full
no shutdown interface loopback 1 exit
interface s0/0 ip address 172.16.1.1 255.255.255.255 interface vlan 1
ip address 200.1.1.18 255.255.255.252 exit ip address 192.168.0.2 255.255.255.0
clock rate 64000 ip route 24.101.12.8 255.255.255.248 200.1.1.18 no shutdown
no shutdown line con 0 exit
exit no exec-timeout line con 0
ip route 0.0.0.0 0.0.0.0 200.1.1.17 password cisco no exec-timeout
line con 0 logging synchronous password cisco
no exec-timeout line vty 0 4 logging synchronous
password cisco no exec-timeout line vty 0 4
logging synchronous password remote no exec-timeout
line vty 0 4 login password remote
no exec-timeout transport input telnet login
password remote line vty 5 15 transport input telnet
login no exec-timeout line vty 5 15
transport input telnet password remote no exec-timeout
line vty 5 15 transport input telnet password remote
no exec-timeout end transport input telnet
password remote save end
transport input telnet save
end <press enter to save>
save <press enter to save>
<press enter to save>
PC
IP: 192.168.0.100
Mask: 255.255.255.0
Gateway: 192.168.0.1
Speed : 100
Duplex: Full
References & Resources
Cisco official certification information
http://www.cisco.com/web/learning/le3/learning_career_certifications_and_learning_paths_home.html
The Cisco Learning Network

https://learningnetwork.cisco.com/index.jspa?ciscoHome=true
Cisco Feature Navigator

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
Wendell Odom’s CertSkills

http://www.certskills.com/
Software
Dynagen/Dynamips Cisco emulator
http://dynagen.org/
Tera Term terminal emulator

http://en.sourceforge.jp/projects/ttssh2/
TFTPD32 TFTP server

http://tftpd32.jounin.net/
Special thanks…
To my wife Luz and my son Ian, for understanding my passion for technology; and to all of you who went
through this whole guide and thought…
“Wow! What a great guide, I can pass this exam easily now! This guy rocks!” 
… and then went to Paypal and sent in a donation to marc@subnet192.com to thank me for all my hard
work.
Good luck with the exam!
Marc Bouchard
http://www.subnet192.com

Cisco ICND2 Lab Guide v1.1

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Cisco ICND2 Lab Guide v1.1

Încărcat de

Drepturi de autor:

Formate disponibile

Cisco CCNA/ICND2 Lab Guide

Covers all topics for the ICND2 exam

© 2011 Marc Bouchard

Recommended training material

 CBT Nuggets ICND2 training by Jeremy Cioara.

Recommended lab equipment

3 Cisco 2950 series switches

3 Cisco 2620XM 128/45 series routers

3 WIC-2T serial interfaces

3 DCE/DTE Smart Serial cables (for the WIC-2T to WIC-2T connections)

1 NM-4A/S serial interface

3 Serial to Smart Serial cables (for the NM-4A/S to WIC-2T connections)

Cisco CCNA Lab Guide

Display VLAN configuration

VLAN Name Status Ports

Remote SPAN VLANs

Primary Secondary Type Ports

Display switch ports information from the running-configuration using output

S1#show running-config | begin interface FastEthernet0/1

S1#show vtp status

Set all switch ports to Access mode

S1(config)#interface range fa0/1 - 24

Set the VTP mode to Transparent

S1(config)#vtp mode transparent

Set all switch ports to Access mode

Same steps as S1.

S2(config)#vtp mode server

S2(config)#vtp domain CCNALAB

Set all switch ports to Access mode

Same steps as S1.

Set the VTP mode to Client

S3(config)#vtp mode client

Display and compare the VTP configuration information on all 3 switches

S1#show vtp status

S2#show vtp status

S3#show vtp status

Configure all the links between switches to trunk mode

S1(config)#interface range fa0/2 - 3

S1#show interface status

Port Name Status Vlan Duplex Speed Type

Display the VTP configuration information on S1 and S3

S1#show vtp status

S3#show vtp status

Create VLAN 100 on S1

Create VLAN 300 on S3

Create VLAN 200 on S2

S3#show vlan brief

VLAN Name Status Ports

S3#show vtp status

Enable debugging of VTP events on S3

S3#debug sw-vlan vtp events

Observe a few events, then disable it using:

S3#no debug all

Cisco CCNA Lab Guide

o Re-enable the root port interface.

Remove VLAN 100 from S1

S1(config)#no vlan 100

Remove VLAN 200 from S2

S2(config)#no vlan 200

S2(config)#interface fastEthernet 0/2

S3(config)#interface fastEthernet 0/2

Display the trunk interfaces information

S2#show interface trunk