En DCompNtwk ILM 40

This document is exclusive property of Cisco Systems, Inc.
Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Discovery Designing and Supporting Computer Networks course as part of an official Cisco Networking Academy.
CCNA Discovery
Designing and Supporting Computer Networks
FilmCompany Background
This course uses the fictional FilmCompany expansion story to provide context and real-world examples within most of the lab activities. FilmCompany is a film and video development company that recently purchased another video company. FilmCompany recently purchased AnyCompany, a smaller video firm with production expertise in sports videos. FilmCompany needed the additional staff and facilities to support a new contract with the StadiumCompany. The two branches of the FilmCompany are located in the same office park. A LAN interconnects the networks. Most of the production personnel have been consolidated in the original FilmCompany branch office, located in Building F. The web team is also located in this building. The majority of the administration, sales, and management functions are supported in the original AnyCompany office located in Building A. When adjacent office space becomes available, these groups will be consolidated.
Note: The scope of this case study is the network design for the original FilmCompany branch office. This branch is referred to as the FilmCompany in this case study. The network for the entire FilmCompany is referred to as the FilmCompany enterprise network. The two groups are of the FilmCompany are initially in separate buildings. After office space is available, these groups will be consolidated.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 7
CCNA Discovery Designing and Supporting Computer Networks
FilmCompany Floor Plans
FilmCompany Background
FilmCompany has just been awarded a substantial video support contract by the StadiumCompany, resulting in a business growth of around 70 percent. FilmCompany will film events and provide video services to the stadium customers. The video services include live feeds and pre-recorded videos available from a web server. When the next sports season starts, five to eight FilmCompany people will be at the stadium for each event. FilmCompany will manage all of the video services and provide immediate support when there are problems. StadiumCompany management expects FilmCompany to manage the video stored on the StadiumCompany server. Video needs to be available as both live and recorded feeds from the StadiumCompany website. StadiumCompany also wants FilmCompany to manage all of the video services and to provide immediate support when there are problems. Timely support is essential because if the video services are not available during a sporting event or concert, the stadium can lose revenue and customer confidence.
All contents are Copyright 19922007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 7
FilmCompany is concerned about the ability of the existing Internet link to the stadium to provide reliable communications of media content back to the production suites in Building A. The FilmCompany IT staff is also concerned about whether its internal network is able to support high-volume, real-time video delivery or the types of services that the stadium requires. FilmCompany believes it may need to upgrade its network. FilmCompany thinks that the preferred way to support the stadium may be to connect directly to the stadium network to transfer files, monitor video performance, and manage the video in real time. StadiumCompany indicates to FilmCompany that the stadium network is going through a redesign process to update it and to improve and increase customer service. FilmCompany meets with NetworkingCompany, the company who is developing the new network design for StadiumCompany, and decides to work with them for their network redesign. As a member of the network design team for NetworkingCompany, you will investigate the existing network of FilmCompany. You will plan, design, and prototype the upgrades necessary to enable the branch to support this growth in business.
Interview with FilmCompany on Current and Future Organization

The following transcript is from your interview with the FilmCompany branch manager, Kevin Lim. Kevin Lim: I am the branch manager of FilmCompany. I am very glad that we have hired you to help us plan and design our network upgrade. Our recent contract with the sports stadium requires a significant upgrade to our capabilities. I understand that you have already been supplied with a list of our current staff and information about the network. You: It is nice to meet you, Kevin. We are looking forward to working on this project. Yes, I have information about your current staff and network. We will be reviewing the current network to define a baseline of its performance as a metric on which to design the upgrade. There are some details we should discuss to clarify your requirements for the new contract. First, what are the business goals you want this network upgrade to support? This will help us to understand the scale of this project. Kevin Lim: When this stadium contract is up and in full production, it will increase our business by 70 percent. You: Where specifically do you see this growth? Kevin Lim: Financially, we hope to achieve positive cash flow from the stadium contract within six months, and increase our gross revenue by 75 percent within 18 months. My technical staff projects that the data traffic across our network will increase by 80 percent as we provide video services to the StadiumCompany. The increased revenue is a result of the new contract. We hope that the network upgrade reduces unit production costs by 15 percent over six months, and 20 percent over 12 months. You: How will you know if your business expectations are being achieved? Kevin Lim: We have given that some thought and are considering surveying the customer monthly. Our goal is to achieve a satisfaction measure of at least four on a scale of five within four months after upgrade. We have also set targets of responding to 90 percent of customer non-live media production requests within 12 hours, and 100 percent within 18 hours. We want to be able to meet customer live media production targets 97.5 percent of the time. You: Do you see a significant increase in staff and any changes in how they carry out their work in achieving these targets? Kevin Lim: We are looking to hire up to six temporary and part-time production staff and at least one IT and communications technician. The network is a critical component of the way we do business, and it will need looking after.
You: Where do you see these staff being located? Kevin Lim: We currently have the majority of our staff in two buildings in this office park. We plan to consolidate our staff and facilities into Building F. I expect that initially we will have one or two production people located at the stadium, with an additional six to eight staff members at the stadium when there is an event we are supporting. A fast reliable network link to the stadium is very important. All pre- and post-production work will occur on our premises using the communications link from the stadium. Staff working at both locations will probably use a wireless connection here in the office. You: Thanks for that information. It is important to know those details. What targets do you see the network upgrade project meeting? Kevin Lim: We do have a very tight budget. We need to reuse at least 75 percent of the existing network components, and we would like to reuse all of it. Our time to production is very important too. We see a successful project being one where the network is in full production meeting the deadlines of the StadiumCompany. And of course, the network has to perform! You: We have examined your current network equipment and cabling. It seems to be capable of being scaled to support the new requirements. During the design phase, we will prototype the network load and adjust the design, if necessary. Kevin Lim: What about reliability? You: After you consolidate your personnel in one building, you can use redundant links and technology to ensure high availability to the appropriate resources. We will look at that in more detail during the network design. We can also look at mean time to failure under specified load conditions for all network components. There will be network monitoring so that your network personnel can identify and resolve issues. Are there any specific network security issues that you feel need attention? Kevin Lim: The media content is very valuable. We cannot have the network go down because of a virus or something. What do you recommend? You: We can include in the network design the means for all unauthorized network intrusions to be intercepted, prevented, logged, and reported. Your network technician will have a role here. Kevin Lim: Is there anything else I can tell you at this time? You: I would like to recap the business goals for the FilmCompany. Based on our conversation today, and my discussions with your staff, I understand that your prioritized business goals are: 1. upgrade the network to support 80% more traffic 2. provide a fast reliable link between FilmCompany facilities and the StadiumCompany network 3. implement a highly available network 4. continue to support wireless access at FilmCompany facilities 5. implement QoS to support the video applications 6. implement network monitoring and security Is this list correct? Kevin Lim: Yes, that list summarizes our goals. At this time, I would like you to concentrate on the top 4 goals.
Page 4 of 7

You: I will make that our focus. I do not have any more questions at this time. Thank you for taking the time to meet with me.
FilmCompany Network and Topology

The FilmCompany branch network has grown without much planning. The LAN cabling in both offices is Cat5e Ethernet. The office complex provides an Ethernet link between the two buildings. Because of the recent acquisition of AnyCompany, the addressing and naming are inconsistent. The combined network infrastructure has not been optimized or redesigned. It is basically a flat network design with minimal redundancy. A small wireless LAN is currently only used occasionally by a few project managers with laptops and by guests at Building F. FilmCompany believes that the WLAN may be used more regularly when the StadiumCompany contract work starts because the additional mobile and contract workers will require network access. In addition, FilmCompany plans to consolidate all their staff and resources in one building. Remote access into the FilmCompany network is provided through an ADSL Internet link terminating in Building A. There are currently two FilmCompany staff onsite at the stadium. The StadiumCompany provides them office space in the stadium management offices.
The current network equipment includes: Two 1841 routers (FC-CPE-1, AC-1) Three 2960 switches (FC-ASW-1, FC-ASW-2, ProductionSW) One network and business server One Linksys WRT300N wireless router (AC-AP) One ADSL modem (Internet access)
Page 5 of 7
The current network has two VLANs. The General VLAN serves the general office and managers, including reception, accounts, and administration. It consists of 12 PCs and two printers. The General VLAN uses this addressing: Network 10.0.0.0/24 Gateway 10.0.0.1 Hosts (dynamic) 10.0.0.200 10.0.0.254 Hosts (static) 10.0.0.10 10.0.0.20 The Production VLAN serves the production suites and provides networking for the media development and storage. It consists of nine high-performance workstations, five office PCs, and two printers. The Production VLAN uses this addressing: Network 10.10.0.0/24 Gateway 10.10.0.254 Hosts (dynamic) 10.10.0.100 10.10.0.200 Hosts (static) 10.10.0.1 10.10.0.99
Design Considerations
Here are some design considerations to consider for the FilmCompany expansion. Capacity/Scalability Addressing and naming to be easily scaled Future technologies Possibility of greater mobile and converged network services Network security DMZ NAT Filtering Separate management VLAN Network device passwords and access Redundancy Access switches and links Server farm design QoS
Required for video streaming Future implementation of voice over data network system
Page 6 of 7

Final Topology - Instructor Version Only
FINAL TOPOLOGY
After FilmCompany consolidates their personnel in one building, they choose to keep the devices on the existing switches. They rename the devices consistently. They use STP and redundant links to ensure high availability to all resources. Because the Production staff has the least external connectivity needs (because they mainly write to local servers), their switch is not connected to the BR4 router. To follow the StadiumCompany naming plan, FilmCompany renames AC-1 to BR4, which connects to StadiumCompany and the Internet. FC-CPE-1 continues to provide connectivity to the FilmCompany enterprise network. FC-CPE-1 and the enterprise network are not in the scope of this project. AC-AP is renamed to ISP4 and continues to provide a DSL connection to the Internet.
Page 7 of 7
Lab Network Services

The following tools are available to support Discovery labs: Discovery Server: This is a live CD server that provides network services in an isolated lab environment. The Discovery Server Live CD can be downloaded from the Academy Connection CCNA Discovery course catalog page. Security Device Manager (SDM): Cisco SDM is a web-based configuration tool that allows you to configure LAN and WAN interfaces, routing, Network Admission Control (NAC), Network Address Translation (NAT), firewalls, Intrusion Prevention System (IPS), Virtual Private Networks (VPNs), and other features on the router. Cisco SDM 2.1 and later versions can be installed on a PC, or in router flash, disk, or slot memory. The Windows installer (SDM-V24), can be download from the Academy Connection Tools page Cisco Network Assistant (CNA): Cisco Network Assistant is a PC-based network management application for wired and wireless LANs for growing businesses with up to 40 or fewer switches and routers. It uses Cisco Smartports technology to offer centralized network management and configuration to simplify deployment and ongoing maintenance. The Windows installer (cna-windows-l9-installer-5-2-en) can be downloaded from cisco.com. You must register for a free, guest account before being able to download this software. NetStumbler: NetStumbler is a tool for Windows that allow the detection and characterization of 802.11a, 802.11b and 802.11g Wireless Local Area Networks (WLANS). The latest version of NetStumbler can be downloaded free-of-charge from http://www.netstumbler.com. Thunderbird E-mail Client: The Mozilla Thunderbird email client is a full featured Windows email client that is available free-of-charge. The Thunderbird email client may be downloaded from the Discovery Server live CD. The latest version of the Thunderbird email client is available from http://www.mozilla.com/thunderbird. Wireshark: Wireshark is a network protocol analyzer that allows the capture and analysis of network traffic. Wireshark may be downloaded from http://www.wireshark.org. QuickTime Player: The Quicktime Player is an audio and video player that allows viewing of streaming video. This player is available for free download from Apple Inc. at http://www.apple.com/quicktime/player/. Denika: Denika, by Plixer International, is a Windows application for monitoring and trending bandwidth usage. It provides historical trends and real-time information on the status of network devices. Plixer can be downloaded from http://www.plixer.com/products/denika.php.
Page 1 of 1
CCNA Discovery
CCNA Discovery Server Live CD v2.0

Installation Instructions
Overview
The Discovery Server Live CD provides all of the network services necessary to support the CCNA Discovery curriculum and hands-on labs. The Live CD is built using the ADIOS development platform and is based on Fedora Core 6. It requires no installation and will run on minimal hardware. The Live CD runs adequately on a PII machine with 256 MB of RAM, an Ethernet interface card, and a CDROM drive. Because the entire server runs from RAM, there is no need for the machine to have a hard disk drive or operating system. The Discovery Server Live CD will run on less powerful hardware but will run noticeably slower. More powerful hardware provides better performance. Increasing the amount of RAM has the most impact on speed and performance. NOTE: Although the Discovery Server Live CD will run on a broad range of computers, it will not run on every system. The machine used to run the Discovery Server Live CD must be able to support Fedora Core 6. The current version of the Live CD is known to have problems with USB keyboards and certain BIOSs and chipsets. If the server fails to run on your hardware, try a different machine. The Discovery Server Live CD runs with fewer problems on older hardware. The CD is built entirely from open source solutions and can be freely duplicated and distributed. The CD must be distributed in its entirety; no copyright notices should be removed or altered. The server is designed to provide preconfigured services such as DHCP, DNS, FTP, TFTP, HTTP, SSH, Telnet, SMTP, POP3, IMAP, and streaming video. Many other services and tools are available on the CD to allow the creation of more challenging lab exercises. The following applications are among the more useful: WireShark, a packet sniffer nmap, a port scanner Diag, a network diagramming tool Complete office suite, including word processing, presentation, and spreadsheet applications
Burning the CD Image

The Discovery Server Live CD is available as an ISO image. An ISO image is a snapshot of an optical media that conforms to the ISO 9660 file system. The creation of an ISO image allows data, boot code, structures, and attributes to be combined in a single file, making it very easy to store and download. Most current operating systems, including Microsoft Windows with the Microsoft Virtual CDROM Panel, allow these IOS images to be mounted and treated as if they were a physical disc. CD/DVD authoring software can also be used to extract these image files and burn them to optical media. To use the Discovery Server Live CD, it must first be burned to a CDROM disk. Do not simply save the ISO file onto a CDROM disk this method will not work. The file must be extracted during the burning process to create a bootable CD. This extraction process can be accomplished with most commercial, free, or shareware CD/DVD authoring software.
Page 1 of 9
Starting the Server

After the Discovery Server Live CD is burned, use it to boot the computer that will be used for the Discovery Server. NOTE: You may first have to modify the boot order in your computer BIOS setup program. The CD/DVD drive must be listed before the system hard disk drive. Some systems have a designated key that you can press to display a menu of boot choices during the boot process; other systems require the change to be made in the BIOS. Often a message appears on the bottom of the screen during boot that lists which key should be pressed to enter the BIOS setup or to boot from the CD. If no message is displayed, consult your system documentation for details.
1. Before starting the server, be sure to connect the computer NIC to a switch or router port using an appropriate cable. 2. To start the Discovery Server Live CD, insert the CD into the CDROM drive and reboot the machine. 3. During startup, you will be presented with a list of boot options. At the first options menu, select a. All other options are provided in the event that a does not run properly on your machine. During the booting process you may notice that the eth0 address and the DHCP daemon (dhcpd) fail. This is normal on some machines and these functions will be started manually. Allow the server to boot fully into the KDE graphical environment.
When booted, a screen similar to that shown in Figure 1 displays.
Start Menu
Terminal
Figure 1: The KDE Display
Page 2 of 9
Quick Info
Root Password: User Accounts: Server Name: IP Address: Subnet Mask: Default Gateway: discoverit 20 ordinary user accounts set up as userX with a password of cheetahX where X is any number between 1 and 20 inclusive server.discovery.ccna 172.17.1.1 255.255.0.0 172.17.0.1
DHCP Pool Address Range: Lease: Default Gateway: Domain Name: 172.17.1.50 to 172.17.1.254 4 hours 172.17.1.1 discovery.ccna
DNS Resolves names for the discovery.ccna domain server.discovery.ccna server-1.discovery.ccna server-2.discovery.ccna resolves to 172.17.1.1 resolves to 172.17.1.1 (for the troubleshooting labs in CCNA Discovery 1) resolves to 172.17.1.2 (for the troubleshooting labs in CCNA Discovery 1)
Configuring the Server

The following instructions address the most common setup processes and issues: NOTE: On some hardware, eth0 may be the wireless NIC. In that case, these instructions will apply to eth1, which should be the first Ethernet card in the system. You may also notice eth0 and eth0.bak on some hardware. This is normal and will not interfere with the setup. After the server has started, it may be necessary to manually configure the IP address information, start the DHCP daemon (dhcpd), and restart the DNS (named). To determine if these steps are necessary, use the following procedure to check the IP address assigned to the computers NIC: 1. Choose Terminal to open a terminal window. 2. Enter su - and click Enter (note that the - is very important). 3. When prompted, enter the root password discoverit. 4. When the terminal window is open, enter the ifconfig command to see information about the interfaces found in the machine.
If the IP addressing information is not correct, complete Steps A and B below.
Page 3 of 9
A. Setting the Network Address

1. From the K start button in the lower left corner of the screen, click Administration and then click Network. 2. When prompted, enter the root password discoverit and click OK. The Network Configuration window, similar to that shown in Figure 2, should open. The interfaces displayed will depend on the computer system.
Figure 2: The Network Configuration Window 3. On the Network Configuration window, click the Devices tab.
Page 4 of 9
4. Select eth0 or the interface that corresponds to your first Ethernet card and then click Edit. This should display the Ethernet Device configuration pane shown in Figure 3.
Figure 3: The Ethernet Device Configuration Pane 5. To set the IP addressing information, click the Statically set IP addresses radio button and enter the following information: Address: 172.17.1.1 Subnet mask: 255.255.0.0 Default gateway address: 172.17.0.1 6. Click OK. 7. Return to the Network Configuration window and click the DNS tab. 8. Enter the following information, as shown in Figure 4: Set hostname: server.discovery.ccna Set Primary DNS: 127.0.0.1
Page 5 of 9
Figure 4: Discovery Server DNS Configuration
9. Next, click the Devices tab. 10. Choose eth0. 11. Click Activate. 12. Answer Yes / OK to any questions. 13. Close the Network Configuration window. When prompted, click Yes to save changes.
B. Starting DNS and DHCP

The DNS service must be restarted to reflect the new IP address on the Ethernet interface. In addition, because the Ethernet interface failed to initialize during startup, the DHCP service must also be manually started.
1. Click Terminal to open a terminal window. 2. Enter su - and click Enter (note that the - is very important). 3. When prompted, enter the root password discoverit. 4. Enter service named restart and press Enter. 5. Enter dhcpd and press Enter.
You should now have a fully operational server. It may take a few minutes for DNS to become fully operational.
Page 6 of 9
Streaming Video Server

Some of the labs in CCNA Discovery 4 require that a video stream be established. This service is off by default and must be turned on. To stream a video, use the following procedure from the server console: 1. Choose Terminal to open a terminal window. 2. Enter su - and click Enter (note that the - is very important). 3. When prompted, enter the root password discoverit.
After you are logged in as root and have a terminal session open, complete the following steps: 1. Enter cd / to go to the root directory. 2. Enter cd /usr/StreamingServer to go to the directory with the streaming server files. 3. Enter DarwinStreamingServer to start the server. 4. Enter perl streamingadminserver.pl to start the administration server.
When the administration server is running, all further configuration is accomplished using a web browser. 1. Use a web browser to bring up the configuration server by connecting to the server on port 1220 (http://172.17.1.1:1220). All usernames and passwords are stream. 2. Delete any old playlists that may be present. 3. Create a new playlist by dragging the movie file to the right box. Select Sequential Looped for the play mode, name the stream, and click the Save Changes button at the bottom of the screen. 4. Click the button next to the stream name to start the streaming video. 5. To connect to the stream, use the Quicktime Player (free download from Apple Inc. at www.apple.com). 6. Launch Quicktime Player. 7. Under File, click Open URL. 8. Enter the URL rtsp://<server ip>/stream; for example, rtsp://172.17.1.1/MWO.sdp, assuming that the server has the default IP address of 172.17.1.1 and the stream was named MWO.sdp for "Mind Wide Open."
NOTE: The Discovery Server Live CD is provided without warranty of any kind. It is intended to be used only to support the CCNA Discovery labs. For information on the Cisco Networking Academy Program, visit http://cisco.netacad.net.
Page 7 of 9
Quick Start Instructions

1. Download the ISO image from Academy Connection Tools page. 2. Extract the image while burning onto a CD. Burn the image using CD/DVD authoring software, such as Sonic Record Now, Roxio, or Nero. A number of freeware CD /DVD authoring programs are available for download from the Internet that will also allow burning from an ISO image. NOTE: Some of the lite versions of CD/DVD authoring software that normally come with a new optical drive or machine do not support burning a disc from an ISO image. 3. In the BIOS of the computer to be used as a server, change the boot order to boot from the CD-ROM first. 4. Connect the NIC of the computer being used for the Discovery Server to a switch or router per the lab setup using an appropriate cable. 5. Disable all extra network cards in the machine. 6. Insert the CD and restart the computer to boot to the CD. 7. At the first options menu, select a. 8. If the second menu displays, select 1. NOTE: This menu will not be seen on all machines. 9. Follow the instructions above to set IP address, streaming, etc.
Common Issues and Answers

Problem: Solution: Machine boots to the first menu and then freezes. This occurs on many machines that use a USB keyboard. Discovery Server does not currently support USB keyboards. If the machine is capable of using a PS/2 style keyboard, replace the USB keyboard with one using a PS/2 interface and restart the server. If the machine is not capable of accepting a PS/2 style keyboard, try a different machine. Machine boots to a command prompt and not to the graphical screen. On some machines, the graphical interface is started but hidden from view. If presented with a login prompt, switch to the graphical interface by pressing Alt-F7. Multiple network cards are visible in setup. The Discovery Server is currently designed to use only a single NIC. If multiple NICs are enabled in the machine, these will be detected and shown as eth0, eth1, eth2, etc. On some machines an eth0.bak interface also appears. The first network card is eth0, and this is the one that should normally be terminated and configured. Eth0 interface is not working but eth1 is present. This occurs on many laptop computers that have an internal wireless NIC. The wireless NIC appears as eth0 and the standard Ethernet NIC is eth1. In this case, configure eth1 with the appropriate IP address. Machine will not work with Discovery Server. The Discovery Server does not work on all machines. If it does not work on your machine, try another computer. If another computer is not available, run the server in a virtual environment using software such as Microsoft Virtual PC, VMWare, or Innotek VirtualBox software.
Problem: Solution:
Problem: Solution:
Problem: Solution:
Problem: Solution:
Page 8 of 9
Additional Resources for Instructors

A number of additional resources are available for instructors. These are all located on Academy Connection and include: Frequently Asked Questions (FAQ) Document Discovery Server ICG Peer supported discussion forum Cisco Netacad Help Desk
Page 9 of 9
TopicNum 1.3.4
PageN um TopicName 4 Traffic Filtering at the Distribution Layer How VLANs Segregate and Control Network 1.4.3 2 Traffic 1.4.5 2 Security at the Network Edge 1.4.6 2 Security Measures 1.4.6 3 Security Measures 2.1.3 2 The Network Lifecycle Plan Phase 2 2 2 3 3 3 2 3 2 2 5 2 3 4 4 2 3 5 3 3 4 The Network Lifecycle Operate Phase Defining the Customer Identifying Business Goals and Priorities Defining Technical Requirements Identifying Constraints Monitoring Network Operations Tools for Network Monitoring Diagramming the Logical Architecture Investigating the Installed Cisco IOS Software Choosing an Appropriate Cisco IOS Image Download and Install Cisco IOS Software The Router Startup Process Investigating Appropriate Hardware Options Visiting the Customer Site Wireless Site Survey and Planning Overall Project Goal Project Scope Business Goals and Technical Requirements Existing Network Characterization Characteristics of Different Application Categories File Transfer and Email
Lab Groupings
Equip-Based (EQ) or Paper-Based (PB) Notes EQ Use Discovery Server EQ PB EQ EQ PB EQ PB PB PB PB EQ PB EQ EQ EQ EQ EQ EQ PB EQ PB PB PB PB EQ EQ Discovery Server Discovery Server Use Discovery Server - Wireshark Access SANS site
2.1.6 2.3.2 2.3.3 2.4.1 2.4.2 2.5.2 2.5.3 3.1.2 3.2.2 3.2.3 3.2.4 3.2.5 3.3.2 3.4.1 3.4.3 3.5.2 3.5.3 3.5.4 3.5.5 4.1.2 4.2.3
Use Cisco Network Assistant, Discovery Server
Use Cisco Network Assistant, Discovery Server Internet access - access Denika (SNMP) site Use Cisco Network Assistant Access cisco.com Access cisco.com - CCO Acct. Access Solarwinds (TFTP) site Access AC - confreg program Access cisco.com
4.3.3 4.3.4 4.4.4 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 5.1.1 5.1.2 5.1.3 5.1.5 5.2.3 5.2.4 5.4.2 5.5.3 6.1.4 6.2.1 6.2.2 6.2.5 6.2.6 7.1.6 7.2.2 7.2.5 7.2.6 7.3.2 7.3.3 7.3.5 7.3.6
3 2 3 4 2 2 2 2 4 4 5 2 3 2 2 3 3 4 2 4 2 2 4 3 2 4 5 1 2
Priorities and Traffic Management Where Can QoS Be Implemented? Supporting Remote Workers with Voice and Video What Is a Traffic Flow? Diagramming Internal (Intranet) Traffic Flows Diagramming Traffic Flows To and From Remote Sites Diagramming External Traffic Flows Diagramming Extranet Traffic Flows Analyzing Business Goals & Technical Requirements Requirements for Scalability Requirements for Availability Requirements for Security Designing Core Layer Topology Creating the Logical Network Design for the LAN Locating Wireless APs Updating the Logical Network Design Documentation Using CIDR Routing and Summarization Designing the Logical LAN IP Address Scheme Determining the Addressing Blocks Designing the Addressing Scheme Designing a Naming Scheme Identify Risks or Weaknesses in the Design Creating the Test Plan Validating the IP Addressing Scheme Identify Risks and Weaknesses Creating the Test Plan Validating Device and Topology Selection Verify Design Meets Business Goals Identify Risks and Weaknesses
PB EQ EQ EQ EQ EQ EQ EQ PB PB PB PB PB PB PB EQ EQ PB PB PB PB EQ PB EQ EQ EQ EQ EQ PB
Discovery Server Discovery Server Discovery Server Discovery Server Discovery Server Discovery Server Discovery Server
8.1.3 8.2.2 8.2.5 8.2.6 8.3.2 8.3.4 8.3.4 9.1.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3.4 9.4.1 9.4.2 10.0.2
4 3 5 2 3 3 4 3 4 3 3 2 2 2 2 2
Simulating WAN Connectivity in a Lab Environment Creating the Test Plan Troubleshooting Frame Relay Operation Identifying Risks and Weaknesses Creating the Test Plan Prototype VPN Connectivity for Remote Workers Prototype VPN Connectivity for Remote Workers Integrating the Existing Information The Implementation Plan Determining the Best Installation Method Estimating Timelines and Resources Maintenance Windows and Downtime Planning Software IOS Services and Support Finalizing the Proposal Presenting the Proposal Finding the Right Networking Job
EQ PB EQ PB PB EQ EQ PB PB PB PB PB PB PB PB PB
references SDM SDM SDM
Lab 1.3.4 Creating an ACL Instructor Version
Device Discovery Server R1 S1 Host1 Host2
Host Name Server FC-CPE-1 FC-ASW-1 PC1 PC2
Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1 10.0.0.10 10.0.0.201
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.0 255.255.255.0 255.255.255.0
Objective
Create Access Control Lists (ACLs) to filter traffic for security and traffic management.
640-802 CCNA Exam Objectives

This lab contains skills that relate to the following CCNA exam objectives: Configure and apply ACLs based on network filtering requirements (including CLI/SDM). Configure and apply ACLs to limit telnet and SSH access to the router using (including SDM/CLI). Verify and monitor ACLs in a network environment.
Page 1 of 11
CCNA Discovery Designing and Supporting Computer Networks Expected Results and Success Criteria
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of ACLs useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the ACL is working properly? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Background / Preparation
Instructor Notes: This lab reviews ACLs. Whereas ACLs were covered in detail in CCNA Discovery: Introducing Routing and Switching in the Enterprise, this lab focuses on security and ACL design. Its purpose is to emphasize data traffic control and filtering, initially at the design stage and then move to representative implementation of these policies. This is a demonstration lab that uses wildcard masks. Students should review the use of wildcard masks in the Challenge Task. This lab also uses Discovery Server to provide representative application data traffic. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternately a local lab server can be set up to provide representative data traffic. If possible this should include FTP and HTTP/Web traffic. In this lab you will consider the need for data traffic control and filtering in a network, and design the policies to achieve this. The traffic security design will then be applied to an example network using ACLs. ACLs are typically applied at the Distribution Layer. This lab will use a router connected to a server that will provide sample network applications to demonstrate ACL placement and operation.
Step 1: Analyze the traffic filtering requirements

a. Determine the access and filtering requirements. For this lab: 1) PC1 is a network administrator's workstation. This host must be permitted FTP and HTTP access to the network server, and telnet access to the router FC-CPE-1.
Page 2 of 11

2) PC2 is a general workstation that is to have HTTP access only. FTP services and Telnet access to the router is not permitted. b. Having determined specific requirements, decide if all other traffic is to be allowed or denied. List the benefits and potential problems to the following filtering scenarios: Benefits of allowing all other traffic: _______________________________________________________________ Future implemented services are not blocked. Potential problems with allowing all other traffic: _______________________________________________________________ Unwanted or malicious traffic is not blocked. Benefits of denying all other traffic: _______________________________________________________________ Unwanted or malicious traffic is automatically blocked. Potential problems with denying all other traffic: _______________________________________________________________ Future implemented services are automatically blocked.
Step 2: Design and create the ACL

a. Review, and then apply, ACL recommended practice. Always plan thoroughly before implementation. The sequence of the statements is important. Put the more specific statements at the beginning and the more general statements at the end. Statements are added to the end of the ACL as they are written. Create and edit ACLs with a text editor and save the file. Use Named ACLs wherever possible. Use comments (remark option) within the ACL to document the purpose of the statements. To take effect, ACLs must be applied to an interface. An interface can have one ACL per Network Layer protocol, per direction. Although there is an implicit deny any statement at the end of every ACL, it is good practice to configure this explicitly. This ensures that you remember that the effect is in place and allows logging of matches to this statement to be used. ACLs with many statements take longer to process, which may affect router performance. Placement of ACLs: o o Standard: closest to destination (if have administrative authority on that router) Extended: closest to source (if have administrative authority on that router)
b. Consider the two approaches to writing ACLs: Permit specific traffic first and then deny general traffic. Deny specific traffic first and then permit general traffic.
When would it be best to permit specific traffic first and then deny general traffic?

_______________________________________________________________________________ _______________________________________________________________________________ When there is likely to be more traffic of the type to be permitted - these packets are matched early in the ACL without having to traverse many statements, minimizing packet latency. When would it be best to deny specific traffic first and then permit general traffic? _______________________________________________________________________________ _______________________________________________________________________________ When there is likely to be more traffic of the type to be denied - these packets are matched early in the ACL without having to traverse many statements, minimizing router latency. c. Select one approach and write the ACL statements that will meet the requirements of this lab. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Answers vary: One example is: Allow PC1 to access server http and ftp access-list 101 permit tcp host 10.0.0.10 host 172.17.1.1 eq www log access-list 101 permit tcp host 10.0.0.10 host 172.17.1.1 eq ftp log
Allow PC2 to access web server access-list 101 permit tcp host 10.0.0.201 host 172.17.1.1 eq www log
Allow PC1 ftp access to router Fa0/0 access-list 101 permit tcp host 10.0.0.10 host 10.0.0.1 eq telnet log
Deny all other traffic access-list 101 ip deny any any log After an ACL is written and applied to an interface, it is useful to know if the ACL statements are having the desired effect. The number of packets that meet the conditions of each ACL statement can be logged by adding the option log at the end of each statement. Why is it important to know to how many times packets that match an ACL statement are denied? _______________________________________________________________________________ _______________________________________________________________________________ This potentially shows the number of attempts at unauthorized access to denied services that may lead to further investigation of network usage.
Page 4 of 11

Step 3: Cable and configure the given network
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router. b. Connect and configure the devices in accordance with the given topology and configuration. Your instructor may substitute Discovery Server with an equivalent server for this lab. c. Establish a HyperTerminal, or other terminal emulation program, from PC1 to Router R1.
d. From the global configuration mode issue the following commands: Router(config)#hostname FC-CPE-1 FC-CPE-1(config)#interface FastEthernet0/0 FC-CPE-1(config-if)#ip address 10.0.0.1 255.255.255.0 FC-CPE-1(config-if)#no shutdown FC-CPE-1(config-if)#exit FC-CPE-1(config)#interface FastEthernet0/1 FC-CPE-1(config-if)#ip address 172.17.0.1 255.255.0.0 FC-CPE-1(config-if)#no shutdown FC-CPE-1(config-if)#exit FC-CPE-1(config)#line vty 0 4 FC-CPE-1(config-line)#password telnet FC-CPE-1(config-line)#login FC-CPE-1(config-line)#end e. Ping between PC1 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 4: Test the network services without ACLs

Perform the following tests on PC1: a. Open a web browser on PC1 and enter the URL http://172.17.1.1 at the address bar. What web page was displayed? _________________________________________ Discovery Server Home Page b. Open a web browser on PC1 and enter the URL ftp://172.17.1.1 at the address bar. What web page was displayed? _________________________________________ Discovery FTP Home Directory c. On the Discovery FTP Home Directory, open the Discovery 1 folder. Click and drag a Chapter file to the local Desktop. Did the file copy successfully? _________ Yes d. From the PC1 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. What response did the router display? ______________________________________________ Prompt for Telnet password and login to router e. Exit the Telnet session. quit
Perform the following tests on PC2: a. Open a web browser on PC2 and enter the URL http://172.17.1.1 at the address bar. What web page was displayed? ______________________________________________ Discovery Server Home Page b. Open a web browser on PC2 and enter the URL ftp://172.17.1.1 at the address bar. What web page was displayed? ______________________________________________ Discovery FTP Home Directory c. On the Discovery FTP Home Directory, open the Discovery 1 folder. Click and drag a Chapter file to the local Desktop. Did the file copy successfully? __________ Yes d. From the PC2 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. What response did the router display? ______________________________________________ Prompt for Telnet password and login to router. e. Exit the Telnet session. quit Why was each of the above connections successful? ___________________________________________________________________ There were no data access or filtering controls in place. ___________________________________________________________________ Successful connection was expected. If any of the above connections was not successful, troubleshoot the network and configurations and establish each type of connection from each host.
Step 5: Configure the network services ACL

From the global configuration mode issue the following commands: a. Allow PC1 to access the web server and telnet to the router. FC-CPE-1(config)#ip access-list extended Server-Access FC-CPE-1(config-ext-nacl)#remark Allow PC1 access to server FC-CPE-1(config-ext-nacl)#permit tcp host 10.0.0.10 host 172.17.1.1 eq ftp www log b. Allow PC2 to access the web server. FC-CPE-1(config-ext-nacl)#remark Allow PC2 to access web server FC-CPE-1(config-ext-nacl)#permit tcp host 10.0.0.201 host 172.17.1.1 eq www log c. Allow PC1 telnet access to router FC-CPE-1(config-ext-nacl)#remark Allow PC1 to telnet router FC-CPE-1(config-ext-nacl)#permit tcp host 10.0.0.10 host 10.0.0.1 eq telnet log
d. Deny all other traffic. FC-CPE-1(config-ext-nacl)#remark Deny all other traffic


FC-CPE-1(config-ext-nacl)#deny ip any any log FC-CPE-1(config-ext-nacl)#exit
Step 6: Apply the ACLs

a. Apply the Extended ACL to the router interface closest to the source. FC-CPE-1(config)#interface FastEthernet0/0 FC-CPE-1(config-if)#ip access-group Server-Access in FC-CPE-1(config-if)#end b. From the Privileged EXEC mode, issue the show running-configuration command and confirm that the ACLs have been configured and applied as required. Reconfigure if errors are noted.
Step 7: Test the network services with ACLs

Perform the following tests on PC1: a. Open a web browser on PC1 and enter the URL http://172.17.1.1 at the address bar. What web page was displayed? ______________________________________________ Discovery Server Home Page b. Open a web browser on PC1 and enter the URL ftp://172.17.1.1 at the address bar. What web page was displayed? ______________________________________________ Discovery FTP Home Directory c. On the Discovery FTP Home Directory, open the Discovery 1 folder. Click and drag a Chapter file to the local Desktop. Did the file copy successfully? _________ Yes Why is this the outcome? ______________________________________________ This host is allowed FTP access. d. From the PC1 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. What response did the router display? ______________________________________________ Prompt for Telnet password and login to router Why is this the outcome? ______________________________________________ This host is allowed Telnet access. e. Exit the Telnet session.
Perform the following tests on PC2: a. Open a web browser on PC2 and enter the URL http://172.17.1.1 at the address bar. What web page was displayed? ______________________________________________ Discovery Server Home Page Why is this the outcome? ______________________________________________ This host is allowed web access. b. Open a web browser on PC2 and enter the URL ftp://172.17.1.1 at the address bar.

What web page was displayed? ______________________________________________ error page cannot be displayed Why is this the outcome? ______________________________________________ This host is not allowed FTP access. c. From the PC2 command line prompt, issue the command telnet 10.0.0.1, or use a Telnet client (HyperTerminal or TeraTerm, for example) to establish a Telnet session to the router. What response did the router display? ______________________________________________ Telnet connection refused. Why is this the outcome? ______________________________________________ This host is not allowed Telnet access. If any of these transactions did not result in the expected outcome, troubleshoot the network and configurations and retest the ACLs from each host.
Step 8: Observe the number of statement matches

a. From the Privileged EXEC mode, issue the command: FC-CPE-1#show access-list Server-Access List the number of matches logged against each ACL statement. ______________________________________________ ______________________________________________ Answers will vary (1383 matches)
Step 9: Clean up
Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
Rewrite the Server-Access ACL used in this lab so that: 1) Administrator workstations are considered to be in the address range of 10.0.0.10 /24 to 10.0.0.15 /24 instead of a single host; and, 2) The general workstations have the address range of 10.0.0.16 /24 to 10.0.0.254 /24 instead of being a single host. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ip access-list extended Server-Access remark Allow PC1 to access any IP traffic permit ip host 10.0.0.0 0.0.0.15 172.17.1.1 log remark Allow PC2 to access web server

permit ip host 10.0.0.0 0.0.0.255 172.17.1.1 eq www log remark Deny all other traffic deny ip any any log
Running config of router after lab completion:
FC-CPE-1#show run Building configuration...
Current configuration : 1309 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! !

! ! ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip access-group Server-Access in duplex auto speed auto ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Serial0/1/0 no ip address shutdown clock rate 125000 ! interface Serial0/1/1 no ip address shutdown clock rate 125000 ! interface Vlan1 no ip address !
Page 10 of 11

ip classless ! ip http server ! ip access-list extended Server-Access remark Allow PC1 access to server permit tcp host 10.0.0.10 host 172.17.1.1 eq ftp www remark Allow PC2 to access web server permit tcp host 10.0.0.201 host 172.17.1.1 eq www remark Allow PC1 to telnet router permit tcp host 10.0.0.10 host 10.0.0.1 eq telnet remark Deny all other traffic deny ip any any ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 password telnet login ! end
FC-CPE-1#
Page 11 of 11
Lab 1.4.3 Monitoring VLAN Traffic Instructor Version
Device Designation S1 PC1 PC2 1841 Router Discovery Server
Device Name FC-ASW-1 Host1 Host2 Router Server
Address 172.17.1.10 172.17.1.11 172.17.0.1 172.17.1.1
Subnet mask 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0
Page 1 of 10
Objectives
Observe broadcast traffic on a switch. Create and apply VLANs to separate local traffic. Observe broadcast traffic containment with VLANs.

This lab contains skills that relate to the following CCNA exam objectives: Perform and verify initial switch configuration tasks, including remote access management. Verify network status and switch operation using basic utilities (including: ping, traceroute, Telnet, SSH, arp, ipconfig), and show and debug commands. Describe how VLANs create logically separate networks and the need for routing between them. Configure, verify, and troubleshoot VLANs.
Expected Results and Success Criteria

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of VLANs useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the VLAN is working correctly? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: Using the given topology, students will use VLANs to contain broadcasts. This will be demonstrated by using Wireshark to capture data flows, both with and without VLANs configured on a switch. This lab uses two PCs. PC1 is on one VLAN and PC2 is on another. If resources and time are available, configuring VLANs with two or three PCs each will provide a more comprehensive demonstration.
Page 2 of 10

To conclude this lab, students should reflect on the design implications and rationale of implementing VLANs in a network. The instructions and CLI command and output format given in this lab are based on the Cisco Catalyst C2960 switch running IOS version 12.2. Note that different switch platforms and IOS versions may result in different command and output formats than shown. A sample of selected equivalent commands for other platforms is given in the Appendix to this Instructor Version lab. This lab demonstrates the flow of network traffic from host PCs attached to a switch. Currently, the switch is not configured to segment network traffic into VLANs. In this lab, you will observe the flow of traffic and then configure VLANs on the switch to contain local traffic in each respective VLAN. The effects of the VLANs on the network traffic will then be observed and discussed. The packet capture program Wireshark (formerly known as Ethereal), is required to be installed on each PC used in this lab. Wireshark is a free, open source program that can be downloaded from http://www.wireshark.org/. See your instructor if this program is not available in the lab. The Cisco IOS commands used in this lab are applicable to the Cisco 2960 switch. See your instructor about comparable commands if you are using other switch models in this lab.
Task 1: Demonstrate Broadcasts across a Single LAN

Step 1: Prepare the switch for configuration
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the switch and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and switch. b. Establish a HyperTerminal, or other terminal emulation program, connection from PC1 to the switch. c. Ensure that the switch is ready for lab configuration by verifying that all existing VLAN and general configurations are removed. 1) Remove the switch startup configuration file from NVRAM. Switch#erase startup-config Erasing the nvram filesystem will remove all files! Continue? [confirm] 2) Press Enter to confirm. The response should be: Erase of nvram: complete Instructor Note: If the switch has previously been configured with VLANs, it will necessary to delete the VLAN database information file. From the privileged EXEC mode, issue the following commands: Switch#delete vlan.dat Delete filename [vlan.dat]?[Enter] Delete flash:/vlan.dat? [confirm] [Enter] If there was no VLAN file, this message is displayed. %Error deleting flash:/vlan.dat (No such file or directory) It is recommended that the delete command not be issued as: delete flash:vlan.dat. Accidentally omitting vlan.dat from this command could lead to the complete IOS being deleted from flash memory. Issuing the reload command to restart the switch may not always clear the previous VLAN configuration; therefore, the power cycle (hardware restart) step is recommended.
Page 3 of 10

Step 2: Configure the PCs
a. Connect the two PCs to the switch as shown in the topology diagram. b. Configure the two PCs to have the IP addresses and subnet mask shown in the topology table. c. Clear the ARP cache on each PC by issuing the arp -d command at the PC command prompt.
d. Confirm that the ARP cache is clear by issuing the arp -a command.
Step 3: Generate and examine ARP broadcasts

a. Launch Wireshark on each PC and start the packet capture for the traffic seen by the NIC in each PC. b. From the command line of each PC, ping all connected devices. c. Monitor the operation of Wireshark. Note the ARP traffic registering on each PC.
d. Stop the Wireshark capture on each PC. e. Examine the entries in the Wireshark Packet List (upper) Pane. How many ARP captures occurred for each device? ______________________________________________ ARP request and ARP reply for each device pinged List the source IP addresses of the ARP request and replies: ______________________________________________ Source IP addresses are the devices issuing the ping command and replies come from devices being pinged. ______________________________________________ ______________________________________________ Did each device receive an ARP request from every PC connected to the switch? __________ Yes f. Exit Wireshark. (You have the option to save the capture file for later examination.) Not required
Task 2: Demonstrate Broadcasts within Multiple VLANs

Step 1: Configure the VLANs on the switch
a. Using the established console session from PC1 to the switch, set the hostname by issuing the following command from the global configuration mode: Switch(config)# hostname FC-ASW-1 b. Set interfaces Fa0/1 and Fa0/2 to VLAN 10 by issuing the following commands from the global configuration and interface configuration modes: FC_ASW-1(config)#interface FastEthernet0/1 FC_ASW-1(config-if)#switchport access vlan 10 % Access VLAN does not exist. Creating vlan 10 FC_ASW-1(config-if)#interface FastEthernet0/2 FC_ASW-1(config-if)#switchport access vlan 10 c. Set interfaces Fa0/3 and Fa0/4 to VLAN 20 by issuing the following commands from the interface configuration mode: FC_ASW-1(config-if)#interface FastEthernet0/3
FC_ASW-1(config-if)#switchport access vlan 20 % Access VLAN does not exist. Creating vlan 20 FC_ASW-1(config-if)#interface FastEthernet0/4 FC_ASW-1(config-if)#switchport access vlan 20 FC_ASW-1(config-if)#end d. Confirm that the interfaces are assigned to the current VLANs by issuing the show vlan command from the Privileged EXEC mode. If the VLANs are not assigned correctly, troubleshoot the command entries shown in Steps 1b and 1c and reconfigure the switch.
Step 2: Prepare the PCs

a. Clear ARP cache on each PC by issuing the arp -d command at the PC command prompt. b. Confirm the ARP cache is clear by issuing the arp -a command.
Step 3: Generate ARP broadcasts

a. Launch Wireshark on each PC and start the packet capture for the traffic seen by the NIC in each PC. b. From the command line of each PC, ping each of the other three devices connected to the switch. c. Monitor the operation of Wireshark. Note the ARP traffic registering on the two PCs.
d. Stop the Wireshark capture on each PC. e. Examine the entries in the Wireshark Packet List (upper) Pane. How many ARP captures occurred for each PC? ______________________________________________ One ARP request and one ARP reply to the device in the PCs VLAN List the source IP addresses: ______________________________________________ Depends on PC. Each PC will only see other devices in its own VLAN. ______________________________________________ ______________________________________________ What is the difference between the captured ARP packets for each PC this time and those captured in Task 1? ______________________________________________ Only ARP requests were received from devices in the same VLAN. How many Ethernet broadcast domains are present now? __________ 2 broadcast domains including VLAN 10 and VLAN 20. Three VLANs counting the default VLAN 1. f. Exit Wireshark. (You have the option to save the capture file for later examination.)
Step 4: Clean up
Erase the configuration and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Page 5 of 10
CCNA Discovery Designing and Supporting Computer Networks Task 3: Reflection

a. Discuss the use of VLANS in keeping data traffic separated. What are the advantages of doing this? _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ b. When designing a network list different criteria that could be used to divide a network into VLANs. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Answers vary - discussions could include: Advantages of VLANS: Criteria: Location based VLANs (campuses, buildings, building levels) Organizational (sales, accounts, engineering) Type of traffic (network management, web data, database, voice, video) Reduce stress on bandwidth by limiting broadcasts to only those hosts on the VLAN not the entire network. Provides security and traffic filtering by limiting user access to one VLAN.
APPENDIX
Sample Configurations
Catalyst 2960 Switch FC-ASW-1 with VLANs configured ! FC-ASW-1(config)#int fa0/1 FC-ASW-1(config-if)#switchport access vlan 10 % Access VLAN does not exist. Creating vlan 10 FC-ASW-1(config-if)#int fa0/2 FC-ASW-1(config-if)#switch acc vlan 10 FC-ASW-1(config-if)#int fa0/3 FC-ASW-1(config-if)#switch acc vlan 20 % Access VLAN does not exist. Creating vlan 20 FC-ASW-1(config-if)#int fa0/4 FC-ASW-1(config-if)#switch acc vlan 20 FC-ASW-1(config-if)#end FC-ASW-1# FC-ASW-1#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 Fa0/1, Fa0/2 Fa0/3, Fa0/4
10 20 1002 1003 1004 1005 VLAN ---1 10 20 1002 1003 VLAN ---1004 1005
VLAN0010 VLAN0020 fddi-default token-ring-default fddinet-default trnet-default Type ----enet enet enet fddi tr Type ----fdnet trnet SAID ---------100001 100010 100020 101002 101003 SAID ---------101004 101005 MTU ----1500 1500 1500 1500 1500 MTU ----1500 1500 Parent -----Parent ------
active active act/unsup act/unsup act/unsup act/unsup RingNo -----RingNo ------
BridgeNo -------BridgeNo --------
Stp ---Stp ---ieee ibm
BrdgMode -------BrdgMode --------
Trans1 -----0 0 0 0 0 Trans1 -----0 0
Trans2 -----0 0 0 0 0 Trans2 -----0 0
Remote SPAN VLANs ------------------------------------------------------------------------------
Primary Secondary Type Ports ------- --------- ----------------- -----------------------------------------FC-ASW-1#show run Building configuration... Current configuration : 1294 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname FC-ASW-1 ! ! no aaa new-model ip subnet-zero ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending !

interface FastEthernet0/1 switchport access vlan 10 ! interface FastEthernet0/2 switchport access vlan 10 ! interface FastEthernet0/3 switchport access vlan 20 ! interface FastEthernet0/4 switchport access vlan 20 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1

no ip address no ip route-cache shutdown ! ip http server ! control-plane ! ! line con 0 line vty 5 15 ! end FC-ASW-1#
Cisco IOS command variations for switch platforms other than 2960 1900 FC-ASW-1# configure terminal FC-ASW-1(config)# vlan 10 name VLAN10 FC-ASW-1(config)# vlan 20 name VLAN20 FC-ASW-1(config)# interface ethernet 0/1 FC-ASW-1(config-if)# vlan static 10 FC-ASW-1(config-if)# exit FC-ASW-1(config)# interface ethernet 0/2 FC-ASW-1(config-if)# vlan static 10 FC-ASW-1(config-if)# end FC-ASW-1# show vlan-membership 2900 FC-ASW-1# vlan database FC-ASW-1(vlan)# vlan 10 name VLAN10 FC-ASW-1(vlan)# vlan 20 name VLAN20 FC-ASW-1(vlan)# exit 2950 Note: The above vlan database commands are deprecated for the 2950, use the following FC-ASW-1(config)# vlan FC-ASW-1(config-vlan)# FC-ASW-1(config-vlan)# FC-ASW-1(config)# vlan FC-ASW-1(config-vlan)# FC-ASW-1(config-vlan)# 2900 and 2950 FC-ASW-1# configure terminal FC-ASW-1(config)# interface fastethernet 0/1 FC-ASW-1(config-if)# switchport mode access FC-ASW-1(config-if)# switchport access vlan 10
10 name VLAN10 exit 20 name VLAN20 exit

FC-ASW-1(config-if)# FC-ASW-1(config-if)# FC-ASW-1(config-if)# FC-ASW-1(config-if)# interface fastethernet 0/2 switchport mode access switchport access vlan 10 end
Page 10 of 10
Lab 1.4.5 Identifying Network Vulnerabilities Instructor Version

Objectives
Use the SANS site to quickly identify Internet security threats. Explain how threats are organized. List several recent security vulnerabilities. Use the SANS links to access other security-related information.

This lab contains skills that relate to the following CCNA exam objectives: Describe security recommended practices including initial steps to secure network devices. Describe today's increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats. Explain general methods to mitigate common security threats to network devices, hosts, and applications. Describe the functions of common security appliances and applications.

Instructor note: This section helps the student realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of Network Vulnerabilities useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator maintain network security? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes:

This lab must be performed using a computer with Internet access. Network vulnerability and security issues vary over time; encourage students to use tools such as SANS on a regular basis. Whenever a new topic or device is introduced during this course, have students report on the latest network vulnerabilities that need to be considered in the context of that topic. One of the most popular and trusted sites related to defending against computer and network security threats is SANS. SANS stands for SysAdmin, Audit, Network, Security. SANS contains several components, each a major contributor to information security. For additional information about SANS, go to http://www.sans.org/ and select items from the Resources menu. How can a corporate security administrator quickly identify security threats? SANS and the FBI have compiled their list of the SANS Top-20 Internet Security Attack Targets at http://www.sans.org/top20/. The list is regularly updated with information under the following categories: Operating Systems Windows, Unix/Linux, MAC Cross-Platform Applications Includes web, database, Peer-to-Peer, instant messaging, media players, DNS servers, backup software, and management servers Network Devices Network infrastructure devices (routers, switches, etc.), VoIP devices Security Policy and Personnel Security policies, human behavior, personnel issues Special Section Prevention strategies and additional security issues
In this lab, you will be introduced to computer security issues and vulnerabilities. The SANS website will be used as a tool for threat vulnerability identification, understanding, and defense. Estimated completion time is one hour.
Step 1: Open the SANS Top 20 List

Using a web browser, go to http://www.sans.org/. On the resources menu, choose top 20 list.
The SANS Top-20 Internet Security Attack Targets list is organized by category. An identifying letter indicates the category type, and numbers separate category topics. Router and switch topics fall under the Network Devices category, N. There are two major hyperlink topics: N1. VoIP Servers and Phones N2. Network and Other Devices Common Configuration Weaknesses
Page 2 of 5

Step 2: Review common configuration weaknesses
a. Click hyperlink N2. Network and Other Devices Common Configuration Weaknesses. b. List the four headings in this topic. _____________________________________________ Description _____________________________________________ Common Default Configuration Issues _____________________________________________ Vulnerabilities in Printers _____________________________________________ How to Protect Against These Vulnerabilities
Step 3: Review common default configuration issues

Review the contents of N2.2 Common Default Configuration Issues. As an example, N.2.2.2 (in January 2007) contains information about threats associated with default accounts and values. A Google search on wireless router passwords returns links to multiple sites that publish a list of wireless router default administrator account names and passwords. Failure to change the default password on these devices can lead to compromised security and vulnerability to attackers.
Step 4: Note the CVE references

The last line under several topics cites references to CVE or Common Vulnerability Exposure. The CVE name is linked to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), sponsored by the United States Department of Homeland Security (DHS) National Cyber Security Division and US-CERT, which contains information about the vulnerability.
Step 5: Investigate a topic and associated CVE hyperlink

The remainder of this lab walks you through a vulnerability investigation and solution. Choose a topic to investigate, and click on an associated CVE hyperlink. The link should open a new web browser connected to http://nvd.nist.gov/ and the vulnerability summary page for the CVE. NOTE: Because the CVE list changes, the current list may not contain the same vulnerabilities as those in January 2007.
Step 6: Record vulnerability information

Complete the information about the vulnerability. Answers vary Original release date: ____________________________ Last revised: ___________________________________ Source: _______________________________________ Overview: _______________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________
Step 7: Record the vulnerability impact

Under Impact, there are several values. The Common Vulnerability Scoring System (CVSS) severity is displayed and contains a value between 1 and 10. Complete the information about the vulnerability impact. Answers vary CVSS Severity: _________________________________________________
Page 3 of 5

Access Complexity: ______________________________________________ Authentication: __________________________________________________ Impact Type: ___________________________________________________
Step 8: Record the solution

The References to Advisories, Solutions, and Tools section contains links with information about the vulnerability and possible solutions. Using the hyperlinks, write a brief description of the solution found on those pages. Answers vary ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Step 9: Reflection
The number of vulnerabilities to computers, networks, and data, continues to increase. Many national governments have dedicated significant resources to coordinating and disseminating information about security vulnerability and possible solutions. It remains the responsibility of the end user to implement the solution. Think of ways that users can help strengthen security. Write down some user habits that create security risks. Answers vary, but may include: Using weak passwords Writing down passwords Not changing passwords frequently Not securing workstations when leaving them unattended Not following procedures or protocols when divulging network information (checking a persons identity and clearance to have that information) Creating a work-around solution to a current security requirement (if it impedes a work process) instead of formally requesting that the issue be reviewed and amended. (Network administrators also need to be aware that network functionality is essential and that implementing security measures that render a business network feature inoperable is not viable.) ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Page 4 of 5

____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Challenge
Try to identify an organization that will meet with the class to explain how vulnerabilities are tracked and solutions applied. Finding an organization willing to do this may be difficult, for security reasons, but will benefit students, who will learn how vulnerability mitigation is accomplished in the world. It will also give representatives of the organization an opportunity to meet the class and conduct informal intern interviews.
Page 5 of 5
Lab 1.4.6A Gaining Physical Access to the Network Instructor Version

Topology 1
Device Designation R1 PC
Device Name FC-CPE-1 PC1
Fast Ethernet Address 10.0.0.1 10.0.0.254
Subnet Mask 255.255.255.0 255.255.255.0
Objectives
Gain access to a router with unknown login and privileged mode passwords. Demonstrate the necessity and importance of physical security for network devices.

This lab contains skills that relate to the following CCNA exam objectives: Implement basic router security.
Page 1 of 12

Describe today's increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats. Explain general methods to mitigate common security threats to network devices, hosts, and applications. Describe the functions of common security appliances and applications. Describe recommended security practices, including initial steps to secure network devices.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of network device access useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the devices physical access is configured correctly? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: Set up a network as displayed in Topology 1. Preconfigure the router with console, Telnet, and privileged mode with passwords that have not been previously used and are not known by the students. Configure the hostname, one Ethernet interface, and a message-of-the-day banner. Example of preconfiguration:
hostname FC-CPE-1 enable password different interface fa0/0 ip address 10.0.0.1 255.255.255.0 no shutdown banner motd #ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED Unauthorized access will be penalized in accordance with the relevant laws#
Page 2 of 12
line con 0 password unusual login line vty 0 4 password uncommon login Save the configuration by issuing the copy running-config startup-config command. Issue the show version command from the EXEC prompt and record the configuration register value from the last line of the command output. For example: Configuration register is 0x2101 Disconnect console connections and restart router. Configure the PC with IP address 10.0.0.254/24 This lab demonstrates that physical access is required to access and change the password of Cisco routers and switches. At first, an attempt to telnet to the router is made by trying to log in by guessing the password. When this proves unsuccessful, physical access to the console port on the router is made so that the passwords can be changed and control of the router is established. This demonstrates why it is of critical importance that routers and switches have physical security to prevent unauthorized access, in addition to strong password protection. When a console connection is made, the following principles apply to the process of accessing and changing the passwords of a router: Router passwords are in the startup-configuration file stored in NVRAM. The router boot sequence is changed so that it starts without loading the configuration. When running without the startupconfiguration loaded, the router can be reconfigured with new, known passwords. A memory location in NVRAM, called the configuration register, holds a binary value that determines the router startup sequence. The configuration register value needs to be changed so that the router boots but does not load the startup-configuration. When the passwords are changed, the configuration register is reset to a value that loads the changed startup-configuration when the router next powers on.
Task 1: Access and Change the Router Passwords

Step 1: Attempt login to the router
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab. a. Referring to the Topology 1, connect the host PC NIC Ethernet port to the router Fa0/0 Ethernet port using a crossover cable. Ensure that power has been applied to both the host computer and router. b. Using the given preconfigured topology, attempt to telnet to the router from the PC command line. Which IP address is used to telnet to the router? ___________________ 10.0.0.1 What does the message-of-the-day display? _______________________________________________________________________________ _______________________________________________________________________________ ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED

Unauthorized access will be penalized in accordance with the relevant laws How many login attempts are allowed? __________ 3 What message is displayed to indicate failure of the login attempts? _______________________________________________________________________________ % Bad passwords c. When this attempt at remote login fails, establish a direct physical connection to the router by making the necessary console connections between the PC and router. Then establish a terminal session using HyperTerminal or TeraTerm. What does the message-of-the-day display? _______________________________________________________________________________ _______________________________________________________________________________ ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED Unauthorized access will be penalized in accordance with the relevant laws Attempt to log in by guessing the password. How many login attempts are allowed? __________ 3 What message is displayed to indicate failure of the log-in attempts? __________________________________________ % Bad passwords The configuration register needs to be changed so that the startup-configuration is not loaded. Normally, this is this done from the global configuration mode, but because you cannot log in at all, the boot process must first be interrupted so that the change can be made in the ROM Monitor mode.
Step 2: Enter the ROM Monitor mode

ROM Monitor mode (ROMMON) is a limited command-line environment used for special purposes, such as low-level troubleshooting and debugging. ROMMON mode is invoked when a Break key sequence sent to the console port interrupts the router boot process. This can only be done via the physical console connection. The actual Break key sequence depends on the terminal program used: With HyperTerminal, the key combination is Ctrl+Break. For TeraTerm, it is Alt+b.
The list of standard break key sequences is available at http://www.cisco.com/warp/public/701/61.pdf a. To enter ROM Monitor mode, turn the router off, wait a few seconds, and turn it back on. b. When the router starts displaying System Bootstrap, Version on the terminal screen, press the Ctrl key and the Break key together if using HyperTerminal, or the Alt key and the b key together if using TeraTerm. The router will boot in ROM monitor mode. Depending on the router hardware, one of several prompts such as "rommon 1 >" or simply > may show. Example output may be similar to: Router>System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Self decompressing the image : #################################### monitor: command "boot" aborted due to user interrupt rommon 1 >

Step 3: Examine the ROM Monitor mode help
Enter ? at the prompt. The output should be similar to this: rommon 1 > ? alias set and display aliases command boot boot up an external process break set/show/clear the breakpoint confreg configuration register utility context display the context of a loaded image dev list the device table dir list files in file system dis display instruction stream help monitor builtin command help history monitor command history meminfo main memory information repeat repeat a monitor command reset system reset set display the monitor variables sysret print out info from last system return tftpdnld tftp image download xmodem x/ymodem image download
Step 4: Change the configuration register setting to boot without loading configuration file
From the ROM Monitor mode, enter confreg 0x2142 to change the config-register. rommon 2 > confreg 0x2142 NOTE: The ROMMON prompt increments when a command is issued this is normal behavior. The increment does not mean a change of mode. The same ROMMON commands are still available. "0x" (zero- x) denotes that 2142 is a hexadecimal value. What is this value in binary? ___________________________________________________ 0010 0001 0100 0010 Instructor note: The confreg program is available to decode configuration register values. It can be downloaded from Academy Connection Tools. From Tools, select the CCNA Curriculum (not CCNA Discovery or CCNA Exploration), and then select any v3.1 course. Click Cisco Configuration Register Decoder to download the program. After it is installed and executed, the program will display the binary and hexadecimal values of the register that set the different router startup sequences and console communications.
Step 5: Restart router

a. From the ROM Monitor mode, enter reset, or power cycle the router. rommon 3 > reset Due to the new configuration register setting, the router will not load the configuration file. After restarting, the system prompts: "Would you like to enter the initial configuration dialog? [yes/no]:" b. Enter no and press Enter.
Step 6: Enter Privileged EXEC mode and view and change passwords
The router is now running without a loaded configuration file.
Page 5 of 12

a. At the user mode prompt Router>, enter enable and press Enter to go to the privileged mode without a password. b. Use the command copy startup-config running-config to restore the existing configuration. Because the user is already in privileged EXEC, no password is needed. c. Enter show running-config to display the configuration details. Note that all the passwords are shown. enable password different line con 0 password unusual line vty 0 4 password uncommon What two measures could be taken to prevent the passwords from being readable? ____________________________________________ service password encryption ____________________________________________ enable secret somepassword d. If the passwords were not readable, they can be changed. Enter configure terminal to enter the global configuration mode. e. In global configuration mode, use these commands to change the passwords: FC-CPE-1(config)#enable password cisco FC-CPE-1(config)#line console 0 FC-CPE-1(config-line)#password console FC-CPE-1(config-line)#login FC-CPE-1(config-line)#line vty 0 4 FC-CPE-1(config-line)#password telnet FC-CPE-1(config-line)#login
Step 7: Change the configuration register setting to boot and load the configuration file
a. The instructor will provide you with the original configuration register value, most likely 0x2101. While still in the global configuration mode, enter config-register 0x2101 (or the value provided by your instructor). Press Enter. FC-CPE-1(config)#config-register 0x2101 b. Use the Ctrl+z combination to return to the privileged EXEC mode. c. Use the copy running-config startup-config command to save the new configuration.
d. Before restarting the router, verify the new configuration setting. From the privileged EXEC prompt, enter the show version command and press Enter. e. Verify that the last line of the output reads: Configuration register is 0x2142 (will be 0x2101 at next reload). f. Use the reload command to restart the router.
Step 8: Verify new password and configuration

a. When the router reloads, log in and change mode using the new passwords. b. Issue the no shutdown command on the fa0/0 interface to bring it up to working status. FC-CPE-1(config-if)# no shutdown c. Save the running configuration to startup configuration FC-CPE-1# copy run start d. Disconnect the console cable and access the router using Telnet from the PC command line.
Page 6 of 12

The newly configured passwords will allow a successful login.
Step 9: Clean up
Erase the configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Page 7 of 12
CCNA Discovery Designing and Supporting Computer Networks Topology 2
Crossover cable Console cable
Serial cable Straight-through cable
Device Designation S1 PC
Device Name FC-ASW-1 PC1
IP Address 10.0.0.2 10.0.0.254
Subnet Mask 255.255.255.0 255.255.255.0
Instructor notes: Set up a network as displayed in Topology 2. Preconfigure the router with console, Telnet, and privileged mode passwords that have not been previously used and are not known by the students. Configure the hostname, a message-of-the-day banner, and the VLAN 1 interface. Example of preconfiguration: hostname FC-ASW-1 enable password different interface Vlan1 ip address 10.0.0.2 255.255.255.0 no shutdown banner motd #ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED Unauthorized access will be penalized in accordance with the relevant laws# line con 0 password unusual login line vty 0 15 password uncommon

login copy running-config startup-config Restart the switch
This task demonstrates that physical access is required to access and change the password of Cisco switches, and again why it is of critical importance that routers and switches also have physical security to prevent unauthorized access. After unsuccessful attempts to remotely log in, a console connection is made and the following principles are applied to the process of accessing and changing the passwords of a switch: Switch passwords are in the configuration file called config.txt, which is stored in flash memory. The switch boot sequence is changed so that it starts without loading the configuration. When running without the configuration loaded, the switch can be reconfigured with new, known passwords.
Task 2: Access and Change the Switch Passwords

Step 1: Attempt login to the switch
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab. a. Referring to the Topology 2, connect the host PC NIC Ethernet port to the switch Fa0/1 Ethernet port using a straight-through cable. Ensure that power has been applied to both the host computer and switch. b. Using the given preconfigured topology, attempt to telnet to the router from the PC command line. Which IP address is used to telnet to the router? ___________________ 10.0.0.2 What does the message-of-the-day display? _______________________________________________________________________________ _______________________________________________________________________________ ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED Unauthorized access will be penalized in accordance with the relevant laws How many login attempts are allowed? __________ 3 What message is displayed to indicate failure of the login attempts? _______________________________________________________________________________ % Bad passwords Connection to host lost. c. When this attempt at remote login fails, establish a direct physical connection to the router by making the necessary console connections between the PC and switch. Then establish a terminal session using HyperTerminal or TeraTerm. What does the message-of-the-day display? _______________________________________________________________________________ _______________________________________________________________________________ ONLY AUTHORIZED ACCESS TO THIS DEVICE PERMITTED
Page 9 of 12

Unauthorized access will be penalized in accordance with the relevant laws Attempt to log in by guessing the password. How many login attempts are allowed? __________ 3 What message is displayed to indicate failure of the log-in attempts? __________________________________________ % Bad passwords To prevent the configuration from loading, the config.txt file is renamed so that the switch IOS cannot locate and load a valid configuration file. To rename the file, the boot process must be interrupted so that the change can be made in the "switch:" mode.
Step 2: Enter the switch: mode

a. Power off the switch. b. Locate the MODE button on the front of the switch. c. Hold down the MODE button on the front of the switch while powering on the switch. Release the MODE button after 10 seconds. Output similar to the following should be displayed: Base ethernet MAC Address: 00:0a:b7:72:2b:40 Xmodem file system is available. The password-recovery mechanism is enabled. The system has been interrupted prior to initializing the flash files system. The following commands will initialize the flash files system, and finish loading the operating system software: flash_init load_helper boot switch: d. To initialize the file system and finish loading the operating system, enter the following commands at the switch: prompt: switch: flash_init switch: load_helper e. To view the contents of flash memory, enter dir flash: at the switch: prompt. switch: dir flash: NOTE: Do not forget to type the colon (:) after the word flash in the command dir flash: The file config.txt should be seen listed. f. Enter rename flash:config.text flash:config.old to rename the configuration file. This file contains the password definitions.
g. Enter dir flash: at the switch: prompt to view the name change. switch: dir flash:
Step 3: Restart the switch

a. Enter boot to restart the switch. switch: boot

The configuration file coinfig.txt cannot be located; therefore, the switch boots into Setup mode. b. Would you like to terminate autoinstall? [Yes]: Y c. Would you like to enter the initial configuration dialog? [yes/no] N Switch>
Step 4: Enter Privileged EXEC mode and view and change passwords
The switch is now running without a loaded configuration file. a. At the user mode prompt Router>, type enable and press Enter to go to the privileged mode without a password. b. Enter rename flash:config.old flash:config.text to rename the configuration file with its original name. Switch#rename flash:config.old flash:config.text Destination filename [config.text]? Press Enter to confirm file name change. c. Copy the configuration file into RAM. Switch#copy flash:config.text system:running-config Destination filename [running-config]? Press Enter to confirm file name. d. Press Enter to accept the default file names. Source filename [config.text]? Destination filename [running-config] The configuration file is now loaded. e. Enter show running-config to display the configuration details. Note that all the passwords are shown. enable password different line con 0 password unusual line vty 0 4 password uncommon What two measures could be taken to prevent the passwords from being readable? ____________________________________________ service password encryption ____________________________________________ enable secret somepassword f. If the passwords were not readable they can be changed. Enter configure terminal to enter the global configuration mode.
g. Change the unknown passwords. FC-ASW-1#configure terminal FC-ASW-1(config)#enable password cisco FC-ASW-1(config)#line console 0 FC-ASW-1(config-line)#password console FC-ASW-1(config-line)#line vty 0 15 FC-ASW-1(config-line)#password telnet FC-ASW-1(config-line)#exit FC-ASW-1(config)#exit
Step 5: Save the configuration file

Use the copy running-config startup-config command to save the new configuration.
Page 11 of 12

FC-ASW-1#copy running-config startup-config Destination filename [startup-config]?[enter] Building configuration... [OK] FC-ASW-1#
Step 6: Verify new password and configuration

Power cycle the switch and verify that the passwords are now functional.
Step 7: Clean up
Erase the configurations and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
Consider the different methods of securing physical access to networking devices such as routers and switches. List how only those people who require access can be identified and how this security can be implemented. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ NOTE: It is important to remember that the passwords (console, cisco, class, telnet) used in these labs are for convenience only. These are not secure passwords that would be used in production networks. Answers can vary. Examples include: Physical security includes locking rooms and closets containing switches and routers. Networking devices sharing common space with other services, such as electrical power panels, should be enclosed in a separated lockable cabinet. Keys and access codes should only be given to identified authorized personnel. People authorized to access the networking devices should include only those network personnel required to configure and troubleshoot switches and routers as part of their regular or daily duties. Other IT personnel such as help desk staff, data center administrators, or desktop support workers would normally not be required to access switches and routers.
Page 12 of 12
Lab 1.4.6B Implementing Port Security Instructor Version
Device Designation S1 PC1 PC2 Linksys Internet Port
Device Name FC-ASW-1 Host 1 Host 2 Intruder
VLAN 1 Address 10.0.0.2 10.0.0.254 10.0.0.253 10.0.0.252
Subnet mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Page 1 of 11
Objectives
Configure port security on individual FastEthernet ports on a switch. Test and confirm the configured switch port security.

This lab contains skills that relate to the following CCNA exam objectives: Perform and verify initial switch configuration tasks, including remote access management. Verify network status and switch operation using basic utilities (including: ping, traceroute, Telnet, SSH, arp, ipconfig), and show and debug commands. Implement basic switch security (including port security, trunk access, management VLAN other than VLAN 1, etc.).

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why do you think that network administrators implement port security in their network? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if port security is working properly? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This lab may be performed using Packet Tracer, but some outputs may vary. If more than two PCs per lab pod are available, these could also be used as extra "intruder" devices. Using the given topology, students will set and test switch port security. The aim is to highlight the purpose of securing Access Layer switch ports against the connection of unauthorized devices to the network. The instructions and CLI command and output format given in this lab are based on the Cisco Catalyst C2960 switch running IOS version 12.2. Note that different switch platforms and IOS versions may result in different
Page 2 of 11

command and output formats than shown. A sample of selected equivalent commands and output for other platforms is given in the APPENDIX to this Instructor Version lab. Network security is an important responsibility for network administrators and network designers. Access Layer switch ports are accessible through the structured cabling at wall outlets. Anyone can plug in a PC, laptop, or wireless Access Point at one of these outlets. These outlets are potential entry points to the network by unauthorized users. Switches provide a feature called port security. With port security, it is possible to limit the number of MAC addresses that can be learned on an interface. The switch can be configured to take an action [shut down], if this number is exceeded. The number of MAC addresses per port can be limited, commonly to 1. The first address dynamically learned by that switch for that port becomes the secure address. Using the given topology, this lab configures a switch to provide network access to only 2 PCs and tests this security by attempting to connect an "intruder" device, the Linksys Wireless Router, to the secure port.
Task 1: Configure and Test the Switch Connectivity

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the switch and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and switch. b. Establish a console terminal session from PC1 to switch S1. c. Prepare the switch for lab configuration by ensuring that all existing VLAN and general configurations are removed. 1) Remove the switch startup configuration file from NVRAM. Switch#erase startup-config Erasing the nvram filesystem will remove all files! Continue? [confirm] 2) Press Enter to confirm. The response should be: Erase of nvram: complete Instructor Note: If the switch has previously been configured with VLANs, it will necessary to delete the VLAN database information file. From the privileged EXEC mode, issue the following commands: Switch#delete vlan.dat Delete filename [vlan.dat]?[Enter] Delete flash:/vlan.dat? [confirm] [Enter] If there was no VLAN file, this message is displayed: %Error deleting flash:/vlan.dat (No such file or directory) It is recommended that the delete command delete flash:vlan.dat not be issued. Accidentally omitting vlan.dat from this command could lead to the complete IOS being deleted from flash memory. Issuing the reload command to restart the switch may not always clear the previous VLAN configuration; therefore, the following power cycle (hardware restart) step is recommended. d. Power cycle the switch and exit the initial configuration setup when the switch restarts.
Page 3 of 11

Step 2: Configure the switch
Configure the hostname and VLAN 1 interface IP address as shown in the table.
Step 3: Configure the hosts attached to the switch

a. Configure the two PCs to use the same IP subnet for the address and mask as shown in the table. b. Connect PC1 to switch port Fa0/1 and PC2 to switch port Fa0/4. The Linksys device is not connected at this stage of the lab.
Step 4: Verify host connectivity

Ping between all PCs and the switch to verify correct configuration. If any ping was not successful, troubleshoot the hosts and switch configurations.
Step 5: Record the host MAC addresses

Determine and record the Layer 2 addresses of the PC network interface cards. (For Windows 2000, XP, or Vista, check by using Start > Run > cmd > ipconfig /all.) PC1 MAC Address: _______________________________ e.g., 00-07-EC-93-3CD1 PC2 MAC Address: _______________________________ e.g., 00-01-C7-E4-ED-E6
Step 6: Determine what MAC addresses the switch has learned

a. At the privileged EXEC mode prompt, issue the show mac-address-table command to display the PC MAC addresses that the switch has learned. FC-ASW-1#show mac-address-table Record the details displayed in the table. ____________________________________________________________________________ ____________________________________________________________________________ Mac Address Table ------------------------------------------Vlan ---1 1 Mac Address ----------0001.c7e4.ede6 0007.ec93.3cd1 Type -------DYNAMIC DYNAMIC Ports ----Fa0/1 Fa0/4
NOTE: The MAC addresses above are examples only. b. Note the MAC addresses shown and the associated switch ports. Confirm that these addresses and ports match the connected PCs. How were these MAC addresses and port associations learned? ____________________________________________________________________________ ____________________________________________________________________________ The source MAC addresses of the ping echo requests and ping replies (echoes) were recorded against the incoming ports.
Page 4 of 11
CCNA Discovery Designing and Supporting Computer Networks Task 2 Configure and Test the Switch for Dynamic Port Security
Step 1: Set port security options
a. Disconnect all PCs Ethernet cables from the switch ports. b. Ensure that the MAC address table is clear of entries. To confirm this, issue the clear macaddress-table dynamic and show mac-address-table commands. a. Clear the MAC address table entries. FC-ASW-1#clear mac-address-table dynamic b. Issue the show mac-address-table command. Record the table entries. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Mac Address Table ------------------------------------------Vlan ---c. Mac Address ----------Type -------Ports -----
Determine the options for setting port security on interface FastEthernet 0/4. From the global configuration mode, enter interface fastethernet 0/4. FC-ASW-1(config)#interface fa 0/4 Enabling switch port security provides options, such as specifying what happens when a security setting is violated.
d. To configure the switch port FastEthernet 0/4 to accept only the first device connected to the port, issue the following commands from the configuration mode: FC-ASW-1(config-if)#switchport mode access FC-ASW-1(config-if)#switchport port-security e. In the event of a security violation, the interface should be shut down. Set the port security action to shutdown: FC-ASW-1(config-if)#switchport port-security violation shutdown FC-ASW-1(config-if)#switchport port-security mac-address sticky What other action options are available with port security? ____________________________________________________ protect, restrict f. Exit the configuration mode.
Step 2: Verify the configuration

a. Display the running configuration. What statements in the configuration directly reflect the security implementation? __________________________________ interface FastEthernet0/4 __________________________________ switchport mode access __________________________________ switchport port-security

__________________________________ switchport port-security mac-address sticky b. Show the port security settings. FC-ASW-1#show port-security interface fastethernet 0/4 Record the details displayed in the table. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Port Security Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address:Vlan Security Violation Count : : : : : : : : : : : : Enabled Secure-down Shutdown 0 mins Absolute Disabled 1 0 0 0 0000.0000.0000:0 0
Step 3: Verify the port security

a. Connect PC1 to switch port Fa0/1 and PC2 to switch port Fa0/4. b. From the command prompt ping from PC1 to PC2. Was this successful? __________ Yes c. From the command prompt ping from PC2 to PC1. Was this successful? __________ Yes d. From the console terminal session, issue the show mac-address-table command. Record the details displayed in the table. ____________________________________________________________________________ ____________________________________________________________________________ Mac Address Table ------------------------------------------Vlan ---1 1 Mac Address ----------0001.c7e4.ede6 0007.ec93.3cd1 Type -------DYNAMIC STATIC Ports ----Fa0/1 Fa0/4
Page 6 of 11

NOTE: The MAC addresses above are examples only. Ask students to consider why Fa0/4 entry is shown as static. e. Show the port security settings. FC-ASW-1#show port-security interface fastethernet 0/4 Record the details displayed in the table. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Port Security Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address:Vlan Security Violation Count : : : : : : : : : : : : Enabled Secure-up Shutdown 0 mins Absolute Disabled 1 1 0 1 0001.c7e4.ede6:1 [pc2] 0
Note the difference in entries recorded in Step 2 b. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ The Port Status is now Secure-up (a PC is connected). There is 1 sticky MAC address. The Last Source Address and VLAN are shown. f. Confirm the status of the switch port. ALSwitch#show interface fastethernet 0/4 What is the state of this interface? FastEthernet0/4 is __________ up and line protocol is __________ up.
Step 4: Test the port security

a. Disconnect PC2 from Fa0/4 b. Connect PC2 to the Linksys using one of the ports on the Linksys LAN switch. c. Use the Basic Setup tab to configure the Internet IP address on the Linksys device to the address and mask, as shown in the table.
Page 7 of 11

d. Configure PC2 to get an IP address using DHCP. Verify that PC2 receives an IP address from the Linksys device. e. Connect the Internet port on the Linksys to Fa0/4. f. Ping from PC1 to PC2. Was this successful? __________ No g. Ping from PC2 to PC1. Was this successful? __________ No Record the output displayed on the console screen at the switch command line. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ERR_DISABLE: psecure-violation error detected on Fa0/4, putting Fa0/4 in err-disable state %LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down h. Issue the show mac-address-table command. Record the details displayed in the table. ____________________________________________________________________________ ____________________________________________________________________________ Mac Address Table ------------------------------------------Vlan ---1 Mac Address ----------0001.c7e4.ede6 Type -------DYNAMIC Ports ----Fa0/1
NOTE: The MAC address above is an examples only. i. Show the port security settings. FC-ASW-1#show port-security interface fastethernet 0/4 Record the details displayed in the table. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Port Security Port Status : Enabled : Secure-shutdown
Page 8 of 11

Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address:Vlan Security Violation Count : : : : : : : : : : Shutdown 0 mins Absolute Disabled 1 1 0 1 0800.4606.fbb6:1 1
Note the difference in entries recorded in Step 3 e. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ The Port Status is now Secure-shutdown. There is 1 Security Violation. The Last Source Address has changed to that of the Linksys device. j. Confirm the status of the switch port. FC-ASW-1#show interface fastethernet 0/4 What is the state of this interface? FastEthernet0/4 is __________ down and line protocol is __________ down.
Step 5: Reactivate the port

a. If a security violation occurs and the port is shut down, enter interface Fa0/4 configuration mode, disconnect the offending device, and use the shutdown command to temporarily disable the port. b. Disconnect the Linksys and reconnect PC2 to port Fa0/4. Issue the no shutdown command on the interface. c. Ping from PC1 to PC2. This may have to be repeated multiple times before success. List reasons why multiple ping attempts may be necessary before success is achieved. ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Spanning Tree Protocol needs to run. ARP requests have to be sent and received. The switch has to learn the MAC address-port associations.
Step 6: Discuss switch port security using dynamic MAC address assignment
Advantages: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Page 9 of 11

Host MAC addresses do not have to be recorded and transcribed when switch is configured. There is flexibility when connecting a large number of hosts, providing the ports used are in the correct VLAN. Disadvantages: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ If an incorrect host is connected to the switch before the correct host, network security could still be violated. Hosts may be connected to the wrong VLAN. When a NIC is changed in a PC, or when the PC is replaced, the network administrator must manually reset the port security.
Step 7: Clean up
Erase the configurations and reload the switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
When considering designing a typical enterprise network, it is necessary to think about points of security vulnerability at the Access Layer. Discuss which Access Layer switches should have port security and those for which it may not be appropriate. Include possible future issues in regard to wireless and guest access to the network.
Answers can vary, considerations may include: What types of hosts are connected to the switch; e.g., general PCs, IP phones, printers, servers. The type of users - employees or guests Where access is made - in secure office or in public area Type of access - wired or wireless Investigating the security features available on different switch platforms How port security policies can be implemented and managed. Static versus dynamic port security
APPENDIX: Instructor IOS and Configuration Notes 1. Switch IOS Release variations Since Cisco IOS Release 12.1(11)EA1 the command mac-address-table has the form mac addresstable. (no "-" between mac and address). However, it was found that a C2960 running 12.2(25)SEE3 supported both forms of the command. S1(config)#mac-address-table ? aging-time Set MAC address table entry maximum age move Move keyword
Page 10 of 11

notification static Enable/Disable MAC Notification on the switch static keyword
S1(config)#mac address-table ? aging-time Set MAC address table entry maximum age move Move keyword notification Enable/Disable MAC Notification on the switch static static keyword S1(config)#mac ? access-list Named access-list address-table Configure the MAC address table 2. Switch Platform Variation C1900: S1(config)#interface ethernet 0/4 S1(config-if)#port secure ? max-mac-count Maximum number of addresses allowed on the port <cr>
C1900: S1#show mac-address-table security C1900: S1(config)#interface Ethernet 0/4 S1(config-if)#port secure max-mac-count 1
C2950: S1(config-if)#switchport port-security violation shutdown C2900XL: S1(config-if)#port security action shutdown C1900: The default action upon address violation is suspend
Page 11 of 11
Lab 2.1.3 Creating a Project Plan Instructor Version

Objectives
Describe the Plan Phase of the network lifecycle. Create a checklist with outcomes for the Plan Phase of the network lifecycle.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What benefits are gained from designing a network upgrade using a network lifecycle approach? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the project plan has succeeded? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. Acting as the network designers, students are to begin to develop a network project plan. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should complete an individually compiled Project Plan Checklist document.
Page 1 of 4

The completed checklists and documents should become part of the FilmCompany portfolio that the student will continue to build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Instructors should recommend that students keep their documents in a portfolio. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. In this lab, you have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is the first of a series of labs that explore the FilmCompany existing network and its upgrade requirements. In this lab you, will use the information in the separate document, Lab Case Study: The FilmCompany, to examine the second phase of the six phases of the Cisco Lifecycle Services: The Prepare Phase The Plan Phase The Design Phase The Implement Phase The Operate Phase The Optimize Phase
For the Plan Phase, you will perform a site and operations assessment. The details of the project and its implementation will be developed in forthcoming labs.
Step 1: Evaluate the current network, operations, and network management infrastructure
a. Use word processing software to create a Project Plan Checklist document based on this lab. b. From the case study, document, identify, and assess the current state of the following factors: Physical facilities: ______________________________________ At capacity/Scope for growth Environmental facilities: _________________________________ At capacity/Scope for growth Electrical facilities: _____________________________________ At capacity/Scope for growth
For each factor, indicate whether it is at capacity or has scope for growth. Include these factors on the checklist with your assessment. c. Assess the ability of the current operations and network management infrastructure to support a new technology solution. On the checklist, list the following categories and include what changes must be completed before the implementation of any new technology solution. Infrastructure Personnel Processes Tools
d. Identify and add to the checklist any custom applications that may be required for the new network.
Page 2 of 4

Step 2: Outline the project plan
a. To manage the project, the project plan includes five components. List these five components and an example of each, and then add them to the checklist. 1) ____________________________________________________________________ 2) ____________________________________________________________________ 3) ____________________________________________________________________ 4) ____________________________________________________________________ 5) ____________________________________________________________________ 1) Tasks (Install wireless Access Points, configure routers) 2) Timelines and critical milestones (Calendar or chart) 3) Risks and constraints (Temporary loss of services, budget) 4) Responsibilities (Allocation of tasks) 5) Resources required: (Cabling, equipment, time, specialist skills) b. The plan needs to be within the scope, cost, and resource limits established by the business goals. List any potential issues that the FilmCompany may have to consider to meet these goals, and then add them to the checklist. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ Responses vary; examples include: Source of funding to finance the project What can be achieved within a given time limit? c. The FilmCompany and the stadium management need to assign staff to manage the project from each of their perspectives. List the desirable skills and knowledge that these individuals should possess, and then add them to the checklist. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ Responses vary; examples include: Good communication skills Good organizational and planning skills Up-to-date knowledge of networking services Current technical networking knowledge and skills d. Save your Project Plan Checklist document. You will use it during the next stages of this network design case study.
Page 3 of 4

Step 3: Reflection
Sometimes apparent urgency, pressure to present results, and enthusiasm for a project can create a work environment that causes projects to be started before proper planning has been completed. Consider and discuss the potential problems that result from starting a network upgrade before completely assessing the existing network. ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ Issues may include: New equipment may be incompatible with existing equipment. Existing network infrastructure may be able to run new services. Unnecessary new equipment may be purchased. Loss of network services may occur while upgrade takes place. Time and financial budgets may exceed limits.
Page 4 of 4
Lab 2.1.6 Observing Traffic Using Cisco Network Assistant Instructor Version
Device Designation Switch 1 Switch 2 Admin PC PC1 Router Discovery Server
Device Name FC-ASW-1 ProductionSW ADMIN PC1 FC-CPE-1 Discovery Server
IP Address VLAN1 10.0.0.4 VLAN1 10.0.0.5 10.0.0.2 10.0.0.3 Fa0/0 10.0.0.1 Fa0/1 172.17.0.1 172.17.1.1
Subnet mask
255.255.255.0 255.255.255.0 255.255.255.0 255.255.0.0 255.255.0.0
Objectives
Explain what occurs during the Operate Phase of the network lifecycle. Use Cisco Network Assistant to monitor the outcomes of the Operate Phase of the network lifecycle. Establish the network baseline performance.
Page 1 of 9
CCNA Discovery Designing and Supporting Computer Networks 640-802 CCNA Exam Objectives
This lab contains skills that relate to the following CCNA exam objectives: Describe the purpose and functions of various network devices. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH or other utilities. Determine the path between two hosts across a network.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What benefits are gained from determining the network baseline performance of a network? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are the probable outcomes if the network baseline performance is exceeded? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Note: This lab introduces Cisco Network Assistant as a tool to monitor the operation of a working network. A more detailed consideration of using Cisco Network Assistant to monitor the performance of a network is given in Lab 2.5.2. Cisco Network Assistant is available for download from the Classroom Setup Tab on the Academy Connection Tools page. It can also be downloaded from http://www.cisco.com. A valid Cisco.com Registration (CCO) is required to access the download site. There are many levels of Cisco.com access available. The registration process is explained in Task1 of Chapter 3 Lab 3.2.3 where students create their own account. Students do not need a Cisco.com registration for this lab. Once downloaded, install the Cisco Network Assistant program on the Admin PC used in the lab. This lab also uses Discovery Server as a representative source of application data traffic. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternately, a local lab server can be set up to provide representative data traffic. If possible this should include FTP and HTTP/Web traffic. The lab topology can be preconfigured if student time is limited. The Admin and Host1 PCs use DHCP on their respective VLANs. Sample configurations for the router and two switches are in the Appendix of this Instructor Version lab. The configurations are based on Cisco 1841 router and Cisco Catalyst 2960 switches.

FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. In this lab, you have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. After the network is upgraded, the FilmCompany personnel will manage the network to ensure that it is performing to the design specifications outlined in the Prepare and Plan phases. The Operate and Optimize phases of the network lifecycle are ongoing. They represent the day-to-day operations of a network. The purpose of this lab is to introduce the Cisco Network Assistant as a tool to monitor the current FilmCompany network and establish a network baseline. A network baseline will help the company achieve maximum availability, scalability, security, and manageability. The lab examines the principle of determining a network baseline. Cisco Network Assistant is required to be installed on one PC used in this lab. Cisco Network Assistant is a network management and monitoring program that is provided for free and can be downloaded from http://www.cisco.com. See your instructor if this program is not available in the lab.
Step 1: Establish the network baseline criteria

Network baselining is the measuring and rating of the performance of a network as it transports data in real time. A baseline is a type of "network snapshot" of the devices and their performance. Creating a baseline enables you to see the current network load and, by maintaining that baseline, identify network issues before they become critical. For example, with all the network routers baselined, including the CPU capability and usage, if gradual increases in CPU usage are noted, the issue can be addressed before network performance deteriorates. List the devices in the lab network and the characteristics that should be monitored. __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ Router, Switches, Host PCs, Server, Bandwidth
Step 2: Configure network connectivity

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab. a. Connect the devices in accordance with the given topology and configuration. Your instructor may substitute Discovery Server with an equivalent server for this lab. b. See your instructor regarding device configuration. If the devices are not configured, then from the Admin PC, establish a terminal session in turn to each switch and the router using HyperTerminal or TeraTerm. Configure these devices in accordance with the configuration details provided. c. Ping between all devices to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Page 3 of 9

Step 3: Set up Cisco Network Assistant
a. From the Admin PC, launch the Cisco Network Assistant program. b. Set Cisco Network Assistant to discover the network. One method is to establish a "community" of devices. From the Application menu, click Communities.
c.
In the Communities window, click Create.
d. In the Name field, enter FilmCompany. e. List the four options available in the Discover field:
Page 4 of 9

______________________________________________________ A single device by IP address ______________________________________________________ Devices using a seed IP address ______________________________________________________ Devices on a subnet ______________________________________________________ Devices in an IP address range f. From the Discover drop-down list, select Devices in an IP address range.
g. At the Start IP address, enter 10.0.0.1 h. At the End IP address, enter 10.0.0.5 i. j. k. Click Start. The devices found will be listed. Click OK on the Create Community and Communities dialog boxes. Note the range of icons now available on the top toolbar. Click the Topology icon on the top toolbar and view the topology that Cisco Network Assistant has created.
Step 4: Examine Cisco Network Assistant features

Cisco Network Assistant provides a range of features to display text and graphical information about the network devices. From the topology view window, right click each devices ID and select properties. What protocol is used to discover and obtain the device information displayed? ______________________________________________ Cisco Discovery Protocol
Page 5 of 9

Step 5: Examine sample Cisco Network Assistant output
Once devices are added to the community, the links can be monitored from the Monitor tab of Cisco Network Assistant.
Page 6 of 9
Step 6: Clean up
Challenge
This lab focused on monitoring individual devices in a network. Consider, research, and discuss the network factors that should be included in network baseline measurements. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________
Responses vary but examples include: Testing and reporting of the physical connectivity Normal network utilization Peak network utilization Average throughput of the network usage Protocol usage
In-depth network analysis can identify problems with speed and accessibility and can find vulnerabilities and other problems within the network. Once a network baseline has been established, this information can be
Page 7 of 9

used to determine both present and future network upgrade needs as well as assist in making changes to ensure the current network is optimized for peak performance. Network analysis techniques include: Physical health analysis Broadcast storm analysis Network capacity overload analysis Network throughput analysis Transport and file retransmission analysis Packet route and path cost analysis End-to-end file transfer analysis Drill-down data-decoding steps and specific techniques
APPENDIX - Instructor Version Only
Sample Configurations (Based on Cisco 1841 Router and Catalyst 2960 Switch) - Instructor Version Only Router FC-CPE-1 hostname FC-CPE-1 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 no shutdown ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 no shutdown ! ====================================================================== Switch FC-ASW-1 ! hostname FC-ASW-1 ! enable password cisco ! ! interface GigabitEthernet1/1 switchport mode trunk ! interface GigabitEthernet1/2 !
======================================================================
Page 8 of 9

Switch ProductionSW
hostname ProductionSW ! interface GigabitEthernet1/1 switchport mode trunk !
Page 9 of 9
Lab 2.3.2 Creating a Network Organization Structure Instructor Version

Objective
Explain and diagram the structure of the customer organization.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ When designing a network upgrade, what benefits are gained from determining the range and type of users? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. Acting as the network designers, students are to create a network organization structure document for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should complete an individually compiled network organization structure document. The completed checklists and documents should become part of the FilmCompany portfolio that the student will continue to build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Instructors should recommend that students keep their documents in a portfolio. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the
Page 1 of 3

StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is one of a series of labs that explore the FilmCompany existing network and its upgrade requirements. A comprehensive network project plan has to include details of how the network users interact with the network resources and services. To ensure that all user requirements are met the, network designer gathers information about all internal and external access to the existing network infrastructure. In this lab, you will create a network organization structure of the FilmCompany. All stakeholders in the structure internal network users, IT organizations, external customers, suppliers, and partners are to be included.
Step 1: Determine the network users

a. Use word processing software to create a network organization structure document. b. Examine the FilmCompany case study document and the sample interview. c. Identify and list the potential end users. ______________________________________________________ General office staff ______________________________________________________ Sales staff ______________________________________________________ Media Production staff ______________________________________________________ Remote staff working off site at stadium ______________________________________________________ Vendors, suppliers, and partners ______________________________________________________ IT and network support and administration ______________________________________________________ Customers d. Diagram the relationship between these users. Draw circles on a page and label each with a type of network user Use lines to connect together those groups that directly communicate with each other
Step 2: Assess impact of user network access

a. Identify and include the different types of existing and potential new network services the listed users may require. Group the users under the type of network services they use. ______________________________________________________ ______________________________________________________ Wireless, VOIP, management vlan, security, etc. b. The impact of adding new user groups to the network also needs to be assessed. Identify and include in the network organization structure document: New user groups The type of access required Where access is allowed
Page 2 of 3

c. The overall impact on security
Save your network user structure document and network organization diagram and retain it for the next stages of this network design case study.
Step 3: Reflection
The total number of users has a direct impact on the scale of the network at the Access Layer. The type of users and the services they require also have implications for the network structure. Discuss and consider the impact that the range of network services required by even a relatively small number of users can have on the network structure. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________
Page 3 of 3
Lab 2.3.3 Prioritizing Business Goals Instructor Version

Objective
Determine and prioritize the project business goals.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What benefits does the network designer gain from determining the business goals and assigning them priorities? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What problems could arise in a network project if goals and priorities were not set? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. Acting as the network designers, students are to create a business goals and priority checklist document for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer; good communications skills are often necessary to gather all the relevant details.
Page 1 of 4

Regardless of the lab strategy adopted, each student should complete an individually compiled business goals and priority checklist document. The completed checklists and documents should become part of the FilmCompany portfolio that the student will continue to build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Instructors should recommend that students keep their documents in a portfolio. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is one of a series of labs that explore the FilmCompany existing network and its upgrade requirements. A comprehensive network project plan has to include details of the project business goals and priorities. In this lab, to ensure that the information gathered is accurate, you will create a checklist that lists the business goals and priorities of the FilmCompany network upgrade project.
Step 1: Determine the business goals

a. Use word processing software to create a business goals document. b. From the sample interview in the FilmCompany case study document, identify and list the business goals that the network upgrade is expected to provide. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ These goals can be Financial, such as: Profitability Can the project reduce costs or help the business avoid costs in the future? Business growth and market share Can the project help the business grow more efficiently or create competitive advantages?
Or the goals may be Strategic: c. Customer satisfaction Can the project improve the customer experience and increase customer loyalty? Reputation and industry standing Will the project develop specific core technology competencies in the organization?
Identify and list at least four business goals from the case study interview. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ Profitability, business growth, customer satisfaction, industry standing, etc.
d. Discuss these goals with another student, or in a group, to clarify understanding of the goals.
Page 2 of 4

Instructor Note: At least six separate business goals related to the network upgrade can be drawn from the case study interview. Students may combine or distinguish between the goals in different ways. It is important that a sense of what the FilmCompany wants the network upgrade to achieve for their business is identified. The network upgrade may not be relevant to some of the goals expressed in the interview.
Step 2: Prioritize the business goals

a. Rank the list of business goals in order of priority. Base this ranking on the information in the case study document and discussion with other students. b. List the ranked business goals in a table and assign a priority value as a percentage. The total of the percentage values must equal 100.
Prioritizing Business Goals
Priority
Total
100%
c.
Discuss your priority values with other students. If there are differences in priorities, discuss why this has occurred and attempt to resolve them. Instructor Note: While some differences in priority values may occur, it would be expected that the final ranking order should be the same in all cases. Have students discuss these priorities from both the perspective of their role as the network designer and from the perspective of the FilmCompany as the customer.
d. Save your Project Prioritized Business Goals Checklist document and retain it for the next stages of this network design case study.
Page 3 of 4

Step 3: Reflection
Having prioritized the business goals as the stated objectives of a network upgrade project does not necessarily ensure that the project will be a success. These objectives need to be measured against success criteria to determine whether the business goals were achieved. Before a project can be declared a success, the objectives must be shown to have met the success criteria statements. Consider and discuss possible success criteria based on the business goals for the FilmCompany network upgrade. __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ Discussion and outcomes vary but may include: Achieve a customer satisfaction measure of at least four on a scale of five within four months after upgrade. Increase the media data volume by 80% with 2 months of upgrade completion. Achieve positive cash flow from the stadium contract within 12 months. Increase financial turnover by 75% within 18 months. Respond to 90% of customer non-live media production requests within 12 hours and 100% within 18 hours. Reduce unit production costs by 15% over 6 months and 20% over 12 months. Meet customer live media production targets 97.5% of the time. Total project cost does not exceed 105% of the initial budget. The actual delivery schedule is within 105% of the initial deadline. Load testing confirms successful scale-up to 10 concurrent users, with data throughput rates at no less than 85% of specifications. All unauthorized network intrusions are intercepted, prevented, logged, and reported. The mean time to failure under specified load conditions is at least 100 hours. At least 75% of existing network components were reused.
Page 4 of 4
Lab 2.4.1 Establishing Technical Requirements Instructor Version

Objective
Identify and document the technical requirements.

This lab contains skills that relate to the following CCNA exam objectives: Describe the purpose and functions of various network devices. Select the components required to meet a network specification.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What benefits are gained from identifying the technical requirements of a project before it is started? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is it important to consider both the technical requirements and the business requirements of a project? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. Acting as the network designers, students are to create a technical requirements checklist document for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context.
Page 1 of 4

Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer; good communications skills are often necessary to gather all the relevant details. Regardless of the lab strategy adopted, each student should complete an individually compiled technical requirements checklist document. The completed checklists and documents should become part of the FilmCompany portfolio that the student will continue to build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Instructors should recommend that students keep their documents in a portfolio. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is one of a series of labs that explore the FilmCompany existing network and its upgrade requirements. A comprehensive network project plan has to include details of technical requirements of the project. In this lab, you will create and prioritize the technical requirements for the network so that it meets the FilmCompany business goals and priorities.
Step 1: Determine the technical requirements

a. Use word processing software to create a technical requirements document. b. From the case study document and checklists developed in previous labs, identify and list the technical requirements that will enable the network upgrade to meet the FilmCompany business goals. The technical requirements document provides direction for the network designer in the following decisions: c. Selecting network equipment Designing the topology Choosing protocols Selecting network services
Discuss these technical requirements with another student, or in a group. Consider the range of possible technical solutions to meet the business goals of the FilmCompany. ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Instructor Note: Encourage students to discuss and explore a wide range of technical solutions to achieve the business goals the FilmCompany expects the network upgrade to provide. Constraints to these ideas will be considered in the next lab.
Page 2 of 4

Step 2: Prioritize the technical requirements
The network designer works with the customer to create a prioritized list of technical requirements. This list will be used to define the project scope. a. Rank the list of technical requirements in order of priority. Base this ranking on the information in the case study document and discussion with other students. It is useful to categorize the technical requirements into the following areas: Availability and Performance Security Scalability Manageability
b. List the ranked technical requirements in a table and assign a priority value as a percentage. The total of the percentage values must equal 100. Category Prioritized Technical Requirements Priority
Availability and Performance
Security
Scalability
Manageability
TOTAL c.
100
Discuss your priority values with other students. If there are differences in priorities discuss why this has occurred and attempt to resolve them. ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________
Page 3 of 4

Instructor Note: In establishing the technical requirements of the network upgrade it is important that students use the FilmCompany business goals and priorities as the reference. Recommending a technical requirement that does not facilitate the achievement of a business goal is not how business is done. Although the network designer (student in this case) may see a particular network technology or service as useful, if it does not fit the business case driving the upgrade project, it does not provide any commercial outcomes for the company; i.e., it is wasted expenditure. d. Save your Project Prioritized Technical Requirements Checklist document and retain it for the next stages of this network design case study.
Step 3: Reflection
When discussing technical requirements with the customer, the network designer must consider the technical level of the audience. Technical terms and jargon may not be clearly understood by the customer. Such terms should either be avoided or tailored to the level of detail and complexity that the customer can understand. Compile a list of networking technical terms and jargon that may need to be expressed or explained to a nontechnical business customer. Develop an explanation or definition for each term that a non-technical business customer can understand for the purpose of discussing a network upgrade with them. _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ Outcomes will vary. Suggest using the curriculum glossary to compile an appropriate terminology list.
Page 4 of 4
Lab 2.4.2 Identifying Organizational Constraints Instructor Version

Objective
Identify the constraints that affect the network design, including cost, schedule, and resource constraints.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is identifying the constraints that apply to a project an important part of the network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. Acting as the network designers, students are to create a checklist of project constraints for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues for which the case study does not provide sufficient information. Wherever possible, apply local examples to the application of the principles of network design process in this case study to provide students with a realistic workplace context. Use a classroom brainstorming session to identify the constraints and relate them to the prioritized case study business goals. Students may then compile the checklist individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer; good communications skills are often necessary to gather all the relevant details. Regardless of the lab strategy adopted, each student should complete an individually compiled project constraints checklist document. The completed checklists and documents should become part of the FilmCompany portfolio that the student will continue to build throughout the rest of the course. Instructors will need to monitor the progress of this
Page 1 of 3

project for the rest of this course. Instructors should recommend that students keep their documents in a portfolio. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the sports stadium. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is one of a series of labs that explore the FilmCompany existing network and its upgrade requirements. A comprehensive network project plan has to include details of constraints that apply to the project. In this lab, you will identify the organizational constraints that apply to the FilmCompany case study network upgrade project design.
Step 1: Identify possible project constraints

a. Use word processing software to create a project constraints document. b. Develop a list of possible constraints that set limits or boundaries on the network upgrade project by brainstorming ideas with other students. ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Here are some examples of some constraints to complete optimal network design, answers may vary. Constraints could be in the form of purchasing the appropriate hardware, hiring sufficient staff to manage the upgrade, resources to train personnel managing the upgrade, warranty costs. Current company policy may impose restrictions to network upgrade in the form of security or usage. Are there any new functions, such as VPN, introduced in this network design that are inconsistent with current company Acceptable Usage Policy? Will the proposed network design be completed within the time allowed? How will this design affect other IT or other company projects? (For example, is there a critical software upgrade imperative to business success planned during this time? Are there architectural upgrades planned during this time, i.e. new carpet, renovations, which would require temporary movement of equipment?) c. Classify each constraint as one of the four following types: Budget Policy Schedule Personnel
Step 2: Tabulate the relevant constraints

a. Relate the list of constraints to the prioritized business goals of the FilmCompany. b. Develop a definitive list of items that apply specifically to the FilmCompany case study.
Page 2 of 3

c. Enter the constraints into a table.
FILMCOMPANY CONSTRAINTS CONSTRAINT GATHERED DATA Answers include: Use as much of the current equipment to minimize cost Restricted access to external WAN and Internet infrastructure COMMENTS
Budget
Policy
Schedule
Time to complete
Personnel
Availability, work schedule
d. Save your Project Constraints Checklist document and retain it for the next stages of this network design case study.
Step 3: Reflection
The constraints imposed on this network design project are determined by the internal requirements of the FilmCompany. Consider and discuss external constraints. Include constrains that may be beyond the control of the business but which, in some circumstances, affect a network design project. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Outcomes will vary. Points may include: Shortage of skilled personnel Unavailability of equipment or cabling of the required technical specifications Reliable public electricity supply Lack of accommodation to house the expanded business and its network infrastructure Restricted access to external WAN and Internet infrastructure
Page 3 of 3
Lab 2.5.2 Monitoring Network Performance Instructor Version
Device Designation Switch 1 Switch 2 Admin PC PC1 Router Discovery Server S1
Device Name FC-ASW-1 ProductionSW ADMIN PC1 FC-CPE-1 Discovery Server
IP Address VLAN 10.0.0.4 VLAN 10.0.0.5 10.0.0.2 10.0.0.3 Fa0/0 10.0.0.1 Fa0/1 172.17.0.1 172.17.1.1
Subnet mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.0.0 255.255.0.0
Objective
Describe methods of monitoring network performance to ensure that the network design is working appropriately.

This lab contains skills that relate to the following CCNA exam objectives: Describe the purpose and functions of various network devices.
Page 1 of 9

Select the components required to meet a network specification. Determine the path between two hosts across a network.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What benefits are gained from monitoring network performance? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are possible actions a network administrator could take if network performance was noted to be deteriorating? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Note: This lab uses Cisco Network Assistant to monitor the operation of a working network. Cisco Network Assistant is available for download from the Classroom Setup Tab on the Academy Connection Tools page. It can also be downloaded from http://www.cisco.com. A valid Cisco.com Registration (CCO) is required to access the download site. There are many levels of Cisco.com access available. The registration process is explained in Task1 of Chapter 3 Lab 3.2.3 where students create their own account. Students do not need a Cisco.com registration for this lab. Once downloaded, install the Cisco Network Assistant program on each PC used in the lab. This lab also uses Discovery Server to provide representative application data traffic. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternately, a local lab server can be set up to provide representative data traffic. If possible, this should include FTP and HTTP/Web traffic. The lab topology can be preconfigured if student time is limited. Sample configurations for the router and two switches are in the Appendix of this Instructor Version lab. The configurations are based on Cisco 1841 router and Cisco Catalyst 2960 switches. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent.
Page 2 of 9

To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. After the network is upgraded, the FilmCompany personnel will manage the network to ensure that it is performing to the design specifications outlined in the Prepare and Plan phases. This lab simulates the monitoring of the current FilmCompany network during its operations. It is used to note if baseline performance is exceeded. This information will help determine how the network needs to be upgraded to meet the requirements of the new stadium contract. The network management and monitoring program Cisco Network Assistant is required to be installed on each PC used in this lab. Cisco Network Assistant is a program provided free and can be downloaded from http://www.cisco.com. See your instructor if this program is not available in the lab.

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab. a. Connect the devices in accordance with the given topology and configuration. Your instructor may substitute Discovery Server with an equivalent server for this lab. b. See your instructor regarding device configuration. If the devices are not configured from the Admin PC, establish a terminal session in turn to each switch and the router using HyperTerminal or TeraTerm. Configure these devices in accordance with the configuration details provided. c. Ping between all devices to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 2 Set up Cisco Network Assistant

a. From the Admin PC, launch the Cisco Network Assistant program. b. Set Cisco Network Assistant to discover the network. Establish a "community" of devices. 1) From the Application menu, select Communities. 2) In the Name field, enter FilmCompany. 3) From the Discover drop-down list, select Devices in an IP address range. 4) Enter the start and end addresses of the router and two switches. Start IP address ________________________ 10.0.0.1 End IP address ________________________ 10.0.0.5 c. Display the network topology and add the found devices to the community.
Page 3 of 9
Step 3: Monitor network traffic

Examine the different bandwidth graphs for the network devices and determine what graphs are the most useful for monitoring network traffic at this stage. a. Use PC1 to generate network traffic. b. Ping and telnet to Discovery Server. c. Open the Discovery Server home web page in a browser on PC1.
d. Use FTP to download a file from Discovery Server.
Page 4 of 9
Page 5 of 9
Page 6 of 9
Page 7 of 9
Step 4: Review the data

Typical network monitoring would be performed over a period of time. Discuss with other students and record here what conclusions could be drawn from the limited information monitored in this lab. What area do you think requires more investigation before the information would be useful in planning a network upgrade? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Answers vary.
Step 5: Clean up
Step 6: Reflection
The usefulness of monitoring network traffic and performance is maximized when the full range of network usage and service situations has been recorded. Consider and discuss when recorded network performance data should be considered for network design purposes and occasions when it should not be included. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Responses vary. Possible answers include: Ensuring single extraordinary events that effect network traffic and performance are not included - for example a civil emergency.

The time range of the monitoring needs to include all peak and non-peak business cycles.
Sample Configurations (Based on Cisco 1841 Router and Catalyst 2960 Switch) - Instructor Version Only Router FC-CPE-1 hostname FC-CPE-1 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 no shutdown ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 no shutdown ! ====================================================================== Switch FC-ASW-1 ! hostname FC-ASW-1 ! enable password cisco ! ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 ip address 10.0.0.4 255.255.255.0
====================================================================== Switch ProductionSW
hostname ProductionSW ! enable password cisco ! ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 ip address 10.0.0.5 255.255.255.0
Lab 2.5.3 Investigating Network Monitoring Software

Objective
Describe how network monitoring tools can be used to page or send email to on-call technicians.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What benefits are gained from network support technicians understanding what network monitoring tools are available? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What problems could arise if network problems are not immediately detected and acted upon by technical or network support staff? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Note: This lab is performed using a computer with Internet access. Students are to research and examine the features of SNMP-based network monitoring software. If Academy lab resources are sufficient, a sample program can be downloaded and demonstrated to students to enhance their learning; however, this program is not a formal part of this lab. This lab refers to Plixer Denika v7 (http://www.plixer.com/products/denika.php) as an example program that provides monitoring and notification functions but this does not exclude other such programs being researched, referred to, or used. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent.
Page 1 of 4

To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. In this lab, you have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. After the network is upgraded, the FilmCompany personnel will manage the network to ensure that it is performing to the design specifications outlined in the Prepare and Plan phases. In this lab research the possible range of networking utility programs that use SNMP to monitor network performance and notify support staff when an out-of-limits condition is detected.
Step 1: SNMP overview

Simple Network Management Protocol is a common network management protocol. The protocol enables network administrators to gather data about the network and corresponding devices. SNMP management system software is available in tools such as CiscoWorks. SNMP management agent software is often embedded in operating systems on servers, routers, and switches. SNMP has four main components: Management station Management agents Management Information Base (MIB) Network management protocol
Descriptions of SNMP are available at: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm http://www.protocols.com/pbook/tcpip9.htm#SNMP As part of a network management system, SNMP tools can respond to network errors or failures in several ways. Generally, when a network fault occurs, or when predefined thresholds are met; the SNMP tools can react by: Sending an alert on the network Sending a message to a pager Sending an email to an administrator
The FilmCompany is required to maintain a specified level of network service to meet its StadiumCompany contract obligations. They need to purchase network management software that enables them to monitor and manage the new upgraded network.
Step 2: Search for SNMP monitoring programs

a. Using a computer with Internet access, use a web browser to search for examples of SNMP monitoring programs. Use search terms such as: SNMP reporting SNMP notification SNMP monitoring
b. List other appropriate search terms. ____________________________________ ____________________________________ ____________________________________ ____________________________________
Page 2 of 4

c. Note and compare the features of a number of the monitoring programs found. Name: ___________________________________ Website: ____________________________ Key features: __________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
Name: ___________________________________ Website: ____________________________ Key features: __________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
d. Select a program that would be suitable for the FilmCompany network and give reasons for your selection. Discuss your choice of program with other students. Program: _________________________________ Website: ____________________________ Reasons: ___________________________________________________________________
_____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
Step 3: Example SNMP program

An example SNMP monitoring program is Plixer Denika v7. a. Go to the website for this program at http://www.plixer.com/products/denika.php. b. List the type of reports that this program can generate. ________________________________________________ Utilization Reports ________________________________________________ Service Level Reports ________________________________________________ TOPn Reports ________________________________________________ Custom Thresholds ________________________________________________ Scheduled Reports
Page 3 of 4

________________________________________________ Real-time Statistics ________________________________________________ Cisco NBAR & IP SLA c. Read the details for each type of report. Select the report type that would be most applicable to ensure a problem with the performance of the link carrying real time video data from the StadiumCompany to FilmCompany was addressed as soon as possible. Summarize the features of this reporting provided by this program. __________________________________________________________ Service Level Reports __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ See http://www.plixer.com/products/denika_service_level_reports.php
Step 4: Reflection
Consider and discuss the organizational or business support necessary to make best use of network monitoring programs with event-triggered notification features. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Responses vary and may include: The event thresholds and conditions that trigger notifications must be set so that unnecessary notifications are not sent, but critical conditions are reported and notification is sent. Company employees who are notified must be both technically capable of resolving the issue and available to do so when notified. This will require the company to ensure that staff is trained in the response processes, in the technical skills, and in troubleshooting and problem solving. Employee rosters and task allocation need to consider these issues.
Page 4 of 4
Lab 3.1.2 Creating a Logical Network Diagram Instructor Version

Objectives
Use router and switch commands to obtain information about an existing network. Use Cisco Network Assistant to obtain information about an existing network. Develop a logical network diagram.

This lab contains skills that relate to the following CCNA exam objectives: Describe the purpose and functions of various network devices. Interpret network diagrams. Determine the path between two hosts across a network. Verify network status and switch operation using basic utilities (including: ping, traceroute, Telnet, SSH, arp, ipconfig), and show and debug commands. Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH, or other utilities. Verify router hardware and software operation using show and debug commands.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are the benefits of a logical network diagram to a network administrator? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are possible actions a network administrator could take if the monitoring highlighted issues? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 1 of 17
CCNA Discovery Designing and Supporting Computer Networks Background / Preparation

Instructor Note: This lab requires a precabled and preconfigured network using the topology and configurations shown in the Appendix of this Instructor Version of the lab. Where possible, it is recommended that instructors have the lab topology cabled and configured as shown in the Appendix prior to the commencement of the lab class. Ideally, students should have physical access only to the designated "Administrator" PC. This will ensure that the only information they can obtain is by using the Cisco IOS commands and Cisco Network Assistant. Task 1 has the students use Telnet and various Cisco IOS show commands to methodically gather information about the network topology. This information is recorded in tabular form and used to create a topology diagram. Task 2 demonstrates the use of Cisco Network Assistant to obtain graphical information about the network Cisco Network Assistant is available for download from the Classroom Setup Tab on the Academy Connection Tools page. It can also be downloaded from http://www.cisco.com. A valid Cisco.com Registration (CCO) is required to access the download site. There are many levels of Cisco.com access available. The registration process is explained in Task1 of Chapter 3 Lab 3.2.3 where students create their own account. Students do not need a Cisco.com registration for this lab. Once downloaded, install the Cisco Network Assistant program on each PC used in the lab. The completed tables and topology diagrams should become part of the FilmCompany portfolio that the student will continue to build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Instructors should recommend that students keep their documents in a portfolio. The sample configurations provided for this lab are based on the Cisco 1841 router and Catalyst 2960 switch. If other network device models are used, the configurations may have to be amended. In this lab, you have the task of documenting an enterprise network. However, you do not have physical access to the devices, cabling information, or other documentation. You will first discover as much information as possible by telnetting from an administrator PC into the network devices and using router and switch commands. The Telnet access password for all devices is cisco and the password to enter privileged EXEC mode is class. You will record this information and use it to draw a logical topology diagram of the network. You will then use the network management and monitoring program Cisco Network Assistant to display the topology graphically. This program is required to be installed on each PC used in this lab. Cisco Network Assistant is a program provided free and can be downloaded from http://www.cisco.com. See your instructor if this program is not available in the lab.
Task 1: Use Cisco IOS Commands to Obtain Information about the Network
Step 1: Discover and document the first device
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Your instructor will advise you as to which PC is configured for Administrator access to the network. Access this Admin PC and issue the ipconfig command from the command prompt to discover the default gateway. b. Telnet from the command prompt (or use a terminal program such as HyperTerminal or TeraTerm) to the IP address of the gateway device and enter privileged EXEC mode using the passwords given above. c. Issue Cisco IOS commands, such as those shown here as well as others you choose to use, to learn about the device.
Page 2 of 17

show show show show show running-config ip route interfaces ip interface brief version
Record this information in the first Device Table at the end of this lab. d. Issue Cisco IOS commands such as those shown here to discover information about connected devices. show cdp neighbors show cdp neighbors detail It may take a few minutes for the network to converge. If you do not see any neighboring devices initially, repeat the command until you do. Document the information you gather in the appropriate Device Tables. e. Close the Telnet session by issuing the exit command.
Step 2: Discover the remaining devices

a. Telnet to the IP address of a device connected to the first device interrogated, and repeat the process in Step 1. Document this new device in an appropriate Device Table. b. Repeat this process until all devices in the network are discovered and documented. As you work through the network devices, record the details of each and sketch a diagram of the network devices and their interconnections. When IP address information has been recorded, what other commands could be used to confirm connectivity and trace interconnections between devices? ________________________________________________ ping ________________________________________________ tracert and traceroute Can a connectivity trace be relied upon to return details of all the pathways between devices? Give reasons for your response. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ No, all pathways will not be returned because routing at Layer 3 and STP at Layer 2 will cause only one pathway between devices to be shown if redundant or alternate connections exist.
Task 2: Use Cisco Network Assistant to Obtain Information about the Network
Step 1: Launch Cisco Network Assistant
a. Launch the Cisco Network Assistant program on the PC connected to the network. b. Network devices can be accessed for monitoring and information gathering. From the Applications menu, click Connect. c. In the Connect dialog box, select the Connect To: option and enter the default gateway of the Admin PC in the field, as shown.
Page 3 of 17
Step 2: Record the network topology

a. Record the displayed topology. The display will look similar to this sample.
Page 4 of 17

Cisco Networking Assistant can display the properties of each device.
b. Continue to connect to each known device. Record the topology displayed and compare it with the diagram that you created from the results of Task 1.
Step 3: Collate the network information

Assemble your completed network Device Tables and Topology Diagrams into your FilmCompany case study portfolio for use in later labs.
Step 4: Clean up
Task 3: Reflection
a. These techniques were used to discover and document an enterprise LAN. Would the same techniques work for an enterprise network that included WAN links? ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ b. Could these techniques be used in a network that included routers and switches from a manufacturer other than Cisco? Why or why not? ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Cisco Network Assistant only supports devices listed in the FAQ of the program. Other types of software can be used for multi-brand networks.
Page 5 of 17

Device Tables:
Router Hostname _________________________ Model ____________________________ IOS version ______________________________ Interface IP Address Subnet Mask Connects to Device Connects to Interface
Page 6 of 17
Switch Hostname _________________________ Model ____________________________ IOS version ___________________________ IP Address __________________________________ Subnet Mask __________________________________ Default Gateway ______________________________ Trunk Ports Connects to Device Connects to Interface
Active Access Ports
VLAN Number
VLAN Name
Page 7 of 17

Switch Hostname _________________________ Model ____________________________ IOS version ____________________________ IP Address __________________________________ Subnet Mask __________________________________ Default Gateway ______________________________ Trunk Ports Connects to Device Connects to Interface
Active Access Ports
VLAN Number
VLAN Name
Active Access Ports
VLAN Number
VLAN Name
Page 8 of 17

Active Access Ports
VLAN Number
VLAN Name
Active Access Ports
VLAN Number
VLAN Name
Page 9 of 17
CCNA Discovery Designing and Supporting Computer Networks Network Diagram

Use this page to sketch a logical network topology diagram based on the information that you tabulated and noted in Tasks 1 and 2.
Page 10 of 17

NOTE: To ensure the best learning outcomes do not allow student access to this topology diagram or these configurations Topology - Instructor Version Only
Sample Configurations (Based on Cisco 1841 Router and Catalyst 2960 Switch) - Instructor Version Only Administrator PC: IP Address 10.10.0.10 255.255.255.0 Default Gateway 10.10.0.254 Router FC-CPE-1 no service password-encryption ! hostname FC-CPE-1 ! enable password class
Page 11 of 17

! interface FastEthernet0/0 ip address 10.10.0.254 255.255.255.0 no shutdown ! interface FastEthernet0/1 ip address 10.20.0.254 255.255.255.0 no shutdown ! interface Vlan1 no ip address shutdown ! ! line con 0 line vty 0 3 line vty 4 password cisco login ! end ================================================================= Router FC-CPE-2 no service password-encryption ! hostname FC-CPE-2 ! enable password class ! interface FastEthernet0/0 ip address 10.20.0.253 255.255.255.0 no shutdown ! interface FastEthernet0/1 ip address 10.40.0.253 255.255.255.0 no shutdown ! interface Vlan1 no ip address shutdown ! line con 0 line vty 0 3 login line vty 4 password cisco login ! end ====================================================================== Switch FC-ASW-1
Page 12 of 17

no service password-encryption ! hostname FC-ASW-1 ! enable password class ! interface FastEthernet0/1 ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2

! interface Vlan1 ip address 10.10.0.100 255.255.255.0 no shutdown ! ip default-gateway 10.10.0.254 ! line con 0 ! line vty 0 4 password cisco login line vty 5 15 password cisco login ! end ================================================================== Switch FC-ASW-2 no service password-encryption ! hostname FC-ASW-2 ! enable password class ! interface FastEthernet0/1 ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15

! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 ip address 10.40.0.40 255.255.255.0 no shutdown ! ip default-gateway 10.40.0.25 ! line con 0 ! line vty 0 4 password cisco login line vty 5 15 login ! ! end ================================================================== Switch ProductionSW no service password-encryption ! hostname ProductionSW ! enable password class ! interface FastEthernet0/1 ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4

! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 ip address 10.10.0.200 255.255.255.0 no shutdown ! ip default-gateway 10.10.0.254 ! line con 0 ! line vty 0 4 password cisco login line vty 5 15

password cisco login ! ! end
Page 17 of 17
Lab 3.2.2 Using show version to Create an Inventory List Instructor Version
Topology 1
Objectives
Use IOS show commands to determine the version and capabilities of an installed IOS. Use Cisco.com website tools to determine the features and capabilities of an IOS.

This lab contains skills that relate to the following CCNA exam objectives: Perform and verify initial switch configuration tasks, including remote access management. Verify router hardware and software operation using show and debug commands.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be?

______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
How is an understanding of the networking device IOS useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why would a network administrator change the networking device IOS to a different version or feature set? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This lab requires access to both the Internet and the classroom lab equipment. If both are not available at the one location, Task 1 and Task 2 can be partially performed at two different locations. After recording details of the router and switch, students are to use the software and feature search tools on Cisco.com. Note that Cisco.com is an extensive and information-rich website. Product information on the website can be accessed via a number of pathways. The steps and links given in this lab show just one of those pathways. Students should become familiar and comfortable with the process of searching and locating information using a range of approaches. This lab is specifically based on the 1841ISR and 2960 switch. The CLI output and Cisco.com documentation details vary accordingly if platforms other than these are used in this lab. If other platforms are available, students are encouraged to perform similar searches for these devices to reinforce practice at using the Cisco.com website. Attached as an appendix to this Instructor Version for in-class reference is a list of the typical IOS features found for an 1841 ISR. The features and capabilities of the Cisco IOS installed on a router and switch determine which network features it can provide. When considering a network upgrade, it is important to determine precisely what the current devices can do. If shortcomings are found in device IOS capabilities, the planned upgraded services cannot be provided and the device IOS will have to be upgraded. In this lab, you will examine the installed IOS on a router and switch, and then use the Cisco.com website to more precisely list the features of the IOS. This lab is based on the 1841 ISR and 2960 switch. The results of this lab will vary accordingly if other devices are used.
Task 1: Determine the Capabilities of the IOS of a Cisco 1841 ISR

Step 1: Inspect the installed IOS
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Referring to Topology 1, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router.

b. Establish a HyperTerminal or other terminal emulation program connection to the router. c. From the privileged EXEC mode prompt of the terminal, issue the show version command. Record the following details: Results will vary; examples shown. IOS version ______________________________ Version 12.4(1c) Name of the system image (IOS) file ___________________________ 1841-ipbase-mz.124-1c.bin IOS Feature Set ___________________________ IP BASE Date of code build __________________________ Compiled Tue 25-Oct-05 Where the router IOS image booted from ____________________________________ ROM: System Bootstrap, Version 12.4(13r)T Type of processor board ________________________________ Processor board ID FTX1118X09K Amount of DRAM __________________________ 128 MB Number of Ethernet interfaces _____________________ 2 Number of serial interfaces _______________________ 2 Amount of NVRAM _____________________________ 191K bytes of NVRAM Amount of flash memory ________________________ 31360K bytes of ATA CompactFlash Configuration register ___________________________ 0x2102 d. Issue the show flash command. Record the following details: Results will vary; examples shown. The amount of flash memory available and used _______________________________________ 126976 bytes available (31805440 bytes used) The size of the IOS file _____________________________ 13937472 bytes e. Issue the show running-configuration command. Record features that indicate what the router is capable of. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Results will vary; examples include ip subnet-zero, ip cef, ip classless
Step 2: Examine the IOS feature set on Cisco.com (1)

a. Go to the website http://www.cisco.com. b. Remember that the Cisco main website changes frequently. The steps listed here representative of the procedure for accessing the resources. If the options do not appear as listed, please check with your instructor or use the cisco.com search functions to find the IOS Software Selector. c. Roll over the Support tab and select Support.
d. On the Support page, under Frequently Used Resources, click Tools & Resources. e. At the bottom of the Tools & Resources page, click the Show All Tools button to display tools by category. f. Scroll to the Software section.
g. Click Cisco IOS Software Selector.


h. Click Search by Release/Product Code/Platform. 1) At Platform select: 1841. Click Continue. 2) At Release select: 12.4(3c) 3) At Feature Set select: IP BASE Print or select and save the search results. NOTE: The list of features may be more than 10 printed pages. i. Examine the listed features. From your understanding of IOS features, group three or four features under headings such as: Answers vary; examples include: Routing: ____________________________________________________ EIRGP, OSPF, RIP Security: ____________________________________________________ VPN, L2TP, RADIUS IP Services: _________________________________________________ DHCP, NAT Converged Services: __________________________________________ LLQ, QoS, WFQ Network Management: ___________________________________________________________ SNMP, SSH, CDP Other: ________________ WAN ___________________________________________________________ Frame Relay, ISDN, PPP

a. If your IOS version is different than the IOS version in Step 2, repeat this search using your IOS version. Record your results. b. Compare this list of features with the list from Step 2.
Step 4: Clean up
Erase any configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Page 4 of 13
Topology 2
Task 2: Determine the Capabilities of the IOS of a Cisco 2960 Switch

Step 1: Inspect the installed IOS
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so these can be restored at the conclusion of the lab. a. Referring to Topology 2, connect the console cable to the console port on the switch and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and switch. b. Establish a HyperTerminal or other terminal emulation program to the switch. c. From the privileged EXEC mode prompt of the terminal, issue the show version command. Record the following details: Results will vary; examples shown. IOS version ______________________________ Version 12.2(25)SEE3 Name of the system image (IOS) file ___________________________ c2960-lanbase-mz.12225.SEE3 IOS Feature Set ___________________________ LAN BASE Date of code build __________________________ Compiled Thu 22-Feb-07 Type of processor board and processor _____________________________________________ Processor board ID FOC1122Z4BJ, PowerPC405 processor Amount of DRAM _________________________ 64 MB
Page 5 of 13

Number of Fast Ethernet interfaces ________________ 24 Number of Gigabit Ethernet interfaces ______________ 2 Amount of NVRAM _____________________________ 64K bytes of NVRAM Amount of flash memory ________________________ 32514048 bytes total Configuration register ___________________________ 0xF d. Issue the show flash command. Record the following details: Results will vary; examples shown. The amount of flash memory available and used _______________________________________ 32514048 bytes total (24804864 bytes free) The size of the IOS file _____________________________ 7709184 bytes

a. Go to the website http://www.cisco.com. b. Roll over the tab and select Support. c. On the Support page, under Frequently Used Resources, click Tools & Resources.
d. At the bottom of the Tools & Resources page, click the Show All Tools button to display tools by category. e. Scroll to the Software section. f. Click Cisco IOS Software Selector - Cisco Feature Navigator.
g. Click Search by Platform. 1) At Platform select: CAT2960. Click Continue. 2) At Major Release select: 12.2SEE (The screen will refresh after each selection) 3) At Release select: 12.2(25)SEE3 4) At Feature Set select: LAN BASE Print or select and save the search results. NOTE: The list of features may be more than 10 printed pages. h. Examine the listed features. From your understanding of IOS features group 1 or 2 features under headings such as: Answers vary; examples include: Routing: ____________________________________________________ None (Layer 2 switch) Security: ____________________________________________________ RADIUS, ACL IP Services: _________________________________________________ DHCP Converged Services: __________________________________________ AutoQoS Network Management: _________________________________________ SNMP, SSH, CDP Other: ______________________________________________________ IEEE 802.1Q, STP

a. If your IOS version is different than the IOS version in Step 2, repeat this search using your IOS version. Record your results.
Page 6 of 13

b. Compare this list of features with the list from Step 2.
Step 4: Clean up
Erase any configurations and reload the switch. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Page 7 of 13
CCNA Discovery Introducing Network Design Concepts

APPENDIX Search Results Image Info Image Name (Dram/Flash) c1841-ipbasek9-mz.124-1c.bin (128/32) Enterprise Product Number : S184IPBK9-12401 Features: AAA Broadcast Accounting AAA DNIS Map for Authorization AAA Double Authentication Secured by Absolute Timeout AAA Server Group AAA Server Group Deadtimer AAA Server Group Enhancements AAA Server Groups Based on DNIS Accounting of VPDN Disconnect Cause ACL - Reflexive Access Lists ACL - Support for Non-Contiguous Port Ranges on an ACE ACL - TCP Flags Filtering ACL Authentication of Incoming RSH and RCP ACL IP Options Selective Drop ACL Sequence Numbering ACL Support for Filtering IP Options Additional Vendor-Proprietary RADIUS Attributes Address Resolution Protocol (ARP) ADSL - Asymmetric Digital Subscriber Line Support ADSL over ISDN ADSL over POTS with Dying Gasp Always On Dynamic ISDN (AO/DI) ARP Optimization ARP-Auto Logoff Asynchronous Call Queueing by Role Asynchronous Line Monitoring Asynchronous Rotary Line Queuing Asynchronous Serial Traffic Over UDP ATM Cell Loss Priority (CLP) Bit Marking ATM Cell Loss Priority (CLP) Setting ATM Mode for Four-Wire SHDSL ATM Mode for Two-Wire SHDSL ATM Multilink PPP Support on Multiple VCs ATM Routed Bridge Encapsulation (RBE) ATM Subinterface MIB/Traps Attribute Filtering Per-Domain and VRF Aware Framed-Routes Attribute Screening For Access Requests Authorization for Protocol Translation Auto Secure Manageability AutoInstall over Frame Relay-ATM Interworking Connections AutoInstall Using DHCP for LAN Interfaces Automatic modem configuration AutoRP Enhancement AutoSecure AutoSecure Customization and Audit Trail Enhancements Bandwidth Allocation Control Protocol (BACP) Bridge Control Protocol (BCP) Support Bridging between IEEE 802.1Q VLANs CDP (Cisco Discovery Protocol) Version 2 CEF on Multipoint GRE Tunnels CEF Support for Dialer Profile CEF/dCEF - Cisco Express Forwarding Certificate - Auto Enrollment Certificate - Enrollment Enhancements Certificate - Security Attribute-Based Access Control Certification Authority Interoperability (CA) CGMP - Cisco Group Management Protocol Challenge Handshake Authentication Protocol (CHAP) Circuit Interface Identification Persistence for SNMP Cisco Discovery Protocol (CDP) over ATM Cisco IOS Certificate Server Cisco IOS Login Enhancements Cisco IOS Resilient Configuration Class Based Traffic Policing with CLP Tagging Class Based Weighted Fair Queuing (CBWFQ) Class-Based Marking Class-Based Policing Class-Based Shaping Classless InterDomain Routing (CIDR) IP Default Gateway CLI String Search CLI Views ClickStart CNS - Agents SSL Security CNS - Configuration Agent CNS - Event Agent CNS - Flow Through Provisioning CNS - Frame Relay Zero Touch CNS - Image Agent Command Scheduler (Kron) Commented IP Access List Entries Committed Access Rate (CAR) Compressed RTP (cRTP) - DSL interfaces Compression Control Protocol Config Logger Enhancements for EAL4+ Certification Configuration Change Notification and Logging Configuration Replace and Configuration Rollback Content Engine Network Module for Caching and Content Delivery Contextual Configuration Diff Utility Control Plane Policing (CoPP) Control Plane Policing - Time based Control Plane Policing Manageability CPU Thresholding Notification Crypto Access Check CT1/RBS (Robbed Bit Signaling) CUG Selection Facility Suppress Option Custom Queueing (CQ)
Page 8 of 13

Customer Profile Idle Timer Enhancements for Interesting Traffic Default Passive Interface Default Route on a PPP Virtual Access Interface DHCP - Configurable DHCP Client DHCP - Statically Configured Routes Using a DHCP Gateway DHCP Accounting DHCP Address Allocation using Option 82 DHCP Authorized ARP DHCP Client DHCP Client - Dynamic Subnet Allocation API DHCP Client on WAN Interfaces DHCP ODAP Server Support DHCP On Demand Address Pool (ODAP) Manager for non-MPLS VPN pools DHCP Proxy Client DHCP Relay Agent Support for Unnumbered Interfaces DHCP Release and Renew CLI in Exec Mode DHCP Secured IP Address Assignment DHCP Server DHCP Server - On Demand Address Pool Manager DHCP Server - Option to Ignore all BOOTP Requests DHCP Server Options - Import and Autoconfiguration Dial Backup Dial-on-demand Dialer Idle Timer Inbound Traffic Configuration Dialer Map VRF Aware Dialer Persistent Dialer Profiles Dialer Watch Dialer Watch Connect Delay Diffserv Compliant WRED Digital J1 Voice Support Direct http enroll with CA servers Distributed Class-Based Weighted Fair Queueing (dCBWFQ) Distributed Weighted Random Early Detection (dWRED) DLR Enhancements: PGM RFC-3208 Compliance DNS based X.25 routing DNS Proxy Double Authentication DPNSS Backhaul Dynamic DNS Support for Cisco IOS Dynamic Multiple Encapsulation for Dial-in over ISDN Dynamic Per VRF AAA Dynamic Subscriber Bandwidth Selection Dynamic Trunking Protocol (DTP) E1 R2 Signaling Easy IP (Phase 1) Easy Secure Device Deployment (Easy SDD) Phase 4 EIGRP MPLS VPN PE-CE Site of Origin (SoO) EIGRP Stub Routing EIGRP Support for Route Map Filtering Embedded Syslog Manager (ESM) Encrypted Vendor Specific Attributes End of Record functionality for DCN networks Enhanced cRTP for links with high delay, packet loss and reordering Enhanced IGRP (EIGRP) Enhanced Local Management Interface (ELMI) Enhanced Packet Marking Enhanced Password Security Enhanced Tracking Support ETSI Call Transfer Event Tracer Exporting and Importing RSA Keys Express RTP and TCP Header Compression on Dialer interfaces Extended ACL support for IGMP to support SSM in IPv4 EzSDD Phase III Fast Fragmentation (Fast-Switched Fragmented IP Packets) Fast-Switched Policy Routing FHRP - HSRP - Hot Standby Router Protocol V2 FHRP - Object Tracking List FHRP - VRRP - Object Tracking Flow-Based WRED Frame Mode TDM over G.shdsl Frame Relay Frame Relay - PVC Bundles with MPLS QoS Support Frame Relay - FRF.5 & FRF.8 Frame Relay - Multilink (MLFR-FRF.16) Frame Relay Encapsulation Frame Relay End-to-End Keepalive Frame Relay Fragmentation (FRF.12) Frame Relay FRF.9 Payload Compression Frame Relay PVC Interface Priority Queueing Frame Relay Queuing and Fragmentation at the Interface Frame Relay Router ForeSight Frame Relay Switched Virtual Circuits (SVC) over ISDN Frame Relay Switching Frame Relay Switching Diagnostics and Troubleshooting Frame Relay Switching Enhancements: Shaping and Policing Frame Relay Traffic Shaping (FRTS) Framed-Route in RADIUS Accounting FTP Support for Downloading Software Images G.SHDSL Symmetric DSL Support Gateway Load Balancing Protocol (GLBP)
Page 9 of 13

Generic Routing Encapsulation (GRE) Generic Routing Encapsulation (GRE) Tunnel Keepalive Generic Traffic Shaping (GTS) GLBP MD5 Authentication GRE Tunnel IP Source and Destination VRF Membership Half bridge/half router for CPP and PPP HSRP MD5 Authentication HSRP over ISL HSRP support for ICMP Redirects HTTP 1.1 Web Client HTTP 1.1 Web Server HTTP Security HTTP Server - Enabling of Applications HTTPS - HTTP with SSL 3.0 IEEE 802.1p Support IEEE 802.1Q ISL VLAN Mapping IEEE 802.1Q Tunneling IEEE 802.1Q VLAN Support IEEE 802.1Q VLAN Trunking IEEE 802.1x - VPN Access Control IEEE 802.3x Flow Control IGMP Fast Leave IGMP Snooping IGMP State Limit IGMP Version 2 IGMP Version 3 IGMP Version 3 - Explicit Tracking of Hosts, Groups, and Channels Ignore revocation check and expired certs based on CERT ACL Image Verification Import of RSA keypair in PEM format Integrated routing and bridging (IRB) Interface Alias Long Name Support Interface Index Display Interface Range Specification IP DSCP marking for Frame-Relay PVC IP Enhanced IGRP Route Authentication IP Event Dampening IP Multicast Load Splitting across Equal-Cost Paths IP Named Access Control List IP Overlapping Address Pools (AOP) IP Precedence for GRE Tunnels IP Routing IP Source Tracker IP Summary Address for RIPv2 IP to ATM CoS, per-VC WFQ and CBWFQ IP Traffic Export IPSec Through Network Address Translation Support ISDN ISDN Advice of Charge (AOC) ISDN BCAC and Round-Robin Channel Selection Enhancements ISDN Caller ID Callback ISDN Cause Code Override ISDN Generic Transparency Descriptor (GTD) for Setup Message ISDN LAPB-TA ISDN Leased Line at 128kbps ISDN PRI support for Integrated SLT ISDN TON to Radius server Jumbo Frames Key Rollover for Certificate Renewal L2TP - IPSEC Support for NAT and PAT Windows Clients L2TP - Large Scale Dial-Out per user attribute via AAA L2TP Client Initiated Tunneling L2TP Dial-Out L2TP Dial-Out Load Balancing & Redundancy L2TP Extended Failover L2TP Layer 2 Tunneling Protocol L2TP Redirect L2TP Security L2TP Tunnel Connection Speed Labeling L2TP Tunnel Preservation of IP TOS Layer 2 Forwarding-Fast Switching Line Printer Daemon (LPD) Link Fragmentation and Interleaving (LFI) for Frame Relay and ATM Virtual Circuits Loadsharing IP packets over more than six parallel paths Local Proxy ARP Lock and Key Login Password Retry Lockout Low Latency Queueing (LLQ) Low Latency Queueing (LLQ) for Frame Relay Low Latency Queueing (LLQ) with Priority Percentage Support MAC Address Filtering Manual certificate enrollment (TFTP and cut-andpaste) MD5 File Validation Memory Leak Detector Memory Traceback Recording Message Banners for AAA Authentication Microsoft Point-to-Point Compression (MPPC) MLPPP - Multilink PPP MLPPP Bundling - DSL Interfaces MLPPP Enable/Disable via Radius for Preauthentication User MLPPP Minimum Links Mandatory Modem Calls over QSIG Modem User Interface Option Modular QoS CLI (MQC) Modular QoS CLI (MQC) - Based Frame Relay Traffic Shaping Modular QoS CLI (MQC) Three-Level Hierarchical Policer
Page 10 of 13

Modular QoS CLI (MQC) Unconditional Packet Discard Monitoring Control Characters on Async Lines MPLS VPN VRF Selection using Policy Based Routing MPLS VPN support for EIGRP between Provider Edge (PE) and Customer Edge (CE) MS Callback MS-CHAP Version 1 MS-CHAP Version 2 MSDP compliance with IETF RFC 3618 Multi-VRF Support (VRF lite) Multicast Fast Switching Performance Improvement Multicast NAT Multicast Subsecond Convergence Multicast-VPN: Multicast Support for MPLS VPN Multiclass Multilink PPP Multiple RSA Keypair Support Named Method Lists for AAA Authorization and Accounting NAT - Default Inside Server Enhancement NAT - Network Address Translation NAT - Performance & Scalability enhancement Timer Wheel NAT - Performance Enhancement - CEF Switching Support NAT - Rate Limiting NAT Translation NAT - Stateful Fail-Over - Asymmetric Outside-toInside Support NAT - Stateful Fail-over for Embedded Addressing NAT - Static IP Support NAT - Support for NetMeeting Directory (Internet Locator Service - ILS) NAT - Translation of external IP Addresses only NBAR - Network-based Application Recognition NBAR Extended Inspection for HTTP Traffic NBAR PDLM Versioning NBAR Real-time Transport Protocol Payload Classification NBAR User-Defined Custom Application Classification NBAR-NAT Integration & RTSP NetFlow NetFlow Aggregation Netflow Egress Accounting NetFlow Layer 2 and Security Monitoring Exports Netflow MIB and Top Talkers Netflow Multicast Support Netflow Multiple Export Destinations NetFlow Policy Routing (NPR) NetFlow Subinterface Support NetFlow ToS-Based Router Aggregation NetFlow v9 Export Format Network Time Protocol (NTP) Next Hop Resolution Protocol (NHRP) No Service Password-Recovery NSF Awareness - EIGRP NSF Awareness - OSPF OCSP (Online Certificate Status Protocol) On Demand Routing (ODR) OSPF OSPF ABR type 3 LSA Filtering OSPF Area Transit Capability OSPF Flooding Reduction OSPF Forwarding Address Suppression in Translated Type-5 LSAs OSPF Inbound Filtering using Route Maps with a Distribute List OSPF Incremental Shortest Path First (i-SPF) Support OSPF Limit on Number of Redistributed Routes OSPF Link State Database Overload Protection OSPF Link-local Signaling (LLS) Per Interface Basis OSPF MIB Support of RFC 1850 and Latest Extensions OSPF Not-So-Stubby Areas (NSSA) OSPF On Demand Circuit (RFC 1793) OSPF Packet Pacing OSPF Sham-Link Support for MPLS VPN OSPF Shortest Paths First Throttling OSPF Stub Router Advertisement OSPF Support for Fast Hellos OSPF Support for Link State Advertisement (LSA) Throttling OSPF Support for Multi-VRF on CE Routers OSPF Support for Unlimited Software VRFs per Provider Edge (PE) Router Packet Classification Based on Layer3 PacketLength Packet Classification using Frame-Relay DLCI Number PAD Subaddress Formatting Option PAD Subaddressing Parse Bookmarks Parser Cache Password Authentication Protocol (PAP) PBR Support for Multiple Tracking Options Peer Pool Backup Support Per VRF AAA Per-User Configuration Per-User QoS via AAA Policy Name Percentage-Based Policing and Shaping Performance Enhancements for IOS ACL Persistent Self-Signed Certificates PIM Dense Mode State Refresh PIM MIB Extension for IP Multicast PIM Multicast Scalability PIM Version 1 PIM Version 2 PKI AAA Authorization Using the Entire Subject Name PKI Integration with AAA Server
Page 11 of 13

Policer Enhancement - Multiple Actions Policy-Based Routing (PBR) PPP PPP MLP MRRU negotiation configuration PPP over ATM PPP over ATM (IETF-Compliant) PPP Over Fast Ethernet 802.1Q PPP over Frame Relay PPPoA/PPPoE autosense for ATM PVCs PPPoE Client PPPoE Client DDR Idle-Timer PPPoE MTU Adjustment PPPoE Relay PPPoE Server Restructuring and PPPoE Profiles PPPoE Session Limit per NAS port Pre-fragmentation For IPSec VPNs Priority Queueing (PQ) Privilege Command Enhancement Protected Private Key Storage Protocol Translation (PT) Protocol Translation Ruleset QoS Bandwidth Estimation QoS Device Manager (QDM) QoS for Virtual Private Networks QoS Packet Marking QoS Priority Percentage CLI Support Quality of Service (QoS) - Classification Only Quality of Service (QoS) Queuing Query Mode Definition Per Trustpoint Query Multiple Servers during Certificate Revocation Check RADIUS RADIUS Attribute 104 RADIUS Attribute 44 (Accounting Session ID) in Access Requests RADIUS attribute 5 (NAS-Port) format specified on a per-server group level RADIUS Attribute 52 and 53 Gigaword Support RADIUS Attribute 77 for DSL RADIUS Attribute 82: Tunnel Assignment Id RADIUS Attribute 91 Encrypted and Tagged VSA Support RADIUS Centralized Filter Management RADIUS EAP Support RADIUS for Multiple User Datagram Protocol Ports RADIUS Logical Line ID RADIUS NAS-IP-Address Configurability RADIUS Route Download RADIUS Server Reorder on Fail RADIUS Timeout set during Pre-Authentication RADIUS Tunnel Preference for Load Balancing and Fail-over RADIUS VC Logging Random Early Detection (RED) Random Sampled NetFlow Re-Enroll Using Existing Certificate Reverse Path Forwarding - Source Exists only Reverse Route Injection (RRI) Reverse SSH Enhancements RFC 2576: SNMP v1/ v2c pdu conversions for proxy forwarder RFC-2867 Tunnel Accounting RIP RMON events and alarms RMON full Role-Based Access Control CLI commands Rotating Through Dial Strings RSVP - Resource Reservation Protocol RSVP Local Policy Support RSVP Message Authentication RSVP Refresh Reduction and Reliable Messaging RSVP Support for Frame Relay RSVP support for LLQ RSVP Support for RTP Header Compression RTP Header Compression SEAL Encryption Secure Copy (SCP) Secure Shell SSH Terminal-line access Secure Shell SSH Version 1 Integrated Client Secure Shell SSH Version 1 Server Support Secure Shell SSH Version 2 Client Support Secure Shell SSH Version 2 Server Support Security Device Manager (SDM) Selective Packet Discard (SPD) Session Limit Per VRF SHDSL - Auto Detection of 2 Wire Versus 4 Wire Line Mode Show Command Redirect Silent Operation Mode Simple Network Time Protocol (SNTP) Simple Network-enabled Auto Provisioning (SNAP) Single Rate 3-Color Marker for Traffic Policing Snapshot routing SNMP (Simple Network Management Protocol) SNMP Inform Request SNMP Manager SNMP Support for IOS vLAN Subinterfaces SNMP Support for Named Access Lists SNMP Support for vLAN (ISL, DOT1Q) Subinterfaces SNMP Support over VPN SNMP Support over VPNs - Context Based Access Control SNMPv2C Source Interface Selection for Outgoing Traffic with Certificate Authority (CA) Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) - Backbone Fast Convergence Spanning Tree Protocol (STP) - Loop Guard Spanning Tree Protocol (STP) - Portfast
Page 12 of 13

Spanning Tree Protocol (STP) - Portfast BPDU Guard Spanning Tree Protocol (STP) - Uplink Fast Convergence Spanning Tree Protocol (STP) - Uplink Load Balancing Spanning Tree Protocol (STP) Extension Standard IP Access List Logging Stream Control Transmission Protocol (SCTP) Stub IP Multicast Routing Subnetwork Bandwidth Manager (SBM) Subscriber Service Switch Support for IUA with SCTP for Cisco Access Servers Switch Port Analyzer (SPAN) Switch Port Analyzer (SPAN) - Disable Receive Traffic Destination Port Switch Port Analyzer (SPAN) - Multiple Source Port Selection Switched Multimegabit Data Service (SMDS) T1/E1 Mode for Two-Wire SHDSL Tacacs SENDAUTH function Tacacs Single Connection TACACS+ TACACS+ Per VRF TCP - Explicit Congestion Notification TCP - TCP Congestion Avoidance TCP Window Scaling Timer and Retry Enhancements for L2TP and L2F Transient Memory Management Transparent Bridging Triggered RIP Trusted Root Certification Authority Trustpoint CLI Tunable Tx-Ring buffer-DSL interfaces Tunnel Authentication via Radius on LNS Tunnel Type of Service (TOS) Turbo Flooding of UDP Datagrams Two-Rate Policer UDLR Tunnel ARP and IGMP Proxy UDP forwarding support of IP Redundancy Virtual Router Group (VRG) Uni-Directional Link Routing (UDLR) Unicast Reverse Path Forwarding (uRPF) Unity Express Voice Mail and Auto Attendant on AIM USB Storage User Maximum Links V.120 Support Vendor-Specific RADIUS Attributes Virtual Fragmentation Reassembly Virtual Interface Template Service Virtual Private Dial-up Network (VPDN) Virtual Profile CEF Switched Virtual Profiles Virtual Router Redundancy Protocol (VRRP) VLAN Range VLANs over IP Unnumbered Sub-Interfaces VPDN Default Group Template VPDN Group Session Limiting VPDN Multihop by DNIS VPN Routing Forwarding (VRF) Framed Route (Pool) Assignment via PPP VPN Tunnel Management VRF Aware Dialer Watch VRF-Aware VPDN Tunnels VRRP MD5 Authentication WCCP Redirection on Inbound Interfaces WCCP Version 1 WCCP Version 2 Weighted Fair Queueing (WFQ) Weighted RED (WRED) WRED Enhancement - Explicit Congestion Notification (ECN) x Digital Subscriber Line (xDSL) Bridge Support X.25 X.25 Call Confirm Packet Address Control X.25 Closed User Group X.25 Data Display Trace X.25 Dual Serial Line Management X.25 Failover X.25 Load Balancing X.25 on ISDN D-Channel X.25 over Frame Relay (Appendix G) X.25 over TCP (XOT) X.25 Over TCP Profiles X.25 Record Boundary Preservation for Data Communications Networks X.25 Remote Failure Detection X.25 Station Type For ISDN D-Channel Interface X.25 Suppression of Security Signaling Facilities X.25 Switch Local Acknowledgement X.25 Terminal Line Security for PAD Connections X.28 Emulation
Page 13 of 13
Lab 3.2.3 Using Feature Navigator Instructor Version

Objectives
Set up a Cisco.com Guest registration. Select the IOS images using the Cisco.com Feature Navigator.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of the Cisco.com Feature Navigator useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What is a benefit of using the Cisco.com Feature Navigator? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is an Internet-based lab. The first task leads the student through the creation of a Cisco.com Guest registration. NOTE: Duplicate registrations are discouraged; therefore, if a student has a current Cisco.com registration, please have that student omit Task 1. All registrations must be personal registrations using first and last names. Generic group or company accounts, or use thereof, are not permitted. Improper, inaccurate, or duplicate registrations may be removed without notice. Students can register at Cisco.com with the same username as their Academy Connection username; however, the two accounts are not linked in any way. Advise students to have an alternate username, if needed, and a password prepared. There is no "Student" Cisco.com registration category. Each student needs to have the following details available: Working email address
Page 1 of 8

Full location address details (academy or home) Telephone number Job role information if employed
It is recommended that the students be briefed on these requirements before starting the lab. No age details are entered. Please ensure that local requirements relating to disclosure of personal details of non-adults are complied with if you have students that are legal minors. For students enrolled in CCNA Discovery classes who are not currently employed, the "Education/Training" job role is suggested as the best option. General information about the Cisco.com registration process is available at http://www.cisco.com/web/help/reg/index.html where the FAQ and General Registration Help links are most useful. In Task 2, the lab covers the Feature Navigator. Because the layout of the www.cisco.com website is regularly revised, it is recommended that this tool be accessed directly at http:www.cisco.com/go/cfn Instruct the students to explore the IOS feature results returned by the Feature Navigator so that they become familiar with the terminology and applications. This lab introduces the features of the Cisco Systems, Inc. website, www.cisco.com, as a resource for supporting Cisco networking devices. You will use the website tools to examine the features available in versions of the Cisco IOS software for the 1841 ISR and Catalyst 2960 switch. The ability to navigate and access the services and information on www.cisco.com is critical to maintaining up-to-date knowledge of router and switch features that applies to network configuration and troubleshooting.
Task 1: Create a Cisco.com Guest Registration

NOTE: Task 1 covers setting up a Cisco.com Guest registration (formerly known as CCO, Cisco Connection Online). If you already have a current working Cisco.com registration, omit this task. NOTE: Cisco.com Guest registration is completely separate from your Cisco Networking Academy student account. During the registration process, you may find it convenient to register the same username as your student username, if it is available.
Page 2 of 8

Step 1: Access the Cisco.com registration service
a. Using a computer with Internet access, go the website http://www.cisco.com. b. On the top right of the page, click Register. The page that opens is Step 1 of 4 in the registration process.
Step 2: Complete the registration process

a. Complete the registration information required for Step 1. 1) A valid email address must be used. 2) The User ID can be the same as your Networking Academy name (if it is available). 3) Do not select any check boxes under Register for Additional Access. 4) Click Submit. b. On the next page, Step 2 of 4, select Home Address and enter either your academy address details or your personal address, and a telephone number. Click Submit. c. At the Your Interest and Preferences screen under Step 3 of 4, click Skip This Step if you are not employed. Completing this information is optional.
d. At Step 4 of 4, the Complete Registration screen appears. You will be directed to your email account to activate your registration with Cisco.com. e. Check the email account you registered with for an email with the subject "Cisco.com Registration: Action required." In the body of the email, click the Cisco.com account activation link, or copy and paste it into a browser address window. 1) You will see the Successful Registration screen. 2) You will receive a Cisco.com Registration Confirmation email with your User ID.
Page 3 of 8

You can now access Cisco.com by clicking Log In at the top of the screen and entering your User ID and password.
Step 3: Test your Cisco.com Guest registration

a. Using a computer with Internet access, go the website http://www.cisco.com. b. At the top right of the page, click Log In and log in using your Cisco.com username and password. NOTE: As a security precaution, if you have not changed your password within the last 3 months, you will be prompted to change it when you log in. Once logged in, you may not notice any change in appearance of the website (other than Logged In and Profile at the top of each page). However, when services on the Support menu are accessed, the range and detail of features may increase. NOTE: Guest Registration does not provide access to IOS software downloads. Additional Access registration is required to access IOS software. These registrations can be of the following types: Service Contract (SMARTnet) Owner Cisco Channel Partner or Authorized Company Purchase Direct from Cisco Customer of a Cisco Certified Partner Initiated Customer Access [PICA] Partner You are a Cisco Certified Internetwork Expert [CCIE User]
Task 2: Access Cisco.com Feature Navigator

Step 1: Access and log in to Cisco.com
a. Using a computer with Internet access, go the website http://www.cisco.com. b. At the top right of the page, click Log In and log in using your Cisco.com username and password. c. Click Products and Services.
d. Under Product Research Tools, click the Cisco Feature Navigator link. NOTE: You do not need to use your Cisco.com registration to access the Cisco Feature Navigator. It can be accessed directly from http://www.cisco.com/go/cfn.
Step 2: Examine the Feature Navigator tools

List the six tools offered by the Feature Navigator: ____________________________________________ Search by Feature ____________________________________________ Search by Software ____________________________________________ Search by Platform ____________________________________________ Search by Image ____________________________________________ Search by Product Code ____________________________________________ Compare software releases It may be necessary to use more than one tool. For example, you may not know the exact description of a feature set, but you may know the platform and image name. In this case, a combination of the tools is required to provide all the necessary information.
Page 4 of 8
CCNA Discovery Designing and Supporting Computer Networks Task 3: Examine 1841 Router IOS Features
NOTE: It is important to distinguish between an IOS feature and a Feature Set. An IOS feature is a specific facility that an IOS supports. Examples include support for a particular routing protocol (EIGRP or BGP), a WAN service (Frame Relay), or a VPN facility (IPSec). A Feature Set is a group of features that differentiates one IOS image from another. Feature Sets have generalized names such as IP BASE, ADVANCED IP SERVICES, and ADVANCED ENTERPISE SERVICES.
Step 1: Search by feature

This assumes that you know which features you want your upgraded network to have. a. From the Cisco Feature Navigator page, click the Search by Feature link. b. From Available Features list, select the following features: CallManager Express (CME) 3.0 IPv6 (Internet Protocol Version 6) Mobile IP Videoconferencing for the Cisco Multiservice IP-to-IP Gateway Feature Voice Over IP (VoIP)
These features are a sample of services that the FilmCompany may consider adding to their network; you may add others for this exercise. TIP: Filtering by using the first letter links across the top of the page or using the search field makes finding each feature easier. c. Click the Add button for each feature selected. When done, click Continue.
d. On the next screen, from the Platform drop-down menu, select 1841. From the Feature Set dropdown menu, select ADVANCED IP SERVICES. Output similar to this will be displayed: Release 12.3(14)YT1 12.3(14)YT 12.3(8)YG4 12.3(8)YG3 12.3(8)YG2 12.3(8)YG Image Name c1841-advipservicesk9-mz.123-14.YT1.bin c1841-advipservicesk9-mz.123-14.YT.bin c1841-advipservicesk9-mz.123-8.YG4.bin c1841-advipservicesk9-mz.123-8.YG3.bin c1841-advipservicesk9-mz.123-8.YG2.bin c1841-advipservicesk9-mz.123-8.YG.bin DRAM 192 192 192 192 192 192 Flash 48 48 64 64 64 64
e. Note the DRAM and flash requirements for each image. Does your router have the DRAM and flash resources to support these advanced services? _______________________________________ Answer varies. See previous lab for answer. How can the DRAM and flash available on your router be determined? _____________________________________________________________________________ Issue show version and show flash: commands at the privileged EXEC mode prompt. The required and suitable IOS image can be selected and the appropriate arrangements made to download it.

Step 2: Search by platform
a. From the Cisco Feature Navigator page, click the Search by Platform link. b. List the four search objectives available: ____________________________________________ Software ____________________________________________ Platform ____________________________________________ Image Name ____________________________________________ Product Number c. From the Platform drop-down menu, select 1841. Click Continue.
Step 3: Search by feature set

a. From the Feature Set drop-down menu, select IP BASE. b. Examine the list of features. List the interior routing protocols supported. ____________________________________________ EIRGP ____________________________________________ OSPF ____________________________________________ RIP List the exterior touting protocols supported. ____________________________________________ None ____________________________________________ c. From the Feature Set drop-down menu, select ADVANCED IP SERVICES. Note that the extra features listed include such features as: Analog Centralized Automatic Message Accounting E911 Trunk Analog DID (Direct Inward Dial) Call Admission Control for H.323 VoIP Gateways Caller ID Caller ID on Analog Voice Interfaces CallManager Express (CME) 3.1 Cisco IOS Telephony Service (ITS) Version 2.1 And various features for: H323 MGCP - Media Gateway Control Protocol Mobile IP SIP (Session Initiation Protocol) Videoconferencing for the Cisco Multiservice IP-to-IP Gateway Feature VoIP (Voice over IP)
This presentation provides feature details but makes direct comparison between the Feature Sets difficult.
Page 6 of 8

Step 4: Compare images
In this step, it is assumed that you know some release and version details about the IOS images but not the exact features of each. a. Click the Compare Images tab on the current page or the Compare Images link on the Cisco Feature Navigator page. b. Under Select First Image Parameters, make a selection from each drop-down list, for example: Software: IOS Major Release: 12.4 Release Number: 12.4(1a) Platform: 1841 Feature Set: IP BASE c. Under Select Second Image Parameters, make a selection from each drop-down list, for example: Software: IOS Major Release: 12.4 Release Number: 12.4(10b) Platform: 1841 Feature Set: ADVANCED IP SERVICES d. Note the information displayed: Image information for each IOS Features unique to each image Common features in both images (scroll half-way down the page)
Does your router have the DRAM and flash resources to support these advanced services? _______________________________________ Answer varies. See previous lab for answer. How can the DRAM and flash available on your router be determined? _____________________________________________________________________________ Issue show version and show flash: commands at the privileged EXEC mode prompt. What extra Layer 3 protocol support is with the ADVANCED IP SERVICES feature set? __________________________ IPv6 e. Examine some of the unique features listed above by clicking the links. Describe the enhanced network services and features users could expect if an IOS upgrade to the ADVANCED IP SERVICES feature set was performed. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ These features enable the IP data network to manage and transport voice and videophone calls across the enterprise LAN and WAN networks, and to and from the public switched network. Mobile IP devices can also be connected to the network from different points and VLANs.
Page 7 of 8
CCNA Discovery Designing and Supporting Computer Networks Task 4: Examine 2960 Switch IOS Features
Step 1: Search by platform
a. Return to the Cisco Feature Navigator page and click the Search by Platform link. b. From the Platform drop-down menu, select CAT2960 and click Continue.
Step 2: Search by feature set

a. From the Feature Set drop-down menu, select LAN BASE. b. Examine the list of features. c. Examine some of the features listed by clicking on the links.
d. Select various Major Release and Release values from those respective menus. Note the IOS image filenames and memory requirements. e. Return to the Cisco Feature Navigator. From the Platform drop-down menu, select CAT3560 and click Continue. f. Examine the list of features. Which significant Layer 3 protocol family is included in the feature set? ______________________________________________ IP and IPv6 What is the significance of this difference between 2960 and 3560 switches? _____________________________________________________________________________ _____________________________________________________________________________ A 2960 is an Access Layer switch that operates at OSI Layer 2, whereas a 3560 has OSI Layer 3 switching capability for use in the Core Layer of the network.
Task 5: Reflection
The recording and documentation of network features and services, and the devices that provide them, are important features of network management. Consider and explore the Cisco.com resources and information that can facilitate this task. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Responses and discussion will vary, but the students should be able to demonstrate that they can effectively search and retrieve technical information from the Cisco.com website.
Page 8 of 8
Lab 3.2.4 Installing a Cisco IOS Software Image Instructor Version
Device Designation R1 PC
Device Name ACC-CPE-1 PC1
Fast Ethernet Address 10.0.0.1 10.0.0.254
Subnet mask 255.255.255.0 255.255.255.0
Objectives
Download the correct IOS and transfer the file to the Cisco router. Use TFTP to save and restore a Cisco IOS image.

This lab contains skills that relate to the following CCNA exam objectives: Manage IOS configuration files, including: save, edit, upgrade, restore. Verify router hardware and software operation using show and debug commands.
Page 1 of 9
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of the networking device IOS transfer to and from a TFTP server useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the IOS was transferred and saved correctly? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: Ideally this lab should have students: (1) Download a specified Cisco IOS software file from www.cisco.com. (2) Set up a local TFTP server. (3) Upload the appropriate IOS file to the flash memory of a Cisco router and switch. Downloading IOS software from www.cisco.com usually requires a Cisco.com maintenance contract account. It is not appropriate that this be performed by students in the lab. Accordingly, Task (1) above is substituted with backing up the current IOS image from the router or switch flash memory to the TFTP server. This lab requires that TFTP server software be installed on the PC1 device. The Microsoft Windows-based TFTP server previously provided by Cisco Systems has been discontinued and is no longer supported by Cisco Systems. This software suffers from a security bug described in (http://online.securityfocus.com/bid/2886). Individuals still using the server should consider replacing it with any of the high-quality freeware and shareware TFTP servers. As a historical note, the Cisco TFTP server was released to customers in 1995 and at a time when no other freely available TFTP servers existed. Today, there are many TFTP servers available. These can be easily found by searching for "tftp server" on the Internet. Cisco does not specifically recommend any particular TFTP implementation. It is also useful to note that modern versions of IOS also support the use of FTP instead of TFTP for loading images or configuration files. Use of FTP overcomes a number of inherent limitations of TFTP, including a lack of security and a 16 MB file size limitation. Information about TFTP Server Selection and Use is located at:

http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a00801f7735.shtml This lab uses SolarWinds TFTP server software. SolarWinds is a free TFTP application for Windows. You may download a free copy of SolarWinds TFTP server software from: http://www.solarwinds.net/downloads/Solarwinds-TFTP-Server.exe or any freeware or shareware website. Because this lab involves accessing and replacing the IOS of a critical network device, it is important that students understand that this task requires careful planning and implementation. Applying a corrupt or incorrect IOS file image can render a router or switch non-operational. Students need to develop and apply thorough documentation skills and a methodical approach to IOS file management. This lab covers upgrading a router IOS image. Upgrading the IOS of a switch is presented as a Challenge Task. This lab demonstrates backing up a Cisco router IOS image file to a TFTP server and uploading an IOS image to a router. For recovery purposes, it is important to keep backup copies of router IOS images. These can be stored in a central location, such as a TFTP server, and retrieved if necessary. Cisco IOS files have a specific name structure that reflects the platform, IOS version, feature set, and file type. It is strongly recommended that Cisco IOS image files not be renamed for any reason. The configuration output used in this lab matches that of an 1841 series router. The same commands can be used with other Cisco routers but may produce slightly different output.
Task 1: Run and Configure the TFTP Server

NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Use a crossover cable to connect PC1 NIC interface to Router interface Fa0/1. Ensure that power has been applied to both the host computer and router. b. Using the IP address information from the table, configure computer PC1. c. On PC1 establish a console session to the router using HyperTerminal or TeraTerm.
d. Configure the router hostname and interface as given in the table. e. Ping PC1 from the CLI prompt to verify connectivity between the router and the PC. Troubleshoot the configuration of the router and PC if connectivity is not verified.
Step 2: Start the TFTP server

a. Check that a TFTP Server such as Solarwinds is installed on PC1. If not, see your instructor to arrange the installation. This software must be installed and running before the any file transfer can be initiated from the router. NOTE: For convenience, PC1 is both used both for the terminal session and as a TFTP server in this lab. In a production environment, the server can be any appropriately configured and accessible secure computer on the network. b. Start the TFTP program (Solarwinds). The active TFTP Server window will appear as shown.
Page 3 of 9
Step 3: Configure the TFTP server

a. Go to the File menu and select Configure. b. Verify the following settings in the TFTP Server Configuration window by clicking the appropriate tabs.
Setting TFTP Root Directory Security Advanced Security Auto-Close Log
Value TFTP-Root Transmit and Receive Files <all IP addresses> Never Enable Log Requests to the Following File. Leave the default file.
Page 4 of 9
c.
When finished, click OK.
Task 2: Back up the Current IOS

Step 1: Collect information to document the router
It is important to document the features and information about the router before transferring the IOS file, in case any recovery action has to be taken. a. Issue the show flash command. Answers will vary; examples shown. Is there an IOS image file stored in flash? __________ Yes Exact name of that file: _________________________ c1841-ipbase-mz.124-1c.bin Size of that file: _____________________ 14 MB Amount of flash that is available or unused? _______________________ 8679422 bytes available What attributes can be identified from codes in the Cisco IOS filename? ____________________________________________________________ Hardware platform, feature set, file format, and version number Sample Output: ACC-CPE-1# show flash: -#- --length-- -----date/time-----1 13937472 May 05 2007 21:13:20 2 1821 May 05 2007 21:29:36 3 4734464 May 05 2007 21:30:14 4 833024 May 05 2007 21:30:42 5 1052160 May 05 2007 21:31:10 6 1038 May 05 2007 21:31:36 7 102400 May 05 2007 21:32:02 path +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00
c1841-ipbase-mz.124-1c.bin sdmconfig-18xx.cfg sdm.tar es.tar common.tar home.shtml home.tar

Page 5 of 9

8 9 10 491213 May 05 2007 21:32:30 +00:00 128MB.sdf 1684577 May 05 2007 21:33:16 +00:00 securedesktop-ios-3.1.1.27-k9.pkg 398305 May 05 2007 21:33:50 +00:00 sslclient-win-1.1.0.154.pkg
8679424 bytes available (23252992 bytes used) b. Issue the show version command and record the following information: Answers will vary; examples shown. Configuration-register value: ______________ 0x 2102 Size of flash memory: ___________ 32 MB Is there at least 16 MB of flash? _______________ Yes (This lab requires at least 16 MB flash) Version number of boot ROM: ________________ 12.4(13r) Is the boot ROM version 5.2 or later? ___________ Yes (This lab requires 5.2 or later) Sample Output: ACC-CPE-1#show version Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(1c), RELEASE SO FTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Tue 25-Oct-05 17:10 by evmiller ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) R1 uptime is 2 days, 12 hours, 29 minutes System returned to ROM by reload at 21:21:02 UTC Fri Aug 24 2007 System image file is "flash:c1841-ipbase-mz.124-1c.bin" Cisco 1841 (revision 7.0) with 114688K/16384K bytes of memory. Processor board ID FTX1118X0AB 2 FastEthernet interfaces 2 Serial(sync/async) interfaces 2 Low-speed serial(sync/async) interfaces DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 31360K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102
Step 2: Copy IOS image to the TFTP server

a. Before copying the files, verify that the TFTP server is running. b. Record the IP address of the TFTP server _______________ 10.0.0.254 c. From the privileged EXEC mode, issue the copy flash tftp command. At the prompt, enter the filename for your system as reported in Step 1. To ensure accuracy, select the filename as shown in the show flash: output and copy and paste it at the source filename prompt. Then enter the IP address of the TFTP server. At the destination filename, press Enter to accept the name displayed. Sample Output: ACC-CPE-1#copy flash tftp Source filename []? c1841-ipbase-mz.124-1c.bin

Address or name of remote host []? 10.0.0.254 Destination filename [c1841-ipbase-mz.124-1c.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 13937472 bytes copied in 37.627 secs (370412 bytes/sec)
Step 3: Verify the transfer to the TFTP server

a. Verify a successful upload transfer. Open Log file c:\Program Files\SolarWinds\Free Tools\TFTPServer.txt. Contents should be similar to the following example: 3/25/2007 12:29 :Receiving c1841-ipbase-mz.124-1c.bin from 10.0.0.1) 3/25/2007 12:29 :Received c1841-ipbase-mz.124-1c.bin from (10.0.0.1), 13937472 bytes b. Verify the flash image size in the TFTP server directory. Using Windows Explorer or My Computer, locate the TFTP root directory. Display file details and record the file size: ___________________________________ 13937472 bytes (Example) The file size shown in the show flash: command output should be the same as the file size of the file stored on the TFTP server. If the file sizes are not identical, check with your instructor. Instructor Note: Troubleshoot and repeat the above steps if the downloaded file size and IOS image size differ.
Task 3: Restore or Upgrade the Current IOS

Step 1: Prepare to restore or update the IOS image
a. Before copying the files, verify that the TFTP server is running and that the required IOS image file is in the TFTP root directory. Note the exact filename. b. Ping PC1 to confirm that connectivity between the router and the PC has been maintained. c. Confirm that the flash memory capacity is of sufficient size to hold the IOS image. Which command is issued to confirm flash memory size? ___________________________________________________ show flash: or show version
Step 2: Copy the IOS image from the TFTP server

a. From the privileged EXEC mode, issue the copy tftp flash command. b. At the prompt, enter the IP address of the TFTP server. c. Enter the filename for your system, as noted in Step 1.
d. At the destination filename, press Enter to accept the name displayed. NOTE: If prompted to overwrite an existing file with the same name, press Enter to confirm. Do not interrupt the process. Sample Output: ACC-CPE-1#copy tftp flash Address or name of remote host []? 10.0.0.254 Source filename []? c1841-ipbase-mz.124-1c.bin Destination filename [c1841-ipbase-mz.124-1c.bin]? %Warning:There is a file already existing with this name Do you want to over write? [confirm] Accessing tftp://10.0.0.254/ c1841-ipbase-mz.124-1c.bin... Loading c1700-y-mz.122-11.T.bin from 10.0.0.254 (via FastEthernet0/0):

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 13937472 bytes] Verifying checksum... OK (0x9C8A) 13937472 bytes copied in 37.627 secs (370412 bytes/sec) If successful, the checksum OK output is displayed. If the checksum fails, the IOS upload steps will need to be repeated. Some older systems may require that flash be erased. If the Erase flash: before copying? prompt is confirmed, all files in flash will be removed. In contrast, other systems have sufficient capacity to store multiple files. If the router prompts to erase flash, output similar to below will occur before the new image is uploaded to flash. Sample Output: Erase flash: before copying? [confirm][Enter] Erasing the flash filesystem will remove all files! Continue? [confirm] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Erase of flash: complete
Step 3: Test the restored IOS image

a. Verify that the router IOS image is correct. Power cycle the router power and observe the startup process to confirm that there were no flash errors. If there are none, the router IOS should have started correctly. b. Further verify the IOS image in flash by issuing the show version command, which will show an output similar to this: System image file is "flash: c1841-ipbase-mz.124-1c.bin"
Step 4: Clean up
Erase the configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), delete the IOS image file from the TFTP directory, reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection / Challenge

Step 1: Switch IOS Upgrade
As a challenge lab, research and list the steps required to back up the Cisco IOS image file from a switch to a TFTP server. In addition, list how to restore or upgrade the IOS image from the TFTP server to the switch. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Instructor Notes: The TFTP server setup and CLI commands used to perform a switch IOS backup and upgrade are the same as for a router. The significant difference is the setting of an IP address on the VLAN 1 interface of the switch instead of a particular FastEthernet interface as is done for a router.
Page 8 of 9

Step 2: Non-operational Device
The performance of IOS image backup and upgrade for routers and switches as described in this lab presumes that the device has a current, fully operational IOS to allow the configuration of IP connectivity prior to copying the image file. However, there may be cases where the current IOS is corrupt or for some other reason the device will not boot with an operational IOS. a. Research and record the ROMMON process that enables a router to be configured and its IOS uploaded if the device has this problem. b. Research and record the X-Modem or similar process that enables the IOS of a switch to be uploaded using the serial (console) connection if the device has this problem. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ The following documents are typical Cisco.com resources describing these recovery processes: Typical router ROMMON IOS loading: http://www.cisco.com/warp/public/471/76.pdf
Example X-modem Console Download Procedure Using ROMMON: http://www.cisco.com/warp/public/130/xmodem_generic.pdf
Recovering Catalyst Switches from a Corrupted or Missing Image: http://www.cisco.com/warp/public/473/192.pdf
Page 9 of 9
Lab 3.2.5 Observing the Router Startup Process Instructor Version
Objective
Identify and explain the stages of the router startup process.
640-802 CCNA Exam Objective

This lab contains skills that relate to the following CCNA exam objective: Describe the operation of Cisco routers, including the router boot process, POST, and router components.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of the router startup process useful in network administration? ______________________________________________________________________________________

______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the router started correctly? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: The student is to observe and record information about a specific device learned through observing the boot process to determine what happens at each step of the startup process. During this lab, you will observe the startup process of a Cisco router while logged into a console terminal session. Information about the state of the router startup process, platform, and IOS details is displayed on the terminal screen as the router starts up. This information can be recorded for future use to help troubleshoot startup problems. The sample output used in this lab matches that of a particular 1841 series router and IOS platform. Other Cisco routers and IOS versions may produce slightly different output.
Task 1: Observe and Examine the Router Startup Process

Step 1: Connect and set up the router
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router. b. Establish a HyperTerminal or other terminal emulation program connection to the router.
Step 2: Restart the router and observe the output

a. From the privileged EXEC prompt, issue the reload command. Confirm the reload when prompted. b. Observe the output as the router restarts. Output similar to this will be displayed. POST information: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2006 by cisco Systems, Inc. PLD version 0x10 GIO ASIC version 0x127 c1841 platform with 131072 Kbytes of main memory Main memory is configured to 64 bit mode with parity disabled Locating and Loading information: Readonly ROMMON initialized program load complete, entry point: 0x8000f000, size: 0xcb80 program load complete, entry point: 0x8000f000, size: 0xcb80
program load complete, entry point: 0x8000f000, size: 0xd4a9a0 Self decompressing the image : ################################################# ####################################################################### ################# [OK] Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ 0X003AA110 0X00211000 0X0013 0X00035000 0X000021B8
TYPE public buffer pools public particle pools Card in slot 0 Onboard USB
If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Allocating additional 7692243 bytes to IO Memory. PMem allocated: 117440512 bytes; IOMem allocated: 16777216 bytes Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706
Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(1c), RELEASE SO FTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Tue 25-Oct-05 17:10 by evmiller Image text-base: 0x6007ECA0, data-base: 0x61480000 Port Statistics for unclassified packets is not turned on. Cisco 1841 (revision 7.0) with 114688K/16384K bytes of memory. Processor board ID FTX1118X0BN 2 FastEthernet interfaces 2 Low-speed serial(sync/async) interfaces DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 31360K bytes of ATA CompactFlash (Read/Write)
Page 3 of 5

Step 3: Examine the router startup output
The startup process has three stages: a. Performing the POST and loading the bootstrap program Examine the output displayed. Look at the highlighted section in the sample output in this lab that relates to the POST. Mark any differences between your observed output and this sample. What are possible reasons for these differences? ________________________________________________________________________________ ________________________________________________________________________________ Different OS file, different device, etc. What does the POST test in the router? ________________________________________________ Hardware If the POST is successful, what is loaded into RAM? ________________________________________________ The bootstrap program is loaded What is the purpose of what is loaded into RAM? ________________________________________________ Locate the Cisco IOS and load it into RAM What would happen if the POST is unsuccessful, and what could this mean? ________________________________________________ The IOS will not load and the router will not run ________________________________________________ A possible hardware fault b. Locating and loading the IOS software Examine the displayed output. Look at the sample output in this lab that relates to the IOS loading. Mark any differences between your observed output and this sample. What are possible reasons for these differences? ________________________________________________________________________________ ________________________________________________________________________________ Different OS file, different device, etc. What are the three possible locations of the IOS? ________________________________________________ ________________________________________________ ________________________________________________ Flash memory, a TFTP server, location specified in the startup configuration file (network location) How is the IOS location to be used specified? ________________________________________________ Configuration register value Instructor note: The confreg program is available to decode configuration register values. It can be downloaded from Academy Connection Tools. From Tools, select the CCNA Curriculum (not CCNA Discovery or CCNA Exploration), and then select any v3.1 course. Click Cisco Configuration Register Decoder to download the program.
Page 4 of 5

After it is installed and executed, the program displays the binary and hexadecimal values of the register that set the different router startup sequences and console communications. What will be the result if an IOS image cannot be located and loaded? ________________________________________________ ROMON mode is entered c. Locating and executing the startup configuration file or entering setup mode Examine the displayed output. Look at the sample output in this lab that relates to the startup configuration loading. Mark any differences between your observed output and this sample. What are possible reasons for these differences? ________________________________________________________________________________ ________________________________________________________________________________ Different OS file, different device, etc. What is the output if the router does not have a configuration to load? ________________________________________________________________________________ --- System Configuration Dialog --Continue with configuration dialog? [yes/no]: What is displayed if a startup configuration is loaded? ________________________________________________ User EXEC prompt
Step 4: Clean up
Erase the configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), delete the IOS image file from the TFTP directory, reconnect the appropriate cabling, and restore the TCP/IP settings.

Prepare a troubleshooting checklist based on the router startup stages and the hardware and software features associated with each stage. Format the checklist so that if it is noted that a stage was unsuccessful, the possible problems can be readily identified. For example, for IOS not loaded enter ROMON prompt displayed. Prepare a second checklist listing possible router faults or problems. For example, no cooling fan sound, LEDs not illuminated or showing unusual behavior, or unexpected ROMON prompt displayed. For each problem listed, enter the stage of the router startup process that failed.
Page 5 of 5
Lab 3.3.2 Determining the Router Hardware Options Instructor Version
Objectives
Determine the correct hardware options available on a specific Cisco device. Determine which hardware options on a specific Cisco device are scalable.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of networking device hardware capabilities useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How does a network administrator know what hardware capabilities a networking device possesses?

______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This Lab requires both access to the Internet and the classroom lab equipment. If both are not available at the one location, Task 1 and Task 2 can be performed separately. Task 1 requires the student to perform a physical inspection of an 1841 ISR in the lab and use a console terminal session to determine the interfaces available. In Task 2, www.cisco.com is accessed and the online, 1841 hardware technical documentation is located and examined. Note that cisco.com is an extensive and information-rich website. Product information on the website can be accessed via a number of pathways. The steps and links given in this lab show just one of those pathways. Students should become familiar and comfortable with the process of searching and locating documentation using a range of approaches. The student is to record and assess those features of the router that are expandable and scalable. This information will be referred to later in the Planning and Design phases of the case study. This lab is specifically based on the 1841 ISR, but equivalent exercises using other modular platforms such as the 2800 or 2600 series routers are possible. The documentation details and hardware requirements will have to be amended accordingly if an 1841 is not the subject of this lab. When considering expanding or upgrading a network, it is not always necessary to completely replace existing network devices. Some devices may be capable of being individually upgraded or expanded. In this lab, you examine the hardware features of a Cisco 1841 Integrated Services Router and determine if it is suitable for upgrading to meet the potential requirements of a planned network expansion. In the FilmCompany case study, there is a need to consider how the existing 1841 routers can be upgraded to reduce the cost of the network upgrade. A physical examination of the router will be performed as well as an examination of its technical documentation. The examination details will be recorded for use in the planning and design of the network upgrade. This lab is based on the 1841 ISR. Any router platform that supports adding hardware modules can be substituted for the 1841. The search criteria and results will vary accordingly.
Task 1: Inspect a Cisco 1841 ISR

Step 1: Physically inspect the external features of the router
Examine the router. In the table below, identify and match each item number in the figure with the description. In addition, record the number of each interface and port on the router with the description.
Page 2 of 7
Item Description 9 6 3 10 11 2 7 CompactFlash (CF) LED KensingtonTM security slot Slot 0 (WIC, VWICdata only, or HWIC) AIM LED Fast Ethernet interfaces and LEDs 2 On/Off switch Slot 1 (WIC, VWICdata only, or HWIC)
Item 13 1 4 5 12 8
Description Chassis ground connection Input power connection Console port 1 USB port 1 Aux port 1 CompactFlash memory card slot
Is a module installed in Slot 0? __________ Answer varies If yes, record the module and interface(s) type. How many Fast Ethernet interfaces does the router have? _______ 2 ______________________________________________ WIC-2T two serial interfaces Is a module installed in Slot 1? __________ Answer varies If yes, record the module and interface(s) type. ______________________________________________ Answer varies Which of the modules and ports have the potential to be upgraded to improve the router's capabilities? ______________________________________________ Slot 0 and Slot 1, flash card slot ______________________________________________
Step 2: Use IOS show commands to inspect the router

NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router. b. Establish a HyperTerminal or other terminal emulation program connection to the router.

c. From the privileged EXEC mode prompt of the terminal, issue show run and show flash: commands. Record the number and type of interfaces. Typical results are shown. __________________________________________ interface FastEthernet 0/0 __________________________________________ interface FastEthernet 0/1 __________________________________________ interface Serial 0/0/0 __________________________________________ interface Serial 0/0/1 __________________________________________ interface VLAN1 Record the details of the memory (DRAM, flash) modules. __________________________________________ Flash 32 MB __________________________________________ SDRAM 128 MB
Step 3: Compare the physical and IOS inspections

Are there any differences between the physical and IOS inspections? __________ If yes, explain the reason for any differences and solutions. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Observed differences could be due to the IOS having features implemented in the software that do not have the hardware module installed, or loopback interfaces may be configured. If an installed hardware interface does not appear in the configuration, it may be faulty or may not be correctly installed. In some cases, slots must be filled consecutively; in other cases, certain module types can only be installed into specified slots.
Task 2: Examine 1841 Router Hardware Options

After establishing the current hardware status of the router, examine the technical documentation to determine the potential for upgrading and growth.
Step 1: Access the Cisco.com documentation

a. Go to the website http://www.cisco.com. b. In the Quick Links pane on the right, select Documentation. c. Under Select a category, click Routers. Under Select a product, click the Cisco 1800 Series Integrated Services Routers link.
d. Review the documentation links displayed. e. Under Product Literature, click the Data Sheets link. Note the range of data sheet documentation available. f. Click Cisco 1800 Series Integrated Services Routers: Cisco 1841 Router (Modular).
Step 2: Record the router hardware information

a. Read through the Cisco 1800 Series Integrated Services Routers: Cisco 1841 Router (Modular) document, noting the structure and format of the information.
Page 4 of 7

b. From Table 1, Architecture Features and Benefits of Cisco 1841 Router, record the following information: The number of different modules and interface cards that are supported: >30 Default memory capacity: _______________________________________ 32 MB of flash and 128 MB of synchronous dynamic RAM (SDRAM) Cisco IOS versions supported: ____________________________________ 12.3T, 12.4, 12.4T Feature Sets and Beyond c. From Table 5, Product Specifications of Cisco 1841 Router, locate and record the following specifications from the Architecture section.
DRAM Type DRAM capacity Flash memory Flash memory capacity Modular slots-total Modular slots for WAN access Modular slots for HWICs Modular slots for voice support Analog and digital voice support VoIP support Onboard Ethernet ports Onboard USB ports Console port Auxiliary port Onboard Advanced Integration Module (AIM) slots
Synchronous dual in-line memory module (DIMM) DRAM Default: 128 MB, Maximum: 384 MB External compact Flash Default: 32 MB, Maximum: 128 MB Two Two Two None-The Cisco 1841 does not support voice No Voice-over-IP (VoIP) pass-through only Two 10/100 One (1.1) One-up to 115.2 kbps One-up to 115.2 kbps One (internal)
d. From the Table 6, Modules and Interface Cards the Cisco 1841 Router Supports, list the 10 different categories of interface card (WIC) supported by the 1841 platform. Ethernet Switching HWICs
Page 5 of 7

Cable HWICs Wireless Access Point HWICs Serial HWICs/WICs CSU/DSU WICs ISDN BRI WICs DSL HWICs/WICs Wireless WAN 3G HWIC Analog Modem WICs T1, E1, and G.703 VWICs e. From Table 6, what feature does the Advanced Integration Module (AIM) enable to be installed in an 1841 router? _________________________________________ VPN encryption
Step 3: Consider possible hardware options

The 1841 ISR has removable and interchangeable modules. Various optional modules can be installed in the router to provide specific capabilities. These modules are installed either by inserting them into slots on the chassis, or by opening the chassis and plugging them into connectors inside. Flash memory and interface cards fit into slots on the chassis and are installed and removed without opening the chassis. There are three types of interface cards for the 1800 series modular routers: WAN interface cards (WICs) Voice WAN interface cards (VWICs in data mode only on the Cisco 1841) High-speed WAN interface cards (HWICs)
The following components plug into connectors inside the chassis and are installed and removed only by opening the chassis: Advanced Integration Module (AIM) Synchronous dynamic RAM (SDRAM) small-outline dual in-line memory module (SODIMM) Router Memory Specifications: Description SDRAM Flash memory Boot/NVRAM Specification 128 MB, expandable to 384 MB; default is 128 MB 32, 64, or 128 MB; default is 32 MB 2/4 MB flash memory
Summarize the changes that are possible for this router. This information is important to have and consider when planning and designing the network upgrade. If the router is not at its limit of these features, candidates for upgrading could include: ______________________________________________ Flash memory (if larger IOS required)
Page 6 of 7

______________________________________________ SDRAM ______________________________________________ Slot 1 Ethernet switch 4-port module ______________________________________________ Slot 1 WIC-2T - 2 serial interfaces ______________________________________________ Slot 1 Other WAN technology DSL/ISDN ______________________________________________
Step 4: Clean up
Erase any configurations and reload the router. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Task 3: Reflection
Network device capabilities are continuously developing. Consider the advantages of a modular platform over that of a device with a fixed hardware platform. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Responses and discussion may vary. Key points may include: Modularity facilitates customization of a device to meet local network needs. Upgrading and replacement of modules reduces costs and time out of service. Modular devices provide flexible and scalable network design.
Page 7 of 7
Lab 3.4.1 Preparing for a Site Survey (Instructor Version)

Objectives
Explain the process of setting up a customer site visit. Prepare to conduct a professional site visit.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ In what ways can conducting a site visit be beneficial to an ISP? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What do you feel are the most important aspects of a site visit, from a customer perspective and an ISP perspective? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab with an in-class discussion or role-play element. As the network designers, students are to create and write each section of a site visit checklist or planning document. The emphasis is on preplanning a site visit and developing the need for a professional approach. Such visits may be as much about the customer noting the behavior of the network design team as it is about the design team collecting network information. The focus of this lab is on the FilmCompany, but wherever possible and appropriate, the instructor should introduce local information and issues so that the students are exposed to actual working cases within their own environment. Students may perform some steps of this lab individually, but small group role-play or discussion is required for other steps. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network site visit

process themselves. It may necessary for the instructor to lead where discussions are incomplete or when students are having difficulty, to ensure all the suggested answer points are covered. Regardless of the lab strategy adopted, each student should submit an individually compiled written document planning a site visit to the FilmCompany network facilities. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. As the network designer with the task of designing and planning the upgrade for the FilmCompany data network expansion, you need to document their current network and services. This is done by visiting FilmCompany premises, talking to their management, and inspecting their network. The visit should be well-planned and professionally conducted. This will ensure that the necessary information is collected and recorded and that you establish a professional working relationship with your customer, FilmCompany. This lab covers the planning and preparation for this site visit.
Step 1: Clarify and document the purpose of the site visit

a. List and discuss reasons for conducting a site visit. ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Answers vary; general points to document should include: The need to record the appropriate details of the current network and premises so the proposed network upgrade planning and design can proceed with accurate and relevant information. Personally meet with the client to learn the responsibilities and roles of their personnel so effective communication can occur as the project proceeds. Gather information that will enable this to be accomplished, including details such as: Names, contact details, job roles, and responsibilities of customer staff Existing services and applications Physical layout of network topology Physical location and installation of network resources Particular issues that could affect a network upgrade (cabling limitations, racks, patch panels, access ways)
b. List the FilmCompany personnel who are most likely to be able to answer your questions and whom you would need to talk to on site. _____________________________________________ _____________________________________________ _____________________________________________

_____________________________________________ _____________________________________________ _____________________________________________ Answers vary; for larger enterprise: c. Technical network & infrastructure information - IT & network administrator Existing services - System administrator End users - Desktop support Future needs - Management and end users For smaller organization some of these roles may be combined
Examine the existing network topology diagram at the end of this lab. List points that you want to confirm and those that need clarification. _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ Answers vary; general points could include: Confirm actual switch port usage Interconnection of devices VLAN topology and address allocations Wireless LAN usage and coverage
d. Use word processing software to create a site visit plan.
Step 2: Prepare a list of tools and equipment

a. List the tools and equipment that you need to take to the site. _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ List could include: Pen and notepad or PDA (laptop maybe too cumbersome) Voice memo recorder Flashlight Clothing / coveralls (may need to access ceiling space)
Page 3 of 9

Portable stepladder (to inspect ceiling space, wireless Access Point installation); will a stepladder be available on site? Tape measure
b. List the documentation, instrumentation, and software you need to take to the site. _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________ List could include: c. Copy of visit approval or appointment acknowledgement Copy of topology and site floor plan Network traffic/performance monitoring software and test equipment (not to be installed and used unless approved by customer) Wireless LAN radio signal monitoring and analysis instruments
Add this list to the site visit plan.
Step 3: Arrange an appointment to visit the site

Role-play and discussion: A site visit to FilmCompany must not disrupt the operation of the business and its network. Arrangements must be made to set a convenient visit time and duration. Access to the premises and to the required appropriate people must be organized. a. Network designer role: Develop a list of questions and requests to ask when telephoning FilmCompany to arrange the site visit. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Answers vary; general points should include: Address and access to premises: visitor parking or public transport? Date and time? FilmCompany personnel that the network designer should be sure to talk to? Arrival protocol: register at reception or security desk, visitor badge? Is access to ceiling spaces and other cable reticulation systems available? If access to high locations required, is a ladder available? What approvals are required to access and measure network traffic or performance?
Page 4 of 9

Request that any security personnel are aware of the visit?
b. Customer role: Develop a list of requirements relating to a proposed site visit by the network designer that the on-site technician can follow to ensure seamless interaction. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Answers vary; general points should include: c. Best time to have visit: which is best, non-peak time when there will less inconvenience or when the site is busy so the designer can witness the network under stress? Who will be available to meet with network designer? Who should meet the network designer? Visitor protocol: parking, which entrance to use, where to register, visitor badge? Who will host/guide the visit? What areas may have restricted access for both physical and operational reasons? Will other staff be made aware of the visit and its purpose? What safety issues have to be complied with?
Using the information recorded above, the student performing the network designer role simulates a telephone conversation with the student performing the customer role, to arrange a site visit that meets the requirements of both roles.
d. Record the agreed-upon terms and details of the visit. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Answers will vary but should include and be based upon the general points developed for each role. e. Add the agreed-upon details to the site visit plan.
Step 4: Approach to site visit

a. List points and issues that the network designer should follow while actually conducting the site visit. b. Discuss the most commonly chosen answers and the least commonly chosen answers.

_______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Answers vary; general points should include: Preparation: Dress appropriately for the task. Wear or carry company credentials. Bring the proper equipment by creating a standard checklist to ensure that all necessary materials are included.
On Site: Arrive on time Check with the proper staff upon entry into the stadium. Instill a sense of confidence in the customer by working quickly and professionally Ask questions clearly and precisely, allow for explanations and follow-up; use appropriate questioning techniques to obtain the relevant information Answer customer's questions politely and as completely as possible. Write down any questions that must be answered by other staff members. Advise the customer of the survey procedures. Report back to the customer staff before leaving the premises to inform them of the successful completion of the survey.
Safety guidelines: Follow the recommended safety guidelines to ensure proper operation and safe use of the wireless devices. Obtain customer approval before touching or attaching devices to any existing networking equipment.
Step 5: Reflection
Arranging a visit to a customer site to inspect their network and associated facilities can have many aspects. The data network of an organization is a vital part of their operations. Gaining access to inspect and record details of that network may require more detailed arrangements than this lab presents. Consider and discuss the arrangements required to visit to a high-security area such as government, aviation, or military location.

______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Responses and discussion will vary. Key points may include: Arranging appropriate and recognized identification credentials and clearances. Making the purpose of the site visit very clear so access to the relevant areas can be organized in advance of the visit. Gaining access to other areas when on site may not be possible without prior approval. Clarifying and following visitor protocols: registration upon arrival, staying within authorized limits. Knowing the identity of the official you are to meet. Signing and complying with Non-Disclosure Agreements, and other security and business protocols.
Page 7 of 9
Page 8 of 9
Page 9 of 9
Lab 3.4.3 Performing a Wireless Site Survey (Instructor Version)
Device Designation PC1 Wireless Router
Device Name PC1 WR1
Address 192.168.2.2 LAN 192.168.2.1
Subnet Mask 255.255.255.0 255.255.255.0
Objective
Use available tools to perform a wireless site survey.

This lab contains skills that relate to the following CCNA exam objective: Identify common issues with implementing wireless networks, including interface and misconfiguration.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What problems could arise if a wireless survey was not carried out before implementing a wireless LAN? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 1 of 6

Instructor Notes: The purpose of this lab is for the student to view wireless signal degradation as a wireless router is moved to different locations. Signal strength is to be reduced using walls, enclosures, and actual distant placement of the wireless Access Point. If distant placement of the router is unavailable, antennas on the Linksys wireless G router can be removed by unscrewing the base of the antenna (counterclockwise when looking at the back of the router). This will reduce signal strength and simulate an exaggerated distance between the PC1 and the Wireless Router. Students should understand that measuring signal strength is extremely important in creating a wireless survey. If a wireless laptop is available, it can be used to show signal strength when moving out of the room and when walls come between the laptop and the router. Configure the wireless Access Point with the LAN IP address shown in the topology. Save the configuration to the router so that the router can be moved around to different electrical outlets without having to reconfigure using Ethernet connections. Record the SSID number of the router so that the students can find the router when using Network Stumbler. The SSID is found under Basic Wireless Settings on the GUI menu of a Linksys router. An important factor when building a wireless network is understanding how a routers wireless signals travel. Many factors can reduce signal quality in a building. Signal strength and quality must be checked throughout the location to determine the best placement of the wireless Access Point (AP) device. Some locations may provide superior signal quality but are not secure. A survey of the building topology must be done to determine the best possible location for both signal strength and security. This lab will focus on signal strength by changing the location of a wireless router. Signal strength will be viewed by using the program Network Stumbler. The AP does not need to be physically connected to the network via an Ethernet cable to perform this task. We are simply going to plug in the AP and its power source to an electrical outlet, at increasing distances (from the wireless NIC in PC1), and view the signal strength on the PC1 device. The program Network Stumbler will be used to evaluate the wireless signal quality in the building. Go to http://www.netstumbler.com/downloads/. Download and install Network Stumbler 4.0 on PC1.
Step 1: Configure the wireless client PC1

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Referring to the topology diagram, configure the PC1 wireless NIC address to match the address shown in the topology for PC1. b. Ensure that power has been applied to the Wireless Router. c. From the command prompt of PC1, ping the Wireless Router to confirm network connectivity. If the pings fail, troubleshoot and establish connectivity.
Step 2: Monitor signal strength using Network Stumbler

a. On PC1, open the Network Stumbler program. b. In the Network Stumbler window, expand the SSIDs section and locate the SSID of the wireless router being used in this demonstration. NOTE: It may be possible that more than one SSID appears. Other wireless devices in the area may be configured to broadcast their SSIDs.
Page 2 of 6
c.
Expand that SSID number to find the Wireless Router MAC address. Click that address to open the Signal/Noise monitoring window to the right.
Page 3 of 6
The Green vertical bars in the moving graph indicate signal strength. Red bars indicate signal noise. The higher the green bars, the more signal strength. Additional information may be found in the Help menu of the Network Stumbler program (Help > User Interface > Configuration Dialog > Graph View). d. Record the signal strength of the Wireless Router at its current location and include its distance from PC1.
Step 3: Relocate the wireless AP

a. Unplug the power cord on the Wireless Router and move the device to a location outside the room, preferably more than 25 feet away, and plug the power cord into the nearest wall outlet within that area. b. Wait for the Wireless Router to power up, and then return to PC1 to view the Signal/Noise meter. Has the signal strength been reduced? __________ yes Record the signal strength of the Wireless Router at the current location and include its distance from PC1. __________________________________________________________________
Step 4: Relocate the wireless AP to a secure location

a. Unplug the power cord on the wireless router and move the device to a secure wiring closet, outside the classroom. This room should be able to be locked and also provide an AC wall outlet to plug in the Wireless Router power supply. b. Plug the power cord in and power up the Wireless Router. While waiting for the Wireless Router to power up, close the wiring closet door, and return to PC1 to view the Signal/Noise meter. Has the signal strength been reduced? __________ yes

If no wiring closet can be used, the Linksys antennas can be removed to simulate a long distance. Remove the antennas and place the router under a desk or in a cabinet.
c.
Record the signal strength of the Wireless Router at the current location and include its distance from PC1. Will the current placement of the Wireless Router be a good location to provide wireless access to other rooms within the area? __________________________________________ Answers vary depending on signal strength and device location security. Judge how far away end devices can be placed from the wireless Access Point and determine the number of end devices that the AP could provide service to. _________________________________________________________________ Answers vary depending on signal strength, obstructions and device bandwidth capacity. What obstructions tend to cause the largest drop in signal strength? _________________________________________________________________
Page 5 of 6

Step 5: Clean up
Return the wireless router to the classroom. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
Determine possible secure locations in your building topology that can contain wireless Access Points.
Page 6 of 6
Lab 3.5.2 Creating an Overall Project Goal Instructor Version

Objective
Identify and record the goals of a new network design project.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of a project goal statement useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What do you feel is the most important detail of the project goal statement? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. Acting as the network designers, students are to create and write each section of a design requirements document. In this lab, given the FilmCompany case study details, students are to develop an overall Project Goal statement. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should submit an individually compiled Project Goal document. The instructor may review this as at the completion of the lab or, alternatively, at the completion of the full project requirements document.
Page 1 of 3

FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for FilmCompany that will meet the requirements of this upgrade. As part of the new network design requirements, an overall Project Goal statement has to be developed. This section of the network design document states the overall goals of the upgrade and how this upgrade will help FilmCompany become more successful.
Step 1: Gather information about the company goals that this network upgrade will facilitate
Consider what FilmCompany sees as benefits that the upgraded network will provide to their business in terms of their new stadium contract. These business benefits will not be the direct technical improvements that networking technicians and engineers may see. A business manager does not necessarily see the network in terms of bandwidth, latency, efficient protocols, or device operation. They are more likely to consider issues of profitability, flexibility, customer service, and reliability. As a network designer, you take into account all the information obtained through interviewing the company managers and key members of the staff. a. Draft informal notes of what you consider to be the business benefits in this case. b. Use word processing software to create a Project Goal document based on these notes. c. Organize or group your informal notes and save these in your Project Goal document. General headings could include: Financial goals Job management goals Customer communication goals
Step 2: Summarize important goals in a list

a. Examine the general goals recorded and summarize these as three or four key points. 1) Begin each point with a verb, such as Provide, Increase, Improve, or equivalent word. 2) Try to include a measurable achievement if possible. For example: Provide the stadium with a broadcast-quality, 30-minute highlight video package within 3 hours of the conclusion of an event. b. Save the list of important goals in your Project Goal document.
Step 3: Develop an overall project goal statement

a. Write a single statement that introduces the summarized important goals. For example: The proposed network upgrade will enable FilmCompany to increase its share of the sports event video market through: Improved response times to customer requests Improved processing and delivery of video content across the network
Page 2 of 3

Improved communications access to customer facilities Ability for improved flexibility in meeting customer needs
b. Add this statement to your Project Goal document.
Step 4: Obtain agreement from the company on the project goal statement
FilmCompany has to agree with your assessment of the Project Goal before you proceed further with the design. If this is agreement is not obtained, the network you design may not meet the FilmCompany overall business requirements. An agreement provides clarification and acknowledgement of why the upgrade is to occur and what it is to achieve. a. Discuss your Project Goal document with another student and arrive at an agreed-upon Project Goal. It may be necessary to amend the statement and important goals before agreement is reached. b. Save your Project Goal document and retain it for the next stages of this network design case study.
Step 5: Reflection
Consider the issue of communication between the network designer and a manager of the company considering an upgrade of the business network. The network designer is trained in network operation and performance and how to optimize network resources and technologies to best provide network services. To the manager, the network is only one of a number of business tools that the company may use. The business manager probably wants to improve profitability and sees an enhanced network as a tool to help achieve that goal. A business manager is not likely to relate to a goal that is expressed solely in technical terms, such as an upgraded LAN with higher bandwidth, less latency, and maximized server utilization. Although most designers may want to talk about network capabilities, the lifecycle approach is about customer requirements and enabling the business process. Discuss some strategies that will enable clear communication between a network designer and a business manager so that the resulting Project Goal document represents business needs that ultimately can be met by a network design. Responses and discussion will vary. Important points could include: Students interested in networking, including related computer, IT systems, and technologies, may tend to be overly focused on the technical aspects of network design. At this early stage of the design lifecycle, it is important that students develop an awareness of the business imperatives that will drive a network upgrade of the nature, in this case study. Ensure that financial, sales, organizational, customer, and market goals are brought to the attention of students. Strategies could include: Moderate the technical language students may be tempted to use when communicating with nontechnical managers and staff. Have them role-play a customer of the organization with no technical networking knowledge. List the business outcomes from network capabilities; e.g., increased bandwidth may allow more simultaneous VoIP phone calls to be made, or wireless network access may result in inventories being more up-to-date and accurate.
Page 3 of 3
Lab 3.5.3 Creating a Scope Statement Instructor Version

Objective
Identify and record the scope of a new network design project.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of a project scope statement useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. As the network designers, students are to create and write each section of a Design Requirements document. In this lab, given the FilmCompany case study details, students are to develop an overall Project Scope statement. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should submit an individually compiled Project Scope document. The instructor may review this as at the completion of the lab or, alternatively, at the completion of the full project requirements document. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network designer. Your job is to develop network design and project documents for FilmCompany that will meet the requirements of this upgrade.
Page 1 of 3

As part of the new network design requirements, and based on the Project Goal statement, an overall Project Scope statement has to be developed. This section of the network design document outlines the physical areas, applications, and user groups affected by the network upgrade. It can also list components of the network that are beyond the scope of the network upgrade, such as server or application updates.
Step 1: Consider how meeting the project goals will impact the existing network
a. As the network designer, look at the existing network topology and the services that it provides. Consider how much of the network is affected or changed as a result of the project. b. Record what areas of the existing network will have to change or will in some way be affected by meeting the project goals. Draft informal descriptive notes of these possible changes. Organize these notes under headings such as: c. Access Layer Distribution Layer Core Layer Data Center Network Services WAN Access
Use word processing software to create a Project Scope document based on these notes.
Step 2: Refine and record the proposed changes to the existing network
a. Distinguish between possible upgrades to existing network resources, such as additional servers or VLANs, and completely new additional resources, such as QoS and WAN links. b. Record which areas and users will be affected by these changes. c. Include these network changes in your Project Scope document.
Step 3: Define the areas of the existing network not covered by the project
It is important to note the parts of the existing network that are not within the areas covered by the project. These out-of-scope areas are defined so that there is no misunderstanding between the NetworkingCompany and FilmCompany management. In this case study, for example, providing IP telephony services may be a future consideration, but it is not within the scope of this project. Clearly state these out-of-scope areas in your Project Scope document.
Step 4: Compile and present the project scope document

FilmCompany has to agree with your assessment of the Project Scope before you proceed further with the design. An agreement ensures that there is a common understanding about what is included in the network upgrade project and what is not included. a. Discuss your Project Scope with another student to ensure that the issues you present are clear. b. Save your Project Scope document and retain it for the next stages of this network design case study.
Page 2 of 3

Step 5: Reflection
It is important that a project have clearly defined boundaries so that all parties know what is included and what is not. Consider the issues of ensuring that customer business and network needs are satisfied before the scope is broadened beyond what is feasible and required. What strategies could be used to ensure that a project scope is developed that is clear and appropriate? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Responses and discussion will vary. Important points could include: Link each considered change or network enhancement to the project and business goals. Will including something in the scope lead to a goal being attained? Ensure that any new networking services and technologies are not included in the scope solely because they can be; make sure they are aligned with the company requirements and goals. Have different people, from both the network design company and the business, review the project scope and give their interpretation of it to ensure that it means the same thing to everyone.
Page 3 of 3
Lab 3.5.4 Developing Network Requirements Instructor Version

Objectives
Identify and record the new business and technical requirements of a new network design project. Develop network requirements.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of a network requirements document useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How do business goals affect the network requirements document? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. As the network designers, students are to create and write each section of a Design Requirements document. In this lab, given the FilmCompany case study details, students are to develop a Network Requirements document. Unlike the first two sections of the Design Requirements document (Labs 3.5.2 and 3.5.3), which are usually short, and without much detail, the Network Requirements section is more detailed. This section helps drive the network design and implementation of new technologies. Students are encouraged to consider all technical possibilities, with the understanding that not all possibilities may be implemented when the network requirements are finalized. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process.
Page 1 of 4

Regardless of the lab strategy adopted, each student should submit an individually compiled Network Requirements document. The instructor may review this as at the completion of the lab or, alternatively, at the completion of the full project requirements document. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network designer. Your job is to develop network design and project documents for FilmCompany that will meet the requirements of this upgrade. As part of the new network design requirements, and based on the Project Goal statement and Project Scope documents, a Network Requirements document has to be developed. This section of the network design document details the business goals, business constraints, technical requirements, user groups, and applications that influence the design of the new network.
Step 1: Record the company business goals and constraints that will influence the network design
As the network designer, you need to identify and prioritize the business goals of FilmCompany as defined in the Project Goals document. Develop your understanding of what these goals are from the FilmCompany case study information. a. List these goals in order of priority. b. Expand and consider the details of how these goals can be achieved using the network as a platform. c. Note any constraints that these expanded goals may impose on the network design, such as retaining the current number of IT and network support staff.
d. Use word processing software to create a Network Requirements document. e. Clearly state the business goals and constraints in the document.
Step 2: Record the technical requirements that will influence the network design
a. Evaluate each of the business goals and determine the technical requirements to meet the goals. List these technical requirements under the headings of: Scalability Availability and Performance Security Manageability
b. Initially, list all technologies that may be able to meet these technical requirements. c. Include these requirements in your Network Requirements document.
Step 3: Record the user requirements that will influence the network design
a. Consider the types of users that will influence the network design. These users may be onsite, in the office, in the video editing room, offsite (at the stadium), or mobile. Which types of users generate the heaviest amount of network traffic? Which types generate the lightest traffic? _______________________________________________________

_______________________________________________________ _______________________________________________________ _______________________________________________________ How might different types of users be grouped for Access Layer purposes? _______________________________________________________ _______________________________________________________ b. Include these requirements in your Network Requirements document.
Step 4: Record the application requirements that will influence the network design
a. Consider the type of applications that will influence the network design. What applications are essentially device-based, with minimal network requirements? _______________________________________________________ _______________________________________________________ _______________________________________________________ Which applications are network-intensive? _______________________________________________________ _______________________________________________________ _______________________________________________________ Which applications and services are delivered onsite, in the offices, and which may need to be delivered offsite over the WAN or to mobile users? _______________________________________________________ _______________________________________________________ _______________________________________________________ b. Include these requirements in your Network Requirements document.
Step 5: Develop the network requirements

a. Refine the technical requirements of the network to match user and application requirements. What compromises may have to be made to ensure that the project remains within the business constraints? _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ b. Finalize the technical requirements of the network that will meet the project goals. c. Discuss and review your Technical Requirements document with another student to ensure it addresses all the business, user, and application requirements within the Project Scope and does not unnecessarily address out-of-scope requirements. Modify the document as necessary.
d. Save and retain your Technical Requirements document for the next stage of this network design case study.
Page 3 of 4

Step 6: Reflection
Developing the technical requirements of a network that meets the project goals, while remaining within scope, requires knowledge of the available and appropriate technologies and services. Discuss strategies that will ensure that a network design team is up-to-date with networking technologies and their applications. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Responses and discussion will vary. Strategies could include: Subscribing to technical and industry journals (both hardcopy and online) Attending product launches and demonstrations Attending training seminars and courses Devising and implementing a personal professional development plan Maintaining current industry and vendor certification
Page 4 of 4
Lab 3.5.5 Analyzing an Existing Network (Instructor Version)

Objective
Characterize the current network in relation to the identified business and technical requirements of a new network design project.

This lab contains skills that relate to the following CCNA exam objectives: Describe the purpose and functions of various network devices. Interpret network diagrams.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How can a network analysis be useful in network topology upgrades? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. As the network designers, students are to create and write each section of a Design Requirements document. In this lab, given the FilmCompany case study details, students are to analyze the current network in relation to the identified business and technical requirements of a new network design project. Students may perform this lab individually or in small groups. Although the lab may be delivered as an instructor-led exercise, it is important to ensure that each student gives careful consideration to the issues and develops an understanding of the network design process themselves. Regardless of the lab strategy adopted, each student should submit an individually compiled written analysis of the current FilmCompany Corporation network. The instructor may review this at the completion of the lab or, alternatively, at the completion of the full project requirements document.
Page 1 of 5

FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network designer. Your job is to develop network design and project documents for FilmCompany that will meet the requirements of this upgrade. As part of the new network design requirements, the current network has to be analyzed against the project technical requirements. This section of the network design document describes what can be done to improve or eliminate the weaknesses and to build on the strengths of the existing network.
Step 1: Document and confirm existing network topology, addressing, and naming schemes
a. Examine the existing network topology diagram. 1) Record the current addressing scheme in a table. 2) Associate device names with addresses on the table. b. Highlight any inconsistencies in the naming and addressing schemes. For example: c. Naming some devices by location and others by function Inconsistent or confusing use of abbreviations Some gateway addresses as the first address of a subnet, others as the last address
Use word processing software to create a Current Network document.
Step 2: Identify those parts of the existing network that currently meet the project technical requirements
a. Examine the network topology and specifications. Record which current features meet the technical requirements of the proposed network upgrade. Examples include: Capacity (bandwidth, address ranges, VLANs) Redundant links Router and switch interfaces and ports Router and switch feature sets, memory, and processing capability WAN Wireless QoS
b. Include these strengths and capabilities in your Current Network document. Potential strengths may include: New wiring and adequate communications closets Adequate space for a new data center Servers and PCs are current models and will not need replacement
Page 2 of 5

Some existing network switches and routers can be used in the new design
Step 3: Identify those parts of the existing network that can be scaled to meet the project technical requirements
a. Examine the network topology and specifications. Record which current features do not meet the technical requirements of the proposed network upgrade but can be scaled within the capacity of the network to do so. Examples include: Capacity (bandwidth, address ranges, VLANs) Redundant links Router and switch interfaces and ports Router and switch feature sets, memory, and processing capability WAN Wireless QoS
b. Include these scalable features and capabilities in your Current Network document.
Step 4: Identify those parts of the existing network that do not to meet the project technical requirements
a. Examine the network topology and specifications. Record which current features do not meet the technical requirements of the proposed network upgrade and what additional networking resources are required. Examples include: Capacity (bandwidth, address ranges, VLANs) Redundant links Router and switch interfaces and ports Router and switch feature sets, memory, and processing capability WAN Wireless QoS
b. Include these weaknesses and shortfalls in your Current Network document. Possible weaknesses include: Flat network design Insufficient bandwidth at Distribution Layer, no true Core Layer Servers poorly located Multiple networks, difficult to maintain Poor IP addressing structure No dedicated bandwidth for WAN connectivity Limited wireless implementation
Page 3 of 5

Limited security implementations
Step 5: Obtain agreement and authorization from the company to continue with the network upgrade design
a. Finalize the Current Network document so that the strengths and shortfalls are clearly and precisely presented. b. Discuss and review your Current Network document with another student to ensure that it clearly states which parts of the network meet the technical requirements of the upgrade project and which parts do not. Amend the document as necessary to clarify any areas that could be misunderstood. At this stage of the network design process, a meeting with the FilmCompany management would be held to obtain their agreement and authorization to continue with the design of the upgrade. c. Save and retain your Current Network document so that it can be incorporated with the previous documents to complete this network design case study.
Step 6: Reflection
Consider the resources and information that will facilitate the task of analyzing a current network. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Responses and discussion may vary. Important points may include: Having up-to-date documentation showing such information as addressing, device names, VLAN allocations, switch port assignments Systematic and consistent host names, descriptions, and addressing schemes Software tools that record data flows and device identification Efficient and accurate fault and incidence reporting and clearance documentation to highlight and record problems
Page 4 of 5
Page 5 of 5
Lab 4.1.2 Characterizing Network Applications Instructor Version
Device Designation Discovery Server R1 S1 PC1
Device Name Business Services FC-CPE-1 FC-ASW-1 Host 1
Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1 10.0.0.200
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.0 255.255.255.0
Objective
Configure NetFlow to observe how the traffic flows.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps.
Page 1 of 8

Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of traffic flow useful in network design and in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. This lab introduces the configuration of NetFlow. This feature will be specifically applied in the later labs. Although Discovery Server is used to represent the FilmCompany business server, no actual services are used in this lab; therefore, a PC may be substituted and configured with the same IP address. Cisco IOS can include a feature called NetFlow that provides information about network users, network applications, peak usage times, and traffic routing. NetFlow can provide the following services: Network traffic accounting Usage-based network billing Network planning Security Denial of Service monitoring capabilities Network monitoring
Cisco routers that have the NetFlow feature enabled generate NetFlow records. These details can be viewed using show commands or exported from the router and collected using a NetFlow collector. Although initially implemented by Cisco, NetFlow is emerging as an IETF standard: Internet Protocol Flow Information eXport (IPFIX). See RFC 3954 at http://www.ietf.org/rfc/rfc3954.txt. NetFlow defines a data flow as a unidirectional sequence of packets that includes all of the following five values: 1. Source IP address 2. Destination IP address 3. Source TCP port 4. Destination TCP port 5. IP protocol In this lab, you will observe the results of configuring NetFlow. In later labs, you will see how the state of data flows across the current network can be established so that a network upgrade can be planned and implemented.
Page 2 of 8

Step 1: Cable and configure the current network
a. Connect and configure the devices in accordance with the topology and configuration given. For this lab, a PC workstation can substitute for a Discovery Server. b. Ping between Host 1 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 2: Configure NetFlow on the interfaces

NetFlow is configured to monitor data flows in or out of specific router interfaces. Ingress captures traffic that is being received by the interface. Egress captures traffic that is being transmitted by the interface. In this lab, the traffic will be monitored on both router interfaces and in both directions from within the console session. a. From the global configuration mode, issue the following commands: FC-CPE-1(config)#interface fastethernet 0/0 FC-CPE-1(config-if)#ip flow ? Note the two options available: ___________________________________________ egress ___________________________________________ ingress Enable outbound NetFlow Enable inbound NetFlow
Which option captures traffic that is being received by the interface? __________ ingress Which option captures traffic that is being transmitted by the interface? __________ egress b. Complete the NetFlow configuration. FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#interface fastethernet 0/1 FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#exit FC-CPE-1(config)#end
Step 3: Verify the NetFlow configuration

a. From the privileged EXEC mode, issue the show running-configuration command. For each FastEthernet interface, what statement from the running-configuration denotes that NetFlow is configured? interface FastEthernet0/0: ___________________________________________ ip flow ingress ___________________________________________ ip flow egress interface FastEthernet0/1: ___________________________________________ ip flow ingress ___________________________________________ ip flow egress b. From the privileged EXEC mode, issue the command: FC-CPE-1#show ip flow ? Note the three options available: ___________________________________________ export statistics Display export
Page 3 of 8

___________________________________________ interface configuration on Interfaces ___________________________________________ top-talkers FC-CPE-1#show ip flow interface FastEthernet0/0 ip flow ingress ip flow egress FastEthernet0/1 ip flow ingress ip flow egress Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not displayed. Display flow Display top talkers
Step 4: Create network data traffic

a. The captured data flow can be examined using the show ip cache flow command issued from the privileged EXEC mode. FC-CPE-1#show ip cache flow Issuing this command before any data traffic has flowed should produce output similar to the example shown here. IP packet size distribution (0 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 0 bytes 0 active, 0 inactive, 0 added 0 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds last clearing of statistics never Protocol Total Flows Packets Bytes Idle(Sec) -------Flows /Sec /Flow /Pkt SrcIf Pkts SrcIPaddress DstIf
Packets Active(Sec) /Sec /Flow /Flow
DstIPaddress
Pr SrcP DstP
b. List the seven highlighted column headings and consider what use this information may be in characterizing the network. ______________________________________________ Protocol ______________________________________________ Total Flows ______________________________________________ Flows per Second ______________________________________________ Packets per Flow ______________________________________________ Bytes per Packet ______________________________________________ Packets per Second ______________________________________________ Seconds of active flow
Page 4 of 8

______________________________________________ Seconds of no flow (idle) c. To ensure that flow cache statistics are reset, from privileged EXEC mode issue the command: FC-CPE-1# clear ip flow stats d. Ping the Business Server from Host 1 to generate a data flow. From the command line of Host 1, issue the command ping 172.17.1.1 -n 200
Step 5: View the data flows

a. At the conclusion of the data flow, the details of the flow can be viewed. From privileged EXEC mode, issue the command: FC-CPE-1#show ip cache flow Output similar to that shown below will be displayed. Some values and details may be different in your lab. IP packet size distribution (464 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .900 .096 .000 .000 .000 .000 .002 .000 .000 .000 .000 .000 .000 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 5 active, 4091 inactive, 48 added 1168 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 17416 bytes 0 active, 1024 inactive, 0 added, 0 added to flow 0 alloc failures, 0 force free 1 chunk, 1 chunk added last clearing of statistics never Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow UDP-DNS 31 0.0 1 72 0.0 0.0 15.5 UDP-other 10 0.0 2 76 0.0 4.1 15.2 ICMP 2 0.0 200 60 0.3 198.9 15.3 Total: 43 0.0 10 61 0.3 10.2 15.5 SrcIf SrcIPaddress Pkts < output omitted > DstIf DstIPaddress Pr SrcP DstP
b. Examine your output and list details that indicate data flow. Answers vary; details may be found for some or all of the following characteristics: ______________________________________________ Protocol ______________________________________________ Total Flows
Page 5 of 8

______________________________________________ Flows per Second ______________________________________________ Packets per Flow ______________________________________________ Bytes per Packet ______________________________________________ Packets per Second ______________________________________________ Seconds of active flow ______________________________________________ Seconds of no flow (idle)
Step 6: Stop the NetFlow capture

a. To deactivate NetFlow capture, issue the no ip flow command at the interface configuration prompt. FC-CPE-1(config)#interface fastethernet 0/0 FC-CPE-1(config-if)#no ip flow ingress FC-CPE-1(config-if)#no ip flow egress FC-CPE-1(config)#interface fastethernet 0/1 FC-CPE-1(config-if)#no ip flow ingress FC-CPE-1(config-if)#no ip flow egress b. To verify that NetFlow is deactivated, issue the show ip flow interface command from the privileged EXEC mode. FC-CPE-1#show ip flow interface FC-CPE-1# No output is displayed if NetFlow is off.
Step 7: Clean up
Step 8: Reflection
Consider the possible range of data flow types across a network and how a tool like NetFlow could be implemented to assist in analyzing those flows. _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Responses and discussion may vary. Important points may include: List of data flow categories and types: Client to Client, Client to Server, Server to Client, and Server to Server Email, intranet web, database flows, document file flows Number of separate flows of each type, size (bytes) of each flow, time each flow is on the network
Page 6 of 8
Final Configurations Router 1

version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip flow ingress ip flow egress duplex auto speed auto ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! ! ip http server no ip http secure-server ! ! ! control-plane ! ! !
Page 7 of 8

line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Page 8 of 8
Lab 4.2.3 Analyzing Network Traffic Instructor Version
Device Designation Discovery Server R1 PC1 PC2
Device Name Network Services FC-CPE-1 Host1 Host2
Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1 10.0.0.200 10.0.0.201
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.0 255.255.255.0 255.255.255.0
Objective
Upon completion of this activity, you will be able to: Identify and describe the network requirements to support file transfer and email applications.
Page 1 of 13

This lab contains skills that relate to the following CCNA exam objectives: Select the components required to meet a network specification. Describe common networked applications, including web applications.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What benefits are gained from designing a network to deliver services such as email and FTP before implementing it? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What problems could arise if email and FTP services are provided without first planning and designing the network? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: In this hands-on lab activity, students design a small network topology that supports email and file transfers. Upon completion, the traffic will be monitored using NBAR (Network-Based Application Recognition). NBAR is a Cisco IOS feature that identifies and classifies network applications. This allows critical business network applications and non-critical network applications to be classified using NBAR and marked for best effort service, policed, or blocked as required. This lab introduces only the monitoring features of NBAR; policy configuration is beyond the scope of this course. Discovery Server is used in this lab to provide representative application data traffic. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative application services, FTP, and Email. If an alternate server is used or DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name. After students design the network, they will use FTP to download the Thunderbird email client from Discovery Server. The email client is then installed on the local PC and used to send and receive emails to and from the other PC. Refer to the Discovery Server documentation for user accounts and password information. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the

StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. A part of this expansion requires consideration of the email and FTP services provided by the network. Users expect immediate access to their emails and to the files that they are sharing or updating. In this lab, you will generate some FTP and email traffic on a network and use the Cisco IOS NBAR (NetworkBased Application Recognition) feature to identify and examine that traffic.
Task 1: Design Network Access to FTP and Email Services

Step 1: FTP network considerations
File transfer traffic can put high-volume traffic onto the network. This traffic can have a greater effect on throughput than interactive end-to-end connections. Although file transfers are throughput-intensive, they typically have low response-time requirements. As part of the initial characterization of the network, it is important to identify the level of FTP traffic that will be generated. From this information, the network designers can decide on throughput and redundancy requirements. a. List possible file transfer applications that would generate traffic on the FilmCompany network. ______________________________________________________ Document sharing ______________________________________________________ Video production file transfer ______________________________________________________ ______________________________________________________ ______________________________________________________ b. List these applications by priority based on response time. 1. ______________________________________________________ Video production file transfer 2. ______________________________________________________ Document sharing 3. ______________________________________________________ 4. ______________________________________________________ 5. ______________________________________________________ c. List these applications by priority based on bandwidth requirements. 1. ______________________________________________________ Video production file transfer 2. ______________________________________________________ Document sharing 3. ______________________________________________________ 4. ______________________________________________________ 5. ______________________________________________________
Step 2: Email network considerations

Although customers expect immediate access to their emails, they usually do not expect emails to have network priority over files that they are sharing or updating. Emails are expected to be delivered reliably and accurately. Generally, emails are not throughput-intensive, except when there are enterprise-wide mail-outs or there is a denial of service attack. List some email policies that could control the volume of email data and the bandwidth used. _______________________________________________________________ Limit email attachment size
Page 3 of 13

_______________________________________________________________ Limit the number of recipients of bulk email messages _______________________________________________________________ Ensure that external email spam is filtered before being reaching the LAN _______________________________________________________________ _______________________________________________________________
Step 3: Configure and connect the host PCs

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Set the IP addresses for PC1 and PC2 as shown in the configuration table. b. Establish a terminal session to router R1 from one of the PCs, and configure the interfaces and hostname as shown in the configuration table.
Task 2: Configure NBAR to Examine Network Traffic

Step 1: Enable NBAR Protocol Discovery
NBAR can determine which protocols and applications are currently running on a network. NBAR includes the Protocol Discovery feature, which identifies the application protocols operating on an interface so that appropriate QoS policies can be developed and applied. To enable Protocol Discovery to monitor selected protocols on a router interface, issue the following commands from the global configuration mode: FC-CPE-1(config)#interface fastethernet 0/0 FC-CPE-1(config-if)#ip nbar protocol-discovery
Step 2: Confirm that Protocol Discovery is configured

From the privileged EXEC mode, issue the show running-config command and confirm that the following output appears under interface FastEthernet 0/0: interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nbar protocol-discovery If protocol-discovery is not confirmed, reissue the configuration commands for interface FastEthernet 0/0.
Task 3: Generate and Identify Network Traffic

Step 1: Generate FTP traffic
The Mozilla Thunderbird email client program will be downloaded from Discovery Server as an example of FTP. a. On PC1, launch a web browser and enter the URL ftp://server.discovery.ccna, Alternatively, from the command line, enter ftp server.discovery.ccna. If DNS is not configured the IP address 172.17.1.1 must be used instead of the domain name. b. Locate the file thunderbird_setup.exe in the pub directory, download the file, and save it on PC1. Repeat this step for PC2.
Page 4 of 13

Step 2: Generate Email traffic
If the Thunderbird email client has been installed and email accounts set up on both PC1 and PC2, proceed to Step 2d. Otherwise, install and set up the email client on PC1 and PC2 as described in Steps 2a through 2c. a. Install the Thunderbird email client on PC1 and PC2 by double-clicking the downloaded thunderbird_setup.exe file and accepting the default settings. b. When the installation has completed, launch the program. c. Configure email account settings as shown in this table. Field Account Name Value The account name is based on the pod and host computer. There are a total of 20 accounts configured on Discovery Server, labeled user[1..20].The password for each account is cheetah[1..20]. Use the same name as above. username@server.discovery.ccna POP 172.17.1.1 172.17.1.1
Your Name E-mail address Type of incoming server you are using Incoming Server (SMTP) Outgoing Server (SMTP)
1) On the Tools menu, click Account Settings.
2) Complete the required Thunderbird Account Settings. 3) In the left pane of the Account Settings screen, click Server Settings and complete the necessary details.
Page 5 of 13
4) In the left pane, click Outgoing Server (SMTP) and complete the proper configuration for the Outgoing Server (SMTP).
d. Send and receive two emails between accounts on each PC.
Step 3: Display the NBAR results

With Protocol Discovery enabled, any protocol traffic supported by NBAR, as well as the statistics associated with that protocol, can be discovered. a. To display the traffic identified by NBAR, issue the show ip nbar protocol-discovery command from the privileged EXEC mode. FC-CPE-1#show ip nbar protocol-discovery
Page 6 of 13

The output will have the following headings: FastEthernet0/0 Input ----Protocol Packet Count Byte Count 5min Bit Rate (bps) 5min Max Bit Rate (bps) --------------------- -----------------------Sample Output: FC-CPE-1#show ip nbar protocol-discovery FastEthernet0/0 Input ----Protocol Packet Count Byte Count 5min Bit Rate (bps) 5min Max Bit Rate (bps) ------------------------ -----------------------ftp 4317 279012 0 15000 dhcp 134 82812 1000 1000 pop3 70 4356 0 0 smtp 65 6298 0 0 http 3 580 0 0 dns 10 816 0 0 netbios 4 978 0 0 <<output omitted>> xwindows 0 0 0 0 unknown 2 122 0 0 Output -----Packet Count Byte Count 5min Bit Rate (bps) 5min Max Bit Rate (bps) ------------------------
Output -----Packet Count Byte Count 5min Bit Rate (bps) 5min Max Bit Rate (bps) -----------------------10757 14127498 62000 363000 0 0 0 0 59 7487 0 1000 67 5142 0 0 2 1222 0 0 10 816 0 0 0 0 0 0 0 0 0 0 3 170 0 0
Page 7 of 13

Total 4605 374974 1000 16000 10898 14142335 62000 364000
FC-CPE-1# b. List each protocol identified and the Input and Output information. ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ Output varies; sample for FTP: ftp 18 1295 0 0 16 1288 0 0
c.
Although the data traffic in this lab may not be sufficient to generate values for the 5min Bit rate (bps) and 5min Max Bit Rate (bps) fields, consider and discuss how these values would be applied to designing an FTP and email network. _____________________________________________________________________________ Can help determine average and peak network bandwidth requirements.
Step 4: Use NBAR to monitor other data traffic

NBAR can identify and monitor a range of network application traffic protocols. From the privileged EXEC mode of the router, issue the command show ip nbar port-map and note the output displayed. FC-CPE-1#show ip nbar port-map List some protocols that you consider should be monitored and policies applied to. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________

_______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Sample Output port-map bgp port-map bgp port-map bittorrent 6887 6888 6889 port-map citrix port-map citrix port-map cuseeme port-map cuseeme port-map dhcp port-map directconnect port-map dns port-map dns port-map edonkey port-map exchange port-map fasttrack port-map finger port-map ftp port-map gnutella port-map gnutella port-map gopher port-map gopher port-map h323 port-map h323 port-map http port-map imap port-map imap port-map irc port-map irc port-map kerberos port-map kerberos port-map l2tp port-map ldap port-map ldap port-map mgcp port-map mgcp port-map netbios port-map netbios port-map netshow port-map nfs port-map nfs port-map nntp port-map nntp port-map notes port-map notes port-map novadigm port-map novadigm port-map ntp port-map ntp port-map pcanywhere udp 179 tcp 179 tcp 6881 6882 6883 6884 6885 6886 udp tcp udp tcp udp tcp udp tcp tcp tcp tcp tcp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp 1604 1494 7648 7649 24032 7648 7649 67 68 411 412 413 53 53 4662 135 1214 79 21 6346 6347 6348 6346 6347 6348 6349 70 70 1300 1718 1719 1720 1300 1718 1719 1720 80 143 220 143 220 194 194 88 749 88 749 1701 389 389 2427 2727 2427 2428 2727 137 138 137 139 1755 2049 2049 119 119 1352 1352 3460 3461 3462 3463 3460 3461 3462 3463 123 123 22 5632
6355 5634
11720 11000 - 11999
3464 3465 3464 3465
Page 9 of 13

port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map port-map pcanywhere pop3 pop3 pptp printer printer rcmd rip rsvp rtsp secure-ftp secure-http secure-imap secure-imap secure-irc secure-irc secure-ldap secure-ldap secure-nntp secure-nntp secure-pop3 secure-pop3 secure-telnet sip sip skinny smtp snmp snmp socks sqlnet sqlserver ssh streamwork sunrpc sunrpc syslog telnet tftp vdolive winmx xwindows tcp udp tcp tcp udp tcp tcp udp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp tcp tcp udp tcp tcp tcp tcp tcp udp udp tcp udp tcp udp tcp tcp tcp 65301 5631 110 110 1723 515 515 512 513 514 520 1698 1699 554 990 443 585 993 585 993 994 994 636 636 563 563 995 995 992 5060 5060 2000 2001 2002 25 161 162 161 162 1080 1521 1433 22 1558 111 111 514 23 69 7000 6699 6000 6001 6002 6003
Step 5: Clean up
Page 10 of 13
CCNA Discovery Designing and Supporting Computer Networks Challenge

This lab considered only the volume of FTP and email data traffic and its impact on network design. Reliable access to servers is also important. In the space below, sketch a revised topology for this lab that would provide redundancy for these services. TOPOLOGY DIAGRAM FOR INSTRUCTOR VERSION ONLY
Page 11 of 13

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nbar protocol-discovery duplex auto speed auto ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! line con 0

password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Page 13 of 13
Lab 4.3.3 Prioritizing Traffic (Instructor Version)
Objective
Explain where QoS can be implemented to affect traffic flow.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is establishing Quality of Service on a network important? ______________________________________________________________________________________
Page 1 of 5

______________________________________________________________________________________ ______________________________________________________________________________________ What issues would arise if the wrong priorities were assigned to network data traffic? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. This lab refers to the curriculum StadiumCompany case study, not the lab FilmCompany case study. Students are to read all the information about the StadiumCompany presented to this stage of the course. Using this information and their understanding of the StadiumCompany network expansion project, students are to rank the expected network data traffic by priority. At the conclusion of this lab, each student should submit an individually compiled list of data traffic ranked by priority. However, student group discussion will enable an understanding of the wider, and often subjective, issues of determining QoS policy to be attained.
Step 1: Gather the data traffic information

a. Read through the StadiumCompany case study curriculum. List the current types of data traffic carried by the StadiumCompany network as well as the types planned for the future. ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________
Page 2 of 5

b. Refer to the topology diagram and the stadium network diagram information.
List the possible data sources and destinations on the StadiumCompany network. For example, there is likely to be data communications between the stadium management and the vendor management, but not between Team A and Team B. ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________
Step 2: Prioritize the data traffic

a. List the source, destination, and traffic type that will be assigned the High priority queue. ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________

____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ b. List the source, destination, and traffic type that will be assigned the Medium priority queue. ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ c. List the source, destination, and traffic type that will be assigned the Normal priority queue. ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ d. List the source, destination, and traffic type that will be assigned the Low priority queue. ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________
Page 4 of 5

Step 3: Finalize the Data Priorities
a. Discuss and review your data priority assignments with another student to ensure that it addresses all possible data. Modify your priorities as necessary. b. Highlight on the StadiumCompany topology diagram the device or devices where data traffic priority policies are likely to be configured.
Step 4: Reflection
Ideally, it may seem that all data traffic should be given a priority and queued accordingly. Consider and discuss the potential for network performance to be negatively affected if this policy were implemented everywhere on the network. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Delay sensitive data would see the same priority as non-delay sensitive data. Voice, video, given the same priority as other traffic, etc.
Page 5 of 5
Lab 4.3.4 Exploring Network QoS (Instructor Version)
Device Designation Discovery Server R1 R2 S1 PC1
Device Name Network Services ISP FC-CPE-1 FC-ASW-1 Host1
Address 172.17.1.1 Fa0/1 172.17.0.1 S0/1/0 10.10.0.1 Fa0/0 10.0.0.1 S0/1/0 10.10.0.2 10.0.0.200
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0
Objective
Explain where QoS can be implemented to affect traffic flow.

Page 1 of 12

Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is establishing priorities for different types of network traffic important? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What information does a network administrator need to set QoS requirements on the network? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: Correctly configuring and applying QoS policies to a network requires extensive networking knowledge, which is beyond CCNA level. However, it is very important that CCNA level students understand the need for QoS and the general principles that are applied in its implementation. This lab has students examine and apply some Cisco IOS priority commands to enable these commands to be recognized in production configurations they may encounter in the workplace. Data traffic generated in the lab will most likely be insufficient to test the configured priorities. Discussion of load testing a network to generate traffic of sufficient volume and variety to fully test configured priorities is the topic of the Challenge at the end of this lab. Further information is available at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt2/qcfpq.pdf The routers may be preconfigured or configured by the students with the IP addresses shown in the table. Important: Students may need to be reminded that routing has to be configured between the two routers before data traffic will flow. This lab uses Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP and HTTP/Web. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. The required network upgrade to support this growth in business will need to be able to carry a variety of data traffic types. Some of these data types may require priority access to network resources to ensure their useful and effective delivery. In this lab, you will examine and apply some of the Cisco IOS commands to configure priority queuing on a router.
Page 2 of 12

Step 1: Cable and configure the network
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Connect and configure the devices in accordance with the given topology and configuration. 1) Routing will have to be configured across the serial WAN link to establish data communications. 2) Configure Telnet access on each router. NOTE: Your instructor may substitute for Discovery Server an equivalent server for this lab. b. Ping between Host1 and Discovery Server to confirm network connectivity. 1) Confirm Application Layer connectivity by telnetting from R2 to R1. 2) Troubleshoot and establish connectivity if the pings or Telnet fail. c. After confirming the initial configurations, maintain a console terminal session connection with R2.
Step 2: Examine priority queue commands

Configuring Priority Queueing Configuring priority queueing (PQ) has two required steps and an optional third step: 1. Define the priority list (Required) 2. Assign the priority list to an Interface (Required) 3. Monitor priority queueing lists (Optional) A priority list contains the definitions for a set of priority queues. The priority list specifies which queue a packet will be placed in and, optionally, the maximum length of the different queues. To perform queueing using a priority list, you must assign the list to an interface. The same priority list can be applied to multiple interfaces. Alternatively, you can create many different priority policies to apply to different interfaces. Defining the Priority List The priority list is defined by: 1. Assigning packets to priority queues 2. Specifying the maximum size of the priority queues (Optional) Packets are assigned to priority queues based on the protocol type and the interface where the packets enter the router. The priority-list commands are read in order of appearance until a matching protocol or interface type is found. When a match is found, the packet is assigned to the appropriate queue and the search ends. Packets that do not match other assignment rules are assigned to the default queue. The following global configuration mode commands are used to specify in which queue a packet is placed. The command format is priority-list list-number Use a list-number of 1 and note the options available. a. Enter the following command and note the options available. FC-CPE-1(config)#priority-list 1 ? ____________________________________ default unspecified datagrams ____________________________________ interface from a named interface Set priority queue for Set priorities for packets
Page 3 of 12

____________________________________ protocol ____________________________________ queue-limit priority queues b. Note some of the protocol options available. FC-CPE-1(config)#priority-list 1 protocol ? ____________________________________ arp ____________________________________ bridge ____________________________________ cdp IP ARP Bridging Cisco Discovery Protocol priority queueing by protocol Set queue limits for
____________________________________ compressedtcp Compressed TCP (VJ) ____________________________________ http ____________________________________ ip ____________________________________ llc2 ____________________________________ pad ____________________________________ pppoe ____________________________________ snapshot c. Note the IP protocol options available. FC-CPE-1(config)#priority-list 1 protocol ip ? ____________________________________ high ____________________________________ medium ____________________________________ normal ____________________________________ low d. Note the HTTP protocol options available. FC-CPE-1(config)#priority-list 1 protocol http ? ____________________________________ high ____________________________________ medium ____________________________________ normal ____________________________________ low e. Note the IP protocol high priority options available. FC-CPE-1(config)#priority-list 1 protocol ip high ? ____________________________________ fragments packets ____________________________________ gt than a specified size ____________________________________ list ____________________________________ lt specified size ____________________________________ tcp 'from' the specified port Prioritize fragmented IP Prioritize packets greater To specify an access list Prioritize packets less than a Prioritize TCP packets 'to' or HTTP IP llc2 PAD links PPP over Ethernet Snapshot routing support
Page 4 of 12

____________________________________ udp 'from' the specified port ____________________________________ <cr> f. Note the IP protocol high priority TCP options available. FC-CPE-1(config)#priority-list 1 protocol ip high tcp ? ____________________________________ <0-65535> ____________________________________ domain ____________________________________ echo ____________________________________ ftp ____________________________________ ftp-data ____________________________________ irc ____________________________________ nntp (119) ____________________________________ pop3 ____________________________________ smtp (25) ____________________________________ telnet ____________________________________ www Over 30 port/service options are available. Port number Domain Name Service (53) Echo (7) File Transfer Protocol (21) FTP data connections (20) Internet Relay Chat (194) Network News Transport Protocol Post Office Protocol v3 (110) Simple Mail Transport Protocol Telnet (23) World Wide Web (HTTP, 80) Prioritize UDP packets 'to' or
Step 3: Configure an example priority queue

From the global configuration mode, issue the following commands. FC-CPE-1(config)#priority-list 1 protocol http high FC-CPE-1(config)#priority-list 1 protocol ip normal tcp ftp FC-CPE-1(config)#priority-list 1 protocol ip medium tcp telnet What do these commands establish? _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ A priority list (numbered "1") that sets HTTP packets to be marked as high priority, FTP packets as low priority, and Telnet packets as medium priority.
Step 4: Assign the priority list to an interface

a. From the global configuration mode, issue the following commands to assign the priority list to interface serial 0/1/0. FC-CPE-1(config)#int s0/1/0 FC-CPE-1(config-if)#priority-group 1 b. Confirm the priority list configuration. From the privileged EXEC mode, issue the show runningconfig command. Which statements in the configuration show that the priority list has been configured and applied correctly?
Page 5 of 12

_____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ interface Serial0/1/0 ip address 10.10.0.2 255.255.255.252 priority-group 1
priority-list 1 protocol http high priority-list 1 protocol ip normal tcp ftp priority-list 1 protocol ip medium tcp telnet c. Confirm that issuing the show queueing priority command from the privileged EXEC mode produces the following output: FC-CPE-1#show queueing priority Current DLCI priority queue configuration: Current priority queue configuration: List 1 1 1 Queue high normal medium Args protocol http protocol ip protocol ip
tcp port ftp tcp port telnet
Step 5: Examine the priority queues operation

a. On Host1, launch a web browser and enter the URL http://172.17.1.1 to access the web services configured on the server. b. Use FTP to download a file. On Host1, launch a new web browser window and enter the URL ftp://172.17.1.1, or from the command line issue ftp 172.17.1.1 c. Download a large file from the server; for example, the Thunderbird setup program file.
d. From the privileged EXEC mode, issue the following command: FC-CPE-1#show queueing interface s0/1/0 Output similar to this should be displayed: Interface Serial0/1/0 queueing strategy: priority Output queue utilization (queue/count) high/94 medium/0 normal/106759 low/0 Note the packet count for each queue: High __________ Medium __________ Normal __________ Low __________ e. Initiate a Telnet session from R2 to R1 and issue some show commands on R1. f. Close the Telnet session.
g. Issue the following command from the R2 privileged EXEC mode: FC-CPE-1#show queueing interface s0/1/0 Note the packet count for each queue: High __________ Medium __________ Normal __________ Low __________
Page 6 of 12

What is the significant difference when compared to the previous output form this command in Step 5d? _____________________________________________________________________________ The Medium queue now has a packet count; this is the priority assigned to Telnet packets.
Step 6: Determine the priority queue requirements for the case study
a. Using the FilmCompany case study, what would you expect the priority queue requirements to be? b. Discuss and compare your priorities with other students. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ c. Amend your priority list statements to include traffic associated with the proposed network upgrade. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
Step 7: Clean up
Challenge
The following privileged EXEC command displays the contents of packets inside a queue for a particular interface: show queue interface-type interface-number However, in this lab, it is not likely that sufficient data traffic was generated at one time for the interface queues to hold packets long enough to be inspected. Discuss how a network has to be load tested to ensure that all traffic priorities are met.

_____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
Page 8 of 12

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 duplex auto speed auto ! interface Serial0/1/0 ip address 10.10.0.1 255.255.255.252 no fair-queue clock rate 64000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! router rip version 2 network 10.0.0.0 network 172.17.0.0 ! ! ! ip http server no ip http secure-server ! ! !
Page 10 of 12

control-plane ! ! ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Router 2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1/0 ip address 10.10.0.2 255.255.255.252 priority-group 1 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000
Page 11 of 12

! router rip version 2 network 10.0.0.0 ! ! ! ip http server no ip http secure-server ! priority-list 1 protocol priority-list 1 protocol priority-list 1 protocol ! ! ! control-plane ! ! ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 end
http high ip normal tcp ftp ip medium tcp telnet
1000
Page 12 of 12
Lab 4.4.4 Investigating Video Traffic Impact on a Network Instructor Version
Device Designation Discovery Server R1 R2 S1 PC1
Device Name Network Services ISP FC-CPE-1 FC-ASW-1 Host1
Address 172.17.1.1 Fa0/1 172.17.0.1 S0/1/0 10.10.0.1 Fa0/0 10.0.0.1 S0/1/0 10.10.0.2 10.0.0.200
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0
Objective
Explain how voice and video traffic impacts the network design.

This lab contains skills that relate to the following CCNA exam objectives: Select the components required to meet a network specification. Describe common networked applications, including web applications. Describe the impact of applications (Voice over IP and Video over IP) on a network.
Page 1 of 8
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How could streaming video data affect the network performance? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What possible actions could a network administrator take if network performance was noted to be deteriorating due to video? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This lab demonstrates the impact of video data flows on the performance of the network when other data traffic is also flowing. Discovery Server is required to be set up to deliver streaming video/video on demand. Refer to Discovery Server documentation for details on configuring the video services. QuickTime Player has to be installed on Host1 - this can be downloaded from http:/www.apple.com/downloads The routers may be preconfigured or configured by the students with the IP addresses shown in the table and a clock rate of 56000 bps on the DCE interface of the serial connection. Important: Students may need to be reminded that routing has to be configured between the two routers before data traffic will flow. At least two different clock rates should be used for comparison; if time permits, a progressive increase of clock rate should be applied. The PC used requires both browser and media player software to be installed. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. The required network upgrade to support this growth in business will need to be able to carry video data traffic from remote sites without degrading the performance of the network for other users. In this lab, you will observe video streaming from Discovery Server across a serial connection and note the impact on other data traffic.

NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Connect and configure the devices in accordance with the given topology and configuration. 1) Set clock rate on the serial link to 56000. 2) Routing will have to be configured across the serial WAN link to establish data communications. NOTE: Your instructor may substitute for Discovery Server an equivalent server for this lab. b. Ping between Host1 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 2: Observe data traffic

In this step, you will generate concurrent data traffic and observe the time the flows take. a. From Host1 command line, issue the command ping 172.17.1 1 n 500 to generate a large number of pings to Discovery Server. b. While the pings are being generated on Host1, launch a web browser and enter the URL http://server.discovery.ccna or http://172.17.1.1 to access the web services configured on the server. c. Use FTP to download a file. On Host1, launch a new web browser window and enter the URL ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command line. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name.
d. Download a large file from the server; for example, the Thunderbird setup program file. Note the total time taken to complete the pings, access the web page, and download the file. _________________________________________ answers vary
Step 3: Stream the video file

Before beginning to stream the video ensure that QuickTime Player is installed on Host1, and that the video streaming service has been enabled on Discovery Server. See your instructor for advice if you are unsure. Launch QuickTime Player. Under File menu, go to Open URL Enter URL rtsp://172.17.1.1/MWO.sdp, or a URL as provided by the instructor. Note rate at which it plays back and the video and sound quality. Video Quality _________________________________ Answers vary. Sound Quality _________________________________ Answers vary.
Step 4: Observe both video and data traffic

a. From Host1 command line, issue the command ping 172.17.1 1 n 500 to generate a large number of pings to Discovery Server. b. While the pings are being generated, use QuickTime Player to access the streaming video URL again. c. While the video is being played, launch a new web browser window on Host1 and enter the URL http://server.discovery.ccna or http://172.17.1.1 to access the web services configured on the server.
Page 3 of 8

d. On Host1, launch another web browser window and enter the URL ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command line. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name. e. Download a large file from the server; for example, the Thunderbird setup program file. Note the total time taken to complete the pings, access the web page, and download the file. _________________________________________ Answers vary. Note rate at which it plays back and the video and sound quality. Video Quality _________________________________ Answers vary. Sound Quality _________________________________ Answers vary.
Step 5: Observe the data flows with a different serial link clock rate
a. Change the serial link clock rate to 250000 on the router with the DCE interface. b. Repeat Step 4 and record your observations. Note the total time taken to complete the pings, access the web page, and download the file. _________________________________________ Answers vary. Note rate at which it plays back and the video and sound quality. Video Quality _________________________________ Answers vary. Sound Quality _________________________________ Answers vary. c. Change the serial link clock rate to 2000000 on the router with the DCE interface.
d. Repeat Step 4 and record your observations. Note the total time taken to complete the pings, access the web page, and download the file. _________________________________________ Answers vary. Note rate at which it plays back and the video and sound quality. Video Quality _________________________________ Answers vary. Sound Quality _________________________________ Answers vary. Instructor Note: The Cisco 1841 router with WIC 2T Serial interfaces can support clock rates up to 4 000 0000 bits per second (4Mbps); other platforms and WIC 2A/S Serial interfaces may have a lower maximum clock rate.
Step 6: Record your general observations

Compare the different download times and video quality. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Page 4 of 8

Step 7: Clean up
Step 8: Reflection
Consider and discuss how video and other data traffic can share network resources while maintaining acceptable performance. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Video and data traffic can share the same network resources if adequate bandwidth is available or if traffic is prioritized. Data traffic can be delayed slightly in order to allow the more time sensitive video traffic to make use of the available bandwidth.
Page 5 of 8

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 duplex auto speed auto ! interface Serial0/1/0 ip address 10.10.0.1 255.255.255.252 no fair-queue clock rate 2000000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! router rip version 2 network 10.0.0.0 network 172.17.0.0 ! ! ! ip http server no ip http secure-server ! ! ! control-plane
Page 6 of 8

! ! ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Router 2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1/0 ip address 10.10.0.2 255.255.255.252 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! router rip version 2
Page 7 of 8

network 10.0.0.0 ! ! ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Page 8 of 8
Lab 4.5.1 Identifying Traffic Flows Instructor Version
Device Designation Discovery Server R1 S1 PC1
Device Name Business Services FC-CPE-1 FC-ASW-1 Host1
Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1 10.0.0.200
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.0 255.255.255.0
Objective
Describe what is meant by application traffic flows.

This lab contains skills that relate to the following CCNA exam objective: Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network.

Instructor note:

This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of traffic flow useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the network devices can handle the amount of traffic? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If an alternate server is used or DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name. FilmCompany is an expanding small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this expansion, the state of data flow across the current network has to be established so that the network upgrade can be planned and implemented. In this lab, you will use the Cisco routers IOS NetFlow feature capture and view data flow information.

NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router.

b. Establish a HyperTerminal or other terminal emulation program to the router. NOTE: Your instructor may substitute for Discovery Server an equivalent server for this lab. c. From the command prompt on Host1, ping between Host1 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.

From the global configuration mode, issue the following commands to configure NetFlow: FC-CPE-1(config)#interface fastethernet 0/0 FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#interface fastethernet 0/1 FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#ip flow egress

a. From the privileged EXEC mode, issue the show ip flow interface command. FC-CPE-1#show ip flow interface FastEthernet0/0 ip flow ingress ip flow egress FastEthernet0/1 ip flow ingress ip flow egress Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not displayed. b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset: FC-CPE-1#clear ip flow stats

A range of network application data flows is to be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab. a. Ping the Discovery Server from Host1 to generate a data flow. From the command line of Host1, issue the command ping 172.17.1.1 -n 200 b. Telnet to the Discovery Server from Host1. If Discovery Server is being used, issue the command telnet server.discovery.ccna from the command prompt of Host1. If Discovery Server is not being used, DNS is not configured , or if a terminal program such as HyperTerminal or TeraTerm is being used, telnet from Host1 to 172.17.1.1. c. On Host1, launch a web browser and enter the URL http://server.discovery.ccna If Discovery Server is not being used or DNS is not configured, then use http://172.17.1.1 to access the web services configured on that server. Instructor Note:
Page 3 of 7

If it is not possible to set up a dedicated web server on the host at address 172.17.1.1, the freeware server TinyWeb, available at http://www.ritlabs.com/en/products/tinyweb/, is extremely easy to set up and use. d. Use FTP to download a file. On Host1, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command line. If DNS is not configured use the IP address 172.17.1.1 instead of the domain name. Download a file from the server. NOTE: If the email client program is not installed on Host1, download that program file for use in the next step. e. If email accounts have been configured using the POP3 and SMTP services on Discovery Server, send an email using one of these accounts.

At the conclusion of the data flow, view the details by issuing the show ip cache flow command from privileged EXEC mode. FC-CPE-1#show ip cache flow Output similar to this will be displayed. IP packet size distribution (3969 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .351 .395 .004 .011 .001 .005 .009 .001 .002 .005 .001 .000 .000 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .013 .000 .195 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 2 active, 4094 inactive, 1368 added 22316 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 17416 bytes 0 active, 1024 inactive, 0 added, 0 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 02:50:15 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 9 0.0 13 47 0.0 5.2 10.8 TCP-FTP 28 0.0 7 62 0.0 0.8 10.4 TCP-WWW 64 0.0 7 138 0.0 0.3 2.1 TCP-other 16 0.0 75 840 0.1 0.0 4.1 UDP-DNS 878 0.0 1 72 0.0 0.0 15.4 UDP-other 347 0.0 3 88 0.1 4.5 15.5 ICMP 26 0.0 1 70 0.0 0.8 15.4 Total: 1368 0.1 2 318 0.3 1.2 14.6 < output omitted > From your output, list the name of each protocol with the number of flows. Answers vary. Examples shown. ________________________________ Telnet 9 flows ________________________________ FTP 28 flows

________________________________ WWW 64 flows ________________________________ DNS 878 flows ________________________________ ICMP 26 flows ________________________________ TCP other 16 flows ________________________________ UDP other 347 flows What was the total number of packets generated? ______________________ answers vary; 3969 packets Which protocol generated the most packets? ______________________ TCP other (75 x 16 = 1200) Which protocol produced the most bytes per flow? ______________________ TCP other (75 x 840 = 63000) Which protocol's flows were on the network the longest time? ______________________ Telnet 5.2 sec Which protocol used the longest amount of network time? ______________________ UDP other (4.5 x 347 = 1561.5 sec)
Step 6: Clean up
Step 7: Reflection
Create a projected applications document listing the applications planned to use the network. Responses vary but may include:
Application Type Email Voice Web Database
Application MS Outlook Call Manager/SIP Apache Server SQL Server
Protocol SMTP VRTP HTTP TCP
Priority Medium High Low Medium
Comments All users All users All users Restricted users
Page 5 of 7

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip flow ingress ip flow egress duplex auto speed auto ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! ip http server no ip http secure-server ! ! ! control-plane ! ! !
Page 6 of 7

line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Page 7 of 7
Lab 4.5.2 Diagramming Intranet Traffic Flows (Instructor Version)
Device Designation Discovery Server R1 S1 PC1 PC2
Device Name Business Services FC-CPE-1 FC-ASW-1 Host1 Host2
Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1 10.0.0.200 10.0.0.201
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.0 255.255.255.0 255.255.255.0
Objective
Diagram the flow of traffic to and from hosts and servers within the LAN.


Instructor note:
Page 1 of 8

This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is diagramming traffic flow useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What can be expected from diagramming traffic flows in a network? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name. The purpose of this lab is to simulate and capture typical local data traffic flows across a local LAN segment. As much example data traffic, such as web, FTP, and email, should be generated as possible. A local LAN segment typically includes a networked printer and a data exchange between the two hosts. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this expansion, the state of data flow across the current network has to be established so that the network upgrade can be planned and implemented. Developing a diagram of applications, devices, and traffic flow enables the designer to analyze the proposed design and identify where the network can be improved. The logical topology diagram shows that the servers are identified with the applications that will be used. Areas that require redundancy or increased security are also easier to identify. Redundant paths to the server and security measures, such as a hardware firewall, can be marked on the diagram. The logical design for the network must be aligned with the initial business goals
Page 2 of 8

and technical requirements of the customer. The diagram gives the designer and customer a visual idea of what is already on the network and helps to get a better view of what is still required. In this lab, you will use NetFlow to diagram the flow of traffic from host to host and from host to server within a LAN segment of FilmCompany. Preparing this diagram requires you to identify the hardware (hosts, servers, etc.) and determine the traffic generated across the network from the hosts and from the server.

NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the PC1 computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router. b. Establish a HyperTerminal or other terminal emulation program to the router. c. Ping between Host1 and Host2 and between the hosts and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail. NOTE: Your instructor may substitute for Discovery Server an equivalent server for this lab.

From the global configuration mode, issue the following commands to configure NetFlow: FC-CPE-1(config)#interface fastethernet 0/0 FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#interface fastethernet 0/1 FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#end

a. From the privileged EXEC mode, issue the show ip flow interface command. FC-CPE-1#show ip flow interface FastEthernet0/0 ip flow ingress ip flow egress FastEthernet0/1 ip flow ingress ip flow egress Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not displayed. b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset: FC-CPE-1#clear ip flow stats

A range of network application data flows between the Host1, Host2, and the server is to be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab. a. On Host1, launch a web browser and enter the URL http://server.discovery.ccna
Page 3 of 8

If Discovery Server is not being used, then use http://172.17.1.1 to access the web services configured on that server. Instructor Note: If it is not possible to set up a dedicated web server on the host at address 172.17.1.1, the freeware server TinyWeb, available at http://www.ritlabs.com/en/products/tinyweb/, is extremely easy to set up and use. b. On Host2, launch a web browser and enter the URL http://server.discovery.ccna If Discovery Server is not being used, then use http://172.17.1.1 to access the web services configured on that server. c. Use FTP to download a file. On Host1 and Host2, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command line. If DNS is not configured, use the IP address 172.17.1.1 instead of the domain name. Download a file from the server. d. If email accounts have been configured using the POP3 and SMTP services on Discovery Server, send two emails between users on Host1 and Host2 using these accounts. e. Set up Windows file sharing between Host1 and Host2 and copy a file from one to the other.

At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow command from privileged EXEC mode. FC-CPE-1#show ip cache verbose flow Examine the output and record the different data flows. Instructor Note: Flows details may vary, examples shown. Comments relate to network design considerations and could include the number of each flow, or size of the flow. Application Type Web Web File Transfer File Transfer Email Email File Share Source Intranet Web Server Intranet Web Server Intranet File Server Intranet File Server Host1 Host2 Host1 Destination Host1 Host2 Host1 Host2 Email Server Email Server Host2 Comments Vary
Step 6: Clean up
Page 4 of 8
CCNA Discovery Designing and Supporting Computer Networks Challenge

This lab simulates LAN data traffic. The LAN data flows of a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. a. On the FilmCompany initial current network topology shown on the next page, add PC host and printer icons as listed for each VLAN. Draw a circle that encloses the local LAN segments. b. Then, using the data flows recorded in this lab as a starting point, use different colors to mark the different LAN data flows between hosts and the server.
Page 5 of 8

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip flow ingress ip flow egress duplex auto speed auto ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! ip http server no ip http secure-server ! ! ! control-plane ! !
Page 7 of 8

! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Page 8 of 8
Lab 4.5.3 Diagramming Traffic Flows to and from Remote Sites (Instructor Version)
Device Designation Discovery Server R1
Device Name Business Services FC-CPE-1
Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.10.0.1 Fa0/0 10.10.0.2 Fa0/1 10.0.0.1 S0/1/0 10.10.10.1 Fa0/1 10.20.0.1 S0/1/0 10.10.10.2 10.0.0.200 10.20.0.200
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.0
R2
FC-CPE-2
R3 PC1 PC2
ISP Local Remote
Objective
Diagram the flow of traffic to and from remote sites.
Page 1 of 14
CCNA Discovery Designing and Supporting Computer Networks 640-802 CCNA Exam Objective

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is diagramming remote network traffic flows useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What can be learned from diagramming traffic flows to and from a remote network? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If an alternate server is used or DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name. The purpose of this lab is to simulate and capture typical network traffic flows from remote sites. As much example data traffic should be generated as possible, such as web, FTP, and email. This remote access would normally include VPN traffic. In this lab, a serial link to another router and connected hosts will simulate this remotely generated traffic from the sports stadium. Ensure that students examine and discuss the recorded data flows in the context of understanding which devices and resources are used for particular flows.
Page 2 of 14

Important: Students may need to be reminded that routing has to be configured between the three routers before data traffic will flow. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this expansion, the state of data flow across the current network has to be established so that the network upgrade can be planned and implemented. Developing a diagram of applications, devices, and traffic flow enables the designer to analyze the proposed design and identify where the network can be improved. The logical topology diagram shows that the servers are identified with the applications that will be used. Areas that require redundancy or increased security are also easier to identify. Redundant paths to the server and security measures, such as a hardware firewall, can be marked on the diagram. The logical design for the network must be aligned with the initial business goals and technical requirements of the customer. The diagram gives the designer and customer a visual idea of what is already on the network and helps to get a better view of what is still required. In this lab, you will use NetFlow to diagram the flow of traffic between a remote host at the stadium, the FilmCompany local network, and the data center. Preparing this diagram requires you to configure NetFlow on the three routers to determine the traffic generated across the network.

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Cable the topology given in the diagram. Ensure that power has been applied to both the host computer and router. b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the hostname and interfaces shown in the table. c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be configured on the three routers to establish data communications. NOTE: Your instructor may substitute for Discovery Server an equivalent server for this lab. d. From PC1, ping and PC2 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 2: Configure NetFlow on the router FC-CPE-1 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1. FC-CPE-1(config)#interface fastethernet 0/0 FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#interface fastethernet 0/1 FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#ip flow egress

a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface command. FC-CPE-1#show ip flow interface FastEthernet0/0 ip flow ingress ip flow egress

FastEthernet0/1 ip flow ingress ip flow egress Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not displayed. b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset: FC-CPE-1#clear ip flow stats
Step 4: Configure NetFlow on the router FC-CPE-2 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-2: FC-CPE-2(config)#interface fastethernet 0/0 FC-CPE-2(config-if)#ip flow egress FC-CPE-2(config-if)#ip flow ingress FC-CPE-1(config-if)#interface fastethernet 0/1 FC-CPE-2(config-if)#ip flow ingress FC-CPE-2(config-if)#ip flow egress FC-CPE-1(config-if)#interface serial 0/1/0 FC-CPE-2(config-if)#ip flow ingress FC-CPE-2(config-if)#ip flow egress FC-CPE-2(config-if)#end

a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface command. FC-CPE-2#show ip flow interface FastEthernet0/0 ip flow ingress ip flow egress FastEthernet0/1 ip flow ingress ip flow egress Serial0/1/0 ip flow ingress ip flow egress Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not displayed. b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset: FC-CPE-2#clear ip flow stats
Step 6: Configure NetFlow on the router ISP interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router ISP: ISP(config)#interface fastethernet 0/1 ISP(config-if)#ip flow ingress ISP(config-if)#ip flow egress ISP(config-if)#interface serial 0/0/0 ISP(config-if)#ip flow ingress ISP(config-if)#ip flow egress

ISP(config-if)#end

a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command. ISP#show ip flow interface FastEthernet0/1 ip flow ingress ip flow egress Serial0/1/0 ip flow ingress ip flow egress Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not displayed. b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset: ISP#clear ip flow stats

A range of network application data flows between the remote site, the FilmCompany LAN, and the network server is to be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab. a. On both PCs launch a web browser and enter the URL http://server.discovery.ccna If Discovery Server is not being used, or DNS is not configured, then use http://172.17.1.1 to access the web services configured on that server. Instructor Note: If it is not possible to set up a dedicated web server on the host at address 172.17.1.1, the freeware server TinyWeb, available at http://www.ritlabs.com/en/products/tinyweb/, is extremely easy to set up and use. b. Use FTP to download a file. On both PCs, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command line. If DNS is not configured use 172.17.1.1 instead of the domain name. Download a file from the server. c. If email accounts have been configured using the POP3 and SMTP services on Discovery Server, send two emails in each direction between the user on the LAN and the Remote User using these accounts.
d. To simulate data traffic between the two PCs, ping between them. Attempt to establish a Telnet session between the two PCs. If file sharing has been enabled, copy a file in both directions between the two.

a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow command from privileged EXEC mode on each router. FC-CPE-1#show ip cache verbose flow FC-CPE-2#show ip cache verbose flow
Page 5 of 14

ISP#show ip cache verbose flow Router 1 Sample Output
FC-CPE-1#show ip cache verbose flow IP packet size distribution (1050 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .672 .278 .015 .000 .007 .000 .000 .000 .000 .000 .000 .001 .003 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .001 .000 .003 .011 .003 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 1 active, 4095 inactive, 150 added 2280 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 1 active, 1023 inactive, 27 added, 27 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:12:31 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-FTP 8 0.0 7 54 0.0 3.7 12.1 TCP-WWW 8 0.0 5 196 0.0 0.2 1.5 TCP-SMTP 16 0.0 15 72 0.3 15.8 1.7 TCP-other 32 0.0 11 77 0.5 2.2 1.5 UDP-DNS 49 0.0 5 67 0.3 6.1 15.6 UDP-other 38 0.0 1 83 0.0 0.0 15.4 Total: 151 0.2 6 77 1.4 4.3 10.2 SrcIf Port Msk AS FC-CPE-1# SrcIPaddress DstIf Port Msk AS DstIPaddress NextHop Pr TOS Flgs Pkts B/Pk Active
Router 2 Sample Output

FC-CPE-2#show ip cache verbose flow IP packet size distribution (982 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .665 .164 .016 .000 .008 .000 .000 .000 .000 .000 .000 .002 .004 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .002 .000 .004 .128 .004 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 3 active, 4093 inactive, 145 added 2617 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 2 active, 1022 inactive, 50 added, 50 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:11:43 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 6 0.0 3 45 0.0 3.6 10.7 TCP-FTP 8 0.0 7 54 0.0 3.7 11.8 TCP-WWW 8 0.0 5 196 0.0 0.2 1.7 TCP-SMTP 16 0.0 15 72 0.3 15.8 1.6

TCP-other UDP-DNS UDP-other ICMP Total: SrcIf Port Msk AS Fa0/1 0044 /0 0 Se0/1/0 0208 /0 0 IPM: 0 FC-CPE-2# 32 8 59 9 146 SrcIPaddress 0.0.0.0 10.10.10.2 0 0.0 0.0 0.0 0.0 0.2 11 1 1 4 5 DstIf Port Msk AS Null 0043 /0 0 Null 0208 /0 0 77 69 55 60 76 0.5 0.0 0.0 0.0 1.2 2.2 0.1 0.0 4.3 2.8 1.4 15.3 15.4 15.4 9.7
DstIPaddress Pr TOS Flgs Pkts NextHop B/Pk Active 255.255.255.255 11 00 10 120 0.0.0.0 604 729.9 224.0.0.9 11 C0 10 1 0.0.0.0 52 0.0

ISP#show ip cache verbose flow IP packet size distribution (502 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .709 .225 .015 .000 .007 .000 .001 .000 .000 .000 .000 .000 .007 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .003 .000 .003 .015 .007 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 1 active, 4095 inactive, 90 added 1274 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 1 active, 1023 inactive, 25 added, 25 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:11:21 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 6 0.0 3 45 0.0 3.6 10.7 TCP-WWW 8 0.0 5 196 0.0 0.2 1.5 TCP-SMTP 8 0.0 18 70 0.2 21.3 1.5 TCP-other 16 0.0 12 83 0.2 4.3 1.5 UDP-DNS 8 0.0 1 69 0.0 0.1 15.4 UDP-other 33 0.0 1 87 0.0 0.0 15.4 ICMP 10 0.0 4 60 0.0 5.4 15.5 Total: 89 0.1 5 85 0.7 3.6 10.1 SrcIf Port Msk AS Se0/1/0 0208 /0 0 IPM: 0 ISP# SrcIPaddress 10.10.10.1 0 DstIf Port Msk AS Null 0208 /0 0 DstIPaddress NextHop 224.0.0.9 0.0.0.0 Pr TOS Flgs Pkts B/Pk Active 11 C0 10 1 92 0.0
b. Examine the output and record the different data flows for each router. Instructor Note: Flows details may vary, examples shown. Comments relate to network design considerations and could include the number of each flow, or size of the flow. Router FC-CPE-1 Data Flows Application Type Source Destination Comments
Page 7 of 14

Application Type Web Web File Transfer File Transfer Email Email Source Network Web Server Network Web Server Network File Server Network File Server Network Email Server Network Email Server Destination Local Remote Local Remote Local Remote Comments Vary
Router FC-CPE-2 Data Flows Application Type Web Web File Transfer File Transfer Email Email File Share File Share Source Network Web Server Network Web Server Network File Server Network File Server Network Email Server Network Email Server Local Remote Destination Local Remote Local Remote Local Remote Remote Local Comments Vary
Router ISP Data Flows Application Type Web File Transfer Email File Share File Share Source Network Web Server Network File Server Network Email Server Local Remote Destination Remote Remote Remote Remote Local Comments Vary
Page 8 of 14

Application Type Source Destination Comments
c.
Discuss and compare the data flows for each router. Particularly consider how recording these flows can assist in understanding which network devices and resources are used for particular flows.
Step 10: Clean up

Challenge
This lab simulates the flow of traffic to and from FilmCompany remote sites. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN. On the FilmCompany initial current network topology shown on the next page, add two remote site hosts attached to the "far" side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study initially, the FilmCompany remote sites access its network across the Internet. One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame Relay for the stadium-based remote sites to access the FilmCompany network. Using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different data flows between the remote hosts and devices on the FilmCompany network.
Page 9 of 14

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.10.0.1 255.255.255.252 ip flow ingress ip flow egress duplex auto speed auto ! interface FastEthernet0/1 ip address 172.17.0.1 255.255.0.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! router rip version 2 network 10.0.0.0 network 172.17.0.0 ! ! ! ip http server
Page 11 of 14

no ip http secure-server ! ! ! control-plane ! ! ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Router 2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-2 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip cef ! ! ! interface FastEthernet0/0 ip address 10.10.0.2 255.255.255.252 ip flow ingress ip flow egress duplex auto speed auto ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0
Page 12 of 14

ip address 10.10.10.1 255.255.255.252 ip flow ingress ip flow egress no fair-queue clock rate 64000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! router rip version 2 network 10.0.0.0 ! ! ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! line con 0 password cisco login line aux 0 line vty 0 1 password cisco login line vty 2 4 login ! scheduler allocate 20000 1000 end
Router 3
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model
Page 13 of 14

ip cef ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 ip address 10.20.0.1 255.255.255.0 ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/1/0 ip address 10.10.10.2 255.255.255.252 ip flow ingress ip flow egress ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! router rip version 2 network 10.0.0.0 ! ! ! ip http server no ip http secure-server ! ! ! control-plane ! ! ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Page 14 of 14
Lab 4.5.4 Diagramming External Traffic Flows (Instructor Version)
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.0
R2
FC-CPE-2
R3 PC1 PC2
ISP Local Remote
Objective
Diagram traffic flows destined to the Internet gateway and incoming from the Internet to locally provided services.
Page 1 of 14
CCNA Discovery Designing and Supporting Computer Networks 640-802 CCNA Exam Objective

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is diagramming Internet traffic flows useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What can be learned from diagramming traffic flows to and from the Internet? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If the DNS is not configured, the IP address 172.17.1.1 will need to be used in place of the domain name. The purpose of this lab is to simulate and capture typical outgoing network traffic flows to the Internet gateway and incoming flows from the external Internet. As much example data traffic should be generated as possible, such as web, FTP, and email. In this lab, a serial link between two routers and a connected host will simulate the Internet, with Discovery Server representing the FilmCompany web, email and file servers. Students should examine and discuss the recorded data flows in the context of understanding which devices and resources are used for particular flows, and then compare these flows with those of the previous lab.
Page 2 of 14

Important: Students may need to be reminded that routing has to be configured between the routers before data traffic will flow. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this expansion, the state of data flow across the current network has to be established so that the network upgrade can be planned and implemented. Developing a diagram of applications, devices, and traffic flow enables the designer to analyze the proposed design and identify where the network can be improved. The logical topology diagram shows that the servers are identified with the applications that will be used. Areas that require redundancy or increased security are also easier to identify. Redundant paths to the server and security measures, such as a hardware firewall, can be marked on the diagram. The logical design for the network must be aligned with the initial business goals and technical requirements of the customer. The diagram gives the designer and customer a visual idea of what is already on the network and helps to get a better view of what is still required. You will use NetFlow to identify the applications traffic that is destined for the Internet gateway and incoming traffic from the Internet to the local resources. Preparing this diagram requires you to configure NetFlow on the three routers to determine the traffic generated across the network. By determining the traffic flows associated with the Internet, internal or external, the designer can assess the need for redundancy and security to facilitate the traffic that is generated. In this Lab, PC2 represents a host on the Internet that communicates with the FilmCompany network.

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Cable the topology given in the diagram. Ensure that power has been applied to both the host computer and router. b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the hostname and interfaces shown in the table. c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be configured on the three routers to establish data communications. NOTE: Your instructor may substitute for Discovery Server an equivalent server for this lab. d. From PC1 ping both PC2 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.
Step 2: Configure NetFlow on router FC-CPE-1 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1. FC-CPE-1(config)#interface fastethernet 0/0 FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#interface fastethernet 0/1 FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#end

a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface command.

FC-CPE-1#show ip flow interface FastEthernet0/0 ip flow ingress ip flow egress FastEthernet0/1 ip flow ingress ip flow egress Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not displayed. b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset: FC-CPE-1#clear ip flow stats


Step 6: Configure NetFlow on router ISP interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router ISP: ISP(config)#interface fastethernet 0/1 ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress ISP(config-if)#interface serial 0/1/0 ISP(config-if)#ip flow ingress ISP(config-if)#ip flow egress ISP(config-if)#end


A range of Internet application data flows between PC2 (the Internet) and the FilmCompany network is to be generated and captured. Generate as many of the data flows shown below as it is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab. a. On PC2, launch a web browser and enter the URL http://server.discovery.ccna If Discovery Server is not being used, or DNS is not configured, then use http://172.17.1.1 to access the web services configured on that server. Instructor Note: If it is not possible to set up a dedicated web server on the host at address 172.17.1.1, the freeware server TinyWeb, available at http://www.ritlabs.com/en/products/tinyweb/, is extremely easy to set up and use. b. Use FTP to download a file. On PC2, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command line. If DNS is not configured use the IP address 172.17.1.1 instead of the domain name. (example: http://172.17.1.1 ) Download a file from the server. c. If email accounts have been configured using the POP3 and SMTP services on Discovery Server, send two emails from PC2 using these accounts.

a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow command from privileged EXEC mode on each router. FC-CPE-1#show ip cache verbose flow FC-CPE-2#show ip cache verbose flow
Page 5 of 14

ISP#show ip cache verbose flow Router 1 Sample Output
FC-CPE-1#show ip cache verbose flow IP packet size distribution (313 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .626 .309 .012 .000 .019 .000 .000 .000 .000 .006 .000 .006 .000 .006 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .012 .000 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 0 active, 4096 inactive, 61 added 820 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 0 active, 1024 inactive, 13 added, 13 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:06:00 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-WWW 4 0.0 5 87 0.0 0.1 1.0 TCP-SMTP 8 0.0 19 68 0.4 13.6 1.7 TCP-other 8 0.0 12 82 0.2 1.3 1.3 UDP-DNS 24 0.0 1 72 0.0 0.0 15.7 UDP-other 17 0.0 1 86 0.0 0.0 15.5 Total: 61 0.1 5 75 0.8 1.9 11.0 SrcIf Port Msk AS FC-CPE-1# SrcIPaddress DstIf Port Msk AS DstIPaddress NextHop Pr TOS Flgs Pkts B/Pk Active

FC-CPE-2#show ip cache verbose flow IP packet size distribution (345 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .626 .173 .011 .000 .017 .000 .000 .000 .000 .005 .000 .005 .000 .005 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .153 .000 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 1 active, 4095 inactive, 44 added 860 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 0 active, 1024 inactive, 20 added, 20 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:04:58 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-WWW 4 0.0 5 87 0.0 0.1 1.6 TCP-SMTP 8 0.0 19 68 0.5 13.6 1.3 TCP-other 8 0.0 12 82 0.3 1.3 1.4 UDP-DNS 2 0.0 1 70 0.0 0.0 15.0 UDP-other 24 0.0 1 53 0.0 0.0 15.4 Total: 46 0.1 6 73 1.0 2.6 9.3

SrcIf Port Msk AS Fa0/1 0044 /0 0 Fa0/0 0208 /0 0 IPM: 0 FC-CPE-2# SrcIPaddress 0.0.0.0 10.10.0.1 0 DstIf Port Msk AS Null 0043 /0 0 Null 0208 /0 0 DstIPaddress Pr TOS Flgs Pkts NextHop B/Pk Active 255.255.255.255 11 00 10 191 0.0.0.0 604 1168.0 224.0.0.9 11 C0 10 1 0.0.0.0 52 0.0

ISP#show ip cache verbose flow IP packet size distribution (281 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .697 .231 .014 .000 .021 .000 .000 .000 .000 .007 .000 .007 .000 .007 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .014 .000 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 1 active, 4095 inactive, 29 added 297 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 1 active, 1023 inactive, 9 added, 9 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:03:54 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-WWW 4 0.0 5 87 0.0 0.1 1.7 TCP-SMTP 8 0.0 19 68 0.6 13.6 1.5 TCP-other 8 0.0 12 82 0.4 1.3 1.6 UDP-other 8 0.0 1 92 0.0 0.0 15.4 Total: 28 0.1 10 75 1.2 4.3 5.5 SrcIf Port Msk AS Se0/1/0 0208 /0 0 IPM: 0 ISP# SrcIPaddress 10.10.10.1 0 DstIf Port Msk AS Null 0208 /0 0 DstIPaddress NextHop 224.0.0.9 0.0.0.0 Pr TOS Flgs Pkts B/Pk Active 11 C0 10 1 92 0.0
b. Examine the output and record the different data flows for each router. Instructor Note: Flows details may vary, examples shown. Comments relate to network design considerations and could include the number of each flow, or size of the flow. Router FC-CPE-1 Data Flows Application Type Web Web File Transfer File Transfer Source Network Web Server Network Web Server Network File Server Network File Server Destination Local Remote Local Remote Comments Vary
Page 7 of 14

Application Type Email Email Source Network Email Server Network Email Server Destination Local Remote Comments
Router FC-CPE-2 Data Flows Application Type Web Web File Transfer File Transfer Email Email Source Network Web Server Network Web Server Network File Server Network File Server Network Email Server Network Email Server Destination Local Remote Local Remote Local Remote Comments Vary
Router ISP Data Flows Application Type Web File Transfer Email Source Network Web Server Network File Server Network Email Server Destination Remote Remote Remote Comments Vary
c.
Discuss and compare the data flows for each router. Particularly consider how these flows differ from Lab 4.5.3 and the implications this has in understanding which network devices and resources are used for particular flows.
Step 10: Clean up

Challenge
This lab simulates the flow of traffic to and from FilmCompany network and the Internet. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week.
Page 8 of 14

On the FilmCompany initial current network topology shown on the next page, highlight the network Internet link. Using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different possible data flows between the hosts and devices on the FilmCompany network to and from the Internet.
Page 9 of 14

Page 11 of 14

Router 2
Page 12 of 14

Router 3
Page 13 of 14

Page 14 of 14
Lab 4.5.5 Diagramming Extranet Traffic Flows (Instructor Version)
Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.252 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.0
R2
FC-CPE-2
R3 PC1 PC2
ISP Video Workstation Extranet Host
Objective
Use NetFlow to diagram FilmCompany Extranet traffic flows.

Page 1 of 14
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is diagramming extranet traffic flows useful in network administration? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What can be learned from diagramming traffic flows to and from the extranet? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: Labs 4.1.2, 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5 use the Cisco IOS NetFlow feature to record and identify a range of application and data flows across a network. An introduction to the configuration and features of NetFlow was provided in Lab 4.1.2. Each lab in this series can be performed independently or may be performed as a single group of activities. These labs use Discovery Server to provide representative application and service data flows. See CCNA Discovery Server FAQ on Academy Connection Tools. Alternatively, a local lab server can be set up to provide representative data traffic. If possible, this should include Telnet, FTP, HTTP/Web, and email. If the Discovery Server is used in this lab activity, the PCs will need to have a statically configured DNS of 172.17.1.1 (the Discovery Server) so that they can retrieve the web page using the URL of http://server.discovery.ccna. If an alternate server is used, or DNS is not configured, the IP address 172.17.1.1 must be substituted for the domain name. The purpose of this lab is to simulate and capture typical network traffic flows from the FilmCompany extranet. This service provides network access from remote trusted sites, such as customers. As much example data traffic should be generated as possible, such as web, FTP, and email. This remote access would normally include VPN traffic. In this lab, a serial link to another router and connected hosts will simulate this remotely generated traffic from the FilmCompany extranet at the sports stadium. Students should examine and discuss the recorded data flows in the context of understanding that devices and resources are used for particular flows, and then compare these flows with those of the previous labs, noting similarities and differences. Important: Students may need to be reminded that routing has to be configured between the routers before data traffic will flow. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the
Page 2 of 14

StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this expansion, the state of data flow across the current network has to be established so that the network upgrade can be planned and implemented. Developing a diagram of applications, devices, and traffic flow enables the designer to analyze the proposed design and identify where the network can be improved. The logical topology diagram shows that the servers are identified with the applications that will be used. Areas that require redundancy or increased security are also easier to identify. Redundant paths to the server and security measures, such as a hardware firewall, can be marked on the diagram. The logical design for the network must be aligned with the initial business goals and technical requirements of the customer. The diagram gives the designer and customer a visual idea of what is already on the network and helps to get a better view of what is still required. In this lab, you will use NetFlow to diagram the flow of traffic to and from two trusted remote partners, or customers, at the stadium to the FilmCompany network. Preparing this diagram requires you to identify the remote hosts and determine the traffic generated across the network, both from the hosts and from the FilmCompany server. In this Lab, PC2 represents a host on the FilmCompany extranet that communicates with the FilmCompany network.

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Cable the topology given in the diagram. Ensure that power has been applied to both the host computer and router. b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the hostname and interfaces shown in the table. c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be configured on the three routers to establish data communications. NOTE: Your instructor may substitute for Discovery Server an equivalent server for this lab. d. From PC1, ping PC2 and Discovery Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings fail.

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1. FC-CPE-1(config)#interface fastethernet 0/0 FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#interface fastethernet 0/1 FC-CPE-1(config-if)#ip flow ingress FC-CPE-1(config-if)#ip flow egress FC-CPE-1(config-if)#end

a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface command. FC-CPE-1#show ip flow interface FastEthernet0/0 ip flow ingress

ip flow egress FastEthernet0/1 ip flow ingress ip flow egress Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not displayed. b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset: FC-CPE-1#clear ip flow stats


Step 6: Configure NetFlow on router ISP interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router ISP: ISP(config)#interface fastethernet 0/1 ISP(config-if)#ip flow ingress ISP(config-if)#ip flow egress ISP(config-if)#interface serial 0/1/0 ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress ISP(config-if)#end


Ideally, a range of network application data flows between the trusted extranet host PC2 and PC1 on the FilmCompany LAN should be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab. To simulate data traffic between the two PCs: a. Ping between them. b. Attempt to establish a Telnet session between the two PCs. c. If you have rights, enable file sharing and copy a file in both directions between the two PCs.
Instructor Note: If Discovery Server v2 is used an option is to also have PC2 access the streaming video service. See Chapter 4 Lab 4.4.4 for details.

a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow command from privileged EXEC mode on each router. FC-CPE-1#show ip cache verbose flow FC-CPE-2#show ip cache verbose flow ISP#show ip cache verbose flow Router 1 Sample Output
FC-CPE-1#show ip cache verbose flow IP packet size distribution (12 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes
Page 5 of 14

0 active, 4096 inactive, 12 added 192 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 0 active, 1024 inactive, 8 added, 8 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:03:38 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow UDP-DNS 2 0.0 1 70 0.0 0.0 15.7 UDP-other 10 0.0 1 87 0.0 0.0 15.5 Total: 12 0.0 1 84 0.0 0.0 15.5 SrcIf Port Msk AS FC-CPE-1# SrcIPaddress DstIf Port Msk AS DstIPaddress NextHop Pr TOS Flgs Pkts B/Pk Active

FC-CPE-2#show ip cache verbose flow IP packet size distribution (5223 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .303 .030 .142 .031 .034 .001 .002 .001 .000 .000 .004 .000 .075 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .020 .351 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 9 active, 4087 inactive, 62 added 1970 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 0 active, 1024 inactive, 20 added, 20 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:04:31 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 18 0.0 3 45 0.2 3.6 10.9 TCP-other 4 0.0 1 40 0.0 0.0 15.5 UDP-DNS 2 0.0 1 70 0.0 0.0 15.4 UDP-other 22 0.0 1 53 0.0 0.0 15.3 ICMP 8 0.0 14 60 0.4 13.9 15.2 Total: 54 0.2 3 54 0.7 3.2 13.8 SrcIf Port Msk AS Fa0/1 0044 /0 0 Fa0/1 01BD /0 0 Fa0/1 01BD /0 0 FFlags: 01 Se0/1/0 0404 /0 0 Se0/1/0 0404 /0 0 FFlags: 01 SrcIPaddress 0.0.0.0 10.0.0.200 10.0.0.200 DstIf Port Msk Null 0043 /0 Se0/1/0 06AA /0 Se0/1/0* 06AA /0 Fa0/0 0035 /0 Fa0/0* 0035 /0 DstIPaddress NextHop 255.255.255.255 0.0.0.0 10.20.0.200 0.0.0.0 10.20.0.200 0.0.0.0 172.17.1.1 0.0.0.0 172.17.1.1 0.0.0.0 Pr TOS Flgs Pkts B/Pk Active 11 00 10 222 604 1356.9 06 00 18 1368 970 184.9 06 00 18 1368 970 184.9 11 00 11 00 10 62 10 62 5 4.3 5 4.3
AS 0 0 0
10.20.0.200 10.20.0.200
0 0
Page 6 of 14

Fa0/0 0035 /0 0 FFlags: 01 Fa0/0 0035 /0 0 Se0/1/0 SrcIf Port Msk AS 06AA /0 0 Se0/1/0 06AA /0 0 FFlags: 01 Fa0/0 0208 /0 0 IPM: 0 FC-CPE-2# 172.17.1.1 Se0/1/0* 0404 /0 0 Se0/1/0 0404 /0 Fa0/1 DstIf Port Msk 01BD /0 Fa0/1* 01BD /0 Null 0208 /0 10.20.0.200 0.0.0.0 10.20.0.200 0.0.0.0 10.0.0.200 DstIPaddress NextHop 0.0.0.0 10.0.0.200 0.0.0.0 224.0.0.9 0.0.0.0 11 00 10 62 5 4.3
172.17.1.1 10.20.0.200 SrcIPaddress
11 00
AS 0 0
10.20.0.200
10 5 62 4.3 06 00 18 1152 Pr TOS Flgs Pkts B/Pk Active 71 184.9 06 00 18 1210 71 194.7 11 C0 10 52 1 0.0
10.10.0.1 0

ISP#show ip cache verbose flow IP packet size distribution (6724 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .306 .029 .138 .031 .032 .001 .001 .001 .000 .000 .003 .000 .080 .001 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .008 .362 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 5 active, 4091 inactive, 54 added 1881 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 1 active, 1023 inactive, 12 added, 12 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:05:44 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 18 0.0 3 45 0.1 3.6 10.7 TCP-other 4 0.0 1 40 0.0 0.0 15.7 UDP-DNS 4 0.0 3 63 0.0 2.1 15.5 UDP-other 16 0.0 1 77 0.0 0.0 15.4 ICMP 8 0.0 14 60 0.3 13.4 15.5 Total: 50 0.1 4 58 0.6 3.6 13.7 SrcIf Port Msk AS Se0/1/0 01BD /0 0 Se0/1/0 01BD /0 0 FFlags: 01 Fa0/1 06AA /0 0 Fa0/1 06AA /0 0 FFlags: 01 ISP# SrcIPaddress 10.0.0.200 10.0.0.200 DstIf Port Msk AS Fa0/1 06AA /0 0 Fa0/1* 06AA /0 0 Se0/1/0 01BD /0 0 Se0/1/0* 01BD /0 0 DstIPaddress NextHop 10.20.0.200 0.0.0.0 10.20.0.200 0.0.0.0 10.0.0.200 0.0.0.0 10.0.0.200 0.0.0.0 Pr TOS Flgs Pkts B/Pk Active 06 00 18 1794 989 245.1 06 00 18 1794 989 245.1 06 00 06 00 18 69 18 69 1502 245.0 1502 245.0
10.20.0.200 10.20.0.200
b. Examine the output and record the different data flows for each router.
Page 7 of 14

Instructor Note: Flows details may vary, examples shown. Comments relate to network design considerations and could include the number of each flow, or size of the flow. Router FC-CPE-1 Data Flows Application Type RTSP Source Video Server Destination Extranet Host Comments Vary
Router FC-CPE-2 Data Flows Application Type ICMP ICMP Telnet Telnet File Share File Share RTSP Source Video Workstation Extranet Host Video Workstation Extranet Host Extranet Host Extranet Host Video Server Destination Extranet Host Video Workstation Extranet Host Video Workstation Video Workstation Video Workstation Extranet Host Comments Vary
Router ISP Data Flows Application Type ICMP ICMP Telnet Telnet File Share File Share RTSP Source Video Workstation Extranet Host Video Workstation Extranet Host Extranet Host Extranet Host Video Server Destination Extranet Host Video Workstation Extranet Host Video Workstation Video Workstation Video Workstation Extranet Host Comments Vary
Page 8 of 14

c. Discuss and compare the data flows for each router. Particularly consider how these flows differ from the previous Labs and the implications this has in understanding which network devices and resources are used for particular flows.
Step 10: Clean up

Challenge
This lab simulates the flow of traffic to and from FilmCompany and from selected trusted partners and customers. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access from trusted sites would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN. On the FilmCompany initial current network topology shown on the next page, add two trusted remote site hosts attached to the "far" side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study, initially the FilmCompany remote sites access its network across the Internet. One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame Relay for the stadium-based remote sites to access the FilmCompany network. Then, using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different extranet data flows between the trusted remote hosts and devices on the FilmCompany network. Diagram traffic flows to and from selected trusted partners, customers, and vendors.
Page 9 of 14
CCNA Discovery: Designing and Supporting Computer Networks Lab 3.4.1 Planning and Preparing For A Site Visit

Router 2
Router 3
Lab 5.1.1.4 Applying Design Constraints Instructor Version

Objective
Analyze the business goals and technical requirements and apply the constraints in order to begin the design.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is identifying the constraints that apply to a project an important part of the network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. Acting as the network designers, students are to create a checklist of project design constraints for the FilmCompany case study. This lab is based upon, and requires access to, the information in the document, "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues where the case study does not provide sufficient information. Wherever possible, apply local examples to the network design process, to provide students with a realistic workplace context. Use a class group discussion to identify the constraints and relate them to the prioritized case study business goals. Students may then compile the checklist individually or in small groups. Although the lab may be delivered as an instructor-led exercise, each student should give careful consideration to the issues and develop an understanding of the network design process. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer, and that good communications skills are often necessary to gather all the relevant details. Regardless of the lab strategy adopted, each student should complete an individually compiled project constraints checklist. The completed checklist should become part of the FilmCompany RFP Response document that the students will build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Recommend to students that they keep their documents in a portfolio.

FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is one of a series of labs that explore the FilmCompany existing network and its upgrade requirements. A comprehensive network project plan has to include details of constraints that apply to the project as well as potential trade-offs that need to be made. In this lab, you use the identified organizational constraints from the FilmCompany case study and adjust your design according to the trade-offs identified. These constraints will be used in the decision-making process for the proposed design.
Step 1: Identify possible project constraints

a. Use word processing software to create a new Project Constraints document. b. The identified constraints that set limits or boundaries on the network upgrade project should be entered into the Gathered Data field of the constraints document. Brainstorm ideas with other students to identify additional constraints. Classify each constraint as one of the following four types: Budget Policy Schedule Personnel
Step 2: Tabulate comments based on the identified constraints

a. Using the list of constraints discovered from the FilmCompany case study, apply appropriate comments on how the constraints affect the design. b. Enter the comments into a table. Comments may vary. Examples shown. FILMCOMPANY CONSTRAINTS CONSTRAINT GATHERED DATA Budget Tight budget. Need to reuse 75% of the existing network components (prefer all of it). COMMENTS Limited budget. Will affect any proposed new equipment. Existing equipment may not support the proposed traffic with the stadium. Equipment will need to be consolidated into one location. Redundancy needs to be added. Cabling may not support 70% future growth. Older equipment doesnt have an SLA and may not be covered in the event
Page 2 of 4
Policy
Planning to consolidate staff and facilities into Building F. Temporary staff not permitted to access other accounts. Payroll/accounting not accessible by other departments Physical access to equipment is limited

FILMCOMPANY CONSTRAINTS CONSTRAINT GATHERED DATA to IT personnel Schedule Personnel Training needed for new hires on company security policy. Project must be completed within 4 months of project start. Maintenance windows are between 2am and 6am Monday through Friday. Looking to hire 6 temporary and parttime production staff and at least 1 IT technician. Training on new equipment for IT personnel is needed. Will new personnel affect security policy? Do the new personnel need training on the equipment? Do existing personnel need training? Less than 4 months to get the project completed. COMMENTS of a failure.
c.
Save your Project Constraints checklist.
Step 3: Identify trade-offs

a. Use word processing software to create an addition to the Project Constraints document. b. The identified constraints that set limits or boundaries on the network upgrade project will require potential trade-offs. Discuss ideas with other students regarding trade-offs for proposed designs. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Answers vary; examples: May not get new equipment due to budget constraints; therefore, existing equipment may need upgraded. ISP services may not be optimal for the type of traffic being generated; therefore, a new ISP may be needed. Budget may not support replacing existing infrastructure; alternates would need to be developed for future expansion. c. Record the trade-offs in your Project Constraints checklist.
d. Save your Project Constraints checklist.
Step 4: Reflection
The constraints imposed on this network design project are determined by the internal requirements of the FilmCompany. Consider and discuss the identified constraints and potential trade-offs. Do the trade-offs pose a significant obstacle to the design? Are there alternate methods that can be employed to achieve the success criteria without a significant budget? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 3 of 4

______________________________________________________________________________________ ______________________________________________________________________________________ Outcomes will vary; points may include: Less than four months to finish the project would require allocating more personnel to the project. Training of personnel may need to be done in phases. Unavailability of equipment or cabling of the required technical specifications Lack of accommodation to house the expanded business and its network infrastructure since the project may consolidate into one location. ISP limitations may warrant a change in design. Should another ISP be used?
Page 4 of 4
Lab 5.1.2.4 Identifying Design Strategies for Scalability Instructor Version

Objective
Use the identified constraints and trade-offs to create design strategies for scalability.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is identifying a design strategy that applies to a project an important part of the network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How can developing multiple design strategies assist in the completion of the project? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. Acting as the network designers, students have created a checklist of project constraints for the FilmCompany case study. From those constraints the students were to derive trade-offs that may affect the design of the network. In this lab the student is going to create design strategies that will meet the technical requirements of the FilmCompany. This lab is based upon, and requires access to, the information in the document, "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues where the case study does not provide sufficient information. Wherever possible, apply local examples to the network design process, to provide students with a realistic workplace context. Use a class group discussion to identify design strategies and relate them to the prioritized case study business goals. Students may then compile the checklist individually or in small groups. Although the lab may be delivered as an instructor-led exercise, each student should give careful consideration to the issues and develop an understanding of the network design process. Class group discussions will clarify different

perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer, and that good communications skills are often necessary to gather all the relevant details. Regardless of the lab strategy adopted, each student should complete an individually compiled project design strategy based on the previously identified constraints and trade-offs. The completed documentation should become part of the FilmCompany RFP Response document that the students will build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Recommend to students that they keep their documents in a portfolio. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large big video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is one of a series of labs that explore the FilmCompany existing network and its upgrade requirements. A comprehensive network project plan has to include details of constraints that apply to the project as well as potential trade-offs that need to be made. In this lab, you use the identified organizational constraints from the FilmCompany case study and adjust your design according to the trade-offs identified. These constraints will be used in the decision-making process for the proposed design and allow the creation of design strategies that facilitate network scalability.
Step 1: Identify the areas that will be used for designing a strategy that facilitates scalability
a. Use word processing software to create a new document called Design Strategies. b. Use the identified constraints that set limits or boundaries on the network upgrade project and the potential trade-offs to assist in the discussion with other students. The strategy should cover the following areas: Access Layer modules that can be added Expandable, modular equipment or clustered devices that can be easily upgraded Choosing routers or multilayer switches to limit broadcasts and filter traffic Planned redundancy An IP address strategy that is hierarchal and that supports summarization Identification of VLANs needed
Step 2: Create an Access Layer module design

Using the list developed from the group discussion, create an Access Layer module (design only). a. Create your design using the existing equipment. The FilmCompany network equipment includes: 2 x 1841 Routers (FC-CPE-1, FC-CPE-2) 3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW) Several servers 1 x Linksys WRT300N Wireless Router (FC-AP) 1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify modules that can be added to the existing equipment to support new features and devices without requiring major equipment upgrades. c. Save your Design Strategies documentation.
Step 3: Select Distribution Layer devices

a. Use word processing software to create an addition to the Design Strategies document. b. Use the identified Access Layer module diagram to create the Distribution Layer design. Equipment selected must include existing equipment. Use Layer 3 devices at the Distribution Layer to filter and reduce traffic to the network core. c. With a modular Layer 3 Distribution Layer design, new Access Layer modules can be connected without requiring major reconfiguration. Using your documentation, identify what modules can be added to increase bandwidth.
d. Save your Design Strategies document.
Step 4: Reflection
The constraints and trade-offs identified for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Would one be less expensive or less time-consuming than the other? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Outcomes will vary; points may include: Developing an IP addressing scheme using the 10.x.x.x network was really challenging. Separating the VLANs was challenging. The design of ACLs was unique in that the filtering was not identified by the client.
Page 3 of 3
Lab 5.1.3.5 Identifying Availability Strategies Instructor Version

Objective
Use the identified availability strategies to assist in the design of a network.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is identifying an availability strategy that applies to a project an important part of the network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How can developing availability strategies assist in the completion of the project? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. Acting as the network designers, students created a list of project design strategies for the FilmCompany case study. From those strategies the students were to derive trade-offs that may affect the design of the network. In this lab the student is going to create design availability strategies that will meet the technical requirements of the FilmCompany. This lab is based upon, and requires access to, the information in the document, "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues where the case study does not provide sufficient information. Wherever possible, apply local examples to the network design process, to provide students with a realistic workplace context. Use a class group discussion to identify the availability strategies and relate them to the prioritized case study business goals. Students may compile the checklist individually or in small groups. Although the lab may be delivered as an instructor-led exercise, each student should give careful consideration to the issues and develop an understanding of the network design process. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is
Page 1 of 6

clearly expressed or known by a customer, and that good communications skills are often necessary to gather all the relevant details. Regardless of the lab strategy adopted, each student should complete an individually compiled availability strategy based on the previously identified constraints and trade-offs. The completed documentation should become part of the FilmCompany RFP Response document that the students will build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Recommend to students that they keep their documents in a portfolio. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is one of a series of labs that explore the FilmCompany existing network and its upgrade requirements.
Step 1: Identify the areas that will be used for designing a strategy that facilitates availability
a. Use word processing software to create a new document called Availability Strategies. b. Use the identified constraints that set limits or boundaries on the network upgrade project and the potential trade-offs to assist in brainstorming ideas with other students. The strategy should cover the following areas: Availability strategies for switches: Redundant power supplies and modules Hot-swappable cards and controllers Redundant links UPS and generator power
Availability strategies for routers: Redundant power supplies, UPS, and generator power Redundant devices Redundant links Out-of-band management Fast converging routing protocols
Availability strategies for Internet/Enterprise Edge: Dual ISP providers or dual connectivity to a single provider Co-located servers Secondary DNS servers
Step 2: Create availability strategies for switches

a. Using the list developed from the brainstorming session, create a list of equipment that will be incorporated into the availability strategy. (This should include the existing equipment)

The FilmCompany network equipment includes: 2 x 1841 Routers (FC-CPE-1, FC-CPE-2) 3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW) Several servers 1 x Linksys WRT300N Wireless Router (FC-AP) 1 x ADSL Modem for Internet Access b. Using the list of equipment, identify modules and redundant power supplies that will increase availability for the switches. c. Identify potential hot swappable cards and controllers that can be used. Create a list that identifies each with cost and features.
d. Develop a diagram that shows potential redundant links that can be incorporated into the network design. (Example shown)
instructor only graphic e. Identify at least two possible UPS devices that can be incorporated into the design. Create a list that identifies the cost and features of each. f. Save your Availability Strategies document.
Step 3: Create availability strategies for routers

a. Use word processing software to create an addition to the Availability Strategies document. b. Using the list of equipment, identify redundant power supplies that will increase availability for the switches.
Page 3 of 6

c. Identify potential redundant devices and links that can be used. Create a list that identifies each with cost and features.
d. Create a diagram that displays the redundant connections. (This may include the need for additional routers which can be added into the proposal. The students need to be reminded that the client wishes to reuse the existing equipment and is operating on a tight budget.) (Example shown)
Instructor only graphic. e. Develop a list of potential routing protocols that will facilitate fast convergence times. (For the purpose of this lab the students should look at STP for the internal network. Further, the students will be directed to use Frame Relay between the two locations.) f. Save your Availability Strategies document.
Step 4: Create availability strategies for Internet/Enterprise Edge

a. Use word processing software to create an addition to the Availability Strategies document. b. Identify options available that would allow for dual ISP or dual connectivity to a single provider.
Page 4 of 6

(This portion of the lab should have the students directed to make a list of at least two local ISP with their services and costs documented. A redundant link that uses ADSL as a backup should be used as part of the availability strategy.) c. Create a design that will co-locate the servers to allow for redundancy and ease of maintenance. (Example Shown)
Instructor only graphic. d. Save your Availability Strategies document.
Step 5: Reflection
The creation of availability strategies poses many challenges for the designer. What were a few of the more difficult challenges you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ Would one be less expensive or less time-consuming than the other? ______________________________________________________________________________________

______________________________________________________________________________________ Outcomes will vary; points may include: A variety of modules can be purchased with varying features and costs. A variety of UPS devices can be purchased with varying features and costs. Several routing protocols can be chosen, but which one best fits the design?
Page 6 of 6
Lab 5.1.5.2 Identifying Security Requirements Instructor Version
Objectives
Research different security options and make a recommendation. Select an appropriate design strategy to meet the requirements.

This lab contains skills that relate to the following CCNA exam objectives: Explain general methods to mitigate common security threats to network devices, hosts, and applications. Describe recommended security practices, including initial steps to secure network devices.

Page 1 of 4

Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of the potential security threats beneficial to the network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the security recommendations are adequate? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. Acting as the network designers, students are to create a list of security strategies for the FilmCompany case study. From those strategies, the students will derive multiple methods for the design of the network. In this lab, the students will create security strategies that will meet the requirements of the FilmCompany. This lab is based upon, and requires access to, the information in the document, "Lab Case Study: The FilmCompany." Students may be required to speculate on some issues where the case study does not provide sufficient information. Wherever possible, apply local examples to the network design process, to provide students with a realistic workplace context. Use a class group discussion to identify the potential security threats that can be encountered with the FilmCompany with their given network design. Students may compile a list individually or in small groups. Although the lab may be delivered as an instructor-led exercise, each student should give careful consideration to the issues and develop an understanding of the network design process. Class group discussions will clarify different perceptions and interpretations of the case study information. Emphasize to students that not all information is clearly expressed or known by a customer, and that good communications skills are often necessary to gather all the relevant details. Regardless of the lab strategy adopted, each student should complete an individually compiled security design strategy based on the previously identified constraints and trade-offs. The completed documentation should become part of the FilmCompany RFP Response document that the students will build throughout the rest of the course. Instructors will need to monitor the progress of this project for the rest of this course. Recommend to students that they keep their documents in a portfolio. FilmCompany is an expanding, small advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this growth, the FilmCompany has decided to significantly upgrade its data network. You have the role of network design consultant. Your job is to develop network design and project documents for the FilmCompany that will meet the requirements of this upgrade. This lab is one of a series of labs that explore the FilmCompany existing network and its upgrade requirements.

Step 1: Identify potential security weaknesses within the FilmCompany topology
a. Use word processing software to create a new document called Security Strategies. b. Using the documents created in previous labs and the existing topology; identify potential weaknesses in the existing design. (No firewalls, no VPNs) c. Create a list of recommended security practices that should be employed in the FilmCompany network.
d. Save your Security Strategies document.
Step 2: Create a security practices list

a. Using the list developed from the brainstorming session, create a finalized list of recommended security practices for the FilmCompany. (The following example should be used.) Recommended security practices include: Use firewalls to separate all levels of the secured corporate network from other unsecured networks, such as the Internet. Configure firewalls to monitor and control the traffic, based on a written security policy. Create secured communications by using VPNs to encrypt information before it is sent through third-party or unprotected networks. Prevent network intrusions and attacks by deploying intrusion prevention systems. These systems scan the network for harmful or malicious behavior and alert network managers. Control Internet threats by employing defenses to protect content and users from viruses, spyware, and spam. Manage endpoint security to protect the network by verifying the identity of each user before granting access. Ensure that physical security measures are in place to prevent unauthorized access to network devices and facilities. Secure wireless Access Points and deploy wireless management solutions.
b. Identify what devices and software will need to be purchased to facilitate the recommended security practices. (Hardware firewalls, intrusion detection systems etc.) c. Save your Security Strategies document.
Step 3: Create a security strategy

a. Use word processing software to create an addition to the Security Strategies document. b. Using the list of identified equipment, develop a chart of costs and features of the recommended devices. (Students should list at least two of each device, such as hardware firewalls or ISR routers.) c. Using the list of identified software needed, develop a chart of costs and features of the recommended software. (Students should list at least two software choices. Some examples are Intrusion Detection Software, Anti-virus software, etc.)
d. Save your Security Strategies document.
Step 4: Create a security design

a. Use word processing software to create an addition to the Securities Strategies document. b. Identify which types of access to the network should be secured by incorporating VPNs. c. Identify methods for controlling physical security at the FilmCompany building and at the stadium.
Page 3 of 4

(This section can pose special issues for the student. Badges may be utilized, access cards, etc. Have the students develop possible solutions.) d. Identify potential ACLs that can be created to filter unwanted traffic from entering the network. (Standard ACLS or Extended need to be identified.) e. Identify methods for securing the wireless Access Points. Determine the best method for the FilmCompany network. (128 bit encryption etc.) f. Save your Security Strategies document.
Step 5: Reflection
The creation of a security strategy creates many challenges for the designer. What were a few of the more difficult challenges you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified challenges. Do all of the proposed strategies accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ Would one be less expensive or less time-consuming than the other? ______________________________________________________________________________________ ______________________________________________________________________________________ How could implementing a physical security plan into an existing company be difficult? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Outcomes will vary; points may include: A variety of hardware can be purchased with varying features and costs. A variety of security software can be purchased with varying features and costs. Existing employees may not be receptive to changes in their security policy, so who would need to ensure that the plan is enforced? ACLs can filter traffic, but what impact on traffic flow will they have? Are ACLs applied at the Access Layer or Distribution Layer or both?
Page 4 of 4
Lab 5.2.3.3 Designing the Core Layer Instructor Version
Objective
Design requirements for the Core Layer network.

This lab contains skills that relate to the following CCNA exam objectives: Describe the purpose and functions of various network devices. Select the components required to meet a network specification.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________
Page 1 of 5

______________________________________________________________________________________ ______________________________________________________________________________________ What are the advantages of diagramming the Core Layer devices? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What benefit can be gained from diagramming a topology before it is implemented? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: An introduction to the configuration of devices was provided in the Chapter 4 labs. Each lab in this series can be performed independently or may be performed as a single group of activities. This lab can be designed to test the students understanding of the content and to verify students understanding of important design concepts. Alternatively, a local lab can be set up to provide representative equipment configurations. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. To facilitate this expansion, the state of data flow across the current network has to be established so that the network upgrade can be planned and implemented. Developing a diagram of the Core Layer enables the designer to analyze the proposed design and identify where the network can be improved. The logical topology diagram shows that each router is identified by name and has a unique address. Redundant paths to the internal network should be planned and implemented when applicable. The logical design for the Core Layer must be aligned with the initial business goals and technical requirements of the customer. The diagram gives the designer and customer a visual idea of what is already on the network and helps to get a better view of what is still required. In this lab, you will use a graphic program (PT, PowerPoint, etc.) to create the Core Layer topology design.
Step 1: Identify Core Layer Requirements

a. Use word processing software to create a new document called Core Layer Diagram. b. Use the identified topology and associated equipment to determine Core Layer design requirements. Design requirements for the Core Layer network include: High-speed connectivity to the Distribution Layer switches 24 x 7 availability Routed interconnections between Core devices High-speed redundant links between Core switches and between the Core and Distribution Layer devices c. Brainstorm with other students to identify areas that may have been missed in the initial requirements document.
Page 2 of 5

Step 2: Create an Access Layer module design
Using the list developed from the group discussion, create an Access Layer module (design only). a. Create your design using the existing equipment. The FilmCompany network equipment includes: 2 x 1841 Routers (FC-CPE-1, FC-CPE-2) 3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW) 1 x ADSL Modem for Internet Access b. Using the list of equipment, identify modules that can be added to the existing equipment to support new features, such as redundancy. c. Save your Core Layer Diagram document.
Step 3: Select Core Layer devices

a. Use word processing software to create an addition to the Core Layer Diagram document. b. The identified Core Layer module diagram will be used to adjust the Distribution Layer design. Equipment selected must include existing equipment. Use Layer 3 devices at the Core Layer in a redundant configuration. c. Save your Core Layer Diagram document.
Step 4: Design Redundancy

a. Use word processing software to create an addition to the Core Layer Diagram document. b. Design a redundancy plan that combines multiple Layer 3 links to increase available bandwidth. c. Create a design that incorporates redundancy similar to the example shown:
Page 3 of 5
(Are there multiple designs possible with the given equipment? What is the benefit of adding redundancy to the FilmCompany network?) d. Save your Core Layer Diagram document.
Step 5: Reflection / Challenge

The design strategies for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ Would one be less expensive or less time-consuming than the other? ______________________________________________________________________________________ ______________________________________________________________________________________ Outcomes will vary; points may include: Is the existing equipment capable of handling the proposed network traffic? If so, how? If not, why?
Page 4 of 5

What devices can be used instead of Layer 3 switches? Can those devices provide the same performance? What are potential weaknesses for the proposed diagram? Single points of failure?
Page 5 of 5
Lab 5.2.4.2 Creating a Diagram of the FilmCompany LAN Instructor Version
Existing Layout
Objective
Design and diagram the new FilmCompany LAN.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are the benefits of designing and diagramming a LAN before installation begins?
Page 1 of 5

______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What advantages and disadvantages are there to using the existing network equipment? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: Each lab in this series can be performed independently or may be performed as a single group of activities. This lab can be designed to test the students understanding of the content and to verify students understanding of important design concepts. Alternatively, a local lab can be set up to provide representative equipment configurations. FilmCompany is an expanding advertising company moving into interactive advertising media, including video presentations. This company has just been awarded a large video support contract by the StadiumCompany. With this new contract, FilmCompany expects to see their business grow approximately 70 percent. As a member of the network design team, the student will investigate the Film Company existing network and will plan, design, and prototype the upgrades necessary to enable the network to cope with this growth in business. Developing a diagram of the LAN enables the designer to analyze the proposed design and identify where the network can be improved. The logical topology diagram shows that the switches are identified; each computer should have a unique address. Redundant paths from the switches should be planned and implemented when applicable. The logical design for the LAN must be aligned with the initial business goals and technical requirements of the customer. The diagram gives the designer and customer a visual idea of what is already on the network and helps to get a better view of what is still required. In this lab, you will use a graphic program (PT, PowerPoint, etc.) to create the LAN design.
Step 1: Identify LAN Requirements

a. Use word processing software to create a new document called LAN Diagram. b. Use the identified topology and associated equipment to determine LAN design requirements. Design requirements for the LAN include: High-speed connectivity to the Access Layer switches 24 x 7 availability High-speed redundant links between switches on the LAN and the Access Layer devices Identifying available hardware for the LAN The current network has two VLANs. 1. General VLAN consisting of: 12 Office PCs 2 Printers This VLAN serves the general office and managers, including reception, accounts and administration.
Page 2 of 5

Addressing: Network 10.0.0.0/24 Gateway 10.0.0.1 Hosts (dynamic) 10.0.0.200 10.0.0.254 Hosts (static) 10.0.0.10 10.0.0.20
2. Production VLAN consisting of: 9 High Performance Workstations 5 Office PCs 2 Printers c. Brainstorm with other students to identify areas that may have been missed in the initial requirements document.
Step 2: Determine equipment features

Using the list developed from the brainstorming session create a LAN based on technical requirements (design only). a. Create your design using the existing equipment. The FilmCompany network equipment includes: 2 x 1841 Routers (FC-CPE-1, FC-CPE-2) 3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW) 1 x ADSL Modem for Internet Access b. Using the list of equipment, identify modules that can be added to the existing equipment to support new features, such as redundancy. c. Save your LAN Diagram document.
Step 3: Select LAN devices

a. Use word processing software to create an addition to the LAN Diagram document. b. The identified LAN diagram will be used to adjust the Access Layer design. Equipment selected must include existing equipment. c. Save your LAN Diagram document.
Step 4: Design Redundancy

a. Use word processing software to create an addition to the LAN Diagram document. b. Design a redundancy plan that combines multiple Layer 2 links to increase available bandwidth. c. Create a design that incorporates redundancy.
Diagram only appears on Instructor version.
Page 3 of 5
(Are there multiple designs possible with the given equipment? What is the benefit of adding redundancy to the FilmCompany network?) d. Save your LAN Diagram document.

The design strategies for the FilmCompany LAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?
Page 4 of 5

______________________________________________________________________________________ ______________________________________________________________________________________ Would one be less expensive or less time-consuming than the other? ______________________________________________________________________________________ ______________________________________________________________________________________ Would the chosen LAN design allow for future growth and the addition of the WLAN? ______________________________________________________________________________________ ______________________________________________________________________________________ Outcomes will vary; points may include: Is the existing equipment capable of handling the proposed network traffic? If so, how? If not, why? What devices can be used instead of Layer 2 switches? Can those devices provide the same performance? What are potential weaknesses for the proposed diagram? Single points of failure? Limited redundancy for the WLAN?
Page 5 of 5
Lab 5.4.2.2 Selecting Access Points Instructor Version
Objective
Evaluate an existing Access Point placement. Select appropriate APs for a new WLAN design.

This lab contains skills that relate to the following CCNA exam objectives: Select the components required to meet a network specification.
Page 1 of 4
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are the inherent risks of using wireless in a network? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are several methods to limit the security risks of wireless LANs? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
A small wireless LAN is currently used occasionally by a few project managers with laptops and by guests at Building F. The FilmCompany believes that the WLAN may be used more regularly when the StadiumCompany contract work starts and mobile and contract workers will require network access. The FilmCompany plans to consolidate all their personnel and resources in one building.
Step 1: Identify WLAN requirements

a. Use word processing software to create a new document called WLAN Diagram. b. Use the identified topology and associated equipment to determine WLAN design requirements. Design requirements for the WLAN include: c. Scalability Availability Security Manageability
Brainstorm with other students to identify areas that may have been missed in the initial requirements document.
Step 2: Determine equipment features

Using the list developed from the brainstorming session create a WLAN based on technical requirements (design only). a. Begin by creating your design using the existing equipment. Network equipment includes:
Page 2 of 4

2 x 1841 Routers (FC-CPE-1, FC-CPE-2) 3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW) 1 x Network and Business Server 1 x Linksys WRT300N Wireless Router (FC-AP) 1 x ADSL Modem for Internet Access b. Using the list of equipment, identify the model of wireless router. Identify the features and range of the device. Identify whether there are upgrades that can be made to extend the range, security, and existing features. c. Create a list of features and potential upgrades and compare them to other models of wireless router. Determine the device that can easily meet the technical requirements of the WLAN. (Standalone Access Points for ease of installation or wireless controllers for security and management)
d. With the previous list estimate the range of coverage available with the existing wireless router. Determine if the wireless router can provide thorough coverage of the work area. Determine if standalone access points or wireless controllers are needed for the design. e. Save your WLAN Diagram document.
Step 3: Select WLAN devices

a. Use word processing software to create an addition to the WLAN Diagram document. b. The identified WLAN diagram will be used to determine the type of wireless device that will be included into the proposed network. c. Ensure that the chosen wireless equipment meets the following requirements: Design requirements for the WLAN include: Scalability Availability Security Manageability
d. Save your WLAN Diagram document.
Step 4: Design the WLAN

a. Use word processing software to create an addition to the WLAN Diagram document. b. Design a WLAN that provides scalability. Annotate on the WLAN Diagram document how the design provides scalability. (Scalability New lightweight Access Points can be added easily and managed centrally) c. Design a WLAN that provides availability. Annotate on the WLAN Diagram document how the design provides availability. (Availability Access Points can automatically increase their signal strength if one Access Point fails) d. Design a WLAN that provides security. Annotate on the WLAN Diagram document how the design provides security. (Security Enterprise-wide security policies apply to all layers of a wireless network, from the radio layer through the MAC Layer and into the Network Layer. This solution makes it easier to provide uniformly enforced security, QoS, and user policies. These policies address the specific capabilities of different classes of devices, such as handheld scanners, PDAs, and notebook computers.

Security policies also provide discovery and mitigation of DoS attacks, and detection and denial of rogue Access Points. These functions occur across an entire managed WLAN.) e. Design a WLAN that provides manageability. Annotate on the WLAN Diagram document how the design provides manageability. (Manageability The solution provides dynamic, system-wide radio frequency (RF) management, including features that aid smooth wireless operations, such as dynamic channel assignment, transmit power control, and load balancing. The single graphical interface for enterprise-wide policies includes VLANs, security, and QoS.) f. Save your WLAN Diagram document.

The design strategies for the FilmCompany WLAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified strategies. Do all of the strategies designed or hardware identified accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ Would one be less expensive or less time-consuming than the other? ______________________________________________________________________________________ ______________________________________________________________________________________ Would the current topology allow for future growth and the addition of the WLAN? ______________________________________________________________________________________ ______________________________________________________________________________________ Outcomes will vary; points may include: What is the throughput limitation of the WLAN? Is the existing equipment capable of handling the proposed network traffic? If so, how? If not, why? What devices can be used instead of standalone Access Points? Can those devices provide the same performance as wireless controllers? What are potential weaknesses for the proposed diagram? Single points of failure? Limited redundancy for the WLAN?
Page 4 of 4
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Set Instructor Version
Instructor note: The access list answers in this document are one of a few possible combinations that will work to meet the requirements. There are other less optimal solutions and access list placements. Be prepared to discuss with the students the benefits of placing Extended ACLs closest to the source of the traffic and to limit the number of times a packet must be processed during its journey.
Page 1 of 17
Device SFC-ASW SR1 Edge2
Interface VLAN 1 Fa0/1 S0/1/0 S0/1/0 S0/1/1 S0/1/1 Fa0/0 Fa0/1 VLAN 1 VLAN 1
IP Address 10.1.1.253/24 10.1.1.254/24 10.1.0.1/30 10.1.0.2/30 10.3.0.1/30 10.3.0.2/30 172.17.0.1/16 10.3.1.254/24 172.17.1.25/16 10.3.1.253/24 10.1.1.1/24 10.3.1.1/24 172.17.1.1/16
BR4 FC-ASW-2 FC-ASW-1 PC1 PC2 Production Server
Objectives
Interpret a security policy to define firewall rules. Create ACL statements to implement firewall rules. Configure and test ACLs.

This lab contains skills that relate to the following CCNA exam objectives: Describe the purpose and types of ACLs. Configure and apply ACLs based on network filtering requirements, including CLI/SDM. Configure and apply ACLs to limit Telnet and SSH access to the router using SDM/CLI. Verify and monitor ACLs in a network environment. Troubleshoot ACL issues.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are the inherent risks of not using an ACL to secure network traffic?

______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are several methods to limit the flow of traffic in to and out of LANs or WANs? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
The FilmCompany provides services to branch offices such as the one located at the stadium. This office has some minor security and performance concerns. These concerns will require the network designer to incorporate several ACLs to secure the network. The ACLs need to be implemented as a simple and effective tool to control traffic. Given a security policy for the FilmCompany, create a firewall rule set and implement Named Extended ACLs to enforce the rule set. The security policy for the FilmCompany has a section that relates to access from remote sites. Here is the text from the security policy:
Security Policy
Users accessing the network from remote locations, including remote branch offices, require the following access to the on-site network resources: 1. Remote users must be able to access the Production Server in order to view their schedules over the web and to enter new orders. 2. Remote users must be able to FTP files to and from the Production Server. 3. Remote users can use the Production Server to send and retrieve email using IMAP and SMTP protocols. 4. Remote users must not be able to access any other services available on the Production Server. 5. No traffic is permitted from individual workstations at the main office to remote worker workstations. Any files that need to be transferred between the two sites must be stored on the Production Server and retrieved via FTP. 6. No traffic is permitted from workstations at the remote site to workstations at the main site. 7. No Telnet traffic is permitted from the remote site workstations to any devices, except their local switch.
Step 1: Cable and connect the network as shown in the topology diagram
NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Connect and configure the devices in accordance with the given topology and configuration. Routing will have to be configured across the serial links to establish data communications. NOTE: Your instructor may substitute for Production Server an equivalent server for this lab. b. Configure Telnet access on each router. c. Ping between Host1, Host2, and Production Server to confirm network connectivity. Troubleshoot and establish connectivity if the pings or Telnet fail.
Page 3 of 17

Step 2: Perform basic router configurations
a. Configure the network devices according to the following guidelines: Configure the hostnames on each device. Configure an EXEC mode password of class. Configure a password of cisco for console connections. Configure a password of cisco for vty connections. Configure IP addresses on all devices. Enable EIGRP on all routers and configure each to advertise all of the connected networks. Verify full IP connectivity using the ping command.
b. Confirm Application Layer connectivity by telneting to all routers.
Instructor note: If time is an issue, the routers and switches can be preconfigured, with students only doing the access list creation component. See basic router configurations at the end of this lab for this step.
Step 3: Create firewall rule set and access list statements

Using the security policy information for the FilmCompany remote access, create the firewall rules that must be implemented to enforce the policy. After the firewall rule is documented, create the access list statement that will implement the firewall rule. There may be more than one statement necessary to implement a rule. An example of one of the firewall rules is shown: Security Policy 1: Remote users must be able to access the Production Server to view their schedules over the web and to enter new orders. Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP port 80. Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80 Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be placed close as possible to the source of the traffic)
For each of the following security policies: a. Create a firewall rule. b. Create an access list statement. c. Determine the access list placement to implement the firewall rule.
Security Policy 2: Remote users must be able to FTP files to and from the Production Server. Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP ports 20 and 21. _______________________________________________________________________________ _______________________________________________________________________________ Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range 20 21 or two separate access-list statements, each permitting one of the ports.
Page 4 of 17
_______________________________________________________________________________ _______________________________________________________________________________ Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be placed close as possible to the source of the traffic) _______________________________________________________________________________ _______________________________________________________________________________ Security Policy 3: Remote users can use the Production Server to send and retrieve email using IMAP and SMTP protocols. Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP ports 143 and 25 _______________________________________________________________________________ _______________________________________________________________________________ Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25 permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143 _______________________________________________________________________________ _______________________________________________________________________________ Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be placed close as possible to the source of the traffic) _______________________________________________________________________________ _______________________________________________________________________________ Security Policy 4: Remote users must not be able to access any other services available on the Production Server. Firewall Rule: Deny all other IP protocols between users on the 10.1.1.0/24 network to the Production Server (172.17.1.1) _______________________________________________________________________________ _______________________________________________________________________________ Access List statement(s): deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1. _______________________________________________________________________________ _______________________________________________________________________________ Access List placement: Inbound on router SR1 Fa0/1 _______________________________________________________________________________ _______________________________________________________________________________ Security Policy 5: No traffic is permitted from individual workstations at the main office to remote worker workstations. Any files that need to be transferred between the two sites must be stored on the Production Server and retrieved via FTP. Firewall Rule: Deny all IP protocols from users on the 10.3.1.0/24 to the 10.1.1.0/24 network. _______________________________________________________________________________ _______________________________________________________________________________
Page 5 of 17

Access List statement(s): deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255 _______________________________________________________________________________ _______________________________________________________________________________ Access List placement: Inbound on router BR4 Fa0/1 _______________________________________________________________________________ _______________________________________________________________________________ Security Policy 6: No traffic is permitted from workstations at the remote site to workstations at the main site. Firewall Rule: Deny all IP protocols from users on the 10.1.1.0/24 to the 10.3.1.0/24 network. _______________________________________________________________________________ _______________________________________________________________________________ Access List statement(s): deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255 _______________________________________________________________________________ _______________________________________________________________________________ Access List placement: Inbound on router SR1 Fa0/1 _______________________________________________________________________________ _______________________________________________________________________________ Security Policy 7: No Telnet traffic is permitted from the remote site workstations to any devices, except their local switch. Firewall Rule: Deny all TCP traffic from users on the 10.1.1.0/24 network on port 23. _______________________________________________________________________________ _______________________________________________________________________________ Access List statement(s): deny tcp 10.1.1.0 0.0.0.255 any eq 23 _______________________________________________________________________________ _______________________________________________________________________________ Access List placement: Inbound on router SR1 Fa0/1 _______________________________________________________________________________ _______________________________________________________________________________
Step 4: Create Extended ACLs

Instructor note: Students must create the access lists from the statements they developed in Task 3 and then apply the access lists appropriately. a. Review the access list placement information that you created to implement each of the FilmCompany security policies. List all of the different access list placements that you noted above. _____________________________________________________ Inbound on router SR1 Fa0/1 _____________________________________________________ Inbound on router BR4 Fa0/1 _____________________________________________________ Based on the placement information, how many access lists do you have to create? On Router SR1 _______________ 1

On Router Edge2 ______________ 0 On Router BR4 ________________ 1 b. Based on the access list statements you developed in Task 3, create each access list that is needed to implement the security policies. When creating access lists, remember the following principles: c. Only one access list can be applied per protocol, per direction on each interface. Access list statements are processed in order. Once an access list is created and applied on an interface, all traffic that does not match any access list statement will be dropped. Use a text file to create the access lists, or write them here. Evaluate each access list statement to ensure that it will filter traffic as intended. _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Access list to be placed on SR1 Fa0/1 inbound: permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1 deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255 deny tcp 10.1.1.0 0.0.0.255 any eq 23 permit ip any any Access list to be placed on BR4 Fa0/1 inbound: deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255 permit ip any any Why is the order of access list statements so important? _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ to minimize router processor load and decrease latency. eq 80 range 20 21 eq 25 eq 143
Page 7 of 17

Step 5: Configure and test access lists
a. Configure the access lists on the appropriate routers and apply them to the correct interfaces. Name the access lists with representative names, like RemoteOffice or FilterRemote. Access list names: _______________________________________________________________________________ _______________________________________________________________________________ b. Test the access lists and their placement by performing the following tests: 1) Using Host1, open a browser and attempt to view a web page located on the Production server using the http://172.17.1.1 address. Were you successful? __________ yes 2) Using Host1, open a browser and attempt to connect to the Production server using ftp://172.17.1.1. Were you successful? __________ yes 3) Using Host1, attempt to Telnet to any address on any of the routers or switches. Were you successful? __________ no 4) Using Host1, attempt to ping Host2. Were you successful? __________ no 5) Using Host2, attempt to ping Host1. Were you successful? __________ no Did your ACLs perform as you expected? __________ If not, correct and retest the ACLs and their placement within the network.
Step 6: Document the router configurations

Copy and save the running-configuration outputs from all routers into a word processing document to view their configurations.
Sample configuration output:
SR1#show run Building configuration... Current configuration : 1448 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SR1 ! boot-start-marker boot-end-marker ! !
Page 8 of 17

no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 ip address 10.1.1.254 255.255.255.0 ip access-group 100 in duplex auto speed auto ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Serial0/1/0 ip address 10.1.0.1 255.255.255.252 clock rate 125000 ! interface Serial0/1/1 no ip address shutdown clock rate 125000 ! interface Vlan1 no ip address ! router eigrp 1 network 10.1.0.0 0.0.0.3 network 10.1.1.0 0.0.0.255 ! ip classless !

ip http server ! access-list 100 ftp-data ftp access-list 100 access-list 100 access-list 100 access-list 100 access-list 100 ! control-plane ! ! line con 0 password cisco line aux 0 line vty 0 4 password cisco login ! end SR1#
permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range permit permit deny deny deny tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq smtp tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143 ip 10.1.1.0 0.0.0.255 host 172.17.1.1 ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255 tcp 10.1.1.0 0.0.0.255 any eq telnet
Edge2#show run Building configuration... Current configuration : 1022 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Edge2 ! boot-start-marker boot-end-marker ! enable password class ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! !

! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Serial0/1/0 ip address 10.1.0.2 255.255.255.252 ! interface Serial0/1/1 ip address 10.3.0.1 255.255.255.252 clock rate 125000 ! interface Vlan1 no ip address ! router eigrp 2 network 10.1.0.0 0.0.0.3 network 10.3.0.0 0.0.0.3 ! ip classless ! ip http server ! ! control-plane ! ! line con 0 password cisco line aux 0 line vty 0 4 password cisco login ! end
Page 11 of 17

Edge2#
BR4#show run Building configuration... Current configuration : 1057 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname BR4 ! boot-start-marker boot-end-marker ! enable password class ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.17.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.3.1.254 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 !

interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Serial0/1/0 no ip address no fair-queue clock rate 125000 ! interface Serial0/1/1 ip address 10.3.0.2 255.255.255.252 ! interface Vlan1 no ip address ! router eigrp 3 network 10.3.0.0 0.0.0.3 network 10.3.1.0 0.0.0.255 network 172.17.0.0 ! ip classless ! ip http server ! ! control-plane ! ! line con 0 password cisco line aux 0 line vty 0 4 password cisco login ! end BR4#
Step 7: Reflection
The design strategies for the FilmCompany LAN pose many challenges for the designer. What were a few of the more difficult challenges of creating an ACL you encountered? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Consider and discuss the identified strategies. Do all of the strategies designed or hardware identified accomplish the task the same way? ______________________________________________________________________________________ ______________________________________________________________________________________ Would one ACL work better than another?

______________________________________________________________________________________ ______________________________________________________________________________________ Would the chosen ACL design allow for future growth and the addition of more hosts on the LAN segment? ______________________________________________________________________________________ ______________________________________________________________________________________ Outcomes will vary; points may include: What is the limitation of an ACL? Is the existing ACL capable of handling the proposed network design traffic? If so, how? If not, why? What devices can be used instead of an ACL on the router? Can those devices provide the same performance as a router with less overhead? What are potential weaknesses for the proposed security plan?
Instructor note: Below is the running config from the routers after completing Task 2: SR1#show run Building configuration... Current configuration : 1019 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SR1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! ! ! ! ! ! !
Page 14 of 17

interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 ip address 10.1.1.254 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Serial0/1/0 ip address 10.1.0.1 255.255.255.252 clock rate 125000 ! interface Serial0/1/1 no ip address shutdown clock rate 125000 ! interface Vlan1 no ip address ! router eigrp 1 network 10.1.0.0 0.0.0.3 network 10.1.1.0 0.0.0.255 ! ip classless ! ip http server ! ! control-plane ! ! line con 0 password cisco line aux 0 line vty 0 4 password cisco login ! end SR1#
Page 15 of 17

BR4#show run Building configuration... Current configuration : 1145 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname BR4 ! boot-start-marker boot-end-marker ! enable password class ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.17.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.3.1.254 255.255.255.0 ip access-group 105 in duplex auto speed auto ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Serial0/1/0 no ip address

no fair-queue clock rate 125000 ! interface Serial0/1/1 ip address 10.3.0.2 255.255.255.252 ! interface Vlan1 no ip address ! router eigrp 3 network 10.3.0.0 0.0.0.3 network 10.3.1.0 0.0.0.255 network 172.17.0.0 ! ip classless ! ip http server ! control-plane ! ! line con 0 password cisco line aux 0 line vty 0 4 password cisco login ! end BR4#
Page 17 of 17
Lab 6.1.4 Using CIDR to Ensure Route Summarization Instructor Version
Device
Interface Fa0/0
IP Address 172.18.0.1 172.17.0.1 172.19.0.1 172.16.0.1 172.17.0.2 172.20.0.2 10.1.0.1 172.20.0.1 172.18.0.254
Subnet Mask 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0
Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A 172.18.0.1
R1
S0/0/0 Lo0 Fa0/0
R2
S0/0/0 S0/0/1
R3 PC1
Fa0/0 S0/0/1 NIC
Page 1 of 14

Device PC2 PC3 Interface NIC NIC IP Address 172.16.0.254 10.1.0.254 Subnet Mask 255.255.0.0 255.255.0.0 Default Gateway 172.16.0.1 10.1.0.1
Objectives
Configure routers, including EIGRP routing protocol. Configure EIGRP for manual CIDR route summarization. Verify EIGRP default operation and with manual summarization. Test and verify full connectivity. Reflect upon and document the network implementation.

This lab contains skills that relate to the following CCNA exam objectives: Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment. Perform and verify routing configuration tasks for a static or default route given specific routing requirements. Configure, verify, and troubleshoot EIGRP.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Note: This lab demonstrates route summarization to reduce the size of routing update information and the number of routing table entries. Loopbacks can be added on R1 and R2 to increase the number of networks to be summarized as a challenge. Crossover cables can be used in place of switches. In this lab activity, you will configure and examine the operation of routes to take advantage of Classless Interdomain Routing (CIDR). You will configure the routers and observe the default operation of EIGRP with automatic summarization. Then you will configure manual summarization to create a supernet. The following
Page 2 of 14

individual network routes on R1 and R2 will be summarized: 172.16.0.0, 172.17.0.0, 172.18.0.0, and 172.19.0.0.

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router.
Step 2: Perform basic router configurations

Establish a HyperTerminal, or other terminal emulation program, from PC1 to each of the three routers in turn and perform the following configuration functions: a. Clear any existing configurations on the routers. b. Configure the router hostname. c. Disable DNS lookup.
d. Configure an EXEC mode password. e. Configure a message-of-the-day banner. f. Configure a password for console connections.
g. Configure a password for vty connections.
Step 3: Configure the interfaces on the three routers

a. Configure the interfaces on the three routers with the IP addresses from the table. b. Save the running configuration to the NVRAM of the router.
Step 4: Configure the Ethernet interfaces

Configure the Ethernet interfaces of Hosts PC1, PC2, and PC3 with the IP addresses from the addressing table provided under the topology diagram.
Step 5: Verify connectivity of routers

a. Verify that each router can ping each of the neighboring routers across the WAN links. You should not have connectivity between end devices yet. However, you can test connectivity between two routers and between an end device and its default gateway. b. Troubleshoot if connectivity is not achieved.
Step 6: Verify connectivity of Host PCs

a. Verify that PC1, PC2, and PC3 can ping their respective default gateways. b. Troubleshoot if connectivity is not achieved.
Step 7: Configure EIGRP routing on router R1

Consider the networks that need to be included in the EIGRP updates that are sent out by the R1 router. What directly connected networks exist on R1? ________________________________________ 172.17.0.0 ________________________________________ 172.18.0.0

________________________________________ 172.19.0.0 What commands are required to enable EGIRP and include the connected networks in the routing updates? ________________________________________ router eigrp 1 ________________________________________ network 172.17.0.0 ________________________________________ network 172.18.0.0 ________________________________________ network 172.19.0.0 Are there any router interfaces that do not need to have EIGRP updates sent out? __________ yes If yes, which ones? _____________________________________________________ Fa0/0 and Fa0/1 What command is used to disable EIGRP updates on these interfaces? ________________________________________ passive-interface FastEthernet0/0 and passive-interface FastEthernet0/1
Step 8: Configure EIGRP on router R2

Consider the networks that need to be included in the EIGRP updates that are sent out by the R2 router. What directly connected networks exist on R2? ________________________________________ 172.16.0.0 ________________________________________ 172.17.0.0 ________________________________________ 172.20.0.0 What commands are required to enable EGIRP and include the connected networks in the routing updates? ________________________________________ router eigrp 1 ________________________________________ network 172.16.0.0 ________________________________________ network 172.17.0.0 ________________________________________ network 172.20.0.0 Are there any router interfaces that do not need to have EIGRP updates sent out? __________ yes If yes, which ones? _____________________________________________________ Fa0/0 and Fa0/1 What command is used to disable EIGRP updates on these interfaces? ________________________________________ passive-interface FastEthernet0/0
Step 9: Configure EIGRP routing on the R3 router

Consider the networks that need to be included in the EIGRP updates that are sent out by the R3 router. What directly connected networks exist on R3? ________________________________________ 172.20.0.0 ________________________________________ 10.1.0.0 What commands are required to enable EGIRP and include the connected networks in the routing updates? ________________________________________ router eigrp 1 ________________________________________ network 172.20.0.0 ________________________________________ network 10.1.0.0 Are there any router interfaces that do not need to have EIGRP updates sent out? __________ yes

If yes, which ones? _____________________________________________________ Fa0/0 and Fa0/1 What command is used to disable EIGRP updates on these interfaces? ________________________________________ passive-interface FastEthernet0/0
Step 10: Verify the configurations

Ping between devices to confirm that each router can reach each device on the network and that there is connectivity between all the PCs. If any of the above pings failed, check your physical connections and configurations. Troubleshoot until connectivity is achieved.
Step 11: Display the EIGRP routing table for each router
Are there summary routes in any of the routing tables? __________ Yes but only for the 10.1.0.0 network. EIGRP Auto-summary is on by default and it summarizes the 10.1.0.0 /16 subnetwork to a classful 10.0.0.0/8 network. Are there any summary routes for the 172.x.0.0 networks? __________ No. None of the 172.x.0.0 will be summarized automatically. EIGRP will not summarize except on classful network boundaries. Only classful 172.x.0.0 networks are being advertised. There are no 172.x.0.0 subnets to summarize, R1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C D C C D D 172.17.0.0/16 is directly connected, Serial0/0/0 172.16.0.0/16 [90/2172416] via 172.17.0.2, 01:36:51, Serial0/0/0 172.19.0.0/16 is directly connected, Loopback0 172.18.0.0/16 is directly connected, FastEthernet0/0 172.20.0.0/16 [90/2681856] via 172.17.0.2, 01:29:07, Serial0/0/0 10.0.0.0/8 [90/2684416] via 172.17.0.2, 01:29:04, Serial0/0/0
R2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C C D 172.17.0.0/16 is directly connected, Serial0/0/0 172.16.0.0/16 is directly connected, FastEthernet0/0 172.19.0.0/16 [90/2172416] via 172.17.0.1, 01:38:10, Serial0/0/0
Page 5 of 14

D C D 172.18.0.0/16 [90/2172416] via 172.17.0.1, 01:38:10, Serial0/0/0 172.20.0.0/16 is directly connected, Serial0/0/1 10.0.0.0/8 [90/2172416] via 172.20.0.1, 01:30:24, Serial0/0/1
R3#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set D D D D C D C 172.17.0.0/16 [90/2681856] via 172.20.0.2, 00:02:57, Serial0/0/1 172.16.0.0/16 [90/2172416] via 172.20.0.2, 00:02:57, Serial0/0/1 172.19.0.0/16 [90/2684416] via 172.20.0.2, 00:02:57, Serial0/0/1 172.18.0.0/16 [90/2684416] via 172.20.0.2, 00:02:57, Serial0/0/1 172.20.0.0/16 is directly connected, Serial0/0/1 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 10.0.0.0/8 is a summary, 01:31:34, Null0 10.1.0.0/16 is directly connected, FastEthernet0/0
Step 12: Remove automatic summarization

On each of the three routers, remove automatic summarization to force EIGRP to report all subnets. A sample command is given for R1. R1(config)#router eigrp 1 R1(config-router)#no auto-summary Instructor note: This is not really necessary to create a summary route for the 172.x.0.0 networks but is good practice and will force the R3 router to advertise the 10.1.0.0/16 network.
Step 13: Configure manual summarization on R2

On R2, configure manual summarization so that EIGRP summarizes the four networks 172.16.0.0/16, 172.17.0.0/16, 172.18.0.0/16, and 172.19.0.0/16 as one CIDR route, or 172.16.0.0/14. You are summarizing multiple classful networks, which creates a supernet, and results in a classless (/14) network address being advertised. R2(config)#interface s0/0/1 R2(config-if)#ip summary-address eigrp 1 172.16.0.0 255.252.0.0
Step 14: Confirm that R2 is advertising a CIDR summary route

Examine the routing table of each router using the show ip route command. R1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route Gateway of last resort is not set C D C C D D 172.17.0.0/16 is directly connected, Serial0/0/0 172.16.0.0/16 [90/2172416] via 172.17.0.2, 02:13:05, Serial0/0/0 172.19.0.0/16 is directly connected, Loopback0 172.18.0.0/16 is directly connected, FastEthernet0/0 172.20.0.0/16 [90/2681856] via 172.17.0.2, 02:05:21, Serial0/0/0 10.0.0.0/16 is subnetted, 1 subnets 10.1.0.0 [90/2684416] via 172.17.0.2, 00:04:25, Serial0/0/0
R2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C C D D C D D 172.17.0.0/16 is directly connected, Serial0/0/0 172.16.0.0/16 is directly connected, FastEthernet0/0 172.19.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0 172.18.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0 172.20.0.0/16 is directly connected, Serial0/0/1 10.0.0.0/16 is subnetted, 1 subnets 10.1.0.0 [90/2172416] via 172.20.0.1, 00:05:57, Serial0/0/1 172.16.0.0/14 is a summary, 00:11:55, Null0
R3#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C C D 172.20.0.0/16 is directly connected, Serial0/0/1 10.0.0.0/16 is subnetted, 1 subnets 10.1.0.0 is directly connected, FastEthernet0/0 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
Which router has a summarized route to the 172.x.0.0 networks in its routing table? __________ R3 D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1
Page 7 of 14

Step 15: Clean up
Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Reflection
In this lab, automatic summarization was used. Could route summarization still be applied if more effective use of the IPv4 address space had been made by using VLSM for those networks requiring fewer addresses, such as the serial links between routers? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Page 8 of 14
Device Configs Routers R1, R2 and R3 - 1841s IOS 12.4 R1#sh running-config Building configuration... Current configuration : 1218 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$.QNi$kwK3bZUgi0czFFHuqj.vE. enable password cisco ! no aaa new-model ip cef ! ! ! ! no ip domain lookup ! ! ! ! ! ! ! ! interface Loopback0 ip address 172.19.0.1 255.255.0.0 ! interface FastEthernet0/0 ip address 172.18.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto no keepalive ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3

! interface Serial0/0/0 ip address 172.17.0.1 255.255.0.0 clock rate 64000 ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address ! router eigrp 1 passive-interface FastEthernet0/0 passive-interface FastEthernet0/1 network 172.17.0.0 network 172.18.0.0 network 172.19.0.0 no auto-summary ! ! ! ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! banner motd ^CUnauthorized Use Prohibited^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end R1#
R2#sh running-config Building configuration... Current configuration : 1202 bytes ! version 12.4 service timestamps debug datetime msec

service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$m/Is$D47qo9SwpHRvZXgJjMKcR1 enable password cisco ! no aaa new-model ip cef ! ! ! ! no ip domain lookup ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 172.16.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 ip address 172.17.0.2 255.255.0.0 no fair-queue ! interface Serial0/0/1 ip address 172.20.0.2 255.255.0.0 ip summary-address eigrp 1 172.16.0.0 255.252.0.0 5 clock rate 2000000 ! interface Vlan1 no ip address !

router eigrp 1 passive-interface FastEthernet0/0 network 172.16.0.0 network 172.17.0.0 network 172.20.0.0 no auto-summary ! ! ! ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! banner motd ^CUnauthorized Use Prohibited^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end R2#
R3#sh running-config Building configuration... Current configuration : 1090 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! enable secret 5 $1$jMJ6$avAW5obhhul6geSUOsf2./ enable password cisco ! no aaa new-model

ip cef ! ! ! ! no ip domain lookup ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 10.1.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 no ip address clock rate 2000000 ! interface Serial0/0/1 ip address 172.20.0.1 255.255.0.0 ! interface Vlan1 no ip address ! router eigrp 1 passive-interface FastEthernet0/0 network 10.0.0.0 network 172.20.0.0 no auto-summary ! ! ! ip http server no ip http secure-server ! ! ! !

! control-plane ! ! banner motd ^CUnauthorized Use Prohibited^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end R3#
Page 14 of 14
Lab 6.2.1 Determining an IP Addressing Scheme Instructor Version
Objective
Determine an appropriate IP addressing strategy for the FilmCompany network.

This lab contains skills that relate to the following CCNA exam objectives: Describe the operation and benefits of using private and public IP addressing. Implement static and dynamic addressing services for hosts in a LAN environment.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________

______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. It is the first of three in a series. Lab 6.2.1 (this lab) considers the issues relating to designing an addressing scheme. Lab 6.2.2 determines the number of IP subnets. Lab 6.2.5 considers the assignment of subnets and addresses to particular VLANs. In this lab, students consider the best way to manage addressing of the redesigned FilmCompany network topology. Among the important issues that need to be clarified are: The difference between VLANs and subnets Providing a scaleable addressing design There may be more than one solution An optimal solution may not be always attainable
This lab is part of a series of labs in which you design the IP addressing scheme for the new FilmCompany network. This series includes Determining an IP Addressing Scheme (Lab 6.2.1), Determining the Number of IP Networks (Lab 6.2.2) and Creating an Address Allocation Spreadsheet (Lab 6.2.5). In this lab, you will start to plan an IP addressing scheme that satisfies the new network design of the branch office of FilmCompany. This scheme will be applied to the network over the following two labs. The IP address scheme has to meet the network requirements to support scalability and a hierarchical design model. With the acquisition of AnyCompany and the new contract with the StadiumCompany, the network infrastructure of this branch office of FilmCompany needs to change significantly. To begin planning the addressing scheme, you will examine the topology in conjunction with the different user types and traffic types. The different users and services will be grouped into VLANs and subnets. The IP addressing scheme will then be applied to the subnets.
Step 1: Consider VLAN issues

The initial step in determining the required VLANs is to group users and services into VLANs. Each of these VLANs will represent an IP subnet.
A VLAN can be considered to be a group of switch ports assigned to a broadcast domain. Grouping the switch ports confines broadcast traffic to specified hosts so that bandwidth is not unnecessarily consumed in unrelated VLANs. It is therefore a recommended best practice to assign only one IP network or subnetwork to each VLAN. When determining how to group users and services, consider the following issues: Flexibility The employees and hardware of the former AnyCompany will move into the building with the FilmCompany in the near future. The network from this newly acquired company needs to be tightly integrated with the FilmCompany network and a structure put in place to enhance the security of the network.
Page 2 of 6

To support this integration, with improvements in security and performance, additional VLANs need to be created on the network. These VLANs will also allow the personnel to move to the buildings without additional network changes or interruption in network services. Security Security can be better enforced between VLANs than within VLANs. Access control lists can be applied to the Distribution Layer router subinterfaces that interconnect the VLANs to enforce this security. The interfaces on the switches can be assigned to VLANs as appropriate to support the network for the connected device. Additional Layer 2 security measures can also be applied to these switch interfaces.
WANs and VPNs The contract with StadiumCompany adds a number of new requirements. Some FilmCompany personnel will be located at the stadium. Additional personnel and contract workers will also be present at the stadium during live events. These employees will use laptops and the wireless LAN at the FilmCompany branch as well as the wireless LAN at the stadium. To provide network connectivity for these laptops, they will be in their own VLAN. At the stadium, the FilmCompany laptop users will connect to a secure wireless VLAN and use a VPN over the Frame Relay connection between stadium and the FilmCompany branch. With this connection, the laptop users can be attached to the internal FilmCompany network regardless of physical location. To support the video feeds, FilmCompany will need resources available at the stadium. Some of the servers providing these resources will be located at the stadium. Other servers will be located at the branch office of the FilmCompany. For security and performance reasons, these servers, regardless of location, will be on secured VLANs. A separate VPN over the Frame Relay link will be created to connect the servers at the stadium to the servers located at the FilmCompany office. What are the advantages and disadvantages of using a VPN to extend the wireless and video server networks over the Frame Relay connection from FilmCompany to the stadium? Advantages: _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Disadvantages: _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ Extending a VLAN through a VPN across a WAN has the advantage of the security measures applied to that VLAN being also applied to all hosts regardless of location. A disadvantage is that all VLAN broadcasts also traverse the narrow bandwidth WAN link, which may adversely affect data throughput. Redundancy The VLAN structure will support load balancing and redundancy, which are major needs of this new network design. With such a large portion of the FilmCompany operations and revenues dependent on the network operation, a network failure could be devastating. The new VLAN arrangement allows the FC-ASW1 and FCASW2 switches to share the load of the traffic and be backups for each other. This redundancy is accomplished by sharing the RSTP primary and secondary root duties for the traffic for the different VLANs: FC-ASW1 will be the primary root for approximately one-half of the VLAN traffic (not necessarily onehalf of the VLANs) and FC-ASW2 will be the secondary root for these VLANs.
Page 3 of 6

The remaining VLANs will have FC-ASW2 as the primary root and FC-ASW1 as the secondary root.
Step 2: Group network users and services

Examine the planned network topology. Applying the issues considered in Step 1, list all the possible groupings of users and services that may require separate VLANs and subnets. ____________________________________________ default VLAN for the Layer 2 devices ____________________________________________ voice VLAN to support Voice over IP ____________________________________________ VLAN for management hosts and secure peripherals (payroll printer) ____________________________________________ VLAN for administrative hosts ____________________________________________ VLAN for support hosts ____________________________________________ VLAN for high performance production workstations (stationary) ____________________________________________ VLAN for mobile production hosts ____________________________________________ VLAN for stadium to FilmCompany mobile access VPN ____________________________________________ VLAN for network support ____________________________________________ VLAN for peripherals for general use (printers, scanners) ____________________________________________ VLAN for servers to support video services and storage ____________________________________________ VLAN for stadium to FilmCompany video services VPN ____________________________________________ VLAN for servers that are publicly accessible ____________________________________________ VLAN for terminating unwanted or suspicious traffic ____________________________________________ VLAN for undefined future services ____________________________________________ Block of addresses are required for NAT pool for BR4 ____________________________________________ DSL link to the ISP ____________________________________________ Addresses for the Frame Relay link to the stadium
Step 3: Tabulating the groupings

The new addressing design needs to be scalable to allow easy inclusion of future services, such as voice. The current addressing scheme does not allow for managed growth. Correcting this scheme will mean that most devices will be placed on new VLANs and new subnets. In some cases, a device address may not be able to be changed; for example, some of the servers have software registered to their IP addresses. In such cases, the server VLAN will keep its current addressing even though it may not be consistent with the remaining addressing scheme. Other addresses that cannot be changed are the addresses used with the WAN links and the addresses for NAT pool used to access the Internet. This table shows a possible grouping and addressing scheme. The number of hosts required for the FilmCompany branch office, including growth, has been determined. Assigning one subnet to each VLAN, the host count for each has been rounded up to the next logical network size supported by the binary patterns used in the subnet mask. Rounding up prevents underestimating the total number of host addresses required.
Page 4 of 6

Number of host addresses 14 254 14 62 126 126 62 14 65534 62 14 126 126 6 2 2 Predetermined Network Address
VLAN Number 1 10 20 30 40 50 60 70 80 90 100 120 999 NA NA NA
Network Name default voice management administrative support production mobile net_admin servers peripherals web_access future null NAT_pool DSL_Link Frame_Link
Description Default VLAN for the Layer 2 devices Voice VLAN to support Voice over IP Management hosts and secure peripherals (payroll printer) Administrative hosts Support hosts High performance production workstations (stationary) Mobile production hosts
Network support Servers to support video services and storage Peripherals for general use (printers, scanners) VLAN for servers that are publicly accessible VLAN for future services VLAN for terminating unwanted or suspicious traffic 209.165.200.224 /29 Addresses for NAT pool for BR4 or interface to ISP4 192.0.2.40 /30 DSL link to the ISP 172.18.0.16/30 Address of the FR link to the stadium 172.17.0.0 /16
NOTE: For this exercise, VLANs 60 and 80 have been extended over VPNs to support hosts and services to the stadium. As discussed in Step 1, this may not be an optimal solution.
Step 4: Determine the total number of hosts to be addressed

To determine the block of addresses to be used, count the number of hosts. To calculate the addresses, count only the hosts that will receive addresses from the new block. Use the information in the table in Step 3 to complete this chart to calculate the total number of hosts in the new FilmCompany network requiring addresses. Network/VLAN Name default Voice management administrative support #Number of host addresses 14 254 14 62 126
Page 5 of 6

Network/VLAN Name production mobile peripherals net_admin web_access Future Null Total #Number of host addresses 126 62 62 14 14 126 126 1000
What is the smallest address block size that can potentially satisfy the FilmCompany network needs? __________________ 1024 NOTE: Often, when adding the total number off addresses needed, the total count may not accurately reflect the number of addressing blocks required. This discrepancy can occur when the host counts for the networks have not been rounded up to the next logical network size. Because the individual counts represent rounded values, you can be confident that this block size can satisfy the network requirements. File this information in your design portfolio for use in the next lab.
Reflection / Challenge
This lab provided a step-by-step process for determining an addressing scheme for a corporate network. Discuss and consider the issues that would arise if this planning process was not methodically used. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 6 of 6
Lab 6.2.2 Determining the Number of IP Networks Instructor Version
Objective
Define an addressing block scheme to support summarization.

This lab contains skills that relate to the following CCNA exam objectives: Describe the operation and benefits of using private and public IP addressing. Implement static and dynamic addressing services for hosts in a LAN environment.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________

______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. It is the second of three in a series. Lab 6.2.1 considered the issues relating to designing an addressing scheme. Lab 6.2.2 (this lab) determines the number of IP subnets. Lab 6.2.5 considers the assignment of subnets and addresses to particular VLANs. In this lab, students consider the best way to manage addressing of the redesigned FilmCompany network topology. Among the important issues that need to be clarified are: The difference between VLANs and subnets Providing a scaleable addressing design There may be more than one solution An optimal solution may not be always attainable
This lab is part of a series of labs in which you design the IP addressing scheme for the new FilmCompany network. This series includes Determining an IP Addressing Scheme (Lab 6.2.1), Determining the Number of IP Networks (Lab 6.2.2) and Creating an Address Allocation Spreadsheet (Lab 6.2.5). With the acquisition of AnyCompany and the new contract with StadiumCompany, the network infrastructure of this branch office of FilmCompany needs to change significantly. In this lab, you will design an IPv4 addressing plan that satisfies the requirements of the addressing scheme developed for the new FilmCompany network in Lab 6.2.1. This plan will be applied to the network in the next lab.
Task 1: Review Address Block Size

Review and record the total number of hosts to be addressed. Complete this table with the information determined in Lab 6.2.1. Network/VLAN Name default Voice management administrative support production mobile #Number of host addresses 14 254 14 62 126 126 62
Page 2 of 6

Network/VLAN Name peripherals net_admin web_access Future Null Total #Number of host addresses 62 14 14 126 126 1000
What is the smallest address block size that can potentially satisfy the FilmCompany network needs? __________________ 1024
Task 2: Choose or Obtain an Address Block

Step 1: Choose public or private addresses?
A block of addresses needs to be acquired to support the addressing scheme. This block of addresses could be private space addresses or public addresses. In most cases, the network users require only outbound connections to the Internet. Only a few hosts, such as web servers, require public addresses. These often exist on the local LAN with private addresses and have static NAT entries on the border router to translate to public addresses. Public address, however, are expensive and often difficult to justify. Can you make a justification of the use public addresses in this network? __________ no If so, write this justification to forward to the ISP: blank
_________________________________________________________________________________ _________________________________________________________________________________ _________________________________________________________________________________
Step 2: Ensure that the private space addresses do not conflict

Although you are allowed to use private space addresses any way you choose, you must make sure that the addresses used do not conflict with another private space address to which this network will be connected. You must identify other networks to which you are connected and make sure that you are not using the same private addresses. In this case, you need to examine the addresses used by the StadiumCompany. What address private space block does the StadiumCompany use? ________________________________172.18.0.0 /16 What address blocks are used by the WAN links? ________________________________172.18.0.16/30 ________________________________192.0.2.40 /30 Are there other devices or connections that need to be excluded from use? __________ yes What types? ________________________________ servers What address block? ________________________________172.17.0.0 /16
Page 3 of 6

Step 3: Ensure that the private space addresses are consistent with policy
The company should have a network policy and method of allocating addresses. This is true even when using private addresses. You should contact the FilmCompany network administrators to request a block of addresses. In this case, ask your instructor if there is a preferred set of addresses to use. Did your instructor assign a block of addresses? __________ varies If so, what block? ________________________________ varies If your instructor does not assign addresses, you may choose any private space block that does not conflict. What block of addresses are you using for this FilmCompany Branch? ________________________________varies /22 Instructor Note: For these examples we will use 192.168.0.0 /22.
Task 3: Allocate Addresses for the Network

When assigning addresses to the different networks, start the assignments with the subnet that requires the largest address block and progress to the network that requires the smallest.
Step 1: Order the networks from largest to smallest

Using the information from Lab 6.2.1, list the networks in order of size, from the network that requires the largest address block to the network that requires the smallest block.
Network/VLAN Name Voice support production Future Null administrative Mobile peripherals web_access Default management Net_admin
Number of host addresses 254 126 126 126 126 62 62 62 14 14 14 14
Instructor Note: The exact order of these will vary
Page 4 of 6

Step 2: Assign address blocks to the networks
From the address block chosen in the previous task, begin calculating and assigning the address blocks to these networks. You should use contiguous blocks of addresses when making these assignments. Network/VLAN Name Voice support production Future Null administrative Mobile Peripherals web_access Default management net_admin Number of host addresses 254 126 126 126 126 62 62 62 14 14 14 14
Network address 192.168.0.0 /24 192.168.1.0 /25 192.168.1.128 /25 192.168.2.0 /25 192.168.2.128 /25 192.168.3.0 /26 192.168.3.64 /26 192.168.3.128 /26 192.168.3.192 /28 192.168.3.208 /28 192.168.3.224 /28 192.168.3.240 /28
Instructor Note: the exact order and address will vary based on address block chosen in the previous task. 192.168.0.0 /22 is used in this example.
Step 3: Complete the address planning table

Using the addresses you calculated in the previous step, complete this table from Lab 6.2.1. This plan will be used in future labs. Number of host addresses 14 254 14 62 126 126
VLAN # 1 10 20 30 40 50
Network/VLAN Name default voice management administrative support production
Network Address 192.168.3.208 /28 192.168.0.0 /24 192.168.3.224 /28 192.168.3.0 /26 192.168.1.0 /25 192.168.1.128 /25
Description Default VLAN for the Layer 2 devices Voice VLAN to support Voice over IP Management hosts and secure peripherals (payroll printer) Administrative hosts Support hosts High performance production workstations (stationary)
Page 5 of 6

Number of host addresses 62 14 65534 62 14 126 126 6 2 2
VLAN # 60 70 80 90 100 120 999 NA NA NA
Network/VLAN Name mobile net_admin servers peripherals web_access future null NAT_pool DSL_Link Frame_link
Network Address 192.168.3.64 /26 192.168.3.240 /28 172.17.0.0 /16 192.168.3.128 /26 192.168.3.192 /28 192.168.2.0 /25 192.168.2.128 /25
Description Mobile production hosts. Network support Servers to support video services and storage. Peripherals for general use (printers, scanners) VLAN for server that are publicly accessible VLAN for future services
VLAN for terminating unwanted or suspicious traffic Addresses for NAT pool for BR4 or 209.165.200.224 /29 interface to ISP4 192.0.2.40 /30 DSL link to the ISP 172.18.0.16/30 Address of the FR link to the stadium
File this information in your design portfolio for use in the next lab.
This lab specifically used private IPv4 addresses. Discuss the issues to be considered if it was decided to use public IP addresses throughout the network. Are there any situations that would require this? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 6 of 6
Lab 6.2.5 Creating an Address Allocation Spreadsheet Instructor Version
Objective
Document the address assignment within the FilmCompany network.

This lab contains skills that relate to the following CCNA exam objectives: Calculate and apply an addressing scheme, including VLSM IP addressing design, to a network. Implement static and dynamic addressing services for hosts in a LAN environment. Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment.

Page 1 of 6

Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This is a written lab. It is the third of three in a series. Lab 6.2.1 considered the issues relating to designing an addressing scheme. Lab 6.2.2 determined the number of IP subnets. Lab 6.2.5 (this lab) considers the assignment of subnets and addresses to particular VLANs. In this lab, students consider the best way to manage addressing of the redesigned FilmCompany network topology. Among the important issues that need to be clarified are: The difference between VLANs and subnets Providing a scaleable addressing design There may be more than one solution An optimal solution may not be always attainable
This lab is part of a series of labs in which you design the IP addressing scheme for the new FilmCompany network. This series includes Determining an IP Addressing Scheme (Lab 6.2.1), Determining the Number of IP Networks (Lab 6.2.2) and Creating an Address Allocation Spreadsheet (Lab 6.2.5). Based on the addressing plan you created in Labs 6.2.1, Determining the IP Addressing Scheme, and Lab 6.2.2, Determining the Number of IP Networks, you will create a spreadsheet showing the VLSM addressing allocation for the networks. This information will to be placed in the IP Network Requirements table to show the size of the IP address blocks that are needed for each area of the network. You should group areas that have similar requirements, to reduce the number of different subnet masks that must be supported. By reducing the number of subnet combinations, the designer simplifies the configurations. This makes it easier for the existing FilmCompany network staff to support and troubleshoot. The design requires the support of four different subnet masks.
Task 1: Create a Spreadsheet Showing VLSM Addresses and Assignment

Use a spreadsheet program to create a spreadsheet with columns for each of the network addressing requirements based on the table shown here. Using a spreadsheet to create a table like this one can make the allocation of addresses easier to plan and visualize. The spreadsheet can also be used to record where each block of addresses is implemented in the network. This helps to avoid overlapping address blocks.
Page 2 of 6

FilmCompany Network Block 192.168.0.0 /22 192.168.0.0 /24 192.168.1.0 /24 192.168.1.0 /25 192.168.1.128 /25 192.168.2.0 /24 192.168.2.0 /25 192.168.2.128 /25 192.168.3.0 /24 192.168.3.0 /25 192.168.3.0 /26 192.168.3.64 /26 192.168.3.128 /25 192.168.3.128 /26 192.168.3.192 /26 192.168.3.192 /28 192.168.3.208 /28 192.168.3.224 /28 192.168.3.240 /28 Networks with 254 hosts Networks with 126 hosts Networks with 62 hosts Networks with 14 hosts Network Names NA voice support production future null administrative mobile peripherals web_access default management net_admin
Instructor Note: These values can vary and are dependent on values used in the previous lab. However, the prefixes (subnet masks) should remain the same. These examples use 192.168.0.0 /22 from the previous lab. For this task, first list the block you have chosen and then show the allocation of this block into the subnets. Begin with the largest block and work to the smallest. NOTE: You may want to use a pencil to fill in this table so that you can make changes until it is complete and final.
Step 1: Record the network address block

In the first column, record the address block used for the entire FilmCompany network chosen in the previous lab.
Step 2: Define the 254-host networks

Based on the requirements for the FilmCompany network, the address block is divided into twelve separate networks using four different masks. a. In the second column of the table above, record the network blocks that will support 254 hosts per network. b. In the last column, record the names of the networks that need to be assigned to these blocks. NOTE: Use only as many blocks as required to meet the address assignments.
Page 3 of 6

The CIDR notation mask for the 254-host network is /24. What is the dotted decimal equivalent mask? ___________________ 255.255.255.0

a. In the third column of the table above, choose the first unused 254 host address block to subdivide into 126-host networks. b. In the last column, record the names of the networks assigned to these 126-host blocks. NOTE: Use only as many blocks as required to meet the address assignments. The CIDR notation mask for the 126-host network is /25. What is the dotted decimal equivalent mask? ________________________________ 255.255.255.128 NOTE: As you further divide these networks, you may need to move the networks around in the table to make room to show the further subnetting of these blocks.

a. In the fourth column of the table above, choose the first unused 126-host address block to subdivide into 62-host networks. b. In the last column, record the names of the networks assigned to these 62-host blocks. NOTE: Use only as many blocks required that meet the address assignments. The CIDR notation mask for the 62-host network is /26. What is the dotted decimal equivalent mask? ________________________________ 255.255.255.192

a. In the fifth column of the table above, choose the first unused 62-host address block to subdivide into 14-host networks. b. In the last column, record the names of the networks assigned to these 14-host blocks. NOTE: Use only as many blocks as required to meet the address assignments. The CIDR notation mask for the 14-host network is /28. What is the dotted decimal equivalent mask? ________________________________ 255.255.255.240 NOTE: This FilmCompany branch office does not require any 30-host networks.
Task 2: Define the Host Address Assignments

For each network, determine and document the host addresses and broadcast addresses. Use the table below to document these networks and host information.
Step 1: Record the network names and addresses in the addressing table
In the table below, record the network names for the FilmCompany in the first column and the corresponding network address in the second column.
Step 2: Calculate the lowest host address in the addressing table

The lowest address for a network is one greater than the address of the network. Therefore, to calculate the lowest host address, add a 1 to the network address. For each of these networks, calculate and record the lowest host address in the second column of the table.
Page 4 of 6

Step 3: Calculate the broadcast address in the addressing table
The broadcast address uses the highest address in the network range. This is the address in which the bits in the host portion are all 1s. To calculate the broadcast for each of the networks listed, convert the last octet of the network address into binary. Then fill the remaining host bits with 1s. Finally, convert the binary back to decimal. For each of these networks, calculate and record the broadcast address in the last column.
Step 4: Calculate the highest host address in the addressing table

The highest address for each address is the network address is one less than the broadcast address for that network. Therefore, to calculate the highest host address, subtract a 1 from the broadcast address. For each of these networks, calculate and record the highest host address in the second column.
Network Names voice support production future null administrative mobile peripherals Web_access default management net_admin
Network Address 192.168.0.0 /24 192.168.1.0 /25 192.168.1.128 /25 192.168.2.0 /25 192.168.2.128 /25 192.168.3.0 /26 192.168.3.64 /26 192.168.3.128 /26 192.168.3.192 /28 192.168.3.208 /28 192.168.3.224 /28 192.168.3.240 /28
Lowest Host Address 192.168.0.1 192.168.1.1 192.168.1.129 192.168.2.1 192.168.2.129 192.168.3.1 192.168.3.65 192.168.3.129 192.168.3.193 192.168.3.209 192.168.3.225 192.168.3.241
Highest Host Address 192.168.1.254 192.168.1.126 192.168.1.254 192.168.2.126 192.168.2.254 192.168.3.62 192.168.3.126 192.168.3.190 192.168.3.206 192.168.3.222 192.168.3.238 192.168.3.254
Broadcast Address 192.168.1.255 192.168.1.127 192.168.1.255 192.168.2.127 192.168.2.255 192.168.3.63 192.168.3.127 192.168.3.191 192.168.3.207 192.168.3.223 192.168.3.239 192.168.3.255
Task 3: Examine Address Blocks for Overlapping Addresses

One of the major issues of planning network addresses is overlapping addresses. This is especially true when using VLSM addressing. Examine the table in the previous step to ensure that each network has a unique address range. Are there any overlapping addresses in the networks? __________ no If there are any overlapping addresses, recalculate the addressing plan for the FilmCompany network. Important: File this information in your design portfolio; it is an essential part of your design documentation.
Page 5 of 6
CCNA Discovery Designing and Supporting Computer Networks Reflection / Challenge

Examine the network addressing table in Task 1. Discuss how it may be used to determine address summarization. Also, consider how these summarizations might be used. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 6 of 6
Lab 6.2.6 Diagramming the Network Instructor Version
Objective
Diagram selected portions of the new FilmCompany network, including devices, device names, and IP addressing.

This lab contains skills that relate to the following CCNA exam objective: Describe security recommended practices including initial steps to secure network devices.

Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 1 of 4

Instructor notes: This is a written lab. This lab concludes the design of the FilmCompany network upgrade addressing and naming schemes and forms an important part of the student design portfolio documentation. Students need to understand that an effective and secure network device naming scheme should be: Meaningful Consistent Secure
Network device names are sometimes assigned without a unified plan. Without a good network naming scheme, the network can become difficult to manage. However, it must also be recognized that device names that display their function and location can present a security issue. In this lab, you will develop a naming convention and apply labels using this convention to selected devices. You should use the planning information from the previous three labs to complete this lab. The naming scheme will be documented in the topology above and in the table at the end of the lab.
Step 1: Identify the appropriate VLAN

In the previous labs, you identified VLANs and subnets to be used in the FilmCompany network expansion. For each device listed in the table in the final section of this lab, assign each host the appropriate VLAN based on its description. Record these VLAN assignments in the third column of the table in Step 5.
Step 2: Assign addresses to the devices

In the previous lab, an address range was established for each subnet and VLAN. Using these established ranges and the VLAN assignments to the devices in the previous step, assign a host address to each of the selected hosts. Record this information in the last column of the table in Step 5 of this lab.
Step 3: Define the codes for device naming

From the device information, develop and apply a naming convention for the hosts. A good naming scheme follows these guidelines: Keep the names as short as possible; using fewer than twelve characters is recommended. Indicate the device type, purpose, and location with codes, rather than words or abbreviations. Maintain a consistent scheme. Consistent naming makes it easier to sort and report on the devices, and to set up management systems. Document the names in the IT department files and on the network topology diagrams. Avoid names that make it easy to find protected resources.
For each naming criteria, assign a code for type. You will use these codes in different combinations to create device names. In the tables below, create codes for the elements of the device names. Use as many or as few codes as needed.
Page 2 of 4

Type code LT PC WS PT SC SV Purpose code MGMT PROD NETA Location code STAD 1FLR 3FLR SVRM
Device Type Laptop Desktop PC Workstation Printer Scanner Server
Device Purpose Management Production Netadmin
Device Location Stadium 1st Floor 3rd Floor ServerRoom
Instructor Note: The code values can vary greatly. There is no established method for the codes. Encourage students to be creative but practical and ensure that the codes used follow the guidelines shown in this step. A PARTIAL EXAMPLE IS SHOWN.
Step 4: Establish the naming convention

In the spaces below, indicate the order and the number of letters to be used in the device naming. Again, use as many or as few letters as necessary. List the criteria in the blanks and draw a line to indicate the number of letters used. You may also choose to use hyphens (-) or underscores (_) to separate fields. L T 3 F L R P R O D
__dev-type____ __location_____ ___dev-purp___ _____________ ______________ _____________ Instructor Note: These can be mapped in a variety of ways. Above is A PARTIAL example.
Step 5: Apply a naming convention

For each of the twelve devices shown in this table, apply the naming convention. Then add these device names in the appropriate boxes in the topology at the beginning of the lab. Number 1 2 3 Device Name VLAN servers servers web_access Description Server for capturing raw video feeds from stadium Server for storing finished (post production) video Public web server for on demand video access
Page 3 of 4
IP Address

Number 4 5 6 7 8 9 10 11 12 Device Name VLAN management production support support mobile mobile support management net_admin Description Branch managers computer Live event production worker (switched) Human resource clerk Payroll Manager Live event mobile worker (audio producer) Live event mobile worker (camera coordinator) Receptionists computer Financial Managers computer Information Technology managers computer IP Address
Instructor Note: Device name values can vary greatly. The IP addresses assigned are dependent on values used in the previous lab but can be any value within the appropriate network range. Important: File this information in your design portfolio; it is an essential part of your design documentation.
If you developed additional criteria to add to the naming convention, discuss why these criteria were used. If you did not use additional criteria, discuss what other criteria might need to be used and why they would be used. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 4 of 4
Lab 7.1.6 Analyzing a Test Plan and Performing a Test Instructor Version
Objectives
Analyze a sample test plan to determine: The subject of the test The methods and tools for testing The potential results
Perform the test using the lab equipment.

This lab contains skills that relate to the following CCNA exam objectives: Perform and verify initial switch configuration tasks, including remote access management. Verify network status and switch operation using basic utilities (including: ping, traceroute, Telnet, SSH, arp, ipconfig), and show and debug commands.
Page 1 of 20

Describe how VLANs create logically separate networks and the need for routing between them. Configure, verify, and troubleshoot VLANs.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding of the ability to analyze a test plan important in network prototyping? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will a network administrator know if the test was successful? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: Using the sample test plan included with the lab and the topology shown, students will review the contents of the test plan and determine the test to be performed, how it should be conducted, and how to determine success or failure. The test scenario is simple: create two VLANs on a switch and test connectivity between the VLANs depending on which port the PC is attached to. Connect the switch to a router and configure and verify inter-vlan routing. This lab, as written, uses 2 PCs. PC1 is on one VLAN and PC2 is on another. If resources and time are available, configuring more VLANs of two or three PCs each will provide a more comprehensive demonstration, however conducting the test with two PCs and two VLANS is sufficient to achieve the goals of the test. If it works with two PCs and two VLANs is it will work with more PCs and more VLANs, unless configuration errors are introduced. To conclude this lab, students should reflect on the design implications and rationale of implementing VLANs in a network. The instructions and CLI command and output format given in this lab are based on the Cisco Catalyst C2960 switch running IOS version 12.2 and a Cisco 1841 router running IOS version 12.4. Note that different switch and router platforms and IOS versions may result in different command and output formats than shown. This lab demonstrates the analysis of a standardized test plan to determine the nature of the test to be performed, the methods and tools to be used, and the potential results. After analyzing and answering questions regarding the test plan, you will document the results of the specified tests. The configuration output used in this lab matches that of a 2960 switch and 1841 series router. The same commands can be used with other Cisco switches and routers but may produce slightly different output.
Example Test Plan

Instructor Notes: This test plan is the basic format used throughout the course. It does not include the people in attendance section. At a minimum a test plan will contain one test. This test plan includes 2 tests. Explain to students that, if additional testing is required, the Description, Procedures, Expected Results / Success Criteria and Results / Conclusions subsections are to be provided for each test.
Table of Contents
Introduction Equipment Design and Topology Diagram Test 1. Description: Basic VLAN Connectivity Test Test 1. Procedures Test 1. Expected Results and Success Criteria Test 1. Results and Conclusions Test 2. Description: VLAN Routing Test Test 2. Procedures Test 2. Expected Results and Success Criteria Test 2. Results and Conclusions
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run. The purpose of this prototype is to demonstrate how the individual Access Layer VLANs can be configured to separate traffic from the end devices, IP telephones, and video cameras. The intent is to demonstrate that computers on VLAN 10 cannot access devices on the voice VLAN unless inter-vlan routing is configured. Test 1: Basic VLAN Connectivity Test Verify physical and IP connectivity between devices on the prototype network. Demonstrate IP connectivity between devices on the same VLANs. Demonstrate lack of IP connectivity between devices on different VLANs.
Test 2: VLAN Routing Test Demonstrate routing of traffic between separate VLANs, unrestricted.
Page 3 of 20
CCNA Discovery Designing and Supporting Computer Networks Equipment

Instructor Notes: Most any switch that supports VLANs from a can be used but should at least be a 29xx model. Command syntax may vary, depending on switch model used. INSTRUCTIONS: List all of the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Additional options or software required none none IOS Software Rev. 12.2 or above 12.2 or above
Qty. Rqd 1 1
Model 2960 Layer 2 switch 37xx multilayer switch
Personal Computer end devices
FastEthernet NIC
Cat 5 or above straight-through patch cables
none
Substitute Any 2950 or 2960 model switch Any multilayer switch or router with minimum 1 FastEthernet port. At least one PC and any other IP enddevice (camera, printer, etc.) none
Windows, MAC, or Linux operating system n/a
Design and Topology Diagram

INSTRUCTIONS: Place a copy of the prototype network topology in this section. This is the network as it should be built to be able to perform the required tests. If this topology duplicates a section of the actual network, include a reference topology showing the location within the existing or planned network. Initial configurations for each device must be included in the Appendix. Add a description about this design here that is essential to provide a better understanding of the testing or to emphasize any aspect of the test network to the reader.
Page 4 of 20
IP Address Plan Device Designation R1 S1 PC1 PC2 VLAN Plan VLAN Names and IDs VLAN1 management VLAN10 main-net VLAN20 voice Switch Ports Fa0/1 Fa0/2 -12 10.0.10.0 / 24 10.0.20.0 / 24 Network Users Fa0/13 - 24 IP Phones Device Name FC-CPE-1 FC-ASW-1 Host1 Host2 Fast Ethernet Address Fa0/0.1 10.0.1.1 Fa0/0.10 10.0.10.1 Fa0/0.20 10.0.20.1 VLAN1 10.0.1.2 10.0.10.2 10.0.20.2 Subnet Mask Default Gateway
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 10.0.1.1 10.0.10.1 10.0.20.1
Switch S1 S1 S1
IP Address Range 10.0.1.2
Group Network Management
Page 5 of 20

In Test 1, each of the two PCs is to be attached to a different VLAN on the switch. In Test 2, the switch is connected to the router with a trunk link and the router will be configured with subinterfaces to route between the two PCs.
Test 1. Description: Basic VLAN Connectivity Test

INSTRUCTIONS: For each test to be performed state the goals of the test, the data to record during the test, and the estimated time required to perform the test.
Goals of Test: The goal of the basic connectivity test is to verify that the proper physical connections are made, that the topology is up, and that devices are correctly configured.
Data to Record: Switch and PC Configurations Ping Test results
Estimated Time: 60 minutes
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Console into the switch and start a log file. Get the show running-config and show vlans from the switch. 2. Verify that VLANs are correctly configured. Record any anomalies. 3. Verify the IP configurations of the PCs. 4. Test IP connectivity between host devices on the same VLAN. 5. Test IP connectivity between host devices on different VLANs.
Test 1. Expected Results and Success Criteria

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. An example of specific criteria is: "A requirement that ping response times cannot exceed 100 ms." 1. Hosts on a VLAN can ping successfully to other hosts on the same VLAN. 2. Hosts on different VLANs are unable to ping successfully.
Test 1. Results and Conclusions

INSTRUCTIONS: Record the results of the tests and the conclusions that can be drawn from the results.
Page 6 of 20

When Hosts 1 and 2 are in the same VLAN and with compatible IP addresses, they can communicate. When they are in different VLANs they cannot.
Page 7 of 20

Test 2. Description: VLAN Routing Test
Goals of Test: The goal of the VLAN routing test is to verify that the host on one VLAN and subnetwork can communicate with a host on another VLAN and subnetwork, using the router.
Data to Record: Configurations Routing Tables Ping Test results
Estimated Time: 60 minutes
Test 2. Procedures
1. Console into the switch and ping all router subinterfaces and other devices in the topology. Record any anomalies. 2. Ping the switch and the router default gateway from each PC. Record any anomalies. 3. Telnet from each PC to the switch and the router. 4. Start a log file and get the show running-config and show vlans from the switch and router. Get the show ip route from the router. 5. Test IP connectivity between host devices on the same VLAN. 6. Test IP connectivity between host devices on different VLANs.
Test 2. Expected Results and Success Criteria:

1. All networking devices are connected and accessible through ping and Telnet. 2. Hosts on a VLAN can ping successfully to other hosts on the same VLAN. 3. Hosts on different VLANs are able to ping successfully using the router.

When hosts are in different VLANs, they can communicate via the router.
*** END OF TEST PLAN ***
Page 8 of 20
CCNA Discovery Designing and Supporting Computer Networks Task 1: Analyze the Test Plan
Analyze the test plan shown above and answer the following questions: a. What are the four main sections of the test plan? ___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________ 1) Introduction, 2) Equipment, 3) Design / Topology Diagram, 4) Test Descriptions and related testing information. (Test procedure, success criteria, and conclusions subsections repeat for each test within the test plan.) b. How many tests are defined within the test plan in this lab? __________ 2 c. In which testing subsection would you find the types of commands or analysis tools used to determine if the test was successful? _________________________ Procedures
d. In which main test plan section would you find a description the devices and cabling used to build the prototype for the test plan? _________________________ Equipment e. In which main testing section would an overall description of the tests to be performed and the reasons why they are being specified in the test plan? _________________________ Introduction
Task 2: Configure the PCs and switch VLANs and perform Test 1
Step 1: Connect devices and configure PC IP addresses
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Connect the switch to the router as shown in the Test Plan topology diagram. b. Connect the PC1 and PC2 hosts to the switch using the ports indicated in the Test Plan topology table. c. Using the IP address information from the Test Plan table, configure PC1 and PC2.

a. Connect a PC with a console cable to the switch to perform configurations using a terminal emulation program. b. Confirm that the switch is ready for lab configuration by ensuring that all existing VLAN and general configurations are removed. Remove the switch startup configuration file from NVRAM. Switch#erase startup-config Erasing the nvram filesystem will remove all files! Continue? [confirm] Press Enter to confirm. The response should be: Erase of nvram: complete c. If the switch has previously been configured with VLANs, it will necessary to delete the VLAN database information file. From the privileged EXEC mode, issue the following commands: Switch#delete vlan.dat Delete filename [vlan.dat]?[Enter]

Delete flash:/vlan.dat? [confirm] [Enter] If there was no VLAN file, this message is displayed. %Error deleting flash:/vlan.dat (No such file or directory) It is recommended that the delete command not be issued as: delete flash:vlan.dat. Accidentally omitting vlan.dat from this command could lead to the complete IOS being deleted from flash memory. Issuing the reload command to restart the switch may not always clear the previous VLAN configuration; for that reason, the power cycle (hardware restart) step is recommended.
Step 3: Configure VLANs on switch S1

a. Configure switch S1 with a hostname and passwords. Switch(config)#hostname FC-ASW-1 FC-ASW-1(config)#enable password cisco FC-ASW-1(config)#enable secret class FC-ASW-1(config)#line console 0 FC-ASW-1(config-line)#password cisco FC-ASW-1(config-line)#login FC-ASW-1(config-line)#line vty 0 15 FC-ASW-1(config-line)#password cisco FC-ASW-1(config-line)#login FC-ASW-1(config-line)#exit FC-ASW-1(config)# b. Configure switch S1 with the VLAN 1 IP address of 10.0.1.2/24. FC-ASW-1(config)#interface vlan1 FC-ASW-1(config-if)#ip address 10.0.1.2 255.255.255.0 FC-ASW-1(config-if)#no shutdown FC-ASW-1(config-if)#exit FC-ASW-1(config)# c. Configure switch S1 with the default gateway address of 10.0.1.1. FC-ASW-1(config)#ip default-gateway 10.0.1.1 FC-ASW-1(config)# d. Create VLAN 10 named main-net and VLAN 20 named voice. FC-ASW-1(config)#vlan 10 FC-ASW-1(config-vlan)#name main-net FC-ASW-1(config-vlan)#exit FC-ASW-1(config-vlan)#vlan 20 FC-ASW-1(config-vlan)#name voice FC-ASW-1(config-vlan)#exit FC-ASW-1(config)# e. Assign interface range Fa0/2 through Fa0/12 to VLAN 10. FC-ASW-1(config)#interface range fa0/2 12 FC-ASW-1(config-if-range)#switchport mode access FC-ASW-1(config-if-range)#switchport access vlan 10 FC-ASW-1(config-if-range)#exit FC-ASW-1(config)# f. Assign interface range Fa0/13 through Fa0/24 to VLAN 20. FC-ASW-1(config)#interface range fa0/13 24 FC-ASW-1(config-if-range)#switchport mode access

FC-ASW-1(config-if-range)#switchport access vlan 20 FC-ASW-1(config-if-range)#end FC-ASW-1#
Step 4: Perform Test 1 to determine if the hosts can communicate between VLANs
a. Issue the show running-config commands from the switch and verify all basic configuration settings. See output at end of lab. b. Issue the show vlan brief command on the switch to verify what ports are in which VLANs. Which switch ports are in VLAN 1? ___________________ Fa0/1 Gi0/1, Gi0/2 Which switch ports are in VLAN 10? ___________________ Fa0/2 Fa0/12 Which switch ports are in VLAN 20? ___________________ Fa0/13 Fa0/24 FC-ASW-1#show vlan brief VLAN Name ---- ---------------------1 default 10 main-net Status --------active active Ports ------------------------------Fa0/1, Gi0/1, Gi0/2 Fa0/2, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24
20
voice
active
<*** output omitted ***> c. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2. Would you expect the ping to be successful? __________ No Why or why not? __________________________________________________________________ PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs. d. Change the IP address of PC2 to 10.0.10.5 so that the two PCs are on the same network and ping again. Would you expect the ping to be successful? __________ No Why or why not? __________________________________________________________________ PC IP addresses have the same network address now but are still in different VLANs. e. Move the cable for PC2 to a port that is in the VLAN 10 range (Fa0/2 to Fa0/12) and ping again. Would you expect the ping to be successful? __________ Yes Why or why not? __________________________________________________________________ PC IP addresses are in the same network and are now in the same VLAN. f. Change the IP address for PC2 back to 10.0.20.2 and move the cable back to Fa0/14 in VLAN 20.
This test demonstrated that the PCs from the main-net cannot communicate with the PCs on the voice net without assistance from a Layer 3 device.
Task 3: Configure the switch and router for VLAN routing and perform Test 2
Step 1: Configure VLAN trunking on switch S1
NOTE: If using he 2900XL switch be sure to configure the DOT1Q encapsulation to ensure trunking works.

Configure trunking between switch S1 and the router with 802.1 encapsulation on both devices. FC-ASW-1#int fa0/1 FC-ASW-1(config-if)#switchport mode trunk FC-ASW-1(config-if)#end
Step 2: Perform basic configuration of the router.

a. Connect a PC to the console port of the router to perform configurations using a terminal emulation program. b. Configure router R1 with a hostname and console, Telnet, and privileged passwords according to the table diagram. Router(config)#hostname FC-CPE-1 FC-CPE-1(config)#line con 0 FC-CPE-1(config-line)#password cisco FC-CPE-1(config-line)#login FC-CPE-1(config-line)#line vty 0 4 FC-CPE-1(config-line)#password cisco FC-CPE-1(config-line)#login FC-CPE-1(config-line)#exit FC-CPE-1(config)#enable password cisco FC-CPE-1(config)#enable secret class FC-CPE-1(config)#no ip domain lookup
Step 3: Configure VLAN Trunking on the Router

a. Configure router R1 Fa0/0 interface to trunk for VLAN 1, VLAN 10, and VLAN 20 with 802.1Q encapsulation. FC-CPE-1(config)#interface fa0/0 FC-CPE-1(config-if)#no shutdown FC-CPE-1(config-if)#interface fa0/0.1 FC-CPE-1(config-subif)#encapsulation dot1Q 1 FC-CPE-1(config-subif)#ip address 10.0.1.1 255.255.255.0 FC-CPE-1(config-subif)#exit FC-CPE-1(config)#interface fa0/0.10 FC-CPE-1(config-subif)#encapsulation dot1Q 10 FC-CPE-1(config-subif)#ip address 10.0.10.1 255.255.255.0 FC-CPE-1(config-subif)#exit FC-CPE-1(config)#interface fa0/0.20 FC-CPE-1(config-subif)#encapsulation dot1Q 20 FC-CPE-1(config-subif)#ip address 10.0.20.1 255.255.255.0 FC-CPE-1(config-subif)#end FC-CPE-1# b. On the router, issue the command show vlans. What information is displayed? _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
Page 12 of 20

_____________________________________________________________________________ _____________________________________________________________________________ The 802.1Q trunk subinterfaces, the address configured and the number of packet transmitted and received FC-CPE-1#show vlans Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: FastEthernet0/0.1
This is configured as native Vlan for the following interface(s) : FastEthernet0/0 Protocols Configured: IP Other Address: 10.0.1.1 Received: 21 0 Transmitted: 43 138
396 packets, 67954 bytes input 181 packets, 51149 bytes output Virtual LAN ID: 10 (IEEE 802.1Q Encapsulation) FastEthernet0/0.10 Address: 10.0.10.1 Received: 94 0 Transmitted: 25 12
vLAN Trunk Interface: Protocols Configured: IP Other
94 packets, 15324 bytes input 37 packets, 3414 bytes output Virtual LAN ID: 20 (IEEE 802.1Q Encapsulation) FastEthernet0/0.20 Address: 10.0.20.1 Received: 9781 0 113 14
vLAN Trunk Interface: Protocols Configured: Transmitted: IP Other
9781 packets, 939660 bytes input 127 packets, 9617 bytes output c. From switch S1, issue the command show interfaces trunk. What interface on switch S1 is in trunking mode? __________________________________ Fa0/1 Which VLANs are allowed and active in the management domain? ______________________ 1, 10, 20 FC-ASW-1#show interfaces trunk Port Fa0/1 Port Fa0/1 Mode on Encapsulation 802.1q Status trunking Native vlan 1
Vlans allowed on trunk 1-4094

Page 13 of 20
Port Fa0/1 Port Fa0/1
Vlans allowed and active in management domain 1,10,20 Vlans in spanning tree forwarding state and not pruned 1,10,20
Step 4: Perform Test 2 to determine if the hosts can communicate between VLANs through the use of inter-vlan routing provide by a router
a. Issue the show running-config commands from the switch and verify all basic configuration settings. See output at end of lab. b. Ping from the switch to the router default gateway for VLAN 1. Was the ping successful? __________ Yes c. Telnet from the switch to the router. Where you successful? __________ Yes d. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2. Would you expect the ping to be successful? __________ Yes Why or why not? __________________________________________________________________ PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs but the router is routing packet between the two independent subnets. e. Telnet from PC1 to the switch and the router. Would you expect the Telnet to be successful? __________ Yes Why or why not? __________________________________________________________________ Physical and IP connectivity has been previously verified. As long as there are no VTY restrictions or ACLs in place, each PC should be able to telnet to either the switch using the VLAN1 IP address or to the router using any of the router subinterface addresses. f. Issue the show ip route command on the router to display the routing table. How many subnet routes are there? __________ 3 - All directly connected to the subinterfaces defined for Fa0/0. (10.0.1.0, 10.0.10.0 and 10.0.20.0) FC-CPE-1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 3 subnets 10.0.10.0 is directly connected, FastEthernet0/0.10 10.0.1.0 is directly connected, FastEthernet0/0.1 10.0.20.0 is directly connected, FastEthernet0/0.20
C C C
Page 14 of 20
CCNA Discovery Designing and Supporting Computer Networks Task 4: Reflection

Why is it important to develop a test plan and prototype network behavior? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Answer will vary but should include: A test plan provides a structured document to use for a testing and requires the tester to think carefully about how a network function is to be tested and evaluated. It helps to prove that expected results are real and that the network will perform as anticipated. It serves to document the results of the testing effort.
Page 15 of 20
APPENDIX
Sample Configurations
Catalyst 2960 Switch FC-ASW-1 with VLANs configured
FC-ASW-1#show running-config Building configuration... Current configuration : 2571 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname FC-ASW-1 ! enable secret 5 $1$p421$26.k4AK.iHLb7NhiDvAb6. enable password cisco ! no aaa new-model ip subnet-zero ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport access vlan 10 switchport mode access ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access ! interface FastEthernet0/5 switchport access vlan 10 switchport mode access ! interface FastEthernet0/6 switchport access vlan 10 switchport mode access

! interface FastEthernet0/7 switchport access vlan 10 switchport mode access ! interface FastEthernet0/8 switchport access vlan 10 switchport mode access ! interface FastEthernet0/9 switchport access vlan 10 switchport mode access ! interface FastEthernet0/10 switchport access vlan 10 switchport mode access ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport access vlan 20 switchport mode access ! interface FastEthernet0/14 switchport access vlan 20 switchport mode access ! interface FastEthernet0/15 switchport access vlan 20 switchport mode access ! interface FastEthernet0/16 switchport access vlan 20 switchport mode access ! interface FastEthernet0/17 switchport access vlan 20 switchport mode access ! interface FastEthernet0/18 switchport access vlan 20 switchport mode access ! interface FastEthernet0/19 switchport access vlan 20 switchport mode access ! interface FastEthernet0/20 switchport access vlan 20 switchport mode access !

interface FastEthernet0/21 switchport access vlan 20 switchport mode access ! interface FastEthernet0/22 switchport access vlan 20 switchport mode access ! interface FastEthernet0/23 switchport access vlan 20 switchport mode access ! interface FastEthernet0/24 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.2 255.255.255.0 no ip route-cache ! ip default-gateway 10.0.1.1 ip http server ! control-plane ! ! line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 password cisco login ! end FC-ASW-1#
Page 18 of 20
Cisco 1841 Router FC-CPE-1 with VLANs configured
FC-CPE-1#show running-config Building configuration... Current configuration : 1371 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FC-CPE-1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$HGWn$CICdaWyXJ6reegr1jmnIt0 enable password cisco ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! ! no ip domain lookup ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 10.0.1.1 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/0.10 encapsulation dot1Q 10 ip address 10.0.10.1 255.255.255.0 no snmp trap link-status

! interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 10.0.20.1 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Serial0/1/0 no ip address shutdown no fair-queue clock rate 125000 ! interface Serial0/1/1 no ip address shutdown clock rate 125000 ! interface Vlan1 no ip address ! ip classless ! ip http server ! ! control-plane ! ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! end FC-CPE-1#
Page 20 of 20
LAN Design Test Plan

Instructor note: In this exercise, the students create a test plan which they will use later in the chapter to test the functionality of the network design they created in Chapters 5 and 6. The format used for this exercise is similar to the format used by the Cisco Customer Proof-of-Concept Lab. Discuss with the students why a detailed test plan is necessary to ensure that the test goes as expected and that the results are valid. Explain that in the business world, customers often want to see something work before they decide to purchase it. Proof-of-concept tests protect both the contractor and the customer by demonstrating that the proposed design meets the customer requirements, before the contractor orders and installs the equipment.
Start Date Network Build (Setup) Testing Date
End Date
Table of Contents
Attendees ................................................................................................................................................3 Introduction .............................................................................................................................................4 Equipment ...............................................................................................................................................5 Design and Topology Diagram ..............................................................................................................6 Design and Topology Diagram ..............................................................................................................6 Test 1. Description: Basic Connectivity Test .......................................................................................8 Test 1. Procedures..................................................................................................................................8 Test 1. Expected Results and Success Criteria ...................................................................................9 Test 1. Results and Conclusions...........................................................................................................9 Test 2. Description: VLAN Configuration Test...................................................................................10 Test 2. Procedures................................................................................................................................10 Test 2. Expected Results and Success Criteria .................................................................................11 Test 2. Results and Conclusions.........................................................................................................11 Test 3. Description: VLAN Routing Test.............................................................................................12 Test 3. Procedures................................................................................................................................12 Test 3. Expected Results and Success Criteria .................................................................................13 Test 3. Results and Conclusions.........................................................................................................13 Appendix ...............................................................................................................................................14
Page 2 of 14
Attendees
Name Company FilmCompany FilmCompany NetworkingCompany NetworkingCompany NetworkingCompany Position IT Manager Business Manager Account Manager Network Designer System Engineer
Instructor note: Students can enter their own names in the roles they choose or make up names for the attendees.
Page 3 of 14
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run. Instructor note: Example answers to this section are: To verify the FilmCompany LAN Design. To test the switch and router configurations proposed for the FilmCompany network. To ensure that the design functions as expected. Purpose of this test: _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Instructor note: These tests are given to the student at a very high level. Later in this lab, the students are expected to record the detailed steps to perform the test. Test 1 is given as an example. Tests to run: Test 1: Basic Connectivity Test Verify physical and IP connectivity between devices on the prototype network. Document operation.
Test 2: VLAN Configuration Test Demonstrate multiple VLANs and port security. Verify that members of the same VLAN can communicate successfully and that members of different VLANs are not able to communicate successfully. Demonstrate 802.1q trunk links between devices. Verify STP to ensure that S1 becomes the root bridge. Document operation.
Test 3: VLAN Routing Test Demonstrate routing of traffic between separate VLANs, unrestricted. Demonstrate routing of traffic between separate VLANs, with restrictions. Document operation.
Page 4 of 14
Equipment
INSTRUCTIONS: List all of the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Additional options or software required none none IOS Software Rev. 12.2 or above 12.2 or above
Qty. Rqd 3 1
Model 2960 Layer 2 switch 1841 router
Personal computer end devices
FastEthernet NIC
Substitute Any 2950 or 2960 model switch Any multilayer switch or router with minimum 2 FastEthernet ports At least one PC and any other IP end device (camera, printer, etc.)
none
Windows, MAC, or Linux operating system

n/a
6 6
Cat 5 or above straight- none through patch cables
Cat 5 or above crossover patch cables
none
none
n/a
Instructor note: Based on the topology of the proposed FilmCompany LAN created at the end of Chapter 5, students fill in the equipment necessary to perform the prototype tests. If the physical lab does not contain the exact models of equipment, assist the students in specifying the correct substitutes.
Page 5 of 14

INSTRUCTIONS: Place a copy of the prototype network topology in this section. This is the network as it should be built to be able to perform the required tests, including IP Addressing and VLAN information. If this topology duplicates a section of the actual network, include a reference topology showing the location within the existing or planned network. Initial configurations for each device must be included in the Appendix. Instructor Note: This is the topology diagram for the FilmCompany LAN that was created at the end of lab 5.2.4.2. Students will draw or copy their topology here.
Figure 1: Topology - Prototype test topology.
Page 6 of 14
IP Address Plan Instructor note: The students use the IP addresses that they designed in Chapter 6 Lab 6.2.5.4. Device Name Interface IP Address Subnet Mask
VLAN Plan Instructor note: Students create VLANs based on the requirements specified in the logical design created in Chapter 5 Lab 5.2.4.2. Switch VLAN Names and IDs IP Address Range Group
Additional Notes and Instructions: Instructor note: Students record any other information that they think might be useful to the technicians performing the tests. An example might be: This test must show that the new VLAN design segregates traffic as expected. INSTRUCTIONS: Add a description about this design here that is essential to provide a better understanding of the testing or to emphasize any aspect of the test network to the reader. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Page 7 of 14
INSTRUCTIONS: For each test to be performed state the goals of the test, the data to record during the test, and the estimated time required to perform the test. Test 1 is given as an example.
Test 1. Description: Basic Connectivity Test

Goals of Test: The goal of the baseline is to verify that the test topology is up and running with the proper protocols and features. Data to Record: Configurations Interface status Routing Tables CPU & Memory Ping Test Output
Estimated Time: 90 minutes total 60 minutes build 30 minutes test
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Build the topology according to the Design and Topology Diagram. Assign IP addresses according to the IP address plan. 2. Create a basic configuration on each device. Include applicable passwords, device names, default routes, default gateways, and activate interfaces. 3. Console into one of the devices in the topology and ping all of the other devices in the topology. Record any anomalies. 4. Telnet to each device in the configuration and verify that each is reachable. 5. Copy the output of the show running-config, show ip route, show processes cpu sorted, show interfaces, and the first few lines of show memory and paste into a document using a text editor such as Notepad. Repeat for all devices in the topology.
Page 8 of 14

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. An example of specific criteria is: "A requirement that ping response times cannot exceed 100 ms." 1. All networking devices are connected and accessible through Telnet. 2. Hosts can ping successfully to other hosts on the network.

Instructor note: Students do not fill out this section until the tests are actually run in the lab. INSTRUCTIONS: Record the results of the tests and the conclusions that can be drawn from the results.
Page 9 of 14
Test 2. Description: VLAN Configuration Test

Instructor note: Students must fill in the goal of the test. Sample goals: Test the configuration of VLANs and VTP. Test the creation of separate networks for the different groups at FilmCompany. Demonstrate that VLANs isolate traffic. Goals of Test:
Data to Record: VLAN Configurations STP Configuration CPU & Memory Ping Test Output
Estimated Time: 60 minutes total 30 minutes configure 30 minutes test
Test 2. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________

____________________________________________________________________________________ Instructor note: Students list the procedures. Depending on the student and the level of detail, they may use all of the lines, or not. Example answer is: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Console or telnet to each switch in the configuration. Create VLANs according to the VLAN plan. Create trunk links between switches. Configure a switch to be the root bridge. Start a log file. Record the output of the show commands. Configure both PCs with the appropriate IP addresses for one VLAN. Configure the ports attached to the PCs to be members of the same VLAN. Ping one PC from the other PC. Record the results. Configure the ports attached to the PCs to be members of different VLANs. Configure the PCs with the appropriate IP addresses for the VLANs. Ping one PC from the other PC. Record the results.
Student answers may vary slightly from the above list and may be in a different order. The exercise is to encourage students to think about all of the steps that they need to perform to verify the VLAN design. Planning installation tasks and estimating the effort necessary to accomplish them is critical to the success of the students when they leave the course.

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Instructor note: Example answers should be: VLANs exist on all of the switches. PCs in the same VLANs can communicate over the trunk links, PCs in different VLANs cannot.

INSTRUCTIONS: Record the results of the tests and the conclusions that can be drawn from the results. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Instructor note: Students fill out this section upon completion of the test lab.
Page 11 of 14

Instructor note: Students must fill in the goal of the test. Sample goals: Test the routing between VLANs. Test that the router is correctly configured to route between VLANs. Goals of Test:
Data to Record: Router Configuration IP Routing Table Information CPU & Memory Ping Test Output
Test 3. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Instructor note: Students list the procedures. Example answer is:

1. 2. 3. 4. 5. 6. Console or telnet to the router in the configuration. Create a trunk link between the router and the attached switch. Verify the operation of the trunk link. Configure the IP addresses on the router subinterfaces for the appropriate VLANs Configure the static routes to route between the VLANs. Start a log file. Record the output of the show running-configuration, show interfaces, and show ip route commands on the router. 7. Configure the ports attached to the PCs to be members of different VLANs. 8. Configure the PCs with the appropriate IP addresses for the VLANs. 9. Ping one PC from the other PC. Record the results. Student answers may vary slightly from the above list and may be in a different order. The exercise is to encourage students to think about all of the steps that they need to perform to verify the VLAN design. Planning installation tasks and estimating the effort necessary to accomplish them is critical to the success of the students when they leave the course.

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Instructor note: Example answers should be: Routes to the different VLANs are contained in the routing table of the router. PC in one VLAN can successfully ping a PC in another VLAN.

Page 13 of 14
Appendix
INSTRUCTIONS: Record the starting configurations, any modifications, log file or command output, and any other relevant documentation.
Page 14 of 14
Lab 7.2.2 Creating a Test Plan for the Campus Network (Instructor Version)
Instructor Note: This lab is part of a series of labs that includes 7.2.2, 7.2.5, and 7.2.6. In this series the students create a test plan to verify the FilmCompany network design (7.2.2), and then execute the test plan (7.2.5), and finally analyze the results of the testing (7.2.6). Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of activity is done by a team of people, consisting of the account manager, network designer, systems engineers, and field engineers. If the students are working in a group to complete the lab, it is important for each one to be assigned a specific role (described in Chapter 2) and to provide input appropriate for the role.
Objective
Create a test plan for a prototype test.

This lab contains skills that relate to the following CCNA exam objectives: Interpret network diagrams. Determine the path between two hosts across a network. Select the components required to meet a network specification. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts. Perform and verify initial switch configuration tasks, including remote access management. Verify network status and switch operation using basic utilities (including: ping, traceroute, telnet, SSH, arp, ipconfig), and show and debug commands. Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q). Describe how VLANs create logically separate networks and the need for routing between them. Configure, verify, and troubleshoot VLANs. Configure, verify, and troubleshoot trunking on Cisco switches. Configure, verify, and troubleshoot inter-VLAN routing. Implement static and dynamic addressing services for hosts in a LAN environment. Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts. Access and use the router to set basic parameters, including CLI/SDM. Connect, configure, and verify operation status of a device interface. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH or other utilities.
Page 1 of 6

Perform and verify routing configuration tasks for a static or default route given specific routing requirements.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why do you think it is important to create a test plan before beginning a prototype test? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why do you think it is important to perform prototype tests before implementing a proposed design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: This lab takes the students through the steps required for creating a test plan to use to test the LAN design created in earlier chapters. Students are required to review the documentation that they have kept in their portfolios and use this information to prepare the test plan. This lab takes you through the steps required for creating a test plan to test the FilmCompany LAN design. To prepare for this lab, you will need information from the results of earlier labs that you saved in your portfolio. The required information can be found in these labs: The topology diagram created in Lab 5.2.4 The IP address spreadsheet created in Lab 6.2.5
Instructor note: Use the Instructor version of these labs (5.2.4 and 6.2.5) for the answer diagram and spreadsheet.
Task 1: Review the Supporting Documentation

Step 1: Refer to the proposed LAN Design Topology diagram created in Lab 5.2.4
a. Make a list of all the necessary equipment and cables required to build the LAN portion of the proposed network design. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________

Instructor note: Using the resulting diagram from 5.2.4, the student should identify 3 switches and 1 router. b. Make a list of all the VLANs required to implement the design. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ Instructor note: Current VLANs identified in Lab 5.2.4 include: General and Production.
Step 2: Review the proposed IP Address Allocation spreadsheet created in Lab 6.2.5
a. Determine the appropriate IP addressing for the devices identified in Step 1a. b. Determine an appropriate IP address range for each VLAN identified in Step 1b. Instructor note: Answers may vary slightly, depending on how the address allocation was made in the earlier lab.
Page 3 of 6
CCNA Discovery Designing and Supporting Computer Networks Task 2: Create the LAN Design Test Plan
The format used to create the test plans may vary. The format used for this and subsequent labs is similar to the document used by the Cisco Customer Proof-of-Concept Labs. It is divided into sections to make it easier to read and understand. The test plan is a formal document that can be included in a proposal. It verifies that the design functions as expected. Many times, customer representatives are invited to view the prototype tests. In these cases, the customer can review the design and see for themselves that the network meets the requirements.
Step 1: Review the contents of the test plan document

Download and review the LAN Design Test Plan. Record a description of each section and what types of information each section requires you to enter. Introduction: ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Equipment: ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Design and Topology: ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Test Description: ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Test Procedures: ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Test Expected Results and Success Criteria: ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Test Results and Conclusions: ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________

Appendix: ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Instructor note: Students answers should be similar to: Introduction: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run. Equipment: List all the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Design and Topology: Place a copy of the prototype network topology in this section. This is the network as it should be built to be able to perform the required tests, including IP Addressing and VLAN information. Test Description: For each test to be performed, state the goals of the test, the data to record during the test, and the estimated length of time to perform the test. Test Procedures: Itemize the procedures to follow to perform the test. Test Expected Results and Success Criteria: List all the expected results. List all specific criteria that must be met for the test to be considered a success. Test Results and Conclusions: Record the results of the tests and the conclusions that can be drawn from the results. Appendix: Contains copies of the device configuration files and other relevant command output.
Step 2: Complete the Introduction section of the test plan

In this example test plan, much of the information has already been entered for you. a. Enter the purpose of the test. b. Think about why you want to test the LAN portion of the design. c. Enter what functions of the LAN design you intend to test.
Three tests are entered for you to use with this test plan. Test 1: Basic Connectivity Test 2: VLAN Configuration Test 3: VLAN Routing.
Step 3: Complete the Equipment Section of the test plan

a. Using the information you recorded in Task 1, Step 1a, fill in the chart in the equipment section. List all network devices and cables. Two personal computers are already listed to assist in the testing of the design. b. If your school lab does not include the required equipment for the design, discuss possible substitute models with your instructor. Instructor note: Assist the students in determining if there are appropriate substitutes for the 1841 router and 2960 switches specified in the FilmCompany design. Most any switch that supports VLANs from a can be used but should at least be a 29xx model. Command syntax may vary, depending on switch model used. Most any router that supports 802.1Q VLANs and has a Fast Ethernet interface can be used.
Step 4: Complete the Design and Topology Section of the test plan
a. Copy the LAN topology from the diagram created previously in Lab 5.2.4
Page 5 of 6

b. Enter the IP addressing information recorded in Task 1, Step 2a, in the IP Address Plan chart. c. Enter the VLAN names and IDs recorded in Task 1, Steps 1b and 2b, in the VLAN plan.
d. Enter any additional information that you want the technician performing the test to be aware of before the test begins.
Step 5: Complete the Test Description, Procedures, and Expected Results sections of the test plan
a. In the Test Description section, enter the goals for each of the three tests that you plan to perform. Test 1 is completed as an example of how to fill in the information. b. In the Test Procedures section, enter the steps that are necessary to perform each planned test. c. In the Expected Results and Success Criteria section, enter what you expect the results to be if all the steps in the Test Procedures section are followed correctly. Determine what results need to be observed for the test to be considered a success.
Step 6: Save the LAN Design Test Plan in your portfolio

NOTE: Do not complete the Test Results and Conclusions section or the Appendix section. These will be completed in a later lab.
Page 6 of 6
Lab 7.2.5 Testing the FilmCompany Network (Instructor Version)

Instructor Note: This lab is part of a series of labs that includes 7.2.2, 7.2.5, and 7.2.6. In this series the students create a test plan to verify the FilmCompany network design (7.2.2), and then execute the test plan (7.2.5), and finally analyze the results of the testing (7.2.6). Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of testing is usually done by a team of individuals, not a single designer. These activities can be done by groups of students, with each one given specific duties: one student is the field engineer who sets up the physical equipment and makes sure that all Layer 1 and 2 connectivity is correct; one student is the systems engineer, who configures all the designed Layer 3 functionality and performs the ping and Telnet testing; and another student is the network designer, who records and verifies all of the output from the show commands and directs the other students. All three students then collaborate on the results and conclusions. *** See lab/test setup notes, device configs and sample show outputs at end of lab
Objective
Use a test plan to test the design of a LAN.

This lab contains skills that relate to the following CCNA exam objectives: Interpret network diagrams. Determine the path between two hosts across a network. Select the components required to meet a network specification. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts. Perform and verify initial switch configuration tasks, including remote access management. Verify network status and switch operation using basic utilities (including: ping, traceroute, telnet, SSH, arp, ipconfig), and show and debug commands. Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q). Describe how VLANs create logically separate networks and the need for routing between them. Configure, verify, and troubleshoot VLANs. Configure, verify, and troubleshoot trunking on Cisco switches. Configure, verify, and troubleshoot inter-VLAN routing. Implement static and dynamic addressing services for hosts in a LAN environment. Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts. Access and use the router to set basic parameters, including CLI/SDM. Connect, configure, and verify operation status of a device interface.
Page 1 of 20

Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH or other utilities. Perform and verify routing configuration tasks for a static or default route given specific routing requirements.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How do you think having a test plan will help you test the design of the network using a prototype? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: The students will use the test plan they created in Lab 7.2.2 to build and test a prototype of the FilmCompany network. Refer to the Instructor Version of Lab 7.2.2 for the steps that the students will perform during each of the three tests. Network designers build and test prototype networks to ensure that the elements they have included in their designs work as expected and meet the objectives of their customers. Using a test plan is one way to organize the testing and ensure that all of the design elements are tested in a way that is appropriate. Using the test plan that you completed in Lab 7.2.2, you will perform the following tests: Test 1: Baseline Connectivity Test Verify physical and IP connectivity between devices on the prototype network. Document operation.
Test 2: VLAN Configuration Test Demonstrate multiple VLANs, vty, and port security. Verify that members of the same VLAN can communicate successfully and that members of different VLANs are not able to communicate successfully. Demonstrate 802.1q trunk links between devices. Verify STP to ensure that S1 becomes the root bridge. Document operation.
Test 3: VLAN Routing Test Demonstrate routing of traffic between separate VLANs, unrestricted. Demonstrate routing of traffic between separate VLANs, with restrictions.
Page 2 of 20

Document operation.
Task 1: Perform Test 1: Basic Connectivity Test

Step 1: Build the prototype network
Instructor Notes: This lab uses the topology diagram and device names from the instructor version of Lab 5.2.4. This includes 3 switches in a full-mesh, two of which have PCs attached, and a router on a stick. Most any switch that supports VLANs from a can be used but should at least be a 29xx model. Command syntax may vary, depending on switch model used. The router should have at least 1 Fast Ethernet interface capable of 802.1Q to support inter-VLAN routing. Two PCs are used for testing. PC1 (192.168.3.2/26) is attached to FC-ASW-1, port 11. PC2 (192.168.1.130/25) is attached to ProductionSW, port 22.
a. Select the necessary equipment and cables as specified in the Equipment section of the test plan. See your instructor for assistance in identifying the appropriate equipment. b. Using the topology diagram and IP address plan contained in the Design and Topology Diagram section of the test plan, connect and configure the prototype network. c. Following the procedures in the Test 1: Procedures section, console into one of the devices and verify that you can ping all of the other device addresses. If you are unsuccessful, verify each device configuration. Repeat the connectivity testing.
d. Copy and paste the initial device configurations into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
Step 2: Verify the functionality of the prototype network

a. Following the procedures in the Test 1: Procedures, execute the various commands and record the results of the testing. b. Copy and paste the output of the various commands into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
Step 3: Record the test results in the Results and Conclusions section of the test plan
a. Compare the results that you observed during the testing with the expected results listed in the Test 1: Expected Results and Success Criteria section. b. Determine if the testing indicates that the network meets the success criteria. If it does, indicate that the test is successful.
Page 3 of 20
CCNA Discovery Designing and Supporting Computer Networks Task 2: Perform Test 2: VLAN Configuration Test
Step 1: Configure the prototype network
Instructor Notes: The prototype uses 2 PCs. PC1 is on one VLAN and PC2 is on another. If resources and time are available, configuring more VLANs of two or three PCs each will provide a more comprehensive demonstration, however conducting the test with two PCs and two VLANS is sufficient to achieve the goals of the test. If it works with two PCs and two VLANs is it will work with more PCs and more VLANs, unless configuration errors are introduced. This lab uses the topology diagram and device names from the instructor version of Lab 5.2.4. It uses the following VLAN and IP address ranges from the IP addressing plan in the instructor version of Lab 6.2.5. General VLAN 11 (192.168.3.0/26) Production VLAN 22 (192.168.3.0/26) Default VLAN 1 (192.168.3.208/28)
a. Follow the steps you created in the Test 2: Procedures section of the test plan to configure the VLANs on the prototype network. b. Using the VLAN plan specified in the Design and Topology Diagram section of the test plan, configure the switches with the appropriate VLANs. c. Configure the links between the switches as trunk links and permit all VLANs across the trunks.
d. Configure one switch to be the root bridge. e. Configure port security on the ports attached to the two PCs to only accept one MAC address. f. Copy and paste the initial device configurations into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
Step 2: Verify the VLAN configuration design

a. Configure the port that connects to PC1 to be in one VLAN, and the port that connects to PC2 to be in a different VLAN. b. Following the procedures in the Test 2: Procedures, configure each PC with an IP address that is correct for the VLAN they are assigned, using the IP addresses from the IP Address Plan in the Design and Topology Diagram section of the test plan. c. Execute the various show commands to verify that the VLANs and STP are operating as expected. Copy and paste the results of the commands into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
d. Attempt a ping from PC1 to PC2 to verify that the VLANs are successfully isolating traffic between the two PCs. e. Record the results in the Test 2: Results and Conclusions section of the test plan.
Page 4 of 20
CCNA Discovery Designing and Supporting Computer Networks Task 3: Perform Test 3: VLAN Routing Test
Step 1: Configure the prototype network
a. Follow the steps you created in the Test 3: Procedures section of the test plan to configure the router to route between VLANs. b. Using the topology diagram shown in the Design and Topology Diagram section of the test plan, configure the appropriate router to route between the VLANs created in Task 2. c. Following the steps you listed in the Test 3: Procedures section, console into the switch that is directly connected to the router. Configure the link between the switch and the router as an 802.1q trunk link and permit all VLANs across the trunk.
d. Console into the router and configure the router interface directly connected to the switch for 802.1q encapsulation. e. Configure the router with the appropriate IP addresses for the various VLANs. Verify that the routes appear correctly in the routing table. f. Copy and paste the initial device configurations into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.
Step 2: Verify the VLAN routing design

a. Verify that the PCs are configured to be in different VLANs and that the IP address configuration on the PCs is correct. Configure the IP addresses assigned to the router, in Step 1e, as the default gateway addresses for the PCs. Verify that the default gateway addresses are on the same networks as the addresses assigned to the PCs. b. Following the procedures in the Test 3: Procedures, ping from PC1 to PC2. Copy and paste the results into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan. c. Execute the various show commands to verify that the routing is correct.
d. Record the results in the Test 3: Results and Conclusions section of the test plan.
Step 4: Reflection
Was the prototype testing of the FilmCompany LAN design successful? Did having a test plan to work from help you organize your testing? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 5 of 20
Device Configs, Instructor Notes and Selected Verification Command Output:

This lab uses the topology diagram and device names from the instructor version of Lab 5.2.4. It uses the following VLAN and IP address ranges from the IP addressing plan in the instructor version of Lab 6.2.5. General VLAN 11 (192.168.3.0/26) Production VLAN 22 (192.168.3.0/26) Default VLAN 1 (192.168.3.208/28) Two PCs are used for testing. PC1 (192.168.3.2/26) is attached to FC-ASW-1, port 11 (VLAN 11). PC2 (192.168.1.130/25) is attached to ProductionSW, port 22 (VLAN 22). Port security was applied to the switches and interfaces that these two PCs were attached to. Switch Ports Fa0/1-0/3 on all switches are reserved as trunk ports Switch Port Fa0/4 (and Gi0/1 and Gi0/2) on all switches are in VLAN 1 Switch Ports Fa0/5-0/11 on all switches are in VLAN 11 Switch Ports Fa0/12-0/24 on all switches are in VLAN 22 Switch FC-ASW-1 Fa0/1 is connected to router BR4 Fa0/0. Switch FC-ASW-1 Fa0/2 is connected to FC-ASW-2 Fa0/2. Switch FC-ASW-1 Fa0/3 is connected to ProductionSW Fa0/3. Switch FC-ASW-2 Fa0/1 is connected to ProductionSW Fa0/2.
*** Refer to following output for show vlan brief and show spanning tree for each switch
Router BR4 1841 IOS 12.4

BR4#sh running-config Building configuration... Current configuration : 1274 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname BR4 ! boot-start-marker boot-end-marker ! enable secret 5 $1$KJqG$A91oxzidHUVvocaZ.pObP. enable password cisco ! no aaa new-model ip cef ! no ip domain lookup ! interface FastEthernet0/0
Page 6 of 20

no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 192.168.3.209 255.255.255.240 ! interface FastEthernet0/0.11 encapsulation dot1Q 11 ip address 192.168.3.1 255.255.255.192 ! interface FastEthernet0/0.22 encapsulation dot1Q 22 ip address 192.168.1.129 255.255.255.128 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address ! ! ! ip http server no ip http secure-server ! banner motd ^CUnautorized Use Prohibited^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login

! scheduler allocate 20000 1000 end BR4#
PINGS FROM BR4 to all three switches (VLAN 1), PC1 (VLAN 11) and PC2 (VLAN 22)
Ping switch FC-ASW-1 BR4#ping 192.168.3.210 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.210, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms BR4# Ping switch FC-ASW-2 BR4#ping 192.168.3.211 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.211, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms BR4# Ping switch ProductionSW BR4#ping 192.168.3.212 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.212, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms BR4# Ping switch Host PC1 (FC-ASW-1, VLAN 11) BR4#ping 192.168.3.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms BR4# Ping switch Host PC2 (ProductionSW, VLAN 22) BR4# BR4#ping 192.168.1.130 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.130, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms BR4# BR4#
Switch FC-ASW-1 2960 IOS 12.2

FC-ASW-1#sh running-config Building configuration... Current configuration : 2614 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname FC-ASW-1 ! enable secret 5 $1$3L5M$0BhB0bowM6lL..p7pw9ZD1 enable password cisco ! no aaa new-model ip subnet-zero ! no ip domain-lookup ! ! ! no file verify auto ! spanning-tree mode pvst spanning-tree extend system-id spanning-tree vlan 1 priority 4096 ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport mode trunk ! interface FastEthernet0/4 switchport mode access ! interface FastEthernet0/5 switchport access vlan 11 switchport mode access ! interface FastEthernet0/6 switchport access vlan 11 switchport mode access ! interface FastEthernet0/7 switchport access vlan 11 switchport mode access ! interface FastEthernet0/8

switchport access vlan 11 switchport mode access ! interface FastEthernet0/9 switchport access vlan 11 switchport mode access ! interface FastEthernet0/10 switchport access vlan 11 switchport mode access ! interface FastEthernet0/11 switchport access vlan 11 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 000b.db04.a5cd ! interface FastEthernet0/12 switchport access vlan 22 switchport mode access ! interface FastEthernet0/13 switchport access vlan 22 switchport mode access ! interface FastEthernet0/14 switchport access vlan 22 switchport mode access ! interface FastEthernet0/15 switchport access vlan 22 switchport mode access ! interface FastEthernet0/16 switchport access vlan 22 switchport mode access ! interface FastEthernet0/17 switchport access vlan 22 switchport mode access ! interface FastEthernet0/18 switchport access vlan 22 switchport mode access ! interface FastEthernet0/19 switchport access vlan 22 switchport mode access ! interface FastEthernet0/20 switchport access vlan 22 switchport mode access ! interface FastEthernet0/21 switchport access vlan 22 switchport mode access

! interface FastEthernet0/22 switchport access vlan 22 switchport mode access ! interface FastEthernet0/23 switchport access vlan 22 switchport mode access ! interface FastEthernet0/24 switchport access vlan 22 switchport mode access ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.3.210 255.255.255.240 no ip route-cache ! ip http server ! control-plane ! banner motd ^CUnautorized Use Prohibited^C ! line con 0 line vty 5 15 ! end FC-ASW-1#
FC-ASW-1#sh vlan brief VLAN ---1 11 22 Name -------------------------------default General Production Status --------active active active Ports ------------------------------Fa0/4, Gi0/1, Gi0/2 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24
1002 1003 1004 1005
fddi-default token-ring-default fddinet-default trnet-default
act/unsup act/unsup act/unsup act/unsup
FC-ASW-1#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee


Root ID Priority 4097 Address 001d.4635.0c80 This bridge is the root Hello Time 2 sec Max Age 20 sec
Forward Delay 15 sec
Bridge ID
Priority 4097 (priority 4096 sys-id-ext 1) Address 001d.4635.0c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Desg Sts --FWD FWD FWD Cost --------19 19 19 Prio.Nbr -------128.1 128.2 128.3 Type -------------------------------P2p P2p P2p
Interface ---------------Fa0/1 Fa0/2 Fa0/3
VLAN0011 Spanning tree enabled protocol ieee Root ID Priority 32779 Address 001c.f9bb.7000 Cost 19 Port 3 (FastEthernet0/3) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32779 (priority 32768 sys-id-ext 11) Address 001d.4635.0c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Root Desg Sts --FWD FWD FWD FWD Cost --------19 19 19 19 Prio.Nbr -------128.1 128.2 128.3 128.11 Type -------------------------------P2p P2p P2p P2p
Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/11
Priority 32790 (priority 32768 sys-id-ext 22) Address 001d.4635.0c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Root Sts --FWD FWD FWD Cost --------19 19 19 Prio.Nbr -------128.1 128.2 128.3 Type -------------------------------P2p P2p P2p
Interface ---------------Fa0/1 Fa0/2 Fa0/3
Page 12 of 20
CCNA Discovery Designing and Supporting Computer Networks Switch FC-ASW-2 2960 IOS 12.2
FC-ASW-2#sh run Building configuration... Current configuration : 2538 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname FC-ASW-2 ! enable secret 5 $1$P1ZY$A.BvHzZ6AXIgDxzuQvmEm0 enable password cisco ! no aaa new-model ip subnet-zero ! no ip domain-lookup ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 ! interface FastEthernet0/4 switchport mode access ! interface FastEthernet0/5 switchport access vlan 11 switchport mode access ! interface FastEthernet0/6 switchport access vlan 11 switchport mode access ! interface FastEthernet0/7 switchport access vlan 11 switchport mode access ! interface FastEthernet0/8 switchport access vlan 11
Page 13 of 20

switchport mode access ! interface FastEthernet0/9 switchport access vlan 11 switchport mode access ! interface FastEthernet0/10 switchport access vlan 11 switchport mode access ! interface FastEthernet0/11 switchport access vlan 11 switchport mode access ! interface FastEthernet0/12 switchport access vlan 22 switchport mode access ! interface FastEthernet0/13 switchport access vlan 22 switchport mode access ! interface FastEthernet0/14 switchport access vlan 22 switchport mode access ! interface FastEthernet0/15 switchport access vlan 22 switchport mode access ! interface FastEthernet0/16 switchport access vlan 22 switchport mode access ! interface FastEthernet0/17 switchport access vlan 22 switchport mode access ! interface FastEthernet0/18 switchport access vlan 22 switchport mode access ! interface FastEthernet0/19 switchport access vlan 22 switchport mode access ! interface FastEthernet0/20 switchport access vlan 22 switchport mode access ! interface FastEthernet0/21 switchport access vlan 22 switchport mode access ! interface FastEthernet0/22 switchport access vlan 22 switchport mode access

! interface FastEthernet0/23 switchport access vlan 22 switchport mode access ! interface FastEthernet0/24 switchport access vlan 22 switchport mode access ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.3.211 255.255.255.240 no ip route-cache ! ip default-gateway 192.168.3.209 ip http server ! control-plane ! banner motd ^CUnautorized Use Prohibited^C ! line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 password cisco login ! end FC-ASW-2#
FC-ASW-2#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 4097 Address 001d.4635.0c80 Cost 19 Port 2 (FastEthernet0/2) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32769 (priority 32768 sys-id-ext 1) Address 001d.4662.7b00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300
Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/1 Altn BLK 19 128.1 P2p

Fa0/2 Root FWD 19 128.2 P2p
Priority 32779 (priority 32768 sys-id-ext 11) Address 001d.4662.7b00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Root Altn Sts --FWD BLK Cost --------19 19 Prio.Nbr -------128.1 128.2 Type -------------------------------P2p P2p
Interface ---------------Fa0/1 Fa0/2
Priority 32790 (priority 32768 sys-id-ext 22) Address 001d.4662.7b00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Root Altn Sts --FWD BLK Cost --------19 19 Prio.Nbr -------128.1 128.2 Type -------------------------------P2p P2p
Interface ---------------Fa0/1 Fa0/2 FC-ASW-2#
Switch ProductionSW 2960 IOS 12.2

ProductionSW#sh running-config Building configuration... Current configuration : 2673 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime

no service password-encryption ! hostname ProductionSW ! enable secret 5 $1$b6Cx$bWzOZDp9G7FuCHJcrI7pU. enable password cisco ! no aaa new-model ip subnet-zero ! no ip domain-lookup ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport mode trunk ! interface FastEthernet0/4 switchport mode access ! interface FastEthernet0/5 switchport access vlan 11 switchport mode access ! interface FastEthernet0/6 switchport access vlan 11 switchport mode access ! interface FastEthernet0/7 switchport access vlan 11 switchport mode access ! interface FastEthernet0/8 switchport access vlan 11 switchport mode access ! interface FastEthernet0/9 switchport access vlan 11 switchport mode access ! interface FastEthernet0/10 switchport access vlan 11 switchport mode access ! interface FastEthernet0/11 switchport access vlan 11

switchport mode access ! interface FastEthernet0/12 switchport access vlan 22 switchport mode access ! interface FastEthernet0/13 switchport access vlan 22 switchport mode access ! interface FastEthernet0/14 switchport access vlan 22 switchport mode access ! interface FastEthernet0/15 switchport access vlan 22 switchport mode access ! interface FastEthernet0/16 switchport access vlan 22 switchport mode access ! interface FastEthernet0/17 switchport access vlan 22 switchport mode access ! interface FastEthernet0/18 switchport access vlan 22 switchport mode access ! interface FastEthernet0/19 switchport access vlan 22 switchport mode access ! interface FastEthernet0/20 switchport access vlan 22 switchport mode access ! interface FastEthernet0/21 switchport access vlan 22 switchport mode access ! interface FastEthernet0/22 switchport access vlan 22 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 0007.e963.ce53 ! interface FastEthernet0/23 switchport access vlan 22 switchport mode access ! interface FastEthernet0/24 switchport access vlan 22 switchport mode access !

interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.3.212 255.255.255.240 no ip route-cache ! ip default-gateway 192.168.3.209 ip http server ! control-plane ! banner motd ^CUnautorized Use Prohibited^C ! line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 password cisco login ! end ProductionSW#
ProductionSW#sh spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 4097 Address 001d.4635.0c80 Cost 19 Port 3 (FastEthernet0/3) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32769 (priority 32768 sys-id-ext 1) Address 001c.f9bb.7000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Root Sts --FWD FWD Cost --------19 19 Prio.Nbr -------128.2 128.3 Type -------------------------------P2p P2p
Interface ---------------Fa0/2 Fa0/3
VLAN0011 Spanning tree enabled protocol ieee Root ID Priority 32779 Address 001c.f9bb.7000 This bridge is the root Hello Time 2 sec Max Age 20 sec

Page 19 of 20
Bridge ID
Priority 32779 (priority 32768 sys-id-ext 11) Address 001c.f9bb.7000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio.Nbr -------128.2 128.3 Type -------------------------------P2p P2p
Interface ---------------Fa0/2 Fa0/3
VLAN0022 Spanning tree enabled protocol ieee Root ID Priority 32790 Address 001c.f9bb.7000 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID
Priority 32790 (priority 32768 sys-id-ext 22) Address 001c.f9bb.7000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Desg Sts --FWD FWD FWD Cost --------19 19 19 Prio.Nbr -------128.2 128.3 128.22 Type -------------------------------P2p P2p P2p
Interface ---------------Fa0/2 Fa0/3 Fa0/22 ProductionSW# ProductionSW#
Page 20 of 20
Lab 7.2.6 Analyzing Results of Prototype Tests (Instructor Version)

Instructor Note: This lab is part of a series of labs that includes 7.2.2, 7.2.5, and 7.2.6. In this series the students create a test plan to verify the FilmCompany network design (7.2.2), and then execute the test plan (7.2.5), and finally analyze the results of the testing (7.2.6). Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. To complete this lab, students may work in groups to compare their observations of the tests and to make recommendations for alternate design elements to improve the design.
Objective
Analyze a network design and the results of a prototype test to determine if weaknesses exist in the proposed design.

This lab contains skills that relate to the following CCNA exam objectives: Interpret network diagrams. Identify and correct common network problems at Layers 1, 2, 3, and 7 using a layered model approach.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why do you think it is important to identify any weaknesses or risks contained in a proposed network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: The students will use the test plan they created in Lab 7.2.2 and the results of the testing from Lab 7.2.5 to identify any weaknesses in the LAN design. Network designs often have weaknesses or areas of risk because the designer must work within constraints applied by the customer. These weaknesses can include obvious risks, such as no firewall or security filtering,
Page 1 of 4

or can be harder to identify. Using the results and conclusions of the Test Plan you finished in Lab 7.2.5, determine if there are areas where risk exists in your proposed design.
Step 1: Identify if weaknesses are present in the design

Is the design able to scale to meet the growth, or do budget constraints limit the types of hardware and infrastructure that can be included? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Answers will vary, but in general, the design is scalable. The prototype uses multiple switches and redundant links. Do the IP addressing and VLAN configurations allow for the proposed growth? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Answers will vary. The IP addressing employs a private scheme making use of a 192.168.0.0/22 address space which provides ample room for growth. The 11 VLANs defined all allow for additional addresses to be added. Conducting the test with two PCs and two VLANS is sufficient to achieve the goals of the test. If it works with two PCs and two VLANs is it will work with more PCs and more VLANs, unless configuration errors are introduced. Can the selected hardware be upgraded easily without a major reconfiguration of the network? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Answers will vary. In general, yes. Stackable fixed configuration 2960 switches are used in the prototype. IOS software can be upgraded easily enough but hardware upgrades may not be an option. Expansion of port densities and use of different link speeds and media may present issues.
Can new Access Layer modules be integrated into the network without disrupting services to existing users? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Answers will vary. Yes. Additional switches can be added to increase the number of connections in the design with minimal disruption. Does the design provide for the smallest possible failure domains? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Yes, switches provide microsegmentation and VLANs contain broadcasts with the use of routers and subinterfaces. Are there multiple paths and redundant devices to protect against losing connectivity to important services? ______________________________________________________________________________________

______________________________________________________________________________________ ______________________________________________________________________________________ Answers will vary. Yes. Switches have redundant links to provide backup.
Step 2: Determine what the risks are of not correcting the weaknesses
If, in Step 1, you identify weaknesses in the proposed design, what risks do these weaknesses present to FilmCompany? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Answers will vary. Since stackable fixed configuration switches are used in the prototype, changes to port densities, media types or link speeds may present a problem. Other than adding more switches, expansion of port densities is not easily accomplished.
Step 3: Suggest ways that the design can be improved to reduce the risk
In what ways could the proposed design be improved to reduce the areas of risk? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ A higher-end chassis-based layer 3 switch could be implemented that can support multiple high-density port modules of differing speeds and media types. Having layer 3 routing built in avoids the router-on-a-stick design approach. On the other hand, having all modules in one chassis could present a problem as a single point of failure and possibly limit flexibility as to access device placement and increase cable run lengths.
Step 4: Document the weaknesses and risks on the test plan

In the Results and Conclusions section of the test plan, record any weaknesses, risks, and suggested improvements.
Step 5: Reflection
Why do you think it is important to identify weaknesses and risks in the proposed design before presenting it to the customer? What are some reasons that weaknesses cannot be corrected? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 3 of 4

It is important to identify weaknesses and risks in the proposed design before presenting it to the customer to ensure that the customer understands the limitations of the prototype and is not lead to have unrealistic expectation based on a prototype. It may not be possible to compensate for all weaknesses identified due to time, money or personnel constraints. Risks must be analyzed and balanced against these other variables.
Page 4 of 4
Server Farm Design Test Plan

End Date
Table of Contents
Attendees ................................................................................................................................................3 Introduction .............................................................................................................................................4 Equipment ...............................................................................................................................................5 Design and Topology Diagram ..............................................................................................................6 Test 1. Description: Basic Connectivity Test .......................................................................................9 Test 1. Procedures..................................................................................................................................9 Test 1. Expected Results and Success Criteria .................................................................................10 Test 1. Results and Conclusions.........................................................................................................10 Test 2. Description: VLAN Configuration Test...................................................................................11 Test 2. Procedures................................................................................................................................11 Test 2. Expected Results and Success Criteria .................................................................................12 Test 2. Results and Conclusions.........................................................................................................12 Test 3. Description: VLAN Routing Test.............................................................................................13 Test 3. Procedures................................................................................................................................13 Test 3. Expected Results and Success Criteria .................................................................................14 Test 3. Results and Conclusions.........................................................................................................14 Test 4. Description: ACL Filtering Test...............................................................................................15 Test 4. Procedures................................................................................................................................15 Test 4. Expected Results and Success Criteria .................................................................................16 Test 4. Results and Conclusions.........................................................................................................16 Appendix ...............................................................................................................................................17
Page 2 of 17
Attendees
Page 3 of 17
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run. Instructor note: Example answers to this section are: To verify the FilmCompany server farm Design. To test the switch and router configurations proposed for the FilmCompany server farm network. To ensure that the design functions as expected. Purpose of this test: _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Instructor note: These tests are given to the student at a very high level. Later in this lab, the students are expected to record the detailed steps to perform the test. Test 1 is given as an example. Tests to run: Test 1: Basic Connectivity Test Verify physical and IP connectivity between devices on the prototype network. Document operation.
Test 2: Server Farm Switch Configuration Test Demonstrate the VLAN and VTP configuration. Demonstrate that separate server VLANs prevent traffic from one server to access other servers in the network. Demonstrate 802.1q trunk links between Access Layer switches. Verify rapid per-VLAN Spanning Tree operation. Document operation.
Test 3: VLAN Routing Test Demonstrate routing of traffic between separate VLANs. Document operation.
Test 4: ACL Filtering Test Demonstrate filtering of traffic between separate VLANs. Document operation.
Page 4 of 17
Equipment
INSTRUCTIONS: List all of the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Additional options or software required none IOS Software Rev. 12.2 or above
Qty. Rqd 2
Model 1841 router
3 1 2
2960 Layer 2 switch Discovery Server Personal computer end devices Cat 5 or above straight-through patch cables Cat 5 or above crossover patch cables
none http and ftp server software FastEthernet NIC
Substitute Any router with two Ethernet or FastEthernet interfaces capable of running 802.1q protocol Any 2950 or 2960 model switch
12.2 or above
none
none
none
Windows, MAC, or Linux operating system n/a
none
none
n/a
Instructor note: Based on the topology diagram in lab 7.3.2, students will fill out the equipment required for the test.
Page 5 of 17

INSTRUCTIONS: Place a copy of the prototype network topology in this section. This is the network as it should be built to be able to perform the required tests, including IP Addressing and VLAN information. If this topology duplicates a section of the actual network, include a reference topology showing the location within the existing or planned network. Initial configurations for each device must be included in the Appendix.
Page 6 of 17
IP Address Plan Device Designation S1 S2 S3 R1 Simulated Internet Connection Router Interface VLAN1 VLAN1 VLAN1 Loopback0/0 IP Address 172.18.1.11/24 172.18.1.12/24 172.18.1.13/24 209.165.200.15/30 Default Gateway 172.18.1.1 172.18.1.1 172.18.1.1 Simulated Internet Address
Fa0/1 R2 Simulated Branch Router Fa0/0 Fa0/1.1 Fa0/1.10 Fa0/1.20 Fa0/1.30 PC1 Simulated Database Server PC2 Simulated File Server PC3 Discovery Server Fast Ethernet Fast Ethernet Fast Ethernet
172.18.4.1/28 172.18.4.2/28 172.18.1.1/24 172.18.10.1/27 172.18.20.1/27 172.17.0.1/16 172.18.10.21/27 172.18.20.22/27 172.17.1.1/16 172.18.10.1 172.18.20.1 172.17.0.1 Default Route: 172.18.4.1 to the Internet connection
VLAN Plan VLAN Name Management Backbone Database FileServers WebServers Default Switches to Configure All S1 All All All All IDs 1 4 10 20 30 99 IP Address Range 172.18.1.0/24 172.18.4.0/30 172.18.10.0/27 172.18.20.0/27 172.17.0.0/16 None Group IT Managers Routers Private Servers Internal-only Servers Web-accessible Servers Default VLAN for switchports and trunks
Additional Notes and Instructions: Instructor note: Students record any other information that they think might be useful to the technicians performing the tests. These might be things like: This test must show that the new VLAN design enables additional security measures to be put in place to regulate traffic.
Page 7 of 17

INSTRUCTIONS: Add a description about this design here that is essential to provide a better understanding of the testing or to emphasize any aspect of the test network to the reader. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Page 8 of 17
Test 1. Description: Basic Connectivity Test

Goals of Test: The goal of the baseline is to verify that the test topology is up and running with the proper protocols and features. Data to Record: Configurations Interface status Routing Tables CPU & Memory Ping Test Output
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Build the topology according to the Design and Topology Diagram. Assign IP addresses according to the IP Address Plan. 2. Create a basic configuration on each device. Include applicable passwords, device names, IP addresses, default routes, default gateways, and activate interfaces. 3. Console into one of the devices in the topology and ping all of the other routers and switches in the topology. Record any anomalies. 4. Telnet to each device in the configuration and verify that each is reachable. 5. Verify that Spanning Tree disables the redundant switched links. 6. Record the output of the show running-config, show spanning-tree, show interfaces, and the first few lines of show memory in a text file, using a text editor such as Notepad. Save the log file for later analysis. Repeat for all devices in the topology.
Page 9 of 17

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. An example of specific criteria is: "A requirement that ping response times cannot exceed 100 ms." 1. All networking devices are connected and accessible through Telnet. 2. Hosts can ping successfully to other hosts on the network.

Page 10 of 17
Test 2. Description: VLAN Configuration Test

Instructor note: Students must fill in the goal of the test. Sample goals: Goals of Test:
Data to Record: VLAN Configurations Show vlan output STP Configuration Show spanning-tree output Ping Test Output
Test 2. Procedures
Page 11 of 17

____________________________________________________________________________________ Instructor note: Students list the procedures using the information from Lab 7.3.2.4 Console to each switch in the configuration. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Configure the S1 switch to be the root bridge. Create VLANs according to the VLAN plan. Configure VTP so that switch S1 is the server and switches S2 and S3 are the clients. Verify the VTP operation using the show vlan command. Create 802.1q trunk links between switches. Exclude VLAN 4 from the trunk links. Configure the switch ports to belong to the appropriate VLAN according to the VLAN plan. Record the output of the show commands in a text file, using a text editing program such as Notepad. Configure each PC with the appropriate IP address shown in the table. Ping one PC from the other PC. Record the results. Disable an active trunk link between two of the switches and verify that connectivity is restored.
Student answers may vary slightly from the above list and may be in a different order. The exercise is to encourage students to think about all of the steps that they need to perform to verify the VLAN design. Planning installation tasks and estimating the effort necessary to accomplish them is critical to the success of the students when they leave the course.

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Instructor note: Example answers should be: VLANs exist on all of the switches. PCs in the same VLANs can communicate over the trunk links, PCs in different VLANs cannot.

Page 12 of 17

Instructor note: Students must fill in the goal of the test. Sample goals: Test the routing between VLANs. Test that the router is correctly configured to route between VLANs. Goals of Test:
Data to Record: Router Configuration IP Routing Table Information CPU & Memory Ping Test Output
Test 3. Procedures
Page 13 of 17

Instructor note: Students list the procedures. Example answer is: 1. 2. 3. 4. 5. 6. Console or telnet to the router in the configuration. Create an 802.1q trunk link between the router R2 and the attached switch S3. Verify the operation of the trunk link. Configure the IP addresses on the router subinterfaces for the appropriate VLANs. Configure the default route on router R2 to use the Fa0/1 interface on router R1. Record the output of the show running-configuration, show interfaces, and show ip route commands on the routers in a text file using a text editing program such as Notepad. 7. Configure static routes on router R1 for each of the VLAN networks to use the Fa0/0 interface on router R2. 8. Verify that the routing tables now contain routes to each VLAN. 9. Ping one PC from the other PC. Record the results. Student answers may vary slightly from the above list and may be in a different order. The exercise is to encourage students to think about all of the steps that they need to perform to verify the VLAN routing design. Planning installation tasks and estimating the effort necessary to accomplish them is critical to the success of the students when they leave the course.


Page 14 of 17
Test 4. Description: ACL Filtering Test

Instructor note: Students must fill in the goal of the test. Sample goals: Test the filtering of traffic between VLANs. Test the operation of the ACLs. Goals of Test:
Data to Record: ACL Configuration Show IP access-list output Ping Test Output
Test 4. Procedures
Page 15 of 17

Instructor note: Students list the procedures. Example answer is: 1. 2. 3. 4. Console or telnet to the R2 router. Create the appropriate access control lists to permit traffic according to the security policy. Apply the access control lists to the appropriate subinterface on R2 in the appropriate direction. Record the output of the show running-configuration, show ip interfaces, and show ip access commands on R2 in a text file, using a text editor such as Notepad. 5. Ping one PC from the other PC. Record the results. Student answers may vary slightly from the above list and may be in a different order. The exercise is to encourage students to think about all of the steps that they need to perform to verify the server farm ACL design. Planning installation tasks and estimating the effort necessary to accomplish them is critical to the success of the students when they leave the course.


Page 16 of 17
Appendix
Page 17 of 17
Lab 7.3.2 Creating a Server Farm Test Plan Instructor Version

Instructor Note: This lab is part of a series of labs that includes 7.3.2, 7.3.5, and 7.3.6. In this series the students create a test plan to verify the FilmCompany server farm design (7.3.2), and then execute the test plan (7.3.5) and finally, analyze the results of the testing (7.3.6). Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of activity is done by a team of people, consisting of the account manager, network designer, systems engineers, and field engineers. If the students are working in a group to complete the lab, it is important for each one to be assigned a specific role (described in Chapter 2) and to provide input appropriate for the role.
Page 1 of 5
CCNA Discovery Designing and Supporting Computer Networks IP Address Plan

Device Designation S1 S2 S3 R1 Simulated Internet Router R2 Simulated Branch Router Interface VLAN1 VLAN1 VLAN1 Fa0/0 Fa0/1 Fa0/0 Fa0/1.1 Fa0/1.10 Fa0/1.20 Fa0/1.30 Fast Ethernet Fast Ethernet Fast Ethernet IP Address 172.18.1.11/24 172.18.1.12/24 172.18.1.13/24 209.165.200.15/30 172.18.4.1/28 172.18.4.2/28 172.18.1.1/24 172.18.10.1/27 172.18.20.1/27 172.17.0.1/16 172.18.10.21/27 172.18.20.22/27 172.17.1.1/16 Default Gateway 172.18.1.1 172.18.1.1 172.18.1.1 To the Internet Default Route: 172.18.4.1 to the Internet connection
PC1 Simulated Database Server PC2 Simulated File Server PC3 Discovery Server
172.18.10.1 172.18.20.1
VLAN Plan
VLAN Name Management Backbone Database FileServers WebServers Default VLAN Switches to Configure All S1 All All All All IDs 1 4 10 20 30 99 IP Address Range 172.18.1.0/24 172.18.4.0/30 172.18.10.0/27 172.18.20.0/27 172.17.0.0/16 none Group IT Managers Routers Private Servers Internal-only Servers Web-accessible Servers Default VLAN for unassigned ports and trunk links
Objective
Create a test plan designed to test the functionality of the server farm. The plan should include: The subject and scope of the proposed test The methods and tools for testing Data to record The potential results

This lab contains skills that relate to the following CCNA exam objectives: Interpret network diagrams.
Page 2 of 5

Determine the path between two hosts across a network. Select the components required to meet a network specification. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts. Perform and verify initial switch configuration tasks, including remote access management. Verify network status and switch operation using basic utilities (including: ping, traceroute, Telnet, SSH, arp, ipconfig), and show and debug commands. Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q). Describe how VLANs create logically separate networks and the need for routing between them. Configure, verify, and troubleshoot VLANs. Configure, verify, and troubleshoot trunking on Cisco switches. Configure, verify, and troubleshoot inter-VLAN routing. Implement static and dynamic addressing services for hosts in a LAN environment. Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts. Access and use the router to set basic parameters, including CLI/SDM. Connect, configure, and verify operation status of a device interface. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH, or other utilities.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, review the business goals for the FilmCompany network. Which goal would be supported by relocation of the servers to a server farm? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What considerations will influence your decisions about equipment to use for the test? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are the uptime requirements for a server farm? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 3 of 5

Instructor notes: Using the test plan template included with the lab and the topology shown, students will fill in the test plan sections to describe the tests to be performed, how they should be tested, and how to determine success or failure. This test plan will be used in subsequent labs to test simulated Server Farm prototypes. In this lab, you will develop a test plan to support the business goal of improving server availability and security. You will determine the nature of the tests to be performed, the methods and tools to be used, and the expected results. This test plan will be used as a basis for subsequent labs 7.3.5 and 7.3.6, to test the simulated server farm prototype.

Step 1: Before completing the Server Farm Design Test Plan, review the following materials:
The prototype topology diagram included at the top of this lab The IP Address Plan and VLAN Plan for the prototype topology in the Server Farm Design Test Plan provided with this lab The Prototype Network Installation Checklist created by the network designer and provided with this lab The partially completed Server Farm Design Test Plan provided with this lab
Step 2: Describe the functions of the network that the designer wants to test with this prototype
______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Basic connectivity, VLAN configurations, VTP operation, VLAN routing, ACL filtering.
Step 3: Using the topology diagram, create a list of the equipment necessary to complete the prototype tests
List any cables that are needed to connect the devices as shown in the topology diagram. Use the information from this list to fill out the chart in the Equipment section of the test plan document. ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ 2 Routers, 3 switches, 2 PCs, 1 Server, 6 Cat 5 Straight-through cables, 6 Cat 5 crossover cables, 1 console cable.
Task 2: Determine the Testing Procedures

Using the information contained on the Prototype Network Installation Checklist and the partially completed Server Farm Design Test Plan document, determine what procedures should be followed to perform each test listed on the plan. Using Test 1 as an example, fill out the procedures sections for Tests 2, 3, and 4.
Page 4 of 5

Think about which commands and tools (such as ping, traceroute, and show commands) you can use to verify that the prototype network is functioning as designed. Decide which outputs to save to prove the results of your tests.
Task 3: Document the Expected Results and Success Criteria

Carefully identify what you expect the results of each test to show. What results would indicate that the tests were a success? Test 2: VLAN Configuration Test ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Show vlans, show spanning-tree, show interface, failure of ping between VLANs Test 3: VLAN Routing Test ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Show vlans, show interface, show IP route, traceroute, and successful ping between VLANs. Test 4: ACL Filtering Test ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Show running config, show interface, show IP route, traceroute, attempts to access unauthorized resources denied. a. Fill in the Expected Results and Success Criteria section for each test, using the information collected above. b. Save the completed Server Farm Test Plan. It will be used in subsequent labs.
Reflection
Why is it important to think about and document the expected results and success criteria for each of the individual tests? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 5 of 5
Lab 7.3.3 Configuring and Testing the Rapid Spanning Tree Prototype Instructor Version
Device Designation
Device Name
R1
BR4
S1 S2 H1 H2 H3 H4
FC-ASW-1 ProductionSW H1 H2 H3 H4
IP Address Fa0/0.1 10.0.0.1 Fa0/0.10 10.10.10.254 Fa0/0.20 10.10.20.254 VLAN1: 10.0.0.2 VLAN1: 10.0.0.3 10.10.10.10 10.10.20.10 10.10.10.11 10.10.20.11
Subnet Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Default Gateway
10.0.0.1 10.0.0.1 10.10.10.254 10.10.20.254 10.10.10.254 10.10.20.254
Page 1 of 6
CCNA Discovery Designing and Supporting Computer Networks Objectives

Configure trunking on trunk ports to provide access to a router on the network. Configure separate VLANs for separate logical networks for production users and the server farm. Verify inter-VLAN connectivity. Enable RSTP and configure the root switch and backup root switch. Verify that the network can converge after inducing link and switch failures.

This lab contains skills that relate to the following CCNA exam objectives: Describe enhanced switching technologies, including: VTP, RSTP, VLAN, PVSTP, 802.1q. Verify network status and switch operation using basic utilities (including: ping, traceroute, Telnet, SSH, arp, ipconfig), and show and debug commands. Configure, verify, and troubleshoot RSTP operation.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How will the tests performed in the lab illustrate the purpose of the Rapid Spanning Tree Protocol? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
The network designer has developed a test plan for the proposed FilmCompany server farm. The tests depend on the ability of the technicians to configure the switches to use STP, because the server farm test topology implements redundant switched links. In this lab, you will review the basic functionality Cisco Rapid PVST.
Task 1: Configure all devices

Step 1: Configure S1 and S2
Configure the host name, access, and command mode passwords on each switch.
Step 2: Configure interface VLAN 1

Configure the VLAN1 IP address and default gateway on each switch.
Page 2 of 6

Step 3: Configure FC-ASW-1 for server and end user VLANs
VLAN Number 10 20
VLAN Name Servers Users
Step 4: Configure ProductionSW for server and end user VLANs
VLAN Number 10 20
VLAN Name Servers Users
Step 5: Assign ports to VLANs on FC-ASW-1

FC-ASW-1#configure terminal FC-ASW-1(config)#interface Fa0/5 FC-ASW-1(config-if)#switchport mode access FC-ASW-1(config-if)#switchport access VLAN10 FC-ASW-1(config-if)#interface Fa0/6 FC-ASW-1(config-if)#switchport mode access FC-ASW-1(config-if)#switchport access VLAN20
Step 6: Assign ports to VLANs on ProductionSW

ProductionSW#configure terminal ProductionSW(config)#interface Fa0/5 ProductionSW(config-if)#switchport mode access ProductionSW(config-if)#switchport access VLAN10 ProductionSW(config-if)#interface Fa0/6 ProductionSW(config-if)#switchport mode access ProductionSW(config-if)#switchport access VLAN20
Step 7: Configure trunk ports on FC-ASW-1 to the router and ProductionSW

FC-ASW-1(config)#interface Fa0/1 FC-ASW-1(config-if)#switchport mode trunk FC-ASW-1(config-if)#interface Fa0/2 FC-ASW-1(config-if)#switchport mode trunk FC-ASW-1(config-if)#interface Fa0/4 FC-ASW-1(config-if)#switchport mode trunk
Step 8: Configure trunk ports on ProductionSW to FC-ASW-1

ProductionSW(config)#interface Fa0/2 ProductionSW(config-if)#switchport mode trunk ProductionSW(config-if)#interface Fa0/4 ProductionSW(config-if)#switchport mode trunk
Page 3 of 6

Step 9: Configure VTP on both switches
FC-ASW-1#vlan database FC-ASW-1(vlan)#vtp server
Step 10: Configure ProductionSW to be a VTP client

ProductionSW#vlan database ProductionSW(vlan)#vtp client ProductionSW(vlan)#vtp domain ServerFarm
Step 11: Configure Rapid Spanning Tree Protocol

On each switch, configure Per-VLAN Rapid Spanning Tree Protocol. FC-ASW-1(config)#spanning-tree mode rapid-pvst ProductionSW(config)#spanning-tree mode rapid-pvst
Step 12: Perform basic router configuration

Configure hostname, passwords, and line access on R1.
Step 13: Configure Subinterface Fa0/0

BR4#configure terminal BR4(config)#interface Fa0/0 BR4(config-if)#no shut BR4(config-if)#interface Fa0/0.1 BR4(config-subif)#description VLAN1 BR4(config-subif)#encapsulation dot1q 1 BR4(config-subif)#ip address 10.0.0.1 255.255.255.0 BR4(config-subif)#interface Fa0/0.10 BR4(config-subif)#description VLAN10 BR4(config-subif)#encapsulation dot1q 10. BR4(config-subif)#ip address 10.10.10.254 255.255.255.0 BR4(config-subif)#interface Fa0/0.20 BR4(config-subif)#description VLAN20 BR4(config-subif)#encapsulation dot1q20 BR4(config-subif)#ip address 10.10.20.254 255.255.255.0 BR4(config-subif)#end BR4#
Step 14: Configure two hosts for server VLAN, and two hosts for end user VLAN
a. H1 and H3 should be given IP addresses in the Servers VLAN, with a default gateway of 10.10.10.254. b. H2 and H4 should be given IP addresses in the Users VLAN, with a default gateway of 10.10.20.254.
Task 2: Perform basic connectivity tests

Step 1: Test intra-VLAN connectivity
a. Ping from H1 to H3. Is the ping successful? __________ Yes If the ping fails, troubleshoot the configuration on the hosts and the VLAN configuration on the switches. b. Ping from H2 to H4.

Is the ping successful? __________ Yes If the ping fails, troubleshoot the configuration on the hosts and the VLAN configuration on the switches.
Step 2: Test inter-VLAN connectivity

Ping from a host on the Servers VLAN to a host on the Users VLAN. Is the ping successful? __________ Yes If the ping fails, troubleshoot the router and switch configurations.
Task 3: Introduce link and device failures into the network, and observe results
Step 1: Determine the port status of the spanning tree on the server switch
FC-ASW-1#show span VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 0030.F2C9.90A0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0090.21AC.0C10 Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------Fa0/1 Desg FWD 19 128.3 Shr Fa0/2 Root FWD 19 128.3 Shr Fa0/4 Altn BLK 19 128.3 Shr Fa0/5 Desg FWD 19 128.3 Shr VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 32788 Address 0030.F2C9.90A0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0090.21AC.0C10 Aging Time 300 Interface ---------------Fa0/1 Fa0/2 Fa0/4 Fa0/6 Role ---Desg Root Altn Desg Sts --FWD FWD BLK FWD Cost --------19 19 19 19 Prio.Nbr -------128.3 128.3 128.3 128.3 Type -------------------------Shr Shr Shr Shr
Which port is not currently participating in forwarding data? __________ Fa0/4 is an Alternate and is currently in blocking state (BLK).
Step 2: Induce a link failure on the server switch

Remove the cable from one of the forwarding ports on FC-ASW-1.
Step 3: View the adjustment to the spanning-tree

Re-issue the show span command.
Page 5 of 6

How long did it take the switches to determine and utilize a backup link? __________ Answers will vary but should be very quick recovery (less than one second)
Step 4: Induce a device failure on the network

Turn off the ProductionSW switch. Ping from H1 to H2. Was the ping successful? __________ Yes, both hosts are on the FC-ASW-1 switch and inter-VLAN routing is still taking place.
Step 5: Reflect on the test results

In a network with multiple branch offices, why is the use of Rapid Spanning Tree Protocol important? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Answers will vary. RSTP is important to ensure device connectivity at the access layer in each branch office and that resources such as servers are accessible to users in other offices that depend on them, in the event of a local switch-related failure.
Why is it important when implementing a server farm? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Answers will vary. RSTP will help to ensure that switches can recover quickly and keep servers accessible to users in the event of a switch, link or port failure.
Page 6 of 6
Lab 7.3.5 Testing a Prototype Network Instructor Version

Instructor Note: This lab is part of a series of labs that includes 7.3.2, 7.3.5, and 7.3.6. In this series the students create a test plan to verify the FilmCompany server farm design (7.3.2), and then execute the test plan (7.3.5), and finally analyze the results of the testing (7.3.6). They also need the Installation Checklist provided in Lab 7.3.2. Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of activity is done by a team of people, consisting of the account manager, network designer, systems engineers, and field engineers. If the students are working in a group to complete the lab, it is important for each one to be assigned a specific role (described in Chapter 2) and to provide input appropriate for the role.
Page 1 of 7
CCNA Discovery Designing and Supporting Computer Networks IP Address Plan

Device Designation S1 S2 S3 R1 Simulated Internet Router R2 Simulated Branch Router Interface VLAN1 VLAN1 VLAN1 Fa0/0 Fa0/1 Fa0/0 Fa0/1.1 Fa0/1.10 Fa0/1.20 Fa0/1.30 Fast Ethernet Fast Ethernet Fast Ethernet IP Address 172.18.1.11/24 172.18.1.12/24 172.18.1.13/24 209.165.200.15/30 172.18.4.1/28 172.18.4.2/28 172.18.1.1/24 172.18.10.1/27 172.18.20.1/27 172.17.0.1/16 172.18.10.21/27 172.18.20.22/27 172.17.1.1/16 Default Gateway 172.18.1.1 172.18.1.1 172.18.1.1 To the Internet Default Route: 172.18.4.1 to the Internet connection.
PC1 Simulated Database Server PC2 Simulated File Server PC3 Discovery Server VLAN Plan: VLAN Name Management Backbone Database FileServers WebServers Default VLAN
172.18.10.1 172.18.20.1
Switches to Configure All S1 All All All All
IDs 1 4 10 20 30 99
IP Address Range 172.18.1.0/24 172.18.4.0/30 172.18.10.0/27 172.18.20.0/27 172.17.0.0/16 none
Group IT Managers Routers Private Servers Internal-only Servers Web-accessible Servers Default VLAN for unassigned ports and trunk links
Objectives
Connect and configure the devices for the prototype FilmCompany server farm. Verify successful implementation of RSTP, VLAN trunking, and VTP. Configure routing between VLANs. Create and apply appropriate ACLs to filter undesirable traffic. Evaluate network performance based on previously determined checklist criteria.

This lab contains skills that relate to the following CCNA exam objectives: Interpret network diagrams. Determine the path between two hosts across a network. Select the components required to meet a network specification.
Page 2 of 7

Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts. Perform and verify initial switch configuration tasks, including remote access management. Verify network status and switch operation using basic utilities (including: ping, traceroute, telnet, SSH, arp, ipconfig), and show and debug commands. Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q). Describe how VLANs create logically separate networks and the need for routing between them. Configure, verify, and troubleshoot VLANs. Configure, verify, and troubleshoot trunking on Cisco switches. Configure, verify, and troubleshoot inter-VLAN routing. Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts. Access and use the router to set basic parameters, including CLI/SDM. Connect, configure, and verify operation status of a device interface. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH or other utilities.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is connectivity testing performed prior to configuring and applying ACLs, as well as after? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
This lab is designed to test the students understanding of the content presented throughout the chapter. This lab puts it all together for students to observe the interaction of the networking devices and to analyze network performance results. Detailed step-by-step directions are not supplied, because students have already performed much of the configuration in Lab 7.3.3. This lab adds routing and security to the network prototype. In this lab, you will construct the FilmCompany server farm prototype network and perform the tests described in the Server Farm Test Plan. You will analyze the network performance after applying all the configurations, and will complete the results and conclusions sections of the Test Plan.
Page 3 of 7
CCNA Discovery Designing and Supporting Computer Networks Task 1: Assemble and connect component devices
Step 1: Review the Topology Diagram and the Equipment section of the test plan
a. Determine which equipment or suitable substitutes will be required to meet the objectives of the lab. b. Modify the topology diagram as necessary to fit available equipment.
Step 2: Review the Installation Checklist provided in lab 7.3.2.

Accommodate any equipment limitations with the use of loopback addresses.
Task 2: Perform Test 1: Basic Connectivity Test

Step 1: Using the Installation Checklist, perform the steps to connect and configure the prototype network to perform Test 1.
Installation Steps Test 1 Requirements: Step 1: Perform basic switch configuration on each of the three switches. Include hostname, passwords, and VLAN1 IP address. Step 2: Connect the cables between switches as shown in the topology diagram. Step 3: Configure VLAN 4 on switch S1. Configure ports Fa0/10 and Fa0/11 for VLAN 4. Step 4: Perform basic router configuration on each of the two routers. Include hostnames, passwords, and the backbone link (the 172.18.4.0 network). Step 5: Connect the cables between the two routers and switch S1 as shown in the topology diagram. Step 6: Perform Test 1 according to the Server Farm Design Test Plan Completed
Step 2: Perform the Test 1 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.
Task 3: Perform Test 2: VLAN Configuration Test

Test 2 Requirements: Step 1: Create and name VLANs on each switch per the VLAN plan. Step 3: Assign switch ports to VLANs as shown on the topology diagram. Place the rest of the ports in the default VLAN, VLAN 99. Step 4: Configure VTP domain. Set switch S1 as the server and the other two switches as clients. Use Test as the domain name and cisco as the domain password. Step 5: Create trunk ports on the inter-switch links. On switch S1, exclude VLAN 4 from the trunk links. Use the switchport trunk allowed vlan remove 4 command in interface configuration mode. Step 6: Configure Rapid STP protocol.
Step 7: Set switch S1 as the root bridge. Step 8: Perform Test 2 according to the Server Farm Design Test Plan
Task 4: Perform Test 3: VLAN Routing Test

Test 3 Requirements: Step 1: Connect the cable between switch S3 and Router R2 as shown in the topology diagram. Step 1: Create a trunk port on switch S3 to connect to Router R2 as shown in the topology diagram. Step 2: Create subinterface configuration on Router R2 Fa0/1 for each of the VLANs on the trunk link using the 802.1q encapsulation. Do not put an IP address on the subinterface for VLAN 99. Step 3: Perform Test 3 according to the Server Farm Design Test Plan
Task 5: Perform Test 4: ACL Filtering Test

Step 1: Review security goals for the FilmCompany network
Examine the test plan, checklist, and other documentation to determine how ACLs can support the security goals.
Step 2: Examine results of connectivity tests to determine targets for the ACLs
Decide which devices should be permitted, which protocols should be used, and where ACLs should be placed.
Step 3: Create ACLs

Instructor note: Students have many options at this point. Named ACLs would be a good choice, and the class should discuss and come to consensus about the nature of the ACLs that will be created. PC1 and PC2 can be used to test filtering of undesirable traffic from within the FilmCompany network to the Discovery Server on the Web Server VLAN; one approach could be to allow the PCs to access only HTTP services. ICMP should be severely restricted, usable only for network management from a specific IP address. Telnet

access to routers, switches, and servers should be similarly limited. If desired, an additional host PC could be added to simulate the network administrator, and could be permitted ICMP and Telnet access to all devices. Complete this chart to record the structure and syntax of the proposed ACLs:
Firewall Rule
ACL Statements
Test 4 Requirements: Step 1: On router R2, configure ACLs to limit or permit access for testing. Step 2: Apply the access control lists to the appropriate interfaces and subinterfaces to permit or deny the selected traffic. Step 3: Perform Test 4 according to the Server Farm Design Test Plan
Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary
Task 6 Reflection
Examine the test results and conclusions. How this network would be affected if: 1. The number of servers was doubled? _______________________________________________________________________________ _______________________________________________________________________________ Traffic on S2 would increase. It may be worthwhile adding a switch and splitting up servers to avoid single point of failure. 2. The S2 switch had a system failure? _______________________________________________________________________________ _______________________________________________________________________________ Access to the servers would be lost. 3. A new branch office with 25 new hosts was added?

_______________________________________________________________________________ _______________________________________________________________________________ Load on router R2 or R1 would be increased depending on what access users needed to which resources. Now that you have followed the process of prototyping from creating the plan through testing and recording results and conclusions, what are the advantages and disadvantages of using a simulation program, such as Packet Tracer, compared to building the prototype with physical devices? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Use of a simulation program for can be very helpful in testing various connection scenarios, IP addressing and other issues. More devices can be put into play than when building a prototype using real equipment; however there is no substitute for using real equipment, if available.
Page 7 of 7
Lab 7.3.6 Identifying Risks and Weaknesses in the Design Instructor Version
Instructor Note: This lab is part of a series of labs that includes 7.3.2, 7.3.5, and 7.3.6. In this series the students create a test plan to verify the FilmCompany server farm design (7.3.2), and then execute the test plan (7.3.5), and finally analyze the results of the testing (7.3.6). Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of activity is done by a team of people, consisting of the account manager, network designer, systems engineers, and field engineers. If the students are working in a group to complete the lab, it is important for each one to be assigned a specific role (described in Chapter 2) and to provide input appropriate for the role.
Objectives
Identify areas of risk and weakness in the server farm design implementation. Recommend solutions that will support eventual growth of the data center while maintaining desired network performance.


Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What documentation should you gather to help you with the tasks you will perform in this lab? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Page 1 of 3

At the conclusion of the server farm prototype testing, the network designer is satisfied that the network performs as expected. However, several areas of concern exist that should be addressed. Future growth in the network could magnify these areas of risk and weakness, resulting in suboptimal network performance. Some design changes should be considered at this stage to prevent this from happening. In this lab, you will identify possible areas of risk and weakness, and suggest possible changes to eliminate or minimize them.
Task 1: Identify areas of risk and weakness in the server farm implementation
Step 1: Analyze the physical topology
Examine the server farm topology as one entity and as a part of the entire FilmCompany topology. Look for each of the risks and weaknesses listed in the chart. Describe the devices, connections, and issues that you find, or record None found if the design appears to avoid risks in that area. Instructor notes: One option for performing Tasks 1 and 2 is to work with the class as a whole. The instructor can display the server farm topology and the entire FilmCompany topology using a projector and discuss the weaknesses listed here and analyze the risks with students in a class discussion. Location and devices can be identified during the discussion. In Task2, the discussion can center around suggested changes to the design to help mitigate any weaknesses identified, also balancing cost vs risk. Weakness Single point of failure Risk If a device fails, a portion of the network will be inoperable. Description of Location and Devices
Large failure domain
If a device or link fails, a large portion of the network will be affected If the traffic volume increases, there is a potential for response time to degrade. If the network grows more rapidly than expected, a costly upgrade will be needed. If the design is too complex, the current staff will not be able to support it properly.
Possible bottlenecks
Limited scalability
Overly-complex design
Other possible weaknesses (specify):
Page 2 of 3

Step 2: Analyze the results and conclusions of the testing
Basic router and switch configurations were modified to support the following protocols and functions. Evaluate the results and conclusions that were drawn from the testing. Identify any areas where modifications to the configuration would provide better results, both now and in the future. No Change Needed VLAN port assignments VTP client/server assignments Root bridge designations Switch security Traffic filtering through ACLs Other (specify): Modifications Possible
Task 2: Suggest modifications to the design to address identified risks and weaknesses
From the analysis performed in Task 1, list each risk or weakness and suggest possible changes to the design to minimize or eliminate it. Risk or Weakness Identified Modification Suggested
Page 3 of 3
Lab 8.1.3 Simulating WAN Connectivity Instructor Version
Device Designation R1 R2
Device Name Router1 Router2
Address S0/1/0 192.168.1.1 S0/1/1 192.168.1.2
Subnet Mask 255.255.255.0 255.255.255.0
Objective
Describe ways to simulate WAN connectivity in a prototype lab.

This lab contains skills that relate to the following CCNA exam objectives: Configure and verify a basic WAN serial connection. Troubleshoot WAN implementation issues. Configure and verify a PPP connection between Cisco routers.

Page 1 of 6

Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What different issues need to be considered when configuring a WAN connection compared to a LAN connection? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: In this lab, students review the configuration of WAN links. Ensure that the concepts of DCE/DTE, clock rate, and encapsulation are understood. In this lab, you will review the configuration of WAN links. Cable the network shown in the topology diagram. Any router that meets the interface requirements displayed on the diagram may be used. These include the following routers and any of their possible combinations: The configuration output used in this lab is produced from 1841 and 1721 series routers. Any other routers used may produce slightly different output. *** It should be stressed to the students that configuring a router to provide the clock as DCE is not the norm and that we only do it in the classroom environment to enable the serial links to work since we do not have a CSU/DSU as we would with a real serial WAN link.
Step 1: Connect the PCs to the router console ports

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Referring to the topology diagram, connect a console cable from PC1 to the console port on R1. Connect a console cable from PC2 to the console port on R2. b. Apply power to all PCs and routers. c. Open a HyperTerminal session on each PC and establish a session to the respective router.
Step 2: Configure the serial interface on R1

Within the global configuration mode of R1, enter the following commands: Router(config)#hostname Router1 Router1(config)#interface serial 0/1/0 Router1(config-if)#ip address 192.168.1.1 255.255.255.0 Router1(config-if)#no shutdown Router1(config-if)#end Router1#
Step 3: Configure the serial interface on R2

Within the global configuration mode of R2, enter the following commands: Router(config)#hostname Router2 Router2(config)#interface serial 0/1/1
Page 2 of 6

Router2(config-if)#ip address 192.168.1.2 255.255.255.0 Router2(config-if)#clock rate 56000 Router2(config-if)#no shutdown Router2(config-if)#end Router2#
Step 4: View the show interface output

a. On Router1, issue the show interface serial 0/1/0 command from the privileged EXEC mode to view the encapsulation type. Router1#show interface serial 0/1/0 Serial0/1/0 is up, line protocol is up Hardware is GT96K Serial Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:09, output 00:00:08, output hang never Last clearing of "show interface" counters 00:19:54 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 14 packets input, 980 bytes, 0 no buffer Received 9 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 14 packets output, 1026 bytes, 0 underruns 0 output errors, 0 collisions, 8 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=down DTR=up RTS=up CTS=up What is the encapsulation type? ____________________ HDLC b. On Router2, issue the show interface serial 0/1/1 command from the privileged EXEC mode to view the encapsulation type. Router2#show interface serial 0/1/1 Serial0/1/1 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 00:00:05, output 00:00:06, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 9 packets input, 616 bytes, 0 no buffer Received 4 broadcasts, 0 runts, 0 giants, 0 throttles 2673 input errors, 2673 CRC, 0 frame, 0 overrun, 0 ignored, 1 abort 101 packets output, 4001 bytes, 0 underruns 0 output errors, 0 collisions, 43 interface resets 0 output buffer failures, 0 output buffers swapped out

5 carrier transitions DCD=up DSR=up DTR=up
RTS=up
CTS=up
What is the encapsulation type? ____________________ HDLC
Step 5: Test router connectivity

From Router2, ping Router1 to test connectivity. Router2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms If the ping is unsuccessful, troubleshoot the routers until connectivity is attained.
Step 6: Change the encapsulation type to PPP

From the privileged EXEC mode, issue the following commands to change the encapsulation type on the connecting serial interfaces of both routers to PPP. Router1#config terminal Router1(config)#interface serial 0/1/0 Router1(config-if)#encapsulation ppp Router1(config-if)#end Router1# Router2#config terminal Router2(config)#interface serial 0/1/1 Router2(config-if)#encapsulation ppp Router2(config-if)#end Router2#
Step 7: View the show interface output

a. On Router1, issue the show interface serial 0/1/0 command from the privileged EXEC mode to view the encapsulation type. Router1#show interface serial 0/1/0 Serial0/1/0 is up, line protocol is up Hardware is GT96K Serial Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: IPCP, CDPCP, loopback not set Keepalive set (10 sec) Last input 00:00:18, output 00:00:03, output hang never Last clearing of "show interface" counters 00:01:49 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 31 packets input, 1837 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 40 packets output, 2960 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets

0 output buffer failures, 0 output buffers swapped out 8 carrier transitions DCD=up DSR=down DTR=up RTS=up CTS=up b. On Router2, issue the show interface serial 0/1/1 command from privileged EXEC mode to view the encapsulation type. Router2#show interface serial 0/1/1 Serial0/1/1 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 54 packets input, 4042 bytes, 0 no buffer Received 28 broadcasts, 0 runts, 0 giants, 0 throttles 2673 input errors, 2673 CRC, 0 frame, 0 overrun, 0 ignored, 1 abort 137 packets output, 6252 bytes, 0 underruns 0 output errors, 0 collisions, 47 interface resets 0 output buffer failures, 0 output buffers swapped out 5 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Can the serial interface on Router2 be pinged from Router1? __________ yes Can the serial interface on Router1 be pinged from Router2? __________ yes If the answer is no for either question, troubleshoot the router configurations to find the error. Then issue the pings again until the answer to both questions is yes.
Step 8: Configure PPP authentication on R1 with CHAP

a. Configure the CHAP username and password on the R1 router. The username must be identical to the hostname of the other router. Both the password and usernames are case-sensitive. Define the username and password to expect from the remote router. On Cisco routers, the secret password must be the same for both routers. Router1(config)#username Router2 password cisco Router1(config)#interface serial 0/1/0 Router1(config-if)#ppp authentication chap Router1(config-if)#end Router1#
Step 9: Configure PPP authentication on R2 with CHAP

a. Configure the CHAP username and password on the R2 router. The passwords must be the same on both routers. The username must be identical to the hostname on the other router. Both the password and user names are case-sensitive. Define the username and password to expect from the remote router. Router2(config)#username Router1 password cisco Router2(config)#interface serial 0/1/1

Router2(config-if)#ppp authentication chap Router2(config-if)#end Router2#
Step 10: Verify that the serial connection is functioning

Verify that the serial connection is functioning by pinging the serial interface of R1. Was it successful? __________ yes Router2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms Why or why not? _______________________________________________________________________________ _______________________________________________________________________________ Both routers are using PPP with CHAP and appropriate usernames and passwords were set up on both routers.
Step 12: Clean up

a. Erase the configurations and reload the routers. b. Disconnect and store the cabling. c. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Challenge
Determine why it is necessary to set the encapsulation types when configuring a network. _________________________________________________________________________________ _________________________________________________________________________________ _________________________________________________________________________________ _________________________________________________________________________________
Page 6 of 6
WAN Design Test Plan

End Date
Table of Contents
Attendees ................................................................................................................................................3 Introduction .............................................................................................................................................4 Equipment ...............................................................................................................................................5 Design and Topology Diagram ..............................................................................................................6 Design and Topology Diagram ..............................................................................................................6 Test 1. Description: Frame Relay Configuration Test .........................................................................8 Test 1. Procedures..................................................................................................................................8 Test 1. Expected Results and Success Criteria .................................................................................10 Test 1. Results and Conclusions.........................................................................................................11 Test 2. Description: Backup Link Configuration Test .......................................................................12 Test 2. Procedures................................................................................................................................12 Test 2. Expected Results and Success Criteria .................................................................................13 Test 2. Results and Conclusions.........................................................................................................13 Appendix ...............................................................................................................................................14
Page 2 of 14
Attendees
Page 3 of 14
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run. Instructor note: Example answers to this section are: To verify the FilmCompany WAN Design. To test the router configurations proposed for the FilmCompany connections to the stadium network. To ensure that the design functions as expected. Purpose of this test: _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Instructor note: These tests are given to the student at a very high level. Later in this lab, the students are expected to record the detailed steps to perform the test. Test 1 is given as an example. Tests to run: Test 1: Frame Relay Configuration Test Verify Frame Relay configuration using point-to-point subinterfaces. Verify that EIGRP is configured and that MD5 authentication is set. Verify EIGRP routing between the stadium Edge2 router and the FilmCompany BR3 router. Document operation.
Test 2: Backup Link Configuration Test Demonstrate that traffic will take the alternate route if the Frame Relay link goes down. Document operation.
Page 4 of 14
Equipment
INSTRUCTIONS: List all of the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Additional options or software required none IOS Software Rev. 12.2 or above
Qty. Rqd 2
Model 1841 router
Router to simulate ISP can be 1841 with two FastEthernet interfaces Preconfigured router to simulate Frame Relay switch 2960 switch
none
Configured as a Frame Relay switch None
Substitute Any Cisco router with 1 serial interface and 2 FastEthernet or Ethernet interfaces Any router or multilayer switch that can support two separate Ethernet networks Any Cisco router with two serial interfaces Any switch or hub to simulate the remote LAN. Can use crossover cable in place of hub/switch At least one PC and any other IP end device (camera, printer, etc.) V.35 crossover cable none none
any
12.2 or above
any
Personal computer end devices
FastEthernet NIC
Windows, MAC, or Linux operating system n/a n/a n/a
2 2 3
V.35 DTE cables V.35 DCE cables Cat 5 or above crossover patch cables Cat 5 or above straight-through patch cables (if hub/switch is used) Console cable
none none none
none
none
n/a
none
none
none
Page 5 of 14

INSTRUCTIONS: Place a copy of the prototype network topology in this section. This is the network as it should be built to be able to perform the required tests, including IP Addressing and DLCI information. If this topology duplicates a section of the actual network, include a reference topology showing the location within the existing or planned network. Initial configurations for each device must be included in the Appendix. Instructor note: This is the topology diagram for the Frame Relay simulation. Edge2 represents the stadium router and BR3 the FilmCompany router.
Topology - Prototype test topology Instructor note: The students assign addresses for the PCs that are appropriate for the topology.
Page 6 of 14
IP Address Plan Device Name Edge2 Interface S0/1/1 Fa0/0 Fa0/1 BR3 S0/1/0 Fa0/0 Fa0/1 ISPX PC1 PC2 Fa0/0 Fa0/1 NIC NIC IP Address 172.18.0.9/30 172.18.3.1/24 172.18.0.249/30 172.18.0.10/30 172.18.225.249/30 172.18.225.0/25 172.18.225.250/30 172.18.0.250/30 Subnet Mask
Additional Notes and Instructions: Instructor note: Students record any other information that they think might be useful to the technicians performing the tests. These might be things like: This test must show that the new WAN design operates as expected and that the backup links function if the primary link is down. INSTRUCTIONS: Add a description about this design here that is essential to provide a better understanding of the testing or to emphasize any aspect of the test network to the reader. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Page 7 of 14
Test 1. Description: Frame Relay Configuration Test

Goals of Test: The goal of the Frame Relay Configuration Test is to:
Data to Record: Configurations Interface status Routing Tables CPU & Memory Traceroute Output Ping Test Output
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Build the topology according to the Design and Topology Diagram. Assign IP addresses according to the IP address plan. 2. Using console connections, create a basic configuration on routers Edge2, BR3, and ISPX. The router FR1 is preconfigured as a Frame Relay switch. Include applicable passwords, device names, default routes, default gateways, and activate interfaces. 3. Copy and paste the show running-config, show ip route, show processes cpu sorted, show interfaces, and the first few lines of show memory. Save the log file for later analysis using a text editor program such as Notepad. Repeat for all devices in the topology. 4. Configure the Frame Relay connections on point-to-point subinterfaces on the Edge2 and BR3 routers. Use the DLCI values shown on the topology diagram.
Page 8 of 14

5. Verify the Frame Relay is working as expected using the following commands: show frame-relay map Status of point-to-point links show frame-relay pvc Permanent Virtual Circuit (PVC) status and statistics show frame-relay lmi Local Management Interface (LMI) statistics debug frame-relay lmi LMI exchange between the Frame Relay switch and router in real time 6. Configure EIGRP to advertise only the LAN and Frame Relay networks. Do not advertise the backup network. 7. Configure EIGRP authentication between Edge2 and BR3. 8. Console into one of the devices in the topology and ping all of the other devices in the topology. Record any anomalies. 9. Telnet to each device in the configuration and verify that each is reachable. 10. Use traceroute from the Edge2 router to the IP address assigned to H2. Verify that the traffic is using the correct route through the Frame Relay network. Repeat the traceroute command from the router BR3 to the IP address of PC1. Verify that the traffic is using the correct route through the Frame Relay network. Copy and paste the traceroute output into a text file using a text editor, such as Notepad.
Page 9 of 14

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. 1. All networking devices are connected and accessible through Telnet. 2. Hosts can ping successfully to other hosts on the network. 3. EIGRP routing table updates occur as expected and the routing table is correct. 4. The output of the traceroute commands verifies that the traffic from the stadium Edge2 router to the FilmCompany BR3 router takes the correct path through the Frame Relay network.
Page 10 of 14

Page 11 of 14
Test 2. Description: Backup Link Configuration Test

Instructor note: Students must fill in the goal of the test. Sample goals: Test the configuration of backup links between the stadium and the FilmCompany. Verify that the backup links work if the primary link is unavailable. Goals of Test:
Data to Record: IP Routing Table Traceroute Output Ping Test Output
Test 2. Procedures
Page 12 of 14

Instructor note: Students list the procedures. Depending on the student and the level of detail, they may use all of the lines, or not. Example answer is: 1. Configure a floating static route on Edge2 to use the path through ISPX as a backup route to the FilmCompany LAN if the Frame Relay link is unavailable. 2. Configure a floating static route on BR3 to use the path through ISPX as a backup route to the stadium LAN if the Frame Relay link is unavailable. 3. Configure static routes on ISPX to both the stadium LAN and the FilmCompany LAN. 4. Disable the serial interface on either Edge2 or BR3. 5. Verify that the host PC1 can still ping the host H2. 6. Use the traceroute command to verify that the path between PC1 and H2 uses the backup links. 7. Record the output of the show ip route, ping, and traceroute commands. Student answers may vary slightly from the above list and may be in a different order. The exercise is to encourage students to think about all of the steps that they need to perform to verify the backup network design. Planning installation tasks and estimating the effort necessary to accomplish them is critical to the success of the students when they leave the course.

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Instructor note: Example answers should be: Floating static routes do not appear in the routing table unless the primary Frame Relay link goes down. Hosts PC1 and H2 can still communicate over the backup links when the Frame Relay is not available. The traceroute command verifies that the path the traffic takes between PC1 and H2 uses the route through ISPX.

Page 13 of 14
Appendix
Page 14 of 14
Lab 8.2.2 Creating a WAN Connectivity Test Plan Instructor Version

Instructor Note: This lab is part of a series of labs that includes 8.2.2, 8.2.5, and 8.2.6. In this series, the students create a test plan to verify the FilmCompany WAN network design (8.2.2), and then execute the test plan (8.2.5), and finally analyze the results of the testing (8.2.6). Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of activity is done by a team of people, consisting of the account manager, network designer, systems engineers, and field engineers. If the students are working in a group to complete the lab, it is important for each one to be assigned a specific role (described in Chapter 2) and to provide input appropriate for the role.
Objectives
Create WAN connectivity test plan with multiple tests to determine: Simulated Frame Relay connectivity Backup Simulated VPN link functionality
Describe the necessary information for each test to include: Description of the test Procedures Anticipated Results and Success Criteria
Page 1 of 6
CCNA Discovery Designing and Supporting Computer Networks 640-802 CCNA Exam Objectives
This lab contains skills that relate to the following CCNA exam objectives: Interpret network diagrams. Determine the path between two hosts across a network. Select the components required to meet a network specification. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts. Access and use the router to set basic parameters, including CLI/SDM. Connect, configure, and verify operation status of a device interface. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH, or other utilities. Perform and verify routing configuration tasks for a static or default route given specific routing requirements. Configure, verify, and troubleshoot EIGRP. Troubleshoot routing issues. Verify router hardware and software operation using show and debug commands. Implement basic router security. Describe different methods for connecting to a WAN. Configure and verify a basic WAN serial connection. Configure and verify Frame Relay on Cisco routers. Troubleshoot WAN implementation issues.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How does creating a test plan help you organize your thoughts and plan for the actual network prototyping? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why do you think a pilot test, in addition to the prototype test, may be necessary to validate the WAN design? ______________________________________________________________________________________ ______________________________________________________________________________________

______________________________________________________________________________________
Instructor notes: Using the test plan template included with the lab and the topology shown, students will fill in the test plan sections to describe the tests to be performed, how they should be tested, and how to determine success or failure. This test plan will be used in subsequent labs to test simulated Frame Relay prototypes. To conclude this lab, students should reflect on the use of Frame Relay WAN links, the testing of primary links, and of backup links. In this lab, you will demonstrate the ability to develop a test plan to support the business goal of improving network availability. This is accomplished by configuring backup connections so that connectivity is not lost for major applications if the Frame Relay link fails. These requirements include testing a Frame Relay WAN simulation with backup links. You will determine the nature of the tests to be performed, the methods and tools to be used, and the expected results. This test plan will be used as a basis for subsequent labs 8.2.4 and 8.2.5, to test simulated Frame Relay WAN prototypes.

Step 1: Refer to the WAN Design Test Plan document provided for this lab
Download the WAN Design Test Plan. What is the purpose of this WAN design test? Which elements of the design will be tested using this plan? _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ The purpose of this prototype is to demonstrate the use of Frame Relay WAN links to connect a remote site router to a central site router through a router that simulates a Frame Relay switch. Backup Ethernet links from the remote site and central site to a 4th router simulate a VPN backup capability and provide an alternate path in the event that one of the Frame Relay WAN links goes down. a. Document the purpose of the test in the Introduction section of the WAN Design Test Plan. b. Review the tests that will be run to validate the prototype. Test 1 Title / Purpose: _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ Frame Relay Configuration Test Verifies that the remote site router and the central site router are properly configured and can communicate via the router that simulates the frame relay switch. Test 2 Title / Purpose: _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ Backup Link Configuration Test Demonstrates that the remote site router and the central site router are properly configured and can communicate via the backup link when the Frame Relay link goes down.
Page 3 of 6

Step 2: Review the equipment needed to perform the tests
Review the list of all equipment needed to build the prototype and to perform the tests. Be sure to include cables, optional connectors or components, and software. If the recommended equipment is not available in your lab, discuss possible substitutes with your instructor and classmates, based on interface requirements of the topology. a. If substitute equipment must be used, list the devices here: _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ b. Determine the amount of each type of cabling necessary to create the prototype test topology. Record the information on the Equipment chart in the WAN Design Test Plan. c. Document any special configuration or cabling issues that might arise if substitute equipment is used. _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
Page 4 of 6
CCNA Discovery Designing and Supporting Computer Networks Task 2: Document information regarding Test 1
Test 1. Description: ______________________________________________
Frame Relay Configuration Test a. Determine the goals of Test 1. Record them on the WAN Design Test Plan in the appropriate section. Goals of Test: The goals of this test are to: 1. ___________________________________________________________________ 2. ___________________________________________________________________ 3. ___________________________________________________________________ 4. ___________________________________________________________________ 1. Verify that the topology is up and proper physical connections are made between the CPE1, CPE2, and the FR1 router. 2. Verify that the devices are correctly configured for Frame Relay. 3. Verify that CPE1 and CPE2 can communicate via Frame Relay.
b. Read through the Test 1 Procedures section in the test plan. Are there any additional procedures that you think are necessary to document the operation of the Frame Relay link and the EIGRP routing between Edge2 and BR3? __________ If there are, add them here: _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ Instructor note: Students may suggest additional tests or configuration tasks. c. Review the Expected Results and Success Criteria for Test 1. Are there any additional results you expect as a result of doing the procedures outlined for Test1? __________ If there are, add them here: _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________
Page 5 of 6
CCNA Discovery Designing and Supporting Computer Networks Task 3: Document information regarding Test 2
Test 2. Description: ______________________________________________
Backup Link Configuration Test Complete the sections in the WAN Design Test Plan document for Test 2. a. Fill in the Test 2 Description, Procedures, and Expected Results and Success Criteria sections. b. Save the test plan in your portfolio. The WAN Design Test Plan is the basis for the next two labs in the course.

Why is Frame Relay a good choice as a primary WAN technology? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Answers will vary but should include: It is a flexible technology that is widely supported by equipment vendors. Service is commonly available from most Telecom service providers (TSPs). Provides stable digital data link with various CIRs depending on customer needs. Supports a variety of topologies. SLAs are commonly Available. When is it most important to have a backup link? How does a backup link compare to a redundant link? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Backup links are necessary when the loss of a primary link would cause loss of access to critical resources. This is a cost/risk decision made by an organization. A backup link is typically down until needed. A redundant link can be used at the same time as the primary link for load balancing and can also serve as a backup in case the primary link fails.
Page 6 of 6
Lab 8.2.5 Configuring and Verifying WAN Backup Links Instructor Version
Objectives
Use a test plan to test the functionality of a Frame Relay WAN. Verify that the backup route is installed and connectivity is restored if the primary Frame Relay link goes down

This lab contains skills that relate to the following CCNA exam objectives: Interpret network diagrams.
Page 1 of 17

Determine the path between two hosts across a network. Select the components required to meet a network specification. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts. Access and use the router to set basic parameters, including CLI/SDM. Connect, configure, and verify operation status of a device interface. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH, or other utilities. Perform and verify routing configuration tasks for a static or default route given specific routing requirements. Configure, verify, and troubleshoot EIGRP. Troubleshoot routing issues. Verify router hardware and software operation using show and debug commands. Implement basic router security. Describe different methods for connecting to a WAN. Configure and verify a basic WAN serial connection. Configure and verify Frame Relay on Cisco routers. Troubleshoot WAN implementation issues.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is an understanding WAN technologies and Frame Relay important in network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What methods can be used to provide backup communications links? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes:

Students will review the WAN connectivity test plan created in Lab 8.2.2 and determine the test to be performed, how the test should be conducted, and how to determine success or failure. To conclude this lab, students should reflect on the design implications and rationale of implementing backup communications links in a network. The instructions and CLI commands and output format given in this lab are based on the Cisco 1841 router running IOS version 12.4 (Edge2, BR3 and ISPX) and a 2620XM router running IOS version 12.2 (FR1) acting as the Frame Relay switch. Note that different router platforms and IOS versions may result in different command and output formats than shown. *** The router simulating the Frame Relay switch may be preconfigured for the students or the students may configure it. The configuration commands are in the Appendix at the end of this lab. This lab simulates the use of a Frame Relay circuit to interconnect the stadium site to the FilmCompany site. The focus of the lab is the simulation of a backup VPN link to be used if the primary link goes down. Use the Test Plan in Lab 8.2.2 to determine the testing to be performed, the methods and tools to be used, and the potential results. The configuration output used in this lab matches that of 1841 series and 2600 series router. The same or similar commands can be used with other Cisco routers but may produce slightly different output. Any router that meets the interface requirements displayed on the topology diagram may be used. Refer to the Test Plan in Lab 8.2.2 for equipment required. Check off each task as you complete it.
Perform Test1: Frame Relay Configuration Test

Task 1: Build the Network. Task Complete ________
Instructor note: The configuration for the router acting as the Frame Relay switch is at the end of the lab.
Step 1 Connect devices

NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Connect the routers as shown in the topology diagram. Refer to the Test Plan in Lab 8.2.2 for cabling required. b. For each of the routers to be configured, use the erase startup-config and the reload commands from the privileged EXEC prompt, to ensure that you are starting with a clean configuration.
Task 2: Configure Router ISPX as a Backup. Task Complete _______

Step 1: Perform basic configuration of the ISPX router
a. Connect a PC to the console port of the router to perform configurations using a terminal emulation program. b. Configure the router with hostname, passwords, message-of-theday, and no ip domain lookup. Router(config)#hostname ISPX ISPX(config)#line console 0 ISPX(config-line)#password cisco ISPX(config-line)#login ISPX(config-line)#exit ISPX(config)#line vty 0 4 ISPX(config-line)#password cisco ISPX(config-line)#login ISPX(config-line)#exit
Page 3 of 17

ISPX(config)#enable password cisco ISPX(config)#enable secret class ISPX(config)#no ip domain-lookup ISPX(config)#banner motd #Unauthorized use prohibited#
Step 2: Configure ISPX router FastEthernet interfaces

Configure the FastEthernet interfaces for the backup links to the Edge2 and BR3 routers. Configure a description and the IP address, and activate each interface.
Step 3: Configure a static route on the ISPX router to the FilmCompany local network
On the ISPX router, configure a normal static route to the BR3 network 172.18.225.0/25 via the Fa0/0 interface on BR3.
Step 4: Configure a static route on the ISPX router to the stadium local network
On the ISPX router, configure a normal static route to the Edge2 network 172.18.3.0/24 via the Fa0/1 interface on Edge2.
Task 3: Configure the Stadium Edge2 Router. Task Complete: ________

Step 1: Perform basic configuration of the router
a. Connect a PC to the console port of the router to perform configurations using a terminal emulation program. Erase and reload the router before starting. b. Configure the router with a hostname, passwords, message-of-theday, and no ip domain lookup.
Step 2: Configure stadium router Edge2 interfaces

a. Configure the Serial 0/1/1 interface with Frame Relay encapsulation. Configure a point-to-point subinterface for DLCI 110. Edge2(config)#interface serial0/1/1 Edge2(config-if)#description primary link to BR3 Edge2(config-if)#encapsulation frame-relay Edge2(config-if)#no shutdown Edge2(config-if)#interface serial0/1/1.110 point-to-point Edge2(config-subif)#ip address 172.18.0.9 255.255.255.252 Edge2(config-subif)#frame-relay interface-dlci 110 Edge2(config-fr-dlci)#end b. Configure FastEthernet 0/0 interface for the stadium LAN network 172.18.3.0/24. c. Configure FastEthernet 0/1 interface for the backup link to the ISPX router per the topology diagram.
Step 3: Configure a dynamic routing protocol on stadium router Edge2

a. On Edge2, configure the EIGRP routing protocol to advertise the 172.18.3.0/24 network and the 172.18.0.8/30 network. Use EIGRP process ID 10. Disable auto-summary. b. Configure EIGRP MD5 authentication to accept updates from the FilmCompany router BR3 on the Frame Relay subinterface. Sample steps to configure EIGRP authentication are: Edge2#configure terminal Edge2(config)#key chain MYCHAIN Edge2(config-keychain)#key 1

Edge2(config-keychain-key)#key-string securetraffic Edge2(config-keychain-key)#exit Edge2(config)#interface serial 0/1/1.110 Edge2(config-subif)#ip authentication mode eigrp 10 md5 Edge2(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN Edge2(config-subif)#end Edge2# Until EIGRP and MD5 configuration are complete on router BR3, no EIGRP updates will be received. The debug eigrp packet command can be used to view the EIGRP exchange as it is occurring between the routers.
Task 4: Configure the FilmCompany BR3 Router. Task Complete: ________

Step 1: Perform basic configuration of the router
a. Connect a PC to the console port of the router to perform configurations using a terminal emulation program. Erase and reload the router before starting. b. Configure the router with a hostname, passwords, message-of-theday, and no ip domain lookup.
Step 2: Configure router BR3 interfaces

a. Configure Serial 0/1/0 interface with Frame Relay encapsulation. Configure a point-to-point subinterface for DLCI 100. BR3(config)#interface serial0/1/0 BR3(config-if)#description primary link to Edge2 BR3(config-if)#encapsulation frame-relay BR3(config-if)#no shutdown BR3(config-if)#interface serial0/1/0.100 point-to-point BR3(config-subif)#ip address 172.18.0.10 255.255.255.252 BR3(config-subif)#frame-relay interface-dlci 100 BR3(config-fr-dlci)#end b. Configure FastEthernet 0/1 interface for the FilmCompany LAN network 172.18.225.0/25. c. Configure FastEthernet 0/0 interface for the backup link to the ISPX router per the topology diagram.
Step 3: Configure the dynamic routing protocol on router BR3

a. On BR3, configure the EIGRP routing protocol to advertise the 172.18.225.0/25 network and the 172.18.0.8/30 network. Use EIGRP process ID 10. Disable auto-summary. b. Configure EIGRP MD5 authentication to accept routing updates from the Edge2 router on interface serial0/1/0.100. BR3#configure terminal BR3(config)#key chain MYCHAIN BR3(config-keychain)#key 1 BR3(config-keychain-key)#key-string securetraffic BR3(config-keychain-key)#exit BR3(config)#interface serial 0/1/0.100 BR3(config-subif)#ip authentication mode eigrp 10 md5 BR3(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN BR3(config-subif)#end c. When authentication is configured, both Edge2 and BR3 should begin accepting EIGRP updates. Use the show ip route command to verify that the routes to the LAN devices have been learned.
Page 5 of 17

Until EIGRP and MD5 configuration are complete on router BR3, no EIGRP updates will be received successfully. The command debug eigrp packet shows when EIGRP authentication is successful. Example output of the debug eigrp packet command once BR3 is correctly configured is shown below: BR3#debug eigrp packet 00:47:04: EIGRP: received packet with MD5 authentication, key id = 1 00:47:04: EIGRP: Received HELLO on Serial0/1/0.100 nbr 172.18.0.9
Task 5: Conduct Primary Frame Relay Link Testing Based on the Test Plan. Task Complete: ________
Execute the procedures outlined in Test 1 to test the simulated Frame relay network. Record the results of the tests in the Test 1: Results and Conclusions section.
Step 1: Console into routers Edge2 and BR3 and verify the basic configuration, IP addressing, Frame Relay
Issue the show running-config command for each of the routers to verify passwords, IP addressing, and Frame Relay configuration. See end of lab for router configs.
Step 2: Verify the Frame Relay configuration on Edge2, BR3, and FR1
Use show frame-relay commands to verify the Frame Relay configurations. See Lab 8.2.4 for command output. show frame-relay map Status of point-to-point links show frame-relay pvc Permanent Virtual Circuit (PVC) status and statistics show frame-relay lmi Local Management Interface (LMI) statistics show frame-relay route DLCI/interface routing (FR1 switch only)
Step 3: Verify routing table contents on router Edge2

Display the routing table for Edge2 using the show ip route command. Edge2#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks 172.18.0.248/30 is directly connected, FastEthernet0/1 172.18.225.0/25 [90/2172416] via 172.18.0.10, 00:09:33, Serial0/0/1.110 172.18.0.8/30 is directly connected, Serial0/0/1.110 172.18.3.0/24 is directly connected, FastEthernet0/0
C D C C
Is there an EIGRP route to the FilmCompany LAN 172.18.225.0/25? __________ Yes
Page 6 of 17

What is the AD of this route? __________ 90 What is the next hop IP address to get to this network? ___________________________________ 172.18.0.10 (F/R link) Does the primary route take the Frame Relay link? __________ Yes
Step 4: Verify routing table contents on router BR3

Display the routing table for BR3 using the show ip route command. BR3#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks C 172.18.225.0/25 is directly connected, FastEthernet0/1 C 172.18.225.248/30 is directly connected, FastEthernet0/0 C 172.18.0.8/30 is directly connected, Serial0/0/0.100 D 172.18.3.0/24 [90/2172416] via 172.18.0.9, 00:11:59, Serial0/0/0.100 Is there an EIGRP route to the Edge2 network 172.18.3.1/24? __________ Yes What is the AD of this route? __________ 90
Step 5: Verify routing table contents on router ISPX

Display the routing table for ISPX using the show ip route command. ISPX#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks 172.18.0.248/30 is directly connected, FastEthernet0/1 172.18.225.0/25 [1/0] via 172.18.225.249 172.18.225.248/30 is directly connected, FastEthernet0/0 172.18.3.0/24 [1/0] via 172.18.0.249
C S C S
Are there any EIGRP routes? __________ No Why or why not?


_____________________________________________________________________________ The ISPX router is not running the EIGRP protocol. Are there any static routes and if so, to what network? _____________________________________________________________________________ Yes, to BR3 LAN network 172.18.225.0/25 and to Edge2 LAN network 172.18.3.0/24 What is the purpose of these static routes? _____________________________________________________________________________ _____________________________________________________________________________ Provides routes from Edge2 to BR3 LANs through the ISPX router. Otherwise the ISP would not know how to get there.
Step 6: Test IP connectivity between routers Edge2 and BR3 via the primary Frame Relay link
a. Ping from Edge2 to the IP address of host PC2. Was the ping successful? __________ Yes If not, troubleshoot until successful. b. Ping from BR3 to the IP address of host PC1. Was the ping successful? __________ Yes If not, troubleshoot until successful. c. Verify that traffic is taking the correct path by using the traceroute command.
d. Turn off all debugging using the undebug all command. e. Record all results in the WAN Design Test Plan document in the Test 1: Results and Conclusions section.
Perform Test 2: Backup Link Configuration Test

Task 6: Configure floating static routes. Task Complete: ________
Step 1: Configure a floating static route on Edge2 and BR3 via the primary Frame Relay link.
a. On Edge2, configure a static route to the FilmCompany LAN (172.18.225.0/25) using the next hop address of the interface Fa0/1 on router ISPX. Configure the administrative distance on the floating static routes to be 130, greater than the administrative distance of the EIGRP learned route. b. On BR3, configure a static route to the stadium LAN (172.18.3.0/24) using the next hop address of the interface Fa0/0 on router ISPX. Configure the administrative distance on the floating static route to be 130, greater than the administrative distance of the EIGRP learned route.
Task 7: Conduct Backup Link Test. Task Complete: ________

Step 1: Test the backup link though the ISPX router by taking down the primary Frame Relay link
Cause the Frame Relay link from Edge2 to FR1 to fail by shutting down the Serial 0/1/1 interface.
Step 2: Verify routing table contents on router Edge2

Display the routing table for Edge2 using the show ip route command. Edge2#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.18.0.0/16 is variably subnetted, 3 subnets, 3 masks 172.18.0.248/30 is directly connected, FastEthernet0/1 172.18.225.0/25 [130/0] via 172.18.0.250 172.18.3.0/24 is directly connected, FastEthernet0/0
C S C
Is there an EIGRP route to the FilmCompany network 172.18.225.0/25 now? __________ No, The route was removed since the primary link is down. Is the floating static backup route to the FilmCompany network 172.18.225.0/25 that you defined earlier now present? __________ Yes What is the AD of this route? __________ 130 What is the next hop IP address to get to the 172.18.225.0/25 network? __________________________________________ 172.18.0.250 (ISPX Fa0/1 link) Does the backup route take the ISPX link? __________ Yes
Step 3: Verify routing table contents on router BR3

a. Display the routing table for BR3 using the show ip route command. BR3#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.18.0.0/16 is variably subnetted, 3 subnets, 3 masks 172.18.225.0/25 is directly connected, FastEthernet0/1 172.18.225.248/30 is directly connected, FastEthernet0/0 172.18.3.0/24 [130/0] via 172.18.225.250
C C S
NOTE: It will take BR3 some time to declare the EIGRP route to the Edge2 172.18.3.1 network via the Frame Relay link as being down. The link from BR3 to the Frame Relay switch appears to be good from the BR3 side. BR3 will have to wait until the timers expire after receiving no EIGRP updates from Edge2. b. Continue to issue the show ip route command until the EIGRP route is gone and the floating static route is installed, otherwise ping responses (echo reply) cannot be sent back to Edge2. Is there an EIGRP route to the Edge2 network 172.18.3.0/24? __________ No
Page 9 of 17

Is there a floating static route? __________ Yes What is the AD of this route? __________ 130 What is the next hop IP address to get to the 172.18.3.0/24 network? __________________________________________ 172.18.225.250 (ISPX Fa0/0)
Step 4: Test IP connectivity between routers Edge2 and BR3 via the backup Ethernet link
a. Ping from PC1 on Edge2 to the IP address of host PC2. Was the ping successful? __________ Yes If not, troubleshoot until successful. Note: While the backup link route is active, if you ping from router Edge2 to the IP address of host PC2 it will not be successful. The source of the ping will the IP address of the Fa0/1 interface (172.18.0.249) instead of the PC1 IP address and router BR3 does not have a route back to that network when static routing is in effect. b. Verify that traffic is taking the backup link by using the tracert command from PC1 to PC2. Record the results in the WAN Design Test Plan section Test 2: Results and Conclusions. c. Turn off any debugging using the undebug all command.
Step 5: Clean up
Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.

When is it most important to have a backup link? How does a backup link compare to a redundant link? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Backup links are necessary when the loss of a primary link would cause loss access to critical resources. This is a cost/risk decision made by an organization. A backup link is typically down until needed. A redundant link can be used at the same time as the primary link for load balancing and can also serve as a backup in case the primary link fails. This lab uses the RIP dynamic routing protocol and floating static routes to demonstrate primary and backup routes. Would it be possible to use all static routes and no dynamic routing protocol? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Yes, but static routes to all network locations would have to be defined for end-to-end communications between networks. There must be a route to get to a network destination and a route at the destination to get back, for two-way communications to occur. The routes must either be learned via a dynamic routing protocol or be entered manually as static routes by an administrator.
Page 10 of 17
Appendix
Instructor Notes: To preconfigure FR1 as a Frame Relay switch, follow these instructions. If the students are to configure FR1 in your lab, provide them with these instructions.
Task 1: Configure Router FR1 as a Frame Relay Switch

Step 1: Perform basic configuration of the router.
a. Connect a PC to the console port of the router to perform configurations using a terminal emulation program. b. Configure the router with hostname, passwords, message of the day and no ip domain lookup. Router(config)#hostname FR1 FR1(config)#line console 0 FR1(config-line)#password cisco FR1(config-line)#login FR1(config-line)#exit FR1(config)# line vty 0 4 FR1(config-line)# password cisco FR1(config-line)# login FR1(config-line)# exit FR1(config)# enable password cisco FR1(config)# enable secret class FR1(config)# no ip domain-lookup FR1(config)#banner motd #Unauthorized use prohibited#
Step 2: Configure Frame Relay switching on router FR1

a. Configure Frame Relay switching and the Frame Relay routes between the serial interfaces and the DLCIs. Since this router is acting as the Frame Relay switch and there is no CSU/DSU to provide the clocking, configure both Serial interfaces as DCE with a clock rate. FR1(config)# frame-relay switching FR1(config-if)# interface serial0/1/0 FR1(config-if)# description link to FilmCompany BR3 FR1(config-if)# encapsulation frame-relay FR1(config-if)# clock rate 64000 FR1(config-if)# no shutdown FR1(config-if)# frame-relay intf-type dce FR1(config-if)# frame-relay route 100 interface serial0/1/1 110 FR1(config-if)#exit FR1(config)#interface serial0/1/1 FR1(config-if)#description link to Stadium Edge2 FR1(config-if)#encapsulation frame-relay FR1(config-if)#clock rate 64000 FR1(config-if)#no shutdown FR1(config-if)#frame-relay intf-type dce FR1(config-if)#frame-relay route 110 interface serial0/1/0 100 FR1(config-if)# b. Use the show frame-relay route command to display the Frame Relay routing table of the FR1 switch. FR1#show frame-relay route Input Intf Input Dlci Output Intf Output Dlci Status
Page 11 of 17

Serial0/1/0 Serial0/1/1 100 110 Serial0/1/1 Serial0/1/0 110 100 inactive inactive
Device Configurations:
Edge2 Router 1841 IOS 12.4
Edge2#sh run Building configuration... Current configuration : 1545 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Edge2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$SVJw$4mmsluvH6tKGL8Hkhlmoz. enable password cisco ! no aaa new-model ip cef ! ! ! ! no ip domain lookup ! ! key chain MYCHAIN key 1 key-string securetraffic ! interface FastEthernet0/0 description Stadium LAN ip address 172.18.3.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 description backup link to ISP ip address 172.18.0.249 255.255.255.252 duplex auto speed auto ! interface FastEthernet0/1/0 !

interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/0/1 description primary link to BR3 no ip address encapsulation frame-relay ! interface Serial0/0/1.110 point-to-point ip address 172.18.0.9 255.255.255.252 ip authentication mode eigrp 10 md5 ip authentication key-chain eigrp 10 MYCHAIN frame-relay interface-dlci 110 ! interface Vlan1 no ip address ! router eigrp 10 network 172.18.0.8 0.0.0.3 network 172.18.3.0 0.0.0.255 no auto-summary ! ip route 172.18.225.0 255.255.255.128 172.18.0.250 130 ! ! ip http server no ip http secure-server ! ! control-plane ! ! banner motd ^CUnauthorized use prohibited^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end Edge2#
Page 13 of 17
CCNA Discovery Designing and Supporting Computer Networks BR3 Router 1841 IOS 12.4
BR3#sh run Building configuration... Current configuration : 1547 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname BR3 ! boot-start-marker boot-end-marker ! enable secret 5 $1$Oy22$IpotUI2nuqkDwA9Mh4sAW/ enable password cisco ! no aaa new-model ip cef ! ! no ip domain lookup ! ! key chain MYCHAIN key 1 key-string securetraffic ! ! interface FastEthernet0/0 description backup link to ISP ip address 172.18.225.249 255.255.255.252 duplex auto speed auto ! interface FastEthernet0/1 description BR3 LAN ip address 172.18.225.1 255.255.255.128 duplex auto speed auto ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 description primary link to Edge2
Page 14 of 17

no ip address encapsulation frame-relay no fair-queue ! interface Serial0/0/0.100 point-to-point ip address 172.18.0.10 255.255.255.252 ip authentication mode eigrp 10 md5 ip authentication key-chain eigrp 10 MYCHAIN frame-relay interface-dlci 100 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! interface Vlan1 no ip address ! router eigrp 10 network 172.18.0.8 0.0.0.3 network 172.18.225.0 0.0.0.127 no auto-summary ! ip route 172.18.3.0 255.255.255.0 172.18.225.250 130 ! ! ip http server no ip http secure-server ! ! control-plane ! ! banner motd ^CUnauthorized use prohibited^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end BR3#
ISPX Router 1841 IOS 12.4

ISPX#sh run Building configuration... Current configuration : 1218 bytes !
Page 15 of 17

version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISPX ! boot-start-marker boot-end-marker ! enable secret 5 $1$IzT0$mX4BFCU5ied75ROJ3kirPC1 enable password cisco ! no aaa new-model ip cef ! ! ! ! no ip domain lookup ! interface FastEthernet0/0 description backup link to BR3 ip address 172.18.225.250 255.255.255.252 duplex auto speed auto ! interface FastEthernet0/1 description backup link to Edge2 ip address 172.18.0.250 255.255.255.252 duplex auto speed auto ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! interface Vlan1 no ip address ! ip route 172.18.3.0 255.255.255.0 172.18.0.249 ip route 172.18.225.0 255.255.255.128 172.18.225.249

! ! ip http server no ip http secure-server ! control-plane ! ! banner motd ^CUnauthorized use prohibited
^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end ISPX#
Page 17 of 17
Lab 8.2.6 Evaluating the Prototype Test Instructor Version

Objectives
Analyze the results of the WAN Connectivity prototype test. Document the results and identify potential risks or weaknesses in the prototype and planned design. Complete the Results and Conclusions section of the test plan.

Page 1 of 4
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why do you think it is important to identify any weaknesses or risks contained in a proposed network design? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor notes: The students will use the test plan they created in Lab 8.2.2 and the results of the testing from Lab 8.2.5 to identify any weaknesses in the WAN design. Network designs often have weaknesses or areas of risk because the designer must work within constraints applied by the customer. These weaknesses can include obvious risks, such as no firewall or security filtering, or can be harder to identify. Using the results and conclusions of the Test Plan you finished in Lab 8.2.5, determine if there are areas where risk exists in your proposed design.
Step 1: Identify if weaknesses are present in the design

Is the Frame Relay WAN design able to scale to meet the expected growth? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Yes, Frame Relay services are typically very scalable. Additional CIR can be purchased and additional circuits can be added if necessary. Do the results of the prototype test indicate that the Frame Relay configuration will work as expected? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Since a router was acting as a simulated Frame Relay switch, there is no way to test the bandwidth and performance of a real Frame Relay switched network. Since it is not possible to test the performance through the actual TSP Frame Relay network there is a risk associated with the design. Also no high-volume test loads were generated to determine actual throughput.
Are there any weaknesses associated with using the VPN connections as backup to the Frame Relay WAN? ______________________________________________________________________________________

______________________________________________________________________________________ ______________________________________________________________________________________ Although the testing verified that the Ethernet-based backup simulation functions, this does not adequately simulate the use of VPN links as a Fast Ethernet link is much faster than a typical VPN. The most critical area of risk is the performance of the VPN links as backups in a real network. When the voice and video components of the network are added to the existing WAN traffic, there may be a quality of service issue if the VPN connection must be used. The current VPN through the ISP does not have a guaranteed level of service. Furthermore, it does not have mechanisms to provide QoS. As a result, the backup links can only provide limited connectivity in the event of a failure.
Will a failure of the primary link cause the FilmCompany to lose connectivity to the Stadium LAN? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ No, the backup link with a floating static route will be activated to provide connectivity in the event the primary F/R link fails. Does the EIGRP authentication provide for a secure transmission of the routing updates? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Yes, though the use of Message Digest 5 (MD5). The combination of the key identifier and the interface associated with the message uniquely identifies the authentication algorithm and MD5 authentication key in use.
Step 2: Determine what the risks are of not correcting the weaknesses
If, in Step 1, you identify weaknesses in the proposed design, what risks do these weaknesses present to FilmCompany? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ The risks are that an actual Frame Relay network under actual user loads would not perform as well as the simulated links in the prototype. Also, the simulated VPN backup link might not perform as expected in terms of recovery using a real VPN link instead of a simulated FastEthernet link. The final acceptance of the design may have to wait until the results of a pilot installation are known.
Step 3: Suggest ways that the design can be improved to reduce the risk
In what ways could the proposed design be improved to reduce the areas of risk? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________

______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ If time and money permit, a pilot test could be run where a temporary F/R test circuit with a specified CIR could be installed with the cooperation of the service provided and simulated test loads could be generated at various times to confirm the performance under high-volume conditions. A service level agreement (SLA) could also be negotiated to provide insurance that the circuit would perform as expected during peak load periods. With regard to the VPN backup links, the pilot could include the use of actual VPN connections over DSL links to more accurately demonstrate the recovery capabilities of the proposed design.
Step 4: Document the weaknesses and risks on the test plan

In the Results and Conclusions section of the test plan, record any weaknesses, risks, and suggested improvements.
Step 4: Reflection
Why do you think it is important to identify weaknesses and risks in the proposed design before presenting it to the customer? What are some reasons that weaknesses cannot be corrected? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ It is important to identify weaknesses and risks in the proposed design before presenting it to the customer to ensure that the customer understands the limitations of the prototype and is not lead to have unrealistic expectation based on a prototype. It may not be possible to compensate for all weaknesses identified due to time, money or personnel constraints. Risks must be analyzed and balanced against these other variables.
Page 4 of 4
VPN Design Test Plan

End Date
Table of Contents
Attendees ................................................................................................................................................3 Introduction .............................................................................................................................................4 Equipment ...............................................................................................................................................5 Design and Topology Diagram ..............................................................................................................6 Test 1. Description: EasyVPN Server Setup Verification ....................................................................8 Test 1. Procedures..................................................................................................................................8 Test 1. Expected Results and Success Criteria ...................................................................................9 Test 1. Results and Conclusions.........................................................................................................10 Test 2. Description: VPN Client Connectivity Test ............................................................................11 Test 2. Procedures................................................................................................................................11 Test 2. Expected Results and Success Criteria .................................................................................11 Test 2. Results and Conclusions.........................................................................................................12 Appendix ...............................................................................................................................................13
Page 2 of 13
Attendees
Page 3 of 13
Introduction
INSTRUCTIONS: Explain briefly what the purpose of the test is and what should be observed. Include a brief description of testing goals. List all tests that you intend to run.
Purpose of this test: The purpose of this prototype is to demonstrate the use of a VPN server to provide secure connections for remote users via the Internet. A Cisco router is configured as a VPN server and a client is setup to access the server to establish a VPN tunnel to internal LAN resources. Tests to run: Test 1: EasyVPN Server Setup Verification Demonstrate that the setup of EasyVPN server can be done using Cisco SDM. Verify that the IOS version to support EasyVPN is available for the 1841 router. Document operation.
Test 2: VPN Client Connectivity Test Demonstrate the configuration of the VPN client software. Verify that the client can connect to the EasyVPN server and successfully send data through the VPN connection. Document operation.
Page 4 of 13
Equipment
INSTRUCTIONS: List all of the equipment needed to perform the tests. Be sure to include cables, optional connectors or components, and software. Additional options or software required Substitute Advanced IP service Router with two IOS image and Cisco Ethernet interfaces SDM none IOS Software Rev. Advanced IP services IOS 12.4 or above and Cisco SDM 12.2 or above
Qty. Rqd 1
Model 1841 router (VPN server)
2960 Switch for Stadium internal network Windows XP VPN Client computer PC running XP on internal network
Cisco VPN client installed none
1 2
Cat 5 or above crossover cable Cat 5 or above straight-through cables
none none
Any standalone hub/switch or 1841 integrated switch Any PC with N/A compatible VPN client software Any PC or other N/A device that can respond to a ping or Discovery CD server none N/A none N/A
Instructor Note: If the Discovery Live CD Server is used for the internal host, its IP address is 172.17.1.1/16. IP addressing for the internal network will need to be adjusted accordingly.
Page 5 of 13

INSTRUCTIONS: Place a copy of the prototype network topology in this section. This is the network as it should be built to be able to perform the required tests, including IP Addressing and DLCI information. If this topology duplicates a section of the actual network, include a reference topology showing the location within the existing or planned network. Initial configurations for each device must be included in the Appendix. Instructor note: This is the topology diagram for the VPN Simulation. Simulated VPN remote access network topology
Topology - Prototype test topology
Page 6 of 13
IP Address Plan Device Name VPN VPN H1 H1 H2 Interface Fa0/0 Fa0/1 NIC Local Address VPN Dynamic Address NIC Local Address IP Address 10.10.10.1/29 192.168.2.99/24 10.10.10.2/29 192.168.2.x/24 192.168.2.6/24 Subnet Mask
Additional Notes and Instructions: Instructor note: Students record any other information that they think might be useful to the technicians performing the tests. These might be things like: This test must show the VPN configuration and management using SDM is easy enough to be managed by the existing personnel. INSTRUCTIONS: Add a description about this design here that is essential to provide a better understanding of the testing or to emphasize any aspect of the test network to the reader. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________
Page 7 of 13
Test 1. Description: EasyVPN Server Setup Verification

Goals of Test: Demonstrate the ease of configuring and managing a VPN server using Cisco SDM.
Data to Record: Configurations Interface status Routing Tables CPU & Memory Traceroute Output Ping Test Output Output of SDM utilities
Test 1. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Build the topology according to the topology diagram. Assign IP addresses according to the IP address plan. 2. Configure the EasyVPN server using Cisco SDM. 3. Console into the router VPN and capture the show running-config to verify the basic configuration, IP addressing, and VPN configuration. 4. Verify router VPN configuration using the built-in SDM GUI testing capability.
Page 8 of 13

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. 1. The EasyVPN configuration is successful. 2. Router VPN server is operational.
Page 9 of 13

Page 10 of 13
Test 2. Description: VPN Client Connectivity Test

Instructor note: Students must fill in the goal of the test. Sample goals: Demonstrates that the remote worker can access Stadium network LAN resources using a VPN client connection. Goals of Test:
Data to Record: VPN statistics Ipconfig output Traceroute Output Ping Test Output
Test 2. Procedures
INSTRUCTIONS: Itemize the procedures to follow to perform the test. 1. Create a new VPN network connection using the VPN client software. 2. Connect to the VPN server using the external VPN client. 3. Observe the VPN tunnel establishment. 4. Use ipconfig on the VPN client to verify that it has received an IP address. 5. Use ping to test connectivity with the internal network through the VPN.

INSTRUCTIONS: List all of the expected results. Specific criteria that must be met for the test to be considered a success should be listed. ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________

____________________________________________________________________________________ Instructor note: Example answers should be: Successful connection to the VPN server using the external VPN client Successful tunnel establishment VPN client has received an internal IP address from the VPN server. VPN client can ping an internal host or connect to an internal server service

Page 12 of 13
Appendix
Page 13 of 13
Lab 8.3.2 Creating a VPN Connectivity Test Plan Instructor Version

Instructor note: This lab is part of a series of labs that includes 8.3.2, Creating a VPN Connectivity Test Plan, 8.3.4.3, Creating a Cisco EasyVPN Server (Optional), and 8.3.4.4, Configuring and Testing the VPN Client (Optional). Although the 8.3.4 labs require an IOS version that may not be available in your lab, it is important that the students review the labs to see what is required to configure the VPN server and client. Students should be strongly advised to keep all of their information in a portfolio or binder for reference during the course. The results of these labs, and many others throughout the course, will be needed for the final design project later in the course. In most organizations, this type of activity is done by a team of people, consisting of the account manager, network designer, systems engineers, and field engineers. If the students are working in a group to complete the lab, it is important for each one to be assigned a specific role (described in Chapter 2) and to provide input appropriate for the role.
The upper part of the diagram shows an example of a real VPN network. The lower part shows the simulated network to be used for testing. Actual VPN remote access network topology
Page 1 of 5

Simulated VPN remote access network topology
Objectives
Create VPN connectivity test plan with multiple tests to determine: Setup of VPN server on edge router Simulate VPN client connectively
Describe the necessary information for the overall Test Plan to include: Introduction Equipment Design and Topology Diagram
Describe the necessary information for each test to include: Description of the test Procedures Anticipated Results and Success Criteria Conclusions

This lab contains skills that relate to the following CCNA exam objectives: Interpret network diagrams. Determine the path between two hosts across a network. Select the components required to meet a network specification.
Page 2 of 5

Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts. Access and use the router to set basic parameters, including CLI/SDM. Connect, configure, and verify operation status of a device interface. Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH, or other utilities. Describe VPN technology (including: importance, benefits, role, impact, components)

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What functions of a VPN do you think can be tested in a prototype environment? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is using a VPN critical to supporting remote workers? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Using the VPN Design Test Plan included with the lab and the topology shown, students will determine how to fill in the test plan sections to describe the tests to be performed, how they should be tested and how to determine success or failure. This test plan will be used in subsequent labs to test simulated VPN prototypes. To conclude this lab, students should reflect on the use of VPN technology and how it can be used to create a more scalable and flexible LAN. An important business goal for the both the stadium and the FilmCompany is the ability to support remote workers. An important technical requirement includes providing secure VPN connectivity via the Internet with ease of manageability. This can be accomplished using Cisco EasyVPN Server to configure and manage a VPN server and installing Cisco VPN on clients. This lab demonstrates the ability to develop a test plan to support the network VPN prototype. The prototype includes the configuration and testing of a VPN client, to simulate a remote worker, and a VPN server, to simulate the server, to be installed on the network. The Cisco SDM GUI on the 1841 is used to configure the EasyVPN Server for the remote clients. In this lab, you will determine the nature of the tests to be performed, the methods and tools to be used, and the expected results. This test plan will be used as a basis for subsequent labs 8.3.4.3 and 8.3.4.4.
Page 3 of 5

Step 1: Review the VPN Design Test Plan
Review the VPN Design Test Plan. Note the tests that the designer indicates are necessary to perform using the prototype network. Test 1: Description and purpose: ___________________________________________________________ EasyVPN Server Setup Verification Test 2: Description and purpose: ___________________________________________________________ VPN Client Connectivity Test
Step 2: Review the Equipment section

Which device will be used as the VPN server in the prototype network? ___________________ 1841 Router What IOS version is necessary to configure the EasyVPN server? _________________________________ Advanced IP Services version 12.4 or above and Cisco SDM Is equipment available in your lab with the correct IOS to build the prototype network configuration? ____________________________________________ answer varies
Step 3: Review the Design and Topology section

At the top of this lab, the actual VPN topology is shown, as well as the topology being used in the prototype test. Compare both topologies. Remote workers usually connect to the Internet and then use client software to create the VPN tunnel to the server. In the prototype environment, the connection between the VPN client and the VPN server is a much more direct connection. What is the risk of testing the VPN operation in a prototype environment? _____________________________________________________________________________________ real world conditions cannot be easily simulated The VPN server will assign a logical address to the remote host H1 that is valid on the internal network. This address will be assigned dynamically, when the VPN tunnel is created.
Step 4: Review the Test 1 Description, Procedures, and Expected Results sections
The designer needs to verify that the EasyVPN server can be configured and managed by the existing personnel. It is important to document how the Cisco SDM software can be used to configure and manage the VPN server.
Step 5: Review the Test 2 Description, Procedures, and Expected Results sections
Read through the Test 2 information in the test plan. Determine an appropriate goal for Test 2 and fill in the table in the VPN Design Test Plan. After reading the Procedures section, what do you think would be a successful outcome of completing the Test 2 procedures? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Successful connection to the VPN server using the external VPN client Successful tunnel establishment VPN client has received an internal IP address from the VPN server.

VPN client can ping an internal host or connect to an internal server service Record your answers in the Expected Results and Success Criteria section for Test 2.
Why do you think it is important to test the VPN operation in a pilot installation, as well as a prototype test? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ A pilot implementation can test the configurations and operation in a real-world environment. What are the benefits of managing the VPN server with internal personnel, rather than using the ISP to manage it? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Answers will vary but should include: It is more flexible. It may cost less. It is easier to add additional clients.
Page 5 of 5
Lab 8.3.4.3 Creating a Cisco EasyVPN Server (Optional Lab) Instructor Version
The 1841 used with this lab is running the Advanced IP Services IOS image version 12.4. The standard base IP IOS image does not support VPN. Even if equipment is not available to actually perform this lab, students should read through it to get a better understanding of how VPNs function. This lab is part of a series of labs that includes 8.3.2, Creating a VPN Connectivity Test Plan, 8.3.4.3, Creating a Cisco EasyVPN Server (Optional), and 8.3.4.4, Configuring and Testing the VPN Client (Optional). Although the 8.3.4 labs require an IOS version that may not be available in your lab, it is important that the students review the labs to see what is required to configure the VPN server and client.
Objectives
Configure basic router global settings using IOS for SDM access. Configure EasyVPN Server using SDM on a Cisco router.

This lab contains skills that relate to the following CCNA exam objective: Describe VPN technology (including: importance, benefits, role, impact, components).
Page 1 of 21
Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is the ability to create a VPN server important in network design and prototyping? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
In this lab you will configure a Cisco 1841 router as a VPN server using the SDM graphical user interface and the EasyVPN Server Wizard. This router will simulate the VPN server in the Stadium network prototype for remote worker access. The router will provide the endpoint for an IPSec VPN tunnel for VPN clients. You will test the VPN configuration using the built-in test options according to the test plan outlined previously in Lab 8.3.2. NOTE: Even if the equipment is not available to actually perform this lab, you should read through it to get a better understanding of how VPNs function. The following resources are required: Cisco 1841 router with IOS 12.4 Advanced IP Services IOS image, a Virtual Private Network (VPN) Module, and SDM version 2.4 installed Windows XP computer with Internet Explorer 5.5 or higher and SUN Java Runtime Environment (JRE) version 1.4.2_05 or later (or Java Virtual Machine (JVM) 5.0.0.3810). Access to PC network TCP/IP configuration and command prompt Console cable with DB-9 to RJ-45 adapter Cabling as shown in the topology and described in test plan Lab 8.3.2
Page 2 of 21
CCNA Discovery Designing and Supporting Computer Networks Task 1: Build the Network and Configure the Devices for SDM Access
Step 1: Configure basic router settings for SDM access
NOTE: If the PC used in this lab is also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab. a. Connect to the PC to the router console port using a serial cable with a DB-9/RJ-45 adapter. Use the erase startup-config and the reload commands from the privileged EXEC prompt, to ensure that you are starting with a clean configuration. b. Configure basic routers settings to prepare the router for access using SDM. Router(config)#hostname VPN VPN(config)#line console 0 VPN(config-line)#password cisco VPN(config-line)#login VPN(config-line)#line vty 0 4 VPN(config-line)#password cisco VPN(config-line)#login VPN(config-line)#enable password cisco VPN(config)#enable secret class VPN(config)#no ip domain-lookup VPN(config)# VPN(config)#interface Fa0/0 VPN(config-if)#ip address 10.10.10.1 255.255.255.248 VPN(config-if)#no shutdown VPN(config-if)# VPN(config-if)#ip http server VPN(config)#ip http authentication local VPN(config)#username admin privilege 15 password 0 cisco123 VPN(config)#end c. Copy the running-config to the startup-config.
Page 3 of 21

Step 2: Configure the PC to connect to the router and launch Cisco SDM
a. Disable any popup blocker programs. Popup blockers prevent SDM windows from displaying. b. Connect the PC NIC to the FastEthernet 0/0 port on the Cisco 1841 ISR router with an Ethernet crossover cable. This in-band connection will be used to configure VPN using the PCs browser and the SDM graphical user interface. NOTE: An SDM router other than the 1841 may require connection to different port in order to access SDM. c. Configure the IP address of the PC as 10.10.10.2 with a subnet mask of 255.255.255.248.
d. SDM does not load automatically on the router. You must open the web browser to reach the SDM. Open the web browser on the PC and connect to the following URL: http://10.10.10.1 e. In the Connect to dialog box, enter admin for the username and cisco123 for the password. Click OK. The main SDM web application will start and you will be prompted to use HTTPS. Click Cancel. In the Security Warning window, click Yes to trust the Cisco application.
Page 4 of 21

f. Verify that you are using the latest version of SDM. The initial SDM screen that displays immediately after the login shows the current version number. It is also displayed on the main SDM screen shown below, along with IOS version. NOTE: If the current version is not 2.4 or higher, notify your instructor before continuing with this lab. You will need to download the latest zip file from http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm and save it to the PC being used to access the router SDM. From the Tools menu of the SDM GUI, use the Update SDM option to specify the location of the zip file and start the update. Also note that the Windows XP computer you are using must have Internet Explorer 5.5 or higher and SUN Java Runtime Environment (JRE) version 1.4.2_05 or later (or Java Virtual Machine (JVM) 5.0.0.3810). If it does not, SDM will not start. You will need to download and install JRE on the PC before continuing with the lab.
Step 3: Configure SDM to show Cisco IOS CLI commands

a. From the Edit menu in the main SDM window, select Preferences. b. Select the Preview commands before delivering to router check box. With this check box checked, you can see the Cisco IOS CLI commands that you will use to perform a configuration function on the router before these commands are sent to the router. You can learn about Cisco IOS CLI commands this way.
Page 5 of 21
CCNA Discovery Designing and Supporting Computer Networks Task 2: Use EasyVPN to configure the router as a VPN server
Step 1: Launch the EasyVPN Server Wizard
a. From the Configure menu, click the VPN button to view the VPN configuration page. Select Easy VPN Server from the main VPN window, and then click Launch Easy VPN Server Wizard.
Page 6 of 21

b. The Enable AAA window will display. AAA must be enabled on the router before the Easy VPN Server configuration starts. Click Yes to continue with the configuration. Click the Deliver button to deliver the AAA configuration to the router. The AAA has been successfully enabled on the router's message displays on the window.
c.
Click OK to continue to the VPN Wizard Welcome screen. Click Next to start the Easy VPN Server Wizard.
Page 7 of 21

Step 2: Select the Interface and Authentication method
a. Select the interface on which the client connections terminate and the authentication type. This connection terminates on Fa0/0 and pre-shared keys will be used.
Page 8 of 21

b. Click Next to configure the Internet Key Exchange (IKE) policies. Use the Add button to create the new policy. Configurations on both sides of the tunnel must match exactly. However, the Cisco VPN Client automatically selects the proper configuration for itself. Therefore, no IKE configuration is necessary on the client PC.
Page 9 of 21

Step 3: Specify the Transform Set
Click Next to accept the default transform set for data encryption and authentication algorithms.
Page 10 of 21

Step 4: Specify Group Authorization and Group Policy Lookup
Click Next to create a new Authentication, Authorization, and Accounting (AAA) authorization network method list for group policy lookup. Accept the default of Local for policy lookup.
Page 11 of 21

Step 5: Configure User Authentication (XAuth)
a. You can store user authentication details on an external server, such as a RADIUS server or a local database or on both. Select the Enable User Authentication checkbox and accept the default of Local Only. b. Click the Add User Credentials button to see users currently defined or to add users. What is the name of the user currently defined and what is the user privilege level? _________________________________________________ admin, privilege level 15. How was this user defined? _________________________________________________ During the initial IOS CLI configuration
Page 12 of 21

Step 6: Configure the Group Policy
a. Click Next to go to the Group Authorization and User Group Policies screen. You must create at least one group policy for the VPN server.
Page 13 of 21

b. Click Add to create a policy. Enter VPN as the Tunnel Group Name. Enter a new pre-shared key of cisco and then re-enter it. Leave the Pool Information box checked and enter a starting address, an ending address, and a subnet mask as shown. Click OK to accept the entries. When you return to the Group Authorization screen, click Next.
Page 14 of 21

Step 7: Review the Summary of the Configuration you created
The Summary of the Configuration window shows a summary of the actions that you have taken. Click Finish if you are satisfied with your configuration.
Page 15 of 21

Step 8: Deliver the configuration to router
This window shows the IOS commands that will be delivered to the router as a result of selections and entries you have made. Select the checkbox Save running-config to routers startup config. Click Deliver to complete the transfer of commands to the router.
Page 16 of 21

Step 9: Test the basic VPN config on the router
a. Test the VPN configuration according to Test 1 in the Lab 8.3.2. Creating a VPN Connectivity Test Plan. b. After the commands have been delivered, you will be returned to the main VPN configuration screen. Select the name of the VPN configuration you created and click Test VPN Server in the lower right corner of the screen. You should get a response similar to the following example:
Page 17 of 21

Task 3: Reflection
Why would you configure VPN using the SDM EasyVPN Server instead of using the command line? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Using a GUI interface with the SDM EasyVPN Wizard makes configuration much easier because the wizard prompts you for all the information you need to configure the VPN server. The IOS configuration commands used to configure a VPN server are relatively complex and require considerably more knowledge. Summarize the steps that are configured by the SDM EasyVPN server ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Select the interface on which the client connections will terminate Configure IKE Policies Configure an IPsec transform set Configure a group policy lookup method Configure user authentication Configure group policies
Page 18 of 21
CCNA Discovery Designing and Supporting Computer Networks Device Configurations

1841 router with IOS 12.4 (VPN server)
VPN#sh running-config Building configuration... Current configuration : 1878 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VPN ! boot-start-marker boot-end-marker ! enable secret 5 $1$zKaa$C.wtkprSbd7cyGamEKsG/1 enable password cisco ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common ip cef ! ! ! ! no ip domain lookup ! ! ! username admin privilege 15 password 0 cisco123 ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPN key cisco pool SDM_POOL_1 netmask 255.255.255.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac !

crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! ! ! interface FastEthernet0/0 ip address 10.10.10.1 255.255.255.248 duplex auto speed auto crypto map SDM_CMAP_1 ! interface FastEthernet0/1 no ip address shutdown speed auto ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 no ip address shutdown no fair-queue ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address ! ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5 ! ! ip http server ip http authentication local no ip http secure-server ! ! ! ! ! control-plane ! !

! line con 0 password cisco line aux 0 line vty 0 4 password cisco ! scheduler allocate 20000 1000 end VPN#
Page 21 of 21
Lab 8.3.4.4 Configuring and Testing the VPN Client (Optional Lab) Instructor Version
The 1841 used with this lab is running the Advanced IP Services IOS image version 12.4. The standard base IP IOS image does not support VPN. Even if equipment is not available to actually perform this lab, students should read through it to get a better understanding of how VPNs function. This lab is part of a series of labs that includes 8.3.2, Creating a VPN Connectivity Test Plan, 8.3.4.3, Creating a Cisco EasyVPN Server (Optional), and 8.3.4.4, Configuring and Testing the VPN Client (Optional). Although the 8.3.4 labs require an IOS version that may not be available in your lab, it is important that the students review the labs to see what is required to configure the VPN server and client.
Device Router 1 Switch 1 Host 1 Host 2
Host Name VPN S1 PC1 PC2
FastEthernet 0/0 or NIC IP Address 10.10.10.1 /29 10.10.10.2 /29 192.168.2.6 /24
FastEthernet 0/1 IP Address 192.168.2.99 /24
Default Gateway
Enable Secret Password class
Enable, vty, and Console Password cisco
10.10.10.1 192.168.2.99
Page 1 of 11
Objectives
Configure basic router settings using IOS. Configure a VPN client for remote access. Configure the internal network. Verify VPN tunnel establishment between client and server. Verify VPN client access to internal network resources.

This lab contains skills that relate to the following CCNA exam objective: Describe VPN technology (including: importance, benefits, role, impact, components).

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ How is the ability to implement VPN technology important in network design and prototyping? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
In this lab you will configure a VPN client to simulate remote access to the Stadium network internal LAN resources through a VPN server. Prior to starting this lab, you must complete Lab 8.3.4.3 to configure the 1841 VPN server using the SDM graphical user interface and the EasyVPN Server Wizard. You will test the remote VPN client access according to the test plan outlined previously in Lab 8.3.2. NOTE: Even if the equipment is not available to actually perform this lab, you should read through it to get a better understanding of how VPNs function. The following resources are required: Cisco 1841 router with 2 Fast Ethernet routed interfaces and the following: IOS 12.4 Advanced IP Services IOS image Virtual Private Network (VPN) Module SDM version 2.4 installed 4-port switch add-in module (an external hub or switch can be substituted)
Page 2 of 11

Windows XP computer for use with SDM EasyVPN configuration and to act as VPN client with the following: Internet Explorer 5.5 or higher SUN Java Runtime Environment (JRE) version 1.4.2_05 or later (or Java Virtual Machine (JVM) 5.0.0.3810) Cisco VPN Client installed
Windows XP computer or other computer to act as internal host (Use of Discovery CD Server is an option but addressing for internal network will need to match the 172.16.1.1/16 address of the server) Console cable with DB-9 to RJ-45 adapter Access to PC network TCP/IP configuration and command prompt Cabling as shown in the topology and described in test plan Lab 8.3.2
Task 1: Build the Network and Configure the Devices for SDM Access
Step 1: Connect the PCs and devices as shown in the topology diagram
a. The internal VPN router interface Fa0/1 may be connected to the integrated 1841 Ethernet switch, if one is installed, or may be attached to a standalone hub or switch. b. It is not necessary to configure the switch. If an external standalone switch is used, erase the startup configuration file and delete the vlan.dat file. Issue the reload command or power-cycle the switch to clear any previous configurations. c. Connect host PC2 to the same switch (1841 integrated or standalone hub/switch) as the router Fa0/1 interface. Configure the IP address as shown in the topology diagram table.
Step 2: Configure the router as a VPN server

a. Host PC1 connects to the router console port for basic IOS configuration and connects via the router Fa0/0 port for SDM EasyVPN configuration. Refer to Lab 8.3.4.3 for PC setup to access the router SDM GUI. After configuring the router as a VPN server, host PC1 acts as the VPN client. b. Refer to Lab 8.3.4.3 for instructions on configuring the 1841 as a VPN server using IOS commands and SDM. Be sure to erase the startup configuration file and issue the reload command to clear any previous configurations. c. Assign an IP internal LAN address to the VPN server Fa0/1 interface to act as the gateway for internal hosts. VPN(config)#interface FastEthernet0/1 VPN(config-if)#ip address 192.168.2.99 255.255.255.0 VPN(config-if)#no shutdown
Task 2: Configure the VPN Client

Step 1: Install the Cisco VPN client
If not already installed, install Cisco VPN Client software on host PC1. If you do not have the Cisco VPN Client software or are unsure of the process, contact your instructor.
Page 3 of 11

Step 2: Configure the PC as a VPN client to access the VPN server
a. Start the Cisco VPN Client and select Connection Entries > New.
b. Enter the following information to define the new connection entry. Click Save when you are finished. Connection Entry: VPN Description: Connection to Stadium network Host: 10.10.10.1 Group Authentication Name: VPN (Configured in Lab 8.3.4.3) Password: cisco (Configured in Lab 8.3.4.3) Confirm Password: cisco NOTE: Name and password are case-sensitive and must match the ones created on the VPN server.
Page 4 of 11

c. Select the newly created connection and click Connect.
d. Enter the user name admin created previously on the VPN router and enter the password of cisco123. Click OK to continue. The VPN Client window will minimize to an icon in the tools tray of the taskbar.
Page 5 of 11
CCNA Discovery Designing and Supporting Computer Networks Task 3: Verify the VPN Tunnel between Client, Server, and the Internal Network
Perform testing as outlined in Lab 8.3.2 Test 2 of the VPN Connectivity Test Plan and as described here.
Step 1: Check the tunnel statistics

Open the VPN Client icon and click the Status menu and then the Statistics option to display the Tunnel Details tab.
What is the Client IP address obtained from the VPN server? __________________________________________________________________ Answers will vary but can range from 192.168.2.1 through 192.168.2.5. The pool of addresses was defined in Lab 8.3.4.3. What is the VPN server address? ______________________________________ 10.10.10.1 How many packets have been encrypted? ________________________________ Answers will vary What is the encryption method being used? ______________________________ 168-bit 3-DES What is the authentication being used? __________________________________ HMAC-SHA1
Step 2: Open a command prompt window and verify the VPN connection
Click Start > Run, enter cmd and press Enter. Use the ipconfig /all command to see the network connections currently in use. C:\>ipconfig /all Windows IP Configuration Host Name . . . . . Primary Dns Suffix Node Type . . . . . IP Routing Enabled. WINS Proxy Enabled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : : : : : PC1 Hybrid No No
Page 6 of 11
Ethernet adapter Local Area Connection 1: Connection-specific Description . . . . Connection Physical Address. . Dhcp Enabled. . . . IP Address. . . . . Subnet Mask . . . . Default Gateway . . DNS Suffix . : . . . . . . . : Intel(R) PRO/100 VE Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : : : : : 00-07-E9-63-CE-53 No 10.10.10.2 255.255.255.248 10.10.10.1
Ethernet adapter Local Area Connection 2: Connection-specific Description . . . . Physical Address. . Dhcp Enabled. . . . IP Address. . . . . Subnet Mask . . . . Default Gateway . . DNS . . . . . . . . . . . . Suffix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : : : : : : :
Cisco Systems VPN Adapter 00-05-9A-3C-78-00 No 192.168.2.3 255.255.255.0 192.168.2.4
What is the IP configuration for the first Local Area Connection? IP Address: ___________________________________ 10.10.10.2 Subnet Mask: _________________________________ 255.255.255.248 Default Gateway: _______________________________ 10.10.10.1 Description: ________________________________________________________ Intel(R) PRO/100 VE Network Connection. (Answers will vary) What is the IP configuration for the second Local Area Connection? IP Address: ___________________________________ 192.168.2.3 (answers will vary) Subnet Mask: _________________________________ 255.255.255.0 Default Gateway: _______________________________ 192.168.2.3 (same as host IP address) Description: ________________________________________________________ Cisco Systems VPN Adapter
Step 3: Test connectivity between the remote VPN client and the internal stadium network
Ping from the external (remote) host PC1 to host PC2 (IP address 192.168.2.6) on the internal stadium network to simulate access to internal resources. Were the pings successful? __________Yes. If they are not, troubleshoot until they are. C:\>ping 192.168.2.6 Pinging 192.168.2.6 with 32 bytes of data: Reply Reply Reply Reply from from from from 192.168.2.6: 192.168.2.6: 192.168.2.6: 192.168.2.6: bytes=32 bytes=32 bytes=32 bytes=32 time=1ms time<1ms time<1ms time<1ms TTL=64 TTL=64 TTL=64 TTL=64
Ping statistics for 192.168.2.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
Task 4: Reflection
Why is VPN a good option for remote users? _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ Answers will vary but should include: It is a flexible technology that is widely supported by equipment vendors. Service is commonly available from ISPs. A VPN server can be set up independent of the ISP if desired. VPN provides easy and secure access to internal LAN resources for remote workers and business partners. Any authorized person with an Internet connection can access internal resources as if they were on the local LAN.
What would happen if the VPN client tunneling protocol or encryption did not match that of the VPN server? _____________________________________________________________________________________ _____________________________________________________________________________________ The client would not be able to establish a connection.
Page 8 of 11
CCNA Discovery Designing and Supporting Computer Networks Device Configurations

1841 router with IOS 12.4 (VPN server)
VPN#sh running-config Building configuration... Current configuration : 1878 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VPN ! boot-start-marker boot-end-marker ! enable secret 5 $1$zKaa$C.wtkprSbd7cyGamEKsG/1 enable password cisco ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common ip cef ! ! ! ! no ip domain lookup ! ! ! username admin privilege 15 password 0 cisco123 ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPN key cisco pool SDM_POOL_1 netmask 255.255.255.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac !

crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! ! ! interface FastEthernet0/0 ip address 10.10.10.1 255.255.255.248 duplex auto speed auto crypto map SDM_CMAP_1 ! interface FastEthernet0/1 ip address 192.168.2.99 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 no ip address shutdown no fair-queue ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address ! ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5 ! ! ip http server ip http authentication local no ip http secure-server ! ! ! ! ! control-plane ! !

! line con 0 password cisco line aux 0 line vty 0 4 password cisco ! scheduler allocate 20000 1000 end VPN#
Page 11 of 11
Lab 9.1.2 Editing and Organizing the Existing Information Instructor Version
Instructor Note: This lab is part of a series of labs in which the student creates an Implementation Plan to be included in the network proposal. The labs in this series are: Lab 9.2.1 Creating an Implementation Plan Lab 9.2.2 Creating a Phased Installation Plan Lab 9.2.3 Creating a Timeline Lab 9.2.4 Creating an Installation Schedule
Objective
Collect and organize information into a network proposal.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are the benefits of the systematic and thorough recording and collecting of information in the preparation of a project proposal? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. In the labs in Chapter 9, students finalize the FilmCompany network upgrade Implementation Plan and Project Proposal using the design information that they have compiled in their portfolios from previous labs, and then prepare and present this Proposal to the class. The activities required by these labs may be performed individually or in small groups. At the conclusion of this series of labs, each student should submit an individually compiled Project Proposal document and presentation and should be able to demonstrate the skills and knowledge required of the network design process. The activities required by these labs may be performed individually or in small groups or syndicates.
Page 1 of 3

The final presentation may be made to the class. However, to provide an environment more representative of the workplace, presentations could be made to a wider audience. For example, if your academy has other IT faculty and staff, perhaps they could be invited to attend the presentations. Other guests could include instructors from neighboring academies or representatives from local IT or networking businesses. This first lab in the series requires the student to gather together and organize all the network upgrade information from previous labs in this course that they have collected in their project portfolio. Having tested the proposed network design using a prototype, you will now collect information from the RFP in Chapter 2 and previous PPDIOO labs to create a network proposal. In this lab, you will prepare an outline for the FilmCompany network upgrade proposal. You will do this by assembling portions of the proposal from the information that you compiled from earlier labs and saved in your portfolio.
Step 1: Collate and organize the information

a. Gather and read through all the project documents that you created in previous labs. b. Ensure that multipage documents are together and that the pages are in the correct sequence.
Step 2: Review the existing information

Ensure that the documents are complete and contain the information specified. Any incomplete documents, or missing information that was not recorded at the time of that lab, now need to be checked and included at this stage.
Step 3: Organize the information

A project proposal typically contains the following sections: Section Executive Summary Description Discusses the project goals and project scope at a high level. This section demonstrates that the network vendor understands the extent of the project and the role of the network in meeting the business goals. The goal of the summary is to convince the decision-makers of the business benefits of the design. This section is typically one to two pages long. Reviews the business goals and network requirements, including users and applications that need to be supported. This section often lists the business goals, in order of priority, with critical goals marked. This section includes the topologies; protocols, hardware, software, and training that are required to meet the business goals. Documents the state of the existing network. This section includes physical and logical diagrams and the IP addressing scheme. The section summarizes the results of the network characterization, including strengths and weaknesses of the existing network. It also documents the user community and applications currently in use, based on the network characterization. Describes the physical layout of the proposed design. This section documents trade-offs made to accommodate business goals and technical requirements. The section describes the features and recommended uses for the technologies and devices proposed for the new network design. This section documents the new WAN service and new network equipment. The section also includes proposed network diagrams. Describes the logical topology of the proposed network. This section documents any proposed addressing and naming conventions. It describes the routing and switching protocols recommended for the planned network. This section includes recommended security mechanisms and products that
Page 2 of 3
Network Requirements
Current Network Environment
Proposed Physical Design
Proposed Logical Design

support the security policy of the business. The section may include information on recommended network management procedures and applications. Implementation Plan Provides a detailed list of the tasks that must be performed to install and implement the new network. This section includes tasks, steps, time required, and proposed schedules. Provides cost proposal for equipment, software, installation, and ongoing support.
Cost Proposal
Important notes about the Executive Summary: The Executive Summary is presented first because it provides the reader with an overview of the complete proposal. The proposal will be read by people with different roles and requirements. These may include managers; network engineers and technicians; marketing and sales consultants; and finance and accounting personnel. By reviewing the Executive Summary first, readers can then decide whether to read through the complete document or read only those sections that apply to their role. Although presented first, the Executive Summary cannot be written until the rest of the proposal document has been compiled. This section is therefore the final section to be written.
Organize the information into the required sequence.
Step 4: Edit and finalize the information

a. Review all the materials to ensure that they are complete. It is important that the FilmCompany management and technical staff are able to easily find and understand the material contained in the proposal. A disorganized or incomplete proposal can cause the customer to choose another contractor to complete the project. b. Ensure that all the information has a consistent format and style. If necessary, edit or rewrite sections so that the proposal has the appearance of a single document and not a set of separate documents. c. Complete diagrams and other graphics and finalize what is to be included in the proposal.
d. Clearly note those sections of the proposal that have to be completed; these sections will be compiled in the following labs. e. Save the word processing documents and file the hardcopy information in your portfolio.
Page 3 of 3
Lab 9.2.1 Creating an Implementation Plan Instructor Version

Objectives
Create an Implementation Plan. Recognize the importance of customer approval.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What potential issues could arise if the project proceeds without the customer approving the Implementation Plan? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. In this series of four labs, students finalize the FilmCompany network upgrade Implementation Plan section of the Project Proposal presentation. The Implementation Plan uses the results of the previous design and testing labs that students have saved in their project portfolio. The next three labs develop the details of the three sections of the Implementation Plan: Installation Method Timeline and Resource Estimates
Page 1 of 4

Maintenance and Downtime Planning
This lab focuses on developing a structure for the Implementation Plan based on the FilmCompany network upgrade requirements. Knowing the technical network requirements of the upgrade from previous labs, students should discuss and clarify their understanding of the requirements. During these discussions, have students consider any issues that would affect the implementation of such a project in their local area. In the PPDIOO process, the next step after completing the network design is to develop the Implementation Plan. It is important to include as much detail as possible. The network engineers and technicians use the Implementation Plan documentation to perform the network upgrade. This lab is the first of four that will lead you through the creation of an Implementation Plan for the FilmCompany network upgrade. In this lab, you will establish the format of the Implementation Plan using the results of earlier design and testing labs. In the next three labs, you will compile and finalize the details for three sections of the Implementation Plan: the Installation Method, the Timeline and Resource Estimates, and the Maintenance and Downtime Planning.
Step 1: Determine the tasks to implement the network design

Implementing a network design requires the completion of a set of tasks, such as installing hardware, configuring systems, testing the network, and launching the network into production. Each task consists of several steps. Each task requires the following documentation: A description of the task References to design documents Detailed implementation guidelines Detailed rollback guidelines in case of failure The estimated time required for implementation Completion sign-off
Analyze the FilmCompany network design documentation that you have compiled in previous labs. Determine and list the three main sets of tasks required to be performed to implement the network upgrade. These sets of tasks will be referred to as phases. Instructor Note: Some variation in the derived tasks may occur and is acceptable. Students may need to be directed to focus on the critical tasks as developed from the design and testing labs. Phase 1 ____________________________________________ Install Distribution and Core Layer equipment ____________________________________________ Configure new IP addressing & VLAN scheme ____________________________________________ Configure routing Phase 2 ____________________________________________ Upgrade the WAN connectivity ____________________________________________ Extend the network to the remote site ____________________________________________ Configure ACLs & security Phase 3 ____________________________________________ Install wireless/mobility network ____________________________________________
Page 2 of 4

____________________________________________
Step 2: Note identified success and failure criteria

When implementing a design, the possibility of a failure must be considered even after a successful pilot or prototype network test. Each step of the implementation may require additional testing to ensure that the network operates as designed. In the Reflection section in Chapter 2, Lab 2.3.3, you considered success criteria when determining the objectives of the FilmCompany network upgrade. List two or three success or failure criteria for each phase of the project. Instructor Note: Encourage discussion and recording of measurable criteria that would indicate if a task succeeded or failed in meeting its objective. Responses may vary; see Chapter 2, Lab 2.3.3, Reflection for example criteria. Phase 1 ____________________________________________ ____________________________________________ ____________________________________________ Phase 2 ____________________________________________ ____________________________________________ ____________________________________________ Phase 3 ____________________________________________ ____________________________________________ ____________________________________________
Step 3: Include provision for customer approval

The Implementation Plan details the work required to accomplish the project goals. The plan includes the customer expectations and the success criteria for customer approval and project sign-off. As soon as customer approval of the implementation plan is obtained, the installation can begin. The customer is given a detailed list of all devices required and the work to be completed. This list forms part of the Implementation Plan. A signed copy of this list is kept by the network designer and account manager. Upon completion of each task, the customer is required to sign off that the work was completed and that the results are as expected. a. Include in the documentation a signature page for an authorized FilmCompany representative to sign and approve the Implementation Plan. b. Include in the documentation a signature page at the end of each task for an authorized FilmCompany representative to sign and accept the completion of each task.
Page 3 of 4

Step 4: Document Phase 1
Create a table for Phase 1 with the headings shown below. Task/Step Date Description Implementation Details Complete
You will enter details into the table over the next three labs.


Page 4 of 4
Lab 9.2.2 Creating a Phased Installation Plan Instructor Version

Objective
Determine the best installation method.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What could be some of the issues that may have to be discussed and negotiated with the customer with regard to their expectations of what impact the installation process may have on their current network operations? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. In this lab, students create the FilmCompany network upgrade Installation Plan. The Installation Plan describes how the implementation of the network upgrade will be carried out. In the preparation of the Implementation Plan, encourage class discussion. If possible, provide realistic examples of local issues that can affect the implementation of a project. Examples could include shortage of trained network installation staff, the logistics of delivering networking equipment to the site, disruption to current services, and local regulations or customary work practices that affect the timing or scheduling of project tasks. In the preparation of the Implementation Plan, have the class discuss and consider the three installations methods:

New installation Phased installation Complete replacement
Then discuss why the phased installation will be used in this case. In this lab you, will compile and finalize the details of the Implementation Plan relating to the planned installation method of the FilmCompany network upgrade. An Installation Plan may be subject to a number of factors. These include: Budget constraints that can affect the project by limiting the money available to purchase the equipment needed Time constraints on a business factors, such as the inability to handle downtime for transaction processing and major events happening in a short period of time Lack of trained personnel or the need for training, which could prevent a new installation from being fully implemented at one time
Step 1: Compare the installation methods

There are three possible installation methods: New installation, commonly referred to as a green field installation Phased installation into an existing, functioning network Complete replacement, commonly referred to as a fork-lift upgrade
Consider and list the advantages and disadvantages of the three installation methods. New Installation Advantages: ________________________________________________________________________________ All of the equipment and services can be installed and tested at the same time. ________________________________________________________________________________ The implementation plan for a new network is less complex than the other two types of installations. ________________________________________________________________________________ Schedules are more flexible than when an existing network is in place. ________________________________________________________________________________ There is minimal disruption to the company. Disadvantages: ________________________________________________________________________________ High capital expense because all of the equipment and services are installed at the same time. Phased Installation into Existing Network Advantages: ________________________________________________________________________________ Portions of the network upgrade are implemented in isolation from the current running portions. ________________________________________________________________________________
Page 2 of 4

The network upgrade is divided into smaller pieces that can be installed and tested quickly. ________________________________________________________________________________ Installing the upgrade in smaller phases causes the least amount of downtime. Disadvantages: ________________________________________________________________________________ Care must be taken not to disrupt services unnecessarily when installing the new network components or technologies into an existing network. ________________________________________________________________________________ A phased implementation requires more detailed planning with the customer. Complete Network Replacement Advantages: ________________________________________________________________________________ Existing network can remain fully operational until the replacement network is brought into production. ________________________________________________________________________________ Disadvantages: ________________________________________________________________________________ Both networks may be operating in parallel for some time, which increases operating costs and may cause user and support confusion ________________________________________________________________________________
Step 2: Select the installation method

Two of the FilmCompany requirements are: The company network services must be available during the upgrade. Existing equipment must be used in the new network design.
Select the appropriate installation approach for the FilmCompany network upgrade. ___________________________________________________________ A Phased Installation approach will be used for this project
Step 3: Complete the details for the installation phases

Using the charts created in Lab 9.2.1; fill out the information for each of the Installation Phases. a. On the table created in Lab 9.2.1 for Phase 1, fill in the Task/Step, Description, and Implementation Details information: Install Distribution and Core Layer equipment Configure new IP addressing & VLAN scheme Configure routing
b. On the table for Phase 2, fill in the Task/Step, Description, and Implementation Details information: Upgrade the WAN connectivity Extend the network to the remote site Configure Access Control Lists & security
Page 3 of 4

c. On the table for Phase 3, fill in the Task/Step, Description, and Implementation Details information: Install and configure the wireless and associated mobility network equipment
Page 4 of 4
Lab 9.2.3 Creating a Timeline Instructor Version

Objective
Estimate timelines and resources.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What would you expect to be the result of one phase or task of a project being delayed? Under what circumstances would the entire project be adversely affected? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. In this lab students will develop a timeline for the FilmCompany network upgrade case study. This timeline will be entered as dates for each step of each task in the Project Implementation Plan. If the resources are available, this lab can be enriched by demonstrating, or have the students use, a project management software such as MS Project. Students need to develop an understanding of the types of resources (people and materials) that need to be allocated to each step of a task in the project and any relationships and dependencies between the steps. Have the students discuss the possible causes of delays in projects and how these may be managed to minimize the affect on the overall project. Emphasize the need for the management of an Installation Plan to
Page 1 of 3

be flexible so that resources can be reassigned to other tasks to either overcome a delay or to make effective use of those resources elsewhere if a delay means that those resources would be idle. In this lab, you will create a timeline for the FilmCompany network upgrade project. The timeline should include the start and end dates for the phased installation method. The project duration is part of the contractual agreement. To meet the deadlines of the customer, the network designer creates a project timeline. The availability of materials, the schedule of the contractor, and the schedule of the customer are all considerations in determining the start date and the completion date. Developing an implementation plan and effectively managing the project time and resources is a highly regarded skill in the networking and communications industry. Developing an understanding of these project management issues is therefore an important outcome of this lab.
Step 1: List and prioritize the factors affecting the timeline

Note issues such as equipment and material availability, skilled personnel, and customer requirements that should be considered for the following factors when developing a project timeline. Consider the possibility that the project might not begin on the proposed start date. Equipment order and delivery _______________________________________________________ _______________________________________________________ Service installation, such as WAN links _______________________________________________________ _______________________________________________________ Customer schedule, including available maintenance and downtime windows _______________________________________________________ _______________________________________________________ Availability of appropriate technical personnel _______________________________________________________ _______________________________________________________ Instructor Note: Encourage student discussion on these issues. Consider local factors such as transport or access to suppliers that would affect a project of this type in the students' workplaces. Have the students use the Internet to estimate the delivery times for different types of equipment. The installation times can be estimated by the students based on how long it takes them to perform different tasks in the classroom. For example, approximately how long does it take them to unpack and configure a router or switch, or connect and test cabling?
Step 2: Complete the time details for each installation phase

The FilmCompany network upgrade is linked to the StadiumCompany network redevelopment. It would be efficient to align the FilmCompany stadium remote site work with that project. The StadiumCompany RFP states that the project must be completed during the off-season for the two teams. This requirement gives the project a timeline of four months, which can be also applied to the FilmCompany upgrade. a. On the table created in Lab 9.2.1 for Phase 1, fill in the Date information: Install Distribution and Core Layer equipment Configure new IP addressing & VLAN scheme Configure routing
Page 2 of 3

b. On the table for Phase 2, fill in the Date information: c. Upgrade the WAN connectivity Extend the network to the remote site Configure Access Control Lists & security
On the table for Phase 3, fill in the Date information: Install and configure the wireless and associated mobility network equipment
Step 3: Consider customer-caused delays

Customers may make changes to the requirements during the installation of a project. When changes occur, the timeline is used to make adjustments to personnel and other available resources. The timeline documentation can also be used to show the customer how delays affect the project completion date. Based on the timeline, write a project variation statement showing the possible delay in the project completion date if the FilmCompany decided at this stage to relocate an additional three production staff and their workstations to the stadium. Instructor note: Have students document the flow-on effect of increasing the time of one task of the project to the scheduling of subsequent tasks and the overall project itself. Students should be in a position to accurately inform the customer of the increased costs and timing consequences of such project variations.
Step 4: Using project management software (Optional)

Project management tools such as Microsoft Project can be used to create a project timeline. This software can be useful for: Tracking the progress of the project Keeping the project on schedule Identifying milestones Tracking labor assignments and costs Alerting the designer if the project is falling behind schedule.
If this software is available, enter the resources and timeline for one phase of the Implementation Plan and examine the output.
Page 3 of 3
Lab 9.2.4 Creating an Installation Schedule Instructor Version

Objective
Create an installation schedule based on maintenance windows and downtime allowances.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ Why is ensuring that the customer and users are informed of network and services downtime an important part of the project implementation? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. In this lab, students will develop a maintenance and downtime schedule for the FilmCompany network upgrade case study. Stress to students that with a phased installation, it may not be possible to compete a task within a single period of time. The task may need to be carried out in stages of shorter times across a longer period. For example, a task scheduled to take 10 hours may, in fact, have to be carried out over 5 days in 2-hour blocks. This extends the overall project timeline and needs to be reflected in the Implementation Plan documentation. Present to students examples of where careful planning of downtime for operating networks is necessary to minimize disruption to customers and users. Where it is not possible to use scheduled network maintenance

windows, students need to be prepared to negotiate with the customer to obtain approval to have the network down during normal operating hours. Maintenance windows and planned downtime need to be included in the installation timeline. If only a few hours a day are available to make network changes, the project timeline must reflect this constraint. Otherwise, the time estimates are not accurate and the project may be late. Scheduling downtime for the network needs to be carefully planned to prevent a major disruption for the customer. In this lab, you will create a maintenance schedule that includes the equipment involved, the time required, and suggestions for scheduling the maintenance that will cause the least impact on FilmCompany daily operations. Note that the maintenance windows allow for maintenance downtime to occur only from 2 a.m. to 6 a.m., Monday through Friday.
Step 1: List and prioritize the tasks that require downtime on the current network
List the tasks that require network downtime. _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ Instructor Note: These are tasks that impact the working network, such as reassigning VLANS, and IP addresses. However, installing the Frame Relay WAN link will have little impact because it is a new feature.
Step 2: Document the required downtime on the project timeline

Sometimes it is not possible to complete all of the required tasks during an approved maintenance window. If an installation task requires the network, or part of the network, to be down during normal business hours, it is important to obtain permission from the customer. As soon as the time frame is determined and approved, all the people involved need to be notified accordingly. a. List those tasks that can be completed during a scheduled maintenance window. _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ b. List those tasks that require the network to be down during normal business hours. _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ Instructor Note: Tasks requiring little time, or that have the available personnel, may be carried out during an out-of-hours maintenance window. However, specialist staff may only be available at specified times, which may be during business hours; therefore, these tasks may need to be performed during a specially scheduled network downtime.

Step 3: Document customer approved downtime
a. Indicate on the Installation Plan Timeline when the network downtime will occur. _______________________________________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ b. Include a provision for customer approval to be recorded for this downtime. c. Include a task that requires that the users who will be affected are notified with adequate advance notice of the network downtime. Ensure that the users are also notified when the network or service returns to full operation.
Page 3 of 3
Lab 9.3.4 Creating the Bill Of Material Instructor Version

Objectives
Create a Bill Of Material (BOM). Add equipment costs to the proposal. Add service and maintenance support costs to the proposal.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What are the potential issues that an inaccurate or incomplete Bill Of Material could have on the project implementation? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. In this lab, students compile a Bill Of Material and add costs to the FilmCompany network upgrade Project Proposal. Some networking and associated equipment costs may be readily obtained by Internet searches of suppliers and vendor distribution channels. However, some costs and prices may be commercially sensitive and only obtainable by requesting quotations. It may be necessary for instructors to assist students in obtaining this information. Where costs are not available, set a reasonable standard cost of that item for all students in the class. Wherever possible, ensure that costs and prices reflect local supplies that the students would encounter in the workplace. In this lab, you will create the Bill Of Material (BOM) and enter the appropriate information into the Costs section of the FilmCompany proposal. A Bill Of Material is a document that details all of the required hardware and components necessary to implement the proposed upgrade. It consists of an itemized list of hardware, software, and other items that must be ordered and installed. The network designer uses this list to obtain quotations and to create the equipment orders. The BOM is then used to order new equipment and replacement parts for existing
Page 1 of 3

equipment. Therefore, every required item must be included in this list. Items left off the order will delay installation of that device. To develop the BOM, each section of the FilmCompany network is examined to determine what networking equipment is required and what capabilities are needed in each device. New equipment decisions are constrained by the project budget. As the network designer, you would normally collaborate with your company account manager assigned to the FilmCompany account to ensure that the equipment models selected are within the budget constraints and meet current and future business goals. Use the design information and results of previous labs to compile the BOM for the FilmCompany network upgrade. Include the equipment required, software, and support costs.
Step 1: List the items required

a. Use the table below, or create a similar one, to list all the items and equipment that need to be purchased for the FilmCompany network upgrade project. Item Description
Part No.
Qty
Cost
Maint. Cost
Total Cost
Vendor
Notes
b. Search the Internet or use information provided by your instructor to add possible suppliers or vendors to the BOM table. c. Add costs to the BOM. Where possible, obtain costs from local vendors and suppliers. If this information is not readily available, your instructor will provide estimated costs for you to use.
Step 2: Determine the software requirements

a. During the early stages of the network Design Phase, existing applications were identified. Add new applications required by the network upgrade to the BOM. Categorize these as either Network or Specialist applications. b. Add the new applications, installation costs, and required training to the BOM with the identified hardware. Also indicate whether the network upgrade requires additional licenses to be purchased for existing software applications.

Step 3: Add maintenance contracts
a. Investigate the maintenance support service contracts available for both the new and existing equipment. b. Add the details and costs to the BOM.
Step 4: Create the BOM

a. Create the BOM using word processing or spreadsheet software. Using a spreadsheet will facilitate the calculation of total costs and enable easy updating of the document if costs or quantities are amended. b. Save this file and include it in the proposal document. Add a hardcopy of the file to your portfolio.
Page 3 of 3
Lab 9.4.1 Compiling the Documentation Instructor Version

Objectives
Complete the proposal. Develop a proposal presentation.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What preparation could facilitate the compilation of the proposal? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. In this lab, students compile the complete FilmCompany network upgrade Project Proposal. The proposal is based on the material collected in the student portfolios from the specified labs in this course. When the proposal is completed, the student creates a presentation based on the proposal. This presentation is to be made to the class or to guests as the instructor arranges. If possible, students should create an MS PowerPoint or equivalent slide presentation. However, this requires access to presentation resources such as a PC connected to an overhead data projector and a screen. If these resources are not available, alternate presentation means such as overhead transparencies or display boards can be used. Instructors may need to assist students in board writing and presentation techniques. The academy may also need to assist with the printing and copying of student proposals if these are to be distributed to the class or guests. Prepare a list of important terms and conditions that all students can use in Task 1, Step 7 of this lab. Have these terms and conditions reflect local business practices to enable the students to become familiar with the industry. In this lab, you will compile the implementation and costing information created for the FilmCompany network upgrade and integrate this in the Project Proposal documentation.
Page 1 of 4

You will then develop a presentation of this proposal in a form that could be presented to the FilmCompany for their acceptance.
Task 1: Compile the Project Proposal

Step 1: Finalize the documentation requirements
a. Finalize the documentation created in the previous labs and in your project portfolio. b. Insert and compile the information under the following headings: Executive Summary Network Requirements Current Network Environment Proposed Physical Design Proposed Logical Design Implementation Plan Cost Proposal
Step 2: Prepare the cover page

Include a cover page at the beginning of the proposal. The cover page describes the proposal, including the RFP or solicitation number and date, the customer contact information, and the vendor name and contact information.
Step 3: Prepare the Table of Contents

Develop a Table of Contents for the proposal document. NOTE: The Executive Summary must be the first document in the Table of Contents.
Step 4: Create the proposal

Complete the proposal document. The proposal layout should be highly readable and should aid the reader in locating information. Use graphics to enhance the readability of a proposal and convey information where appropriate. Text should be legible, typically a serif typeface such as Times Roman, at 10-point to 12-point type. Page margins should be at least 0.5 inches (125mm). Page numbers should be included at the top or bottom of each page.
Step 5: Update the Executive Summary

Use information from the completed implementation and costing sections to update the Executive Summary.
Step 6: Organize the Proposal binder

Arrange the proposal components in a binder, based on the order cited in the Table of Contents.
Step 7: Prepare Terms and Signatures page

a. Prepare the terms of agreement and an acceptance page for customer signatures to be included at the end of the proposal. The terms and conditions describe all relevant legal terms and contracts that will be required. These terms and conditions support the supply of goods and services related to network improvements and installations.

Important clauses in the terms and conditions usually include: Details about the proposal expiration date Obligations of the customer to obtain permission or other consents within their organization Obligations of the vendor to provide services and equipment with care and skill Dates when completed milestone deliverables are payable Interest chargeable on outstanding payments The amount of notice the customer must give to cancel their equipment and service orders Details about guarantees (if any) provided by the vendor Details about escalating and resolving complaints or issues
If the customer accepts the proposal, an appropriate customer representative signs the Terms and Signatures page. Your instructor will advise of the standard terms and conditions that will apply to all proposals. b. Save this file and include in the proposal document.
Task 2: Prepare the Presentation

Step 1: Plan the presentation
After compiling a proposal, network designers review the entire proposal with their management organization by means of a formal presentation. During this stage of the design proposal, the designer must first sell the concept to the internal management and then to the customer. For your presentation, list the important points to include that illustrate the proposal. A proposal presentation includes slides or other visual aids to graphically represent the proposal. The presentation, along with the proposal document, is vital to ensuring a successful meeting and increasing the probability of a customer sign-off.
Step 2: Create the presentation

This step assumes that the presentation will use MS PowerPoint or equivalent presentation software. Your instructor will advise of the presentation requirements and resources available. a. The content and presentation format are important in a business environment. Create a presentation that considers the following points: Every slide should have a heading that summarizes the information presented on the slide. Computer presentations should not contain full paragraphs of text. Use a bulleted list or outline format and elaborate on the points during the delivery. All type should be legible. Use large fonts, because small fonts are often hard to read. Use contrasting colors either a dark background with light text or a light background with dark text. Keep the format and style consistent throughout the presentation. Do not change text font, text color, background color, or theme except for an occasional special emphasis. Avoid backgrounds that make the text hard to read. Keep the background simple. Do not use ALL CAPS! Their use is unprofessional and they are also more difficult to read. Include a combination of words, pictures, and graphics. Variety keeps the presentation interesting.
Page 3 of 4

b. Save the presentation file and any other presentation aids that you created.
Page 4 of 4
Lab 9.4.2 Presenting the Project Proposal Instructor Version

Objectives
Present network design proposal. Achieve project sign-off.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What could be the outcome if the project proposal is prepared or presented poorly? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. In this lab students present their finalized FilmCompany network upgrade Implementation Plan and Project Proposal to the class. It is important that students understand the importance of presenting their proposal in a professional manner just as they would if presenting to a customer. If possible, set up the presentation class as a special event. Encourage students to dress appropriately and be prepared to "sell" their proposal. They will need to be prepared to answer questions. Be aware of the individual abilities of students. Instructors may need to coach those students who find the presentation process intimidating. The ability to present technical information to peers and customers is an important skill in the workplace. This final presentation may be given to the class. However, to provide an environment more representative of the workplace, presentations could be made to a wider audience. For example, if your academy has other IT faculty and staff, perhaps they could be invited to attend the presentations. Other guests could include instructors from neighboring academies or representatives from local IT or networking businesses. It is important to ensure that the presentations are performed in a positive and supportive environment. Students in the audience are there to learn from the other presentations and not to criticize others needlessly.
Page 1 of 3

At the conclusion of all presentations, conduct a full class debriefing discussion. This discussion is to ensure that any difficulties that individual students may have encountered are resolved and to reaffirm the purpose of this lab as a learning activity. If possible, students should have access to presentation resources such as a PC connected to an overhead data projector and a screen, or alternate presentation means such overhead transparency projector or display boards. Instructors may need to assist students in board writing and presentation techniques. The academy may also need to assist with the printing and copying of student proposals if these are to be distributed to the class or guests. At the conclusion of this lab, each student should submit an individually compiled Project Proposal document and presentation and should have successfully demonstrated the skills and knowledge required of the network design process. In this lab, you will present your FilmCompany network upgrade project proposal to the instructor and the class.
Task 1: Prepare for the Presentation

Step 1: Review the content
a. Ensure that your presentation is complete. b. Review the content to ensure that there are no technical errors. c. Rehearse the presentation to become familiar with the flow of the content and develop a sense of the timing required.
Step 2: Prepare for questions

Your presentation may seem complete and clear to you, but to others there may be points that need clarifying or that contain too much information. Read through your presentation as if seeing it for the first time, Note the points that you would ask questions about. Remind yourself that you will not be able to prepare for every possible question.
Step 3: Prepare yourself

Your instructor will advise you on the details (time. location, audience) of the presentation class. On the day of the presentation, try to observe the following guidelines: a. If possible, and appropriate, wear professional attire. b. Try not to be too nervous. The other students in your class are probably feeling the same as you are. c. If other students are presenting before or after you, give them your attention and participate in the class. Do not think too much about your presentation but focus instead on what is happening in the class.
Task 2: Deliver the Presentation

Step 1: Submit your portfolio and proposal
a. Submit your portfolio and proposal to your instructor before delivering the presentation.
Step 2: Begin the presentation

a. Introduce yourself. b. Deliver the presentation, using your portfolio and a slide presentation such as PowerPoint. Speak slowly and clearly.
Page 2 of 3

Stay with your slide sequence. A common mistake is to introduce material and then continue to talk about it in detail without advancing from the general overview slide for that topic to the detailed slides that follow.
c.
Demonstrate that you know the content of the proposal and sell it as the one that the customer should adopt.
d. Be prepared to respond to questions from the instructors and students.
Step 3: Conclude the presentation

a. Invite any final questions from the audience. b. Finish your presentation by assuring the audience that your proposal meets their requirements and thank them for the opportunity to present it.
Page 3 of 3
Lab 10.0.2.2 Finding the Right Networking Job Instructor Version

Objectives
Research networking jobs that match skill strengths and interests. Create a rsum with a cover letter for a networking job or internship.

Instructor note: This section helps the students realize why they are doing the tasks outlined in the lab. It also requires them to anticipate the end result of the lab. If possible, students should discuss the answers in this section with a partner before beginning the configuration steps. Before starting this lab, read through the tasks that you are expected to perform. What do you expect the result of performing these tasks will be? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What benefits are gained from creating a rsum and cover letter for a networking job that interests you? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________ What resources are available to help evaluate your rsum and cover letter? ______________________________________________________________________________________ ______________________________________________________________________________________ ______________________________________________________________________________________
Instructor Notes: This is a written lab. Acting as Cisco Networking Academy graduates, students are to research an IT position that interests them and then create a rsum and cover letter to apply for the position. The websites listed below offer free assessment tools that students can download to help in their skill strengths assessments. They are not the only tools available. One of the activities that students can be assigned is to research how many resources are available for career assessments. The Academy Career Connection requires students to register as Alumni once they have completed one of the Cisco Networking Academy courses. However, there may be an age restriction for students under the age of 18. A data sheet is available on the Career Connection site at: http://www.cisco.com/web/learning/netacad/career_connection/promoteIT/NetWork/docs/CareerConnectionDS.pdf Two resources offered through the Cisco Networking Academy provide instructor and student resources: The Cisco Virtual Field Trip site, which will link to the Cyber Careers site: http://www.cisco.com/go/virtualfieldtrips and http://www.cybercareers.org.
Page 1 of 4

The Cisco Systems website for jobs and internship positions at http://www.cisco.com/web/about/ac40/about_cisco_careers_home.html
Other resources that may be available to help students create a rsum and cover letter are the Language Arts and Guidance departments in your school or local college. Contact a Human Resource person from a local company and request a presentation or workshop for your students to review what employers consider an acceptable rsum and cover letter. If these resources are not available, you may be able to have other school personnel help review the job description, cover letter, and rsum submitted by each student in an effort to provide constructive feedback. In this lab, you will research an IT position that interests you and then create a rsum and cover letter to apply for the position. There are many resources available today to provide job seekers with a better idea of their attitudes and interests in terms of career choices. The resources available vary widely from free self-assessment tools to resources that require a fee. Some sites may have an age requirement as well as a fee. Some of the resources available can be found on websites, in books, or through memberships with companies that specialize in helping people identify and make career choices. One method is not necessarily better than the other. Over time, you may find that your career choices change as your skill set, experience, and knowledge-base broadens. Career choices may also change as you discover other areas of interest related to your chosen career path. As you perform your job search, remember that the areas of strength and interest identified by the assessment tools are areas that can always be improved upon.
Step 1: Perform a Skills Strength and Interest Assessment

Several career paths are available for individuals interested in an IT career. If you have not already participated in a strength and interest assessment, or if you have not yet determined which career path is of interest to you, research some of the tools available. They can help provide a starting point for an IT career selection. There are many resources available the list below is only a small sampling. Resources available: Secondary school guidance departments and local college career departments can provide helpful information. Public libraries or websites, such as amazon.com, offer books on researching career choices and skill strength assessments such as: Information Technology Jobs in America [2007] Corporate & Government Career Guide (Paperback) by Info Tech Employment (Editor) Discover What Youre Best At by Linda Gale The IT Career Builders Toolkit by Matthew Moran Company websites offering a mix of free and fee related services, such as: Promoting IT Careers: Virtual Field Trips http://www.cisco.com/web/learning/netacad/career_connection/promoteIT/VFT/index.html Cisco Networking Academy Career Connection http://cc.netacad.net/home.do# CompTIA TechCareer Compass http://tcc.comptia.org/default.aspx CyberCareers for the Net Generation http://www.cybercareers.org/students/itcareercenter/ Quintcareers http://www.quintcareers.com/student.html During your search, remember that many IT careers are not limited to IT Companies, but may be associated with the Education, Healthcare, Finance, or Manufacturing industries.
Page 2 of 4

a. Use one of the resources above or similar resources to research possible career choices in the networking field. For example, in addition to identifying skill strengths, the CompTIA TechCareer Compass site has a page via the Explore Job Roles link (http://tcc.comptia.org/job_roles.aspx) that allows you to search for a job based on a job title or job criteria. If you are not sure of a job title, the Search Using Job Concentrations section of that page lists job roles that are divided into three areas: Administration, Development, and Integration. Clicking one of the three areas displays a list of job titles. You can then click any title to see a description of critical job functions, compare your skill strengths with the position requirements, and identify the certifications required for the job. b. Select one of the job titles that is of interest to you as a possible career path.
Step 2: Search a job website for a possible IT position

After identifying a possible career position, search one of the many job sites available. If you are interested in experiencing other cultures or are willing to travel, consider employment opportunities outside your state and country. Internship offerings may also be available. Some possible job sites to use to search include: http://www.cisco.apply2jobs.com/index.cfm www.monster.com www.jobing.com www.careerbuilders.com Instructor note: Please localize this list of job sites to include any that are used locally, in both your city and country. Some countries have government and local job sites as well as commercial sites.
Step 3: Create a rsum and cover letter

a. When a potential job has been found, create a cover letter and rsum that you can use to apply for the position. Print the job description and use it as your guide for creating a customized rsum and cover letter. If the selected job description requests a particular form of rsum, be sure to create your rsum in that format. For example, some jobs require that rsums be submitted via a website only, while others require a paper copy submission. There are many free resources available to assist with the creation of the rsum and cover letter. The websites listed below offer tutorials or information related to writing a rsum and cover letter. http://www.cisco.com/web/learning/netacad/career_connection/promoteIT/VFT http://content.monster.com/resume/industry/12/home.aspx http://www.quintcareers.com/tutorials.html b. After your cover letter and rsum are complete, submit them and the job description to your instructor. Optional activities: Let the students review each others resumes prior to turning them in. Share as a class the different types of IT jobs they chose to apply for and why. Have the students participate in mock interviews through a role-playing process.
Page 3 of 4

Step 4: Reflection
What other areas related to applying for a job are not covered in this particular lab? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Potential answers: Interviews: types of interviews that can be conducted, potential questions asked in interviews, preparing for an interview Dressing for an interview and conduct during an interview Post interview follow-up letters Salary and benefit negotiations
Page 4 of 4

En DCompNtwk ILM 40

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

En DCompNtwk ILM 40

Încărcat de

Drepturi de autor:

Formate disponibile

This document is exclusive property of Cisco Systems, Inc.

Designing and Supporting Computer Networks

CCNA Discovery Designing and Supporting Computer Networks

FilmCompany Floor Plans

CCNA Discovery Designing and Supporting Computer Networks

Interview with FilmCompany on Current and Future Organization

CCNA Discovery Designing and Supporting Computer Networks

CCNA Discovery Designing and Supporting Computer Networks

FilmCompany Network and Topology

CCNA Discovery Designing and Supporting Computer Networks

CCNA Discovery Designing and Supporting Computer Networks

CCNA Discovery Designing and Supporting Computer Networks

Lab Network Services

CCNA Discovery Server Live CD v2.0

Burning the CD Image

Starting the Server

When booted, a screen similar to that shown in Figure 1 displays.

Figure 1: The KDE Display

Configuring the Server

If the IP addressing information is not correct, complete Steps A and B below.

A. Setting the Network Address

Figure 4: Discovery Server DNS Configuration

B. Starting DNS and DHCP

Streaming Video Server

Quick Start Instructions

Common Issues and Answers

Additional Resources for Instructors

Use Cisco Network Assistant, Discovery Server

references SDM SDM SDM

CCNA Discovery Designing and Supporting Computer Networks

Lab 1.3.4 Creating an ACL Instructor Version

Device Discovery Server R1 S1 Host1 Host2

Host Name Server FC-CPE-1 FC-ASW-1 PC1 PC2

Address 172.17.1.1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1 10.0.0.10 10.0.0.201

Subnet Mask 255.255.0.0 255.255.0.0 255.255.255.0 255.255.255.0 255.255.255.0

640-802 CCNA Exam Objectives

Step 1: Analyze the traffic filtering requirements

CCNA Discovery Designing and Supporting Computer Networks

Step 2: Design and create the ACL

CCNA Discovery Designing and Supporting Computer Networks

CCNA Discovery Designing and Supporting Computer Networks

Step 4: Test the network services without ACLs

CCNA Discovery Designing and Supporting Computer Networks

Step 5: Configure the network services ACL

d. Deny all other traffic. FC-CPE-1(config-ext-nacl)#remark Deny all other traffic

CCNA Discovery Designing and Supporting Computer Networks

Step 6: Apply the ACLs

Step 7: Test the network services with ACLs

CCNA Discovery Designing and Supporting Computer Networks

Step 8: Observe the number of statement matches

CCNA Discovery Designing and Supporting Computer Networks

Running config of router after lab completion:

FC-CPE-1#show run Building configuration...

CCNA Discovery Designing and Supporting Computer Networks

CCNA Discovery Designing and Supporting Computer Networks

CCNA Discovery Designing and Supporting Computer Networks

Lab 1.4.3 Monitoring VLAN Traffic Instructor Version

Device Designation S1 PC1 PC2 1841 Router Discovery Server

Device Name FC-ASW-1 Host1 Host2 Router Server

Address 172.17.1.10 172.17.1.11 172.17.0.1 172.17.1.1

Subnet mask 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0

CCNA Discovery Designing and Supporting Computer Networks

640-802 CCNA Exam Objectives