Table of Contents

Exercise 1: Binary to Decimal Conversion ............................................................................................. 1

Exercise 2: Decimal to Binary Conversion ............................................................................................. 2
Exercise 3: Address Class Identification ................................................................................................ 3
Exercise 4: Network and Host Identification Based on Class of Address ............................................. 4
Exercise 5: Default Subnet Mask ........................................................................................................... 5
Exercise 6: Network Address ................................................................................................................. 6
Exercise 7: Broadcast Address ............................................................................................................... 7
Exercise 8: CISCO Slash Notation ........................................................................................................... 8
Exercise 9: Binary to Hexa Decimal Conversion .................................................................................... 9
Exercise 10: Hexadecimal to Binary Conversion ................................................................................. 10
Exercise 11: Omission of Zero’s ........................................................................................................... 11
Exercise 12: Replacing Successive Fields of Zero’s With “::”.............................................................. 12
Exercise 13: Custom Subnet Mask (Subnetting).................................................................................. 13
Exercise 14: Variable Length Subnet Mask (VLSM) ............................................................................. 19
Lab 1: Understanding IPv4 Network Communication ......................................................................... 21
Assigning IPv4 Address to computers.............................................................................................. 22
Verify communication between the same and different network computers. ............................. 23
Assigning Default Gateway address to computers ......................................................................... 26
Verify communication between the different network computers. .............................................. 27
Lab 2: Understanding IPv6 Network Communication ......................................................................... 29
Assigning IPv6 Address to computers.............................................................................................. 30
Verify communication between the same and different network computers. ............................. 31
Assigning Default Gateway address to computers ......................................................................... 33
Verify communication between the different network computers. .............................................. 34
Lab 3: Initial Configuration of Router - IPv4 Network ......................................................................... 36
Establish console connectivity ......................................................................................................... 37
Access router via console with an emulation software .................................................................. 37
Get to know Cisco IOS Modes and Show commands...................................................................... 42
Configure Hostname and Interface IP address ................................................................................ 45
Configure Connectivity Passwords .................................................................................................. 46
Configure Privilege Mode / Enable Password ................................................................................. 46
Verify configuration in RAM and NVRAM ....................................................................................... 46
Saving configuration to the router .................................................................................................. 48
 Access the router via Telnet............................................................................................................. 50
Lab 4: Initial Configuration of Router – IPv6 Network ........................................................................ 54
Establish console connectivity ......................................................................................................... 55
Access router via console with an emulation software .................................................................. 55
Get to know Cisco IOS Modes and Show commands...................................................................... 55
Configure Hostname and Interface IPv6 address ............................................................................ 58
Configure Connectivity Passwords .................................................................................................. 58
Configure Privilege Mode / Enable Password ................................................................................. 59
Verify configuration in RAM and NVRAM ....................................................................................... 59
Saving configuration to the router .................................................................................................. 61
Access the router via Telnet............................................................................................................. 63
Lab 5: Basic Router Security ................................................................................................................. 64
Access router via Telnet ................................................................................................................... 65
Encrypt all clear text passwords on the router ............................................................................... 65
Configure Warning Banner............................................................................................................... 68
Configure unattended (idle-timeout) session timeout for VTY access........................................... 69
Lab 6: WAN Configuration – Serial Interface (IPv4) ............................................................................ 70
Identify Serial Interface as DCE or DTE ............................................................................................ 71
Configure Serial Interface ................................................................................................................ 72
Verify Serial Interface Configuration ............................................................................................... 74
Troubleshooting Serial Interface ..................................................................................................... 75
Lab 7: WAN Configuration – Ethernet Interface (IPv4) ....................................................................... 76
Configure Ethernet Interface ........................................................................................................... 76
Verify Ethernet Interface Configuration .......................................................................................... 77
Troubleshooting Ethernet Interface ................................................................................................ 78
Lab 8: WAN Configuration – Ethernet Interface (IPv6) ....................................................................... 79
Verify Ethernet Interface existing status ......................................................................................... 80
Configure Ethernet Interface with IPv6 address ............................................................................. 81
Verify IPv6 Address Configuration on Ethernet Interface .............................................................. 81
Troubleshooting Ethernet Interface ................................................................................................ 82
Lab 9: Static Routing on IPv4 Network ................................................................................................ 83
Enabling IPv4 Routing ...................................................................................................................... 84
Verify IPv4 Routing Table ................................................................................................................. 84
Configure Static Routing on IPv4 Network ...................................................................................... 86
Verify Static Routing on IPv4 Network ............................................................................................ 86
Verify communication between the IPv4 networks ....................................................................... 88
Lab 10: Static Routing on IPv4 Network via exit Interface ................................................................. 89
Enabling IPv4 Routing ...................................................................................................................... 90
Verify IPv4 Routing Table ................................................................................................................. 90
Configure Static Routing on IPv4 Network ...................................................................................... 92
Verify Static Routing on IPv4 Network ............................................................................................ 92
Verify communication between the IPv4 networks ....................................................................... 93
Lab 11: Static Routing on IPv6 Network .............................................................................................. 95
Enabling IPv6 Routing ...................................................................................................................... 96
Verify IPv6 Routing Table ................................................................................................................. 96
Configure Static Routing on IPv6 Network ...................................................................................... 97
Verify Static Routing on IPv6 Network ............................................................................................ 98
Verify communication between the IPv6 networks ....................................................................... 99
Lab 12: RIP on IPv4 Network .............................................................................................................. 100
Configure Loopback Interface ........................................................................................................ 101
Verify Loopback Interface .............................................................................................................. 102
Configure RIP Routing on IPv4 network ........................................................................................ 103
Verify RIP Routing on IPv4 network .............................................................................................. 104
Verify communication between the IPv4 networks ..................................................................... 106
Verify RIP protocol default settings ............................................................................................... 107
Verify RIP Update Packets.............................................................................................................. 107
Lab 13: OSPF on IPv4 Network ........................................................................................................... 109
Configure OSPF – Single Area on IPv4 Network ............................................................................ 110
Verify OSPF – Single Area on IPv4 Network .................................................................................. 111
Verify communication between the IPv4 networks ..................................................................... 112
Verify OSPF Neighbour and Database Table ................................................................................. 113
Verify OSPF protocol default settings............................................................................................ 115
Verify OSPF Hello Packets .............................................................................................................. 115
Enable passive interface on OSPF .................................................................................................. 116
Configuring OSPF Cost metric for an interface .............................................................................. 117
Lab 14: OSPF – Multiple Area on IPv4 Network ................................................................................ 120
Configure OSPF Routing with backbone area and multiple connected areas on IPv4 Network . 121
Verify OSPF – Multiple Area on IPv4 Network .............................................................................. 122
Verify communication between the IPv4 networks ..................................................................... 123
Verify OSPF Neighbour and Database Table ................................................................................. 125
Lab 15: OSPF Routing – DR (Designated Router) and BDR (Backup Designated Router) ................ 128
Configure OSPF Routing with backbone area on IPv4 Network ................................................... 129
 Verify OSPF Neighbour and Database Table ................................................................................. 130
Lab 16: OSPFv3 on IPv6 Network ....................................................................................................... 132
Configure OSPFv3 on IPv6 Network............................................................................................... 133
Verify OSPFv3 on IPv6 Network..................................................................................................... 134
Verify communication between the IPv6 networks ..................................................................... 135
Verify OSPF Neighbour and Database Table on IPv6 Network ..................................................... 136
Lab 17: Initial Configuration of Switch .............................................................................................. 137
Establish console connectivity ....................................................................................................... 138
Access switch via console with an emulation software ................................................................ 138
Getting familiar with Cisco Switch IOS Modes and show commands .......................................... 139
Configure Hostname and VLAN 1 Interface IP address ................................................................. 143
Configure Connectivity Passwords ................................................................................................ 143
Configure Privilege Mode / Enable Password ............................................................................... 143
Configure Default Gateway and Description on Interface............................................................ 144
Save configuration on the switch .................................................................................................. 144
Access the Switch via Telnet .......................................................................................................... 145
Lab 18: VLAN and Trunking ................................................................................................................ 146
Verify communication between the computers connected to same and different switches ..... 147
Verify Default VLAN information ................................................................................................... 148
Configure and Implement VLAN .................................................................................................... 149
Verify communication between the computers connected to same switch. .............................. 152
Configure Trunking ......................................................................................................................... 153
Verify trunk configuration ............................................................................................................. 153
Verify communication between the computers connected to different switch. ........................ 156
Lab 19: Voice VLAN Configuration ..................................................................................................... 157
Data & Voice vlan Configuration: .................................................................................................. 157
Data & Voice vlan Implementation ............................................................................................... 157
Verifying Data & Voice vlan Configuration.................................................................................... 158
Lab 20: Dynamic Trunking Protocol (DTP) ......................................................................................... 160
Configure DTP Trunking ................................................................................................................. 161
Verify DTP Trunk configuration ..................................................................................................... 161
Verify communication between the computers connected to different switch. ........................ 164
Lab 21: VLAN Trunking Protocol (VTP) .............................................................................................. 165
Configure VTP Domain Name and Password ................................................................................ 166
Verify the working of VTP .............................................................................................................. 167
Lab 22: Router on a Stick (Inter-VLAN Routing) ................................................................................ 170
 Verify communication between the computers in Different VLAN ............................................. 171
Configure Sub Interfaces and IP Routing on Router ..................................................................... 172
Verify communication between the computers in Different VLAN ............................................. 173
Lab 23: Routing Between VLANs using Multilayer Switch ................................................................ 174
Configuring VLAN in the Multilayer Switch (Layer 2 VLAN) .......................................................... 174
Implementing Layer 2 VLAN .......................................................................................................... 175
Verifing Layer 2 VLAN..................................................................................................................... 175
Configuring IP Address to Specific VLAN (SVI) .............................................................................. 175
Verifing SVI ..................................................................................................................................... 175
Lab 24: Cisco Discovery Protocol (CDP) ............................................................................................. 177
Enabling CDP................................................................................................................................... 178
Verify CDP information .................................................................................................................. 178
Lab 25: Spanning Tree Protocol (STP) ................................................................................................ 180
Verify STP default behaviour ......................................................................................................... 181
Configuring particular switch to become the Root Bridge ........................................................... 182
Verify STP ....................................................................................................................................... 182
Lab 26: Portfast and BPDU Guard ...................................................................................................... 185
Verify Port State in STP after enabling Portfast ............................................................................ 186
Configuring Postfast and BPDU guard for an Interface................................................................. 188
Verify Port State in STP after enabling Portfast ............................................................................ 188
Configuring Postfast and BPDU guard for a Switch....................................................................... 189
Verify Portfast and BPDU Guard configuration for switch ........................................................... 190
Lab 27: Etherchannel .......................................................................................................................... 191
Configure Etherchannel.................................................................................................................. 192
Verify Etherchannel ........................................................................................................................ 192
Lab 28: Implementing L3 Etherchannel ............................................................................................. 198
Configuring Layer 3 Etherchannel .................................................................................................. 198
Layer 3 Interface configure an IP address on this port-channel Interface ................................... 198
Verifing Layer 3 Interface configure an IP address on this port-channel Interface ..................... 199
Lab 29: Port Security .......................................................................................................................... 201
Configure Port Security .................................................................................................................. 202
Verify Port Security Violation ........................................................................................................ 202
Configure Port Security Recovery .................................................................................................. 203
Lab 30: Standard Access Control List on IPv4 Network (NUMBERED) .............................................. 204
Verify communication between computers / networks before configuring the access list ....... 205
Configure and Implement Standard ACL - Numbered .................................................................. 206
 Verify blocked communication between computers / networks specified in ACL ...................... 207
Lab 31: Standard Access Control List on IPv4 Network (NAMED) .................................................... 208
Verify communication between computers / networks before configuring the access list ....... 209
Configure and Implement Standard ACL - Named ........................................................................ 211
Verify blocked communication between computers / networks specified in ACL ...................... 212
Lab 32: Extended Access Control List on IPv4 Network (NUMBERED) ............................................. 214
Verify services and communication between computers / networks before configuring the
Extended Access List ...................................................................................................................... 215
Configure and Implement Extended ACL - Numbered .................................................................. 216
Verify blocked services and communication between computers / networks specified in ACL . 217
Lab 33: Extended Access Control List on IPv4 Network (NAMED) .................................................... 218
Verify services and communication between computers / networks before configuring the
Extended Access List ...................................................................................................................... 219
Configure and Implement Extended ACL - Numbered .................................................................. 220
Verify blocked services and communication between computers / networks specified in ACL . 221
Lab 34: Time Bases ACL Configuration............................................................................................... 222
Configuring Time Based ACL .......................................................................................................... 222
Verifing Time Based ACL ................................................................................................................ 223
Lab 35: Access Control List on IPv6 Network.................................................................................... 224
Verify communication between computers / networks before configuring the access list ....... 225
Configure and Implement Extended ACL - Named........................................................................ 226
Verify blocked communication between computers / networks specified in ACL ...................... 227
Lab 36: Default Routing...................................................................................................................... 228
Configure WAN Interface ............................................................................................................... 229
Configure Default Routing ............................................................................................................. 229
Verify Default Routing.................................................................................................................... 229
Lab 37: Static NAT............................................................................................................................... 231
Configure Static NAT ...................................................................................................................... 232
Verify Static NAT ............................................................................................................................ 232
Verify Static NAT Packets ............................................................................................................... 233
Lab 38: Port Address Translation (PAT) ............................................................................................. 234
Configure PAT ................................................................................................................................. 235
Verify PAT ....................................................................................................................................... 235
Verify PAT Packets.......................................................................................................................... 236
Lab 39: SYSLOG ................................................................................................................................... 237
Configure Logging to Syslog Server ................................................................................................ 238
 Configure Logging to Buffer ........................................................................................................... 238
Generate and Verify Syslog Messages ........................................................................................... 238
Lab 40: NTP ......................................................................................................................................... 240
Configure Date and Time - Manual ................................................................................................ 241
Verify Current Date and Time ........................................................................................................ 241
Configure Router as NTP client ...................................................................................................... 241
Verify Date and time via NTP ......................................................................................................... 241
Lab 41: DHCP Server and Client ......................................................................................................... 242
Verify DHCP on client computer .................................................................................................... 243
Verify DHCP Server ......................................................................................................................... 244
Lab 42: Hot Standby Router Protocol (HSRP) .................................................................................... 245
Configure Ethernet Interface, Serial Interface and Default Routing ............................................ 246
Configure HSRP ............................................................................................................................... 246
Verify HSRP ..................................................................................................................................... 247
Verify communication and data path to destination network ..................................................... 247
Understand HSRP behaviour.......................................................................................................... 248
Verify HSRP ..................................................................................................................................... 248
Verify communication and data path to destination network ..................................................... 249
Cisco Security ...................................................................................................................................... 250
Lab 1: Securing Administrative Access .............................................................................................. 250
To enhance router security by encrypting all passwords, configure banners, exec-timeouts on
router .............................................................................................................................................. 250
Access router via Telnet ................................................................................................................. 251
Encrypt all clear text passwords on the router ............................................................................. 251
Verify router's existing configuration ............................................................................................ 251
Encrypt all clear text passwords .................................................................................................... 253
Configure Warning Banner............................................................................................................. 254
Configure a warning message to display prior to login ................................................................ 254
Configure unattended (idle-timeout) session timeout for VTY access......................................... 255
Configure a minimum password length for all router passwords ................................................ 256
Create a new user account using the username command .......................................................... 256
Configure Enhanced Virtual Login Security on Routers ................................................................ 256
Configure the router to log login activity ...................................................................................... 257
Lab 2: Local Database Authentication ............................................................................................... 258
Lab 3: SSH Configuration .................................................................................................................... 260
Configuring SSH to Access Device Remotely ................................................................................. 261
 Generate the RSA encryption key pair for the router ................................................................... 261
Verify the SSH configuration .......................................................................................................... 261
Configure SSH timeouts and authentication parameters ............................................................. 261
Verify SSH access to Router ........................................................................................................... 262
Lab 4: Privilege Levels ........................................................................................................................ 263
Configure Various Privilege Levels................................................................................................. 263
Verifing Privilege Levels ................................................................................................................. 264
Lab 5: AAA Authentication (TACACS and RADIUS) ............................................................................ 265
Configure AAA Authentication (TACACS Server) ........................................................................... 266
Verify AAA Authentication............................................................................................................. 266
Lab 6: Securing Boot Image (IOS) and Configuration File ................................................................. 267
Securing IOS Image File and Router Configuration File ................................................................ 267
Lab 7: Generic Routing Encapsulation (GRE) ..................................................................................... 269
Configure Serial Interface .............................................................................................................. 269
Configure Default Routing ............................................................................................................. 270
Configure GRE Tunnel Interface..................................................................................................... 271
Verify GRE Tunnel Configuration ................................................................................................... 271
Configure Routing........................................................................................................................... 272
Verify Routing ................................................................................................................................. 273
Verify communication between the networks ............................................................................. 274
Lab 8: Password Recovery.................................................................................................................. 275
Establish console connectivity ....................................................................................................... 276
Access router via console with an emulation software ................................................................ 276
Enter Rom Monitor Mode and Change Configuration Register Value ......................................... 277
Load saved configuration to the router......................................................................................... 277
Reconfigure Privilege Mode / Enable Password ........................................................................... 277
Reset the Configuration Register Value back to the default: ....................................................... 277
Enable the Ethernet interface: ....................................................................................................... 277
Saving configuration to the router and restart the router ........................................................... 278
Verify login to the router using new password ............................................................................. 278
Lab 9: IOS and Configuration Backup ................................................................................................ 279
Backup of Router Configuration on TFTP Server ........................................................................... 280
Verify backup configuration file on TFTP Server ........................................................................... 280
Backup of Router IOS ..................................................................................................................... 280
Verify backup IOS file on TFTP server ............................................................................................ 281
Backup of Router Configuration on FTP Server ............................................................................. 281
Verify backup configuration file on FTP Server ............................................................................. 282
Backup of Router IOS ..................................................................................................................... 282
Backup of Router Configuration on SCP Server............................................................................. 283
Verify backup configuration file on SCP Server ............................................................................. 284
Backup of Router IOS ..................................................................................................................... 284
 Exercise 1: Binary to Decimal Conversion

128 64 32 16 8 4 2 1 ANSWER IN SCRATCH AREA

DECIMAL

1 0 0 1 0 0 1 0

1 1 0 0 0 0 0 0

1 0 1 0 1 0 0 0

0 1 0 0 0 0 0 0

0 0 0 0 1 0 1 0
 Exercise 2: Decimal to Binary Conversion

DECIMAL ANSWER IN BINARY SCRATCH AREA

128 64 32 16 8 4 2 1

167

63

17

24

254
 Exercise 3: Address Class Identification

ADDRESS CLASS

126.10.1.1

128.10.1.1

162.78.1.10

39.255.255.255

220.1.1.10
Exercise 4: Network and Host Identification Based on Class of
Address

CIRCLE THE NETWORK PORTION CIRCLE THE HOST PORTION

OF BELOW ADDRESSES OF BELOW ADDRESSES

132.12.1.1 161.43.5.6

128.10.1.1 13.1.100.254

176.13.10.10 202.153.32.121

162.78.1.10 100.140.2.230

200.1.1.1 171.24.100.10
 Exercise 5: Default Subnet Mask

ADDRESS CLASS

126.10.1.1

128.10.1.1

162.78.1.10

52.255.255.255

220.1.1.10
 Exercise 6: Network Address

USING THE IP ADDRESS AND SUBNET MASK SHOWN, WRITE THE NETWORK ADDRESS

IP ADDRESS AND SUBNET MASK NETWORK ADDRESS

121.12.1.1

255.0.0.0

175.13.10.10

255.255.0.0

200.1.10.1

255.255.255.0

119.0.255.20

255.0.0.0

191.168.1.10

255.255.0.0
 Exercise 7: Broadcast Address

USING THE IP ADDRESS AND SUBNET MASK SHOWN, WRITE THE BROADCAST ADDRESS

IP ADDRESS AND SUBNET MASK BROADCAST ADDRESS

161.43.5.6

255.255.0.0

13.1.100.254

255.0.0.0

202.153.32.121

255.255.255.0

100.140.2.230

255.0.0.0

171.24.100.10

255.255.0.0
 Exercise 8: CISCO Slash Notation

SLASH NOTATION SUBNET MASK

/29

/22

/12

/25

/18
 Exercise 9: Binary to Hexa Decimal Conversion

ANSWER IN
HEXADECIMAL

1 1 1 1

1 1 0 1 1 0 1 1

1 0 1 1 1 0 1 1 1 0 1 0

1 0 1 1 1 0 1 0 1 0 1 1 1 0 1 0

1 1 0 0 1 0 1 0 1 1 1 1 1 1 1 0

1 1 1 1 1 0 1 0 1 1 0 0 1 1 1 0

1 1 0 0 0 0 0 1 0 1 0 1 1 1 0 0
 Exercise 10: Hexadecimal to Binary Conversion

HEXADECIMAL

2F

4FD

01E8

2001

FE80
 Exercise 11: Omission of Zero’s

IPv6 ADDRESS
IPv6 ADDRESS
AFTER OMISSION OF ZERO’S

2001:2222:0000:0000:0000:0000:0000:0001

20DB:C0A8:0101:0000:0000:0000:0000:0042

2000:0000:0000:4DAD:0023:0046:00BB:0101

FF02:0000:0000:0000:0000:0000:0000:0001

0000:0000:0000:0000:0000:0000:0000:0001
 Exercise 12: Replacing Successive Fields of Zero’s With “::”

IPv6 ADDRESS
IPv6 ADDRESS AFTER REPLACING SUCCESSIVE FIELDS
OF ZERO’S WITH “::”

2002:1111:04CF:0000:0000:0000:0000:002F

3FFF:0000:0000:0000:0000:005D: 0000:09CE

2001:0000:0000: FACE: B00C:0000:0000:0069

20DB:0000:0000:6666:0000:0000:0000:5228

2001:1111:0000:0000:0000:0000:0000:0001
 Exercise 13: Custom Subnet Mask (Subnetting)

PROBLEM : 1

Number of needed subnets 14

Network Address 200.10.10.0

Address class

Default subnet mask

Custom subnet mask

Total number of subnets

Total number of host addresses

Number of usable addresses

Number of bits borrowed from the host

portion
 PROBLEM : 2

Number of needed usable hosts 60

Network Address 171.10.0.0

Address class

Default subnet mask

Custom subnet mask

Total number of subnets

Total number of host addresses

Number of usable addresses

Number of bits borrowed from the host

portion
 PROBLEM : 3

Network Address 138.25.0.0/26

Address class

Default subnet mask

Custom subnet mask

Total number of subnets

Total number of host addresses

Number of usable addresses

Number of bits borrowed from the host

portion
 PROBLEM : 4

Number of needed subnets 2000

Network Address 111.0.0.0

Address class

Default subnet mask

Custom subnet mask

Total number of subnets

Total number of host addresses

Number of usable addresses

Number of bits borrowed from the host

portion
 PROBLEM : 5

Number of needed usable hosts 1000

Network Address 165.34.0.0

Address class

Default subnet mask

Custom subnet mask

Total number of subnets

Total number of host addresses

Number of usable addresses

Number of bits borrowed from the host

portion
 PROBLEM : 6

Network Address 192.100.1.0/29

Address class

Default subnet mask

Custom subnet mask

Total number of subnets

Total number of host addresses

Number of usable addresses

Number of bits borrowed from the host

portion
 Exercise 14: Variable Length Subnet Mask (VLSM)

PROBLEM: 1
The administrator gave the networking team 192.168.1.0/24 to use for addressing the entire network.
After subnetting the address, the team is ready to assign the addresses
PROBLEM: 2
The administrator gave the networking team 192.168.164.0/24 to use for addressing the entire
network. After subnetting the address, the team is ready to assign the addresses. The administrator
plans to configure ip subnet-zero and use RIP v2 as the routing protocol. As a member of the
networking team, you must address the network and at the same time conserve unused addresses for
future growth.
 Lab 1: Understanding IPv4 Network Communication

OBJECTIVE:
To verify communication between same network and different network computers after assigning
IPv4 Address and Default Gateway.

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

TASK:
 Assigning IPv4 address to computers.
 Verify communication between the same and different network computers.
 Assigning Default Gateway address to computers.
 Verify communication between the different network computers.
Assigning IPv4 Address to computers

On Windows 7 or Windows 8.x or Windows 10 Computer

 Open Network and Sharing Center
 Click on Change adapter settings and Click Open.
 Right-click on your local adapter and select Properties.
 In the Local Area Connection Properties window select Internet Protocol Version 4 (TCP/IPv4)
then click the Properties button.
 Now select the radio button Use the following IP address and enter in the IP address and Subnet
mask and click OK.

 Verify above configured ip address by giving below command.

C:\> ipconfig

Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix :
IPv4 Address. . . . . . . . . . . . . . : 192.168.201.10
Subnet Mask . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . :

 Repeat the above steps to configure ip address on all windows based computers.
On Linux
 Give below command to configure ip address
bt ~ # ifconfig eth0 192.168.201.10

 To verify the configured ip address by giving below command.

bt ~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:21:97:73:58:21
inet addr:192.168.201.10 Bcast:192.168.201.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:171979 errors:0 dropped:0 overruns:0 frame:0
TX packets:341932 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12370727 (11.7 MiB) TX bytes:463457462 (441.9 MiB)
Interrupt:20 Base address:0xe800

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:1796 (1.7 KiB) TX bytes:1796 (1.7 KiB)

 Repeat the above steps to configure ip address on all linux based computers.

Verify communication between the same and different network computers.

From 192.168.201.10 computer (i.e. PC1) ping other computers

ping 192.168.201.20

PING 192.168.201.20 (192.168.201.20) 56(84) bytes of data.

64 bytes from 192.168.201.20: icmp_seq=1 ttl=64 time=24.0 ms
64 bytes from 192.168.201.20: icmp_seq=2 ttl=64 time=24.0 ms
64 bytes from 192.168.201.20: icmp_seq=3 ttl=64 time=24.1 ms
64 bytes from 192.168.201.20: icmp_seq=4 ttl=64 time=24.0 ms

ping 192.168.201.30

PING 192.168.201.30 (192.168.201.30) 56(84) bytes of data.

64 bytes from 192.168.201.30: icmp_seq=1 ttl=64 time=24.0 ms
64 bytes from 192.168.201.30: icmp_seq=2 ttl=64 time=24.0 ms
64 bytes from 192.168.201.30: icmp_seq=3 ttl=64 time=24.1 ms
64 bytes from 192.168.201.30: icmp_seq=4 ttl=64 time=24.0 ms

ping 192.168.202.10

connect: Network is unreachable

From 192.168.202.10 computer (i.e. PC4) ping other computers
ping 192.168.202.20

PING 192.168.202.20 (192.168.202.20) 56(84) bytes of data.

64 bytes from 192.168.202.20: icmp_seq=1 ttl=64 time=24.0 ms
64 bytes from 192.168.202.20: icmp_seq=2 ttl=64 time=24.0 ms
64 bytes from 192.168.202.20: icmp_seq=3 ttl=64 time=24.1 ms
64 bytes from 192.168.202.20: icmp_seq=4 ttl=64 time=24.0 ms

ping 192.168.202.30

PING 192.168.202.30 (192.168.202.30) 56(84) bytes of data.

64 bytes from 192.168.202.30: icmp_seq=1 ttl=64 time=24.0 ms
64 bytes from 192.168.202.30: icmp_seq=2 ttl=64 time=24.0 ms
64 bytes from 192.168.202.30: icmp_seq=3 ttl=64 time=24.1 ms
64 bytes from 192.168.202.30: icmp_seq=4 ttl=64 time=24.0 ms

ping 192.168.201.10

connect: Network is unreachable

From 192.168.201.10 computer (i.e. PC1) trace network communication path to other computers

tracert 192.168.201.20 (Windows) or traceroute 192.168.201.20 (Linux)

traceroute to 192.168.201.20 (192.168.201.20), 30 hops max, 38 byte packets
1 192.168.201.20 (192.168.201.20) 1.456 ms 0.193 ms 0.114 ms

tracert 192.168.201.30 (Windows) or traceroute 192.168.201.30 (Linux)

traceroute to 192.168.201.30 (192.168.201.30), 30 hops max, 38 byte packets
1 192.168.201.30 (192.168.201.30) 1.156 ms 0.193 ms 0.114 ms

From 192.168.202.10 computer (i.e. PC4) trace network communication path to other computers
tracert 192.168.202.20 (Windows) or traceroute 192.168.202.20 (Linux)
traceroute to 192.168.202.20 (192.168.202.20), 30 hops max, 38 byte packets
1 192.168.202.20 (192.168.202.20) 1.456 ms 0.193 ms 0.114 ms

tracert 192.168.202.30 (Windows) or traceroute 192.168.202.30 (Linux)

traceroute to 192.168.202.30 (192.168.202.30), 30 hops max, 38 byte packets
1 192.168.202.30 (192.168.202.30) 1.156 ms 0.193 ms 0.114 ms

Assigning Default Gateway address to computers

On Windows 7 or Windows 8.x or Windows 10 Computer

 Open Network and Sharing Center
 Click on Change adapter settings and Click Open.
 Right-click on your local adapter and select Properties.
 In the Local Area Connection Properties window select Internet Protocol Version 4 (TCP/IPv4)
then click the Properties button.
 Now select the radio button Use the following IP address and enter Default Gateway and click
OK.

 Verify above configured default gateway by giving below command.

C:\> ipconfig

Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . . . . : 192.168.201.10
 Subnet Mask . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . : 192.168.201.1

 Repeat the above steps to configure default gateway on all windows based computers.

On Linux
 Give below command to configure default gateway
bt ~ # route add default gw 192.168.201.1

 To verify the configure default gateway by giving below command.

bt ~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.201.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.201.1 0.0.0.0 UG 0 0 0 eth0

 Repeat the above steps to configure default gateway on all linux based computers.

Verify communication between the different network computers.

From 192.168.201.10 computer (i.e. PC1) ping other computers

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

64 bytes from 192.168.202.10: icmp_seq=1 ttl=63 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=2 ttl=63 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=3 ttl=63 time=24.1 ms
64 bytes from 192.168.202.10: icmp_seq=4 ttl=63 time=24.0 ms

ping 192.168.202.20

PING 192.168.202.20 (192.168.202.20) 56(84) bytes of data.

64 bytes from 192.168.202.20: icmp_seq=1 ttl=63 time=24.0 ms
64 bytes from 192.168.202.20: icmp_seq=2 ttl=63 time=24.0 ms
64 bytes from 192.168.202.20: icmp_seq=3 ttl=63 time=24.1 ms
64 bytes from 192.168.202.20: icmp_seq=4 ttl=63 time=24.0 ms

ping 192.168.201.30

PING 192.168.202.30 (192.168.202.30) 56(84) bytes of data.

64 bytes from 192.168.202.30: icmp_seq=1 ttl=63 time=24.0 ms
64 bytes from 192.168.202.30: icmp_seq=2 ttl=63 time=24.0 ms
64 bytes from 192.168.202.30: icmp_seq=3 ttl=63 time=24.1 ms
64 bytes from 192.168.202.30: icmp_seq=4 ttl=63 time=24.0 ms
From 192.168.202.10 computer (i.e. PC4) ping other computers

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=1 ttl=63 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=2 ttl=63 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=3 ttl=63 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=4 ttl=63 time=24.0 ms

ping 192.168.201.20

PING 192.168.201.20 (192.168.201.20) 56(84) bytes of data.

64 bytes from 192.168.201.20: icmp_seq=1 ttl=63 time=24.0 ms
64 bytes from 192.168.201.20: icmp_seq=2 ttl=63 time=24.0 ms
64 bytes from 192.168.201.20: icmp_seq=3 ttl=63 time=24.1 ms
64 bytes from 192.168.201.20: icmp_seq=4 ttl=63 time=24.0 ms

ping 192.168.201.30

PING 192.168.201.30 (192.168.201.30) 56(84) bytes of data.

64 bytes from 192.168.201.30: icmp_seq=1 ttl=63 time=24.0 ms
64 bytes from 192.168.201.30: icmp_seq=2 ttl=63 time=24.0 ms
64 bytes from 192.168.201.30: icmp_seq=3 ttl=63 time=24.1 ms
64 bytes from 192.168.201.30: icmp_seq=4 ttl=63 time=24.0 ms

From 192.168.201.10 computer (i.e. PC1) trace network communication path to other computers

tracert 192.168.202.10 (Windows) or traceroute 192.168.202.10 (Linux)

traceroute to 192.168.202.10 (192.168.202.10), 30 hops max, 38 byte packets
1 192.168.201.1 (192.168.201.1) 1.086 ms 1.124 ms 1.144 ms
2 192.168.202.10 (192.168.202.10) 2.295 ms 2.156 ms 2.209 ms

tracert 192.168.202.20 (Windows) or traceroute 192.168.202.20 (Linux)

traceroute to 192.168.202.20 (192.168.202.20), 30 hops max, 38 byte packets
1 192.168.201.1 (192.168.201.1) 1.086 ms 1.124 ms 1.144 ms
2 192.168.202.20 (192.168.202.20) 2.295 ms 2.156 ms 2.209 ms

From 192.168.202.10 computer (i.e. PC4) trace network communication path to other computers

tracert 192.168.201.10 (Windows) or traceroute 192.168.201.10 (Linux)

traceroute to 192.168.201.10 (192.168.201.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 192.168.201.10 (192.168.201.10) 2.295 ms 2.156 ms 2.209 ms

tracert 192.168.201.20 (Windows) or traceroute 192.168.201.20 (Linux)

traceroute to 192.168.201.20 (192.168.201.20), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 192.168.201.20 (192.168.201.20) 2.295 ms 2.156 ms 2.209 ms
 Lab 2: Understanding IPv6 Network Communication

OBJECTIVE:
To verify communication between same network and different network computers after assigning
IPv6 Address and Default Gateway.

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

TASK:
 Assigning IPv6 address to computers.
 Verify communication between the same and different network computers.
 Assigning Default Gateway address to computers.
 Verify communication between the different network computers.
Assigning IPv6 Address to computers

On Windows 7 or Windows 8.x or Windows 10 Computer

 Open Network and Sharing Center
 Click on Change adapter settings and Click Open.
 Right-click on your local adapter and select Properties.
 In the Local Area Connection Properties window select Internet Protocol Version 6 (TCP/IPv6)
then click the Properties button.
 Now select the radio button Use the following IPv6 address and enter in the IP address and Subnet
prefix and click OK.

 Verify above configured ip address by giving below command.

C:\> ipconfig

Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . . . . . . . : 2001:1111::10
Link-local IPv6 Address . . . . . . . . : fe80::449d:6a9a:2c80:80dc%64
Default Gateway . . . . . . . . . . . . . :

 Repeat the above steps to configure ip address on all windows based computers.
On Linux
 Give below command to configure ip address
bt ~ # ifconfig eth0 inet6 add 2001:1111::10/64

 To verify the configured ipv6 address by giving below command.

bt ~ # ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 2001:1111::10 prefixlen 64 scopeid 0x0<global>
ether 44:8a:5b:d4:39:3c txqueuelen 1000 (Ethernet)
RX packets 230 bytes 82110 (80.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 121 bytes 19549 (19.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

 Repeat the above steps to configure ip address on all linux based computers.

Verify communication between the same and different network computers.

From 2001:1111::10 computer (i.e. PC1) ping other computers

ping 2001:1111::20 (Windows) or ping6 2001:1111::20 (Linux)

PING 2001:1111::20(2001:1111::20) 56 data bytes

64 bytes from 2001:1111::20: icmp_seq=1 ttl=64 time=0.494 ms
64 bytes from 2001:1111::20: icmp_seq=2 ttl=64 time=0.361 ms
64 bytes from 2001:1111::20: icmp_seq=3 ttl=64 time=0.335 ms
64 bytes from 2001:1111::20: icmp_seq=4 ttl=64 time=0.336 ms

ping 2001:1111::30 (Windows) or ping6 2001:1111::30 (Linux)

PING 2001:1111::30(2001:1111::30) 56 data bytes

64 bytes from 2001:1111::30: icmp_seq=1 ttl=64 time=0.494 ms
64 bytes from 2001:1111::30: icmp_seq=2 ttl=64 time=0.361 ms
64 bytes from 2001:1111::30: icmp_seq=3 ttl=64 time=0.335 ms
64 bytes from 2001:1111::30: icmp_seq=4 ttl=64 time=0.336 ms

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux)

connect: Network is unreachable

From 2001:2222::10 computer (i.e. PC4) ping other computers
ping 2001:2222::20 (Windows) or ping6 2001:2222::20 (Linux)

PING 2001:2222::20(2001:2222::20) 56 data bytes

64 bytes from 2001:2222::20: icmp_seq=1 ttl=64 time=0.494 ms
64 bytes from 2001:2222::20: icmp_seq=2 ttl=64 time=0.361 ms
64 bytes from 2001:2222::20: icmp_seq=3 ttl=64 time=0.335 ms
64 bytes from 2001:2222::20: icmp_seq=4 ttl=64 time=0.336 ms

ping 2001:2222::30 (Windows) or ping6 2001:2222::30 (Linux)

PING 2001:2222::30(2001:2222::30) 56 data bytes

64 bytes from 2001:2222::30: icmp_seq=1 ttl=64 time=0.494 ms
64 bytes from 2001:2222::30: icmp_seq=2 ttl=64 time=0.361 ms
64 bytes from 2001:2222::30: icmp_seq=3 ttl=64 time=0.335 ms
64 bytes from 2001:2222::30: icmp_seq=4 ttl=64 time=0.336 ms

ping 2001:1111::10 (Windows) or ping6 2001:1111::10 (Linux)

connect: Network is unreachable

From 2001:1111::10 computer (i.e. PC1) trace network communication path to other computers

tracert 2001:1111::20 (Windows) or traceroute6 2001:1111::20 (Linux)

traceroute to 2001:1111::20 (2001:1111::20) from 2001:1111::10, 30 hops max,16 byte
1 2001:1111::20 (2001:1111::20) 3005.56 ms !H 3006.88 ms !H 3005.99

tracert 2001:1111::30 (Windows) or traceroute6 2001:1111::30 (Linux)

traceroute to 2001:1111::30 (2001:1111::30) from 2001:1111::10, 30 hops max,16 byte
1 2001:1111::30 (2001:1111::20) 3005.56 ms !H 3006.88 ms !H 3005.99

From 2001:2222::10 computer (i.e. PC4) trace network communication path to other computers

tracert 2001:2222::20 (Windows) or traceroute6 2001:2222::20 (Linux)

traceroute to 2001:2222::20 (2001:2222::20) from 2001:2222::10, 30 hops max,16 byte
1 2001:2222::20 (2001:2222::20) 3005.56 ms !H 3006.88 ms !H 3005.99

tracert 2001:2222::30 (Windows) or traceroute6 2001:2222::30 (Linux)

traceroute to 2001:2222::30 (2001:2222::30) from 2001:2222::10, 30 hops max,16 byte
1 2001:2222::30 (2001:2222::20) 3005.56 ms !H 3006.88 ms !H 3005.99
Assigning Default Gateway address to computers

On Windows 7 or Windows 8.x or Windows 10 Computer

 Open Network and Sharing Center
 Click on Change adapter settings and Click Open.
 Right-click on your local adapter and select Properties.
 In the Local Area Connection Properties window select Internet Protocol Version 6 (TCP/IPv6)
then click the Properties button.
 Now select the radio button Use the following IPv6 address and enter Default Gateway and click
OK.

 Verify above configured default gateway by giving below command.

C:\> ipconfig

Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . . . . . . . : 2001:1111::10
Link-local IPv6 Address . . . . . . . . : fe80::449d:6a9a:2c80:80dc%64
Default Gateway . . . . . . . . . . . . . : 2001:1111::1

 Repeat the above steps to configure default gateway on all windows based computers.
On Linux
 Give below command to configure default gateway
bt ~ # route -6 add default gw 2001:1111::1

 To verify the configure default gateway by giving below command.

bt ~ # route -6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: Un 0 1 0 lo
2001:1111::/64 :: U 256 0 2 eth0
fe80::468a:5bff:fed4:3899/128 :: Un 0 1 0 lo
fe80::/64 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth0
::/0 2001:1111::1 UG 1 0 0 eth0
bt ~ #

 Repeat the above steps to configure default gateway on all linux based computers.

Verify communication between the different network computers.

From 2001:1111::10 computer (i.e. PC1) ping other computers

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux)

PING 2001:2222::10(2001:2222::10) 56 data bytes

64 bytes from 2001:2222::10: icmp_seq=1 ttl=63 time=0.494 ms
64 bytes from 2001:2222::10: icmp_seq=2 ttl=63 time=0.361 ms
64 bytes from 2001:2222::10: icmp_seq=3 ttl=63 time=0.335 ms
64 bytes from 2001:2222::10: icmp_seq=4 ttl=63 time=0.336 ms

ping 2001:2222::20 (Windows) or ping6 2001:2222::20 (Linux)

PING 2001:2222::20(2001:2222::20) 56 data bytes

64 bytes from 2001:2222::20: icmp_seq=1 ttl=63 time=0.494 ms
64 bytes from 2001:2222::20: icmp_seq=2 ttl=63 time=0.361 ms
64 bytes from 2001:2222::20: icmp_seq=3 ttl=63 time=0.335 ms
64 bytes from 2001:2222::20: icmp_seq=4 ttl=63 time=0.336 ms

ping 2001:2222::30 (Windows) or ping6 2001:2222::30 (Linux)

PING 2001:2222::30(2001:2222::30) 56 data bytes

64 bytes from 2001:2222::30: icmp_seq=1 ttl=63 time=0.494 ms
64 bytes from 2001:2222::30: icmp_seq=2 ttl=63 time=0.361 ms
64 bytes from 2001:2222::30: icmp_seq=3 ttl=63 time=0.335 ms
64 bytes from 2001:2222::30: icmp_seq=4 ttl=63 time=0.336 ms
From 2001:2222::10 computer (i.e. PC4) ping other computers
ping 2001:1111::10 (Windows) or ping6 2001:1111::10 (Linux)

PING 2001:1111::10(2001:1111::10) 56 data bytes

64 bytes from 2001:1111::10: icmp_seq=1 ttl=63 time=0.494 ms
64 bytes from 2001:1111::10: icmp_seq=2 ttl=63 time=0.361 ms
64 bytes from 2001:1111::10: icmp_seq=3 ttl=63 time=0.335 ms
64 bytes from 2001:1111::10: icmp_seq=4 ttl=63 time=0.336 ms

ping 2001:1111::20 (Windows) or ping6 2001:1111::20 (Linux)

PING 2001:1111::20(2001:1111::20) 56 data bytes

64 bytes from 2001:1111::20: icmp_seq=1 ttl=63 time=0.494 ms
64 bytes from 2001:1111::20: icmp_seq=2 ttl=63 time=0.361 ms
64 bytes from 2001:1111::20: icmp_seq=3 ttl=63 time=0.335 ms
64 bytes from 2001:1111::20: icmp_seq=4 ttl=63 time=0.336 ms

ping 2001:1111::30 (Windows) or ping6 2001:1111::30 (Linux)

PING 2001:1111::30(2001:1111::30) 56 data bytes

64 bytes from 2001:1111::30: icmp_seq=1 ttl=63 time=0.494 ms
64 bytes from 2001:1111::30: icmp_seq=2 ttl=63 time=0.361 ms
64 bytes from 2001:1111::30: icmp_seq=3 ttl=63 time=0.335 ms
64 bytes from 2001:1111::30: icmp_seq=4 ttl=63 time=0.336 ms

From 2001:1111::10 computer (i.e. PC1) trace network communication path to other computers

tracert 2001:2222::10 (Windows) or traceroute6 2001:2222::10 (Linux)

traceroute to 2001:2222::10 (2001:2222::10) from 2001:1111::10, 30 hops max,16 byte
1 2001:1111::1 (2001:1111::1) 1.12 ms 1.012 ms 1.039 ms
2 2001:2222::10 (2001:2222::10) 1.111 ms 0.884 ms 0.861 ms

tracert 2001:2222::20 (Windows) or traceroute6 2001:2222::20 (Linux)

traceroute to 2001:2222::20 (2001:2222::20) from 2001:1111::10, 30 hops max,16 byte
1 2001:1111::1 (2001:1111::1) 1.12 ms 1.012 ms 1.039 ms
2 2001:2222::20 (2001:2222:10) 1.111 ms 0.884 ms 0.861 ms

From 2001:2222::10 computer (i.e. PC4) trace network communication path to other computers

tracert 2001:1111::10 (Windows) or traceroute6 2001:1111::10 (Linux)

traceroute to 2001:1111::10 (2001:1111::10) from 2001:2222::10, 30 hops max,16 byte
1 2001:2222::1 (2001:2222::1) 1.12 ms 1.012 ms 1.039 ms
2 2001:1111::10 (2001:1111::10) 1.111 ms 0.884 ms 0.861 ms

tracert 2001:1111::20 (Windows) or traceroute6 2001:1111::20 (Linux)

traceroute to 2001:1111::20 (2001:1111::20) from 2001:2222::10, 30 hops max,16 byte
1 2001:2222::1 (2001:2222::1) 1.12 ms 1.012 ms 1.039 ms
2 2001:1111::20 (2001:1111:10) 1.111 ms 0.884 ms 0.861 ms
 Lab 3: Initial Configuration of Router - IPv4 Network

OBJECTIVE:
To get familiarized with Cisco IOS modes and configure a new Router with basic configuration i.e.
assign IPv4 address on the interfaces and configure passwords etc.

TOPOLOGY:
Setup Console and Ethernet connectivity for the lab as below:

TASK:
 Establish console connectivity
 Access router via console with an emulation software
 Get to know Cisco IOS Modes and Show commands
 Configure Hostname and Interface IP address
 Configure Connectivity Passwords
 Configure Privilege Mode / Enable Password
 Verify configuration in RAM and NVRAM
 Saving configuration to the router
 Access the router via Telnet
Establish console connectivity

Establish console connectivity by connecting Router console port to PC Com Port with console cable
as shown in the picture below:

Access router via console with an emulation software

Configure the following parameters in emulation software for accessing router via console port.

Parameters Console Port Settings

Baud 9600

Data bits 8

Parity None

Stop bits 1
Accessing router via console from Microsoft Windows Computer
 Start a terminal emulator application, such as PUTTY.exe
 Select Serial option and set speed to 9600.
 Click Open

 Once emulation software is ready, Power-ON the Router.

Accessing router via console from Linux Computer

 From the terminal enter the below command
# minicom –s
 Select Serial port Setup and press enter

 It will display default COM Port Settings.

 Specify COM Port where console cable is connected by pressing "a" and use backspace to delete
"1" and add "0".

 Change the Bps Setting to 9600 by pressing "e" and select the alphabet matching to
speed "9600".
 Change the Hardware Flow Control option to No by pressing "F".

 Select Save Setup as dfl option.

 Select "Exit" option.

 Once emulation software is ready, Power-ON the Router.

Get to know Cisco IOS Modes and Show commands

After the Router boots-up completely, (on a new Cisco Router) it enters setup mode as below:

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no
Would you like to terminate autoinstall? [yes]: yes

If you choose “Yes”, IOS will prompt questions to gather the information to configure the Router, it is
recommended to choose “no”, since we can configure the Router using IOS commands

Router >

To navigate into Privilege mode/Executive Mode from User Mode and Vice-Versa
Router>enable
Router #

Router# disable
Router >
To view router IOS and hardware information
Router # show version
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Tue 24-Mar-15 09:00 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Router uptime is 56 minutes

System returned to ROM by reload at 08:19:55 UTC Sat Jul 9 2016
System image file is "flash:c2800nm-adventerprisek9-mz.151-4.M10.bin"
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be for:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 2811 (revision 1.0) with 249856K/12288K bytes of memory.

Processor board ID FHK1109F34X
2 FastEthernet interfaces
2 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
125440K bytes of ATA CompactFlash (Read/Write)

License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2811 FHK1109F34X

Configuration register is 0x2102

Router#
To view router flash Information
Router # show flash
-#- ---length--- -----date/time------ path
1 1 Jan 1 2016 13:54:52 +00:00 redirect.out
2 67926080 Sep 5 2015 14:59:38 +00:00 c2800nm-adventerprisek9-mz.151n

60235776 bytes available (67932160 bytes used)

To view router current configuration (RAM)

Router # show running-config
Current configuration : 1010 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no aaa new-model!
dot11 syslog
ip source-route!
ip cef
!
no ipv6 cef
!
multilink bundle-name authenticated!
!
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
control-plane
!
mgcp profile default
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Router#

To view router startup configuration (NVRAM)

Router# show startup-config
startup-config is not present

To navigate into Global Configuration Mode

Router # configure terminal
Router (config) #

Configure Hostname and Interface IP address

To change the Host Name of Router

Router (config) # hostname HYD-1
HYD-1 (config) #
To configure IP address on Ethernet Interface (LAN interface)
HYD-1 (config) # interface Fastethernet 0/0
HYD-1 (config-if) # ip address 192.168.202.1 255.255.255.0
HYD-1 (config-if) # no shutdown
HYD-1 (config-if) # exit
Configure Connectivity Passwords

To configure telnet password

HYD-1 (config) # line vty 0 4
HYD-1 (config-line) # password zoom
HYD-1 (config-line) # login
HYD-1 (config-line) # exit

To configure console password

HYD-1 (config) # line console 0
HYD-1 (config-line) # password ccna
HYD-1 (config-line) # login
HYD-1 (config-line) # exit

To configure auxiliary password

HYD-1 (config) # line aux 0
HYD-1 (config-line) # password cisco
HYD-1 (config-line) # login
HYD-1 (config-line) # exit

Configure Privilege Mode / Enable Password

Configure privilege password

HYD-1 (config) # enable password ccna
HYD-1 (config) # enable secret zoom

Verify configuration in RAM and NVRAM

To View Router Current Configuration (RAM)

HYD-1 # show running-config

Current configuration : 1241 bytes

!
Last configuration change at 08:37:39 UTC Sat Jul 9 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HYD-1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$DMgk$lTC7TUZVwFn5969wEB2mw.
enable password ccna
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
no ipv6 cef
!
multilink bundle-name authenticated
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server!
control-plane
!
mgcp profile default
!
!
!
!
!
!
line con 0
password ccna
login
line aux 0
password cisco
login
line vty 0 4
password zoom
login
transport input all
!
scheduler allocate 20000 1000
end

To View Router Startup Configuration (NVRAM)

HYD-1 # show startup-config
startup-config is not present

Saving configuration to the router

To save configuration on router

HYD-1 # write memory
Destination filename [startup-config]?
Building configuration...

[OK]
HYD-1 #

To view router startup configuration (NVRAM)

HYD-1 # show startup-config
Current configuration : 1241 bytes
!
Last configuration change at 08:40:39 UTC Sat Jul 9 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HYD-1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$DMgk$lTC7TUZVwFn5969wEB2mw.
enable password ccna
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
no ipv6 cef
!
multilink bundle-name authenticated
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server!
control-plane
!
!
mgcp profile default!
!
line con 0
password ccna
login
line aux 0
password cisco
login
line vty 0 4
password zoom
login
transport input all
!
scheduler allocate 20000 1000
end

Access the router via Telnet

 Accessing router via telnet by giving below command on a Windows or Linux computer.
telnet 192.168.202.1
Access router via GUI

HYD-1 (config)# ip http server

HYD-1 (config)# ip http secure-server
HYD-1 (config)# ip http authentication local
HYD-1 (config)# username admin privilege 15 password admin

verification

HYD-1#sh running-config
Building configuration...
Current configuration : 3124 bytes
!
! Last configuration change at 00:04:44 UTC Sat Jan 1 2000
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HYD-1
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$WpS0$HImO.1GPb85gjNJYwKySR/
enable password ccna
!
no aaa new-model
!
!
dot11 syslog
ip source-route
no ip routing
!
!
no ip cef
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint TP-self-signed-1843470639
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1843470639
revocation-check none
rsakeypair TP-self-signed-1843470639
!
!
crypto pki certificate chain TP-self-signed-1843470639
certificate self-signed 01
quit
!
!
license udi pid CISCO2811 sn FCZ1244726T
username admin privilege 15 password 0 admin
!
redundancy
interface Loopback1
ip address 8.8.8.8 255.0.0.0
no ip route-cache
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
no ip route-cache
duplex auto
speed auto
ipv6 address 2001:1111::/64
ipv6 address 2001:1111::1/64
interface FastEthernet0/1
no ip address
no ip route-cache
duplex auto
speed auto
ipv6 address 2001:5555::1/64
interface Serial0/0/0
ip address 172.17.0.1 255.255.0.0
no ip route-cache
clock rate 64000
interface Serial0/0/1
ip address 172.16.0.2 255.255.0.0
no ip route-cache
clock rate 64000
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
control-plane

line con 0
password zoom
login
line aux 0
password zoom
login
line vty 0 4
password zoom
login
transport input all
!
scheduler allocate 20000 1000
HYD-1#

Accessing router via GUI CCP

 Lab 4: Initial Configuration of Router – IPv6 Network

OBJECTIVE:
To get familiarized with Cisco IOS modes and configure a new Router with basic configuration i.e.
assign IPv6 address on the interfaces and configure passwords etc.

TOPOLOGY:
Setup Console and Ethernet connectivity for the lab as below:

TASK:
 Establish console connectivity
 Access router via console with an emulation software
 Get to know Cisco IOS Modes and Show commands
 Configure Hostname and Interface IP address
 Configure Connectivity Passwords
 Configure Privilege Mode / Enable Password
 Verify configuration in RAM and NVRAM
 Saving configuration to the router
 Access the router via Telnet
Establish console connectivity

Refer page no. 36 for how to establish console connectivity.

Access router via console with an emulation software

Refer page no. 36 for accessing Router via console port.

Get to know Cisco IOS Modes and Show commands

After the Router boots-up completely, (on a new Cisco Router) it enters setup mode as below:

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no
Would you like to terminate autoinstall? [yes]: yes

If you choose “Yes”, IOS will prompt questions to gather the information to configure the Router, it is
recommended to choose “no”, since we can configure the Router using IOS commands

Router >

To navigate into Privilege mode/Executive Mode from User Mode and Vice-Versa
Router>enable
Router #

Router# disable
Router >

To view router IOS and hardware information

Router # show version
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Tue 24-Mar-15 09:00 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Router uptime is 56 minutes

System returned to ROM by reload at 08:19:55 UTC Sat Jul 9 2016
System image file is "flash:c2800nm-adventerprisek9-mz.151-4.M10.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United States and local country laws
governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption. Importers, exporters,
distributors and users are responsible for compliance with U.S. and local country laws. By using this
product you agree to comply with applicable laws and regulations. If you are unable to comply with
U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be fou:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 2811 (revision 1.0) with 249856K/12288K bytes of memory.

Processor board ID FHK1109F34X
2 FastEthernet interfaces
2 Serial (sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
125440K bytes of ATA CompactFlash (Read/Write)

License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2811 FHK1109F34X

Configuration register is 0x2102

Router#

To view router flash Information

Router # show flash
-#- ---length--- -----date/time------ path
1 1 Jan 1 2016 13:54:52 +00:00 redirect.out
2 67926080 Sep 5 2015 14:59:38 +00:00 c2800nm-adventerprisek9-mz.151n

60235776 bytes available (67932160 bytes used)

To view router current configuration (RAM)
Router # show running-config
Current configuration: 1010 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no aaa new-model!
dot11 syslog
ip source-route!
ip cef
!
no ipv6 cef
!
multilink bundle-name authenticated!
!
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
control-plane
!
mgcp profile default
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Router#

To view router startup configuration (NVRAM)

Router# show startup-config
startup-config is not present

To navigate into Global Configuration Mode

Router # configure terminal
Router (config) #

Configure Hostname and Interface IPv6 address

To change the Host Name of Router

Router (config) # hostname HYD-1
HYD-1 (config) #

To configure IPv6 address on Ethernet Interface (LAN interface)

HYD-1 (config) # interface Fastethernet 0/0
HYD-1 (config-if) # ipv6 address 2001:1111::1/64
HYD-1 (config-if) # no shutdown
HYD-1 (config-if) # exit

Configure Connectivity Passwords

To configure telnet password

HYD-1 (config) # line vty 0 4
HYD-1 (config-line) # password zoom
HYD-1 (config-line) # login
HYD-1 (config-line) # exit
To configure console password
HYD-1 (config) # line console 0
HYD-1 (config-line) # password ccna
HYD-1 (config-line) # login
HYD-1 (config-line) # exit

To configure auxiliary password

HYD-1 (config) # line aux 0
HYD-1 (config-line) # password cisco
HYD-1 (config-line) # login
HYD-1 (config-line) # exit

Configure Privilege Mode / Enable Password

Configure privilege password

HYD-1 (config) # enable password ccna
HYD-1 (config) # enable secret zoom

Verify configuration in RAM and NVRAM

To View Router Current Configuration (RAM)

HYD-1 # show running-config

Current configuration : 1241 bytes

!
Last configuration change at 08:37:39 UTC Sat Jul 9 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HYD-1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$DMgk$lTC7TUZVwFn5969wEB2mw.
enable password ccna
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
multilink bundle-name authenticated
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
ip address ipv6 address 2001:1111::1/64
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
no ip http server
no ip http secure-server!
control-plane
!
mgcp profile default
!
line con 0
password ccna
login
line aux 0
password cisco
login
line vty 0 4
password zoom
login
transport input all
!
scheduler allocate 20000 1000
end
To View Router Startup Configuration (NVRAM)
HYD-1 # show startup-config
startup-config is not present

Saving configuration to the router

To save configuration on router

HYD-1 # copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

[OK]
HYD-1 #

To view router startup configuration (NVRAM)

HYD-1 # show startup-config
Current configuration: 1241 bytes
!
Last configuration change at 08:40:39 UTC Sat Jul 9 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HYD-1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$DMgk$lTC7TUZVwFn5969wEB2mw.
enable password ccna
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
no ipv6 cef
!
multilink bundle-name authenticated
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
ip address ipv6 address 2001:1111::1/64
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
no ip http server
no ip http secure-server!
control-plane
!
mgcp profile default!
!
line con 0
password ccna
login
line aux 0
password cisco
login
line vty 0 4
password zoom
login
transport input all
!
scheduler allocate 20000 1000
end
Access the router via Telnet
 Accessing router via telnet by giving below command on a Windows or Linux computer.
telnet 2001:1111::1

Microsoft Windows [Version 6.2.9200]

(c) 2012 Microsoft Corporation. All rights reserved.
C:\> telnet 2001:1111::1
Trying 2001:1111::1...
Connected to 2001:1111::1.
Escape character is '^]'.

User Access Verification

Password:
HYD-1>enable
Password:
HYD-1#
 Lab 5: Basic Router Security

OBJECTIVE:
To enhance router security by encrypting all passwords, configure banners, exec-timeouts on router.

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

Pre-requisite: Initial configuration to be done on the router (LAB – 3)

TASKS:
 Access router via Telnet
 Encrypt all clear text passwords on the router.
 Configure Warning Banner
 Configure unattended (idle-timeout) session timeout for VTY access
Access router via Telnet
 Access router via telnet by giving below command on a Windows or Linux computer.
telnet 192.168.202.1

Encrypt all clear text passwords on the router

Verify router's existing configuration

All password is in clear text except enable secret password
HYD-1 # sh running-config
Current configuration : 1241 bytes
!
Last configuration change at 08:37:39 UTC Sat Jul 9 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HYD-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$DMgk$lTC7TUZVwFn5969wEB2mw.
enable password ccna
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
multilink bundle-name authenticated
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server!
control-plane
!
mgcp profile default
!
line con 0
password ccna
login
line aux 0
password cisco
login
line vty 0 4
password zoom
login
transport input all
!
scheduler allocate 20000 1000
end

HYD-1 #
Encrypt all clear text passwords
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # service password-encryption
HYD-1 (config) # end

Verification:

Now previously visible passwords are encrypted

HYD-1 # sh running-config
Building configuration...
Current configuration: 1241 bytes
!
Last configuration change at 08:37:39 UTC Sat Jul 9 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HYD-1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$DMgk$lTC7TUZVwFn5969wEB2mw.
enable password 7 045802150C2E
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
multilink bundle-name authenticated
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
 shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server!
control-plane
!
mgcp profile default
!
line con 0
password 7 141411050D
login
line aux 0
password 7 030752180500
login
line vty 0 4
password 7 0109090B56
login
transport input all
!
scheduler allocate 20000 1000
end
HYD-1 #

Configure Warning Banner

Configure a warning message to display prior to login.

HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # banner motd $
Enter TEXT message. End with the character '$'.
=======================================================================
UNAUTHORISED ACCESS STRICTLY PROHIBITED AND
PROSECUTED TO THE FULL EXTENT OF THE LAW
=======================================================================$
Verification:
Now open a new telnet session from your computer to the router to verify the banner configured.
i.e. telnet 192.168.202.1

Configure unattended (idle-timeout) session timeout for VTY access

By default unattended session time-out is 10 minutes. We reducing the unattended session timeout
to 1 minute 00 seconds.
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # line vty 0 4
HYD-1 (config-line) # exec-timeout 1 00
HYD-1 (config-line) # end

Verification:
Now open a new telnet session from your computer to the router (get into privilege mode) and leave
the session open without performing any action or modification for 1 minute. Session will be
automatically disconnected after the session time-out has been reached.
 Lab 6: WAN Configuration – Serial Interface (IPv4)

OBJECTIVE:
To configure and troubleshoot a Serial Interface.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

TASK:
 Identify Serial Interface as DCE or DTE
 Configure Serial Interface
 Verify Serial Interface Configuration
 Troubleshooting Serial Interface
Identify Serial Interface as DCE or DTE

Example - HYD-1

Identify DCE / DTE interface on HYD-1

HYD-1 # show controllers serial 0/0/0
Interface Serial0/0/0
Hardware is GT96K
DTE V.35
idb at 0x48C78680, driver data structure at 0x48C7FC80
wic_info 0x48C802AC
Physical Port 1, SCC Num 1
!
<output omitted>
!

HYD-1 # show controllers serial 0/0/1

Interface Serial0/0/1
Hardware is GT96K
DCE V.35, no clock
idb at 0x48C82750, driver data structure at 0x48C89F94
wic_info 0x48C8A5C0
Physical Port 0, SCC Num 0
!
<output omitted>
!

Verify Serial Interface existing status

HYD-1 # show interface serial 0/0/0
Serial0/0/0 is administratively down, line protocol is down
Hardware is GT96K Serial
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
!
<output omitted>
!

HYD-1 # show interface serial 0/0/1

Serial0/0/1 is administratively down, line protocol is down
Hardware is GT96K Serial
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
!
<output omitted>
!
Verify HYD-1's existing configuration
HYD-1 # show running-config
Building configuration...
Current configuration : 1210 bytes
hostname HYD-1
!
<output omitted>
!
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
<output omitted>
!
end

HYD-1 #

Repeat the above commands on CHE and BAN routers.

Configure Serial Interface

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config)# interface serial 0/0
CHE (config-if)# ip address 172.16.0.1 255.255.0.0
CHE (config-if)# no shutdown
CHE (config-if)# clock rate 64000
CHE (config-if)# encapsulation hdlc
CHE (config-if)# exit
CHE (config)#
CHE (config)# interface serial 0/1
CHE (config-if)# ip address 172.18.0.2 255.255.0.0
CHE (config-if)# no shutdown
CHE (config-if)# encapsulation hdlc
CHE (config-if)# exit
CHE (config)# exit

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config)# interface serial 0/0/0
HYD-1 (config-if)# ip address 172.17.0.1 255.255.0.0
HYD-1 (config-if)# no shutdown
HYD-1 (config-if)# clock rate 64000
HYD-1 (config-if)# encapsulation hdlc
HYD-1 (config-if)# exit
HYD-1 (config)#

HYD-1 (config)# interface serial 0/0/1

HYD-1 (config-if)# ip address 172.16.0.2 255.255.0.0
HYD-1 (config-if)# no shutdown
HYD-1 (config-if)# encapsulation hdlc
HYD-1 (config-if)# exit
HYD-1 (config)# exit

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config)# interface serial 0/0
BAN (config-if)# ip address 172.18.0.1 255.255.0.0
BAN (config-if)# no shutdown
BAN (config-if)# clock rate 64000
BAN (config-if)# encapsulation hdlc
BAN (config-if)# exit
BAN (config)#

BAN (config)# interface serial 0/1

BAN (config-if)# ip address 172.17.0.2 255.255.0.0
BAN (config-if)# no shutdown
BAN (config-if)# encapsulation hdlc
BAN (config-if)# exit
BAN (config)# exit
Verify Serial Interface Configuration

CHE – Verification
CHE # show interface serial 0/0
Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 172.16.0.1/16
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
!
<output omitted>
!

CHE# show interface serial 0/1

Serial0/1 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 172.18.0.2/16
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
!
<output omitted>
!

HYD-1 – Verification:

HYD-1 # show interface serial 0/0/0

Serial0/0/0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 172.17.0.1/16
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
!
<output omitted>

HYD-1 # show interface serial 0/0/1

Serial0/0/1 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 172.16.0.2/16
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
!
<output omitted>
BAN – Verification:

BAN # show interface serial 0/0

Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 172.18.0.1/16
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
!
<output omitted>
!

BAN # show interface serial 0/1

Serial0/1 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 172.17.0.2/16
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
!
<output omitted>
!

Troubleshooting Serial Interface

From the output, the first line indicates the status of the Serial interface. There are 4 possible states:
1. Serial 0/0 is up , line protocol is up
Layer 1 and Layer 2 Connectivity and configuration is fine
2. Serial 0/0 is administratively down, line protocol is down
‘No Shutdown’ has to be given on the local Router’s Serial interface
3. Serial 0/0 is up, line protocol is down
Encapsulation mismatch or clock rate has not been given on the DCE interface or Lease Line
problem
4. Serial 0/0 is down, line protocol is down
Problem with the v.35 cable, CSU/DSU or ‘no shutdown’ has not been given on the remote
Router
 Lab 7: WAN Configuration – Ethernet Interface (IPv4)

OBJECTIVE:
To configure and troubleshoot an Ethernet Interface.

TOPOLOGY:
Setup Ethernet Connectivity for the lab as below:

TASK:
 Configure Ethernet Interface
 Verify Ethernet Interface Configuration
 Troubleshooting Ethernet Interface

Configure Ethernet Interface

Configuration Hyd-1 Router

HYD-1(Config)#interface fastethernet 0/1
HYD-1(Config-if)#ip address 172.16.0.1 255.255.0.0
HYD-1(Config-if)#no shutdown
HYD-1(Config-if)#exit
HYD-1(Config)#
Hyd-1(config)#exit
Hyd-1#

Configure Hyd-2 Router

Hyd-2(config)#Inerface fastethernet 0/1

Hyd-2(config-if)#ip address 172.16.0.2 255.255.0.0
Hyd-2(config-if)#no shutdown
Hyd-2(config)#exit
Hyd-2(config)#exit
Hyd-2#

Verify Ethernet Interface Configuration

Verification:

To verify ethernet as wan In Hyd-1 Router

Hyd-1#show interface fastethernet 0/1
FastEthernet0/1 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0023.04e6.a7c1 (bia 0023.04e6.a7c1)
Internet address is 172.16.0.1/16
Input
--More--

To verify ethernet as wan In Hyd-2 Router

HYD-2#show interfaces fastEthernet 0/1

FastEthernet0/1 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 001e.be4f.7131 (bia 001e.be4f.7131)
Internet address is 172.16.0.2/16
s, 0 collisions, 1 interface resets
--More--
To very all interface at a time
HYD-1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.202.1 YES NVRAM up up
FastEthernet0/1 172.16.0.1 YES manual up up
Serial0/0/0 unassigned YES manual administratively down down
Serial0/0/1 unassigned YES manual administratively down down
HYD-1#

HYD-2#show ip interface brief

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.205.1 YES manual up up
FastEthernet0/1 172.16.0.2 YES manual up up
Serial0/0/0 unassigned YES manual administratively down down
Serial0/0/1 unassigned YES manual administratively down down
HYD-2#
Troubleshooting Ethernet Interface

From the output, the first line indicates the status of the Ethernet interface. There are 4 possible
states:
1. Fastethernet 0/0 is up , line protocol is up
Layer 1 and Layer 2 Connectivity and configuration is fine
2. Fastethernet 0/0 is administratively down, line protocol is down
‘No Shutdown’ has to be given on the local Ethernet interface
3. Fastethernet 0/0 is up, line protocol is down
Speed & Duplex Mismatch or ‘No Shutdown’ has not been given on the remote device ethernet
interface.
4. Fastethernet 0/0 is down, line protocol is down
Layer 1 problem - No device attached or faulty cable.
 Lab 8: WAN Configuration – Ethernet Interface (IPv6)

OBJECTIVE:
To configure and troubleshoot an Ethernet Interface.

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

TASK:
 Verify Ethernet Interface existing status
 Configure Ethernet Interface with IPv6 address
 Verify IPv6 Address Configuration on Ethernet Interface
 Troubleshooting Ethernet Interface
Verify Ethernet Interface existing status
HYD-1 # show interface fastethernet 0/1
FastEthernet0/ is administratively down, line protocol is down
Hardware is MV96340 Ethernet, address is 0017.9460.c209 (bia 0017.9460.c209)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
!
<output omitted>
!

Verify HYD-1's existing configuration

HYD-1 # show running-config
Building configuration...
Current configuration : 1210 bytes
hostname HYD-1
!
<output omitted>
!
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
ip address ipv6 address 2001:1111::1/64
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 172.17.0.1 255.255.0.0
!
interface Serial0/0/1
ip address 172.16.0.2 255.255.0.0
!
<output omitted>
!
end

HYD-1 #

Repeat the above commands on HYD-2 router.

Configure Ethernet Interface with IPv6 address

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config)# interface fastethernet 0/1
HYD-1 (config-if)# ipv6 address 2001:5555::1/64
HYD-1 (config-if)# no shutdown
HYD-1 (config-if)# exit
HYD-1 (config)#

HYD-2 – Configuration
HYD-2 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-2 (config)# interface fastethernet 0/1
HYD-2 (config-if)# ipv6 address 2001:5555::2/64
HYD-2 (config-if)# no shutdown
HYD-2 (config-if)# exit
HYD-2 (config)#

Verify IPv6 Address Configuration on Ethernet Interface

HYD-1 – Verification
HYD-1 # show ipv6 interface fastethernet 0/1
FastEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::21B:D4FF:FE3D:B279
Global unicast address(es):
2001:5555::1, subnet is 2001:5555::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF3D:B279
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Default router is FE80::217:94FF:FE60:C209 on FastEthernet0/1
HYD-1#
HYD-2 – Verification
HYD-2 # show ipv6 interface fastethernet 0/1
FastEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::217:94FF:FE60:C209
Global unicast address(es):
2001:5555::2, subnet is 2001:5555::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FF3D:B279
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Default router is FE80::21B:D4FF:FE3D:B279 on FastEthernet0/1
HYD-2#

Troubleshooting Ethernet Interface

From the output, the first line indicates the status of the Ethernet interface. There are 4 possible
states:
5. Fastethernet 0/0 is up , line protocol is up
Layer 1 and Layer 2 Connectivity and configuration is fine
6. Fastethernet 0/0 is administratively down, line protocol is down
‘No Shutdown’ has to be given on the local Ethernet interface
7. Fastethernet 0/0 is up, line protocol is down
Speed & Duplex Mismatch or ‘No Shutdown’ has not been given on the remote device ethernet
interface.
8. Fastethernet 0/0 is down, line protocol is down
Layer 1 problem - No device attached or faulty cable.
 Lab 9: Static Routing on IPv4 Network

OBJECTIVE:
To configure Static Routing on IPv4 Network for enabling communication between different networks
connected to different routers. To set up static routes on CHE, HYD-1, BAN to connect to each other's
local networks.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

Pre-requisite: WAN Interface configuration to be done on the router

TASK:
 Enabling IPv4 Routing
 Verify IPv4 Routing Table
 Configure Static Routing on IPv4 Network
 Verify Static Routing on IPv4 Network
 Verify communication between the IPv4 networks.
Enabling IPv4 Routing

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip routing
CHE (config) #

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ip routing
HYD-1 (config) #

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config) # ip routing
BAN (config) #

Note: Once routing is enabled the directly connected networks are automatically added into the
routing information table. “C" represents directly connected networks. The IPv4 Network is
learnt through the local Interface of the router.

Verify IPv4 Routing Table

CHE – Verification:

CHE # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 172.16.0.0/16 is directly connected, Serial0/0

C 172.18.0.0/16 is directly connected, Serial0/1
C 192.168.201.0/24 is directly connected, FastEthernet0/0
CHE #
HYD-1 – Verification:

HYD-1 # show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.202.0/24 is directly connected, FastEthernet0/0
L 10.0.0.1/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/16 is directly connected, Serial0/0/1
L 172.16.0.2/32 is directly connected, Serial0/0/1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.0.0/16 is directly connected, Serial0/0/0
L 172.17.0.1/32 is directly connected, Serial0/0/0
HYD-1 #

BAN – Verification:

BAN # show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial0/1

C 172.18.0.0/16 is directly connected, Serial0/0
C 192.168.203.0/24 is directly connected, FastEthernet0/0
BAN #
Configure Static Routing on IPv4 Network

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip route 192.168.202.0 255.255.255.0 172.16.0.2
CHE (config) # ip route 192.168.203.0 255.255.255.0 172.18.0.1
CHE (config) # exit
CHE #

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ip route 192.168.201.0 255.255.255.0 172.16.0.1
HYD-1 (config) # ip route 192.168.203.0 255.255.255.0 172.17.0.2
HYD-1 (config) # exit
HYD-1 #

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config) # ip route 192.168.202.0 255.255.255.0 172.17.0.1
BAN (config) # ip route 192.168.201.0 255.255.255.0 172.18.0.2
BAN (config) # exit
BAN #

Verify Static Routing on IPv4 Network

Once Static routing is enabled, the IPv4 Networks defined with the Static routing command are
added into the routing information table. “S” represents Static route.
CHE – Verification:

CHE # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 172.16.0.0/16 is directly connected, Serial0/0

C 172.18.0.0/16 is directly connected, Serial0/1
S 192.168.202.0/24 [1/0] via 172.16.0.2
C 192.168.201.0/24 is directly connected, FastEthernet0/0
S 192.168.203.0/24 [1/0] via 172.18.0.1
CHE #

HYD-1 – Verification:

HYD-1 # show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.202.0/24 is directly connected, FastEthernet0/0
L 192.168.202.1/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/16 is directly connected, Serial0/0/1
L 172.16.0.2/32 is directly connected, Serial0/0/1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.0.0/16 is directly connected, Serial0/0/0
L 172.17.0.1/32 is directly connected, Serial0/0/0
S 192.168.201.0/24 [1/0] via 172.16.0.1
S 192.168.203.0/24 [1/0] via 172.17.0.2
HYD-1 #

BAN – Verification:

BAN # show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial0/1

C 172.18.0.0/16 is directly connected, Serial0/0
S 192.168.202.0/24 [1/0] via 172.17.0.1
S 192.168.201.0/24 [1/0] via 172.18.0.2
C 192.168.203.0/24 is directly connected, FastEthernet0/0
BAN #
Verify communication between the IPv4 networks

Verification from a Computer in HYD-1 Network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

Repeat the above ping verification from a computer in CHE and BAN Network.

From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network

tracert 192.168.201.10 (Windows) or traceroute 192.168.201.10 (Linux)

traceroute to 192.168.201.10 (192.168.201.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.16.0.1 (172.16.0.1) 2.295 ms 2.156 ms 2.209 ms
3 192.168.201.10 (192.168.202.10) 3.295 ms 3.156 ms 3.209 ms

From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network

tracert 192.168.203.10 (Windows) or traceroute 192.168.203.10 (Linux)

traceroute to 192.168.203.10 (192.168.203.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.17.0.2 (172.17.0.2) 2.295 ms 2.156 ms 2.209 ms
3 192.168.203.10 (192.168.203.10) 3.295 ms 3.156 ms 3.209 ms

Repeat the above trace communication path from a computer in CHE and BAN Network.
 Lab 10: Static Routing on IPv4 Network via exit Interface

OBJECTIVE:

To configure Static Routing on IPv4 Network for enabling communication between different networks
connected to different routers. To set up static routes on CHE, HYD-1, BAN to connect to each other's
local networks.

TOPOLOGY:

Setup Ethernet and Serial connectivity for the lab as below:

Pre-requisite: WAN Interface configuration to be done on the router

TASK:
• Enabling IPv4 Routing
• Verify IPv4 Routing Table
• Configure Static Routing on IPv4 Network
• Verify Static Routing on IPv4 Network
Enabling IPv4 Routing

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip routing
CHE (config) #

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ip routing
HYD-1 (config) #

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config) # ip routing
BAN (config) #

Note: Once routing is enabled the directly connected networks are automatically added into the
routing information table. “C" represents directly connected networks. The IPv4 Network is
learnt through the local Interface of the router.

Verify IPv4 Routing Table

CHE – Verification:

CHE # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 172.16.0.0/16 is directly connected, Serial0/0

C 172.18.0.0/16 is directly connected, Serial0/1
C 192.168.201.0/24 is directly connected, FastEthernet0/0
CHE #

HYD-1 – Verification:
HYD-1 # show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.202.0/24 is directly connected, FastEthernet0/0
L 10.0.0.1/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/16 is directly connected, Serial0/0/1
L 172.16.0.2/32 is directly connected, Serial0/0/1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.0.0/16 is directly connected, Serial0/0/0
L 172.17.0.1/32 is directly connected, Serial0/0/0
HYD-1 #

BAN – Verification:

BAN # show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial0/1

C 172.18.0.0/16 is directly connected, Serial0/0
C 192.168.203.0/24 is directly connected, FastEthernet0/0
BAN #
Configure Static Routing on IPv4 Network

CHE-Configuration
CHE(config)#ip route 192.168.202.0 255.255.255.0 serial 0/0
CHE(config)#ip route 192.168.203.0 255.255.255.0 serial 0/1

HYD-1-Configuration
HYD-1(config)#ip route 192.168.201.0 255.255.255.0 Serial0/0/1
HYD-1(config )#ip route 192.168.203.0 255.255.255.0 Serial0/0/0

BANG-Configuration
BANG(config)#ip route 192.168.202.0 255.255.255.0 Serial0/1
BANG(config)#ip route 192.168.201.0 255.255.255.0 Serial0/0

Verify Static Routing on IPv4 Network

CHE-Verification
CHE#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 172.16.0.0/16 is directly connected, Serial0/0
C 172.18.0.0/16 is directly connected, Serial0/1
C 192.168.201.0/24 is directly connected, FastEthernet0/0
S 192.168.202.0/24 is directly connected, Serial0/0
S 192.168.203.0/24 is directly connected, Serial0/1

CHE#
Hyd-1-Verification
HYD-1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 172.16.0.0/16 is directly connected, Serial0/0/1

C 172.17.0.0/16 is directly connected, Serial0/0/0
S 192.168.201.0/24 is directly connected, Serial0/0/1
C 192.168.202.0/24 is directly connected, FastEthernet0/0
S 192.168.203.0/24 is directly connected, Serial0/0/0
HYD-1#

BANG-verification
BANG#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 172.17.0.0/16 is directly connected, Serial0/1
C 172.18.0.0/16 is directly connected, Serial0/0
S 192.168.201.0/24 is directly connected, Serial0/0
S 192.168.202.0/24 is directly connected, Serial0/1
C 192.168.203.0/24 is directly connected, FastEthernet0/0
BANG#

Verify communication between the IPv4 networks

Verification from a Computer in HYD-1 Network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

Repeat the above ping verification from a computer in CHE and BAN Network.

From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network

tracert 192.168.201.10 (Windows) or traceroute 192.168.201.10 (Linux)

traceroute to 192.168.201.10 (192.168.201.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.16.0.1 (172.16.0.1) 2.295 ms 2.156 ms 2.209 ms
3 192.168.201.10 (192.168.202.10) 3.295 ms 3.156 ms 3.209 ms
From a Computer in HYD-1 Network trace communication path to Computer in BAN Network

tracert 192.168.203.10 (Windows) or traceroute 192.168.203.10 (Linux)

traceroute to 192.168.203.10 (192.168.203.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.17.0.2 (172.17.0.2) 2.295 ms 2.156 ms 2.209 ms
3 192.168.203.10 (192.168.203.10) 3.295 ms 3.156 ms 3.209 ms

Repeat the above trace communication path from a computer in CHE and BAN Network.
 Lab 11: Static Routing on IPv6 Network

OBJECTIVE:
To configure Static Routing on IPv6 Network for enabling communication between different networks
connected to different routers. To set up static routes on HYD-1 and HYD-2 to connect to each other's
local networks.

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

Pre-requisite: WAN Interface configuration to be done on the router (LAB – 7)

TASK:
 Enabling IPv6 Routing
 Verify IPv6 Routing Table
 Configure Static Routing on IPv6 Network
 Verify Static Routing on IPv6 Network
 Verify communication between the IPv6 networks.
Enabling IPv6 Routing

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ipv6 unicast-routing
HYD-1 (config) #

HYD-2 – Configuration
HYD-2 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-2 (config) # ipv6 unicast-routing
HYD-2 (config) #

Note: Once routing is enabled the directly connected networks are automatically added into the
routing information table. “C" represents directly connected networks. The IPv6 Network is
learnt through the local Interface of the router.

Verify IPv6 Routing Table

HYD-1 – Verification:

HYD-1# show ipv6 route

IPv6 Routing Table - default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

C 2001:1111::/64 [0/0]
via FastEthernet0/0, directly connected
L 2001:1111::1/128 [0/0]
via FastEthernet0/0, receive
C 2001:5555::/64 [0/0]
via FastEthernet0/1, directly connected
L 2001:5555::1/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
HYD-1#
HYD-2 – Verification:

HYD-1 # show ipv6 route

IPv6 Routing Table - default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2001:2222::/64 [0/0]
via FastEthernet0/0, directly connected
L 2001:2222::1/128 [0/0]
via FastEthernet0/0, receive
C 2001:5555::/64 [0/0]
via FastEthernet0/1, directly connected
L 2001:5555::2/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
HYD-2#

Configure Static Routing on IPv6 Network

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ipv6 route 2001:2222::/64 2001:5555::2
HYD-1 (config) # exit
HYD-1 (config) #

HYD-2 – Configuration
HYD-2 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-2 (config) # ipv6 route 2001:1111::/64 2001:5555::1
HYD-2 (config) # exit
HYD-2 (config) #
Verify Static Routing on IPv6 Network
Once Static routing is enabled, the IPv6 Networks defined with the Static routing command are
added into the routing information table. “S” represents Static route.

HYD-1 – Verification:

HYD-1 # show ip route

IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2001:1111::/64 [0/0]
via FastEthernet0/0, directly connected
L 2001:1111::1/128 [0/0]
via FastEthernet0/0, receive
S 2001:2222::/64 [1/0]
via 2001:5555::2
C 2001:5555::/64 [0/0]
via FastEthernet0/1, directly connected
L 2001:5555::1/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
HYD-1#

HYD-2 – Verification:

HYD-2 # show ipv6 route

IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S 2001:1111::/64 [1/0]
via 2001:5555::1
C 2001:2222::/64 [0/0]
via FastEthernet0/0, directly connected
L 2001:2222::1/128 [0/0]
via FastEthernet0/0, receive
C 2001:5555::/64 [0/0]
via FastEthernet0/1, directly connected
L 2001:5555::2/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
HYD-2#
Verify communication between the IPv6 networks

Verification from a Computer in HYD-1 Network

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux)

PING 2001:2222::10(2001:2222::10) 56 data bytes

64 bytes from 2001:2222::10: icmp_seq=1 ttl=62 time=0.494 ms
64 bytes from 2001:2222::10: icmp_seq=2 ttl=62 time=0.361 ms
64 bytes from 2001:2222::10: icmp_seq=3 ttl=62 time=0.335 ms
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms

Verification from a Computer in HYD-2 Network

ping 2001:1111::10 (Windows) or ping6 2001:1111::10 (Linux)

PING 2001:1111::10(2001:1111::10) 56 data bytes

64 bytes from 2001:1111::10: icmp_seq=1 ttl=62 time=0.494 ms
64 bytes from 2001:1111::10: icmp_seq=2 ttl=62 time=0.361 ms
64 bytes from 2001:1111::10: icmp_seq=3 ttl=62 time=0.335 ms
64 bytes from 2001:1111::10: icmp_seq=4 ttl=62 time=0.336 ms

From a Computer in HYD-1 Network trace communication path to a Computer in HYD-2 Network

tracert 2001:2222::10 (Windows) or traceroute6 2001:2222::10 (Linux)

traceroute to 2001:2222::10 (2001:2222::10), 30 hops max, 80 byte packets

1 2001:1111::1 (2001:1111::1) 2.825 ms 3.239 ms 3.665 ms
2 2001:5555::2 (2001:5555::2) 9.086 ms 9.393 ms 9.642 ms
3 2001:2222::10 (2001:2222::10) 9.781 ms 10.474 ms 10.720 ms

From a Computer in HYD-2 Network trace communication path to a Computer in HYD-1 Network

tracert 2001:1111::10 (Windows) or traceroute6 2001:1111::10 (Linux)

traceroute to 2001:1111::10 (2001:1111::10), 30 hops max, 80 byte packets

1 2001:2222::1 (2001:2222::1) 1.071 ms 1.152 ms 1.238 ms
2 2001:5555::1 (2001:5555::1) 4.303 ms 4.930 ms 5.419 ms
3 2001:1111::10 (2001:1111::10) 10.832 ms 11.444 ms 11.541 ms
 Lab 12: RIP on IPv4 Network

OBJECTIVE:
To configure RIP routing for communicating between different IPv4 networks on different routers.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

Pre-requisite: WAN Interface configuration to be done on the router (LAB – 6)

TASK:
 Configure Loopback Interface
 Verify Loopback Interface
 Configure RIP Routing on IPv4 network
 Verify RIP Routing on IPv4 network
 Verify Communication between the IPv4 networks
 Verify RIP protocol default settings
 Verify RIP Update Packets
 Changing RIP Timers
 Enabling Passive Interface on RIP
 Verify RIP Database
 Disabling RIP Auto Summary
Configure Loopback Interface
Configure Loopback interface according to Lab Topology

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config)# interface Lo 1
CHE (config-if)# ip address 16.1.1.1 255.255.255.0
CHE (config-if)# interface Lo 2
CHE (config-if)# ip address 16.1.2.1 255.255.255.0
CHE (config-if)# interface Lo 3
CHE (config-if)# ip address 16.1.3.1 255.255.255.0
CHE (config-if)# exit

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config)# interface Lo 1
HYD-1 (config-if)# ip address 17.1.1.1 255.255.255.0
HYD-1 (config)# interface Lo 2
HYD-1 (config-if)# ip address 17.1.2.1 255.255.255.0
HYD-1 (config)# interface Lo 3
HYD-1 (config-if)# ip address 17.1.3.1 255.255.255.0
HYD-1 (config-if)# exit

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config)# interface Lo 1
BAN (config-if)# ip address 18.1.1.1 255.255.255.0
BAN (config)# interface Lo 2
BAN (config-if)# ip address 18.1.2.1 255.255.255.0
BAN (config)# interface Lo 3
BAN (config-if)# ip address 18.1.3.1 255.255.255.0
BAN (config-if)# exit
Verify Loopback Interface

CHE – Verification:

CHE # show ip interface brief

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.201.1 YES NVRAM up up
Serial0/0 172.16.0.1 YES NVRAM up up
Serial0/1 172.18.0.2 YES NVRAM up up
Loopback1 16.1.1.1 YES manual up up
Loopback2 16.1.2.1 YES manual up up
Loopback3 16.1.3.1 YES manual up up

HYD-1 – Verification:

HYD-1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.202.1 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0 172.17.0.1 YES manual up up
Serial0/0/1 172.16.0.2 YES manual up up
Loopback1 17.1.1.1 YES manual up up
Loopback2 17.1.2.1 YES manual up up
Loopback3 17.1.3.1 YES manual up up

BAN – Verification:

HYD-1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.203.1 YES NVRAM up up
Serial0/0 172.18.0.1 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/1 172.17.0.2 YES NVRAM up up
Loopback1 18.1.1.1 YES manual up up
Loopback2 18.1.2.1 YES manual up up
Loopback3 18.1.3.1 YES manual up up
Configure RIP Routing on IPv4 network

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip routing
CHE (config) # router rip
CHE (config-router) # version 2
CHE (config-router) # network 192.168.201.0
CHE (config-router) # network 172.16.0.0
CHE (config-router) # network 172.18.0.0
CHE (config-router) # network 16.0.0.0
CHE (config-router) # end
CHE #

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ip routing
HYD-1 (config) # router rip
HYD-1 (config-router) # version 2
HYD-1 (config-router) # network 192.168.202.0
HYD-1 (config-router) # network 172.16.0.0
HYD-1 (config-router) # network 172.17.0.0
HYD-1 (config-router) # network 17.0.0.0
HYD-1 (config-router) # end
HYD-1 #

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config) # ip routing
BAN (config) # router rip
BAN (config-router) # version 2
BAN (config-router) # network 192.168.203.0
BAN (config-router) # network 172.17.0.0
BAN (config-router) # network 172.18.0.0
BAN (config-router) # network 18.0.0.0
BAN (config-router) # end
BAN #
Verify RIP Routing on IPv4 network
Once RIP routing is enabled, IPv4 Networks learnt via RIP are added into the routing table. “R”
represents RIP route.
CHE – Verification:

CHE # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

R 17.0.0.0/8 [120/1] via 172.16.0.2, 00:00:03, Serial0/0

16.0.0.0/24 is subnetted, 3 subnets
C 16.1.1.0 is directly connected, Loopback1
C 16.1.3.0 is directly connected, Loopback3
C 16.1.2.0 is directly connected, Loopback2
R 18.0.0.0/8 [120/1] via 172.18.0.1, 00:00:24, Serial0/1
R 172.17.0.0/16 [120/1] via 172.16.0.2, 00:00:03, Serial0/0
[120/1] via 172.18.0.1, 00:00:24, Serial0/1
C 172.16.0.0/16 is directly connected, Serial0/0
C 172.18.0.0/16 is directly connected, Serial0/1
C 192.168.201.0/24 is directly connected, FastEthernet0/0
R 192.168.202.0/24 [120/1] via 172.16.0.2, 00:00:03, Serial0/0
R 192.168.203.0/24 [120/1] via 172.18.0.1, 00:00:24, Serial0/1
CHE #

HYD-1 – Verification:

HYD-1 # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

R 16.0.0.0/8 [120/1] via 172.16.0.1, 00:00:01, Serial0/0/1

17.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 17.1.1.0/24 is directly connected, Loopback1
L 17.1.1.1/32 is directly connected, Loopback1
C 17.1.2.0/24 is directly connected, Loopback2
L 17.1.2.1/32 is directly connected, Loopback2
C 17.1.3.0/24 is directly connected, Loopback3
L 17.1.3.1/32 is directly connected, Loopback3
R 18.0.0.0/8 [120/1] via 172.17.0.2, 00:00:24, Serial0/0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/16 is directly connected, Serial0/0/1
L 172.16.0.2/32 is directly connected, Serial0/0/1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.0.0/16 is directly connected, Serial0/0/0
L 172.17.0.1/32 is directly connected, Serial0/0/0
R 172.18.0.0/16 [120/1] via 172.17.0.2, 00:00:24, Serial0/0/0
[120/1] via 172.16.0.1, 00:00:01, Serial0/0/1
R 192.168.201.0/24 [120/1] via 172.16.0.1, 00:00:01, Serial0/0/1
192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.202.0/24 is directly connected, FastEthernet0/0
L 192.168.202.1/32 is directly connected, FastEthernet0/0
R 192.168.203.0/24 [120/1] via 172.17.0.2, 00:00:24, Serial0/0/0
HYD-1 #

BAN – Verification:

BAN # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R 17.0.0.0/8 [120/1] via 172.17.0.1, 00:00:07, Serial0/1

R 16.0.0.0/8 [120/1] via 172.18.0.2, 00:00:11, Serial0/0
18.0.0.0/24 is subnetted, 3 subnets
C 18.1.3.0 is directly connected, Loopback3
C 18.1.2.0 is directly connected, Loopback2
C 18.1.1.0 is directly connected, Loopback1
C 172.17.0.0/16 is directly connected, Serial0/1
R 172.16.0.0/16 [120/1] via 172.17.0.1, 00:00:07, Serial0/1
[120/1] via 172.18.0.2, 00:00:11, Serial0/0
C 172.18.0.0/16 is directly connected, Serial0/0
R 192.168.201.0/24 [120/1] via 172.18.0.2, 00:00:11, Serial0/0
R 192.168.202.0/24 [120/1] via 172.17.0.1, 00:00:07, Serial0/1
C 192.168.203.0/24 is directly connected, FastEthernet0/0
BAN #
Verify communication between the IPv4 networks

Verification from a Computer in HYD-1 Network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

Repeat the above ping verification from a computer in CHE and BAN Network.

From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network

tracert 192.168.201.10 (Windows) or traceroute 192.168.201.10 (Linux)

traceroute to 192.168.201.10 (192.168.201.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.16.0.1 (172.16.0.1) 2.295 ms 2.156 ms 2.209 ms
3 192.168.201.10 (192.168.202.10) 3.295 ms 3.156 ms 3.209 ms

From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network

tracert 192.168.203.10 (Windows) or traceroute 192.168.203.10 (Linux)

traceroute to 192.168.203.10 (192.168.203.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.17.0.2 (172.17.0.2) 2.295 ms 2.156 ms 2.209 ms
3 192.168.203.10 (192.168.203.10) 3.295 ms 3.156 ms 3.209 ms

Repeat the above trace communication path from a computer in CHE and BAN Network.
Verify RIP protocol default settings

Example - HYD-1
HYD-1 # show ip protocols
*** IP Routing is NSF aware ***

Routing Protocol is "rip"

Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 26 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
FastEthernet0/0 2 2
Serial0/0/0 2 2
Serial0/0/1 2 2
Loopback1 2 2
Loopback2 2 2
Loopback3 2 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
17.0.0.0
172.16.0.0
172.17.0.0
192.168.202.0
Routing Information Sources:
Gateway Distance Last Update
172.16.0.1 120 00:00:01
172.17.0.2 120 00:00:23
Distance: (default is 120)
HYD-1 #

Verify RIP Update Packets

Verify default behaviour of RIP Update packets by enabling debug commands

Example - HYD-1
HYD-1 # terminal monitor
HYD-1 # debug ip rip

RIP protocol debugging is on

RIP: received v2 update from 172.16.0.1 on Serial0/0/1
172.18.0.0/16 in 1 hops
192.168.201.0/24 in 1 hops
192.168.203.0/24 in 2 hops
RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.202.1)
RIP: build update entries
network 172.16.0.0/16 metric 1
network 172.17.0.0/16 metric 1
network 172.18.0.0./16 metric 2
network 192.168.201.0/24 metric 2
network 192.168.203.0/24 metric 2
RIP: sending v2 update to 224.0.0.9 via Serial0/0/1 (172.16.0.2)
RIP: build update entries
network 192.168.202.0/24 metric 1
network 172.17.0.0/16 metric 1
network 192.168.203.0/24 metric 2
RIP: sending v2 update to 224.0.0.9 via Serial0/0/0 (172.17.0.1)
RIP: build update entries
network 192.168.202.0/24 metric 1
network 172.16.0.0/16 metric 1
network 192.168.201.0/24 metric 2

HYD-1 # undebug all

HYD-1 # terminal no monitor
 Lab 13: OSPF on IPv4 Network

OBJECTIVE:
To configure OSPF Routing in a single area.
To understand how OSPF works and fine tune OSPF configuration.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

Pre-requisite: WAN Interface configuration to be done on the router (LAB – 6)

TASK:
 Configure OSPF – Single Area on IPv4 network
 Verify OSPF – Single Area on IPv4 network
 Verify Communication between the IPv4 networks
 Verify OSPF Neighbour and Topology Table
 Verify OSPF protocol default settings
 Verify OSPF Packets on IPv4 network
 Enable Passive Interface on IPv4 network
 Configuring OSPF Cost metric for an interface
Configure OSPF – Single Area on IPv4 Network

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip routing
CHE (config) # router ospf 1
CHE (config-router) # router-id 1.1.1.1
CHE (config-router) # network 192.168.201.0 0.0.0.255 area 0
CHE (config-router) # network 172.16.0.0 0.0.255.255 area 0
CHE (config-router) # network 172.18.0.0 0.0.255.255 area 0
CHE (config-router) # end
CHE #

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ip routing
HYD-1 (config) # router ospf 2
HYD-1 (config-router) # router-id 2.2.2.2
HYD-1 (config-router) # network 192.168.202.0 0.255.255.255 area 0
HYD-1 (config-router) # network 172.16.0.0 0.0.255.255 area 0
HYD-1 (config-router) # network 172.17.0.0 0.0.255.255 area 0
HYD-1 (config-router) # end
HYD-1 #

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config) # ip routing
BAN (config) # router ospf 3
BAN (config-router) # router-id 3.3.3.3
BAN (config-router) # network 192.168.203.0 0.0.0.255 area 0
BAN (config-router) # network 172.17.0.0 0.0.255.255 area 0
BAN (config-router) # network 172.18.0.0 0.0.255.255 area 0
BAN (config-router) # end
BAN #
Verify OSPF – Single Area on IPv4 Network
Once OSPF routing is enabled, the IPv4 Networks learned through OSPF are added into the routing
table. “O” represents an OSPF route.

CHE – Verification:

CHE # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

O 172.17.0.0/16 [110/128] via 172.16.0.2, 00:00:26, Serial0/0

[110/128] via 172.18.0.1, 00:00:26, Serial0/1
C 172.16.0.0/16 is directly connected, Serial0/0
C 172.18.0.0/16 is directly connected, Serial0/1
C 192.168.201.0/24 is directly connected, FastEthernet0/0
O 192.168.202.0/24 [110/64] via 172.16.0.2, 00:00:26, Serial0/0
O 192.168.203.0/24 [110/64] via 172.18.0.1, 00:00:26, Serial0/1
CHE #

HYD-1 – Verification:

HYD-1 # show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

C 172.16.0.0/16 is directly connected, Serial0/0/1
L 172.16.0.2/32 is directly connected, Serial0/0/1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.0.0/16 is directly connected, Serial0/0/0
L 172.17.0.1/32 is directly connected, Serial0/0/0
O 172.18.0.0/16 [110/128] via 172.17.0.2, 00:01:21, Serial0/0/0
[110/128] via 172.16.0.1, 00:03:17, Serial0/0/1
O 192.168.201.0/24 [110/64] via 172.16.0.1, 00:03:17, Serial0/0/1
192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.202.0/24 is directly connected, FastEthernet0/0
L 192.168.202.1/32 is directly connected, FastEthernet0/0
O 192.168.203.0/24 [110/64] via 172.17.0.2, 00:01:21, Serial0/0/0
HYD-1 #

BAN – Verification:

BAN # show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial0/1

O 172.16.0.0/16 [110/128] via 172.17.0.1, 00:01:40, Serial0/1
[110/128] via 172.18.0.2, 00:01:40, Serial0/0
C 172.18.0.0/16 is directly connected, Serial0/0
O 192.168.201.0/24 [110/64] via 172.18.0.2, 00:01:40, Serial0/0
O 192.168.202.0/24 [110/64] via 172.17.0.1, 00:01:40, Serial0/1
C 192.168.203.0/24 is directly connected, FastEthernet0/0
BAN #

Verify communication between the IPv4 networks

Verification from a Computer in HYD-1 Network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms
ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

Repeat the above ping verification from a computer in CHE and BAN Network.

From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network

tracert 192.168.201.10 (Windows) or traceroute 192.168.201.10 (Linux)

traceroute to 192.168.201.10 (192.168.201.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.16.0.1 (172.16.0.1) 2.295 ms 2.156 ms 2.209 ms
3 192.168.201.10 (192.168.202.10) 3.295 ms 3.156 ms 3.209 ms

From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network

tracert 192.168.203.10 (Windows) or traceroute 192.168.203.10 (Linux)

traceroute to 192.168.203.10 (192.168.203.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.17.0.2 (172.17.0.2) 2.295 ms 2.156 ms 2.209 ms
3 192.168.203.10 (192.168.203.10) 3.295 ms 3.156 ms 3.209 ms

Repeat the above trace communication path from a computer in CHE and BAN Network.

Verify OSPF Neighbour and Database Table

CHE – Verification:

CHE # show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

2.2.2.2 1 FULL/ - 00:00:33 172.16.0.2 Serial0/0
3.3.3.3 1 FULL/ - 00:00:37 172.18.0.1 Serial0/1
CHE #
CHE # show ip ospf database

OSPF Router with ID (1.1.1.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 56 0x80000005 0x385F 5
2.2.2.2 2.2.2.2 48 0x80000005 0xD3A9 5
3.3.3.3 3.3.3.3 46 0x80000004 0x87B 5
CHE #
HYD-1 – Verification:

HYD-1 # show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

3.3.3.3 0 FULL/ - 00:00:32 172.17.0.2 Serial0/0/0
1.1.1.1 0 FULL/ - 00:00:31 172.16.0.1 Serial0/0/1
HYD-1 #

HYD-1 # show ip ospf database

OSPF Router with ID (2.2.2.2) (Process ID 2)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 56 0x80000005 0x385F 5
2.2.2.2 2.2.2.2 48 0x80000005 0xD3A9 5
3.3.3.3 3.3.3.3 46 0x80000004 0x87B 5
HYD-1 #

BAN – Verification:

BAN # show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

1.1.1.1 1 FULL/ - 00:00:39 172.18.0.2 Serial0/0
2.2.2.2 1 FULL/ - 00:00:33 172.17.0.1 Serial0/1
BAN #

BAN # show ip ospf database

OSPF Router with ID (3.3.3.3) (Process ID 3)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 56 0x80000005 0x385F 5
2.2.2.2 2.2.2.2 48 0x80000005 0xD3A9 5
3.3.3.3 3.3.3.3 46 0x80000004 0x87B 5
BAN #
Verify OSPF protocol default settings

Example - HYD-1
HYD-1 # show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "ospf 2"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 2.2.2.2
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.16.0.0 0.0.255.255 area 0
172.17.0.0 0.0.255.255 area 0
192.168.202.0 0.0.0.255 area 0
Routing Information Sources:
Gateway Distance Last Update
3.3.3.3 110 00:01:20
1.1.1.1 110 00:03:16
Distance: (default is 110)
HYD-1#

Verify OSPF Hello Packets

Verify default behaviour of OSPF Hello packets by enabling debug commands

Example - HYD-1
HYD-1 # terminal monitor
HYD-1 # debug ip ospf hello
OSPF hello events debugging is on
HYD-1#
*Jul 22 20:00:44.967: OSPF: Rcv hello from 192.168.203.1 area 0 from Serial0/0/0 172.17.0.2
*Jul 22 20:00:44.967: OSPF: End of hello processing
*Jul 22 20:00:46.011: OSPF: Send hello to 224.0.0.5 area 0 on GigabitEthernet0/0 from 10.0.0.1
*Jul 22 20:00:47.959: OSPF: Rcv hello from 192.168.201.1 area 0 from Serial0/0/1 172.16.0.1
*Jul 22 20:00:47.959: OSPF: End of hello processing
*Jul 22 20:00:49.779: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/0 from 172.17.0.1
*Jul 22 20:00:51.263: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/1 from 172.16.0.2
*Jul 22 20:00:54.967: OSPF: Rcv hello from 192.168.203.1 area 0 from Serial0/0/0 172.17.0.2
*Jul 22 20:00:54.967: OSPF: End of hello processing
*Jul 22 20:00:55.279: OSPF: Send hello to 224.0.0.5 area 0 on GigabitEthernet0/0 from 10.0.0.1
*Jul 22 20:00:57.959: OSPF: Rcv hello from 192.168.201.1 area 0 from Serial0/0/1 172.16.0.1
*Jul 22 20:00:57.959: OSPF: End of hello processing
*Jul 22 20:00:59.011: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/0 from 172.17.0.1
*Jul 22 20:01:00.963: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/1 from 172.16.0.2
HYD-1 #

HYD-1 # undebug all

HYD-1 # terminal no monitor
Enable passive interface on OSPF
This command disables OSPF Hello packets from being sent on that interface.

Example - HYD-1
HYD-1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # router ospf 2
HYD-1 (config-router) # passive-interface FastEthernet 0/0
HYD-1 (config-router) # end

After enabling above commands, again verify default behaviour of OSPF Hello packets by enabling
debug commands. Now you will not able see the following line in the debug outputs.
OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet 0/0 from 192.168.202.1

This means that you have successfully disabled sending of OSPF Hello packet on selected Interface.

HYD-1 – Verification:

HYD-1 # show ip protocols

*** IP Routing is NSF aware ***

Routing Protocol is "ospf 2"

Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 2.2.2.2
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.16.0.0 0.0.255.255 area 0
172.17.0.0 0.0.255.255 area 0
192.168.202.0 0.0.0.255 area 0
Passive Interface(s):
FastEthernet0/0
Routing Information Sources:
Gateway Distance Last Update
3.3.3.3 110 00:01:20
1.1.1.1 110 00:03:16
Distance: (default is 110)
Configuring OSPF Cost metric for an interface
This command will configure OSPF Cost metric for an interface.

Verification - HYD-1
HYD-1 # show ip ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Se0/0/0 1 0 172.17.0.1/16 64 P2P 1/1
Se0/0/1 1 0 172.16.0.2/16 64 P2P 1/1
HYD-1 #

Example - HYD-1
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # interface serial 0/0/0
HYD-1 (config-router) # ip ospf cost 100
HYD-1 (config-router) # end
HYD-1 #

Verification - HYD-1
HYD-1 # show ip ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Se0/0/0 1 0 172.17.0.1/16 100 P2P 1/1
Se0/0/1 1 0 172.16.0.2/16 64 P2P 1/1
HYD-1 #

CHE#show ip ospf interfaces brief

CHE#sh ip ospf interface

FastEthernet0/0 is up, line protocol is up

Internet address is 192.168.201.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 1.1.1.1, Interface address 192.168.201.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Serial0/0 is up, line protocol is up
Internet address is 172.16.0.1/16, Area 0
 Process ID 1, Router ID 1.1.1.1, Network Type POINT-TO-POINT, Cost: 64
Transmit Delay is 1 sec, State POINT-TO-POINT, Priority 0
No designated router on this network
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1 , Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2
Suppress hello for 0 neighbor(s)
Serial0/1 is up, line protocol is up
Internet address is 172.18.0.2/16, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT-TO-POINT, Cost: 64
Transmit Delay is 1 sec, State POINT-TO-POINT, Priority 0
No designated router on this network
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Index 3/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1 , Adjacent neighbor count is 1
Adjacent with neighbor 3.3.3.3
Suppress hello for 0 neighbor(s)
CHE#

CHE#show ip ospf interface fasethernet 0/0

FastEthernet0/0 is up, line protocol is up

Internet address is 192.168.201.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 1.1.1.1, Interface address 192.168.201.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
CHE#
CHE#sh ip route ospf
O 172.17.0.0 [110/128] via 172.16.0.2, 00:03:49, Serial0/0
[110/128] via 172.18.0.1, 00:03:49, Serial0/1
O 192.168.202.0 [110/65] via 172.16.0.2, 00:05:11, Serial0/0
O 192.168.203.0 [110/65] via 172.18.0.1, 00:03:49, Serial0/1
DR/BDR Verification
CHE#
CHE#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
192.168.201.2 1 FULL/BDR 00:00:30 192.168.201.2 FastEthernet0/0
192.168.201.3 1 FULL/DR 00:00:32 192.168.201.3 FastEthernet0/0
CHE#
CHE#
 Lab 14: OSPF – Multiple Area on IPv4 Network

OBJECTIVE:
To configure OSPF with a backbone area (area 0) and multiple areas connected to the backbone.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

Pre-requisite: WAN Interface configuration to be done on the router (LAB – 6)

TASK:
 Configure OSPF – Multiple Area on IPv4 network
 Verify OSPF – Multiple Area on IPv4 network
 Verify Communication between the IPv4 networks
 Verify OSPF Neighbour and Topology Table
Configure OSPF Routing with backbone area and multiple connected areas on IPv4 Network

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip routing
CHE (config) # router ospf 1
CHE (config-router) # router-id 1.1.1.1
CHE (config-router) # network 192.168.201.0 0.0.0.255 area 1
CHE (config-router) # network 172.16.0.0 0.0.255.255 area 0
CHE (config-router) # network 172.18.0.0 0.0.255.255 area 0
CHE (config-router) # end
CHE #

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ip routing
HYD-1 (config) # router ospf 2
HYD-1 (config-router) # router-id 2.2.2.2
HYD-1 (config-router) # network 192.168.202.0 0.255.255.255 area 0
HYD-1 (config-router) # network 172.16.0.0 0.0.255.255 area 0
HYD-1 (config-router) # network 172.17.0.0 0.0.255.255 area 0
HYD-1 (config-router) # end
HYD-1 #

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config) # ip routing
BAN (config) # router ospf 3
BAN (config-router) # router-id 3.3.3.3
BAN (config-router) # network 192.168.203.0 0.0.0.255 area 2
BAN (config-router) # network 172.17.0.0 0.0.255.255 area 0
BAN (config-router) # network 172.18.0.0 0.0.255.255 area 0
BAN (config-router) # end
BAN #
Verify OSPF – Multiple Area on IPv4 Network
Once OSPF routing is enabled, IP networks learned through OSPF are added into the routing table.
“IA” represents OSPF Inter Area route.

CHE – Verification:

CHE # show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

O 172.17.0.0/16 [110/128] via 172.18.0.1, 00:00:50, Serial0/1

[110/128] via 172.16.0.2, 00:00:50, Serial0/0
C 172.16.0.0/16 is directly connected, Serial0/0
C 172.18.0.0/16 is directly connected, Serial0/1
C 192.168.201.0/24 is directly connected, FastEthernet0/0
O 192.168.202.0/24 [110/64] via 172.16.0.2, 00:00:50, Serial0/0
O IA 192.168.203.0/24 [110/64] via 172.18.0.1, 00:00:49, Serial0/1
CHE #

HYD-1 – Verification:

HYD-1 # show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

C 172.16.0.0/16 is directly connected, Serial0/0/1
L 172.16.0.2/32 is directly connected, Serial0/0/1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.0.0/16 is directly connected, Serial0/0/0
L 172.17.0.1/32 is directly connected, Serial0/0/0
O 172.18.0.0/16 [110/128] via 172.17.0.2, 00:02:23, Serial0/0/0
[110/128] via 172.16.0.1, 00:02:23, Serial0/0/1
O IA 192.168.201.0/24 [110/64] via 172.16.0.1, 00:02:23, Serial0/0/1
192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.202.0/24 is directly connected, FastEthernet0/0
L 192.168.202.1/32 is directly connected, FastEthernet0/0
O IA 192.168.203.0/24 [110/64] via 172.17.0.2, 00:01:25, Serial0/0/0
HYD-1 #

BAN – Verification:

BAN # show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
ia - IS-IS inter area, * - candidate default, U - per-user sta
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial0/1

O 172.16.0.0/16 [110/128] via 172.18.0.2, 00:02:02, Serial0/0
[110/128] via 172.17.0.1, 00:02:02, Serial0/1
C 172.18.0.0/16 is directly connected, Serial0/0
O IA 192.168.201.0/24 [110/64] via 172.18.0.2, 00:02:02, Serial0/0
O 192.168.202.0/24 [110/64] via 172.17.0.1, 00:02:02, Serial0/1
C 192.168.203.0/24 is directly connected, FastEthernet0/0
BAN #

Verify communication between the IPv4 networks

Verification from a Computer in HYD-1 Network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.0 ms
ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

Repeat the above ping verification from a computer in CHE and BAN Network.

From a Computer in HYD-1 Network trace communication path to a Computer in CHE Network

tracert 192.168.201.10 (Windows) or traceroute 192.168.201.10 (Linux)

traceroute to 192.168.201.10 (192.168.201.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.16.0.1 (172.16.0.1) 2.295 ms 2.156 ms 2.209 ms
3 192.168.201.10 (192.168.202.10) 3.295 ms 3.156 ms 3.209 ms

From a Computer in HYD-1 Network trace communication path to a Computer in BAN Network

tracert 192.168.203.10 (Windows) or traceroute 192.168.203.10 (Linux)

traceroute to 192.168.203.10 (192.168.203.10), 30 hops max, 38 byte packets
1 192.168.202.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 172.17.0.2 (172.17.0.2) 2.295 ms 2.156 ms 2.209 ms
3 192.168.203.10 (192.168.203.10) 3.295 ms 3.156 ms 3.209 ms

Repeat the above trace communication path from a computer in CHE and BAN Network.
Verify OSPF Neighbour and Database Table

CHE – Verification:

CHE # show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

2.2.2.2 1 FULL/ - 00:00:33 172.16.0.2 Serial0/0
3.3.3.3 1 FULL/ - 00:00:37 172.18.0.1 Serial0/1
CHE #
CHE # show ip ospf database

OSPF Router with ID (1.1.1.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 56 0x80000005 0x385F 4
2.2.2.2 2.2.2.2 48 0x80000005 0xD3A9 5
3.3.3.3 3.3.3.3 46 0x80000004 0x87B 4

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

192.168.201.0 1.1.1.1 586 0x80000001 0x655
192.168.203.0 1.1.1.1 586 0x80000001 0x655

Router Link States (Area 1)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 596 0x80000001 0x4B98 1

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

192.168.202.0 1.1.1.1 379 0x80000001 0x7312
172.16.0.0 1.1.1.1 364 0x80000004 0x6070
172.17.0.0 1.1.1.1 145 0x80000003 0xD8B7
172.18.0.0 1.1.1.1 116 0x80000004 0x4886
192.168.203.0 1.1.1.1 121 0x80000001 0x23FF
CHE #

HYD-1 – Verification:

HYD-1 # show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

3.3.3.3 0 FULL/ - 00:00:32 172.17.0.2 Serial0/0/0
1.1.1.1 0 FULL/ - 00:00:31 172.16.0.1 Serial0/0/1
HYD-1 #
HYD-1 # show ip ospf database

OSPF Router with ID (2.2.2.2) (Process ID 2)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 56 0x80000005 0x385F 4
2.2.2.2 2.2.2.2 48 0x80000005 0xD3A9 5
3.3.3.3 3.3.3.3 46 0x80000004 0x87B 4

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

192.168.201.0 1.1.1.1 586 0x80000001 0x655
192.168.203.0 3.3.3.3 586 0x80000001 0x655

HYD-1 #

BAN – Verification:

BAN # show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

1.1.1.1 1 FULL/ - 00:00:39 172.18.0.2 Serial0/0
2.2.2.2 1 FULL/ - 00:00:33 172.17.0.1 Serial0/1
BAN #

BAN # show ip ospf database

OSPF Router with ID (3.3.3.3) (Process ID 3)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 56 0x80000005 0x385F 4
2.2.2.2 2.2.2.2 48 0x80000005 0xD3A9 5
3.3.3.3 3.3.3.3 46 0x80000004 0x87B 4

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

192.168.201.0 1.1.1.1 586 0x80000001 0x655
192.168.203.0 1.1.1.1 586 0x80000001 0x655

Router Link States (Area 2)

Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 596 0x80000001 0x4B98 1

Summary Net Link States (Area 2)

Link ID ADV Router Age Seq# Checksum

192.168.202.0 3.3.3.3 379 0x80000001 0x7312
172.16.0.0 3.3.3.3 364 0x80000004 0x6070
172.17.0.0 3.3.3.3 145 0x80000003 0xD8B7
172.18.0.0 3.3.3.3 116 0x80000004 0x4886
192.168.203.0 3.3.3.3 121 0x80000001 0x23FF

BAN #
 Lab 15: OSPF Routing – DR (Designated Router) and BDR (Backup
Designated Router)

OBJECTIVE:

To understand how a DR and BDR are elected when OPSF is configured on routers connected via
Ethernet

TOPOLOGY:

Setup the routers for the lab as below:

Configure OSPF Routing with backbone area on IPv4 Network

TASK:
• Configure OSPF Routing
• Verify OSPF Neighbour relationship (DR / BDR / DROTHER)
• Understand OSPF DR and BDR Election
• Change OSPF Priority to force a particular router to become the DR
Configure OSPF Routing with backbone area on IPv4 Network

Hyd-1 – Configuration

Hyd-1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Hyd (config) # ip routing
Hyd-1 (config) # router ospf 1
Hyd-1 (config-router) # network 10.0.0.0 0.255.255.255 area 0
Hyd-1 (config-router) # end
Hyd-1 (config) #

Hyd-2 – Configuration

Hyd-2 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Hyd-2 (config) # ip routing
Hyd-2 (config) # router ospf 2
Hyd-2 (config-router) # network 10.0.0.0 0.255.255.255 area 0
Hyd-2 (config-router) # end
Hyd-2 (config) #

Hyd-4 Configuration

Hyd-4 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Hyd-4 (config) # ip routing
Hyd-4 (config) # router ospf 3
Hyd-4 (config-router) # network 10.0.0.0 0.255.255.255 area 0
Hyd-4 (config-router) # end
Hyd-4 (config) # exit

Hyd-4#

Hyd-4 – Configuration

Hyd-4 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Hyd-4 (config) # ip routing
Hyd-4 (config) # router ospf 4
Hyd-4 (config-router) # network 10.0.0.0 0.255.255.255 area 0
Hyd-4 (config-router) # end
Hyd-4 (config) # exit

Hyd#
Verify OSPF Neighbour and Database Table

Hyd-1 – Verification
Hyd-1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.0.0.2 1 FULL/DROTHER 00:00:37 10.0.0.2 FastEthernet0/0

10.0.0.3 1 FULL/BDR 00:00:35 10.0.0.3 FastEthernet0/0
10.0.0.4 1 FULL/DR 00:00:33 10.0.0.4 FastEthernet0/0
Hyd-1#

Hyd-2 – Verification
Hyd-2#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.0.0.1 1 FULL/DROTHER 00:00:34 10.0.0.1 FastEthernet0/0
10.0.0.3 1 FULL/BDR 00:00:31 10.0.0.3 FastEthernet0/0
10.0.0.4 1 FULL/DR 00:00:39 10.0.0.4 FastEthernet0/0
Hyd-2#

Hyd-3 – Verification

Hyd-4#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.0.0.4 1 FULL/DR 00:00:39 10.0.0.4 FastEthernet0/0
10.0.0.1 1 FULL/DROTHER 00:00:39 10.0.0.1 FastEthernet0/0
10.0.0.2 1 FULL/DROTHER 00:00:39 10.0.0.2 FastEthernet0/0
Hyd-4#

Hyd-4 – Verification

Hyd-4#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.0.0.2 1 FULL/DROTHER 00:00:34 10.0.0.2 FastEthernet0/0
10.0.0.1 1 FULL/DROTHER 00:00:34 10.0.0.1 FastEthernet0/0
10.0.0.3 1 FULL/BDR 00:00:34 10.0.0.3 FastEthernet0/0
Hyd-4#

Understand OSPF DR and BDR Election

If OSPF is enabled on all the routers at the same time, by default, the router with the Highest Router
ID will become DR and the one with the second Highest Router ID will become BDR.
Clear OSPF process by giving the following command on all routers for the new election of DR and
BDR.

Hyd-1 # clear ip ospf process

Reset ALL OSPF processes? [no]: yes
Hyd-1#

Change OSPF Priority to force a particular router to become the DR

By changing the OSPF priority, we can force a router to become the DR. The router with the highest
priority becomes the DR , the router with the second highest priority becomes the BDR.

Hyd-1 – Configuration

R1 (config) # interface Fastethernet 0/0

Hyd-1 (config-if) # ip ospf priority 150
Hyd-1 (config-if) #^Z
Hyd-1 #

Hyd-2 – Configuration

Hyd-2 (config) # interface Fastethernet 0/0

Hyd-2 (config-if) # ip ospf priority 200
Hyd-2 (config-if) #^Z
Hyd-2 #

Hyd-3 – Configuration

Hyd-3 (config) # interface Fastethernet 0/0

Hyd-3 (config-if) # ip ospf priority 100
Hyd-3 (config-if) #^Z

Hyd-4 – Configuration

Hyd-4 (config) # interface Fastethernet 0/0

Hyd-4 (config-if) # ip ospf priority 90
Hyd-4 (config-if) #^Z

Repeat verification commands.

 Lab 16: OSPFv3 on IPv6 Network

OBJECTIVE:
To configure OSPFv3 Routing in a single area.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

Pre-requisite: WAN Interface configuration to be done on the router (LAB – 6)

TASK:
 Configure OSPFv3 on IPv6 network
 Verify OSPFv3 on IPv6 network
 Verify communication between the IPv6 networks
 Verify OSPFv3 Neighbor and Topology Table on IPv6 network
Configure OSPFv3 on IPv6 Network

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ipv6 unicast-routing
HYD-1 (config) # ipv6 router ospf 2
HYD-1 (config-rtr) # router-id 11.11.11.11
HYD-1 (config-rtr) # exit
HYD-1 (config) # interface fastethernet 0/0
HYD-1 (config-if) # ipv6 ospf 2 area 0
HYD-1 (config-if) # exit
HYD-1 (config) # interface fastethernet 0/1
HYD-1 (config-if) # ipv6 ospf 2 area 0
HYD-1 (config-if) # end
HYD-1 #

HYD-2 – Configuration
HYD-2 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-2 (config) # ipv6 unicast-routing
HYD-2 (config) # ipv6 router ospf 2
HYD-2 (config-rtr) # router-id 22.22.22.22
HYD-2 (config-rtr) # exit
HYD-2 (config) # interface fastethernet 0/0
HYD-2 (config-if) # ipv6 ospf 2 area 0
HYD-2 (config-if) # exit
HYD-2 (config) # interface fastethernet 0/1
HYD-2 (config-if) # ipv6 ospf 2 area 0
HYD-2 (config-if) # end
HYD-2 #
Verify OSPFv3 on IPv6 Network
Once OSPF routing is enabled, IPv6 Networks learnt via OSPF are added into the routing table. “O”
represents OSPF route.

HYD-1 – Verification:

HYD-1 # show ip route

IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2001:1111::/64 [0/0]
via FastEthernet0/0, directly connected
L 2001:1111::1/128 [0/0]
via FastEthernet0/0, receive
O 2001:2222::/64 [110/2]
via FE80::21C:F6FF:FE85:1FA1, FastEthernet0/1
C 2001:5555::/64 [0/0]
via FastEthernet0/1, directly connected
L 2001:5555::1/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
HYD-1 #

HYD-2 – Verification:

HYD-2 # show ipv6 route

IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O 2001:1111::/64 [110/2]
via FE80::21B:2AFF:FEA4:2FE9, FastEthernet0/1
C 2001:2222::/64 [0/0]
via FastEthernet0/0, directly connected
L 2001:2222::1/128 [0/0]
via FastEthernet0/0, receive
C 2001:5555::/64 [0/0]
via FastEthernet0/1, directly connected
L 2001:5555::2/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
HYD-2#
Verify communication between the IPv6 networks

Verification from a Computer in HYD-1 Network

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux)

PING 2001:2222::10(2001:2222::10) 56 data bytes

64 bytes from 2001:2222::10: icmp_seq=1 ttl=62 time=0.494 ms
64 bytes from 2001:2222::10: icmp_seq=2 ttl=62 time=0.361 ms
64 bytes from 2001:2222::10: icmp_seq=3 ttl=62 time=0.335 ms
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms

Verification from a Computer in HYD-2 Network

ping 2001:1111::10 (Windows) or ping6 2001:1111::10 (Linux)

PING 2001:1111::10(2001:1111::10) 56 data bytes

64 bytes from 2001:1111::10: icmp_seq=1 ttl=62 time=0.494 ms
64 bytes from 2001:1111::10: icmp_seq=2 ttl=62 time=0.361 ms
64 bytes from 2001:1111::10: icmp_seq=3 ttl=62 time=0.335 ms
64 bytes from 2001:1111::10: icmp_seq=4 ttl=62 time=0.336 ms

From a Computer in HYD-1 Network trace communication path to a Computer in HYD-2 Network

tracert 2001:2222::10 (Windows) or traceroute6 2001:2222::10 (Linux)

traceroute to 2001:2222::10 (2001:2222::10), 30 hops max, 80 byte packets

1 2001:1111::1 (2001:1111::1) 2.825 ms 3.239 ms 3.665 ms
2 2001:5555::2 (2001:5555::2) 9.086 ms 9.393 ms 9.642 ms
3 2001:2222::10 (2001:2222::10) 9.781 ms 10.474 ms 10.720 ms

From a Computer in HYD-2 Network trace communication path to a Computer in HYD-1 Network

tracert 2001:1111::10 (Windows) or traceroute6 2001:1111::10 (Linux)

traceroute to 2001:1111::10 (2001:1111::10), 30 hops max, 80 byte packets

1 2001:2222::1 (2001:2222::1) 1.071 ms 1.152 ms 1.238 ms
2 2001:5555::1 (2001:5555::1) 4.303 ms 4.930 ms 5.419 ms
3 2001:1111::10 (2001:1111::10) 10.832 ms 11.444 ms 11.541 ms
Verify OSPF Neighbour and Database Table on IPv6 Network

HYD-1 – Verification:

HYD-1 # show ipv6 ospf neighbor

Neighbor ID Pri State Dead Time Interface ID Interface
22.22.22.22 1 FULL/DR 00:00:34 4 FastEthernet0/1
HYD-1 #

HYD-1 # show ipv6 ospf database

OSPFv3 Router with ID (11.11.11.11) (Process ID 2)

Router Link States (Area 0)

ADV Router Age Seq# Fragment ID Link count Bits

11.11.11.11 234 0x80000002 0 1 None
22.22.22.22 233 0x80000002 0 1 None

Net Link States (Area 0)

ADV Router Age Seq# Link ID Rtr count

22.22.22.22 233 0x80000001 4 2
HYD-2#

HYD-2 – Verification:

HYD-2 # show ipv6 ospf neighbor

Neighbor ID Pri State Dead Time Interface ID Interface
11.11.11.11 1 FULL/BDR 00:00:34 4 FastEthernet0/1
HYD-2 #

HYD-2 # show ipv6 ospf database

OSPFv3 Router with ID (22.22.22.22) (Process ID 2)

Router Link States (Area 0)

ADV Router Age Seq# Fragment ID Link count Bits

11.11.11.11 234 0x80000002 0 1 None
22.22.22.22 233 0x80000002 0 1 None

Net Link States (Area 0)

ADV Router Age Seq# Link ID Rtr count

22.22.22.22 233 0x80000001 4 2

HYD-2#
 Lab 17: Initial Configuration of Switch
OBJECTIVE:
To get familiar with Cisco Switch IOS modes and configure a New Switch with basic configuration i.e.
assigning management IP address to the switch and configure passwords etc.

TOPOLOGY:
Setup console and ethernet connectivity for the lab as below:

TASK:
 Establish console connectivity
 Access switch via console with an emulation software
 Get familiar with Cisco Switch IOS Modes and Show commands
 Configure Hostname and VLAN 1 Interface IP address
 Configure Connectivity Passwords
 Configure Privilege Mode / Enable Password
 Save configuration on the switch
 Access the Switch via Telnet
Establish console connectivity
Establish console connectivity by connecting switch console port to PC Com Port with console cable.

Access switch via console with an emulation software

Configure the following parameters in emulation software for accessing switch via console port.

Parameters Console Port Settings

Baud 9600

Data bits 8

Parity None

Stop bits 1

Accessing switch via console from Microsoft Windows Computer

 Start a terminal emulator application, such as PUTTY.exe
 Select Serial option and set speed to 9600.
 Click Open

 Once emulation software is ready, Power-ON the switch.

Accessing switch via console from Linux Computer

 From the terminal enter the below command
# minicom

 Once emulation software is ready, Power-ON the Switch.

Getting familiar with Cisco Switch IOS Modes and show commands

After the switch boots-up completely, (on a new Cisco Switch) it enters user mode as below:

Switch>

To navigate into Privilege mode/Executive Mode from User Mode

Switch >enable
Switch #

To view switch IOS and hardware information

Switch # show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Fri 21-Oct-05 01:59 by yenanh
Image text-base: 0x80010000, data-base: 0x80568000

ROM: Bootstrap program is C2950 boot loader

Switch uptime is 4 minutes

System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.121-22.EA6.bin"

cisco WS-C2950-24 (RC32300) processor (revision G0) with 21013K bytes of memory.
Processor board ID FOC0638Z0TB
Last reset from system-reset
Running Standard Image
24 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:0A:F4:C5:94:C0
Motherboard assembly number: 73-5781-11
Power supply part number: 34-0965-01
Motherboard serial number: FOC06380AZK
Power supply serial number: DAB06347236
Model revision number: G0
Motherboard revision number: A0
Model number: WS-C2950-24
System serial number: FOC0638Z0TB
Configuration register is 0xF

Switch #
To view switch flash Information
Switch # show flash

Directory of flash:/
1 -rwx 3110758 Mar 01 1993 08:30:59 +00:00 c2950-i6q4l2-mz.121-22.EA6.bin
2 -rwx 564 Mar 01 1993 00:00:28 +00:00 vlan.dat

7741440 bytes total (4628480 bytes free)

Switch #

To view switch current configuration (RAM)

Switch # show running-config
Building configuration...

Current configuration : 1071 bytes

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
<output omitted>
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 5 15
!
end
Switch #
To view switch startup configuration (NVRAM)
Switch # show startup-config
startup-config is not present

To view detailed interface information (i.e. Vlan, interface status, etc.)

Switch # show interface status

Port Name Status Vlan Duplex Speed Type

Fa0/1 connected 1 a-full a-100 10/100BaseTX
Fa0/2 connected 1 a-full a-100 10/100BaseTX
Fa0/3 connected 1 a-full a-100 10/100BaseTX
Fa0/4 connected 1 a-full a-100 10/100BaseTX
Fa0/5 connected 1 a-full a-100 10/100BaseTX
Fa0/6 notconnect 1 auto auto 10/100BaseTX
Fa0/7 notconnect 1 auto auto 10/100BaseTX
Fa0/8 notconnect 1 auto auto 10/100BaseTX
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 connected 1 a-half a-10 10/100BaseTX
Fa0/11 connected 1 a-half a-10 10/100BaseTX
Fa0/12 connected 1 a-half a-10 10/100BaseTX
Fa0/13 connected 1 a-half a-10 10/100BaseTX
Fa0/14 notconnect 1 auto auto 10/100BaseTX
Fa0/15 notconnect 1 auto auto 10/100BaseTX
Fa0/16 notconnect 1 auto auto 10/100BaseTX
Fa0/17 notconnect 1 auto auto 10/100BaseTX
Fa0/18 notconnect 1 auto auto 10/100BaseTX
Fa0/19 notconnect 1 auto auto 10/100BaseTX
Fa0/20 notconnect 1 auto auto 10/100BaseTX
Fa0/21 notconnect 1 auto auto 10/100BaseTX
Fa0/22 notconnect 1 auto auto 10/100BaseTX
Fa0/23 notconnect 1 auto auto 10/100BaseTX
Fa0/24 notconnect 1 auto auto 10/100BaseTX
Switch #

Switch2960 (config) # ip default-gateway 172.16.10.1

Switch2960 (config-if) # description Finance VLAN

THE MDIX AUTO COMMAND

Switch2960 (config-if) # mdix auto

NOTE: The Auto-MDIX feature is enabled by default on switches running Cisco IOS Release
12.2(18) SE or later. For releases between Cisco IOS Release 12.1(14) EA1 and
12.2(18) SE, the Auto-MDIX feature is disabled by default.
To view Mac Address Table
Switch # show mac-address-table
 Mac Address Table
---------------------------------------------------------------
Vlan Mac Address Type Ports
---------------------------------------------------------------
All 000a.f4c5.94c0 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 0002.4b60.d100 DYNAMIC Fa0/13
1 0002.fd73.7f20 DYNAMIC Fa0/11
1 0010.7bb3.6f20 DYNAMIC Fa0/12
1 001c.c012.4f54 DYNAMIC Fa0/4
1 0030.9476.f160 DYNAMIC Fa0/10
Total Mac Addresses for this criterion: 5
Switch #

Switch-50#show mac-address-table aging-time

Global Aging Time: 300
Vlan Aging Time
---- ----------
ALL 300

Switch-50#show mac-address-table count

Mac Entries for Vlan 1:
---------------------------
Dynamic Address Count: 20
Static Address Count: 0
Total Mac Addresses : 20

Total Mac Address Space Available: 8170

Switch-50#
Switch-50#show mac-address-table dynamic
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----
1 0008.219e.c780 DYNAMIC Fa0/16
1 000d.bc8c.a618 DYNAMIC Fa0/18
1 000f.23d2.2200 DYNAMIC Fa0/23
1 0011.2018.67e0 DYNAMIC Fa0/14

MANAGING THE MAC ADDRESS TABLE

Switch# show mac address-table
Switch# clear mac address-table
Switch# clear mac address-table dynamic

Configure Hostname and VLAN 1 Interface IP address

To change the Host Name of Switch

Switch # configure terminal
Switch (config) # hostname SW1
SW1 (config) #

To configure IP address on Interface VLAN 1

SW1 (config) # interface vlan 1
SW1 (config-if) # ip address 192.168.20.50 255.255.255.0
SW1 (config-if) # no shutdown
SW1 (config-if) #exit

Configure Connectivity Passwords

To configure telnet password

SW1 (config) # line vty 0 15
SW1 (config-line) # password zoom
SW1 (config-line) #login
SW1 (config-line) #exit

To configure console password

SW1 (config) # line console 0
SW1 (config-line) # password zoom
SW1 (config-line) #login
SW1 (config-line) # exit

Configure Privilege Mode / Enable Password

Configure privilege password

SW1 (config) #enable password ccna
SW1 (config) #enable secret zoom
Configure Default Gateway and Description on Interface
Configure speed on interface

SW1 (config)#interface fastethernet 0/1

SW1 (config-if)#speed (10/100/1000)

configure half duplex full duplex and auto

SW1 (config)#interface fastethernet 0/0

SW1 (config-if)#duplex (Full/Half/Auto)

SW1 (config) # ip default-gateway 192.168.20.1

SW1 (config) # interface fastethernet 0/24

SW1 (config-if) # description Link to SW2
SW1 (config-if) # end

Save configuration on the switch

To save configuration on switch

SW1 # copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

[OK]
SW1 #

To view switch startup configuration (NVRAM)

SW1 # show startup-config
Building configuration...
Current configuration : 1230 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW1
!
enable secret 5 $1$HYD-1we$Mk0jdo9UpDL1T7kqcKHhk1
enable password ccna
!
ip subnet-zero
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
!
<output omitted>
!
interface FastEthernet0/23
!
interface FastEthernet0/24
description Link to SW2
!
interface Vlan1
ip address 192.168.20.50 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.20.1
ip http server
!
line con 0
password zoom
login
line vty 0 4
password zoom
login
line vty 5 15
password zoom
login
!
!
end

Access the Switch via Telnet

 Access switch via telnet by giving the following command on a Windows or Linux computer.
telnet 192.168.20.50
 Lab 18: VLAN and Trunking

OBJECTIVE:
To configure VLANs and trunking in a switched network.

TOPOLOGY:
Setup Switch and Computer connectivity for the lab as below:

TASK:
 Verify communication between the computers connected to same as well as a different switch.
 Verify Default VLAN information
 Configure and Implement VLANs
 Verify communication between the computers connected to same switch.
 Configure Trunking
 Verify communication between the computers connected to different switches.
Verify communication between the computers connected to same and different switches

From 192.168.20.1 computer (i.e. PC1) ping computers on the same switch
ping 192.168.20.2

PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.

64 bytes from 192.168.20.2: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.2: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.2: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.2: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.20.3

PING 192.168.20.3 (192.168.20.3) 56(84) bytes of data.

64 bytes from 192.168.20.3: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.3: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.3: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.3: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.20.5

PING 192.168.20.5 (192.168.20.5) 56(84) bytes of data.

64 bytes from 192.168.20.5: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.5: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.5: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.5: icmp_seq=4 ttl=62 time=24.0 ms

From 192.168.20.1 computer (i.e. PC1) ping computers on the other switch

ping 192.168.20.12

PING 192.168.20.12 (192.168.20.12) 56(84) bytes of data.

64 bytes from 192.168.20.12: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.12: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.12: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.12: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.20.13

PING 192.168.20.13 (192.168.20.13) 56(84) bytes of data.

64 bytes from 192.168.20.13: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.13: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.13: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.13: icmp_seq=4 ttl=62 time=24.0 ms
ping 192.168.20.15

PING 192.168.20.15 (192.168.20.15) 56(84) bytes of data.

64 bytes from 192.168.20.15: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.15: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.15: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.15: icmp_seq=4 ttl=62 time=24.0 ms

Verify Default VLAN information

To view existing VLAN and port assigned to VLAN

SW1 – Verification:

SW1 # show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9,
Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17,
Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23,Fa0/24
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
SW1 #

SW2 – Verification:

SW2 # show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9,
Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17,
Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23,Fa0/24
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
SW2 #
Configure and Implement VLAN

SW1 – Configuration
SW1 #configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config) # vlan 10
SW1 (config-vlan) # name SALES
SW1 (config-vlan) #exit
SW1 (config) # vlan 20
SW1 (config-vlan) # name MKTG
SW1 (config-vlan) #exit
SW1 (config) #

SW1 (config) # interface range fastethernet 0/1 -2

SW1 (config-if-range) # switchport mode access
SW1 (config-if-range) # switchport access vlan 10
SW1 (config-if-range) # exit
SW1(config) #
SW1 (config) # interface range fastethernet 0/5 -6
SW1 (config-if-range) # switchport mode access
SW1 (config-if-range) # switchport access vlan 20
SW1 (config-if-range) # exit

SW2 – Configuration
SW2 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2 (config) # vlan 10
SW2 (config-vlan) # name SALES
SW2 (config-vlan) #exit
SW2 (config) # vlan 20
SW2 (config-vlan) # name MKTG
SW2 (config-vlan) #exit
SW2 (config) #

SW2 (config) # interface range fastethernet 0/1 -2

SW2 (config-if-range) # switchport mode access
SW2 (config-if-range) # switchport access vlan 10
SW2 (config-if-range) # exit
SW2(config) #
SW2 (config) # interface range fastethernet 0/5 -6
SW2 (config-if-range) # switchport mode access
SW2 (config-if-range) # switchport access vlan 20
SW2 (config-if-range) # exit
To view existing VLAN and port assigned to VLAN
SW1 – Verification:

SW1 # show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13,
Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24
10 SALES active Fa0/1, Fa0/2
20 MKTG active Fa0/5, Fa0/6
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
SW1 #

SW1 # show interface fastethernet 0/1 switchport

Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (SALES)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

SW1 #
SW2 – Verification:

SW2 # show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13,
Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24
10 SALES active Fa0/1, Fa0/2
20 MKTG active Fa0/5, Fa0/6
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
SW2 #

SW2 # show interface fastethernet 0/1 switchport

Name: Fa0/5
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 20 (MKTG)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

SW2 #
Verify communication between the computers connected to same switch.

From 192.168.20.1 computer (i.e. PC1)

ping 192.168.20.2

PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.

64 bytes from 192.168.20.2: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.2: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.2: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.2: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.20.3

PING 192.168.20.3 (192.168.20.3) 56(84) bytes of data.

From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable

ping 192.168.20.5

PING 192.168.20.5 (192.168.20.5) 56(84) bytes of data.

From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable

From 192.168.20.6 computer (i.e. PC6)

ping 192.168.20.2

PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.

From 192.168.20.6 icmp_seq=1 Destination Host Unreachable
From 192.168.20.6 icmp_seq=2 Destination Host Unreachable
From 192.168.20.6 icmp_seq=3 Destination Host Unreachable
From 192.168.20.6 icmp_seq=3 Destination Host Unreachable

ping 192.168.20.5

PING 192.168.20.5 (192.168.20.5) 56(84) bytes of data.

64 bytes from 192.168.20.5: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.5: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.5: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.5: icmp_seq=4 ttl=62 time=24.0 ms
Configure Trunking

SW1 – Configuration
SW1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config)# interface fastethernet 0/24
SW1 (config-if)# switchport mode trunk
SW1 (config-if)# switchport trunk allowed vlan all
SW1 (config-if)# ^Z
SW1 #

SW2 – Configuration
SW2 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2 (config)# interface fastethernet 0/24
SW2 (config-if)# switchport mode trunk
SW2 (config-if)# switchport trunk allowed vlan all
SW2 (config-if)# ^Z
SW2 #

Verify trunk configuration

SW1 – Verification:

SW1 # show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/24 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/24 1-4094

Port Vlans allowed and active in management domain

Fa0/24 1,10,20

Port Vlans in spanning tree forwarding state and not pruned

Fa0/24 none

SW1 #
SW1 # show interface fastethernet 0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

SW1 #

SW2 – Verification:

SW2 # show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/24 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/24 1-4094

Port Vlans allowed and active in management domain

Fa0/24 1,10,20

Port Vlans in spanning tree forwarding state and not pruned

Fa0/24 none
SW2 #
SW2 # show interface fastethernet 0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

SW2 #
Verify communication between the computers connected to different switch.

From 192.168.20.1 computer (i.e. PC1)

ping 192.168.20.12

PING 192.168.20.12 (192.168.20.12) 56(84) bytes of data.

64 bytes from 192.168.20.12: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.12: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.12: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.12: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.20.13

PING 192.168.20.13 (192.168.20.13) 56(84) bytes of data.

From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable

ping 192.168.20.15

PING 192.168.20.15 (192.168.20.15) 56(84) bytes of data.

From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable

Switch# show vlan id 2

Switch# show vlan name marketing
SETTING THE VLAN ENCAPSULATION TYPE
Switch3650 (config-if) # switchport mode trunk
Switch3650 (config-if) # switchport trunk encapsulation isl / dot1q
 Lab 19: Voice VLAN Configuration

OBJECTIVE:

Creation and implementation of voice vlan

TOPOLOGY:

TASK:
 Verify communication between the computers connected to same as well as a different switch.
 Verify Default VLAN information
 Configure and Implement VLANs
 Verify communication between the computers connected to same switch.
 Configure Trunking
 Verify communication between the computers connected to different switches.

Data & Voice vlan Configuration:

voice and data vlan creation
SW1(config)#vlan 100
SW1(config-vlan)#name data
SW1(config-vlan)#exit
SW1(config)#vlan 101
SW1(config-vlan)#name voice
SW1(config-vlan)#exit

Data & Voice vlan Implementation

SW1(config)#interface fastethernet 0/1

SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 100
SW1(config-if)#switchport voice vlan 101
SW1(config-if)#exit
sw-1(config)#exit
Sw-1#

Verifying Data & Voice vlan Configuration

Verification:

SW-1#show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
100 DATA active Fa0/1
101 Voice active Fa0/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW-1#

SW-1#show interfaces fastEthernet 0/1 switchport

Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down (suspended member of bundle Po3)
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 100 (DATA)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: 101 (Voice)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
SW-1#

SW-1#show running-config
Building configuration...
Current configuration : 1374 bytes
!
interface FastEthernet0/1
switchport mode access
switchport access vlan 100
switchport voice vlan 101
interface FastEthernet0/2
interface FastEthernet0/3
--More--
 Lab 20: Dynamic Trunking Protocol (DTP)

OBJECTIVE:
To configure Dynamic trunking protocol in a switched network.

TOPOLOGY:
Setup Switch and Computer connectivity for the lab as below:

Pre-requisite: VLAN and Trunking configuration to be done on the Switch (LAB – 20)

TASK:
 Configure Dynamic Trunking Protocol (DTP)
 Verify communication between the computers connected to different switches.
Configure DTP Trunking

SW1 – Configuration
SW1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config)# interface fastethernet 0/24
SW1 (config-if)# switchport mode dynamic desirable
SW1 (config-if)# end
SW1 #

SW2 – Configuration
SW2 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2 (config)# interface fastethernet 0/24
SW2 (config-if)# switchport mode dynamic auto
SW2 (config-if)# end
SW2 #

Verify DTP Trunk configuration

SW1 – Verification:

SW1 # show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/24 desirable 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/24 1-4094

Port Vlans allowed and active in management domain

Fa0/24 1,10,20

Port Vlans in spanning tree forwarding state and not pruned

Fa0/24 none

SW1 #
SW1 # show interface fastethernet 0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

SW1 #

SW2 – Verification:

SW2 # show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/24 Auto 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/24 1-4094

Port Vlans allowed and active in management domain

Fa0/24 1,10,20

Port Vlans in spanning tree forwarding state and not pruned

Fa0/24 none
SW2 #
SW2 # show interface fastethernet 0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

SW2 #
Verify communication between the computers connected to different switch.

From 192.168.20.1 computer (i.e. PC1)

ping 192.168.20.12

PING 192.168.20.12 (192.168.20.12) 56(84) bytes of data.

64 bytes from 192.168.20.12: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.20.12: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.20.12: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.20.12: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.20.13

PING 192.168.20.13 (192.168.20.13) 56(84) bytes of data.

From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable

ping 192.168.20.15

PING 192.168.20.15 (192.168.20.15) 56(84) bytes of data.

From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
 Lab 21: VLAN Trunking Protocol (VTP)

OBJECTIVE:
To implement VTP domain name and password on switches across the network.

TOPOLOGY:
Setup Switch connectivity for the lab as below:

Pre-requisite: VLAN and Trunking configuration to be done on the Switch (LAB – 20)

TASK:
 Configure VTP domain name and password
 Verify the working of VTP
Configure VTP Domain Name and Password

SW1 – VTP Server Configuration

SW1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config) # vtp domain ZOOM
Changing VTP domain name from null to ZOOM
SW1 (config) # vtp password CCNA
Setting device VLAN database password to CCNA
SW1 (config) # ^Z
SW1 #

SW2 – VTP Client Configuration

SW2 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SW2 (config) # vtp domain ZOOM
Changing VTP domain name from null to ZOOM
SW2 (config) # vtp password CCNA
Setting device VLAN database password to CCNA
SW2 (config) # vtp mode client
Setting device to VTP CLIENT mode.
SW2 (config) # ^Z
SW2 #

SW1 – Verification:
SW1 # show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : ZOOM
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x4C 0x9A 0xF5 0x6A 0x05 0xBA 0x83 0xE3
Configuration last modified by 192.168.20.50 at 3-1-93 02:26:12
SW1#

SW1 # show vtp password

VTP Password: CCNA
SW1#
SW2 – Verification:
SW2 # show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Client
VTP Domain Name : ZOOM
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x4C 0x9A 0xF5 0x6A 0x05 0xBA 0x83 0xE3
Configuration last modified by 192.168.20.50 at 3-1-93 02:26:12
Local updater ID is 192.168.20.50 on interface Vl1 (lowest numbered VLAN interface found)
SW1#

SW2 # show vtp password

VTP Password: CCNA
SW2#

Verify the working of VTP

Create VLANs on Server Switch i.e. SW1 and verify that these VLANs are automatically available on
Client Switch i.e. SW2.

SW1 – Configuration
SW1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config) # vlan 10
SW1 (config-vlan) # name SALES
SW1 (config-vlan) #exit
SW1 (config) # vlan 20
SW1 (config-vlan) # name MKTG
SW1 (config-vlan) #exit
SW1 (config) #
SW1 – Verification:

SW1 # show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13,
Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24
10 SALES active
20 MKTG active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
SW1 #

SW2 – Verification:

SW2 # show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13,
Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24
10 SALES active
20 MKTG active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
SW2 #

Try to create VLANs on Client Switch i.e. SW2

SW2 – Verification:

SW2 (config) # vlan 100

VTP VLAN configuration not allowed when device is in CLIENT mode.

VLAN TRUNKING PROTOCOL (VTP)

Switch (config) # vtp version <number>

Switch 2960# vtp primary-server

Switch 2960# vtp primary-server vlan
Switch 2960# vtp primary-server mst
Switch 2960# vtp primary-server force
Switch 2960# vtp primary
Switch 2960# vtp pruning
 Lab 22: Router on a Stick (Inter-VLAN Routing)

OBJECTIVE:
To configure inter-vlan routing for communication between VLANs, by configuring sub interfaces on a
router.

TOPOLOGY:
Setup connectivity for the lab as below:

Pre-requisite: VLAN configuration to be done on the switch (LAB – 20)

TASK:
 Verify communication between the computers in Different VLAN
 Configure Sub Interfaces and IP Routing on Router
 Verify communication between the computers in Different VLAN
Verify communication between the computers in Different VLAN

From 192.168.110.1 computer (i.e. PC1)

ping 192.168.110.2

PING 192.168.110.2 (192.168.110.2) 56(84) bytes of data.

64 bytes from 192.168.110.2: icmp_seq=1 ttl=64 time=24.0 ms
64 bytes from 192.168.110.2: icmp_seq=2 ttl=64 time=24.0 ms
64 bytes from 192.168.110.2: icmp_seq=3 ttl=64 time=24.1 ms
64 bytes from 192.168.110.2: icmp_seq=4 ttl=64 time=24.0 ms

ping 192.168.120.2

PING 192.168.120.2 (192.168.120.2) 56(84) bytes of data.

From 192.168.120.2 icmp_seq=1 Destination Host Unreachable
From 192.168.120.2 icmp_seq=2 Destination Host Unreachable
From 192.168.120.2 icmp_seq=3 Destination Host Unreachable
From 192.168.120.2 icmp_seq=3 Destination Host Unreachable

From 192.168.120.1 computer (i.e. PC5)

ping 192.168.110.2

PING 192.168.110.2 (192.168.110.2) 56(84) bytes of data.

From 192.168.110.2 icmp_seq=1 Destination Host Unreachable
From 192.168.110.2 icmp_seq=2 Destination Host Unreachable
From 192.168.110.2 icmp_seq=3 Destination Host Unreachable
From 192.168.110.2 icmp_seq=3 Destination Host Unreachable

ping 192.168.120.2

PING 192.168.120.2 (192.168.120.2) 56(84) bytes of data.

64 bytes from 192.168.120.2: icmp_seq=1 ttl=64 time=24.0 ms
64 bytes from 192.168.120.2: icmp_seq=2 ttl=64 time=24.0 ms
64 bytes from 192.168.120.2: icmp_seq=3 ttl=64 time=24.1 ms
64 bytes from 192.168.120.2: icmp_seq=4 ttl=64 time=24.0 ms
Configure Sub Interfaces and IP Routing on Router

ROUTER – Configuration

ROUTER (config) # interface FastEthernet 0/0

ROUTER (config-if) # no shutdown
ROUTER (config-if) # exit
ROUTER (config) # interface FastEthernet 0/0.1
ROUTER (config-subif) # encapsulation dot1q 10
ROUTER (config-subif) # ip address 192.168.110.254 255.255.255.0
ROUTER (config-subif) # exit
ROUTER (config) # interface FastEthernet 0/0.2
ROUTER (config-subif) # encapsulation dot1q 20
ROUTER (config-subif) # ip address 192.168.120.254 255.255.255.0
ROUTER (config-subif) # exit
ROUTER (config) # ip routing
ROUTER (config) #

ROUTER – Verification
ROUTER # show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.110.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.110.0/24 is directly connected, FastEthernet0/0.1
L 192.168.110.254/32 is directly connected, GigabitEthernet0/0.1
192.168.120.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.120.0/24 is directly connected, FastEthernet0/0.2
L 192.168.120.254/32 is directly connected, GigabitEthernet0/0.2
Router #
Verify communication between the computers in Different VLAN

From 192.168.110.1 computer (i.e. PC1)

ping 192.168.110.2

PING 192.168.110.2 (192.168.110.2) 56(84) bytes of data.

64 bytes from 192.168.110.2: icmp_seq=1 ttl=64 time=24.0 ms
64 bytes from 192.168.110.2: icmp_seq=2 ttl=64 time=24.0 ms
64 bytes from 192.168.110.2: icmp_seq=3 ttl=64 time=24.1 ms
64 bytes from 192.168.110.2: icmp_seq=4 ttl=64 time=24.0 ms

ping 192.168.120.2

PING 192.168.120.2 (192.168.120.2) 56(84) bytes of data.

64 bytes from 192.168.120.2: icmp_seq=1 ttl=63 time=24.0 ms
64 bytes from 192.168.120.2: icmp_seq=2 ttl=63 time=24.0 ms
64 bytes from 192.168.120.2: icmp_seq=3 ttl=63 time=24.1 ms
64 bytes from 192.168.120.2: icmp_seq=4 ttl=63 time=24.0 ms

From 192.168.120.1 computer (i.e. PC5)

ping 192.168.110.2

PING 192.168.110.2 (192.168.110.2) 56(84) bytes of data.

64 bytes from 192.168.110.2: icmp_seq=1 ttl=63 time=24.0 ms
64 bytes from 192.168.110.2: icmp_seq=2 ttl=63 time=24.0 ms
64 bytes from 192.168.110.2: icmp_seq=3 ttl=63 time=24.1 ms
64 bytes from 192.168.110.2: icmp_seq=4 ttl=63 time=24.0 ms

ping 192.168.120.2

PING 192.168.120.2 (192.168.120.2) 56(84) bytes of data.

64 bytes from 192.168.120.2: icmp_seq=1 ttl=64 time=24.0 ms
64 bytes from 192.168.120.2: icmp_seq=2 ttl=64 time=24.0 ms
64 bytes from 192.168.120.2: icmp_seq=3 ttl=64 time=24.1 ms
64 bytes from 192.168.120.2: icmp_seq=4 ttl=64 time=24.0 ms
 Lab 23: Routing Between VLANs using Multilayer Switch

OBJECTIVE:

To enable communication between different vlans with the help of Multi Layer SW-1.

TOPOLOGY:

TASK:
 Verify communication between the computers in Different VLAN
 Configure Swtich Virtual Interface and IP Routing on Router
 Verify communication between the computers in Different VLAN

Configuring VLAN in the Multilayer Switch (Layer 2 VLAN)

Configuration:
Vlan creation
SW-1(config)#vlan 10
SW-1(config-vlan)#name sales
SW-1(config-vlan)#exit
SW-1(config)#
SW-1(config)#vlan 20
SW-1(config-vlan)#name IT
SW-1(config-vlan)#exit
SW-1(config t)#
Implementing Layer 2 VLAN

vlan implementation
SW-1(Config)#interface fastethernet 0/1
SW-1(config-if) #switchport mode access
SW-1(config-if)#switchport access vlan 10
SW-1(config-if)#exit
SW-1(config)#
SW-1(config)#interface fastethernet 0/3
SW-1(config-if)#switchport mode access
SW-1(config-if)#switchport access vlan 20
SW-1(config)#exit

Verifing Layer 2 VLAN

Verification
SW-1#show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
10 SALES active Fa0/1
20 IT active Fa0/3

SW-1(config)# Exit
SW-1#

Configuring IP Address to Specific VLAN (SVI)

Assigning ip add to specific vlan

SW-1(config)#interface vlan 10
SW-1(config-if)#ip address 192.168.110.254 255.255.255.0
SW-1(config-if)#exit
SW-1(config)#exit
SW-1#
SW-1(config)#interface vlan 20
SW-1(config-if)#ip address 192.168.120.254 255.255.255.0
SW-1(config-if)#exit
SW-1(config)#exit
SW-1#

Verifing SVI

Verification
SW-1#show running-config
Building configuration...
hostname SW-1
interface FastEthernet0/1
SW-1port access vlan 10
SW-1port mode access
!
interface FastEthernet0/2
!
interface FastEthernet0/3
SW-1port access vlan 20
SW-1port mode access
!
interface FastEthernet0/4

interface Vlan1
ip address 192.168.20.50 255.255.255.0
no ip route-cache
!
interface Vlan10
ip address 192.168.110.254 255.255.255.0
no ip route-cache
interface Vlan20
ip address 192.168.120.254 255.255.255.0
no ip route-cache
SW-1

Routing table
SW-1#show ip route
C 192.168.120.0/24 is directly connected, Vlan20
C 192.168.110.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan1
SW-1#
 Lab 24: Cisco Discovery Protocol (CDP)

OBJECTIVE:
To enable CDP on routers and switches across the network for layer 2 troubleshooting.

TOPOLOGY:
Setup Switch connectivity for the lab as below:

TASK:
 Enable CDP
 Verify CDP information
Enabling CDP

SW1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)# cdp run
SW1 #

Verify CDP information

SW1 – Verification:

SW1 # show cdp neighbor

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

SW2 Fas 0/24 127 SI WS-C2950-2 Fas 0/24
HYD-1 Fas 0/19 145 RSI Cisco 2821 Gig 0/0
BAN Fas 0/13 124 RSI Cisco 2611 Fas 0/0
CHE Fas 0/14 142 R 2610 Eth 0/0
SW1 #

SW1 # show cdp neighbor detail

-----------------------------------------------------------------------------------------------------------------------------------
Device ID: SW2
Entry address(es):
IP address: 192.168.20.51
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/24, Port ID (outgoing port): FastEthernet0/24
Holdtime : 167 sec

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 04-Mar-03 02:14 by yenanh

advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27,
value=00000000FFFFFFFF010221FF000000000000000D28F06840FF0000
VTP Management Domain: 'zoom'
Duplex: full
Management address(es):
-----------------------------------------------------------------------------------------------------------------------------------
Device ID: HYD-1
Entry address(es):
IP address: 192.168.202.1
Platform: Cisco 2821, Capabilities: Router Switch IGMP
Interface: FastEthernet0/19, Port ID (outgoing port): GigabitEthernet0/0
Holdtime : 126 sec

Version :
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1(3)T2, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 10-Aug-11 05:17 by prod_rel_team

advertisement version: 2
VTP Management Domain: ''
Duplex: full
Management address(es):

-----------------------------------------------------------------------------------------------------------------------------------
Device ID: BAN
Entry address(es):
IP address: 192.168.203.1
Platform: Cisco 2611XM, Capabilities: Router Switch IGMP
Interface: FastEthernet0/13, Port ID (outgoing port): FastEthernet0/0
Holdtime : 165 sec

Version :
Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.4(19), RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 29-Feb-08 19:23 by prod_rel_team

advertisement version: 2
VTP Management Domain: ''
Duplex: full
Management address(es):

-----------------------------------------------------------------------------------------------------------------------------------
Device ID: CHE
Entry address(es):
IP address: 192.168.201.1
Platform: cisco 2610, Capabilities: Router
Interface: FastEthernet0/14, Port ID (outgoing port): Ethernet0/0
Holdtime : 122 sec

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.1(4), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 30-Aug-00 14:11 by cmong

advertisement version: 2
Duplex: half
Management address(es):
 Lab 25: Spanning Tree Protocol (STP)

OBJECTIVE:
To understand the default behaviour of STP and how a root bridge election takes place.

TOPOLOGY:
Setup Switch connectivity for the lab as below:

TASK:
 Verify STP behaviour
 Change Priority to force a particular switch to become the Root Bridge
 Verify STP
Verify STP default behaviour

SW1 – Verification:
SW1 # show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000c.8577.2040
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000d.28f0.6840
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/11 Desg LIS 19 128.11 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
SW1 #

SW2 – Verification:
SW2 # show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000c.8577.2040
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000c.8577.2040
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p
SW2 #
Configuring particular switch to become the Root Bridge
We can configure a switch to become the Root Bridge by giving root primary command which sets
best bridge priority to become the root bridge. The switch with the lowest priority becomes the Root
Bridge with all ports in forwarding state.

SW1 – Configuration
SW1 (config) # spanning-tree vlan 1 root primary
SW1 (config) # end
SW1 #

SW2 – Configuration
SW2 (config) # spanning-tree vlan 1 root secondary
SW2 (config) # end
SW2 #

Verify STP

SW1 – Verification:
SW1 # show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 4097
Address 000d.28f0.6840
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4096 (priority 4096 sys-id-ext 1)

Address 000d.28f0.6840
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/11 Desg LIS 19 128.11 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p

SW1 #
SW2 – Verification:
SW2 # show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 4097
Address 000d.28f0.6840
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)

Address 000c.8577.2040
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p

SW2 #

CHANGING THE SPANNING-TREE MODE

Switch (config) # spanning-tree mode pvst
Switch (config) # spanning-tree mode mst
Switch (config) # spanning-tree mode rapid-pvst

CONFIGURING THE ROOT SWITCH

Switch (config) # spanning-tree vlan 5 root {primary | secondary}

CONFIGURING PORT PRIORITY

Switch (config) # interface gigabit Ethernet 0/1
Switch (config-if) # spanningtree portpriority 64
Switch (config-if) # spanningtree vlan 5 port-priority 64

CONFIGURING THE PATH COST

Switch (config) # interface gigabit etherne t 0/1
Switch (config-if) # spannin g-tree cost 100000
Switch (config-if) # spannin g-tree vlan 5 cost 1500000

CONFIGURING THE SWITCH PRIORITY OF A VLAN

Switch(config)# spanning-tree vlan 5 priority 12288

CONFIGURING STP TIMERS

Switch(config)# spanning-tree vlan 5 hello-time 4
Switch(config)# spanning-tree vlan 5 forward-time 20
Switch(config)# spanning-tree vlan 5 max-age 25

VERIFYING STP
Switch# show spanning-tree Displays STP information
Switch# show spanning-tree active Displays STP information on active interfaces only
Switch# show spanning-tree bridge Displays status and configuration of this bridge
Switch# show spanning-tree detail Displays a detailed summary of interface information
Switch# show spanning-tree interface gigabitethernet 1/0/1

Displays STP information for interface gigabitethernet 1/0/1

Switch# show spanning-tree summary Displays a summary of port states
Switch# show spanning-tree summary totals Displays the total lines of the STP section
Switch# show spanning-tree vlan 5 Displays STP information for VLAN 5
 Lab 26: Portfast and BPDU Guard

OBJECTIVE:
To understand the states of port in STP and difference after configuring Portfast and BPDU Guard.

TOPOLOGY:
Setup Switch connectivity for the lab as below:

TASK:
 Verify states of port in STP
 Configuring Postfast and BPDU guard for an Interface
 Verify states of port in STP
 Configuring Postfast and BPDU guard for a Switch
 Verify Portfast and BPDU Guard configuration for a switch

Note: PortFast is recommended only for those ports which are directly connected to PCs
Verify Port State in STP after enabling Portfast

SW1 – Configuration

SW1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config) # interface fastethernet 0/11
SW1 (config-if) # shutdown
SW1 (config-if) # no shutdown
SW1 (config-if) # end
SW1 #

SW1 – Verification:
Now quickly give show spanning-tree multiple times to view pstates.

SW1 # show spanning-tree

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000c.8577.2040
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000d.28f0.6840
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/11 Desg BLK 19 128.11 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
SW1 #

SW1 # show spanning-tree

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000c.8577.2040
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address 000d.28f0.6840
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/11 Desg LIS 19 128.11 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
SW1 #

SW1 # show spanning-tree

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000c.8577.2040
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000d.28f0.6840
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/11 Desg LRN 19 128.11 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
SW1 #

SW1 # show spanning-tree

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000c.8577.2040
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

 Address 000d.28f0.6840
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
SW1 #

Configuring Postfast and BPDU guard for an Interface

SW1 – Configuration

SW1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config) # interface fastethernet 0/11
SW1 (config-if) # spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast has been configured on FastEthernet0/1 but will only

have effect when the interface is in a non-trunking mode.

SW1 (config-if) # spanning-tree bpduguard enable

SW1 (config-if) # end
SW1 #

Verify Port State in STP after enabling Portfast

SW1 – Configuration

SW1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config) # interface fastethernet 0/11
SW1 (config-if) # shutdown
SW1 (config-if) # no shutdown
SW1 (config-if) # end
SW1 #
SW1 – Verification:
Now quickly give show spanning-tree multiple times to notice that Fa0/11 is placed into FWD state
immediately.

SW1 # show spanning-tree

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000c.8577.2040
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000d.28f0.6840
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/23 Root FWD 19 128.23 P2p
Fa0/24 Altn BLK 19 128.24 P2p
SW1 #

Configuring Postfast and BPDU guard for a Switch

SW1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1 (config) # spanning-tree portfast default

%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.

SW1 (config) # spanning-tree portfast bpduguard default

SW1 (config) # end
SW1 #
Verify Portfast and BPDU Guard configuration for switch

SW1 – Verification:

SW 1 # show spanning-tree summary

Switch is in pvst mode
Root bridge for: VLAN0001, VLAN0010, VLAN0020
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is enabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active

---------------------- ------------- ------------ ------------ ----------------- ----------------
VLAN0001 0 0 0 8 8
VLAN0010 0 0 0 3 3
VLAN0020 0 0 0 3 3
---------------------- ------------- ------------ ------------ ----------------- ----------------
3 vlans 0 0 0 14 14

SW1 #
 Lab 27: Etherchannel

OBJECTIVE:
To configure Etherchannel for link aggregation

TOPOLOGY:
Setup Switch connectivity for the lab as below:

TASK:
 Configure Etherchannel
 Verify Etherchannel
Configure Etherchannel

SW1 – Etherchannel Configuration

SW1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config) # interface range fa 0/23 -24
SW1 (config-if-range) # channel-group 1 mode on
Creating a port-channel interface Port-channel 1
SW1 (config-if-range) # end
SW1 #

SW2 – Etherchannel Configuration

SW2 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SW2 (config) # interface range fa 0/23 -24
SW2 (config-if-range) # channel-group 1 mode on
Creating a port-channel interface Port-channel 1
SW2 (config-if-range) # end
SW2 #

Verify Etherchannel

SW1 – Verification:
SW1 # show etherchannel 1 summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - LayeBAN S - LayeHYD-1
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1

Number of aggregators: 1

Group Port-channel Protocol Ports

---------+------------------------+--------------+----------------------------------------------
1 Po1(SU) - Fa0/23(P) Fa0/24(P)

SW1 #
SW1 # show interface port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 000f.8f16.3c17 (bia 000f.8f16.3c17)
MTU 1500 bytes, BW 200000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 100Mb/s, media type is unknown media type
input flow-control is off, output flow-control is off
Members in this channel: Fa0/23 Fa0/24
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:49, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
247 packets input, 18093 bytes, 0 no buffer
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
222 packets output, 15835 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

SW1 # show etherchannel port-channel

Channel-group listing:
-----------------------------
Group: 1
----------
Port-channels in the group:
------------------------------------

Port-channel: Po1
------------------------
Age of the Port-channel = 0d:00h:10m:05s
Logical slot/port = 1/0 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -

Ports in the Port-channel:

Index Load Port EC state No of bits

------+------+------+------------------+-----------
0 00 Fa0/23 On/FEC 0
0 00 Fa0/24 On/FEC 0

Time since last port bundled: 0d:00h:20m:05s Fa0/24

SW1 # show interface status

Port Name Status Vlan Duplex Speed Type

Fa0/1 notconnect 1 auto auto 10/100BaseTX
Fa0/2 notconnect 1 auto auto 10/100BaseTX
!
<output omitted>
!
Fa0/21 notconnect 1 auto auto 10/100BaseTX
Fa0/22 notconnect 1 auto auto 10/100BaseTX
Fa0/23 connected 1 a-full a-100 10/100BaseTX
Fa0/24 connected 1 a-full a-100 10/100BaseTX
Po1 connected 1 a-full a-100

SW1 # show spanning-tree

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 000c.8577.2040
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000d.28f0.6840
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/19 Desg FWD 19 128.13 P2p
Fa0/20 Desg FWD 19 128.19 P2p
Fa0/21 Root FWD 19 128.23 P2p
Fa0/22 Altn BLK 19 128.24 P2p
Po1 Desg FWD 12 128.65 P2p

SW1 #
SW2 – Verification:
SW2 # show etherchannel 1 summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - LayeBAN S - LayeHYD-1
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1

Number of aggregators: 1

Group Port-channel Protocol Ports

---------+------------------------+--------------+----------------------------------------------
1 Po1(SU) - Fa0/23(P) Fa0/24(P)

SW2 #

SW2 # show interface port-channel 1

Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 000f.8f16.3c17 (bia 000f.8f16.3c17)
MTU 1500 bytes, BW 200000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 100Mb/s, media type is unknown media type
input flow-control is off, output flow-control is off
Members in this channel: Fa0/23 Fa0/24
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:49, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
247 packets input, 18093 bytes, 0 no buffer
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
222 packets output, 15835 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SW2 # show etherchannel port-channel
Channel-group listing:
-----------------------------
Group: 1
----------
Port-channels in the group:
------------------------------------

Port-channel: Po1
------------------------
Age of the Port-channel = 0d:00h:10m:05s
Logical slot/port = 1/0 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -

Ports in the Port-channel:

Index Load Port EC state No of bits

------+------+------+------------------+-----------
0 00 Fa0/23 On/FEC 0
0 00 Fa0/24 On/FEC 0

Time since last port bundled: 0d:00h:20m:05s Fa0/24

SW2 # show interface status

Port Name Status Vlan Duplex Speed Type

Fa0/1 notconnect 1 auto auto 10/100BaseTX
Fa0/2 notconnect 1 auto auto 10/100BaseTX
!
<output omitted>
!
Fa0/21 notconnect 1 auto auto 10/100BaseTX
Fa0/22 notconnect 1 auto auto 10/100BaseTX
Fa0/23 connected 1 a-full a-100 10/100BaseTX
Fa0/24 connected 1 a-full a-100 10/100BaseTX
Po1 connected 1 a-full a-100
SW2 # show spanning-tree

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 4097
Address 000d.28f0.6840
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)

Address 000c.8577.2040
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/19 Desg FWD 19 128.13 P2p
Fa0/20 Desg FWD 19 128.19 P2p
Fa0/21 Root FWD 19 128.23 P2p
Fa0/22 Altn BLK 19 128.24 P2p
Po1 Desg FWD 12 128.65 P2p
 Lab 28: Implementing L3 Etherchannel

OBJECTIVE:

Implementing L3 Etherchannel to Enhance the bandwidth

TOPOLOGY:

TASK:
 Configure L3 Etherchannel
 Verify L3 Etherchannel

Configuring Layer 3 Etherchannel

Configuration:

SW-1 configuration
SW-1(config)#interface range fastethernet 0/23 -24
SW-1(config-if-range)#no switchport
SW-1(config-if-range)#channel-group 1 mode on
SW-1(config-if-range)#exit
SW-1(config)#exit
SW-1#

Layer 3 Interface configure an IP address on this port-channel Interface

SW-1(config)#interface port-channel 1
SW-1(config-if) #ip address 172.16.0.1 255.255.0.0
SW-1(config-if)#exit
SW-1(config)#exit
SW-1#
SW-2 configuration
SW-2(config)#interface range fastethernet 0/23 -24
SW-2(config-if-range)#no switchport
SW-2(config-if-range)#channel-group 1 mode on
SW-2(config-if-range)#exit
SW-2(config)#exit
SW-2#

Layer 3 Interface configure an IP address on this port-channel Interface

SW-2(config)#interface port-channel 1
SW-2(config-if) #ip address 172.16.0.2 255.255.0.0
SW-2(config-if)#exit
SW-2(config)#exit
SW-2#

Verifing Layer 3 Interface configure an IP address on this port-channel Interface

Verification:

SW-1#show interfaces port-channel 1

Port-channel 1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0001.646e.2c82 (bia 0001.646e.2c82)
Internet address is 172.16.0.1/16
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
SW-1#
SW-1#show etherchannel port-channel
Group: 1
Port-channels in the group:
Port-channel: Po1
Age of the Port-channel = 00d:00h:06m:03s
Logical slot/port = 2/1 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel
Protocol = PAGP
Port Security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Fa0/23 On 0
0 00 Fa0/24 On 0
Time since last port bundled: 00d:00h:06m:03s Fa0/24
SW-1#
SW-1#show etherchannel
Channel-group listing:
Group: 1
Group state = L3
Ports: 2 Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol: -
SW-1#
SW-1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
P - periodic downloaded static route
Gateway of last resort is not set
C 172.16.0.0/16 is directly connected, Port-channel 1
SW-1#
Repeat the same verification commands in SW-2.
 Lab 29: Port Security

OBJECTIVE:
To implement Port Security on switches across the network.

TOPOLOGY:
Setup Switch connectivity for the lab as below:

TASK:
 Configure Port Security
 Verify Port Security violation
 Configure Port Security Recovery
Configure Port Security

SW1 (config)# interface fastethernet 0/2

SW1 (config-if)# switchport mode access
SW1 (config-if)# switchport port-security maximum 1
SW1 (config-if)# switchport port-security mac-address 0013.20B7.1232
SW1 (config-if)# switchport port-security violation shutdown
SW1 (config-if)# switchport port-security
SW1 (config-if)# ^Z
SW1 #

Verify Port Security Violation

Connect another computer (with different mac-address) to switch port no. 2 and verify the output.

SW1 – Verification:

SW1 # show interface status

Port Name Status Vlan Duplex Speed Type

Fa0/1 connected 1 a-full a-100 10/100BaseTX
Fa0/2 err-disabled 1 auto auto 10/100BaseTX
Fa0/3 connected 1 a-full a-100 10/100BaseTX
!
<output omitted>
!
Fa0/24 connected 1 a-full a-100 10/100BaseTX
SW1#

SW1 # show port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
----------------------------------------------------------------------------------------------------------------------
Fa0/2 1 1 1 Shutdown
----------------------------------------------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
SW1 #
Configure Port Security Recovery

SW1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SW1 (config)# errdisable recovery cause psecure-violation
SW1 (config)# errdisable recovery interval 30
SW1 (config)# exit

SW1 # show errdisable recovery

ErrDisable Reason Timer Status

------------------------ --------------
udld Disabled
bpduguard Disabled
security-violatio Disabled
channel-misconfig Disabled
vmps Disabled
pagp-flap Disabled
dtp-flap Disabled
link-flap Disabled
psecure-violation Enabled
gbic-invalid Disabled
dhcp-rate-limit Disabled
unicast-flood Disabled
loopback Disabled

Timer interval: 30 seconds

Interfaces that will be enabled at the next timeout:

Interface Errdisable reason Time left(sec)
------------- ------------------------ --------------------
Fa0/2 psecure-violation 15

SW1 #

Repeat the above steps by reconfiguring violation command (restrict and protect) and verify the
output.
SW1 (config-if)# switchport port-security violation restrict
OR
SW1 (config-if)# switchport port-security violation protect
Lab 30: Standard Access Control List on IPv4 Network (NUMBERED)

OBJECTIVE:
To configure and implement access-list on HYD-1 such that 192.168.201.10 should not communicate
with 192.168.202.0 network

TOPOLOGY:
Configure Ethernet and Serial IP addresses for the lab as below:

Pre-requisite: WAN Interface and Routing configuration to be done on the router (LAB – 3 and 4)

TASK:
 Verify communication between computers / networks before configuring the access list
 Configure and implement Standard ACL - Numbered
 Verify blocked communication between computers / networks specified in ACL
Verify communication between computers / networks before configuring the access list

From 192.168.201.10 Computer in CHE Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

64 bytes from 192.168.202.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

From 192.168.202.20 computer in CHE Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

64 bytes from 192.168.202.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms
Configure and Implement Standard ACL - Numbered

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # access-list 10 deny 192.168.201.10 0.0.0.0
HYD-1 (config) # access-list 10 permit any
HYD-1 (config) #

HYD-1 (config) # interface FastEthernet 0/0

HYD-1 (config-if) # ip access-group 1 out
HYD-1 (config-if) # end
HYD-1 #

HYD-1 – Verification:

HYD-1 # show ip access-lists

Standard IP access list 10
10 deny 192.168.201.10
20 permit any
HYD-1#

HYD-1 # show ip interface FastEthernet 0/0

FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.202.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 10
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
!
<output omitted>
!
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
HYD-1#
Verify blocked communication between computers / networks specified in ACL

From 192.168.201.10 computer in CHE Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

From 192.168.202.1 icmp_seq=1 Packet filtered
From 192.168.202.1 icmp_seq=2 Packet filtered
From 192.168.202.1 icmp_seq=3 Packet filtered
From 192.168.202.1 icmp_seq=4 Packet filtered
From 192.168.202.1 icmp_seq=5 Packet filtered

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

From 192.168.201.20 computer in CHE Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

64 bytes from 192.168.202.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms
 Lab 31: Standard Access Control List on IPv4 Network (NAMED)

OBJECTIVE:
To configure and implement access-list on HYD-1 such that 192.168.203.10 should only communicate
with 192.168.202.0 network. (Configure ACL with minimum statements)

TOPOLOGY:
Configure Ethernet and Serial IP addresses for the lab as below:

Pre-requisite: WAN Interface and Routing configuration to be done on the router (LAB – 3 and 4)

TASK:
 Verify communication between computers / networks before configuring the access list
 Configure and implement Standard ACL - Named
 Verify blocked communication between computers / networks specified in ACL
Verify communication between computers / networks before configuring the access list

From 192.168.201.10 Computer in CHE Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

64 bytes from 192.168.202.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

From 192.168.202.20 computer in CHE Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

64 bytes from 192.168.202.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms
From 192.168.203.10 Computer in BAN Network
ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

64 bytes from 192.168.202.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.201.10: icmp_seq=29 ttl=62 time=24.2 ms

From 192.168.203.20 computer in BAN Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

64 bytes from 192.168.202.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.201.10: icmp_seq=29 ttl=62 time=24.2 ms
Configure and Implement Standard ACL - Named

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ip access-list standard zoom
HYD-1 (config-std-nacl) # permit 192.168.203.10 0.0.0.0
HYD-1 (config-std-nacl) # exit
HYD-1 (config) #

HYD-1 (config) # interface fastethernet 0/0

HYD-1 (config-if) # ip access-group zoom out
HYD-1 (config-if) # end
HYD-1 #

HYD-1 – Verification:

HYD-1 # show ip access-lists

Standard IP access list zoom
10 permit 192.168.203.10

HYD-1#

HYD-1 # show ip interface FastEthernet 0/0

FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.202.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is zoom
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
!
<output omitted>
!
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
HYD-1#
Verify blocked communication between computers / networks specified in ACL

From 192.168.201.10 Computer in CHE Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

From 192.168.202.1 icmp_seq=1 Packet filtered
From 192.168.202.1 icmp_seq=2 Packet filtered
From 192.168.202.1 icmp_seq=3 Packet filtered
From 192.168.202.1 icmp_seq=4 Packet filtered
From 192.168.202.1 icmp_seq=5 Packet filtered

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

From 192.168.202.20 computer in CHE Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

From 192.168.202.1 icmp_seq=1 Packet filtered
From 192.168.202.1 icmp_seq=2 Packet filtered
From 192.168.202.1 icmp_seq=3 Packet filtered
From 192.168.202.1 icmp_seq=4 Packet filtered
From 192.168.202.1 icmp_seq=5 Packet filtered

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms
From 192.168.203.10 Computer in BAN Network
ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

64 bytes from 192.168.202.10: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 192.168.202.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.202.10: icmp_seq=4 ttl=62 time=24.0 ms

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.201.10: icmp_seq=29 ttl=62 time=24.2 ms

From 192.168.203.20 computer in BAN Network

ping 192.168.202.10

PING 192.168.202.10 (192.168.202.10) 56(84) bytes of data.

From 192.168.202.1 icmp_seq=1 Packet filtered
From 192.168.202.1 icmp_seq=2 Packet filtered
From 192.168.202.1 icmp_seq=3 Packet filtered
From 192.168.202.1 icmp_seq=4 Packet filtered
From 192.168.202.1 icmp_seq=5 Packet filtered

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.201.10: icmp_seq=29 ttl=62 time=24.2 ms
Lab 32: Extended Access Control List on IPv4 Network (NUMBERED)

OBJECTIVE:
Deny HYD-1 Network (i.e. 192.168.202.0/24) from accessing HTTP server (i.e. 192.168.203.10) in BAN
Network and also deny ping to CHE Network (i.e. 192.168.201.0/24)

TOPOLOGY:
Configure Ethernet and Serial IP addresses for the lab as below:

Pre-requisite: WAN Interface and Routing configuration to be done on the router (LAB – 3 and 4)

TASK:
 Verify services and communication between computers / networks before configuring the
extended access list.
 Configure and implement Extended ACL - Numbered
 Verify blocked services and communication between computers / networks specified in ACL
Verify services and communication between computers / networks before configuring the
Extended Access List

From 192.168.202.10 Computer in HYD-1 Network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=1 ttl=62 time=24.2 ms
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=5 ttl=62 time=24.1 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

Try to access HTTP Server via browser (i.e. http://192.168.203.10)

You should able to see Test web page, indicates http service is allowed.

Repeat the above verification from 192.168.202.20 Computer in HYD-1 Network and verify
the outputs
Configure and Implement Extended ACL - Numbered

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # access-list 101 deny tcp 192.168.202.0 0.255.255.255 192.168.203.10 0.0.0.0 eq www
HYD-1 (config) # access-list 101 deny icmp 192.168.202.0 0.255.255.255 192.168.201.0 0.0.0.255 echo
HYD-1 (config) # access-list 101 permit ip any

HYD-1 (config) # interface FastEthernet 0/0

HYD-1 (config-if) # ip access-group 101 in
HYD-1 (config-if) # exit

HYD-1 – Verification:

HYD-1 # show ip access-lists

Extended IP access list 101
10 deny tcp 192.168.202.0 0.255.255.255 host 192.168.203.10 eq www (5 matches)
20 deny icmp 192.168.202.0 0.255.255.255 192.168.201.0 0.0.0.255 echo (10 matches)
30 permit ip any (87 matches)
HYD-1#

HYD-1 # show ip interface FastEthernet 0/0

FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.202.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5 224.0.0.6
Outgoing access list is not set
Inbound access list is 101
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
!
<output omitted>
!
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
HYD-1#
Verify blocked services and communication between computers / networks specified in ACL

From 192.168.202.10 Computer in HYD-1 Network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

From 192.168.202.1 icmp_seq=1 Packet filtered
From 192.168.202.1 icmp_seq=2 Packet filtered
From 192.168.202.1 icmp_seq=3 Packet filtered
From 192.168.202.1 icmp_seq=4 Packet filtered
From 192.168.202.1 icmp_seq=5 Packet filtered

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

Try to access HTTP Server via browser (i.e. http://192.168.203.10)

You should not able to see Test web page, indicates http service is blocked.

Repeat the above verification from 192.168.202.20 Computer in HYD-1 Network and verify
the outputs
 Lab 33: Extended Access Control List on IPv4 Network (NAMED)

OBJECTIVE:
Allow PC from HYD-1 Network (i.e. 192.168.202.10/24) to access FTP server (i.e. 192.168.201.10) in
CHE Network. Allow HYD-1 Network (i.e. 192.168.202.0/24) to all Telnet All Network. (Configure ACL
with minimum statements)

TOPOLOGY:
Configure Ethernet and Serial IP addresses for the lab as below:

Pre-requisite: WAN Interface and Routing configuration to be done on the router

TASK:
 Verify services and communication between computers / networks before configuring the
extended access list.
 Configure and implement Extended ACL - Numbered
 Verify blocked services and communication between computers / networks specified in ACL
Verify services and communication between computers / networks before configuring the
Extended Access List

From 192.168.202.10 Computer in HYD-1 Network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=1 ttl=62 time=24.2 ms
64 bytes from 192.168.201.10: icmp_seq=2 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=4 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=5 ttl=62 time=24.1 ms

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

Try to access FTP Server via browser (i.e. ftp://192.168.203.10)

You should able to see files on ftp server, indicates ftp service is allowed.

Repeat the above verification from 192.168.202.20 Computer in HYD-1 Network and verify
the outputs
Configure and Implement Extended ACL - Numbered

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ip access-list extended cisco
HYD-1(config-ext-nacl) # permit tcp 192.168.202.10 0.0.0.0 192.168.201.10 0.0.0.0 eq ftp
HYD-1(config-ext-nacl) # permit tcp 192.168.202.0 0.0.0.255 any eq telnet
HYD-1(config-ext-nacl) # exit
HYD-1 (config) #

HYD-1 (config) # interface FastEthernet 0/0

HYD-1 (config-if) # ip access-group cisco in
HYD-1 (config-if) # exit

HYD-1 – Verification:

HYD-1 – Verification:

HYD-1 # show ip access-lists

Extended IP access list cisco
10 permit tcp host 192.168.202.10 0.255.255.255 host 192.168.203.10 eq ftp (2 matches)
20 permit tcp host 192.168.202.0 0.0.0.255 any eq telnet (1 matches)

HYD-1#

HYD-1 # show ip interface FastEthernet 0/0

FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.202.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5 224.0.0.6
Outgoing access list is not set
Inbound access list is cisco
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
!
<output omitted>
!
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
HYD-1#
Verify blocked services and communication between computers / networks specified in ACL

From 192.168.202.10 Computer in HYD-1 Network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

From 192.168.202.1 icmp_seq=1 Packet filtered
From 192.168.202.1 icmp_seq=2 Packet filtered
From 192.168.202.1 icmp_seq=3 Packet filtered
From 192.168.202.1 icmp_seq=4 Packet filtered
From 192.168.202.1 icmp_seq=5 Packet filtered

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

From 192.168.202.1 icmp_seq=1 Packet filtered
From 192.168.202.1 icmp_seq=2 Packet filtered
From 192.168.202.1 icmp_seq=3 Packet filtered
From 192.168.202.1 icmp_seq=4 Packet filtered
From 192.168.202.1 icmp_seq=5 Packet filtered

Try to access FTP Server via browser (i.e. ftp://192.168.203.10)

You should able to see files on ftp server, indicates ftp service is allowed.

Repeat the above verification from 192.168.202.20 Computer in HYD-1 Network and verify
the outputs

Time bases acl configuration

Req LAN users should not access internet in working hours in a weekday
CHE(config)#time-range WORK-HOURS
#periodic weekdays 09:00 to 17:00
CHE(config)#ip access-list extended NO_GOOGLE
#deny tcp 192.168.201.0 0.0.0.255 any eq 80 time-range WORK-HOURS
#permit ip any any

Verification

CHE#show time-range
time-range entry: WORK-HOURS (active)
periodic weekdays 9:00 to 17:00
used in: IP ACL entry

CHE#
 Lab 34: Time Bases ACL Configuration

OBJECTIVE:

LAN users should not access internet in working hours in a weekday (9:00 to 18:00)

TOPOLOGY:
Configure Ethernet and Serial IP addresses for the lab as below:

Pre-requisite: WAN Interface and Routing configuration to be done on the router

TASK:
 Verify services and communication between computers / networks before configuring the
extended access list
 Configure and implement Extended ACL – Numbered Verify blocked services and
communication between computers / networks specified in ACL
 Configure the time range and add in ex acl

Configuring Time Based ACL

CHE Router Configuration:

Access the router by using Telnet
CHE#Config t
CHE(config#
CHE(config)#time-range myhours
CHE(config#periodic weekdays 09:00 to 18:0
CHE(config)#Exit
CHE#
Creation:
CHE(config)#ip access-list extended no_net
CHE(config-nacl)#deny tcp 192.168.201.0 0.0.0.255 any eq 80 time-range WORK-HOURS
CHE(config-nacl) #permit ip any any

Implementation:
CHE(config)#interface fastethernet 0/0
CHE(config-if)#ip access-group no_net in
CHE(config-if)#exit
CHE(config)#exit
CHE#

Verifing Time Based ACL

Verification:
CHE#show clock
13:21:14.638 UTC Thu Jan 23 2020
CHE#
CHE#show time-range
time-range entry: myhours (active)
periodic weekdays 9:00 to 18:00
used in: IP ACL entry
CHE#
CHE#show ip access-lists
Extended IP access list no_net
deny tcp 192.168.201.0 0.0.0.255 any eq www time-range myhours (active) (6 matches)
permit ip any any (1524 matches)
CHE#
 Lab 35: Access Control List on IPv6 Network

OBJECTIVE:
Deny HYD-1 Network - PC (i.e. 2001:1111::10/64) from accessing HTTP server (i.e. 2001:2222::10/64)
in HYD-2 Network.

TOPOLOGY:
Configure Ethernet IP addresses for the lab as below:

Pre-requisite: WAN Interface and Routing configuration to be done on the router (LAB – 3 and 4)

TASK:
 Verify communication between computers / networks before configuring the access list
 Configure and implement IPv6 ACL
 Verify blocked communication between computers / networks specified in ACL
Verify communication between computers / networks before configuring the access list

From 2001:1111::10 Computer in HYD-1 Network

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux)

PING 2001:2222::10(2001:2222::10) 56 data bytes

64 bytes from 2001:2222::10: icmp_seq=1 ttl=62 time=0.494 ms
64 bytes from 2001:2222::10: icmp_seq=2 ttl=62 time=0.361 ms
64 bytes from 2001:2222::10: icmp_seq=3 ttl=62 time=0.335 ms
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms

Try to access HTTP Server via browser (i.e. http://2001:2222::10)

You should able to see Test web page, indicates http service is allowed.

From 2001:1111::20 Computer in HYD-1 Network

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux)

PING 2001:2222::10(2001:2222::10) 56 data bytes

64 bytes from 2001:2222::10: icmp_seq=1 ttl=62 time=0.494 ms
64 bytes from 2001:2222::10: icmp_seq=2 ttl=62 time=0.361 ms
64 bytes from 2001:2222::10: icmp_seq=3 ttl=62 time=0.335 ms
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms

Try to access HTTP Server via browser (i.e. http://2001:2222::10)

You should able to see Test web page, indicates http service is allowed.
Configure and Implement Extended ACL - Named

HYD-1 – Configuration

HYD-1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ipv6 access-list cisco
HYD-1 (config-ipv6-acl) # deny tcp 2001:1111::10/64 2001:2222::10/64 eq 80
HYD-1 (config-ipv6-acl) # permit ipv6 any any
HYD-1(config-ipv6-acl) # exit
HYD-1 (config) #

HYD-1 (config) # interface FastEthernet 0/0

HYD-1 (config-if) # ipv6 traffic-filter cisco in
HYD-1 (config-if) # exit
HYD-1 (config)#

HYD-1 – Verification:

HYD-1 # show ipv6 access-list

IPv6 access list cisco
deny tcp 2001:1111::/64 2001:2222::/64 eq www sequence 10
permit ipv6 any any (22 matches) sequence 20

HYD-1#
Verify blocked communication between computers / networks specified in ACL

From 2001:1111::10 Computer in HYD-1 Network

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux)

From 2001:1111::1 icmp_seq=1 Packet filtered

From 2001:1111::1 icmp_seq=2 Packet filtered
From 2001:1111::1 icmp_seq=3 Packet filtered
From 2001:1111::1 icmp_seq=4 Packet filtered
From 2001:1111::1 icmp_seq=5 Packet filtered

Try to access HTTP Server via browser (i.e. http://2001:2222::10)

You should not able to see Test web page, indicates http service is blocked.

From 2001:1111::20 Computer in HYD-1 Network

ping 2001:2222::10 (Windows) or ping6 2001:2222::10 (Linux)

PING 2001:2222::10(2001:2222::10) 56 data bytes

64 bytes from 2001:2222::10: icmp_seq=1 ttl=62 time=0.494 ms
64 bytes from 2001:2222::10: icmp_seq=2 ttl=62 time=0.361 ms
64 bytes from 2001:2222::10: icmp_seq=3 ttl=62 time=0.335 ms
64 bytes from 2001:2222::10: icmp_seq=4 ttl=62 time=0.336 ms

Try to access HTTP Server via browser (i.e. http://2001:2222::10)

You should able to see Test web page, indicates http service is allowed.
 Lab 36: Default Routing

OBJECTIVE:
To configure default routing for accessing Internet.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

TASK:
 Configure WAN Interface
 Configure Default Routing
 Verify Default Routing
 Verify communication from LAN to the Internet
Configure WAN Interface
Configure WAN Interface IP address according to topology diagram (i.e. IP addresses provided by ISP)

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config)# interface serial 0/0
CHE (config-if)# ip address 202.1.0.18 255.255.255.248
CHE (config-if)# no shutdown
CHE (config-if)# encapsulation ppp
CHE (config-if)# exit
CHE (config)#

Configure Default Routing

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip route 0.0.0.0 0.0.0.0 Serial0/0
CHE (config) # exit
CHE (config) #

Verify Default Routing

Once Default routing is configured IP Network defined through the default routing command is
added into the routing information table. “*” represents Default route.
CHE – Verification:

CHE # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 202.1.0.16/29 is directly connected, Serial0/0

C 192.168.201.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via Serial0/0
CHE #
Verify communication from LAN to the Internet.

Verification from PC1

ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=62 time=24.0 ms
 Lab 37: Static NAT

OBJECTIVE:
To configure Static NAT for Hosting Pubic Servers on the Internet.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

Pre-requisite: Default routing configuration to be done on the router (LAB – 31)

TASK:
 Configure Static NAT
 Verify Static NAT
 Verify Static NAT Packets
 Verify communication from Internet to Server
Configure Static NAT

CHE (config) # interface serial 0/0

CHE (config-if) # ip nat outside
CHE (config-if) # exit
CHE (config) # interface FastEthernet 0/0
CHE (config-if) # ip nat inside
CHE (config-if) # exit
CHE (config)# ip nat inside source static 192.168.201.10 202.1.0.19

Verify Static NAT

CHE – Verification

CHE # show ip nat translation

Pro Inside global Inside local Outside local Outside global
--- 202.1.0.19 192.168.201.10 --- ---
CHE #

CHE # show ip nat statistics

Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
Serial0/0
Inside interfaces:
FastEthernet0/0
Hits: 0 Misses: 0
Expired translations: 0
Dynamic mappings:
CHE#
Verify Static NAT Packets
Verify Static NAT Packets by enabling debug commands

CHE # debug ip nat

IP NAT debugging is on
CHE # terminal monitor
CHE #
00:16:38: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22575]
00:16:38: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4074]
00:16:39: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22576]
00:16:39: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4075]
00:16:40: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22577]
00:16:40: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4076]
00:16:41: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22578]
00:16:41: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4077]
CHE #

Verification from Outside PC (Internet PC) to LAN (Server)

ping 202.1.0.19

PING 202.1.0.19 (202.1.0.19) 56(84) bytes of data.

64 bytes from 202.1.0.19: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 202.1.0.19: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 202.1.0.19: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 202.1.0.19: icmp_seq=4 ttl=62 time=24.0 ms
 Lab 38: Port Address Translation (PAT)

OBJECTIVE:
To configure PAT for LAN computers to access the Internet using a single Public IP Address.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

Pre-requisite: Default routing configuration to be done on the router (LAB – 31)

TASK:
 Configure PAT
 Verify PAT
 Verify PAT Packets
 Verify communication from LAN to the Internet
Configure PAT

CHE (config) # interface serial 0/0

CHE (config-if) # ip nat outside
CHE (config-if) # exit
CHE (config) # interface FastEthernet 0/0
CHE (config-if) # ip nat inside
CHE (config-if) # exit
CHE (config) # access-list 10 permit 192.168.201.0 0.0.0.255
CHE (config) # ip nat inside source list 10 interface serial 0/0 overload

Verify PAT

CHE – Verification

CHE # show ip nat translation

Pro Inside global Inside local Outside local Outside global

icmp 202.1.0.18:34071 192.168.201.10:34071 202.2.0.17:34071 202.2.0.17:34071

tcp 202.1.0.18:49237 192.168.201.10:49237 202.2.0.17:80 202.2.0.17:80
CHE #

CHE # show ip nat statistics

Total active translations: 10 (0 static, 1 dynamic; 0 extended)
Outside interfaces:
Serial0/0
Inside interfaces:
FastEthernet0/0
Hits: 20 Misses: 0
Expired translations: 0
Dynamic mappings:
— Inside Source --
[Id: 3] access-list 10 interface Serial0/0

CHE#
Verify PAT Packets
Verify PAT Packets by enabling debug commands

CHE # debug ip nat

IP NAT debugging is on
CHE # terminal monitor
CHE #
00:16:38: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22575]
00:16:38: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4074]
00:16:39: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22576]
00:16:39: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4075]
00:16:40: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22577]
00:16:40: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4076]
00:16:41: NAT*: s=192.168.201.10->202.1.0.19, d=8.8.8.8 [22578]
00:16:41: NAT*: s=8.8.8.8, d=202.1.0.19->192.168.201.10 [4077]
CHE #

Verify communication from LAN to the Internet.

Verification from PC1

ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=1 ttl=62 time=24.0 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=62 time=24.0 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=62 time=24.1 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=62 time=24.0 ms
 Lab 39: SYSLOG

OBJECTIVE:
To configure Logging on router and sending logs to a syslog server.

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

Pre-requisite: 192.168.202.10 computer should have Syslog server software installed and running.

TASK:
 Configure logging to Syslog Server
 Configure logging to Buffer
 Generate and Verify Syslog Messages
Configure Logging to Syslog Server

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # logging on
HYD-1 (config) # logging host 192.168.202.10
HYD-1 (config) # logging trap 7
HYD-1 (config) # service timestamps log datetime msec
HYD-1 (config) # exit
HYD-1 #

Configure Logging to Buffer

HYD-1 – Configuration
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # logging on
HYD-1 (config) # logging buffered 7
HYD-1 (config) # exit
HYD-1 #

Generate and Verify Syslog Messages

HYD-1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # interface serial 0/0/0
HYD-1 (config-if) # shutdown
HYD-1 (config-if) # no shutdown
HYD-1 (config-if) # end
HYD-1 #

HYD-1 – Verification:
HYD-1 # show logging
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns)

No Active Message Discriminator.

No Inactive Message Discriminator.
Console logging: disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 7 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 45 message lines logged
Logging to 192.168.202.10 (udp port 514, audit disabled, link up),
9 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled

Log Buffer (4096 bytes):

*Jul 28 11:51:26.447: %SYS-5-CONFIG_I: Configured from console by console

*Jul 28 11:52:11.563: %LINK-5-CHANGED: Interface Serial0/0/0, changed state to administratively
down
*Jul 28 11:52:11.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed
state to dn
*Jul 28 11:52:28.639: %SYS-5-CONFIG_I: Configured from console by console
*Jul 28 11:52:29.487: %LINK-3-UPDOWN: Interface Serial0/0/0, changed state to up
CHE #

Verification on Syslog Server (PC):

Start Syslog software to view the syslog’s messages as below:
 Lab 40: NTP

OBJECTIVE:
To configure router as NTP Client, for time synchronization with NTP server.

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

TASK:
 Configure Date and Time – Manual
 Verify Current Date and Time
 Configure Router as NTP client
 Verify Date and time via NTP
Configure Date and Time - Manual

CHE – Configuration
CHE # clock set 13:36:30 10 Jan 2001

Verify Current Date and Time

CHE – Verification:
CHE # show clock
13:36:32.055 UTC Wed Jan 10 2001

Configure Router as NTP client

CHE – Configuration

CHE # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ntp server 8.8.8.8
CHE (config) # exit
CHE #

Verify Date and time via NTP

CHE – Verification:

CHE # show clock

13:39:21.604 UTC Tue Aug 16 2016

CHE # show ntp status

Clock is synchronized, stratum 4, reference is 8.8.8.8
nominal freq is 249.5901 Hz, actual freq is 249.5901 Hz, precision is 2**18
reference time is DB5D96BC.5E7B415C (13:42:20.369 UTC Tue Aug 16 2016)
clock offset is 1.4590 msec, root delay is 32.53 msec
root dispersion is 3878.63 msec, peer dispersion is 3876.77 msec

CHE # show ntp associations

address ref clock st when poll reach delay offset disp

*~8.8.8.8 127.127.1.1 3 17 64 7 32.5 1.46 3876.8

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

CHE #
 Lab 41: DHCP Server and Client

OBJECTIVE:
To configure a Router as a DHCP Server for assigning IP addresses, DNS, gateway, etc. to client
computers.
To configure an interface of Router as a DHCP Client for getting IP addresses from ISP.

TOPOLOGY:
Setup the router for the lab as below:

TASK:
 Configure Router as DHCP Server
 Verify DHCP on client computer
 Verify DHCP Server
 Configure an interface of a Router as DHCP Client
 Verify DHCP Client
Configure Router as DHCP Server

CHE – Configuration

CHE # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip dhcp pool zoom
CHE (dhcp-config) # network 192.168.201.0 255.0.0.0
CHE (dhcp-config) # default-router 192.168.201.1
CHE (dhcp-config) # dns-server 8.8.8.8
CHE (dhcp-config) # lease 1 1 1
CHE (dhcp-config) # exit
CHE (config) # ip dhcp excluded-address 192.168.201.1 192.168.201.50
CHE (config)# exit

Verify DHCP on client computer

On Windows Computer, Select Obtain IP Address Automatically in Network Properties and verify the
dhcp ip address by giving ipconfig command on command prompt.

On Linux Computer give below commands

# dhclient
Internet Systems Consortium DHCP Client V3.0.6
Copyright 2004-2007 Internet Systems Consortium.
Sending on LPF/eth0/00:1b:b9:9a:16:8d
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
DHCPOFFER from 192.168.201.5
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.201.5
bound to 192.168.201.5 -- renewal in 40650 seconds.

# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1B:B9:9A:16:8D
inet addr:192.168.201.5 Bcast:92.168.201.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9263 errors:0 dropped:0 overruns:0 frame:0
Verify DHCP Server
CHE – Verification:

CHE # show ip dhcp binding

Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
192.168.202.5 001c.c06c.91f3 Aug 27 2016 02:21 PM Automatic
192.168.202.10 001b.b99a.168d Aug 27 2016 02:25 PM Automatic
CHE #
 Lab 42: Hot Standby Router Protocol (HSRP)

OBJECTIVE:
To set up an always available gateway by configuring HSRP
To set up a virtual default gateway with IP 192.168.201.254 for setting up HSRP

TOPOLOGY:
Setup Serial and Ethernet connectivity for the lab as below:

TASK:
 Configure Ethernet Interface, Serial Interface and Default Routing
 Configure HSRP
 Verify HSRP
 Verify communication and data path to destination network
Configure Ethernet Interface, Serial Interface and Default Routing

R1 – Configuration
R1 (config) # interface fastethernet 0/0
R1 (config-if) # ip address 192.168.201.100 255.255.255.0
R1 (config-if) # exit
R1 (config) # interface serial 0/0
R1 (config-if) # ip address 202.1.0.18 255.255.255.248
R1 (config-if) # no shutdown
R1 (config-if) # encapsulation ppp
R1 (config-if) # exit
R1 (config) # ip route 0.0.0.0 0.0.0.0 Serial0/0
R1 (config) # exit

R2 – Configuration
R2 (config) # interface fastethernet 0/0
R2 (config-if) # ip address 192.168.201.100 255.255.255.0
R2 (config-if) # exit
R2 (config) # interface serial 0/0
R2 (config-if) # ip address 202.2.0.18 255.255.255.248
R2 (config-if) # no shutdown
R2 (config-if) # encapsulation ppp
R2 (config-if) # exit
R2 (config) # ip route 0.0.0.0 0.0.0.0 Serial0/1
R2 (config) # exit

Configure HSRP

R1 – Configuration

R1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1 (config) # int FastEthernet 0/0
R1 (config-if) # standby 10 ip 192.168.201.254
R1 (config-if) # standby 10 priority 200
R1 (config-if) # end
R1 #

R2 – Configuration

R1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2 (config) # int FastEthernet 0/0
R2 (config-if) # standby 10 ip 192.168.201.254
R2 (config-if) # standby 10 priority 150
R2 (config-if) # end
R2 #
Verify HSRP

R1 – Verification
R1 # show standby
FastEthernet0/0 - Group 10
State is Active
2 state changes, last state change 00:03:21
Virtual IP address is 192.168.201.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.792 secs
Preemption disabled
Active router is local
Standby router is 192.168.201.200, priority 150 (expires in 7.848 sec)
Priority 200 (configured 200)
IP redundancy name is "hsrp-Fa0/0-10" (default)
R1#

R2 – Verification
R2 # show standby
FastEthernet0/0 - Group 10
State is Standby
1 state change, last state change 00:01:09
Virtual IP address is 192.168.201.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.860 secs
Preemption disabled
Active router is 192.168.201.100, priority 200 (expires in 8.802 sec)
Standby router is local
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/0-10" (default)
R2 #

Verify communication and data path to destination network

Verification from a Computer in Network

ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 8.8.8.8: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 8.8.8.8: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 8.8.8.8: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 8.8.8.8: icmp_seq=29 ttl=62 time=24.2 ms
From a Computer in Network trace communication path to destination network

tracert 8.8.8.8 (Windows) or traceroute 8.8.8.8 (Linux)

traceroute to 8.8.8.8 (192.168.203.10), 30 hops max, 38 byte packets
1 192.168.201.100 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 8.8.8.8 (8.8.8.8) 2.295 ms 2.156 ms 2.209 ms

Understand HSRP behaviour

Currently data is flowing via R1 router, if R1 router goes down data will start flowing through R2 router.
You can verify the behaviour by shutting down R1 Router Ethernet Interface (LAN Interface) or remove
the Ethernet cable from R1 Router and check the behaviour.

Verify HSRP
R1 – Verification
R1 # show standby
FastEthernet0/0 - Group 10
State is Standby
2 state changes, last state change 00:03:21
Virtual IP address is 192.168.201.250
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.792 secs
Preemption disabled
Active router is 192.168.201.200, priority 150 (expires in 8.802 sec)
Standby router is local
Priority 200 (configured 200)
IP redundancy name is "hsrp-Fa0/0-10" (default)
R1#

R2 – Verification
R2 # show standby
FastEthernet0/0 - Group 10
State is Active
1 state change, last state change 00:01:09
Virtual IP address is 192.168.201.250
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.860 secs
Preemption disabled
Active router is local
Standby router is 192.168.201.100, priority 200 (expires in 7.848 sec)
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/0-10" (default)
R2 #
Verify communication and data path to destination network
Verification from a Computer in Network

ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 8.8.8.8: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 8.8.8.8: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 8.8.8.8: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 8.8.8.8: icmp_seq=29 ttl=62 time=24.2 ms

From a Computer in Network trace communication path to destination network

tracert 8.8.8.8 (Windows) or traceroute 8.8.8.8 (Linux)

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
1 192.168.201.200 (192.168.201.200) 1.086 ms 1.124 ms 1.144 ms
2 8.8.8.8 (8.8.8.8) 2.295 ms 2.156 ms 2.209 ms
 Cisco Security

Lab 1: Securing Administrative Access

OBJECTIVE:
To enhance router security by encrypting all passwords, configure banners, exec-timeouts on router.

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

Pre-requisite: Initial configuration to be done on the router

To enhance router security by encrypting all passwords, configure banners, exec-timeouts

on router
TASKS:
 Access router via Telnet
 Encrypt all clear text passwords on the router.
 Configure Warning Banner
 Configure unattended (idle-timeout) session timeout for VTY access
Access router via Telnet
 Access router via telnet by giving below command on a Windows or Linux computer.
telnet 192.168.202.1

Encrypt all clear text passwords on the router

Verify router's existing configuration

All password is in clear text except enable secret password

HYD-1 # sh running-config
Current configuration : 1241 bytes
!
Last configuration change at 08:37:39 UTC Sat Jul 9 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HYD-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$DMgk$lTC7TUZVwFn5969wEB2mw.
enable password ccna
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
multilink bundle-name authenticated
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server!
control-plane
!
mgcp profile default
!
line con 0
password ccna
login
line aux 0
password cisco
login
line vty 0 4
password zoom
login
transport input all
!
scheduler allocate 20000 1000
end
HYD-1 #
Encrypt all clear text passwords

HYD-1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # service password-encryption
HYD-1 (config) # end

Verification:

Now previously visible passwords are encrypted

HYD-1 # sh running-config
Building configuration...
Current configuration: 1241 bytes
!
Last configuration change at 08:37:39 UTC Sat Jul 9 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HYD-1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$DMgk$lTC7TUZVwFn5969wEB2mw.
enable password 7 045802150C2E
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
multilink bundle-name authenticated
crypto pki token default removal timeout 0
!
license udi pid CISCO2811 sn FHK1109F34X
!
redundancy
!
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server!
control-plane
!
mgcp profile default
!
line con 0
password 7 141411050D
login
line aux 0
password 7 030752180500
login
line vty 0 4
password 7 0109090B56
login
transport input all
!
scheduler allocate 20000 1000
end
HYD-1 #

Configure Warning Banner

Configure a warning message to display prior to login
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # banner motd $
Enter TEXT message. End with the character '$'.
=======================================================================
UNAUTHORISED ACCESS STRICTLY PROHIBITED AND
PROSECUTED TO THE FULL EXTENT OF THE LAW
=======================================================================$
Verification:
Now open a new telnet session from your computer to the router to verify the banner configured.
i.e. telnet 192.168.202.1

Configure unattended (idle-timeout) session timeout for VTY access

By default unattended session time-out is 10 minutes. We reducing the unattended session timeout
to 1 minute 00 seconds.
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # line vty 0 4
HYD-1 (config-line) # exec-timeout 1 00
HYD-1 (config-line) # end

Verification:
Now open a new telnet session from your computer to the router (get into privilege mode) and leave
the session open without performing any action or modification for 1 minute. Session will be
automatically disconnected after the session time-out has been reached.
Configure a minimum password length for all router passwords

HYD-1(config)#security passwords min-length 6

Configure the enable secret password.

HYD-1(config)#enable secret zoom

% Password too short - must be at least 6 characters. Password configuration failed
HYD-1 (config)#

Configure enable secret password min-length 6 character

HYD-1(config)#enable secret zoom123

Now you can see login warning banner on HYD-1

Configure to Enhanced Security Username and Password on Routers

Create a new user account using the username command

HYD-1(config)#username zoom password zoom123

Show Commands
HYD-1#sh running-config

Test the new account by logging from virtual terminal line.

HYD-1(config)# line vty 0 4

HYD-1(config-line)#login local
HYD-1(config-line)#end
HYD-1#exit

Verification

Telnet the Router and give username and password to login.

Configure Enhanced Virtual Login Security on Routers

Configure the router to watch for login attacks.

HYD-1#show login
No login delay has been applied.
No Quiet-Mode access list has been configured.
Router NOT enabled to watch for login Attacks

HYD-1(config)#login block-for 60 attempts 2 within 30

HYD-1#show login
A default login delay of 1 seconds is applied.
No Quiet-Mode access list has been configured.
Router enabled to watch for login Attacks.
If more than 2 login failures occur in 30 seconds or less, logins will be disabled for 60 seconds.
Router presently in Normal-Mode.
Current Watch Window
Time remaining: 4 seconds.
Login failures for current window: 0.
Total login failures: 0.
HYD-1#

Configure the router to log login activity

HYD-1(config)#login on-success log

HYD-1(config)#login on-failure log every 2
HYD-1(config)#exit
HYD-1#

Verification

Telnet the Router and give the wrong password till you are disconnected Telnet the Router and give
the correct password.

Verification Commands

HYD-1#show login failures

Total failed logins: 3
Detailed information about last 50 failures
Username SourceIPAddr lPort Count TimeStamp zoom 10.0.0.5 23 2 01:17:34 UTC Fri Mar 1 2012
asdf 10.0.0.5 23 1 01:17:36 UTC Fri Mar 1 2012
CHE#show login
A default login delay of 1 seconds is applied.
No Quiet-Mode access list has been configured.
Every 2 failed login is logged.
Router enabled to watch for login Attacks.
If more than 2 login failures occur in 30 seconds or less, logins will be disabled for 60 seconds.
Router presently in Quiet-Mode.
Will remain in Quiet-Mode for 34 seconds.
Denying logins from all sources.
 Lab 2: Local Database Authentication

OBJECTIVE:

Local user creation inside the router and its authenticated by its self (Router)

TOPOLOGY:

TASK:

 Access Router by using telnet

 Create the user by using following commands
Configuration:

Hyd-1(config)#username useHYD-1 password zoom_123

Hyd-1(config)#exit
Hyd-1#

Hyd-1(config)#line vty 0 4
Hyd-1(config-line)#login local
Hyd-(config-line)#exit
Hyd-1(config)#exit
Hyd-1#

Verification:

Hys-1#show running-config
Now try to access router by telnet it should ask username and password
 Lab 3: SSH Configuration

OBJECTIVE:

Configure the SSH Server on Router

TOPOLOGY:

TASK:

 Access the router by using Console

 Create the username and password
 Enable the encryption key by using following commands
Configuring SSH to Access Device Remotely

Configuration:

Configure a domain name.

HYD-1(config)#ip domain-name zoom.com

User for login from the SSH client

HYD-1(config)#username zoom password zoom_123

Configure the vty lines.

HYD-1(config)#line vty 0 4
HYD-1(config-line)#login local
HYD-1(config-line)#transport input ssh
HYD-1(config-line)#exit

Generate the RSA encryption key pair for the router

HYD-1(config)#crypto key generate rsa

The name for the keys will be: HYD-1.zoom.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
HYD-1(config)#

Verify the SSH configuration

HYD-1#show ip ssh

SSH Enabled - version 1.5

Authentication timeout: 120 secs; Authentication retries: 3
HYD-1#

Configure SSH timeouts and authentication parameters

HYD-1(config)#ip ssh time-out 90

HYD-1(config)#ip ssh authentication-retries 2
HYD-1#show ip ssh
SSH Enabled - version 1.5
Authentication timeout: 90 secs; Authentication retries: 2
HYD-1#
Verify SSH connectivity to HYD-1 from PC (Putty/Linux Computer).

Verify SSH access to Router

Now open a new telnet session from your computer to the router, you will not able to access router
via telnet.
Verify SSH access to HYD-1 from computer by giving below command:
ssh -l zoom 192.168.202.1
 Lab 4: Privilege Levels

OBJECTIVE

To configure privilege to various users

TOPOLOGY

Verification:

Configure Various Privilege Levels

1) Access the router by using telnet or console

2) Configure users with various privilege by using following commands

Configuration:

step1
configure user with privilege 15
Hyd-1(config)#username admin privilege 15 password admin
Hyd-1(config)#line vty 0 4
Hyd-1(config-line)#login local
Hyd-1(config)#exit
Hyd-1#
verification
Try to access the router as user admin password admin
you will get full access.
Step2:
configure username and password with privilege 5
Hyd-1(config)#username user1 privilege 5 password zoom_123
Hyd-1(config)#exit
Hyd-1#

Step3:
Assign the commands to privilege level 5
Hyd-1(config)#privilege exec level 5 show ip route
Hyd-1(config)#privilege exec level 5 show ip interface brief
Hyd-1(config)#exit
Hyd-1#

Verifing Privilege Levels

Verification:

Access the router as user1 and try to check

Telnet 192.168.202.1
username: user1
Password zoom_123
Hyd-1#show ip route
Hyd-1#show ip int br
Try to execute some other commands
Hyd-1#show running-config
You will get an error.
 Lab 5: AAA Authentication (TACACS and RADIUS)

OBJECTIVE:
To enhance router security by authentication and enabling ssh access on router.

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

Pre-requisite: 192.168.202.10 computer should have TACACS Server software installed and running.

TASK:
 Configure External Authentication
 Verify External Authentication
 Configure AAA Authentication (TACACS Server)
 Verify AAA Authentication
Configure AAA Authentication (TACACS Server)

Example - HYD-1
HYD-1 # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # aaa new-model
HYD-1 (config) # tacacs-server host 192.168.202.10
HYD-1 (config) # tacacs-server key cisco
HYD-1 (config) # aaa authentication login default group tacacs local

Verify AAA Authentication

Create New User on TACACS Server. Try to login using newly created user by opening a new telnet
session from your computer to the router.
i.e. telnet 192.168.202.1

Microsoft Windows [Version 6.2.9200]

(c) 2012 Microsoft Corporation. All rights reserved.
C:\> telnet 192.168.202.1
Trying 192.168.202.1...
Connected to 192.168.202.1.
Escape character is '^]'.

User Access Verification

Username : user1
Password : *****
HYD-1>enable
Password:
HYD-1#
 Lab 6: Securing Boot Image (IOS) and Configuration File

OBJECTIVE:

Securing boot image and configuration file

TOPOLOGY:

Securing IOS Image File and Router Configuration File

TASK:

 Access the router by using Console

 Secure the files by using following command
Configuration:

Hyd-1(config)#secure boot-image

%IOS_RESILIENCE-5-IMAGE_RESIL_ACTIVE: Successfully secured running image

Hyd-1(config)#secure boot-config

%IOS_RESILIENCE-5-CONFIG_RESIL_ACTIVE: Successfully secured config archive [flash:.runcfg-

19930301-000135.ar]

Verification:

Hy-1#show secure boot set

IOS resilience router id FTX1111W0QT

IOS image resilience version 12.4 activated at 00:01:01 UTC Mon Mar 1 1993

Secure archive flash:/c2800nm-advipservicesk9-mz.124-15.T1.bin type is image (elf) []

file size is 50938004 bytes, run size is 50938004 bytes

Runnable image, entry point 0x8000F000, run from ram

IOS configuration resilience version 12.4 activated at 00:01:35 UTC Mon Mar 1 1993

Secure archive flash:/.runcfg-19930301-000135.ar type is config

configuration archive size 651 bytes

HYd-1#
 Lab 7: Generic Routing Encapsulation (GRE)

OBJECTIVE:
To set up a GRE VPN to enable communication between different networks.

TOPOLOGY:
Setup Ethernet and Serial connectivity for the lab as below:

TASK:
 Configure Serial Interface
 Configure Default Routing
 Configure GRE Tunnel Interface
 Verify GRE Tunnel Configuration
 Configure Routing
 Verify Routing
 Verify communication between the networks
Configure Serial Interface
CHE – Configuration
CHE (config) # interface serial 0/0
CHE (config-if) # ip address 202.1.0.18 255.255.255.248
CHE (config-if) # no shutdown
CHE (config-if) # encapsulation ppp
CHE (config-if) # exit
CHE (config) #

BAN – Configuration
BAN (config) # interface serial 0/1
BAN (config-if) # ip address 202.2.0.18 255.255.255.248
BAN (config-if) # no shutdown
BAN (config-if) # encapsulation ppp
BAN (config-if) # exit
BAN (config) #

Configure Default Routing

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip route 0.0.0.0 0.0.0.0 Serial0/0
CHE (config) # exit
CHE #

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config) # ip route 0.0.0.0 0.0.0.0 Serial0/1
BAN (config) # exit
BAN #
Configure GRE Tunnel Interface

CHE – Configuration
CHE (config) # int tunnel 0
CHE (config-if) # ip add 1.1.1.1 255.255.255.0
CHE (config-if) # tunnel mode gre ip
CHE (config-if) # tunnel source serial 0/0
CHE (config-if) # tunnel destination 202.2.0.18
CHE (config-if) # end
CHE #

BAN – Configuration
BAN (config) # int tunnel 0
BAN (config-if)# ip add 1.1.1.2 255.255.255.0
BAN (config-if) # tunnel mode gre ip
BAN (config-if)# tunnel source serial 0/1
BAN (config-if)# tunnel destination 202.1.0.18
BAN (config-if)# end
BAN #

Verify GRE Tunnel Configuration

CHE – Verification

CHE # show ip interface brief tunnel 0

Interface IP-Address OK? Method Status Protocol
Tunnel0 1.1.1.1 YES manual up up
CHE #

CHE # sh int tunnel 0

Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 1.1.1.1/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec)
Tunnel source 202.1.0.18 (Serial0/0), destination 202.2.0.18
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled, fast tunneling enabled
!
<output omitted>
!
CHE#
BAN – Verification
BAN # show ip interface brief tunnel 0
Interface IP-Address OK? Method Status Protocol
Tunnel0 1.1.1.1 YES manual up up
BAN #

BAN # sh int tunnel 0

Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 1.1.1.2/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec)
Tunnel source 202.2.0.18 (Serial0/1), destination 202.1.0.18
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled, fast tunneling enabled
!
<output omitted>
!
BAN #

Configure Routing

CHE – Configuration
CHE # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CHE (config) # ip route 192.168.203.0 255.255.255.0 tunnel 0
CHE (config) #

BAN – Configuration
BAN # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
BAN (config) # ip routing
CHE (config) # ip route 192.168.201.0 255.255.255.0 tunnel 0
BAN (config) #
Verify Routing

CHE – Verification:

CHE # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 172.16.0.0/16 is directly connected, Serial0/0

C 192.168.201.0/24 is directly connected, FastEthernet0/0
S 192.168.203.0/24 [1/0] directly connected, Tunnel0
S* 0.0.0.0/0 [1/0] via Serial0/0

CHE #

BAN – Verification:

BAN # show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 172.16.0.0/16 is directly connected, Serial0/1

C 192.168.203.0/24 is directly connected, FastEthernet0/0
S 192.168.201.0/24 [1/0] directly connected, Tunnel0
S* 0.0.0.0/0 [1/0] via Serial0/1

BAN #
Verify communication between the networks

Verification from a Computer in CHE Network by pinging a computer in the BAN network

ping 192.168.203.10

PING 192.168.203.10 (192.168.203.10) 56(84) bytes of data.

64 bytes from 192.168.203.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.203.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.203.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.203.10: icmp_seq=29 ttl=62 time=24.2 ms

Verification from a Computer in BAN Network by pinging a computer in the CHE network

ping 192.168.201.10

PING 192.168.201.10 (192.168.201.10) 56(84) bytes of data.

64 bytes from 192.168.201.10: icmp_seq=25 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=26 ttl=62 time=24.1 ms
64 bytes from 192.168.201.10: icmp_seq=27 ttl=62 time=24.3 ms
64 bytes from 192.168.201.10: icmp_seq=28 ttl=62 time=24.2 ms
64 bytes from 192.168.201.10: icmp_seq=29 ttl=62 time=24.2 ms

From a Computer in CHE Network trace communication path to a Computer in BAN Network

tracert 192.168.203.10 (Windows) or traceroute 192.168.203.10 (Linux)

traceroute to 192.168.203.10 (192.168.203.10), 30 hops max, 38 byte packets
1 192.168.201.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 1.1.1.1 (1.1.1.1) 2.295 ms 2.156 ms 2.209 ms
3 192.168.203.10 (192.168.203.10) 3.295 ms 3.156 ms 3.209 ms

From a Computer in BAN Network trace communication path to a Computer in CHE Network

tracert 192.168.201.10 (Windows) or traceroute 192.168.201.10 (Linux)

traceroute to 192.168.201.10 (192.168.201.10), 30 hops max, 38 byte packets
1 192.168.203.1 (192.168.202.1) 1.086 ms 1.124 ms 1.144 ms
2 1.1.1.2 (1.1.1.2) 2.295 ms 2.156 ms 2.209 ms
3 192.168.201.10 (192.168.202.10) 3.295 ms 3.156 ms 3.209 ms
 Lab 8: Password Recovery

OBJECTIVE:
To get access to a router’s privileged mode in case the enable password is forgotten.
To reset the Privilege / Enable mode password of Cisco Router.

TOPOLOGY:
Setup Console and Ethernet connectivity for the lab as below:

TASK:
 Establish console connectivity
 Access router via console with an emulation software
 Enter Rom Monitor Mode and Change Register Value
 Load saved configuration to the router (i.e. NVRAM to RAM)
 Reconfigure Privilege Mode / Enable Password
 Reset the Configuration Register Value back to the default:
 Enable the Ethernet interface:
 Save configuration to the router and restart the router
 Verify login to the router using new password
Establish console connectivity
Establish console connectivity by connecting router console port to PC Com Port with console cable.

Access router via console with an emulation software

Configure the following parameters in emulation software for accessing switch via console port.

Parameters Console Port Settings

Baud 9600

Data bits 8

Parity None

Stop bits 1

Accessing router via console from Microsoft Windows Computer

 Start a terminal emulator application, such as PUTTY.exe
 Select Serial option and set speed to 9600.
 Click Open

 Once emulation software is ready, Power-ON the switch.

Accessing router via console from Linux Computer

 From the terminal enter the below command
# minicom
Enter Rom Monitor Mode and Change Configuration Register Value

Once emulation software is ready, Press “Ctrl + Break” within 60 sec after POWER-ON. Router will
Enter Rom monitor mode.

rommon 1>

Configure Register Value 0x2142 to skip executing the startup configuration from nvram during
bootup.

rommon 1 > confreg 0x2142

rommon 2 > reset

After the Router boots-up completely, it enters setup mode as below:

System Configuration Dialog
Would you like to enter the initial configuration dialog? [Yes/no]: no
Would you like to terminate autoinstall? [yes]: yes

If you choose “Yes”, IOS will prompt questions to gather the information to configure the Router, it is
recommended to choose “no”, since we can configure the Router using IOS commands

Router >enable

Load saved configuration to the router

Router # copy startup-config running-config

Destination filename [running-config]?
HYD-1 #

Reconfigure Privilege Mode / Enable Password

Since we are already in the privilege mode, we can setup a new privilege password.
HYD-1 # configure terminal
HYD-1 (config) # enable secret cisco
HYD-1 (config) # exit

Reset the Configuration Register Value back to the default:

HYD-1 (config)# config-register 0x2102

Enable the Ethernet interface:

HYD-1 (config)# interface FastEthernet0/0
HYD-1 (config-if)# no shutdown
HYD-1 (config-if)# ^Z

Similarly apply the “no shutdown” command on all required interface

Saving configuration to the router and restart the router
To save configuration on router
HYD-1 # copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

[OK]
HYD-1 #

HYD-1 # reload

Verify login to the router using new password

 Access router via telnet and Enter privilege mode using new password.
telnet 192.168.202.1
 Lab 9: IOS and Configuration Backup

OBJECTIVE:
To take backup of the IOS and the Router Configuration

TOPOLOGY:
Setup Ethernet connectivity for the lab as below:

Pre-requisite: 192.168.202.10 computer should have TFTP, FTP and SCP server software installed
and running.

TASK:
 Create a backup of Router Configuration on TFTP Server
 Verify Configuration file on TFTP server
 Create a Backup of Router IOS on TFTP Server
 Verify IOS file on TFTP server
 Create a backup of Router Configuration on FTP Server
 Verify Configuration file on FTP server
 Create a Backup of Router IOS on FTP Server
 Verify IOS file on FTP server
Backup of Router Configuration on TFTP Server

HYD-1 # copy startup-config tftp

Address or name of remote host []? 192.168.202.10
Destination filename [HYD-confg]? HYD-TFTP
!!
1514 bytes copied in 0.344 secs (4401 bytes/sec)
HYD-1 #

Verify backup configuration file on TFTP Server

Verify the Configuration file on TFTP server, default path is C:\Program Files\TFTPd32

Backup of Router IOS

HYD-1 # show flash
System flash directory:
File Length Name/status
1 63139972 Aug 01 2016 14:13:20 c2800nm-adventerprisek9-mz.151-1.T.bin
856064 bytes available (63156224 bytes used)

HYD-1 #

HYD-1 # copy flash tftp

Source filename []? C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN
Address or name of remote host []? 192.168.202.10
Destination filename [C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
63139972 bytes copied in 264.584 secs (238639 bytes/sec)
HYD-1 #
Verify backup IOS file on TFTP server
Verify the IOS file on TFTP server, default path is C:\Program Files\TFTPd32

Backup of Router Configuration on FTP Server

HYD-1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # ip ftp username cisco
HYD-1 (config) # ip ftp password ccna
HYD-1 (config) # end

HYD-1 # copy startup-config ftp:

Address or name of remote host []? 192.168.202.10
Destination filename [HYD-confg]? HYD-FTP

Writing HYD-FTP !!
1557 bytes copied in 0.476 secs (3271 bytes/sec)
HYD-1 #
Verify backup configuration file on FTP Server
Verify the Configuration file on FTP server.

Backup of Router IOS

HYD-1 # show flash
System flash directory:
File Length Name/status
1 63139972 Aug 01 2016 14:13:20 c2800nm-adventerprisek9-mz.151-1.T.bin
856064 bytes available (63156224 bytes used)

HYD-1 #

HYD-1 # copy flash ftp:

Source filename []? C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN
Address or name of remote host []? 192.168.202.10
Destination filename [C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN]?
Writing C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
63139972 bytes copied in 264.584 secs (238639 bytes/sec)
HYD-1 #
Verify backup IOS file on FTP server
Verify the IOS file on FTP server.

Backup of Router Configuration on SCP Server

HYD-1 # copy startup-config scp:

Address or name of remote host []? 192.168.202.10
Destination username [HYD-1]? cisco
Destination filename [HYD-confg]? HYD-SCP

Writing HYD-SCP
Password: ccna
!!
1557 bytes copied in 0.476 secs (3271 bytes/sec)
HYD-1 #
Verify backup configuration file on SCP Server
Verify the Configuration file on SCP server, default path is C:\SFTP_Root.

Backup of Router IOS

HYD-1 # show flash
System flash directory:
File Length Name/status
1 63139972 Aug 01 2016 14:13:20 c2800nm-adventerprisek9-mz.151-1.T.bin
856064 bytes available (63156224 bytes used)

HYD-1 #

HYD-1 # copy flash scp:

Source filename []? C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN
Address or name of remote host []? 192.168.202.10
Destination username [HYD-1]? cisco
Destination filename [C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN]?

Writing C2800NM-ADVENTERPRISEK9-MZ.151-1.T.BIN
Password: ccna
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
63139972 bytes copied in 264.584 secs (238639 bytes/sec)
HYD-1 #
Verify backup IOS file on FTP server
Verify the IOS on SCP server, default path is C:\SFTP_Root.