CCNA - Day School 2

T216 Cisco networking (CCNA)
Day School 2: Practical Resource Pack

This pack is a take-home study to complement the day schools that are part of T216
Cisco networking. All of the material can be repeated in many settings, applied in a
professional context or practised using Packet Tracer or the NetLab+ system if you
are taking the ALE.
1 Command reference 2
2 Router configuration 5
2.1 Basic router configuration 5
3 Redistribution, NAT, DHCP and VLANs 10
3.1 Redistribution from a static route to a dynamic routing protocol 10
3.2 Adding NAT and DHCP 12
3.3 To check DHCP 14
3.4 To check NAT 17
3.5 Adding VLANs 17
4 Open Shortest Path First (OSPF) and Access Control Lists (ACLs) 21
4.1 OSPF configuration 21
4.2 ACL configuration 23
5 Answers to questions 25
Day School 2: Practical Resource Pack for CCNA v5 | 2
1 Command reference
Table 1 gives a list of some of the most important commands, in no particular order,
and the results they generate.
Table 1 List of commands
Command Result
enable enter Privilege mode
configure terminal does what it says on the label
copy running-config startup-
config
copies RAM to Flash for a restart
erase startup-config erases Flash
reload restarts router (warm)
show interfaces lists all interfaces
show ip route displays RIP and IGRP discovered
routers
show CDP neighbors (detail) displays discovered and associated
Cisco devices not necessarily using a
routing protocol
ping can send echoes to routers and hosts
(can vary packet size and number of
hits)
telnet Connects remotely to another router
interface? selects the interface to configure
ip address x.x.x.x s.s.s.s issues an interface with IP address x
and subnet mask s
shutdown terminates the operation of an
interface
no <command> reverses the operation of a command
ip host X y.y.y.y z.z.z.z creates a host table entry X with
associated addresses y and z etc.
router <RIP/EIGRP(network
number)/OSPF (process-id)>
sets the routing protocol
network x.x.x.x (w.w.w.w
area x)
declares the adjacent networks
clock rate 56000 must be applied to the DCE on a
serial link
enable secret class sets Privilege mode password
hostname X sets the hostname to X
line con 0 sets the console exec mode
password x have a guess
line vty 0 4 sets the telnet password
login enables remote access
? help!
show interface e0/s0/s1 can show specifics for a given
interface
show ip interface e0/s0/s1 can show IP specifics for a given
interface
show sessions/users shows who is connected to your
router via console or telnet
end/exit terminates session or configuration
show version displays IOS version and memory
details
show arp lists Ethernet MAC addresses learnt
from an adjoined network
show clock time as always
show flash shows non-volatile memory size
show protocol IP settings along with other protocols
show ip protocol IP and routing settings
show history lists commands
traceroute x.x.x.x shows hops from router to address x
clear counters resets the interface counters for
packets
banner motd enables a message to be displayed at
log-in
description like a remark to be placed on an
interface
ip http server enables web-based interface on
router
config-register selects the boot source
clear arp clears the current ARP table
ip route x.x.x.x s.s.s.s x.x.x.x creates a static entry in the routing
table
ip route x.x.x.x s.s.s.s exit-
interface
redistribute static passes static route information across
the routed protocol
default-information originate passes default route information
across the routed protocol
router ospf process-id (global
configuration command)
configures an OSPF routing process;
the no form terminates an OSPF
routing process
network address wildcard-
mask area area-id (router
defines the interfaces on which OSPF
runs and the area ID for those
interfaces
ip ospf priority number
(interface configuration
command)
sets the router priority, which helps to
determine the designated router for
this network; the no form returns to
the default value
show ip ospf interface [type
number] (EXEC command)
displays OSPF-related interface
information
ip ospf authentication-key
password (interface
assigns a password to be used by
neighbouring routers that are using
OSPFs simple password
authentication; the no form removes
a previously assigned OSPF
password
area area-number
authentication [message-
digest] (router configuration
command)
configures area parameters such as
authentication and summarisation
ip ospf message-digest-key
key-id md5 key (interface
enables OSPF Message Digest 5
(MD5) authentication; the no form
removes an old MD5 key
ip ospf hello-interval seconds
command)
specifies the interval between hello
packets that the Cisco IOS software
sends on the interface
ip ospf dead-interval seconds
command)
specifies how long hello packets
must not have been seen before its
neighbours declare the router down
default-information originate
(router configuration
command)
generates a default route into OSPF;
the no form disables this feature
show ip ospf (EXEC
command)
displays general information about
OSPF routing processes
show ip ospf neighbor detail
(EXEC command)
displays OSPF-neighbour information
on a per-interface basis
debug ip ospf adj (privileged
EXEC command)
displays all OSPF adjacency events
debug ip ospf events
(privileged EXEC command)
displays all OSPF events

2 Router configuration
2.1 Basic router configuration

Before you start any exercise you will need to repeat this task from Day School 1. In
teams this can be accomplished in 20 minutes.
Figure 1 shows the correct interface identities for a 2600-series router. If you have a
2500-series router, the interfaces should read e0, s0 and s1; if you have a 2800-series
router the interface identities are Gi0/0, s0/0/0, and so on. Later in the day you will
also be using the switches shown in this diagram. For the time being, please
concentrate on R1, R2 and R3 shown in Figure 2.
Tip: when you get the system started, there is a command show ip interfaces brief
which will always list all interfaces and all identifiers. Also, many routers have the
interface id printed on the side, in small type.
If you are working on a NetLab system for the ALE, all this will already have been
done for you.

Figure 1


Figure 2
The console port (shown in Figure 3) is a direct serial connection between your
computer and the router. This will enable you to configure the device.
The computer will need a DB9 adapter, and the connection is accomplished with a
rollover cable.

Figure 3

Tip: you can complete the two labs for Day School 2 see sections 3 and 4 in
whichever order you like.
You may find that copying the relevant commands into a text-editor file (e.g. Notepad)
for continued reuse will speed up the reconfiguration process after each exercise. If
you are completing the alternative learning experience (ALE), Netlab+ has a copy-
and-paste clipboard feature that enables you to insert commands from your own
computer in a similar manner.

To access the router from the personal computer you will need to use a terminal
emulator.
Tera Term is a popular application that is easily found on the internet. Alternatively,
you can use HyperTerminal, which is installed by default on all Windows versions.
You will need to create a connection. You can use the com1 port which is usual or
any other port available on your computer. Figure 4 shows you how to create a
connection.

Figure 4
Cable up the routers, connect them to the computers and start them (using the switch
at the back).
The purpose of this practical exercise will be to configure this three-router network
with three LANs and three WANs, IP addresses and subnets. Figure 5 shows the final
configuration.

Figure 5
Table 2 gives the command configuration sequence.
Table 2 Command configuration sequence
Router Command Purpose (student to complete)
All Enable
All configure terminal
R1 hostname cornwall
R2 hostname somerset
R3 hostname devon
All interface s0 (or s0/0 or
s0/0/0) [remember you need
to check]

Only DCE! end clock rate 56000
All read plan
seen in Fig. 5
ip address x.x.x.x s.s.s.s
Hint: x.x.x.x is the ip address;
s.s.s.s is the subnet mask, /24
is 255.255.255.0

All no shutdown
All interface s1 (or s0/1 or
s0/0/1)

Only DCE! clock rate 56000
All read plan ip address x.x.x.x s.s.s.s
All no shutdown
All interface e0 (or fa0/0 or
Gi0/0)

All ip address x.x.x.x s.s.s.s
All no shutdown
All interface e1 (or fa0/1 or
Gi0/1)

All ip address x.x.x.x s.s.s.s
All no keepalive Note: that there must be nothing
connected to this port for this
command to be valid
device connected.
All no shutdown
All end
All copy run start Tip: you could also try ... wr
To test
All show ip interface brief
All ping x.x.x.x (must be adjacent router IP
address)

Do not progress until adjacent
routers can ping each other,
they will not be able to ping
afar yet.
Notes:

3 Redistribution, NAT, DHCP and
VLANs
3.1 Redistribution from a static route to a dynamic
routing protocol
Many networks will have a combination of static and dynamic routing taking place; this
is commonplace when you have a stub (out on a limb) system connected to the main
network infrastructure.
Tip: before commencing, you will need to ensure that the system is back to the basic
configuration found in section 2.
Netlab+ tip: if you are using Netlab+, you may wish to use a basic router pod or the
MAP system. Note that he serial link between R1 and R3 is not being used; you may
need to shut down these interfaces. In addition for the MAP system, ports fa0/5 and 6
on S1 need to be in shut mode and interface gi0/1 on s1 needs no keep alive
command to enable pings to it.
If you are at a day school, ignore the Netlab+ advice.
This exercise is an adaptation of the standard structure used in T216, and assumes
the core structure is already configured (Figure 6).

Figure 6
Table 3 shows the necessary command sequence for redistribution from static to
dynamic routing.
Table 3 Command sequence for redistribution from static to dynamic routing
Cornwall router eigrp 123
network 1.0.0.0
network 192.168.1.0
network 192.168.2.0
Somerset router eigrp 123
redistribute static
Network 1.0.0.0
Network 10.0.0.0
ip route 172.16.0.0
255.255.255.0 2.0.0.2
Devon ip route 0.0.0.0 0.0.0.0
Serial1 (or s0/1 or s0/0/1)

Compare routing tables by using the show ip route command. Try pinging from
Devon to a LAN on Cornwall. Also try pinging from the 10.1.1.0 LAN on Somerset to
Devon and Cornwall.
Why can you not ping from Somerset or Cornwall to the 172.17.0.0 network on
Devon? What do you need to do to rectify this?

Netlab+ tip: if you are using Netlab+ you will need to configure and use PCs A, B and
C.
If you are at a day school, ignore the Netlab+ advice.
3.2 Adding NAT and DHCP
Before you commence, refer back to Figure 1: PCA and PCC will need to be
connected to the E0 (or Fa0/0) connections on Cornwall (R1) and Devon (R3). If you
are using Netlab+ this will be available by default, using one of the virtual machines.
Now refer to Table 4, which has the NAT and DHCP commands for Cornwall and
Devon; there is nothing to configure on Somerset.
Table 4 Clearing the configuration
Router Command Purpose
Cornwall configure terminal
access-list 1 permit 192.168.1.0 0.0.0.255 ACLs are used
for traffic control
as well as
creating
decision-based
rules
ip nat inside source list 1 interface
fastethernet0/0 overload
Or E0 or Gi0/0
interface fastethernet 0/0 Or E0 or Gi0/0
ip nat inside
interface serial0/0 Or s0 or s0/0/0
ip nat outside
Exit
service dhcp Optional
depending on
router being
used
ip dhcp pool cornwallpool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.2
domain-name cornwall.open.ac.uk This will not
work in the real
world
Exit
ip dhcp excluded-address 192.168.1.1
192.168.1.10

End
copy run start
Devon configure terminal
access-list 1 permit 172.17.0.0 0.0.0.255 ACLs are used
for traffic control
as well as
creating
decision-based
rules
ip nat inside source list 1 interface
fastethernet0/0 overload
Or E0 or Gi0/0
interface fastethernet 0/0 Or E0 or Gi0/0
ip nat inside
interface serial0/1 Or s1 or s0/0/1
ip nat outside
exit
service dhcp Optional
depending on
router being
used
ip dhcp pool devonpool
network 172.17.0.0 255.255.255.0
default-router 172.17.0.1
dns-server 172.17.0.2
domain-name devon.open.ac.uk This will not
work in the real
world
exit
ip dhcp excluded-address 172.17.0.1
172.17.0.10

end
copy run start

3.3 To check DHCP
Make sure that your computer has DHCP (obtain an IP address automatically) set
(see Figure 7). Depending on your version of operating system, this option may
appear in different parts of the system, if you go via control panel/network settings (or
a similarly named area) you will eventually drill down to the IPv4 settings for your
network card.
Netlab+ tip: if you are using Netlab+, you will need to configure and use PCs A, B
and C. If you are at a day school, ignore the Netlab+ advice. If you are getting
spurious information, apply the shutdown command to Fa0/18 on S2.

Figure 7
Start the command prompt (Figure 8). This may also be available via the start menu or
other ways.

Figure 8
Run ipconfig to check that the DHCP address has been obtained (see Figure 9
though in this example a different network is in use).

Figure 9
Run ipconfig /release to remove an automatic addressing (Figure 10).

Figure 10
Run ipconfig /renew to receive a new DHCP licensed address (Figure 11 is
representative).

Figure 11
3.4 To check NAT
You must ping the nearside interface on an afar router from the host on the LAN; from
the computer on the Cornwall LAN you must ping 1.0.0.2 -t (note that the -t means
continuous no timeout).
On each router, issue the clear ip nat translation * command and the show ip nat
translations commands.

3.5 Adding VLANs
Continuing from the previous steps, add two individual switches to E1 (Fa0/1) on
Cornwall and E1 (Fa0/1) on Devon. As shown in Figure 12, E5 is port 5 or Fa0/5.
Remember this is the base network, which is the MAP (multi-access pod) on Netlab+
so the switches should already be available.

Figure 12

Table 5 shows a sequence of commands for S1 and S3, enabling three VLANs.
Table 5 VLAN configuration
Router Command Purpose
S1 enable
del vlan.dat
configure terminal
hostname cornwall_LAN
vlan 10
name core
exit
vlan 20
name Camborne
exit
vlan 30
name StIves
exit
vlan 40
name Penzance
exit
interface range fa0/1 - 5
no shutdown
switchport mode access
switchport access vlan 10
exit
no shutdown
exit
no shutdown
exit
no shutdown
exit
S3 enable
del vlan.dat
configure terminal
hostname devon_LAN
vlan 10
name core
exit
vlan 20
name Exeter
exit
vlan 30
name Barnstaple
exit
vlan 40
name Torquay
exit
no shutdown
exit
no shutdown
exit
no shutdown
switchport mode access Netlab+ tip: if you are using
Netlab+ you will notice CDP
native vlan mismatch
warnings. Ignore these unless
you have shut down ports
from S1 to S2 and S3, as well
as S2 to S1 and S3.

exit
no shutdown
exit

On each switch, issue a show vlan command. How has the switch been reorganised?
When you have completed this lab you must complete the commands shown in Table
6, on all devices.
Router Command Purpose (student to
complete)
All erase start
All reload

Tip: did you read the tip at the end of section 2?

4 Open Shortest Path First (OSPF) and
Access Control Lists (ACLs)
4.1 OSPF configuration

OSPF is a multi-area protocol, which can be configured to ensure that it listens for
updates on a range of possible interface addresses. This means that it uses the
wildcard mask, synonymous with ACLs, to add simple decision-making to routing.
Before commencing you will need to ensure that the system is back to the basic
configuration found in section 2. This exercise is an adaptation of the standard
structure used in T216, and assumes that the core structure is already configured.
Figure 13 shows the set-up required, and Table 6 shows the necessary command
sequence.

Figure 13
Table 6 OSPF command sequence
Router Command Purpose (student to
complete)
All show run Check your running
configuration
All show ip interface brief Check your interfaces
are up
All router ospf 1 Note: this is the process
id, not the area
Cornwall network 1.0.0.0 0.0.0.255 area 0
network 3.0.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
Somerset network 1.0.0.0 0.0.0.255 area 0
network 2.0.0.0 0.0.0.255 area 0
network 10.1.1.0 0.0.0.255 area 0
network 10.2.2.0 0.0.0.255 area 0
Devon network 3.0.0.0 0.0.0.255 area 0
network 2.0.0.0 0.0.0.255 area
0

network 172.16.0.0 0.0.0.255 area 0
network 172.17.0.0 0.0.0.255 area 0
All End
All Copy run start
All Show ip route
All Show ip ospf
All Show ip ospf neighbors
If session time permits:
Cornwall Interface s0, s0/0 or s0/0/0
ip ospf priority 33
Interface s1, s0/1, or s0/0/1
ip ospf priority 33
Somerset Interface s0
ip ospf priority 66
ip ospf priority 66
Devon Interface s0, s0/0 or s0/0/0
ip ospf priority 99
ip ospf priority 99
All End
All Copy run start
All Clear ip ospf process This must be done
simultaneously on all
routers.
All Show ip ospf neigbors

Like most complex routing protocols, OSPF timers and router priorities can be
adapted. Using a loopback interface, how would you add another entry to the OSPF
routing tables? You may need to complete a little research on how this command
works.
Netlab+ tip: if you are using Netlab+, you will need to shut down ports fa0/5 and 6 on
S1 and fa0/5 and 18 on S3.
4.2 ACL configuration
In this exercise you should reuse the base configuration from the OSPF exercise (see
Figure 13). Any suggested additions you may have made should not affect this
exercise.
Table 8 shows the syntax of the ACL commands you will use in this exercise. ACLs
are complex, powerful and subtle commands. For the range of commands available,
refer to the Cisco material.
Table 8 ACL command syntax
Command Result
access-list 101 deny tcp/udp/icmp
x.x.x.x w.w.w.w y.y.y.y w.w.w.w eq
port (or echo)
Blocks specific class of traffic
x is the source address
w is wildcard
y is the destination address
access-list 101 permit ip any any Allows any other traffic
ip access-group 101 in/out Applies access list to inbound/outbound
traffic

The rules will be as follows:
stop a LAN on Somerset from reaching (pinging) a LAN on Cornwall
stop a LAN on Cornwall from reaching (pinging) a LAN on Devon
stop a LAN on Devon from reaching (pinging) a LAN on Somerset
allow all other traffic.
Table 9 shows the command sequence for extended ACLs.
Table 9 Command sequence for extended ACLs
Router Command
Cornwall access-list 101 deny icmp 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
echo
Devon access-list 101 deny icmp 192.168.2.0 0.0.0.255 172.16.0.0
0.0.0.255 echo
Somerset access-list 101 deny icmp 172.17.0.0 0.0.0.255 10.2.2.0 0.0.0.255
echo
All access-list 101 permit ip any any
All interface s0 (or s0/0)
ip access-group 101 in
interface s1 (or s0/1)
ip access-group 101 in
All Complete an extended ping from your router to the banned LAN

Note: check the syntax of the ACL command if you are using Packet Tracer.

To test the ACLs you must use an extended ping similar to the example in Table 10.
This tests whether the ACLs on Cornwall are responding to traffic from Somerset.
Table 10 Extended ping
Router Command (note that there may be some variations)
Somerset ping <hit enter>

Protocol [ip]: <hit enter>
Target IP address: 192.168.1.1
Repeat count [5]:10
Datagram size [100]: <hit enter>
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Then press [n] for all other options

Somerset ping <hit enter>

Protocol [ip]: <hit enter>
Target IP address: 192.168.2.1
Repeat count [5]:10
Datagram size [100]: <hit enter>
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Then press [n] for all other options

Which of the above works, and which does not?
A working ping has an exclamation mark !; one that has no reply has a full stop ..
Change the addresses to prove/disprove the ACLs working on Somerset and Devon.
When you have completed this lab you must complete the commands shown in Table
11, on all devices.
All erase start
All reload
Tip: did you read the tip at the end of section 3?

5 Answers to questions
Do resist reading this section until you have completed or at least attempted the day
school or ALE.
3.1 Redistribution: Why can you not ping from Somerset or Cornwall to the
172.17.0.0 network on Devon? What do you need to do to rectify this?
o You need to add the missing network in Somerset. There are many
ways to accomplish this. The simplest would be to add the missing
network: ip route 172.17.0.0 255.255.255.0 2.0.0.2
o But a more subtle method would be to create an aggregate entry, by
changing the subnet mask: ip route 172.16.0.0 255.255.240.0 2.0.0.2
o This would include networks 172.16.0.0 through to 172.31.0.0 (all
private class B networks) reducing the need to update the router
with static routes for each new private system.

3.5 Adding VLANs: On each switch, issue a show vlan command. How has
the switch been organised?
o Your ports should now be arranged next to each of the VLANs. Some
ports will remain unassigned and should be collected in VLAN1.

4.1 OSPF configuration: Using a loopback interface, how could you add
another entry to the OSPF routing tables?
o Adding a loopback interface is not dissimilar to adding a normal real
interface. Loopbacks are used as IDs on routers and often help create
large routing tables when there is a limit on the number of physical
interfaces available.
o Looking at Table 12, you could apply this to Somerset.

Table 12 Adding a loopback
Router Command Notes
Somerset configure terminal
interface loopback 1 Creates the loopback
interface
ip address 99.99.99.99 255.255.255.0
no shutdown This should not be needed
router ospf 1
network 99.99.99.0 0.0.0.255 area 0
Cornwall show ip route
4.2 ACL configuration: Which of the above works, and which does not?
o The ping will work for the network allowed, and not work for the
network that is blocked. Confirm this with the ACL command being
used on the Devon router.

CCNA - Day School 2

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

CCNA - Day School 2

Caricato da

Copyright:

Formati disponibili

T216 Cisco networking (CCNA)

Day School 2: Practical Resource Pack

Potrebbero piacerti anche