CCNA Labs KL Ver 0.8 2018

TOPICS
1. BASIC
2. RIP
3. OSPF
4. EIGRP
5. ACL
6. NAT
7. VLAN & VTP
8. STP
9. FHRP (HSRP, VRRP & GLBP)
10. NTP
11. DHCP
12. SNMP
13. IPV6
14. OSPFV3
15. EIGRPV3
16. PPP
17. FR
1. BASIC
1.1 Basic Networking Tools on Host Computer (MS-DOS) for basic
network connectivity verification
● ipconfig
● ipconfig/all
● ipconfig/release
● ipconfig/renew
● netstat –a
● nslookup
● arp –a
● ipconfig /displaydns
● ping 127.0.0.1
● Tracert 4.4.4.254
1.2 Hardening a cisco router
1.2.1 Setting Time

clock set 10:00:00 10 Mar 2014
1.2.2 Setting 2nd Level Passwords (using plain text)
Enable password ts
1.2.3 Setting 2nd Level Passwords (using encrypted text)
enable secret cisco
1.2.4 Setting Console & VTY password (using Telnet protocol)
line con 0
login
password console
line vty 0 4
login
password vty
1.2.5 Configuring Aliases

alias exec siib show ip int bri
alias exec sr show running
alias exec sip show ip protocols
alias s show ip route
1.2.6 Configuring no domain lookup in your router

no ip domain lookup
1.2.7 Setting Banner/MOTD
banner motd !
#######################################################
#####################################################
######### HELLO TO OUR NETWORK ####################
######YOU ARE ENTERING A SECURED NETWORK ########
###YOU WOULD BE FINED FOR ANY VIOLATION #########
##THIS NETWORK IS THE SOLE PROPERTY OF CISCO#####
#############################################
###########################################
######################################### !
1.2.8 Configuring hostname of a Router

Hostname xyz
1.2.9 Saving the configurations in NVRAM

copy run start / write memory
1.2.10 Configuring no domain lookup in your router

no ip domain lookup
1.2.11 Setting Banner/MOTD
➢ Implementation Steps:
banner motd !
#######################################################
#####################################################
######### HELLO TO OUR NETWORK ####################
######YOU ARE ENTERING A SECURED NETWORK ########
###YOU WOULD BE FINED FOR ANY VIOLATION #########
##THIS NETWORK IS THE SOLE PROPERTY OF CISCO#####
#############################################
###########################################
######################################### !
➢ Post-implementation Results:
● Log-out completely from the Switch and then login, the 1st thing that would pop-up on the
IOS window would be this banner
1.2.12 Configure SSH
username kamran password cisco ; create a local user name
ip domain-name cisco.com ; Assign a domain name
crypto key generate rsa
line vty 0 15
password cisco
login local
transport input telnet ssh ; Configure vty ports for using SSH
● show crypto key mypubkey rsa

● log-out from your PC if you have already logged-in into your
switch, and then use the appropriate “Remote Terminal
Software” like Putty, Teraterm (all the softwares that support
the SSH) and then using that software try to log-in into your
switch again using the following command:
o ssh ip address
1.2.13 Command to convert all the passwords even in level 7 mode to level 5 automatically
service password-encryption
1.3 Configuring IP Addresses (on Cisco Routers)

o LON (R1)
int gi 0/2
description ** LAN Network **
ip addr 1.1.1.254 255.255.255.0
no sh
int gi 0/0
description ** interface towards NYK (R2) **
ip addr 10.1.12.1 255.255.255.0
no sh
sp 100
dup full
int gi 0/1
description ** interface towards DUB(R4) **
ip addr 10.1.14.1 255.255.255.0
sp 100
dup full
sh
o NYK (R2)
int gi 0/2
ip addr 2.2.2.254 255.255.255.0
no sh
int gi 0/0
description ** interface towards LON (R1) **
ip addr 10.1.12.2 255.255.255.0
no sh
sp 100
dup full
int gi 0/1
description ** interface towards PAR(R3) **
ip addr 10.1.23.2 255.255.255.0
no sh
sp 100
dup full
o PAR(R3)
int gi 0/2
ip addr 3.3.3.254 255.255.255.0
no sh
int gi 0/1
description ** interface towards NYK (R2) **
ip addr 10.1.23.3 255.255.255.0
no sh
sp 100
dup full
int gi1/0
description ** interface towards DUB(R4) **
ip addr 10.1.34.3 255.255.255.0
no sh
sp 100
dup full
o DUB(R4)
int gi 0/2
ip addr 4.4.4.254 255.255.255.0
no sh
int gi1/0
description ** interface towards PAR(R3) **
ip addr 10.1.34.4 255.255.255.0
no sh
sp 100
dup full
int gi 0/1
description ** interface towards LON (R1) **
ip addr 10.1.14.4 255.255.255.0
no sh
sp 100
dup full
● Ping all the IPs on the local segments

o On all Routers:
▪ Ping a.b.c.d (to Next Hop Routers only)
● See if you can view all networks as “C” in your routing tables
o On all Routers:
▪ sh ip route static
▪ sh cdp neighbour
▪ sh ip int brief
▪ sh int fax/y
1.4 Static Routes & Default Routes
➢ Diagram:
o LON (R1)
ip route 2.2.2.0 255.255.255.0 10.1.12.2
ip route 3.3.3.0 255.255.255.0 10.1.12.2
ip route 4.4.4.0 255.255.255.0 10.1.12.2
o NYK (R2)
ip route 1.0.0.0 255.255.255.0 10.1.12.1
ip route 3.3.3.0 255.255.255.0 10.1.23.3
ip route 4.4.4.0 255.255.255.0 10.1.23.3
o PAR(R3)
ip route 1.0.0.0 255.255.255.0 10.1.23.2
ip route 2.2.2.0 255.255.255.0 10.1.23.2
ip route 4.4.4.0 255.255.255.0 10.1.34.4
o DUB(R4)
ip route 1.1.1.0 255.255.255.0 10.1.34.3
ip route 2.2.2.0 255.255.255.0 10.1.34.3
ip route 3.3.3.0 255.255.255.0 10.1.34.3

o On all Routers:
▪ Ping a.b.c.d (to All the networks in your topology)
● See if you can view all networks as “S” in your routing tables
o On all Routers:
1.5 Default Routing towards your ISP:
➢ Diagram:
o LON (R1)
int gi 0/1
ip add 10.1.15.1 255.255.255.0
no shut
ip route 0.0.0.0 0.0.0.0 10.1.15.5
o NYK(R2)
ip route 0.0.0.0 0.0.0.0 10.1.12.1
o PAR (R3)
ip route 0.0.0.0 0.0.0.0 10.1.23.2
o DUB (R4)
ip route 0.0.0.0 0.0.0.0 10.1.34.3
o ISP (R5)
int lo 5
ip addr 5.5.5.5 255.255.255.255
int gi 0/1
ip add 10.1.15.5 255.255.255.0
no shut
ip route 0.0.0.0 0.0.0.0 10.1.15.1
ip route 1.0.0.0 255.0.0.0 10.1.15.1
ip route 2.0.0.0 255.0.0.0 10.1.15.1
ip route 3.0.0.0 255.0.0.0 10.1.15.1
ip route 4.0.0.0 255.0.0.0 10.1.15.1
● Ping Cisco.com IP <5.5.5.5>

o On LON(R1) Router:
▪ Ping 5.5.5.5
● See if you can view the static Default Route in your routing table
o On Corp Router:
Note: All the rest of the routers will not be able to ping this Internet host and can be achieved if you
enable any IGP in the network
2. RIP
➢ Diagram:
2.1 Configure RIP as the routing protocol in your network
o LON (R1)
router rip
version 2
network 1.0.0.0
network 10.0.0.0
no auto-summary
o NYK (R2)
router rip
version 2
network 2.2.2.0
network 10.0.0.0
no auto-summary
o PAR(R3)
router rip
version 2
network 3.3.3.0
network 10.0.0.0
no auto-summary
o DUB(R4)
router rip
version 2
network 4.4.4.0
network 10.0.0.0
no auto-summary

o On all Routers:
▪ Ping a.b.c.d (across all the network)
● See if you can view all non-directly connected networks as “R” in your
routing tables
o On all Routers:
▪ sh ip route rip
● See and practise the following commands

sh ip protocol
sh ip rip database
2.2 Change RIP timers (double the default timer values)
-same diagram as in 1-
o LON (R1)-DUB(R4):
router rip
timers basic 50 150 150 400

o On all Routers:
● See if you can view all non-directly connected networks as “R” in your
routing tables
o On all Routers:
▪ sh ip route rip

sh ip rip database
sh ip protocol
2.3 Configure Default Routing in RIP using all the following methods
o LON (R1):
router rip
default-information originate

o On all Routers:
● See if you can view “R* route” in your routing tables

o On all Routers:
▪ sh ip route rip
sh ip rip database
sh ip protocol
2.3.1 Using “Redistribution” command at LON (R1)
➢ Diagram:
----same diagram----
o LON (R1):
ip route 100.0.0.0 255.0.0.0 10.1.15.5
router rip
red static
o On all Routers:
● See if you can view all non-directly connected networks as “R” in your routing tables
o On all Routers:
▪ sh ip route rip
sh ip rip database
sh ip protocol
3. OSPF
3.1 Configure OSPF as the routing protocol of choice in your corporate in Area-0 (using a single
OSPF network command)
➢ Diagram:
o LON (R1)
router ospf 1
router-id 11.11.11.11
network 1.1.1.0 0.0.0.255 ar 0
network 10.1.0.0 0.0.255.255 ar 0
o NYK (R2)
router ospf 1
router-id 22.22.22.22
network 2.2.2.0 0.0.0.255 ar 0
network 10.1.0.0 0.0.255.255 ar 0
o PAR(R3)
router ospf 1
router-id 33.33.33.33
network 3.3.3.0 0.0.0.255 ar 0
network 10.1.0.0 0.0.255.255 ar 0
o DUB(R4)
router ospf 1
router-id 44.44.44.44
network 4.4.4.0 0.0.0.255 ar 0
network 10.1.0.0 0.0.255.255 ar 0
o On all Routers:
● See if you can view all non-directly connected networks as “O” in your routing tables
o On all Routers:
▪ sh ip route ospf

● sh ip ospf neighbour
● sh ip ospf database
● sh ip route
3.2 Configure OSPF as the routing protocol using multi-area as (as per the table below) is the
requirement to reduce the processing overhead on all the routers
Interfac
Routers es Areas
gi 0/2 area 1
LON (R1)
gi 0/2 area 2
NYK (R2)
gi 0/2 area 3
PAR(R3)
gi 0/2 area 4
DUB(R4)
o LON (R1)
router ospf 1
network 1.1.1.254 0.0.0.0 area 1
o NYK (R2)
router ospf 1
network 2.2.2.254 0.0.0.0 area 2
o PAR(R3)
router ospf 1
network 3.3.3.254 0.0.0.0 area 3
o DUB(R4)
router ospf 1
network 4.4.4.254 0.0.0.0 area 4

o On all Routers:
o On all Routers:
● See and practise the following commands (and compare the differences with the last lab’s such
results)
o On all Routers:
▪ Sh ip ospf neighbour
▪ sh ip ospf database
▪ sh ip route
3.3 Configure OSPF clear text authentication (on LON to NYK link)
------same diagram as before------
o LON (R1)
interface GigabitEthernet0/0
ip ospf authentication
ip ospf authentication-key ospf123
!
o NYK (R2)
ip ospf authentication
ip ospf authentication-key ospf123
!
● Verify the authentication method

o LON(R1) & NYK(R2)
sh ip ospf
sh ip ospf neighbor

o On all Routers:
3.4 Configure OSPF md5 authentication (between NYK & PAR link)
o NYK (R2)
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ospf456
!
o PAR(R3)
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ospf456

o NYK(R2) & PAR(R3)
sh ip ospf
sh ip ospf neighbor

o On all Routers:
3.5 Configure OSPF non-default timers (between LON & DUB)
o LON (R1)
ip ospf hello-interval 20
ip ospf dead-interval 80
!
o DUB (R4)
ip ospf hello-interval 20
!

o LON(R1) & DUB(R4)
sh ip ospf
sh ip ospf neighbor

o On all Routers:
3.6 Configure OSPF cost to manipulate the routing (between LON & NYK)
o NYK (R2)
ip ospf cost 5
!
o LON(R1)
ip ospf cost 5
!
● Verify the cost in the routes

o NYK(R2) & LON(R1)
sh ip route ospf
sh ip ospf neighbor

o On all Routers:
3.5 Configure OSPF on the BMA based network
➢ Diagram:
o R1
int lo 1
ip address 1.1.1.1 255.255.255.0
router ospf 1
router-id 11.11.11.11
network 1.1.1.0 0.0.0.255 ar 0
network 100.1.1.0 0.0.255.255 ar 0
o R2
int lo 1
ip address 2.2.2.2 255.255.255.0
router ospf 1
router-id 22.22.22.22
network 2.2.2.0 0.0.0.255 ar 0
network 100.1.1.0 0.0.255.255 ar 0
o R3
int lo 1
ip address 3.3.3.3 255.255.255.0
router ospf 1
router-id 33.33.33.33
network 3.3.3.0 0.0.0.255 ar 0
network 100.1.1.0 0.0.255.255 ar 0
o R4
int lo 1
ip address 4.4.4.4 255.255.255.0
router ospf 1
router-id 44.44.44.44
network 4.4.4.0 0.0.0.255 ar 0
network 100.1.1.0 0.0.255.255 ar 0
● Verification command
● On all Routers:
o sh ip ospf neighbor
You should see all the 3 neighbors per router and try to discover the DR and BDR routers amongst all
the 4 routers; DROs will not form any neighborship within each other but with DR/BDR
o On all Routers:
o On all Routers:
4. EIGRP
3.4 Configure EIGRP across your network
o LON (R1)
router eigrp 1
network 1.0.0.0
network 10.1.12.0 0.0.0.255
network 10.1.14.0 0.0.0.255
no auto-summary
o NYK (R2)
router eigrp 1
network 2.2.2.0
network 10.1.12.0 0.0.0.255
network 10.1.23.0 0.0.0.255
no auto-summary
o PAR(R3)
router eigrp 1
network 3.3.3.0
network 10.1.23.0 0.0.0.255
network 10.1.34.0 0.0.0.255
no auto-summary
o DUB(R4)
router eigrp 1
network 10.1.14.0 0.0.0.255
network 10.1.34.0 0.0.0.255
no auto-summary
● Verify the Routing table

o LON (R1)-DUB(R4):
▪ show ip route eigrp
● Ping IPs across the network
o On all Routers:
● View and practise the following “show” commands

o On all Routers:
▪ sh ip eigrp neighb
▪ sh ip eigrp topology
▪ sh ip route eigrp
▪ sh ip protocoal
▪ sh ip eigrp 100 interfaces
3.5 Configure the EIGRP timers across all of your network
-diagram same as before_
o LON (R1)
interface Gi0/0
ip hello-interval eigrp 100 30
ip hold-time eigrp 100 120
o NYK (R2)
interface Gi0/0
interface Gi0/1
o PAR(R3)
interface Gi0/1
interface Gi1/0
o DUB(R4)
interface Gi1/0

o LON (R1)-DUB(R4):
o On all Routers:

o On all Routers:
▪ sh ip protocoal
3.6 Configure the EIGRP metric such that we ONLY use bandwidth and not the default Bandwidth
+ Delay
o LON (R1)-DUB(R4)
router eigrp 1
metric weights 0 1 0 0 0 0

o LON (R1)-DUB(R4):
o On all Routers:

o On all Routers:
▪ sh ip protocoal
3.7 Configure the EIGRP Authentication across your network
3.8 Configure EIGRP Summarization at LON (R1):
o LON (R1)
interface Loopback20
ip address 1.1.0.1 255.255.255.0
!
ip address 1.1.1.1 255.255.255.0
!
ip address 1.1.2.1 255.255.255.0
!
ip address 1.1.3.1 255.255.255.0
!
interface Gi0/0
ip summary-address eigrp 1 1.1.0.0 255.255.252.0
!

o R2-R4:
You should see a summary route from R1

o On all Routers:

o On all Routers:
▪ sh ip protocoal
3.9 Configure EIGRP equal cost load balancing
Note: Clear the existing lab configs before proceeding to next lab
o LON (R1)
interface Loopback1
ip address 1.1.1.254 255.255.255.0
interface Gi0/0
ip address 10.1.12.1 255.255.255.0
speed 100
full-duplex
o NYK (R2)
interface Loopback2
ip address 2.2.2.254 255.255.255.0
interface Gi0/0
ip address 10.1.12.2 255.255.255.0
speed 100
full-duplex
interface Gi1/0
ip address 10.1.24.2 255.255.255.0
speed 100
full-duplex
interface Gi0/1
ip address 10.1.23.2 255.255.255.0
speed 100
full-duplex
o PAR(R3)
interface Loopback3
ip address 3.3.3.254 255.255.255.0
interface Gi0/1
ip address 10.1.23.3 255.255.255.0
speed 100
full-duplex
interface Gi2/0
ip address 10.1.100.3 255.255.255.0
speed 100
full-duplex
o DUB(R4)
interface Loopback4
ip address 4.4.4.254 255.255.255.0
interface Gi1/0
ip address 10.1.24.2 255.255.255.0
speed 100
full-duplex
interface Gi2/0
ip address 10.1.100.4 255.255.255.0
speed 100
full-duplex
o R5
interface Loopback5
ip address 5.5.5.5 255.255.255.0
interface Gi2/0
ip address 10.1.100.5 255.255.255.0
speed 100
full-duplex

o LON (R1)-R5:
▪ Ping w.x.y.z (across all network)
o LON (R1)-R5:

o On all Routers:
▪ sh ip protocoal
3.10 Configure EIGRP unequal cost load-balancing
Set metric weights in such a way that only Delay is considered in the “composite metric”
o LON (R1)-R5:
router eigrp 1
metric weights 0 0 0 1 0 0
Post-implementation Results:

o LON (R1)-R5:
o LON (R1)-R5:
▪ show ip protocol

o On all Routers:
Set the delay on NYK (R2)-DUB(R4) link to 2 (tens of microseconds)
--same diagram as last—
o LON (R1):
interface lo 1
delay 1
interface gi 0/0
delay 1
o NYK (R2):
interface gi 0/0
delay 1
interface gi 0/1
delay 1
interface gi1/0
delay 2
o PAR(R3):
interface gi 0/1
delay 1
interface gi 0/1
delay 1
o DUB(R4):
interface gi1/0
delay 2
interface gi 0/1
delay 1
o R5:
interface lo 5
delay 1
interface gi 0/1
delay 1

o LON (R1)-R5:
o LON (R1)-R5:
▪ show ip protocol
▪ sh int gi 0/x | i DLY (can be verified across the network, should be taken as tens
of whatever you entered the delay value)

o On all Routers:
3.10.1.1 Set unequal cost load-balancing by setting different “variance” values
-same diagram as last-
o NYK (R2):
router eigrp 1
variance 2
Post-implementation Results:

o LON (R1)-R5:
o NYK (R2):
show ip protocol | i variance
sh ip route 5.0.0.0
sh ip eigrp topology 5.0.0.0/8
5. ACL
5.1 Configure “Standard Numbered Access List” to block traffic from LON to DUB (You are allowed
to use any IGP <RIP/OSPF/EIGRP>)
➢ Implementation Steps: (ACL only)
o LON (R1)
access-list 1 deny 4.4.4.0 0.0.0.255

access-list 1 permit any
interface Gi0/2
ip access-group 1 out
o DUB (R4)
access-list 1 deny 1.1.1.0 0.0.0.255

access-list 1 permit any
interface Gi0/2

o R1 and R4
▪ show ip route ospf
You should not see network 4.4.4.0 and 1.1.1.0 on routers R1 & R4 respectively

o DUB(R4):
▪ Ping 1.1.1.254 source gi 0/2 (should not be successful)
Note: All the rest should work fine
5.2 Configure “Extended Numbered Access List” to permit traffic to NYK Server 2.2.2.2
-diagram same as before-
o NYK (R2)
!
access-list 111 permit ip any host 2.2.2.1
access-list 111 permit ip any host 2.2.2.3
● Verifying the connectivity

o PCs (LON, PAR & DUB)
▪ ping 2.2.2.2
The traffic should fail with “request timed out”

o LON (R1):
▪ Ping 4.4.4.254 source lo 1 (should not be successful)
o DUB(R4):
Note: these 2 hosts should be pingable from anywhere else
5.3 Configure “Standard Named Access List”

---diagram same as before------
o LON (R1)
router ospf 1
net 0.0.0.0 255.255.255.255 ar 0
ip access-list standard block4x

deny 4.4.4.0 0.0.0.255
permit any
interface Gi0/0
ip access-group block4x in
o NYK (R2)-DUB(R4)
router ospf 1
net 0.0.0.0 255.255.255.255 ar 0

o LON (R1)-DUB(R4):
▪ show ip route ospf

o DUB(R4):
Note: All the rest should work fine
5.4 Configure “Extended Named Access List” to block “icmp” to the router in Paris
-----diagram same as before-----
o PAR (R3)
access-list 111 deny icmp any any

access-list 111 permit ip any any
● Verify the ICMP (PING) from any PC in network

ping 3.3.3.x
It will not ping
5.5 Configure “Extended Named Access List” to block http & ftp access to NYK Server 2.2.2.2
-----diagram same as before-----
o NYK(R2)
access-list 111 deny tcp any host 2.2.2.2 eq www

access-list 111 deny tcp any host 2.2.2.2 eq ftp
● Verifying the ports access to server 2.2.2.2
From any PC in the network:

o http://cisco.com &
o ftp 2.2.2.2
Note: These above mentioned services will not work
6. NAT
6.1 Configuring Static NAT on your CPE Internet Hosts can use your hosted Gaming Servers:
o CPE:
hostname CPE
interface Gi0/0
description *** interface towards ISP ***
ip address 10.1.12.1 255.255.255.0
duplex full
speed 100
ip nat outside
interface Gi0/1
description **** towards Users ****
ip address 1.1.1.254 255.255.255.0
duplex full
speed 100
ip nat inside
ip nat ins sour static 2.1.1.1 10.1.12.3

ip nat ins sour static 2.1.1.2 10.1.12.4
ip route 0.0.0.0 0.0.0.0 10.1.12.2 ; to

initiate the initial traffic
o ISP
hostname CPE
interface Gi0/0
description *** interface towards CPE ***
ip address 10.1.12.2 255.255.255.0
duplex full
speed 100
interface Gi0/2
description *** towards INTERNET ****
ip address 2.1.1.254 255.255.255.0
duplex full
speed 100
● Verify the NAT table:

o NYK (R2):
▪ show ip nat transalation
▪ show ip nat statistics

o DUB(R4):
▪ Ping 1.1.1.x (from PC-5/ PC-6)
Note: Pings from PC-7 & PC-8 should not be successful
6.2 Ensure the users at your home can use Internet (Using the interface IP)
---same diagram as before----
o CPE
ip nat inside source list 1 interface GigabitEthernet0/0 overload

!
access-list 1 permit host 1.1.1.1

o NYK (R2):
▪ show ip nat translations
● Ping the internet servers:

ping 2.2.2.x
These should ping
6.3 Ensure the users at your home can use Internet (Using a new borrowed IP)
6.4 Configuring Dynamic NAT on your company router (NYK (R2)) so that all the PCs in your LAN
can get to the internet – a new pool 100.1.1.0 has been allocated to fulfil your requirements,
you are allowed to add a static route on LON (R1) (ISP) router
---same diagram as before----
o CPE
ip nat pool NAT-POOL 10.1.12.11
10.1.12.15 prefix-length 24
ip nat inside source list 1 pool NAT-POOL


o CPE:
▪ show ip nat translation

o CPE:
▪ Ping 2.2.2.x
1.6 Basic Fundamentals of LAN
➢ Diagram:
1.6.1 How to Set Hostname and Configure Console Password
hostname CISCO
line console 0
login
password cisco123
● Connect any of the 2 PCs in your lab to the console port of

the Switch individually and try to access the switch with the
passwords as given in the lab
1.6.2 How to Set Privilege level password
enable password cisco
enable secret Kamran ; if configured alongwith the clear text
password, Encrypted password has got more Priority
● Still “Consolled” into the switch, enter the privileged exec
mode using the password (2nd level) as is shown in your lab
1.6.3 How to Set User Authentication in Switch
line console 0
login local ; use login local in place of “login” only
username kamran password kami
● Again, still “Consolled” into the switch, enter the user exec
mode using the password (1st level) as is shown in lab1.4.1 but
you would be prompted for a username/pw before entering this
mode, and then you would have to enter the 2nd level password
as is shown in lab1.4.2
1.6.4 How to Set Telnet password (and the 2nd level password)
interface vlan1 ; To Manage Telnet, SSH Session on a Switch we need

IP address
ip address 10.0.0.10 255.255.255.0
no shutdown
line vty 0 15
login
password cisco
enable password cisco

enable secret Kamran ; if configured alongwith the clear text
password, Encrypted password has got more Priority
● Telnet into the switch, enter the user exec mode using the
password (1st level) as is shown in this lab & then enter
privilege exec mode using the password as is shown in the
later implementation steps
● SW:
o sh runn
o show ip interface vlan 1
o show ip interface brief
7. VLAN & VTP

7.1 Creating Basic VLAN & Trunking (dot1q)
➢ Diagram:
LON-ASW1:
vlan 10
name HR
vlan 20
name IT
vlan 30
name Sales
int range gi 0/1-2

switchport mode trunk
switchport trunk encap dot1q
switchport trunk allowed vlan 10,20,30
int fa 0/1
switchport mode access
switchport access vlan 10
int fa 0/2
int fa 0/3
LON-ASW2:
vlan 10
name HR
vlan 20
name IT
vlan 30
name Sales
int range gi 0/1-2

int fa 0/1
int fa 0/2
int fa 0/3
LON-DSW1:
vlan 10
name HR
vlan 20
name IT
vlan 30
name Sales
int range gi 0/1-2
switchport trunk encapsulation dot1q
int range fa0/23-24

LON-DSW2:
vlan 10
name HR
vlan 20
name IT
vlan 30
name Sales
int range gi 0/1-2

int range fa0/23-24

● SWA-SWB:
sh vlans
sh interface trunk
You should see all the 3 VLANs defined and proper mapping between ports to VLANs; Trunks should
have all of these VLANs allowed through them
7.2 Configure VTP as follows:
DSW1
➢ Diagram:
LON-ASW1:
vlan 10
name HR
vlan 20
name IT
vlan 30
name Sales
int range gi 0/1-2
int fa 0/1
int fa 0/2
int fa 0/3
LON-ASW2:
vlan 10
name HR
vlan 20
name IT
vlan 30
name Sales
int range gi 0/1-2

int fa 0/1
int fa 0/2
int fa 0/3
LON-DSW1:
vlan 10
name HR
vlan 20
name IT
vlan 30
name Sales
int range gi 0/1-2

int range fa0/23-24

LON-DSW2:
vlan 10
name HR
vlan 20
name IT
vlan 30
name Sales
int range gi 0/1-2

int range fa0/23-24

● SWA-SWB:
sh vlans
sh interface trunk
You should see all the 3 VLANs defined and proper mapping between ports to VLANs; Trunks should
have all of these VLANs allowed through them
7.3 Port Security (On PC-1 on Switch-A)
➢ Diagram:
---same diagram as before---
sh mac-address-table ; to view the current mac-address of PC1 (on
Switch-A) & note it down
int Gi 0/1
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address sticky
switchport port-security violation shutdown
sh port-security interface Gi 0/1
sh ip interface Gi 0/1
Now Change the PC on Fast 0/1 & connect another PC (with an obvious
different MAC-Address)
sh port-security
sh port-security interface Gi 0/1
Note: You should see the following status
Port Status : Secure-shutdown

Violation Mode : Shutdown
CISCO# sh ip interface Gi 0/1

Gi0/1 is down, line protocol is down
Note: You should see the interface in “down” state as is shown above
8. STP (PVST)
➢ Diagram:
o LON-ASW1:
spanning-tree mode pvst
o LON-ASW2:
spanning-tree mode pvst
LON-ASW1 & LON-ASW2:

show spanning-tree detail
sh spanning-tree
9. FHRP
9.1 Configuring HSRP
➢ Diagram:
o LON (R1)
interface Gi0/0
ip address 1.1.1.252 255.255.255.0
duplex auto
speed auto
standby 1 ip 1.1.1.254
standby 1 priority 120
standby 1 preempt
interface Gi0/1
ip address 10.1.13.1 255.255.255.0
duplex auto
speed auto
o NYK (R2)
interface Gi0/0
ip address 1.1.1.253 255.255.255.0
duplex auto
speed auto
standby 1 ip 1.1.1.254
standby 1 priority 115
standby 1 preempt
interface Gi1/0
ip address 10.1.23.2 255.255.255.0
duplex auto
speed auto
o PAR(R3)
interface Gi0/1
ip address 10.1.13.3 255.255.255.0
duplex auto
speed auto
interface Gi1/0
ip address 10.1.23.3 255.255.255.0
duplex auto
speed auto
o LON (R1) & NYK (R2):
▪ show standby brief
▪ show standby
▪ sh stand gi 0/0 | i time ; to note down the Hello/Dead
intervals which we would tweak in the following lab
Hello time 3 sec, hold time 10 sec
▪ ping 2.1.1.3
o PAR(R3)
▪ ping 1.1.1.254
▪ ping 1.1.1.2
9.2 Creating HSRP Hello & Dead Intervals (5secs & 15sec respct.)
➢ Diagram:
---same as before---
o LON (R1)
interface Gi0/0
standby 1 timers 5 15
o NYK (R2)
interface Gi0/0
standby 1 timers 5 15
▪ sh stand gi 0/0 | i time ; to note down the Hello/Dead
intervals which we would tweak in the following lab
Hello time 5 sec, hold time 15 sec
▪ ping 2.1.1.3
o PAR(R3)
▪ ping 1.1.1.254
▪ ping 1.1.1.2
9.3 Configuring HSRP Plain Text Authentication (not MD5)
➢ Diagram:
o LON (R1)
interface Gi0/0
standby 1 authentication hello
o NYK (R2)
interface Gi0/0
standby 1 authentication hello
▪ sh standby | i Authentication
Authentication text "hello"
▪ ping 2.1.1.3
o PAR(R3)
▪ ping 1.1.1.254
▪ ping 1.1.1.2
10. NTP
10.1 Configuring IP Addressing as is shown in the figure & configure
any form of Routing across the network
➢ Diagram:
o LON (R1)
interface loopback 0
ip address 1.1.1.254 255.255.255.0
interface Gi0/1
ip address 10.1.13.1 255.255.255.0
duplex auto
speed auto
interface Gi2/0
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
router ospf 1
0.0.0.0 255.255.255.255 area 0
o NYK (R2)
interface Gi2/0
ip address 10.1.12.2 255.255.255.0
duplex auto
speed auto
router ospf 1
0.0.0.0 255.255.255.255 area 0
o PAR(R3)
interface Gi0/1
ip address 10.1.13.3 255.255.255.0
duplex auto
speed auto
router ospf 1
0.0.0.0 255.255.255.255 area 0
o NYK (R2)-PAR(R3):
▪ Ping 1.1.1.254
10.2 Configuring NTP Server on LON (R1) AND NYK (R2) & PAR(R3)
should be configured as NTP Clients
➢ Diagram:
---same as above---
o LON (R1)
clock set 12:05:00 13 MAR 2014 ; privilege Exec command
ntp master 2
o NYK (R2)
ntp server 1.1.1.254 key 1
o PAR(R3)
o LON (R1)-PAR(R3):
▪ sh ntp status
▪ sh ntp associations
▪ sh clock
o NYK (R2) & PAR(R3)

▪ sh clock ; compare the pre-implementation & post-
implementation change
10.2 Configuring NTP Authentication
➢ Diagram:
---same as above---
o LON (R1)
ntp authentication-key 1 md5 ntp
o NYK (R2)
ntp authenticate
ntp trusted-key 1
o PAR(R3)
ntp authenticate
ntp trusted-key 1
o LON (R1)-PAR(R3):
▪ sh ntp status
▪ sh ntp associations
▪ sh clock
o NYK (R2) & PAR(R3)

▪ sh clock ; compare the pre-implementation & post-
implementation change
11. DHCP
➢ Diagram:
o PAR(R3):
service dhcp
interface Gi0/0
ip address 10.1.1.254 255.255.255.0
no shut
ip dhcp pool cisco

network 10.1.1.0 255.255.255.0
default-router 10.1.1.254
dns-server 10.1.1.253 10.1.1.252
lease 0 1
o Verifying DHCP related info
sh ip dhcp binding
sh ip dhcp server statistics
o See if connected PCs obtain the IP Address dynamically
ALL PCs: (should be allocated IP Addresses)
12. SNMP
➢ Diagram:
o LON (R1):
interface Loopback0
ip address 11.11.11.11 255.255.255.0
!
interface Gi0/0
ip address 1.1.1.254 255.255.255.0
duplex auto
speed auto
!
interface Gi0/1
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
snmp-server community testro RO
snmp-server community testrw RW
o NYK (R2):
interface Loopback0
ip address 22.22.22.22 255.255.255.0
!
interface Gi0/0
ip address 2.1.1.254 255.255.255.0
duplex auto
speed auto
!
interface Gi0/1
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
!
o SW1:
interface Vlan1
ip address 1.1.1.253 255.255.255.0

o SW2:
interface Vlan1
ip address 2.1.1.253 255.255.255.0

o Any PC:
--- Open up the “MIB Browser” in “Desktop” Option in Packet Tracer
---Go to “Advanced”- set the Loopback IP Address of any Cisco Device that you want to
monitor/configure from MIB
13.IPV6
13.1 Configuring IPV6 with automatic assignment of Link-Local

address to Fa0/0
➢ Diagram:
o LON (R1):
ipv6 unicast-routing
interface Gi0/0
ipv6 enable
o NYK (R2):
interface Gi0/0
ipv6 enable
o show ipv6 interface brief
o show interface gi 0/0
13.2 Assign IPV6 Addresses to the FA0/0 interfaces of Both Routers as

follows:
o Aggregatable Global Unicast Address of 2001:1:1:12::1 /64 to LON (R1) and 2001:1:1:12::2 /64
to NYK (R2)
o Link local Address of fe80:1:1:12::1 to LON (R1) and fe80:1:1:12::2 to NYK (R2)
o LON (R1):
interface Gi0/0
ipv6 address 2001:1:1:12::1/64
ipv6 address fe80:1:1:12::1 linklocal
o NYK (R2):
interface Gi0/0
ipv6 address 2001:1:1:12::2/64
ipv6 address fe80:1:1:12::2 linklocal
o LON (R1):
o Ping 2001:1:1:12::2
o Show ipv6 neighbors
o NYK (R2):
o Ping 2001:1:1:12::1
13.3 Configure Loopback0 interfaces on both the routers as follows such that the
routers should assign the host portion of the IPV6 address automatically:
LON (R1) – Loopback0 - 2000:1:1:1:: /64

NYK (R2) – Loopback0 - 2000:2:2:2:: /64
➢ Diagram:
---same as before----
o LON (R1):
interface lo0
ipv6 address 2000:1:1:1::/64 eui64
o NYK (R2):
interface lo0
ipv6 address 2000:2:2:2::/64 eui64
o LON (R1)-NYK (R2):
o Ping address ; the far end host address can be seen from “show ipv6 interface brief”
command
13.4 Configure Lo0 interfaces on both the routers statically as follows:
LON (R1) – Loopback0 - 2000:1:1:1:: 1/64

NYK (R2) – Loopback0 - 2000:2:2:2:: 2/64
➢ Diagram:
o LON (R1):
interface lo0
ipv6 address 2000:1:1:1::1/64
o NYK (R2):
interface lo0
ipv6 address 2000:2:2:2::2/64
o LON (R1):
o Ping 2000:2:2:2::2
o NYK (R2):
o Ping 2000:1:1:1::1
13.5 Configure host entry for the Loopback0’s on both the routers so that each router
can ping the other host and without using the IPV6 address
➢ Diagram:
o LON (R1):
ipv6 host NYK (R2)Lo0 2000:1:1:1::1
o NYK (R2):
ipv6 host LON (R1)Lo0 2000:2:2:2::2
o LON (R1):
o Ping NYK (R2)Lo0
o NYK (R2):
o Ping LON (R1)Lo0
14.OSPFV3
14.1 Configuring IPV6 As Is Shown In The Following Table:
Interfac N
Router e IPV6 Address M
LON Lo1 2000:1:1:1::1 /64
2000:11:11:11::1
(R1) Lo11 1 /64
Gi 0/0 2000:1:1:12::1 /64
Lo2 2000:2:2:2::2 /64
2000:22:22:22::2
NYK (R2) Lo22 2 /64
Fa0/0 2000:1:1:12::2 /64
Fa0/1 2000:1:1:23::2 /64
Lo3 2000:3:3:3::3 /64
2000:33:33:33::3
PAR(R3) Lo33 3 /64
Gi 0/1 2000:1:1:23::3 /64
Fa1/0 2000:1:1:34::3 /64
Lo4 2000:4:4:4::4 /64
2000:44:44:44::4
DUB(R4) Lo44 4 /64
Fa1/0 2000:1:1:34::4 /64
➢ Diagram:
o LON (R1):
interface Loopback1
ipv6 address 2000:1:1:1::1/64
!
no ip address
ipv6 address 2000:11:11:11::11/64
!
interface Gi0/0
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:12::1/64
o NYK (R2):
interface Gi0/0
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:12::2/64
interface Gi0/1
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:23::2/64
o PAR(R3):
interface Loopback3
no ip address
ipv6 address 2000:3:3:3::3/64
ipv6 ospf 1 area 0
no ip address
ipv6 address 2000:33:33:33::33/64
interface Gi0/1
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:23::3/64
interface Gi1/0
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:34::3/64
o DUB(R4):
interface Loopback4
no ip address
ipv6 address 2000:4:4:4::4/64
no ip address
ipv6 address 2000:44:44:44::44/64
LON (R1)-DUB(R4):
show ipv6 ospf neighbour
show ipv6 ospf database
sh ipv6 route ospf
ping address (across all the links)
14.2 Configuring OSPFV3 on the following routers:
➢ Diagram:
o LON (R1):
ipv6 router ospf 1
interface Loopback1
ipv6 address 2000:1:1:1::1/64
ipv6 ospf 1 area 0
!
no ip address
ipv6 address 2000:11:11:11::11/64
ipv6 ospf 1 area 0
!
interface Gi0/0
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:12::1/64
ipv6 ospf 1 area 0
o NYK (R2):
ipv6 router ospf 1
interface Gi0/0
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:12::2/64
ipv6 ospf 1 area 0
interface Gi0/1
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:23::2/64
ipv6 ospf 1 area 0
o PAR(R3):
ipv6 router ospf 1
interface Loopback3
no ip address
ipv6 address 2000:3:3:3::3/64
ipv6 ospf 1 area 0
no ip address
ipv6 address 2000:33:33:33::33/64
ipv6 ospf 1 area 0
interface Gi0/1
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:23::3/64
ipv6 ospf 1 area 0
interface Gi1/0
no ip address
duplex auto
speed auto
ipv6 address 2000:1:1:34::3/64
ipv6 ospf 1 area 0
o DUB(R4):
ipv6 router ospf 1
interface Loopback4
no ip address
ipv6 address 2000:4:4:4::4/64
ipv6 ospf 1 area 0
no ip address
ipv6 address 2000:44:44:44::44/64
ipv6 router ospf 1
LON (R1)-DUB(R4):
Show ipv6 ospf interface interface
show ipv6 ospf neighbour
show ipv6 ospf database
sh ipv6 route ospf
14.3 Changing OSPF cost to 10 on Loopback Interface (Lo1) at LON

(R1)
➢ Diagram:
o LON (R1):
interface Loopback1
ipv6 ospf cost 10
NYK (R2)-DUB(R4):
sh ipv6 route ospf ; compare pre-impl. & post-implementation metric of Lo1
14.4 Changing OSPF Hello & Dead-interval timers to 15secs & 60secs
respectively on link between LON (R1) & NYK (R2)
➢ Diagram:
o LON (R1):
interface Gi0/0
ipv6 ospf hello-interval 15
o NYK (R2):
interface Gi0/0
ipv6 ospf hello-interval 15
LON (R1)-NYK (R2):
sh ipv6 ospf interface gi 0/0 | i Timer

Timer intervals configured, Hello 15, Dead 60, Wait 60, Retransmit 5
14.5 Tunneling IPV6 over IPV4
15.EIGRPV3
➢ Diagram:
16.PPP
16.1 Configuring PPP across the WAN link with the following IP
Addresses
➢ Diagram:
o LON (R1):
interface Serial1/0
ip address 10.1.12.1 255.255.255.0
encapsulation ppp
clock rate 56000
ppp authentication chap pap
o NYK (R2):
interface Serial1/0
ip address 10.1.12.2 255.255.255.0
encapsulation ppp
clock rate 56000
sh controllers s1/0 | i clock
sh int s 1/0
sh ip route connected
Ping address ; You should be able to ping across WAN Links
16.2 Configuring PPP Authentication
➢ Diagram:
o LON (R1):
interface Serial1/0
username NYK (R2) password cisco ; password should be the same on

NYK (R2)
o NYK (R2):
interface Serial1/0
username LON (R1) password cisco ; password should be the same on

LON (R1)
sh ip route connected
Ping address ; You should be able to ping across WAN Links
17.FR
➢ Diagram:
17.1 Configuring FR HNS Connection (with FR Inverse ARP enabled)
➢ Diagram:
o Configure FR Switch (with the following Mappings):
o LON (R1):
interface Serial1/1
ip address 10.1.123.1 255.255.255.0
encapsulation frame-relay
o NYK (R2):
interface Serial1/1
ip address 10.1.123.2 255.255.255.0
o PAR(R3):
interface Serial1/1
ip address 10.1.123.3 255.255.255.0
o LON (R1)-PAR(R3):
sh frame-relay map ; you should see DYNAMIC mappings for both of the
neighbour routers
sh frame-relay map; you should see “PVC STATUS = ACTIVE” for the 2
neighbouring router’s PVCs
Ping w.x.y.z; You should be able to ping across WAN Links over FR
17.2 Configuring FR HNS Connection (with FR Inverse ARP disabled &
manually creating the PVCs)
➢ Diagram:
- Same –
- Same Mappings as before -
o LON (R1):
interface Serial1/1
ip address 10.1.123.1 255.255.255.0
frame-relay map ip 10.1.123.3 103
no frame-relay inverse-arp
o NYK (R2):
interface Serial1/1
ip address 10.1.123.2 255.255.255.0
o PAR(R3):
interface Serial1/1
ip address 10.1.123.3 255.255.255.0
o LON (R1)-PAR(R3):
sh frame-relay map ; you should see STATIC mappings for both of the
neighbour routers
Ping w.x.y.z; The spokes should not be able to ping within themselves but
would do it with the HUB only, Hub should be able to ping both the spokes
17.2 Configuring FR MESH Connection (with FR Inverse ARP disabled
& manually creating the PVCs)
➢ Diagram:
- Same –
o LON (R1):
interface Serial1/1
ip address 10.1.123.1 255.255.255.0
o NYK (R2):
interface Serial1/1
ip address 10.1.123.2 255.255.255.0
o PAR(R3):
interface Serial1/1
ip address 10.1.123.3 255.255.255.0
o LON (R1)-PAR(R3):
sh frame-relay map ; you should see STATIC mappings for both of the
neighbour routers
Ping w.x.y.z; All the WAN Links from every router should be able to Ping
17.4 Configuring FR HNS Point-to-point Connections (without FR INV

ARP)
➢ Diagram:
o LON (R1):
interface Serial1/1
no ip address
!
interface Serial1/1.12 point-to-point
ip address 10.1.12.1 255.255.255.0
frame-relay interface-dlci 102
!
ip address 10.1.13.1 255.255.255.0
o NYK (R2):
interface Serial1/1
no ip address
!
ip address 10.1.12.2 255.255.255.0
!
ip address 10.1.23.2 255.255.255.0
o PAR(R3):
interface Serial1/1
no ip address
!
ip address 10.1.13.3 255.255.255.0
!
ip address 10.1.23.3 255.255.255.0
o LON (R1)-PAR(R3):
sh frame-relay map ; you should see key work “BROADCAST” mappings for
both of the neighbour routers
Ping w.x.y.z; Only the WAN Links b/w A<->B & A<-> C should work
17.5 Configuring FR MESH Point-to-point Connections (without FR
INV ARP)
➢ Diagram:
o LON (R1):
interface Serial1/1
no ip address
!
ip address 10.1.12.1 255.255.255.0
!
ip address 10.1.13.1 255.255.255.0
o NYK (R2):
interface Serial1/1
no ip address
!
ip address 10.1.12.2 255.255.255.0
!
ip address 10.1.23.2 255.255.255.0
o PAR(R3):
interface Serial1/1
no ip address
!
ip address 10.1.13.3 255.255.255.0
!
ip address 10.1.23.3 255.255.255.0
o LON (R1)-PAR(R3):
sh frame-relay map ; you should see key work “BROADCAST” mappings for
both of the neighbour routers
Ping w.x.y.z; All the WAN Links from every router should be able to Ping

CCNA Labs KL Ver 0.8 2018

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

CCNA Labs KL Ver 0.8 2018

Caricato da

Copyright:

Formati disponibili

TOPICS

1.2 Hardening a cisco router

1.2.1 Setting Time

1.2.2 Setting 2nd Level Passwords (using plain text)

1.2.3 Setting 2nd Level Passwords (using encrypted text)

enable secret cisco

1.2.4 Setting Console & VTY password (using Telnet protocol)

1.2.5 Configuring Aliases

1.2.6 Configuring no domain lookup in your router

1.2.7 Setting Banner/MOTD

1.2.8 Configuring hostname of a Router

1.2.9 Saving the configurations in NVRAM

1.2.10 Configuring no domain lookup in your router

1.2.11 Setting Banner/MOTD

1.2.12 Configure SSH

username kamran password cisco ; create a local user name

ip domain-name cisco.com ; Assign a domain name

crypto key generate rsa

● show crypto key mypubkey rsa

1.3 Configuring IP Addresses (on Cisco Routers)

● Ping all the IPs on the local segments

1.4 Static Routes & Default Routes

● Ping all the IPs on the local segments

1.5 Default Routing towards your ISP:

ip route 0.0.0.0 0.0.0.0 10.1.15.5

ip route 0.0.0.0 0.0.0.0 10.1.15.1

ip route 1.0.0.0 255.0.0.0 10.1.15.1

ip route 2.0.0.0 255.0.0.0 10.1.15.1

ip route 3.0.0.0 255.0.0.0 10.1.15.1

ip route 4.0.0.0 255.0.0.0 10.1.15.1

● Ping Cisco.com IP <5.5.5.5>

● Ping all the IPs on the local segments

● See and practise the following commands

2.2 Change RIP timers (double the default timer values)

● Ping all the IPs on the local segments

● See and practise the following commands

● Ping all the IPs on the local segments

● See if you can view “R* route” in your routing tables

● See and practise the following commands

2.3.1 Using “Redistribution” command at LON (R1)

ip route 100.0.0.0 255.0.0.0 10.1.15.5

● See and practise the following commands

● See and practise the following commands

● Ping all the IPs on the local segments

------same diagram as before------

● Verify the authentication method

● Ping all the IPs on the local segments

------same diagram as before------

● Verify the authentication method

● Ping all the IPs on the local segments

3.5 Configure OSPF non-default timers (between LON & DUB)

------same diagram as before------

● Verify the authentication method

● Ping all the IPs on the local segments

------same diagram as before------

● Verify the cost in the routes

● Ping all the IPs on the local segments

3.5 Configure OSPF on the BMA based network

● Verify the Routing table

● View and practise the following “show” commands

3.5 Configure the EIGRP timers across all of your network

-diagram same as before_

● Verify the Routing table