Your SlideShare is downloading. ×
CCNA Lab Guide
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

CCNA Lab Guide

3,209
views

Published on

CCNA Lab Guide from CCIE University

CCNA Lab Guide from CCIE University


0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,209
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
729
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. www.ccieuniversity.comStatic Route Configuration .............................................................................................................. 2Basic Configuration Of RIPV1 .......................................................................................................... 3RIPV2 Basic Configuration ............................................................................................................... 3RIP Extended Lab ............................................................................................................................. 4RIP Equal Cost Load Balancing ......................................................................................................... 6EIGRP Basic Configuration Lab ........................................................................................................ 7EIGRP MD5 Authentication Configuration Lab ................................................................................ 8OSPF Basic Configurationand DR BDR Selection Lab ....................................................................... 9OSPF extend configuration lab ...................................................................................................... 10Route Redistribution Configuration Lab ........................................................................................ 12Switch Basic Configuration And Port Security ............................................................................... 13Switch Vlan Configuration Lab ...................................................................................................... 14Switch Vlan Trunk Configuration Lab ............................................................................................ 15Switch VTP Configuration Lab ....................................................................................................... 16Switch STP Basic Configuration Lab ............................................................................................... 17Routing Between Vlans - Router On A Stick .................................................................................. 18Frame-Relay Basic Configuration Lab ............................................................................................ 19Static Frame-Relay Map Configuration Lab ................................................................................... 21Distance Vector Routing Protocol in Frame-Relay Network Lab ................................................... 22Frame-Relay Point to Point Sub-interface Configuration Lab ....................................................... 24Frame-Relay Multi-Point Sub-interface Configuration Lab ........................................................... 25PPP PAP Authentication Basic Lab Configuration.......................................................................... 26PPP CHAP Authentication Basic Lab Configuration ....................................................................... 27Static Nat And Dynamic Nat Basic Configuration Lab ................................................................... 27Basic Standard ACL Configuration Lab .......................................................................................... 28Basic Extended ACL Configuration Lab .......................................................................................... 29Named Extended ACL Configuration Lab ...................................................................................... 30ACL Working on VTY Line Configuration Lab ................................................................................. 31IPV6 Basic Configuration Lab ......................................................................................................... 31
  • 2. www.ccieuniversity.com Static Route ConfigurationTopologyLab Purpose: Master static route and default route configurationLab Requirement 1: The whole network should be reachableR1 use egress static route configurationR2 use next hop interface static route configurationR2 should perform load balance to network 10.1.1.128/30R2 should perform load balance to network 10.1.1.128/30R3 use next hop + egress interface static route configurationR4 use default route to access other networkLab Steps:Step 1 Finish the basic IP configuration according to the diagram,and test connectivity.Step 2 Config static route on the 4 routers.R1(config)#ip route 10.1.1.64 255.255.255.252 s0R1(config)#ip route 10.1.1.128 255.255.255.252 s0R2(config)#ip route 10.1.1.128 255.255.255.252 10.1.1.66R2(config)#ip route 10.1.1.128 255.255.255.252 192.168.1.2Tips: If you want to enable packet based load balance, You need todisable Cisco CEF first.R2(config)#no ip cefR2(config)#int s1R2(config-if)#no ip route-cacheR2(config)#int e0R2(config-if)#no ip route-cacheR3(config)#ip route 10.1.1.0 255.255.255.252 s1 10.1.1.65R4(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.129Lab Requirement 2: Change load balance to floating static route onR2, packets should prefer ethernet to serial line, when ethernet isdown, route should switch to serial line automatically.Lab Steps: Change the Administrative Distance of static route toenable the function of floating static route.R2(config)#no ip route 10.1.1.128 255.255.255.252 10.1.1.66R2(config)#ip route 10.1.1.128 255.255.255.252 10.1.1.66 2Before we shutdown E0 interface on R2, ethernet is preferred.S 10.1.1.128 [1/0] via 192.168.1.2After we shutdown E0 interface on R2, the route switch to use serialline.S 10.1.1.128 [2/0] via 10.1.1.66By www.ccieuniversity.com
  • 3. www.ccieuniversity.com Basic Configuration Of RIPV1TopologyLab Purpose: Master RIPV1 basic configurationLab Requirement: The whole network should be reachable by ripv1Lab Steps:Step 1: Finish the basic IP configuration according to the diagram,and test connectivity.Step 2: Config RIPV1 on the 3 routers.R1(config)#router rip //enable ripR1(config-router)#version 1 //assign rip version 1R1(config-router)#network 172.16.0.0 //RIPs main network announceR1(config-router)#network 10.0.0.0R2(config)#router ripR2(config-router)#version 1R2(config-router)#network 10.0.0.0R3(config)#router ripR3(config-router)#version 1R3(config-router)#network 172.16.0.0R3(config-router)#network 10.0.0.0Tips:RIPV1 is based on UDP port 520 and using broadcast to sendperiod update.Timer: Sending updates every 30 seconds, next due in 27 secondsInvalid after 180 seconds, hold down 180, flushed after 240Version: Default version control: send version 1, receive version 1Route summary: Automatic network summarization is in effectLoad balance: Maximum path: 4Administrative Distance: (default is 120)By www.ccieuniversity.com RIPV2 Basic ConfigurationTopologyLab Purpose: Master RIPV2 basic configuration, watch the autosummarization of RIPV2, master how to change RIP timer.Lab Requirement: The whole network should be reachable by ripv2
  • 4. www.ccieuniversity.comLab Steps:Step 1: Finish the basic IP configuration according to the diagram,and test connectivity.Step 2: Config RIPV2 on the 3 routers.R1(config)#router ripR1(config-router)#version 2R1(config-router)#network 172.16.0.0R1(config-router)# network 10.0.0.0R2(config)#router ripR2(config-router)#version 2R2(config-router)# network 10.0.0.0R3(config)#router ripR3(config-router)#version 2R3(config-router)# network 172.16.0.0R3(config-router)# network 10.0.0.0Step 3: Use show ip route to check whether there is auto summarizeStep 4: Disable auto summarize to see the changesR1(config)#router ripR1(config-router)#version 2R1(config-router)#no auto-summaryR2(config)#router ripR2(config-router)#version 2R2(config-router)#no auto-summaryR3(config)#router ripR3(config-router)#version 2R3(config-router)#no auto-summaryStep 5: change the 4 timers on R1R1(config)#router ripR1(config-router)#version 2R1(config-router)#timers basic 20 120 120 160The above 4 value are update, Invalid, hold down, flushedTips:RIPV2 is based on UDP port 520 and using multicast to sendtriggered update.By www.ccieuniversity.com RIP Extended LabTopology
  • 5. www.ccieuniversity.comLab Purpose:Master RIPV2 manual summarize configurationMaster RIPV2 passive interface and unicast update configurationMaster RIPV2 authentication configurationLab Requirement:Only R1 can learn routes from R3, R2 cant learn routes from R3,R2can only use default route to reach other network.Enable RIP MD5 authentication between R3 and R4.Manually summary network from 172.16.1.0 to 172.16.3.0 on R4.Disable split horizon on R4.The Whole network should be reachable.Lab Steps:Step 1: Finish the basic IP configuration according to the diagram,and test connectivity.Step 2: Enable RIP on R1 R3 R4.R1(config)#router ripR1(config-router)#version 2R1(config-router)#no auto-summaryR1(config-router)#network 1.0.0.0R1(config-router)# network 192.168.1.0R3(config)#router ripR3(config-router)#version 2R3(config-router)#no auto-summaryR3(config-router)# network 192.168.1.0R3(config-router)# network 10.0.0.0R4(config)#router ripR4(config-router)#version 2R4(config-router)#no auto-summaryR4(config-router)# network 172.16.0.0R4(config-router)# network 10.0.0.0Step 3: config default route on R2.R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.3Step 4: Config passive interface and unicast update, so R2 can notlearn route from R3.R3(config)#router ripR3(config-router)#passive-interface E0R3(config-router)#neighbor 192.168.1.1Tips: You could use debug ip rip to observe the unicast update.Step 5: enable RIP MD5 authentication between R3 and R4.R3(config)#key chain www.ccieuniversity.comR3(config-keychain)#key 1R3(config-keychain-key)#key-string ciscoR3(config-keychain-key)#exit
  • 6. www.ccieuniversity.comR3(config-keychain)#exitR4(config)#key chain www.ccieuniversity.comR4(config-keychain)#key 1R4(config-keychain-key)#key-string ciscoR4(config-keychain-key)#exitR4(config-keychain)#exitEnable rip md5 authentication on interface:R3(config)#interface s0R3(config-if)#ip rip authentication mode md5R3(config-if)#ip rip authentication key-chain www.ccieuniversity.comR4(config)#interface s0R4(config-if)#ip rip authentication mode md5R4(config-if)#ip rip authentication key-chain www.ccieuniversity.comStep 6:config route summarize on R4.R4(config)#interface s0R4(config-if)#ip summary-address rip 172.16.0.0 255.255.252.0Step 7: disable split horizon on R4 s0, and use debug ip rip tocheck it.R4(config)#interface s0R4(config-if)#no ip split-horizonR4(config-if)#endBy www.ccieuniversity.com RIP Equal Cost Load BalancingTopologyLab Purpose: Master RIP Equal Cost Load Balancing configuration,learn how to modify load balancing path.Lab Requirement: Based on connectivity RIP should do load balancing.Lab Steps:Step 1: Finish the basic IP configuration according to the diagram,and test connectivity.Step 2: Enable RIP on 3 routersR1(config)#router ripR1(config-router)#version 2R1(config-router)#no auto-summaryR1(config-router)#network 13.0.0.0R1(config-router)#network 12.0.0.0
  • 7. www.ccieuniversity.comR2(config)#router ripR2(config-router)#version 2R2(config-router)#no auto-summaryR2(config-router)# network 23.0.0.0R2(config-router)# network 12.0.0.0R2(config-router)# network 2.2.2.0R3(config)#router ripR3(config-router)#version 2R3(config-router)#no auto-summaryR3(config-router)# network 13.0.0.0R3(config-router)# network 23.0.0.0Step 3: Check route table of R2 to see whether there are 2 routesfor network 13.0.0.0Step 4: If you want to enable packet based load balance, You need todisable Cisco CEF first.R2(config)#interface s1R2(config-if)#no ip cefR2(config-if)#no ip route-cacheR2(config)#interface s0R2(config-if)#no ip cefR2(config-if)#no ip route-cacheStep 5: "ping 13.0.0.1 source 2.2.2.2" and "debug ip packet" tocheck RIP Equal Cost Load Balancing feature.Step 6: Change the maximum load balancing number of RIP to 6Use show ip protocols we can see Maximum path: 4Change the number to 6:R2(config)#router ripR2(config-router)#maximum-paths 6Tips: Before IOS 12.3 the maximum number is 6, after 12.3 it couldbe up to 16. By www.ccieuniversity.com EIGRP Basic Configuration LabTopologyLab Purpose:Master EIGRP basic configurationObserve EIGRP auto summaryLab Steps:Step 1: Finish the basic IP configuration according to the diagram,and test connectivity.Step 2: Enable EIGRP on the 3 routersR1(config)#router eigrp 100 //EIGRP Autonomous SystemR1(config-router)#network 172.16.1.0 0.0.0.255R1(config-router)#network 10.1.1.0 0.0.0.3
  • 8. www.ccieuniversity.comR2(config)#router eigrp 100R2(config-router)#network 10.1.1.64 0.0.0.3R2(config-router)#network 10.1.1.0 0.0.0.3R3(config)#router eigrp 100R3(config-router)#network 172.16.1.0 0.0.0.255R3(config-router)#network 10.1.1.64 0.0.0.3Step 3:Use "show ip route" to observe the auto summary featureStep 4:Disable auto summary then "show ip route" againR1(config)#router eigrp 100R1(config-router)#no auto-summaryR2(config)#router eigrp 100R2(config-router)#no auto-summaryR3(config)#router eigrp 100R3(config-router)#no auto-summary By www.ccieuniversity.com EIGRP MD5 Authentication Configuration LabTopologyLab Purpose:Master EIGRP basic configurationMaster EIGRP MD5 Authentication ConfigurationLab Steps:Step 1: Finish the basic IP configuration according to the diagram,and test connectivity.Step 2: Enable EIGRP on the 3 routersR1(config)#router eigrp 100 //EIGRP Autonomous SystemR1(config-router)#network 172.16.1.0 0.0.0.255R1(config-router)#network 10.1.1.0 0.0.0.3R2(config)#router eigrp 100R2(config-router)#network 10.1.1.64 0.0.0.3R2(config-router)#network 10.1.1.0 0.0.0.3R3(config)#router eigrp 100R3(config-router)#network 172.16.1.0 0.0.0.255R3(config-router)#network 10.1.1.64 0.0.0.3Step 3:Use "show ip route" to observe the auto summary featureStep 4:enable MD5 authentication on 3 routersR1(config)#key chain www.ccieuniversity.comR1(config-keychain)#key 1R1(config-keychain-key)#key-string ciscoR1(config)#interface s0R1(config-if)#ip authentication mode eigrp 100 md5R1(config-if)#ip authentication key-chain eigrp 100www.ccieuniversity.comR2(config)#key chain www.ccieuniversity.comR2(config-keychain)#key 1R2(config-keychain-key)#key-string cisco
  • 9. www.ccieuniversity.comR2(config)#interface s0R2(config-if)#ip authentication mode eigrp 100 md5R2(config-if)#ip authentication key-chain eigrp 100www.ccieuniversity.comR2(config)#interface s1R2(config-if)#ip authentication mode eigrp 100 md5R2(config-if)#ip authentication key-chain eigrp 100www.ccieuniversity.comR3(config)#key chain www.ccieuniversity.comR3(config-keychain)#key 1R3(config-keychain-key)#key-string ciscoR3(config)#interface s0R3(config-if)#ip authentication mode eigrp 100 md5R3(config-if)#ip authentication key-chain eigrp 100www.ccieuniversity.comR3(config)#interface s1R3(config-if)#ip authentication mode eigrp 100 md5R3(config-if)#ip authentication key-chain eigrp 100www.ccieuniversity.com By www.ccieuniversity.com OSPF Basic Configurationand DR BDR Selection LabTopologyLab Purpose: Master OSPF basic configuration.Master manually assign RID(Router ID).Master how to modify ospf interface priority.Observe DR BDR selection process.Lab Requirement: R3 would be the DR,R2 would be BDR, R4 will notparticipate in the selection.Lab Steps:Step 1: Finish the basic IP configuration according to the diagram,and test connectivity.Step 2: Enable ospf on the 3 Routers
  • 10. www.ccieuniversity.comR1(config)#interface lo0R1(config-if)#ip address 1.1.1.1 255.255.255.0R1(config)#router ospf 100R1(config-router)#router-id 1.1.1.1R1(config-router)#network 10.1.1.0 0.0.0.3 area 1R2(config)#interface lo0R2(config-if)#ip address 2.2.2.2 255.255.255.0R2(config)#router ospf 100R2(config-router)#router-id 2.2.2.2R2(config-router)#network 10.1.1.0 0.0.0.3 area 1R2(config-router)#network 10.2.2.0 0.0.0.255 area 0R3(config)#interface lo0R3(config-if)#ip address 3.3.3.3 255.255.255.0R3(config)#router ospf 100R3(config-router)#router-id 3.3.3.3R3(config-router)#network 10.2.2.0 0.0.0.255 area 0R4(config)#interface lo0R4(config-if)#ip address 4.4.4.4 255.255.255.0R4(config)#router ospf 100R4(config-router)#router-id 4.4.4.4R4(config-router)#network 10.1.1.64 0.0.0.3 area 2R4(config-router)#network 10.2.2.0 0.0.0.255 area 0Step 3: Use "show ip ospf neighbors" to see the DR BDR selectionresult.Step 4: Modify R4 E0 interface priority to 0 then it will notparticipate in the DR BDR selection.R4(config)#int E0R4(config-if)#ip ospf priority 0Tips: The default ospf interface priority is 1, so R2 and R3 shouldcompare RID to decide who will be DR, as 3.3.3.3 is greater than2.2.2.2, so R3 would be DR.By www.ccieuniversity.com OSPF extend configuration labTopologyLab Purpose:Master OSPF area summarization configuration.Master OSPF simple password and MD5 authentication configuration.
  • 11. www.ccieuniversity.comLearn how to modify OSPF hello interval, dead interval, and costvalue.Lab Requirement:Enable route summary from area 1 to area 0.Enable simple password authentication between R1 and R2.Enable MD5 authentication between R2 and R3.Modify hello interval to 5 and dead interval to 10 between R3 and R4.Modify R4 s0 cost to 80.Enable OSPF neighbor log on all Routers.Lab Steps:Step 1: Finish the basic IP configuration according to the diagram,and test connectivity.Step 2: Enable OSPF on all routersR1(config)#router ospf 100R1(config-router)#network 172.16.1.0 0.0.0.255 area 1R1(config-router)#network 172.16.2.0 0.0.0.255 area 1R1(config-router)#network 172.16.3.0 0.0.0.255 area 1R1(config-router)#network 172.16.4.0 0.0.0.255 area 1R1(config-router)#network 12.1.1.0 0.0.0.255 area 1R1(config-router)#log-adjacency-changes //enable OSPF neighbor logR2(config)#router ospf 100R2(config-router)#network 12.1.1.0 0.0.0.255 area 1R2(config-router)#network 23.1.1.0 0.0.0.255 area 0R2(config-router)#log-adjacency-changesR3(config)#router ospf 100R3(config-router)#network 23.1.1.0 0.0.0.255 area 0R3(config-router)#network 34.1.1.0 0.0.0.255 area 2R3(config-router)#log-adjacency-changesR4(config)#router ospf 100R4(config-router)#network 34.1.1.0 0.0.0.255 area 2R4(config-router)#log-adjacency-changesStep 3: Enable area 1 route summary on R2R2(config)#router ospf 100R2(config-router)#area 1 range 172.16.0.0 255.255.248.0Step 4:Enable MD5 authentication between R2 and R3R2(config)#int s1R2(config-if)#ip ospf message-digest-key 1 md5 ciscoR2(config-if)#ip ospf authentication message-digestR3(config)#int s1R3(config-if)#ip ospf message-digest-key 1 md5 ciscoR3(config-if)#ip ospf authentication message-digestStep 5: enable simple password authentication between R1 and R2R1(config)#int s0R1(config-if)#ip ospf authentication-key ciscoR1(config-if)#ip ospf authenticationR2(config)#int s0R2(config-if)#ip ospf authentication-key ciscoR2(config-if)#ip ospf authenticationStep 6:Modify hello、dead intervalR3(config)#int s0R3(config-if)#ip ospf hello-interval 5R3(config-if)#ip ospf dead-interval 20R4(config)#int s0R4(config-if)#ip ospf hello-interval 5R4(config-if)#ip ospf dead-interval 20Step 7: Modify R4 interface s0 costR4(config)#int s0R4(config-if)#ip ospf cost 80
  • 12. www.ccieuniversity.comUse "show ip ospf interface so" to see all the modify valueincluding RID, priority, area, timer, cost, etc.By www.ccieuniversity.com Route Redistribution Configuration LabTopologyLab Purpose: Master redistribution configuration between differentrouting protocols.Lab Requirement: The whole network should be reachable with outstatic route nor default route.Lab Steps:Step 1: Finish the basic IP configuration according to the diagram.Step 2: Enable RIPV2 on R1, enable RIPV2 EIGRP OSPF on R2, enableEIGRP on R3,enable OSPF on R4. R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 1.1.1.0 R1(config-router)#network 12.1.1.0 R2(config)#router rip R2(config-router)#version 2 R2(config-router)#network 23.1.1.0 R2(config-router)#network 12.1.1.0 R2(config-router)#network 24.1.1.0 R2(config)#router eigrp 100 R2(config-router)#network 12.1.1.0 0.0.0.255 R2(config-router)#network 23.1.1.0 0.0.0.255 R2(config-router)#network 24.1.1.0 0.0.0.255 R2(config)#router ospf 100 R2(config-router)#network 12.1.1.0 0.0.0.255 area 0 R2(config-router)#network 23.1.1.0 0.0.0.255 area 0 R2(config-router)#network 24.1.1.0 0.0.0.255 area 0 R3(config)#router eigrp 100 R3(config-router)#network 23.1.1.0 0.0.0.255 R3(config-router)#network 3.3.3.0 0.0.0.255 R4(config)#router ospf 100 R4(config-router)#network 24.1.1.0 0.0.0.255 area 0 R4(config-router)#network 4.4.4.0 0.0.0.255 area 0Step 3: redistribute routing protocols on R2. R2(config)#router rip
  • 13. www.ccieuniversity.com R2(config-router)#redistribute eigrp 100 metric 2 R2(config-router)#redistribute ospf 100 metric 2 R2(config)#router eigrp 100 R2(config-router)#redistribute rip metric 2000 1 255 1 1500 //EIGRP combine metric R2(config-router)#redistribute ospf 100 metric 2000 1 255 1500 R2(conf t)#router ospf 100 R2(config-router)#redistribute rip metric 64 subnets R2(config-router)#redistribute eigrp 100 metric 64 subnets Tips: Command "subnets" in OSPF redistribution is to allow subnets prefix join the OSPF route table. By www.ccieuniversity.com Switch Basic Configuration And Port SecurityTopologyLab Purpose:Master switch basic configuration.Master switch port security configuration.Lab Requirement: finish basic configuration including ip address, default gateway.Enable port security on Fa0/3 to allow maximum 10 mac address to be learn, otherswill be dropped.Lab Steps:Step 1: basic configuration Switch(config)#ip default-gateway 192.168.1.1 //If without default gateway you can not access the switch from different network. Switch(config)#interface vlan 1 Switch(config-if)#ip address 192.168.1.2 255.255.255.0 Switch(config-if)#no shutdown //set up switch management ip address. Switch(config)#int fa0/1
  • 14. www.ccieuniversity.com Switch(config-if)#duplex full Switch(config-if)#speed 100Step 2:enable port security. Switch(config-if)#int fa0/3 Switch(config-if)#switchport mode access //only access mode can enable port security Switch(config-if)#switchport port-security maximum 10 //set the maximum learned mac address number to 10 Switch(config-if)#switchport port-security violation protect //drop the exceeded frames By www.ccieuniversity.com Switch Vlan Configuration LabTopologyLab Purpose:Master vlan basic configuration.Master interface assign vlan configuration.Lab Requirement: create vlan2 and vlan3,vlan name is HR、ENGAssign pc1 in vlan2, assign pc2 in vlan3Lab Steps:Step 1:create VLAN2 and VLAN3 Switch#conf t Switch(config)#vlan 2 Switch(config-vlan)#name HR Switch(config-vlan)#exit Switch(config)#vlan 3 Switch(config-vlan)#name ENGStep 2: assign the 2 PC connected interfaces to the 2 vlan. Switch(config)#int fa0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 2 Switch(config-if)#end Switch(config)#int fa0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 3 Switch(config-if)#endStep 3:Use "show vlan brif" to check the vlan table.By www.ccieuniversity.com
  • 15. www.ccieuniversity.com Switch Vlan Trunk Configuration LabTopologyLab Purpose: Master trunk basic configurationLab Requirement: create vlan2 on both SW1 and SW2, set up trunk linkbetween SW1 and SW2.Lab Steps:Step 1: Create vlan2 and assign pc1 pc2 connected switch interfacesto vlan2. SW1#conf t SW1(config)#vlan 2 SW1(config-vlan)#name HR SW1(config-vlan)#exit SW1(config)#int fa0/1 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 2 SW2#conf t SW2(config)#vlan 2 SW2(config-vlan)#name HR SW2(config-vlan)#exit SW2(config)#int fa0/2 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 2Step 2: Set up trunk link between the 2 switches. SW1(config)#int fa0/20 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW2(config)#int fa0/20 SW2(config-if)#switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk By www.ccieuniversity.com
  • 16. www.ccieuniversity.com Switch VTP Configuration LabTopologyLab Purpose: Master VLAN and VTP configurationLab Requirement: Set VTP to www.ccieuniversity.com , passwordwww.ccieuniversity.com.Set SwitchA to VTP Server mode,create VLAN 10 name ccieuniversity1and VLAN 20 name ccieuniversity2,enable VTP pruning.Set SwitchB to VTP Client more,assign interfaces Fa0/1—10 toVLAN10, Fa0/11—20 to VLAN20.Set SwitchC to VTP Transparent mode.Lab Steps:Step 1: AS VTP information based on trunk link transfer,So we setup trunk link first.SwitchA(config)#int f0/0SwitchA(config-if)#switchport trunk encapsulation dot1qSwitchA(config-if)#switchport mode trunkSwitchA(config)#int f0/1SwitchA(config-if)#switchport trunk encapsulation dot1qSwitchA(config-if)#switchport mode trunkSwitchB(config)#int f0/0SwitchB(config-if)#switchport trunk encapsulation dot1qSwitchB(config-if)#switchport mode trunkSwitchC(config)#int f0/0SwitchC(config-if)#switchport trunk encapsulation dot1qSwitchC(config-if)#switchport mode trunkStep 2: Enable VTP Server mode and pruning on SwitchA, then createvlansSwitchA(config)#vtp mode serverSwitchA(config)#vtp domain www.ccieuniversity.comSwitchA(config)#vtp password www.ccieuniversity.comSwitchA(config)#vtp pruningSwitchA#vlan 10 name ccieuniversity1SwitchA#vlan 20 name ccieuniversity2Step 3: Enable VTP Client mode on SwitchBSwitchB(config)#vtp mode clientSwitchB(config)#vtp domain www.ccieuniversity.comSwitchB(config)#vtp password www.ccieuniversity.comStep 4: Enable VTP transparent mode on SwitchCSwitchC(config)#vtp mode transparent
  • 17. www.ccieuniversity.comStep 5: Check SwitchB vlan information to see whether there areautomatically created vlan10 and vlan20.Step 6: Check whether SwitchB and SwitchC could create vlans.By www.ccieuniversity.com Switch STP Basic Configuration LabTopologyLab Purpose:Observed STP working principal, learn how to change STP commonparameters such as STP priority, STP interface cost, STP interfacepriority.Learn how to modify a switch to a primary root or a secondary root.Learn how to enable rapid STP.Lab Requirement: SW1 should become the primary root,SW2 will be thesecondary root.Modify SW3 Fa0/24 interface priority to 64.Modify SW3 and SW4 Fa0/20 interface cost to 5.Lab Steps:Step 1: Use "show spanning-tree" command to see the defaultPVST+(Per Vlan Spanning Tree)Step 2: enable or disable STP for specific vlan. Switch(config)#spanning-tree vlan 2 //enable STP for vlan2,the default is enable. Switch(config)#no spanning-tree vlan 2 //disable STP for vlan2Step 3: Modify STP priority to make SW1 be primary root,SW2 besecondary root. SW1(config)#spanning-tree vlan 1 priority 24576 SW2(config)#spanning-tree vlan 1 priority 28672 Tips: Switch STP priority must be multiple of 4096 Also you could use the following command to decide who is primary root and who is secondary root. SW1(config)#spanning-tree vlan 1 root primary Tips: Sw1 will set its STP priority lower than all others in the network.
  • 18. www.ccieuniversity.com SW2(config)#spanning-tree vlan 1 root secondary Tips: Sw2 will set its STP priority only higher than SW1 and lower than all others in the network.Step 4: Modify SW3 Fa0/24 STP priority to 64 SW3(config)#int fa0/24 SW3(config-if)#spanning-tree vlan 1 port-priority 64 Tips: STP interface priority should be multiple of 16Step 5: Modify SW3、SW4 Fa0/20 cost to 5 SW3(config)#int fa0/20 SW3(config-if)#spanning-tree vlan 1 cost 5 SW4(config)#int fa0/20 SW4(config-if)#spanning-tree vlan 1 cost 5Step 6: enable rapid STP. SW1(config)#spanning-tree mode rapid-pvst SW2(config)#spanning-tree mode rapid-pvst SW3(config)#spanning-tree mode rapid-pvst SW4(config)#spanning-tree mode rapid-pvst By www.ccieuniversity.com Routing Between Vlans - Router On A StickTopologyLab Purpose: Master "router on a stick" configuration.Lab Requirement:1 Make R1 R2 work as host2 R1 F0/0 ip address is 192.168.1.2 default gateway is 192.168.1.13 R2 F0/0 ip address is 192.168.2.2 default gateway is 192.168.2.14 Create VLAN5 and VLAN10 on SW1,assign R1 to VLAN5,assign R2 toVLAN10.5 Enable routing between vlans on R3.6 Ping package can go trough R1 and R2.Lab Steps:Step 1: Disable R1 R2 routing function R1(config)#no ip routing //disable routing function
  • 19. www.ccieuniversity.com R1(config)#ip default-gateway 192.168.1.1 //set default gateway R1(config)#int fa0/0 R1(config-if)#ip add 192.168.1.2 255.255.255.0 R1(config-if)#no shutdown R2(config)#no ip routing R2(config)#ip default-gateway 192.168.2.1 R2(config)#int fa0/0 R2(config-if)#ip add 192.168.2.2 255.255.255.0 R2(config-if)#no shutdownStep 2: Create and assign vlans on SW1. SW1#conf t SW1(config)#vlan 5 SW1(config-vlan)#exit SW1(config)#vlan 10 SW1(config-vlan)#exit SW1(config)#int fa1/5 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 5 SW1(config-if)#exit SW1(config)#int fa1/10 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 10 SW1(config- if)#exitStep 3: Create trunk between SW1 and R3. SW1(config)#int fa1/2 SW1(config-if)#switchport mod trunk SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#no shutdown SW1(config-if)#exitStep 4: Encapsulate vlans on R3. R3(config)#ip routing R3(config)#int fa0/0 R3(config-if)#no shutdown R3(config)#int fa0/0.5 R3(config-subif)#encapsulation dot1q 5 R3(config-subif)#ip add 192.168.1.1 255.255.255.0 R3(config-subif)#no shutdown R3(config-subif)#exit R3(config)#int fa0/0.10 R3(config-subif)#encapsulation dot1q 10 R3(config-subif)#ip add 192.168.2.1 255.255.255.0 R3(config-subif)#no shutdown R3(config-subif)#exitStep 5: Ping between R1 and R2 to make sure the router on a stick isworking properly.By www.ccieuniversity.com Frame-Relay Basic Configuration LabTopology
  • 20. www.ccieuniversity.comLab Purpose: Master frame-relay principal, frame-relay switch basicconfiguration, frame-relay client basic configuration.Lab Requirement: frame-relay encapsulationis IETF, LMI type is ANSI.Make the whole frame-relay network full-mesh and could ping fromeach other.Frame-relay Clients are in 10.1.1.0/24 network.Lab Steps:Step 1: Frame-relay switch configuration.FR(config)#frame-relay switching //enable frame-relay switchingglobally. FR(config)#int s0/0 FR(config-if)#encapsulation frame-relay ietf FR(config-if)#frame-relay intf-type dce FR(config-if)#clock rate 64000 FR(config-if)#frame-relay lmi-type ansi FR(config-if)#frame-relay route 102 interface s0/1 201 FR(config-if)#frame-relay route 103 interface s0/2 301 FR(config-if)#no shutdown FR(config)#int s0/1 FR(config-if)#encapsulation frame-relay ietf FR(config-if)#frame-relay intf-type dceFR(config-if)#clock rate 64000 FR(config-if)#frame-relay lmi-type ansi FR(config-if)#frame-relay route 201 interface s0/0 102 FR(config-if)#frame-relay route 203 interface s0/2 302 FR(config-if)#no shutdown FR(config)#int s0/2 FR(config-if)#encapsulation frame-relay ietf FR(config-if)#frame-relay intf-type dce FR(config-if)#clock rate 64000 FR(config-if)#frame-relay lmi-type ansi FR(config-if)#frame-relay route 103 interface s0/2 301 FR(config-if)#frame-relay route 302 interface s0/1 203 FR(config-if)#no shutdownStep 2: Frame-relay client configuration. R1(config)#int s0R1(config-if)#encapsulation frame-relay ietf R1(config-if)#frame-relay lmi-type ansi
  • 21. www.ccieuniversity.com R1(config-if)#ip add 10.1.1.1 255.255.255.0 R1(config-if)#no shutdown R2(config)#int s0R2(config-if)#encapsulation frame-relay ietf R2(config-if)#frame-relay lmi-type ansi R2(config-if)#ip add 10.1.1.2 255.255.255.0 R2(config-if)#no shutdown R3(config)#int s0R3(config-if)#encapsulation frame-relay ietf R3(config-if)#frame-relay lmi-type ansi R3(config-if)#ip add 10.1.1.3 255.255.255.0 R3(config-if)#no shutdownStep 3:ping between clients to check the FR connectivity.By www.ccieuniversity.com Static Frame-Relay Map Configuration LabTopologyLab Purpose: Master inverse arp principal.Master static IP/DLCI match configuration.Lab Requirement: Disable frame-relay inverse arp, create static IPDLCI map on clients.Lab Steps:Step 1: Disable inverse-arp on frame-relay switch.FR(config)#int s0/0 FR(config-if)#no frame-relay inverse-arp FR(config)#int s0/1 FR(config-if)#no frame-relay inverse-arp FR(config)#int s0/2 FR(config-if)#no frame-relay inverse-arpStep 2: Create frame-relay map on the 3 FR clients. R1(config)#int s0 R1(config-if)#frame-relay map ip 10.1.1.2 102
  • 22. www.ccieuniversity.com R1(config-if)#frame-relay map ip 10.1.1.3 103 R2(config)#int s0 R2(config-if)#frame-relay map ip 10.1.1.1 201 R2(config-if)#frame-relay map ip 10.1.1.3 203 R3(config)#int s0 R3(config-if)#frame-relay map ip 10.1.1.1 301 R3(config-if)#frame-relay map ip 10.1.1.2 302Step 3:use "show frame-relay map" command to check the createdIP/DLCI map, and check the ping connectivity.R1#show frame-relay map Serial0 (up): ip 10.1.1.2 dlci 102(0x66,0x1860), static,IETF, status defined, active Serial0 (up): ip 10.1.1.3 dlci 103(0x67,0x1870), static,IETF, status defined, active R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/60/80 ms R1#ping 10.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds: !!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/61/96msBy www.ccieuniversity.com Distance Vector Routing Protocol in Frame-Relay Network LabTopology
  • 23. www.ccieuniversity.comLab Purpose: Observe distance vector routing protocol running inframe-relay network.Lab Requirement: enable EIGRP on frame-relay network and learn routefrom each other.Lab Steps:Step 1: Finish the basic ip and frame-relay configurationStep 2: Add a loopback interface on all routers for future test.R1(config)#int lo0 R1(config-if)#ip add 172.16.1.1 255.255.255.0 R2(config)#int lo0 R2(config-if)#ip add 172.16.2.1 255.255.255.0 R3(config)#int lo0 R3(config-if)#ip add 172.16.3.1 255.255.255.0Step 3: Enable EIGRP on R1 R2 R3, announce the necessary network.R1(config)#router eigrp 100 R1(config-router)#no auto-summary R1(config-router)#network 10.1.1.0 0.0.0.255 R1(config-router)#network 172.16.1.0 0.0.0.255 R2(config)#router eigrp 100 R2(config-router)#no auto-summary R2(config-router)#network 10.1.1.0 0.0.0.255 R2(config-router)#network 172.16.2.0 0.0.0.255 R3(config)#router eigrp 100 R3(config-router)#no auto-summary R3(config-router)#network 10.1.1.0 0.0.0.255 R3(config-router)#network 172.16.3.0 0.0.0.255Step 4: Check R2 R3 routing table and observe the effect of splithorizon.Step 5: Disable R1 S0 EIGRP split horizon to insure necessary update.R1(config-if)#no ip split-horizon eigrp 100By www.ccieuniversity.com
  • 24. www.ccieuniversity.com Frame-Relay Point to Point Sub-interface Configuration LabTopologyLab Purpose: Master frame-relay point to point sub-interfaceconfiguration.Lab Requirement: Enable frame-relay point to point sub-interface onR1 to solve split horizon issue.Lab Steps:Step 1: Create 2 frame-relay point to point sub-interface on R1.Sub-interfaces are on different networks. R1(config)#int s0 R1(config-if)#no ip address R1(config-if)#encapsulation frame-relay ietf R1(config-if)#frame-relay lmi-type ansi R1(config-if)#no shutdown R1(config-if)#exit R1(config)#int s0.1 point-to-point R1(config-subif)#frame-relay interface-dlci 102 R1(config-fr-dlci)#exit R1(config-subif)#ip add 10.1.1.1 255.255.255.0 R1(config-subif)#no shutdown R1(config-subif)#exit R1(config)#int s0.2 point-to-point R1(config-subif)#frame-relay interface-dlci 103 R1(config-fr-dlci)#exit R1(config-subif)#ip add 10.1.2.1 255.255.255.0 R1(config-subif)#no shutdown R1(config-subif)#endUnder frame-relay point to point sub-interface EIGRP is workingproperly without disabling split horizon.By www.ccieuniversity.com
  • 25. www.ccieuniversity.com Frame-Relay Multi-Point Sub-interface Configuration LabTopologyLab Purpose: Master frame-relay multi-point sub-interfaceconfiguration.Lab Steps: Step 1: Finish basic configuration. Step 2: Enable multi-point interface on R1. R1(config)#int s0 R1(config-if)#encapsulation frame-relay R1(config-if)#no ip address R1(config-if)#no shutdown R1(config)#int s0.1 multipoint R1(config-subif)#ip add 10.1.1.1 255.255.255.0 / Same network as R2 and R3. R1(config-subif)#frame-relay interface-dlci 102 R1(config-fr-dlci)#exit R1(config-subif)#frame-relay interface-dlci 103 R1(config-fr-dlci)#exitTips: Frame-Relay multi-point sub-interface will bring split-horizonissue as the common frame-relay interface do.By www.ccieuniversity.com
  • 26. www.ccieuniversity.com PPP PAP Authentication Basic Lab ConfigurationTopologyLab Purpose: Master ppp one way authentication configuration for pap.Lab Requirement: R2 is the ppp authentication server, R1 and R3 areclients.Lab Steps:Step 1: PPP sever configuration on R2.R2(config)#username R1 password ciscoR2(config)#username R3 password ciscoR2(config)#int s1R2(config-if)#encapsulation pppR2(config-if)ppp authentication papR2(config)#int s0R2(config-if)#encapsulation pppR2(config-if)# ppp authentication papStep 2: PPP client configuration on R1 and R3.R1(config)#int s0R1(config-if)#encapsulation pppR1(config-if)#ppp pap send-username R1 password ciscoR3(config)#int s1R3(config-if)#encapsulation pppR3(config-if)# ppp pap send-username R3 password ciscoBy www.ccieuniversity.com
  • 27. www.ccieuniversity.com PPP CHAP Authentication Basic Lab ConfigurationTopologyLab Purpose: Master ppp one way authentication configuration for pap.Lab Steps: Enable ppp chap authentication on all routers interfaces.R1(config)#username R2 password www.ccieuniversity.comR1(config)#int s0R1(config-if)#encapsulation pppR1(config-if)# ppp authentication chapR2(config)#username R1 password www.ccieuniversity.comR2(config)#username R3 password www.ccieuniversity.comR2(config)#int s0R2(config-if)#encapsulation pppR2(config-if)# ppp authentication chapR2(config)#int s1R2(config-if)#encapsulation pppR2(config-if)# ppp authentication chapR3(config)#username R2 password www.ccieuniversity.comR3(config)#int s1R3(config-if)#encapsulation pppR3(config-if)# ppp authentication chapBy www.ccieuniversity.com Static Nat And Dynamic Nat Basic Configuration LabTopologyLab Purpose: Master static and dynamic NAT configuration.Lab Requirement: Add static nat translation for host 192.168.1.2,192.168.1.5, add dynamic nat translation for network 192.168.1.0/24.Lab Steps:
  • 28. www.ccieuniversity.comStep 1: Finish the basic IP configuration according to the diagram,and test connectivity.Step 2: Add a default route on router NAT.NAT(config)#ip route 0.0.0.0 0.0.0.0 200.200.100.2Step 3: Create static translation for host 192.168.1.2 and192.168.1.5NAT(config)#ip nat inside source static 192.168.1.2 200.200.100.129NAT(config)#ip nat inside source static 192.168.1.5 200.200.100.130Step 4: Create dynamic translation for network 192.168.1.0/24NAT(config)#access-list 1 permit 192.168.1.0 0.0.0.255NAT(config)#ip nat pool public 200.200.100.129 200.200.100.254netmask 255.255.255.128NAT(cinfig)#ip nat inside source list 1 pool publicStep 5: Assign inside and outside interface for router NAT.NAT(config)#int f0/0NAT(config-if)#ip nat insideNAT(config)#int s0/0NAT(config-if)#ip nat outsideBy www.ccieuniversity.com Basic Standard ACL Configuration LabTopologyLab Purpose: Master basic standard ACL configurationLab Requirement: Deny all traffic from R1 to R3.Lab Steps:Step 1: Finish the basic IP and route configuration according to thediagram, and test connectivity.R1(config)#ip route 10.1.1.64 255.255.255.252 10.1.1.2R3(config)#ip route 10.1.1.0 255.255.255.252 10.1.1.65Step 2: add a standard ACL to block the traffic from R1 to R3.R3(config)#access-list 1 deny 10.1.1.1 0.0.0.0Or use the host command.R3(config)#access-list 1 deny host 10.1.1.1Tips: As there is a default deny any at the bottom of the ACL, soadd permit any to allow other traffic.R3(config)#access-list 1 permit anyChoose the right direction to assign the ACL.R3(config)#int s1R3(config-if)#ip access-group 1 inBy www.ccieuniversity.com
  • 29. www.ccieuniversity.com Basic Extended ACL Configuration LabTopologyLab Purpose: Master basic extended ACL configurationLab Requirement: Deny icmp traffic from network 192.168.1.0, onlypc1 can access FTP server.Lab Steps:Step 1: finish basic ip configuration and enable RIPV2 on the 3routers.R1(config)#router ripR1(config-router)#version 2R1(config-router)#no auto-summaryR1(config-rotuer)#network 10.0.0.0R1(config-rotuer)#network 172.16.0.0R2(config)#router ripR2(config-router)#version 2R2(config-router)#no auto-summaryR2(config-rotuer)#network 10.0.0.0R3(config)#router ripR3(config-router)#version 2R3(config-router)#no auto-summaryR3(config-rotuer)#network 10.0.0.0R3(config-router)#network 192.168.1.0Step 2: Create an extended ACL on R3 to deny traffic from network192.168.1.0R3(config)#access-list 102 deny icmp 192.168.1.0 0.0.0.255 anyR3(config)#access-list 102 permit ip any anyR3(config)#int e0R3(config-if)ip access-group 102 inStep 3: Create an extended ACL on R1 to allow only pc1 to access theFTP server.Tips:normally FTP server is using tcp port 20 and 21 to communicatewith FTP clients.R1(config)#access-list 110 permit tcp 192.168.1.1 0.0.0.0 172.16.1.20.0.0.0 eq 21R1(config)#access-list 110 permit tcp 192.168.1.1 0.0.0.0 172.16.1.20.0.0.0 eq 20R1(config)#int s0R1(config-if)#ip access-group 110 inBy www.ccieuniversity.com
  • 30. www.ccieuniversity.com Named Extended ACL Configuration LabTopologyLab Purpose: Master basic extended ACL configurationLab Requirement: Deny icmp traffic from network 192.168.1.0, onlypc1 can access FTP server.Lab Steps:Step 1: finish basic ip configuration and enable RIPV2 on the 3routers.R1(config)#router ripR1(config-router)#version 2R1(config-router)#no auto-summaryR1(config-rotuer)#network 10.0.0.0R1(config-rotuer)#network 172.16.0.0R2(config)#router ripR2(config-router)#version 2R2(config-router)#no auto-summaryR2(config-rotuer)#network 10.0.0.0R3(config)#router ripR3(config-router)#version 2R3(config-router)#no auto-summaryR3(config-rotuer)#network 10.0.0.0R3(config-router)#network 192.168.1.0Step 2: Create an named extended ACL on R3 to deny traffic fromnetwork 192.168.1.0R3(config)#ip access-list extended deny_icmpR3(config-ext-nacl)#deny icmp 192.168.1.0 0.0.0.255 anyR3(config-ext-nacl)#permit ip any anyR3(config)#int e0R3(config-if)#ip access-group deny_icmp inStep 3: Create an named extended ACL on R1 to allow only pc1 toaccess the FTP server.Tips:normally FTP server is using tcp port 20 and 21 to communicatewith FTP clients.R1(config)#ip access-list extended deny_ftpR1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.20.0.0.0 eq 20R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.20.0.0.0 eq 21R1(config)#int s0R1(config-if)#ip access-group deny_ftp inBy www.ccieuniversity.com
  • 31. www.ccieuniversity.com ACL Working on VTY Line Configuration LabTopologyLab Requirement: Only PC1 can remote access the router.Lab Steps:Router(config)#access-list 1 permit host 172.16.1.3Router(config)#line vty 0 15Router(config-line)#password www.ccieuniversity.comRouter(config-line)#loginRouter(config-line)#access-class 1 inBy www.ccieuniversity.com IPV6 Basic Configuration LabTopologyLab Purpose: Master IPV6 basic principal and configurationLab Requirement: Add IPV6 address and IPV6 static route on R1 and R2.Lab Steps:Step 1: Add IPV6 address on R1 and R2. R1(config)#interface lo0 R1(config-if)#ipv6 address 2001:aaaa:1::1/64
  • 32. www.ccieuniversity.com R1(config-if)#exit R1(config)#interface s1/1 R1(config-if)#ipv6 address 2001:aaaa:2::1/64 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R1(config-if)#end R2(config)#interface s1/0 R2(config-if)#ipv6 address 2001:aaaa:2::1/64 R2(config-if)#clock rate 64000 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface lo0 R2(config-if)#ipv6 address 2001:aaaa:3::1/64 R2(config-if)#endStep 2: Enable IPV6 routing on R1 and R2. R1#conf t R1(config)#ipv6 unicast-routing R2#conf t R2(config)#ipv6 unicast-routingStep 3: Add static IPV6 route on R1 and R2. R1(config)#ipv6 route 2001:aaaa:3::/64 s1/1 R2(config)#ipv6 route 2001:aaaa:1::/64 s1/0 By www.ccieuniversity.com