The document describes configuration labs for various routing protocols and technologies:
- It includes labs for static route configuration, RIP v1/v2, EIGRP, OSPF, route redistribution, switch configuration, VLANs, VTP, STP, and routing between VLANs.
- Frame relay labs cover basic configuration, static maps, routing protocols in Frame Relay networks, point-to-point and multi-point subinterfaces.
- Other labs cover PPP authentication, NAT, ACLs, IPv6, and more. The labs provide instructions to configure the protocols and verify their operation in sample network topologies.
Free CCNP switching workbook by networkershome pdfNetworkershome
ccnp workbook and lab manual by NETWORKERS HOME. NETWORKERS HOME understand the importance of CCNP switching workbook when it comes Cisco certification which is why we offered free CCNP switching workbook.
Free CCNP switching workbook by networkershome pdfNetworkershome
ccnp workbook and lab manual by NETWORKERS HOME. NETWORKERS HOME understand the importance of CCNP switching workbook when it comes Cisco certification which is why we offered free CCNP switching workbook.
1) Explain the advantages and disadvantages of static routing.
2) Explain the purpose of different types of static routes.
3) Configure IPv4 and IPv6 static routes by specifying a next-hop address.
4) Configure an IPv4 and IPv6 default routes.
5) Explain the use of legacy classful addressing in network implementation.
6) Explain the purpose of CIDR in replacing classful addressing.
7) Design and implement a hierarchical addressing scheme.
8) Configure an IPv4 and IPv6 summary network address to reduce the number of routing table updates.
9) Configure a floating static route to provide a backup connection.
10) Explain how a router processes packets when a static route is configured.
11) Troubleshoot common static and default route configuration issues.
1) Configure a router to route between multiple directly connected networks
2) Describe the primary functions and features of a router.
3) Explain how routers use information in data packets to make forwarding decisions in a small- to medium-sized business network.
4) Explain the encapsulation and de-encapsulation process used by routers when switching packets between interfaces.
5) Compare ways in which a router builds a routing table when operating in a small- to medium-sized business network.
6) Explain routing table entries for directly connected networks.
7) Explain how a router builds a routing table of directly connected networks.
8) Explain how a router builds a routing table using static routes.
9) Explain how a router builds a routing table using a dynamic routing protocol.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNP nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
1) Explain the advantages and disadvantages of static routing.
2) Explain the purpose of different types of static routes.
3) Configure IPv4 and IPv6 static routes by specifying a next-hop address.
4) Configure an IPv4 and IPv6 default routes.
5) Explain the use of legacy classful addressing in network implementation.
6) Explain the purpose of CIDR in replacing classful addressing.
7) Design and implement a hierarchical addressing scheme.
8) Configure an IPv4 and IPv6 summary network address to reduce the number of routing table updates.
9) Configure a floating static route to provide a backup connection.
10) Explain how a router processes packets when a static route is configured.
11) Troubleshoot common static and default route configuration issues.
1) Configure a router to route between multiple directly connected networks
2) Describe the primary functions and features of a router.
3) Explain how routers use information in data packets to make forwarding decisions in a small- to medium-sized business network.
4) Explain the encapsulation and de-encapsulation process used by routers when switching packets between interfaces.
5) Compare ways in which a router builds a routing table when operating in a small- to medium-sized business network.
6) Explain routing table entries for directly connected networks.
7) Explain how a router builds a routing table of directly connected networks.
8) Explain how a router builds a routing table using static routes.
9) Explain how a router builds a routing table using a dynamic routing protocol.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNP nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
ITNE2003 - AssignmentLearning ObjectivesUpon completion of this.docxsleeperfindley
ITNE2003 - Assignment
Learning Objectives
Upon completion of this assignment, you will be able to:
Subnet an address space given requirements.
Assign appropriate addresses to interfaces and document them in the Addressing Table.
Cable a network according to the Topology Diagram.
Erase the startup configuration and reload a router to the default state.
Configure RIPv2 routing on all routers.
Configure and propagate a static default route.
Verify RIPv2 operation.
Test and verify full connectivity.
Reflect upon and document the network implementation.
Scenario
In this lab activity, you will be given a network diagram that must be implemented in packet tracer. A combination of RIPv2 and static routing will be required so that hosts on networks that are not directly connected will be able to communicate with each other.
Topology Diagram
Task 1: Fill Addressing Table:
Step 1: Examine the network requirements.
The addressing for the network has the following requirements:
The ISP LAN will use the 203.162.108.0/24 network.
The link between the ISP router and the HQ router will use the 172.16.10.0/30 network.
The link between the BRANCH router and the HQ router will use the 172.16.10.4/30 network.
The HQ LAN will use the 192.168.1.128/25 network
The BRANCH LAN will use the 10.10.2.0/23 network.
(
Note:
Remember that the interfaces of network devices are also host IP addresses and are included in the above addressing requirements.)
Step 2: Fill the address table with appropriate IP addresses and subnet masks:
Device
Interface
IP Address
Subnet Mask
Default Gateway
BRANCH
Fa0/0
N/A
S0/0/0
N/A
HQ
Fa0/0
N/A
S0/0/0
N/A
S0/0/1
N/A
ISP
Fa0/0
N/A
S0/0/1
N/A
PC1
NIC
PC2
NIC
PC3
NIC
Task 2: Implement the Network.
Step 1: Cable a network that is similar to the one in the Topology Diagram in Packet Tracer.
You can use any current router in your lab as long as it has the required interfaces shown in the topology.
Note:
If you use 1700, 2500, or 2600 routers, the router outputs and interface descriptions will appear different.
Step 2: Perform basic administrative configuration in the BRANCH, HQ, and ISP routers
Configure the router hostname as the minimum
Task 3: Configure and Activate Serial and Ethernet Addresses.
Step 1: Configure the BRANCH, HQ, and ISP routers.
Configure the interfaces on the BRANCH, HQ, and ISP routers with the IP addresses from the Addressing Table provided under the Topology Diagram.
When you have finished, be sure to save the running configuration to the NVRAM of the router.
Step 2: Configure the Ethernet interfaces of PC1, PC2, and PC3.
Configure the Ethernet interfaces of PC1, PC2, and PC3 with the IP addresses from the Addressing Table provided under the Topology Diagram.
Task 4: Verify Connectivity to Next-Hop Device.
You should
not
have connectivity between end devices yet. However, you can test connectivity between two routers and between an end device and its default gateway.
Step 1: Verify BR.
It is an open standard, distance vector, classfull routing protocol. Rip version 2 supports classless.
It sends the complete routing table out to all active interfaces every 30 seconds. Rip only uses hop count
to determine the best way to a remote network, but it has a maximum allowable hop count of 15 by
default, meaning that 16 is deemed unreachable. RIP works well in small networks, but it’s inefficient on
large networks with slow WAN links or on networks with a large number of routers installed.
CCNA Routing Protocol Commands.IP ROUTING, Static Routing, RIP (Routing Information Protocol), EIGRP, Verifying EIGRP and more.
Follow us : http://www.actsupport.com/blog
2. www.ccieuniversity.com
Static Route Configuration
Topology
Lab Purpose: Master static route and default route configuration
Lab Requirement 1: The whole network should be reachable
R1 use egress static route configuration
R2 use next hop interface static route configuration
R2 should perform load balance to network 10.1.1.128/30
R2 should perform load balance to network 10.1.1.128/30
R3 use next hop + egress interface static route configuration
R4 use default route to access other network
Lab Steps:
Step 1 Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2 Config static route on the 4 routers.
R1(config)#ip route 10.1.1.64 255.255.255.252 s0
R1(config)#ip route 10.1.1.128 255.255.255.252 s0
R2(config)#ip route 10.1.1.128 255.255.255.252 10.1.1.66
R2(config)#ip route 10.1.1.128 255.255.255.252 192.168.1.2
Tips: If you want to enable packet based load balance, You need to
disable Cisco CEF first.
R2(config)#no ip cef
R2(config)#int s1
R2(config-if)#no ip route-cache
R2(config)#int e0
R2(config-if)#no ip route-cache
R3(config)#ip route 10.1.1.0 255.255.255.252 s1 10.1.1.65
R4(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.129
Lab Requirement 2: Change load balance to floating static route on
R2, packets should prefer ethernet to serial line, when ethernet is
down, route should switch to serial line automatically.
Lab Steps: Change the Administrative Distance of static route to
enable the function of floating static route.
R2(config)#no ip route 10.1.1.128 255.255.255.252 10.1.1.66
R2(config)#ip route 10.1.1.128 255.255.255.252 10.1.1.66 2
Before we shutdown E0 interface on R2, ethernet is preferred.
S 10.1.1.128 [1/0] via 192.168.1.2
After we shutdown E0 interface on R2, the route switch to use serial
line.
S 10.1.1.128 [2/0] via 10.1.1.66
By www.ccieuniversity.com
3. www.ccieuniversity.com
Basic Configuration Of RIPV1
Topology
Lab Purpose: Master RIPV1 basic configuration
Lab Requirement: The whole network should be reachable by ripv1
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Config RIPV1 on the 3 routers.
R1(config)#router rip //enable rip
R1(config-router)#version 1 //assign rip version 1
R1(config-router)#network 172.16.0.0 //RIP's main network announce
R1(config-router)#network 10.0.0.0
R2(config)#router rip
R2(config-router)#version 1
R2(config-router)#network 10.0.0.0
R3(config)#router rip
R3(config-router)#version 1
R3(config-router)#network 172.16.0.0
R3(config-router)#network 10.0.0.0
Tips:RIPV1 is based on UDP port 520 and using broadcast to send
period update.
Timer: Sending updates every 30 seconds, next due in 27 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Version: Default version control: send version 1, receive version 1
Route summary: Automatic network summarization is in effect
Load balance: Maximum path: 4
Administrative Distance: (default is 120)
By www.ccieuniversity.com
RIPV2 Basic Configuration
Topology
Lab Purpose: Master RIPV2 basic configuration, watch the auto
summarization of RIPV2, master how to change RIP timer.
Lab Requirement: The whole network should be reachable by ripv2
4. www.ccieuniversity.com
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Config RIPV2 on the 3 routers.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 172.16.0.0
R1(config-router)# network 10.0.0.0
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)# network 10.0.0.0
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)# network 172.16.0.0
R3(config-router)# network 10.0.0.0
Step 3: Use show ip route to check whether there is auto summarize
Step 4: Disable auto summarize to see the changes
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
Step 5: change the 4 timers on R1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#timers basic 20 120 120 160
The above 4 value are update, Invalid, hold down, flushed
Tips:RIPV2 is based on UDP port 520 and using multicast to send
triggered update.
By www.ccieuniversity.com
RIP Extended Lab
Topology
5. www.ccieuniversity.com
Lab Purpose:Master RIPV2 manual summarize configuration
Master RIPV2 passive interface and unicast update configuration
Master RIPV2 authentication configuration
Lab Requirement:
Only R1 can learn routes from R3, R2 can't learn routes from R3,R2
can only use default route to reach other network.
Enable RIP MD5 authentication between R3 and R4.
Manually summary network from 172.16.1.0 to 172.16.3.0 on R4.
Disable split horizon on R4.
The Whole network should be reachable.
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Enable RIP on R1 R3 R4.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 1.0.0.0
R1(config-router)# network 192.168.1.0
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)# network 192.168.1.0
R3(config-router)# network 10.0.0.0
R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#no auto-summary
R4(config-router)# network 172.16.0.0
R4(config-router)# network 10.0.0.0
Step 3: config default route on R2.
R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.3
Step 4: Config passive interface and unicast update, so R2 can not
learn route from R3.
R3(config)#router rip
R3(config-router)#passive-interface E0
R3(config-router)#neighbor 192.168.1.1
Tips: You could use debug ip rip to observe the unicast update.
Step 5: enable RIP MD5 authentication between R3 and R4.
R3(config)#key chain www.ccieuniversity.com
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string cisco
R3(config-keychain-key)#exit
6. www.ccieuniversity.com
R3(config-keychain)#exit
R4(config)#key chain www.ccieuniversity.com
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string cisco
R4(config-keychain-key)#exit
R4(config-keychain)#exit
Enable rip md5 authentication on interface:
R3(config)#interface s0
R3(config-if)#ip rip authentication mode md5
R3(config-if)#ip rip authentication key-chain www.ccieuniversity.com
R4(config)#interface s0
R4(config-if)#ip rip authentication mode md5
R4(config-if)#ip rip authentication key-chain www.ccieuniversity.com
Step 6:config route summarize on R4.
R4(config)#interface s0
R4(config-if)#ip summary-address rip 172.16.0.0 255.255.252.0
Step 7: disable split horizon on R4 s0, and use debug ip rip to
check it.
R4(config)#interface s0
R4(config-if)#no ip split-horizon
R4(config-if)#end
By www.ccieuniversity.com
RIP Equal Cost Load Balancing
Topology
Lab Purpose: Master RIP Equal Cost Load Balancing configuration,
learn how to modify load balancing path.
Lab Requirement: Based on connectivity RIP should do load balancing.
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Enable RIP on 3 routers
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 13.0.0.0
R1(config-router)#network 12.0.0.0
7. www.ccieuniversity.com
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)# network 23.0.0.0
R2(config-router)# network 12.0.0.0
R2(config-router)# network 2.2.2.0
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)# network 13.0.0.0
R3(config-router)# network 23.0.0.0
Step 3: Check route table of R2 to see whether there are 2 routes
for network 13.0.0.0
Step 4: If you want to enable packet based load balance, You need to
disable Cisco CEF first.
R2(config)#interface s1
R2(config-if)#no ip cef
R2(config-if)#no ip route-cache
R2(config)#interface s0
R2(config-if)#no ip cef
R2(config-if)#no ip route-cache
Step 5: "ping 13.0.0.1 source 2.2.2.2" and "debug ip packet" to
check RIP Equal Cost Load Balancing feature.
Step 6: Change the maximum load balancing number of RIP to 6
Use show ip protocols we can see Maximum path: 4
Change the number to 6:
R2(config)#router rip
R2(config-router)#maximum-paths 6
Tips: Before IOS 12.3 the maximum number is 6, after 12.3 it could
be up to 16.
By www.ccieuniversity.com
EIGRP Basic Configuration Lab
Topology
Lab Purpose:
Master EIGRP basic configuration
Observe EIGRP auto summary
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Enable EIGRP on the 3 routers
R1(config)#router eigrp 100 //EIGRP Autonomous System
R1(config-router)#network 172.16.1.0 0.0.0.255
R1(config-router)#network 10.1.1.0 0.0.0.3
8. www.ccieuniversity.com
R2(config)#router eigrp 100
R2(config-router)#network 10.1.1.64 0.0.0.3
R2(config-router)#network 10.1.1.0 0.0.0.3
R3(config)#router eigrp 100
R3(config-router)#network 172.16.1.0 0.0.0.255
R3(config-router)#network 10.1.1.64 0.0.0.3
Step 3:Use "show ip route" to observe the auto summary feature
Step 4:Disable auto summary then "show ip route" again
R1(config)#router eigrp 100
R1(config-router)#no auto-summary
R2(config)#router eigrp 100
R2(config-router)#no auto-summary
R3(config)#router eigrp 100
R3(config-router)#no auto-summary
By www.ccieuniversity.com
EIGRP MD5 Authentication Configuration Lab
Topology
Lab Purpose:
Master EIGRP basic configuration
Master EIGRP MD5 Authentication Configuration
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Enable EIGRP on the 3 routers
R1(config)#router eigrp 100 //EIGRP Autonomous System
R1(config-router)#network 172.16.1.0 0.0.0.255
R1(config-router)#network 10.1.1.0 0.0.0.3
R2(config)#router eigrp 100
R2(config-router)#network 10.1.1.64 0.0.0.3
R2(config-router)#network 10.1.1.0 0.0.0.3
R3(config)#router eigrp 100
R3(config-router)#network 172.16.1.0 0.0.0.255
R3(config-router)#network 10.1.1.64 0.0.0.3
Step 3:Use "show ip route" to observe the auto summary feature
Step 4:enable MD5 authentication on 3 routers
R1(config)#key chain www.ccieuniversity.com
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco
R1(config)#interface s0
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100
www.ccieuniversity.com
R2(config)#key chain www.ccieuniversity.com
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string cisco
9. www.ccieuniversity.com
R2(config)#interface s0
R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain eigrp 100
www.ccieuniversity.com
R2(config)#interface s1
R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain eigrp 100
www.ccieuniversity.com
R3(config)#key chain www.ccieuniversity.com
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string cisco
R3(config)#interface s0
R3(config-if)#ip authentication mode eigrp 100 md5
R3(config-if)#ip authentication key-chain eigrp 100
www.ccieuniversity.com
R3(config)#interface s1
R3(config-if)#ip authentication mode eigrp 100 md5
R3(config-if)#ip authentication key-chain eigrp 100
www.ccieuniversity.com
By www.ccieuniversity.com
OSPF Basic Configurationand DR BDR Selection Lab
Topology
Lab Purpose: Master OSPF basic configuration.
Master manually assign RID(Router ID).
Master how to modify ospf interface priority.
Observe DR BDR selection process.
Lab Requirement: R3 would be the DR,R2 would be BDR, R4 will not
participate in the selection.
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Enable ospf on the 3 Routers
10. www.ccieuniversity.com
R1(config)#interface lo0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config)#router ospf 100
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.1.0 0.0.0.3 area 1
R2(config)#interface lo0
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R2(config)#router ospf 100
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.1.1.0 0.0.0.3 area 1
R2(config-router)#network 10.2.2.0 0.0.0.255 area 0
R3(config)#interface lo0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config)#router ospf 100
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 10.2.2.0 0.0.0.255 area 0
R4(config)#interface lo0
R4(config-if)#ip address 4.4.4.4 255.255.255.0
R4(config)#router ospf 100
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 10.1.1.64 0.0.0.3 area 2
R4(config-router)#network 10.2.2.0 0.0.0.255 area 0
Step 3: Use "show ip ospf neighbors" to see the DR BDR selection
result.
Step 4: Modify R4 E0 interface priority to 0 then it will not
participate in the DR BDR selection.
R4(config)#int E0
R4(config-if)#ip ospf priority 0
Tips: The default ospf interface priority is 1, so R2 and R3 should
compare RID to decide who will be DR, as 3.3.3.3 is greater than
2.2.2.2, so R3 would be DR.
By www.ccieuniversity.com
OSPF extend configuration lab
Topology
Lab Purpose:
Master OSPF area summarization configuration.
Master OSPF simple password and MD5 authentication configuration.
11. www.ccieuniversity.com
Learn how to modify OSPF hello interval, dead interval, and cost
value.
Lab Requirement:
Enable route summary from area 1 to area 0.
Enable simple password authentication between R1 and R2.
Enable MD5 authentication between R2 and R3.
Modify hello interval to 5 and dead interval to 10 between R3 and R4.
Modify R4 s0 cost to 80.
Enable OSPF neighbor log on all Routers.
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Enable OSPF on all routers
R1(config)#router ospf 100
R1(config-router)#network 172.16.1.0 0.0.0.255 area 1
R1(config-router)#network 172.16.2.0 0.0.0.255 area 1
R1(config-router)#network 172.16.3.0 0.0.0.255 area 1
R1(config-router)#network 172.16.4.0 0.0.0.255 area 1
R1(config-router)#network 12.1.1.0 0.0.0.255 area 1
R1(config-router)#log-adjacency-changes //enable OSPF neighbor log
R2(config)#router ospf 100
R2(config-router)#network 12.1.1.0 0.0.0.255 area 1
R2(config-router)#network 23.1.1.0 0.0.0.255 area 0
R2(config-router)#log-adjacency-changes
R3(config)#router ospf 100
R3(config-router)#network 23.1.1.0 0.0.0.255 area 0
R3(config-router)#network 34.1.1.0 0.0.0.255 area 2
R3(config-router)#log-adjacency-changes
R4(config)#router ospf 100
R4(config-router)#network 34.1.1.0 0.0.0.255 area 2
R4(config-router)#log-adjacency-changes
Step 3: Enable area 1 route summary on R2
R2(config)#router ospf 100
R2(config-router)#area 1 range 172.16.0.0 255.255.248.0
Step 4:Enable MD5 authentication between R2 and R3
R2(config)#int s1
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
R2(config-if)#ip ospf authentication message-digest
R3(config)#int s1
R3(config-if)#ip ospf message-digest-key 1 md5 cisco
R3(config-if)#ip ospf authentication message-digest
Step 5: enable simple password authentication between R1 and R2
R1(config)#int s0
R1(config-if)#ip ospf authentication-key cisco
R1(config-if)#ip ospf authentication
R2(config)#int s0
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#ip ospf authentication
Step 6:Modify hello、dead interval
R3(config)#int s0
R3(config-if)#ip ospf hello-interval 5
R3(config-if)#ip ospf dead-interval 20
R4(config)#int s0
R4(config-if)#ip ospf hello-interval 5
R4(config-if)#ip ospf dead-interval 20
Step 7: Modify R4 interface s0 cost
R4(config)#int s0
R4(config-if)#ip ospf cost 80
12. www.ccieuniversity.com
Use "show ip ospf interface so" to see all the modify value
including RID, priority, area, timer, cost, etc.
By www.ccieuniversity.com
Route Redistribution Configuration Lab
Topology
Lab Purpose: Master redistribution configuration between different
routing protocols.
Lab Requirement: The whole network should be reachable with out
static route nor default route.
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram.
Step 2: Enable RIPV2 on R1, enable RIPV2 EIGRP OSPF on R2, enable
EIGRP on R3,enable OSPF on R4.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 1.1.1.0
R1(config-router)#network 12.1.1.0
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 23.1.1.0
R2(config-router)#network 12.1.1.0
R2(config-router)#network 24.1.1.0
R2(config)#router eigrp 100
R2(config-router)#network 12.1.1.0 0.0.0.255
R2(config-router)#network 23.1.1.0 0.0.0.255
R2(config-router)#network 24.1.1.0 0.0.0.255
R2(config)#router ospf 100
R2(config-router)#network 12.1.1.0 0.0.0.255 area 0
R2(config-router)#network 23.1.1.0 0.0.0.255 area 0
R2(config-router)#network 24.1.1.0 0.0.0.255 area 0
R3(config)#router eigrp 100
R3(config-router)#network 23.1.1.0 0.0.0.255
R3(config-router)#network 3.3.3.0 0.0.0.255
R4(config)#router ospf 100
R4(config-router)#network 24.1.1.0 0.0.0.255 area 0
R4(config-router)#network 4.4.4.0 0.0.0.255 area 0
Step 3: redistribute routing protocols on R2.
R2(config)#router rip
13. www.ccieuniversity.com
R2(config-router)#redistribute eigrp 100 metric 2
R2(config-router)#redistribute ospf 100 metric 2
R2(config)#router eigrp 100
R2(config-router)#redistribute rip metric 2000 1 255 1 1500
//EIGRP combine metric
R2(config-router)#redistribute ospf 100 metric 2000 1 255 1500
R2(conf t)#router ospf 100
R2(config-router)#redistribute rip metric 64 subnets
R2(config-router)#redistribute eigrp 100 metric 64 subnets
Tips: Command "subnets" in OSPF redistribution is to allow
subnets prefix join the OSPF route table.
By www.ccieuniversity.com
Switch Basic Configuration And Port Security
Topology
Lab Purpose:
Master switch basic configuration.
Master switch port security configuration.
Lab Requirement: finish basic configuration including ip address, default gateway.
Enable port security on Fa0/3 to allow maximum 10 mac address to be learn, others
will be dropped.
Lab Steps:
Step 1: basic configuration
Switch(config)#ip default-gateway 192.168.1.1
//If without default gateway you can not access the switch from
different network.
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.1.2 255.255.255.0
Switch(config-if)#no shutdown
//set up switch management ip address.
Switch(config)#int fa0/1
14. www.ccieuniversity.com
Switch(config-if)#duplex full
Switch(config-if)#speed 100
Step 2:enable port security.
Switch(config-if)#int fa0/3
Switch(config-if)#switchport mode access
//only access mode can enable port security
Switch(config-if)#switchport port-security maximum 10
//set the maximum learned mac address number to 10
Switch(config-if)#switchport port-security violation protect
//drop the exceeded frames
By www.ccieuniversity.com
Switch Vlan Configuration Lab
Topology
Lab Purpose:
Master vlan basic configuration.
Master interface assign vlan configuration.
Lab Requirement: create vlan2 and vlan3,vlan name is HR、ENG
Assign pc1 in vlan2, assign pc2 in vlan3
Lab Steps:
Step 1:create VLAN2 and VLAN3
Switch#conf t
Switch(config)#vlan 2
Switch(config-vlan)#name HR
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#name ENG
Step 2: assign the 2 PC connected interfaces to the 2 vlan.
Switch(config)#int fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#end
Switch(config)#int fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#end
Step 3:Use "show vlan brif" to check the vlan table.
By www.ccieuniversity.com
15. www.ccieuniversity.com
Switch Vlan Trunk Configuration Lab
Topology
Lab Purpose: Master trunk basic configuration
Lab Requirement: create vlan2 on both SW1 and SW2, set up trunk link
between SW1 and SW2.
Lab Steps:
Step 1: Create vlan2 and assign pc1 pc2 connected switch interfaces
to vlan2.
SW1#conf t
SW1(config)#vlan 2
SW1(config-vlan)#name HR
SW1(config-vlan)#exit
SW1(config)#int fa0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 2
SW2#conf t
SW2(config)#vlan 2
SW2(config-vlan)#name HR
SW2(config-vlan)#exit
SW2(config)#int fa0/2
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 2
Step 2: Set up trunk link between the 2 switches.
SW1(config)#int fa0/20
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW2(config)#int fa0/20
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
By www.ccieuniversity.com
16. www.ccieuniversity.com
Switch VTP Configuration Lab
Topology
Lab Purpose: Master VLAN and VTP configuration
Lab Requirement: Set VTP to www.ccieuniversity.com , password
www.ccieuniversity.com.
Set SwitchA to VTP Server mode,create VLAN 10 name ccieuniversity1
and VLAN 20 name ccieuniversity2,enable VTP pruning.
Set SwitchB to VTP Client more,assign interfaces Fa0/1—10 to
VLAN10, Fa0/11—20 to VLAN20.
Set SwitchC to VTP Transparent mode.
Lab Steps:
Step 1: AS VTP information based on trunk link transfer,So we set
up trunk link first.
SwitchA(config)#int f0/0
SwitchA(config-if)#switchport trunk encapsulation dot1q
SwitchA(config-if)#switchport mode trunk
SwitchA(config)#int f0/1
SwitchA(config-if)#switchport trunk encapsulation dot1q
SwitchA(config-if)#switchport mode trunk
SwitchB(config)#int f0/0
SwitchB(config-if)#switchport trunk encapsulation dot1q
SwitchB(config-if)#switchport mode trunk
SwitchC(config)#int f0/0
SwitchC(config-if)#switchport trunk encapsulation dot1q
SwitchC(config-if)#switchport mode trunk
Step 2: Enable VTP Server mode and pruning on SwitchA, then create
vlans
SwitchA(config)#vtp mode server
SwitchA(config)#vtp domain www.ccieuniversity.com
SwitchA(config)#vtp password www.ccieuniversity.com
SwitchA(config)#vtp pruning
SwitchA#vlan 10 name ccieuniversity1
SwitchA#vlan 20 name ccieuniversity2
Step 3: Enable VTP Client mode on SwitchB
SwitchB(config)#vtp mode client
SwitchB(config)#vtp domain www.ccieuniversity.com
SwitchB(config)#vtp password www.ccieuniversity.com
Step 4: Enable VTP transparent mode on SwitchC
SwitchC(config)#vtp mode transparent
17. www.ccieuniversity.com
Step 5: Check SwitchB vlan information to see whether there are
automatically created vlan10 and vlan20.
Step 6: Check whether SwitchB and SwitchC could create vlans.
By www.ccieuniversity.com
Switch STP Basic Configuration Lab
Topology
Lab Purpose:
Observed STP working principal, learn how to change STP common
parameters such as STP priority, STP interface cost, STP interface
priority.
Learn how to modify a switch to a primary root or a secondary root.
Learn how to enable rapid STP.
Lab Requirement: SW1 should become the primary root,SW2 will be the
secondary root.
Modify SW3 Fa0/24 interface priority to 64.
Modify SW3 and SW4 Fa0/20 interface cost to 5.
Lab Steps:
Step 1: Use "show spanning-tree" command to see the default
PVST+(Per Vlan Spanning Tree)
Step 2: enable or disable STP for specific vlan.
Switch(config)#spanning-tree vlan 2 //enable STP for vlan2,the
default is enable.
Switch(config)#no spanning-tree vlan 2 //disable STP for vlan2
Step 3: Modify STP priority to make SW1 be primary root,SW2 be
secondary root.
SW1(config)#spanning-tree vlan 1 priority 24576
SW2(config)#spanning-tree vlan 1 priority 28672
Tips: Switch STP priority must be multiple of 4096
Also you could use the following command to decide who is
primary root and who is secondary root.
SW1(config)#spanning-tree vlan 1 root primary
Tips: Sw1 will set it's STP priority lower than all others' in the network.
18. www.ccieuniversity.com
SW2(config)#spanning-tree vlan 1 root secondary
Tips: Sw2 will set it's STP priority only higher than SW1 and lower than all others in the
network.
Step 4: Modify SW3 Fa0/24 STP priority to 64
SW3(config)#int fa0/24
SW3(config-if)#spanning-tree vlan 1 port-priority 64
Tips: STP interface priority should be multiple of 16
Step 5: Modify SW3、SW4 Fa0/20 cost to 5
SW3(config)#int fa0/20
SW3(config-if)#spanning-tree vlan 1 cost 5
SW4(config)#int fa0/20
SW4(config-if)#spanning-tree vlan 1 cost 5
Step 6: enable rapid STP.
SW1(config)#spanning-tree mode rapid-pvst
SW2(config)#spanning-tree mode rapid-pvst
SW3(config)#spanning-tree mode rapid-pvst
SW4(config)#spanning-tree mode rapid-pvst
By www.ccieuniversity.com
Routing Between Vlans - Router On A Stick
Topology
Lab Purpose: Master "router on a stick" configuration.
Lab Requirement:
1 Make R1 R2 work as host
2 R1 F0/0 ip address is 192.168.1.2 default gateway is 192.168.1.1
3 R2 F0/0 ip address is 192.168.2.2 default gateway is 192.168.2.1
4 Create VLAN5 and VLAN10 on SW1,assign R1 to VLAN5,assign R2 to
VLAN10.
5 Enable routing between vlans on R3.
6 Ping package can go trough R1 and R2.
Lab Steps:
Step 1: Disable R1 R2 routing function
R1(config)#no ip routing //disable routing function
19. www.ccieuniversity.com
R1(config)#ip default-gateway 192.168.1.1 //set default
gateway
R1(config)#int fa0/0
R1(config-if)#ip add 192.168.1.2 255.255.255.0
R1(config-if)#no shutdown
R2(config)#no ip routing
R2(config)#ip default-gateway 192.168.2.1
R2(config)#int fa0/0
R2(config-if)#ip add 192.168.2.2 255.255.255.0
R2(config-if)#no shutdown
Step 2: Create and assign vlans on SW1.
SW1#conf t
SW1(config)#vlan 5
SW1(config-vlan)#exit
SW1(config)#vlan 10
SW1(config-vlan)#exit
SW1(config)#int fa1/5
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 5 SW1(config-if)#exit
SW1(config)#int fa1/10
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10 SW1(config-
if)#exit
Step 3: Create trunk between SW1 and R3.
SW1(config)#int fa1/2
SW1(config-if)#switchport mod trunk
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#no shutdown
SW1(config-if)#exit
Step 4: Encapsulate vlans on R3.
R3(config)#ip routing
R3(config)#int fa0/0
R3(config-if)#no shutdown
R3(config)#int fa0/0.5
R3(config-subif)#encapsulation dot1q 5
R3(config-subif)#ip add 192.168.1.1 255.255.255.0
R3(config-subif)#no shutdown
R3(config-subif)#exit
R3(config)#int fa0/0.10
R3(config-subif)#encapsulation dot1q 10
R3(config-subif)#ip add 192.168.2.1 255.255.255.0
R3(config-subif)#no shutdown
R3(config-subif)#exit
Step 5: Ping between R1 and R2 to make sure the router on a stick is
working properly.
By www.ccieuniversity.com
Frame-Relay Basic Configuration Lab
Topology
22. www.ccieuniversity.com
R1(config-if)#frame-relay map ip 10.1.1.3 103
R2(config)#int s0
R2(config-if)#frame-relay map ip 10.1.1.1 201
R2(config-if)#frame-relay map ip 10.1.1.3 203
R3(config)#int s0
R3(config-if)#frame-relay map ip 10.1.1.1 301
R3(config-if)#frame-relay map ip 10.1.1.2 302
Step 3:use "show frame-relay map" command to check the created
IP/DLCI map, and check the ping connectivity.
R1#show frame-relay map
Serial0 (up): ip 10.1.1.2 dlci 102(0x66,0x1860), static,
IETF, status defined, active
Serial0 (up): ip 10.1.1.3 dlci 103(0x67,0x1870), static,
IETF, status defined, active
R1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
32/60/80 ms
R1#ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/61/96
ms
By www.ccieuniversity.com
Distance Vector Routing Protocol in Frame-Relay Network Lab
Topology
23. www.ccieuniversity.com
Lab Purpose: Observe distance vector routing protocol running in
frame-relay network.
Lab Requirement: enable EIGRP on frame-relay network and learn route
from each other.
Lab Steps:
Step 1: Finish the basic ip and frame-relay configuration
Step 2: Add a loopback interface on all routers for future test.
R1(config)#int lo0
R1(config-if)#ip add 172.16.1.1 255.255.255.0
R2(config)#int lo0
R2(config-if)#ip add 172.16.2.1 255.255.255.0
R3(config)#int lo0
R3(config-if)#ip add 172.16.3.1 255.255.255.0
Step 3: Enable EIGRP on R1 R2 R3, announce the necessary network.
R1(config)#router eigrp 100
R1(config-router)#no auto-summary
R1(config-router)#network 10.1.1.0 0.0.0.255
R1(config-router)#network 172.16.1.0 0.0.0.255
R2(config)#router eigrp 100
R2(config-router)#no auto-summary
R2(config-router)#network 10.1.1.0 0.0.0.255
R2(config-router)#network 172.16.2.0 0.0.0.255
R3(config)#router eigrp 100
R3(config-router)#no auto-summary
R3(config-router)#network 10.1.1.0 0.0.0.255
R3(config-router)#network 172.16.3.0 0.0.0.255
Step 4: Check R2 R3 routing table and observe the effect of split
horizon.
Step 5: Disable R1 S0 EIGRP split horizon to insure necessary update.
R1(config-if)#no ip split-horizon eigrp 100
By www.ccieuniversity.com
24. www.ccieuniversity.com
Frame-Relay Point to Point Sub-interface Configuration Lab
Topology
Lab Purpose: Master frame-relay point to point sub-interface
configuration.
Lab Requirement: Enable frame-relay point to point sub-interface on
R1 to solve split horizon issue.
Lab Steps:
Step 1: Create 2 frame-relay point to point sub-interface on R1.
Sub-interfaces are on different networks.
R1(config)#int s0
R1(config-if)#no ip address
R1(config-if)#encapsulation frame-relay ietf
R1(config-if)#frame-relay lmi-type ansi
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#int s0.1 point-to-point
R1(config-subif)#frame-relay interface-dlci 102
R1(config-fr-dlci)#exit
R1(config-subif)#ip add 10.1.1.1 255.255.255.0
R1(config-subif)#no shutdown
R1(config-subif)#exit
R1(config)#int s0.2 point-to-point
R1(config-subif)#frame-relay interface-dlci 103
R1(config-fr-dlci)#exit
R1(config-subif)#ip add 10.1.2.1 255.255.255.0
R1(config-subif)#no shutdown
R1(config-subif)#end
Under frame-relay point to point sub-interface EIGRP is working
properly without disabling split horizon.
By www.ccieuniversity.com
25. www.ccieuniversity.com
Frame-Relay Multi-Point Sub-interface Configuration Lab
Topology
Lab Purpose: Master frame-relay multi-point sub-interface
configuration.
Lab Steps:
Step 1: Finish basic configuration.
Step 2: Enable multi-point interface on R1.
R1(config)#int s0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no ip address
R1(config-if)#no shutdown
R1(config)#int s0.1 multipoint
R1(config-subif)#ip add 10.1.1.1 255.255.255.0 / Same network
as R2 and R3.
R1(config-subif)#frame-relay interface-dlci 102
R1(config-fr-dlci)#exit
R1(config-subif)#frame-relay interface-dlci 103
R1(config-fr-dlci)#exit
Tips: Frame-Relay multi-point sub-interface will bring split-horizon
issue as the common frame-relay interface do.
By www.ccieuniversity.com
26. www.ccieuniversity.com
PPP PAP Authentication Basic Lab Configuration
Topology
Lab Purpose: Master ppp one way authentication configuration for pap.
Lab Requirement: R2 is the ppp authentication server, R1 and R3 are
clients.
Lab Steps:
Step 1: PPP sever configuration on R2.
R2(config)#username R1 password cisco
R2(config)#username R3 password cisco
R2(config)#int s1
R2(config-if)#encapsulation ppp
R2(config-if)ppp authentication pap
R2(config)#int s0
R2(config-if)#encapsulation ppp
R2(config-if)# ppp authentication pap
Step 2: PPP client configuration on R1 and R3.
R1(config)#int s0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp pap send-username R1 password cisco
R3(config)#int s1
R3(config-if)#encapsulation ppp
R3(config-if)# ppp pap send-username R3 password cisco
By www.ccieuniversity.com
27. www.ccieuniversity.com
PPP CHAP Authentication Basic Lab Configuration
Topology
Lab Purpose: Master ppp one way authentication configuration for pap.
Lab Steps: Enable ppp chap authentication on all routers interfaces.
R1(config)#username R2 password www.ccieuniversity.com
R1(config)#int s0
R1(config-if)#encapsulation ppp
R1(config-if)# ppp authentication chap
R2(config)#username R1 password www.ccieuniversity.com
R2(config)#username R3 password www.ccieuniversity.com
R2(config)#int s0
R2(config-if)#encapsulation ppp
R2(config-if)# ppp authentication chap
R2(config)#int s1
R2(config-if)#encapsulation ppp
R2(config-if)# ppp authentication chap
R3(config)#username R2 password www.ccieuniversity.com
R3(config)#int s1
R3(config-if)#encapsulation ppp
R3(config-if)# ppp authentication chap
By www.ccieuniversity.com
Static Nat And Dynamic Nat Basic Configuration Lab
Topology
Lab Purpose: Master static and dynamic NAT configuration.
Lab Requirement: Add static nat translation for host 192.168.1.2,
192.168.1.5, add dynamic nat translation for network 192.168.1.0/24.
Lab Steps:
28. www.ccieuniversity.com
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Add a default route on router NAT.
NAT(config)#ip route 0.0.0.0 0.0.0.0 200.200.100.2
Step 3: Create static translation for host 192.168.1.2 and
192.168.1.5
NAT(config)#ip nat inside source static 192.168.1.2 200.200.100.129
NAT(config)#ip nat inside source static 192.168.1.5 200.200.100.130
Step 4: Create dynamic translation for network 192.168.1.0/24
NAT(config)#access-list 1 permit 192.168.1.0 0.0.0.255
NAT(config)#ip nat pool public 200.200.100.129 200.200.100.254
netmask 255.255.255.128
NAT(cinfig)#ip nat inside source list 1 pool public
Step 5: Assign inside and outside interface for router NAT.
NAT(config)#int f0/0
NAT(config-if)#ip nat inside
NAT(config)#int s0/0
NAT(config-if)#ip nat outside
By www.ccieuniversity.com
Basic Standard ACL Configuration Lab
Topology
Lab Purpose: Master basic standard ACL configuration
Lab Requirement: Deny all traffic from R1 to R3.
Lab Steps:
Step 1: Finish the basic IP and route configuration according to the
diagram, and test connectivity.
R1(config)#ip route 10.1.1.64 255.255.255.252 10.1.1.2
R3(config)#ip route 10.1.1.0 255.255.255.252 10.1.1.65
Step 2: add a standard ACL to block the traffic from R1 to R3.
R3(config)#access-list 1 deny 10.1.1.1 0.0.0.0
Or use the host command.
R3(config)#access-list 1 deny host 10.1.1.1
Tips: As there is a default deny any at the bottom of the ACL, so
add permit any to allow other traffic.
R3(config)#access-list 1 permit any
Choose the right direction to assign the ACL.
R3(config)#int s1
R3(config-if)#ip access-group 1 in
By www.ccieuniversity.com
29. www.ccieuniversity.com
Basic Extended ACL Configuration Lab
Topology
Lab Purpose: Master basic extended ACL configuration
Lab Requirement: Deny icmp traffic from network 192.168.1.0, only
pc1 can access FTP server.
Lab Steps:
Step 1: finish basic ip configuration and enable RIPV2 on the 3
routers.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-rotuer)#network 10.0.0.0
R1(config-rotuer)#network 172.16.0.0
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-rotuer)#network 10.0.0.0
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-rotuer)#network 10.0.0.0
R3(config-router)#network 192.168.1.0
Step 2: Create an extended ACL on R3 to deny traffic from network
192.168.1.0
R3(config)#access-list 102 deny icmp 192.168.1.0 0.0.0.255 any
R3(config)#access-list 102 permit ip any any
R3(config)#int e0
R3(config-if)ip access-group 102 in
Step 3: Create an extended ACL on R1 to allow only pc1 to access the
FTP server.
Tips:normally FTP server is using tcp port 20 and 21 to communicate
with FTP clients.
R1(config)#access-list 110 permit tcp 192.168.1.1 0.0.0.0 172.16.1.2
0.0.0.0 eq 21
R1(config)#access-list 110 permit tcp 192.168.1.1 0.0.0.0 172.16.1.2
0.0.0.0 eq 20
R1(config)#int s0
R1(config-if)#ip access-group 110 in
By www.ccieuniversity.com
30. www.ccieuniversity.com
Named Extended ACL Configuration Lab
Topology
Lab Purpose: Master basic extended ACL configuration
Lab Requirement: Deny icmp traffic from network 192.168.1.0, only
pc1 can access FTP server.
Lab Steps:
Step 1: finish basic ip configuration and enable RIPV2 on the 3
routers.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-rotuer)#network 10.0.0.0
R1(config-rotuer)#network 172.16.0.0
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-rotuer)#network 10.0.0.0
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-rotuer)#network 10.0.0.0
R3(config-router)#network 192.168.1.0
Step 2: Create an named extended ACL on R3 to deny traffic from
network 192.168.1.0
R3(config)#ip access-list extended deny_icmp
R3(config-ext-nacl)#deny icmp 192.168.1.0 0.0.0.255 any
R3(config-ext-nacl)#permit ip any any
R3(config)#int e0
R3(config-if)#ip access-group deny_icmp in
Step 3: Create an named extended ACL on R1 to allow only pc1 to
access the FTP server.
Tips:normally FTP server is using tcp port 20 and 21 to communicate
with FTP clients.
R1(config)#ip access-list extended deny_ftp
R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2
0.0.0.0 eq 20
R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2
0.0.0.0 eq 21
R1(config)#int s0
R1(config-if)#ip access-group deny_ftp in
By www.ccieuniversity.com
31. www.ccieuniversity.com
ACL Working on VTY Line Configuration Lab
Topology
Lab Requirement: Only PC1 can remote access the router.
Lab Steps:
Router(config)#access-list 1 permit host 172.16.1.3
Router(config)#line vty 0 15
Router(config-line)#password www.ccieuniversity.com
Router(config-line)#login
Router(config-line)#access-class 1 in
By www.ccieuniversity.com
IPV6 Basic Configuration Lab
Topology
Lab Purpose: Master IPV6 basic principal and configuration
Lab Requirement: Add IPV6 address and IPV6 static route on R1 and R2.
Lab Steps:
Step 1: Add IPV6 address on R1 and R2.
R1(config)#interface lo0
R1(config-if)#ipv6 address 2001:aaaa:1::1/64
32. www.ccieuniversity.com
R1(config-if)#exit
R1(config)#interface s1/1
R1(config-if)#ipv6 address 2001:aaaa:2::1/64
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown
R1(config-if)#end
R2(config)#interface s1/0
R2(config-if)#ipv6 address 2001:aaaa:2::1/64
R2(config-if)#clock rate 64000
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface lo0
R2(config-if)#ipv6 address 2001:aaaa:3::1/64
R2(config-if)#end
Step 2: Enable IPV6 routing on R1 and R2.
R1#conf t
R1(config)#ipv6 unicast-routing
R2#conf t
R2(config)#ipv6 unicast-routing
Step 3: Add static IPV6 route on R1 and R2.
R1(config)#ipv6 route 2001:aaaa:3::/64 s1/1
R2(config)#ipv6 route 2001:aaaa:1::/64 s1/0
By www.ccieuniversity.com