Guideline for Lab
• HQ
-Router(config)# hostname HQ
-HQ(config)# line vty 0 4
-HQ(config-line)# password cisco
-HQ(config-line)# login
-HQ(config-line)# exit
-HQ(config)# enable secret cisco
-HQ(config-if)# int S0/0
-HQ(config-if)# ip address 172.16.1.133 255.255.255.252
-HQ(config-if)# clock rate 128000
-HQ(config-if)# no shut
-HQ(config-if)# int S0/1
-HQ(config-if)# ip address 172.16.1.137 255.255.255.252
-HQ(config-if)# clock rate 128000
-HQ(config-if)# no shut
-HQ(config-if)# end
-HQ# copy run start
51
• Branch2 Guideline for Lab
-Router(config)# hostname Branch2
-Branch2(config)# line vty 0 4
-Branch2(config-line)# password cisco
-Branch2(config-line)# login
-Branch1(config-line)# exit
-Branch1(config)# enable secret cisco
-Branch1(config)# int S1
-Branch1(config-if)# ip address 172.16.1.138 255.255.255.252
-Branch1(config-if)# no shut
-Branch1(config-if)# int Fa0/0
-Branch1(config-if)# ip address 192.168.3.254 255.255.255.0
-Branch1(config-if)# no shut
-Branch1(config-if)# end
-Branch1# copy run start 52
Part 1 : PPP Authentication
• Router Branch1
-Configuring PPP CHAP authentication on serial
interface S0/0 of Branch1 and S0/0 of HQ
-Use “cisco1” as password
• Router Branch2
-Configuring PPP CHAP authentication on serial
interface S0/1 of Branch2 and S0/1 of HQ
-Use “cisco2” as password
53
Part 1: Guide
• HQ
- HQ(config)# hostname HQ
- HQ(config)# username Branch2 password cisco2
- HQ(config)# interface S0/1
- HQ(config)# encapsulation ppp
- HQ(config)# ppp authentication chap
• Branch2
- Branch(config)# hostname Branch2
- Branch(config)# username HQ password cisco2
- Branch(config)# interface S0/1
- Branch(config-if)# encapsulation ppp
- Branch(config-if)# ppp authentication chap
54
Part 2: GRE Tunnel
Lo1: 192.168.1.1/24 Lo1: 10.10.10.1/24
Branch 172.16.100.2 GRE Tunnel 172.16.100.1 HQ
172.16.100.0/30
R1 S0/0 S0/1 R2
.242 .226
209.165.200.240/29 ISP 209.165.200.224/29
.241 .225
S0/0 S0/1
DCE
R3 DCE
Lo1: 209.165.202.129/24
55
Guideline for Lab : Part 2
• Branch
!
Interface Tunnel0
tunnel mode gre ip
ip address 172.16.100.2 255.255.255.252
tunnel source 209.165.200.242
tunnel destination 209.165.200.226
!
56
Guideline for Lab : Part 2
• HQ
!
Interface Tunnel0
tunnel mode gre ip
ip address 172.16.100.1 255.255.255.252
tunnel source 209.165.200.226
tunnel destination 209.165.200.242
!
57
Guideline for Lab : Part 2
• Verify that the tunnel interface is up and running
using the “show interface tunnel 0” command.
• Verify connectivity across the tunnel by pinging
the tunnel destination on the HQ router. The ping
should be successful.
58
Day 4 – Part 3 to 6
HQ
.133 .137
S0/0 (DCE) S0/1 (DCE)
Subnet#4 FA 0/0 .254 Subnet#5
172.16.1.132/30 172.16.1.136/30
Subnet#1
192.168.1.0 /24
.134 .100 S0/1 .138
S0/0
Bandwidth on FA 0/0
Branch1 WAN Link is 2.048 Mbps .254
FA 0/0 /24 is used in LAN Subnet#3
.254 /30 is used in WAN 192.168.3.0/24 .100
Subnet#2
.100 192.168.2.0/24
59
Guideline for Lab : Part 3 60
• Branch1
-Router> enable
-Router# conf t
-Router(config)# hostname Branch1
-Branch1(config)# int S0/0
-Branch1(config-if)# ip address 172.16.1.134 255.255.255.252
-Branch1(config-if)# no shut
-Branch1(config-if)# int Fa0/0
-Branch1(config-if)# ip address 192.168.2.254 255.255.255.0
-Branch1(config-if)# no shut
-Branch1(config-if)# exit
-Branch1(config)# ip route 172.16.1.136 255.255.255.252 172.16.1.133
-Branch1(config)# ip route 192.168.3.0 255.255.255.0 172.16.1.133
-Branch1(config)# exit
-Branch1# copy run start
Guideline for Lab : Part 3
• HQ
-Router> enable
-Router# conf t
-Router(config)# hostname HQ
-HQ(config)# int S0/0
-HQ(config-if)# ip address 172.16.1.133 255.255.255.252
-HQ(config-if)# clock rate 128000
-HQ(config-if)# no shut
-HQ(config-if)# int S0/1
-HQ(config-if)# ip address 172.16.1.137 255.255.255.252
-HQ(config-if)# clock rate 128000
-HQ(config-if)# no shut
-HQ(config-if)# exit
-HQ(config)# ip route 192.168.2.0 255.255.255.0 172.16.1.134
-HQ(config)# ip route 192.168.3.0 255.255.255.0 172.16.1.138
-HQ(config)# exit
-HQ# copy run start
61
Guideline for Lab : Part 3
• Branch2
-Router> enable
-Router# conf t
-Router(config)# hostname Branch2
-Branch2(config)# int S0/1
-Branch2(config-if)# ip address 172.16.1.138 255.255.255.252
-Branch2(config-if)# no shut
-Branch2(config-if)# int Fa0/0
-Branch2(config-if)# ip address 192.168.3.254 255.255.255.0
-Branch2(config-if)# no shut
-Branch2(config-if)# exit
-Branch2(config)# ip route 172.16.1.132 255.255.255.252 172.16.1.137
-Branch2(config)# ip route 192.168.2.0 255.255.255.0 172.16.1.137
-Branch2(config)# exit
-Branch2# copy run start
62
Testing Procedure
• From each PC, do “ping” or “tracert” to the
following IP address to verify lab connectivity
>>172.16.1.133
>>172.16.1.134
>>172.16.1.137
>>172.16.1.138
>>192.168.1.100
>>192.168.1.254
>>192.168.2.100
>>192.18.2.254
>>192.168.3.100
>>192.168.3.254
63
Note:
64
Part 4 : Lab Scenario
• Setup RIP routing protocol and verify all
lab connectivity
-Set RIP version 1 and observe that result
-Set RIP version 2 and observe that result
Run command “show ip route” to verify
65
Part 4 : Guide (RIP)
• Branch1
- Branch1(config)# router rip
- Branch1(config-router)# network 172.16.0.0
- Branch1(config-router)# network 192.168.2.0
• HQ
- HQ(config)# router rip
- HQ(config-router)# network 172.16.0.0
- HQ(config-router)# network 192.168.1.0
• Branch2
- Branch2(config)# router rip
- Branch2(config-router)# network 172.16.0.0
- Branch2(config-router)# network 192.168.3.0
66
Part 5: OSPF LAB
• Set ospf on each router
• Create Interface Loopback0 to be router-id
- Branch1 = 1.1.1.1 /24
- HQ = 2.2.2.2 /24
- Branch2 = 3.3.3. /24
• Use command “show ip interface brief” to see ip address
on each interface and then use sub-command “network”
under ”router ospf” to enable OSPF on every interface
• Use closet wildcard mask to “match” only appropriate
subnet address on the interface
**Don’t forget to set bandwidth on interface by using
command “bandwidth<kbps”****
67
Guidelines for Lab : OSPF
• Branch1
- Branch1(config)# int Loopback0
- Branch1(config-if)# ip address 1.1.1.1 255.255.255.0
- Branch1(config-if)# no shut
- Branch1(config-if)# int S0/0
- Branch1(config-if)# bandwidth 2048
- Branch1(config)# router ospf 1
- Branch1(config-router)# network 172.16.1.132 0.0.0.3 area 0
- Branch1(config-router)# network 192.168.2.0 0.0.0.255 area 0
- Branch1(config-router)# end
68
Guidelines for Lab : OSPF
• HQ
- HQ(config)# int Loopback0
- HQ(config-if)# ip address 2.2.2.2 255.255.255.0
- HQ(config-if)# no shut
- HQ(config-if)# int S0/0
- HQ(config-if)# bandwidth 2048
- HQ(config-if)# int S0/1
- HQ(config-if)# bandwidth 2048
- HQ(config)# router ospf 2
- HQ(config-router)# network 172.16.1.132 0.0.0.3 area 0
- HQ(config-router)# network 172.16.1.136 0.0.0.3 area 0
- HQ(config-router)# end
69
Guidelines for Lab : OSPF
• Branch2
- Branch2(config)# int Loopback0
- Branch2(config-if)# ip address 3.3.3.3 255.255.255.0
- Branch2(config-if)# no shut
- Branch2(config-if)# int S0/1
- Branch2(config-if)# bandwidth 2048
- Branch2(config)# router ospf 3
- Branch2(config-router)# network 172.16.1.136 0.0.0.3 area 0
- Branch2(config-router)# network 192.168.3.0 0.0.0.255 area 0
- Branch2(config-router)# end
70
Part 5 : OSPF LAB (cont.)
• Testing lab connectivity
• Use following “show” command to observe ospf
behavior
-Show ip ospf neighbor
You should see loopback of neighbor router
- Show ip router
- Show ip router ospf
- Show ip protocols
- Show ip ospf interface S0/0 or S 0/1
This is to check ospf parameter on interface such as ospf
Cost, Hello and Dead Time
71
Part 5 : OSPF LAB
• Branch1
Branch1(config)# router ospf 1
Branch1(config-router)# no network 192.168.2.0 0.0.0.255 area 0
Branch1(config-router)# network 192.168.2.0 0.0.0.255 area 1
Branch1(config-router)# end
• Use following “show” command to observe ospf behavior
- Show ip router
- Show ip router ospf
- Show ip protocols
- Show ip ospf interface
72
Part 6: EIGRP Lab
• Branch1
Branch1(config)# no router ospf 1
Branch1(config)# router eigrp 1
Branch1(config-router)# network 172.16.0.0
Branch1(config-router)# network 192.168.2.0
• HQ
HQ(config)#no router ospf 2
HQ(config)# router eigrp 1
HQ(config-router)# network 172.16.0.0
HQ(config-router)# network 192.168.1.0
• Branch2
Branch2(config)# no router ospf 3
Branch2(config)# router eigrp 1
Branch2(config-router)# network 172.16.0.0
Branch2(config-router)# network 192.168.3.0
73
Part 6: EIGRP Lab (cont.)
• Testing Lab connectivity
• Use following “show” command to observe
EIGRP behavior
- Show ip eigrp interface
- Show ip eigrp neighbors
- Show ip eigrp topology
- Show ip route
- Show ip route eigrp
- Show ip protocols
74
Day 4 – Part 7
HQ
.133 .137
S0/0 (DCE) S0/1 (DCE)
Subnet#4 FA 0/0 .254 Subnet#5
172.16.1.132/30 172.16.1.136/30
Subnet#1
192.168.1.0 /24
.134 .100 S0/1 .138
S0/0
Bandwidth on
Branch1 WAN Link is 2.048 Mbps Branch2
FA 0/0 /24 is used in LAN FA 0/0
.254 /30 is used in WAN .254
Subnet#2 Subnet#3 .100
.100 172.16.2.0/24 172.16.3.0/24
75
Part 6 : Guide Lab
• Branch1
Branch1(config)# int Fa0/0
Branch1(config-if)# ip add 172.16.2.254 255.255.255.0
• Branch2
Branch2(config)# int Fa0/0
Branch2(config-if)# ip add 172.16.3.254 255.255.255.0
Run command “Show ip router eigrp” to verify on HQ
76
Lab : Day 5
77
Lab Scenario
• Lab 1 : Configure OSPF for IPv6
• Lab 2 : Implementing EIGRP for IPv6
• Lab 3 : Configure ACL on Router
• Lab 4 : DHCP & DHCP Helper IPv4
• Lab 5 : Overloading, Dynamic, Static NAT
Static + Port Forwarder NAT
78
Day 5 – Part 1 to 2
HQ
:1 FA 0/0 .1 :1
S0/0 (DCE) S0/1 (DCE)
Subnet#4 Subnet#5
2001:db8:c18:4::/64 2001:db8:c18:5::/64
Branch1 :2 Subnet#1 S0/1 :2 Branch2
S0/0 2001:db8:c18:1::/64
FA 0/0
FA 0/0 Bandwidth on :1
:1 WAN Link is 2.048 Mbps
Subnet#2 /27 is used in LAN Subnet#3
2001:db8:c18:2::/64 /30 is used in WAN 2001:db8:c18:3::/64
79
Guideline for Lab
• Branch1
- Router(config)# hostname Branch1
- Branch1(config)# int S0/0
- Branch1(config-if)# ipv6 enable
- Branch1(config-if)# ipv6 address 2001:db8:c18:4::2/64
- Branch1(config-if)# no shut
- Branch1(config-if)# int Fa0/0
- Branch1(config-if)# ipv6 enable
- Branch1(config-if)# ipv6 address 2001:db8:c18:2::1/64
- Branch1(config-if)# no shut
- Branch1(config-if)# end
- Branch1# copy run start
80
Guideline for Lab
• HQ
- Router(config)# hostname HQ
- HQ(config)# int S0/0
- HQ(config-if)# ipv6 enable
- HQ(config-if)# ipv6 address 2001:db8:c18:4::1/64
- HQ(config-if)# clock rate 128000
- HQ(config-if)# no shut
- HQ(config-if)# int Fa0/1
- HQ(config-if)# ipv6 enable
- HQ(config-if)# ipv6 address 2001:db8:c18:5::1/64
- HQ(config-if)# clock rate 128000
- HQ(config-if)# no shut
- HQ(config-if)# end
- HQ# copy run start
81
Guideline for Lab
• Branch
- Router(config)# hostname Branch2
- Branch2(config)# int S0/1
- Branch2(config-if)# ipv6 enable
- Branch2(config-if)# ipv6 address 2001:db8:c18:5::2/64
- Branch2(config-if)# no shut
- Branch2(config-if)# int Fa0/0
- Branch2(config-if)# ipv6 enable
- Branch2(config-if)# ipv6 address 2001:db8:c18:3::1/64
- Branch2(config-if)# no shut
- Branch2(config-if)# end
- Branch2# copy run start
82
Part 1 : OSPFv3 LAB
• Set ospf on each router
• Create Interface Loopback0 to be router-id
- Branch1 = 1.1.1.1 /24
- HQ = 2.2.2.2 /24
- branch2 = 3.3.3.3 /24
• Add all interfaces shown in the diagram into OSPF
process 1, area 0. After you add the interfaces to
the OSPF process, the OSPF process starts automatically
83
Guidelines Lab : OSPFv3
• Branch1
ipv6 unicast-routing
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface S0/0
bandwidth 2048
!
interface Fa0/0
ipv6 ospf 1 area 0
!
interface S0/0
ipv6 ospf 1 area 0
84
Guidelines Lab : OSPFv3
• HQ
ipv6 unicast-routing
interface Loopback0
ip address 2.2.2.2 255.255.255.0
interface S0/0
bandwidth 2048
interface S0/1
bandwidth 2048
interface Fa0/0
ipv6 ospf 1 area 0
interface S0/0
ipv6 ospf 1 area 0
interface S0/1
ipv6 ospf 1 area 0
85
Guidelines Lab : OSPFv3 86
• Branch2
ipv6 unicast-routing
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface S0/1
bandwidth 2048
!
interface Fa0/0
ipv6 ospf 1 area 0
!
interface S0/1
ipv6 ospf 1 area 0
Part 1 : OSPFv3LAB (cont.)
• Testing lab connectivity
• Use following “show” command to observe ospf
behavior
- show ipv6 interface brief
- show ipv6 ospf neighbor
You should see loopback address of neighbor router
- Show ipv6 router
- Show ipv6 router ospf
- Show ipv6 ospf interface S0/0 or S0/1
This is to check ospf parameter on interface such as ospf
Cost, Hello and Dead Time
87
Part 2 : EIGRP for IPv6
• Branch1
ipv6 unicast-routing
!
ipv6 router eigrp 1
no shutdown
!
interface S0/0
bandwidth 2048
!
interface Fa0/0
ipv6 eigrp 1
!
interface S0/0
ipv6 eigrp 1
88
Part 2 : EIGRP for IPv6
• HQ
ipv6 unicast-routing
ipv6 router eigrp 1
no shutdown
interface S0/0
bandwidth 2048
interface S0/1
bandwidth 2048
interface Fa0/0
ipv6 eigrp 1
interface S0/0
ipv6 eigrp 1
interface S0/1
ipv6 eigrp 1
89
Part 2 : EIGRP for IPv6 90
• Branch2
ipv6 unicast-routing
!
ipv6 router eigrp 1
no shutdown
!
interface S0/1
bandwidth 2048
!
interface Fa0/0
ipv6 eigrp 1
!
interface S0/1
ipv6 eigrp 1
Part 2 : EIGRP IPv6 (cont.)
• Testing lab connectivity
• Use following “show” command to observe eigrp
behavior
- Show ipv6 eigrp neighbors
- Show ipv6 eigrp topology
- Show ipv6 route
- Show ipv6 route eigrp
91
Note:
92
Day 5 – Part 3
HQ
.133 .137
S0/0 (DCE) S0/1 (DCE)
Subnet#4 FA 0/0 .254 Subnet#5
172.16.1.132/30 172.16.1.136/30
Subnet#1
192.168.1.0 /24
.134 .100 S0/1 .138
S0/0
Bandwidth on
Branch1 WAN Link is 2.048 Mbps Branch2
FA 0/0 /24 is used in LAN FA 0/0
.254 /30 is used in WAN .254
Subnet#2 Subnet#3
.100 192.168.2.0/24 192.168.3.0/24 .100
93
Part 3 : ACL
• Configuration of vty and ssh ACLs
- HQ(config)# access-list 1 permit 192.168.1.xx 0.0.0.0
- HQ(config)# line vty 0 4
- HQ(config-line)# transport input ssh
- HQ(config-line)# access-class 1 in
• Configuration of https ACLs
- HQ(config)# access-list 1 permit 192.168.1.xxx 0.0.0.0
- HQ(config)# no ip http server
- HQ(config)# ip http secure-server
- HQ(config)# ip http access-class
94
Part 3: Guide (ACL)
• Branch1
- Apply ACL to deny all service from host 192.168.2.100 to
host 192.168.1.100 except telnet (23) and remote desktop
(3389)
- Apply ACL to deny all service from host 192.168.2.1 -.253
to host 192.168.1.100 except http (80) and ping (icmp)
- Once complete this lab , wait 2-3 mins and then verify lab
- Use command “show ip interface” and “show access-lists”
to check
95
Part 3 : Guide (cont.)
• Branch1
!
ip access-list extended BlockApp
permit tcp 192.168.2.100 0.0.0.0 host 192.168.1.100 eq 23
permit tcp 192.168.2.100 0.0.0.0 host 192.168.1.100 eq 3389
deny ip 192.168.2.100. 0.0.0.0 host 192.168.1.100
permit tcp 192.168.2.0 0.0.0.255 host 192.168.1.100 eq 80
permit icmp 192.168.2.0 0.0.0.255 host 192.168.1.100
!
int S0/0
ip access-group BlockApp out
**please be aware that effect of “imlicit deny all”
96
Part 3 : Guide (cont.)
• Branch2
-Apply ACL to deny all service from host 192.168.3.100 to
host 192.168.1.100 except telnet (23) and remote desktop
(3389)
- Apply ACL to deny all service from host 192.168.3.1 - .253
to host 192.168.1.100 excep http (80) and ping (icmp)
- Once complete this lab , wait 2-3 mins and then verify lab
- Use command “show ip interface” and “show success-lists”
to check
97
Part 3 : Guide (cont.)
• Branch2
!
ip access-list extended BlockApp
permit tcp 192.168.3.100 0.0.0.0 host 192.168.1.100 eq 23
permit tcp 192.168.3.100 0.0.0.0 host 192.168.1.100 eq 3389
deny ip 192.168.3.100. 0.0.0.0 host 192.168.1.100
permit tcp 192.168.3.0 0.0.0.255 host 192.168.1.100 eq 80
permit icmp 192.168.3.0 0.0.0.255 host 192.168.1.100
!
int S0/1
ip access-group BlockApp out
**please be aware that effect of “imlicit deny all”
98
Day 5 – Part 4
HQ
.133 .137
S0/0 (DCE) S0/1 (DCE)
Subnet#4 FA 0/0 .254
172.16.1.132/30
Subnet#1
192.168.1.0 /24
.134 .100 S0/1 .138
S0/0
Bandwidth on
Branch1 WAN Link is 2.048 Mbps Branch2
FA 0/0 /24 is used in LAN FA 0/0
.254 /30 is used in WAN .254
Subnet#2 Subnet#3
.100 192.168.2.0/24 192.168.3.0/24 .100
99
Part 4 : DHCP
กาหนดคา่ IP Address และคา่ ท่ีสาคญั ตา่ งๆ เป็นดงั นี ้
• Network : 192.168. .0/24
• Default Router : IP สดุ ท้ายของ Network (Default Gateway)
• DNS Server : IP Address แรก และ IP Address ท่ี 2 ของ Network
• IP ท่ีสงวนไว้เพื่อใช้กบั Server : IP Address ที่ 1 - 10 ของ Network
• Domain Name : เป็น ccna.com
• Lease Time : เป็น 4 วนั 3 ชว่ั โมง 30 นาที
100
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
intetnet Laboratory
Discover the best professional documents and content resources in AnyFlip Document Base.
Search