Cisco Certified Network Associate

Lab Manual

Student Name:
Faculty Name:
Batch:
Branch:

www.netrich.co.in 1
Serial No. Description of Practical Page No.

Lab 1 Cisco Router Initial Configuration (IOS Commands) 5

Lab 2 WAN Interface Configuration 20

Lab 3 Static Routing 24

Lab 4 RIP 30

Lab 5 EIGRP

Lab 6 OSPF

Lab 7 Standard Access Control List

Lab 8 Extended Access Control List

Lab 9 CDP, Backup & Password Recovery

Lab 10 VLAN, Trunking & VTP

Lab 11 Inter-VLAN Routing

Lab 12 Switch Port Security & Verify Spanning Tree Protocol

Lab 13 Network Address Translation (NAT)

www.netrich.co.in 2
Lab – 1
Cisco Router Initial Configuration

Connect the Console cable from the Console port of the Router to the COM port of the PC and setup the
Hyper-terminal.

Follow these steps to configure Hyper Terminal.

Click “Start”

www.netrich.co.in 3
Click on “Programs”

Click on “Accessories” then select “Communications” then select “Hyperterminal”

www.netrich.co.in 4
Hyperterminal will open a dialog box, give a name (user defined)

Select a “COM” port,

www.netrich.co.in 5
Click on “Restore Defaults”

Default Values are:

Bits Per Second: 9600
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: none

www.netrich.co.in 6
Once HyperTerminal is ready, now turn on the Router.

After the Router boots-up completely, (on a new Cisco Router) it displays the following question:

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:

If you choose “Yes”, IOS will prompt Questions to gather the information to configure the Router, it is
recommended to choose “no”, since we can configure the Router using IOS commands.

www.netrich.co.in 7
Telnet
Once the router is configured through Console, later it can be configured using Telnet. Telnet is a
remote Command Line Interface (CLI) administration tool, available by default on Windows and
Linux systems.

Click on “Start” and click on “Run”

In the “Run” window, type “Telnet <IP of Default Gateway>”

www.netrich.co.in 8
To Configure Cisco Router, we use IOS Commands. There are different IOS modes
depending on the configuration: the following are the IOS modes

1. User Mode:

This is the first mode user interacts with the IOS.

Router>
Router is the default hostname and can be changed, ‘>’ symbol implies “User Mode”, it is a restricted
mode. Supports few basic commands

2. Privilege Mode

To switch from ‘User mode’ to ‘privilege mode’, the following command needs to be given:
Router> enable
On a new Router, you will see the following prompt:
Router#
The ‘#’ symbol represents Privilege Mode, all Show, Copy, Debug and other commands can be used.

3. Global Configuration Mode

This is the most important mode, all the Router configurations start from this mode.
To switch to “Configuration Mode”, use the following command in Privilege mode:
Router# Configure terminal

Router(config)#

From this mode you can start the Router configuration like changing the Router host name, enable
passwords, Routing protocols, Access Lists, enabling Telnet etc.,

4. Interface Configuration Mode

This mode is used to change configuration of a specific interface:

Router(config)# interface <type> <no>

Router(config-if)#

Types of interface are “Ethernet” or “FastEthernet” or “Serial”.

<no> is 0, 1, 2 and so on (interface number start from 0).
For Modular Routers the format of port numbers is <module/port> Ex: 0/0 or 0/1 or 1/0 etc.

www.netrich.co.in 9
5. Line Configuration Mode

This mode is used to change Telnet, Console & Auxiliary configuration.

Note: Following passwords should be used in lab: keygroups, cisco, or ccna

a. Telnet

To enable Telnet configure the following:

Router(config)# line vty 0 4

Router(config-line)# password <pwd>
Router(config-line)# login
Vty is virtual terminal, it enables 5 simultaneous Telnet sessions.
<pwd> is a user defined password

b. Console port

By default there is no authentication for Console access, to setup password for console:
Router(config)# line console 0
Router(config-line)# password <pwd>
Router(config-line)# login

c. Auxiliary port

To enable authentication for remote administration.

Router(config)# line aux 0
Router(config-line)# password <pwd>
Router(config-line)# login

Configuring Enable passwords

By default there is no Privilege password, hence it is recommended to enable it. There are two types of
passwords:
Enable password – this password is clear text (visible in the configuration)
Router(config)# enable password <pwd>
Enable secret – this password is encrypted (visible in encrypted form)
Router(config)# enable secret <pwd>
If both passwords are configured, enable secret gets priority.

To exit from any mode to the previous mode use “exit” command
To exit from any mode to privilege mode use “end” command
To exit from any mode to privilege mode use “ctrl + z” command

www.netrich.co.in 10
To view the configuration, use the following “show” commands: all “show” commands can be used only from
the ‘privilege mode’.

Router# show running-config

Displays the current configuration from RAM.

Router# show startup-config

Displays the configuration from NVRAM.

Other important “show” commands:

Router# show version

Router# show flash

Saving the configuration on the Router:

Router# copy running-config startup-config

Once the new Cisco Router is configured using the Console, we can access Router via Telnet (Vty)
The Router can be configured via Console or Telnet, both give same results. In large networks it is
recommended to use Telnet for easier Administration.

How to connect to the Router using Telnet?

Start  Run  Telnet 192.168.1.1  OK
Where 192.168.1.1 is IP address of the Router (default gateway)

www.netrich.co.in 11
 Using IOS context sensitive help (?)
The ? provides context sensitive help, it provides the command syntax or the commands
supported in the various IOS modes.
Example 1:

Router> ?

Exec commands:

<1-99> Session number to resume

access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
--More--

Example 2:

Router(config)# interface ?
Async Async interface
BVI Bridge-Group Virtual Interface
Dialer Dialer interface
Ethernet IEEE 802.3
Group-Async Async Group interface
Loopback Loopback interface
Multilink Multilink-group interface
Null Null interface
Serial Serial
Tunnel Tunnel interface

Similarly the context sensitive help can be used in all IOS modes and commands.
Command line editing:
 Ctrl + a -> to beginning of the command
 Ctrl + e -> to end of the command
 Esc + b -> back by one word
 Esc + f -> forward by one word
 Tab -> for command completion

www.netrich.co.in 12
Initial Configuration - Example

User mode:
Router >
Router > enable

Privilage Mode:
Router #

Show commands:
Router # show running-config
Router # show startup-config
Router # show version
Router # show flash

Moving to Global configuration mode:

Router # configure terminal
Router(config) #

Assigning Hostname to Router

Router(config) # hostname Hyderabad

Assigning IP address to Ethernet interface:

Hyderabad (config) # interface Ethernet 0
Hyderabad (config-if) # ip address 192.168.1.1 255.255.255.0 <check the IP of your Default Gateway>
Hyderabad (config-if) # no shutdown
Hyderabad (config-if) # exit

Assigning Telnet password:

Hyderabad (config) # line vty 0 4
Hyderabad (config-line) # password cisco
Hyderabad (config-line) # login
Hyderabad (config-line) #exit

Assigning console password:

Hyderabad (config) # line con 0
Hyderabad (config-line) # password ccna
Hyderabad (config-line) # login
Hyderabad (config-line) # exit

www.netrich.co.in 13
Assigning Auxiliary password:
Hyderabad (config) # line aux 0
Hyderabad (config-line) # password cisco
Hyderabad (config-line) # login
Hyderabad (config-line) # exit

Assigning enable password:

Hyderabad (config) # enable password cisco
Hyderabad (config) # enable secret cisco
Hyderabad (config) # exit

Checking the Changes in running-config

Hyderabad # show running-config
Hyderabad # show startup-config

Commands to save the configuration:

Hyderabad # copy running-config startup-config
( OR )
Hyderabad # write memory
( OR )
Hyderabad # wr

Checking the startup-config:

Hyderabad # show startup-config

www.netrich.co.in 14
Show commands output verification:

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.0(9), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 24-Jan-00 22:33 by bettyl
Image text-base: 0x80008088, data-base: 0x805FF878

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 46 minutes

System restarted by reload
System image file is "flash:c2600-i-mz_120-9.bin"

cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory.
Processor board ID JAD041806FJ (1957657516)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Router#show flash

System flash directory:

File Length Name/status
1 3420472 c2600-i-mz_120-9.bin
[3420536 bytes used, 4968072 available, 8388608 total]
8192K bytes of processor board System flash (Read/Write)

www.netrich.co.in 15
Hyderabad#show running-config

Building configuration...

Current configuration:
!
version 12.0
no service password-encryption
!
hostname Hyderabad
!
no logging console
enable secret 5 $1$lQzR$veVuUBtwlXP2T0pUUTuvC0
enable password cisco
!
memory-size iomem 15
ip subnet-zero
no ip domain-lookup
!
interface Ethernet0/0
ip address 10.0.0.1 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
!
interface Serial0/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
ip classless
!
!
line con 0
password ccna
login
line aux 0
password cisco
login
line vty 0 4
password key123
login
!
end

www.netrich.co.in 16
Check if you have completed the following labs:

1. Establish Telnet session to the Router

2. Configure hostname to router.

3. Configuring Ethernet interface of the Router

4. Password protection to the Telnet session

5. Password protection to the Console session

6. Password protection to the Auxiliary session

7. Setting up privilege mode Password.

8. Display the contents of Running-Configuration

9. Display the contents of Startup-configuration

10. Saving the Configuration

Important Note
Please don’t forget to fill in the Lab Completion Report after the lab and take the signature of the lab coordinator as Course completion
certificate will not be issued otherwise.

www.netrich.co.in 17
Lab – 2
WAN Interface Configuration

The first step to establish the WAN connection is to configure the Serial (WAN) interface.

By default the serial interface on the Router does not have IP address, encapsulation is HDLC and the interface
is in Shutdown state.

Check for DTE or DCE interface, so that the clock rate can be configured on the DCE interface.

Router# show controllers serial <no>

The following are the commands to assign IP, encapsulation & enable the serial port:
Router(config)# interface serial <no>

Router(config-if)# ip address <ip> <mask>

Router(config-if)# encapsulation <ppp> or <hdlc>

Router(config-if)# clockrate <bandwidth>

Router(config-if)# no shutdown

To verify the status of the serial interface after configuration use the following command:

Router# show interface serial <no>

From the output, the first line indicates the status of the serial interface, there are 4 different states:

1. Serial 0/0 is up , line protocol is up

(Connectivity and configuration is fine)

2. Serial 0/0 is administratively down, line protocol is down

(No Shutdown has to be given on the local router serial interface)

3. Serial 0/0 is up, line protocol is down

(Encapsulation mismatch or clock rate has not been given on DCE interface)

4. Serial 0/0 is down, line protocol is down

(Problem with the link or ‘no shutdown’ has not been given on the remote router)

www.netrich.co.in 18
WAN INTERFACE CONFIGURATION - Example:
172.16.0.1/16 172.17.0.1/16
S0 S0

HYD S1
CHE S1
172.16.0.2/16
E0 172.17.0.2/16 BAN
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
N

LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24

ON CHE:
CHE# configure terminal
CHE(config)# interface serial 0
CHE(config-if)# ip address 172.16.0.1
255.255.0.0
CHE(config-if)# no shutdown
CHE(config-if)# encapsulation hdlc
CHE(config-if)# exit
CHE(config)# exit
ON HYD:
ON BAN:
HYD # configure terminal
HYD (config) # interface serial 1 BAN# configure terminal
HYD(config-if)#ip address 172.16.0.2 BAN(config)#interface serial 1
255.255.0.0 BAN(config-if)#ip address 172.17.0.2
HYD(config-if)#no shutdown 255.255.0.0
HYD(config-if)#clock rate 64000 BAN(config-if)#no shutdown
HYD(config-if)#encapsulation hdlc BAN(config-if)#encapsulation hdlc
HYD(config-if)#^z BAN(config-if)#^Z
HYD# configure terminal
HYD(config) #interface serial 0
HYD(config-if)#ip address 172.17.0.1
255.255.0.0
HYD(config-if)#no shutdown
HYD(config-if)#encapsulation hdlc
HYD(config-if)#clock rate 64000 19
HYD(config-if)#^Z
Fill the Blanks before Starting your configuration

Router Name:_________________

ROUTER # configure terminal

ROUTER (config) # interface serial _____
ROUTER (config-if) # ip address ___________________ ___________________
ROUTER (config-if) # no shutdown
ROUTER (config-if) # clock rate 64000 <to be configured if your serial interface is DCE>
ROUTER (config-if) # encapsulation hdlc
ROUTER (config-if) # exit
ROUTER (config) # interface serial _____
ROUTER (config-if) # ip address ___________________ ___________________
ROUTER (config-if) # no shutdown
ROUTER (config-if) # encapsulation hdlc
ROUTER (config-if) # clock rate 64000 <to be configured if your serial interface is DCE>
ROUTER (config-if) # exit

20
WAN configuration output verification:

hyderabad#show interface serial 0/1

Serial1/0 is up, line protocol is up
Hardware is M4T
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
CRC checking enabled
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
4 packets output, 96 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

www.keygroups.in 21
Lab-3
Configure Static Routing
To configure static routing use the following syntax:

Router# configure terminal

Router(config)# ip route <Dest N/W ID> <Dest subnet mask> {<Next hop ip address> or
<Exit Interface type><No.>}

Dest N/W ID: destination network ID of the remote network

Dest subnet mask: subnet mask of the remote network
Next hop ip address: next router interface ip address
Exit interface type & Number: outgoing interface type and number to be used to forward packet to the
destination network

View the routing table for verification of static route

Router# show ip route

www.keygroups.in 22
STATIC ROUTING - Example
Configure Static Route to allow LAN of Chennai to communicate with LAN of Hyderabad and vice-versa:

172.16.0.1/16
S0

HYD S1
CHE
172.16.0.2/16
E0 BAN
E0
192.168.1.1/24 10.0.0.1/8
N

LAN - 192.168.1.0/24 LAN – 10.0.0.0/8

ON CHE : ON HYD :

CHE # configure terminal HYD # configure terminal

CHE(config) # ip routing HYD(config) # ip routing
CHE(config) # ip route 10.0.0.0 255.0.0.0 S0 HYD(config) # ip route 192.168.1.0 255.255.255.0 172.16.0.1

Show commands: Debug commands:

ROUTER # show ip route ROUTER # debug ip routing
ROUTER # debug ip packet
26
 STATIC ROUTING - Example

Configure Static Route to allow LAN of Chennai & Bangalore to communicate with Hyderabad and vice-versa:

172.16.0.1/16 172.17.0.1/16
S0 S0

HYD S1
CHE S1
172.16.0.2/16
E0 172.17.0.2/16 BAN
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
N

LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24

ON CHE : ON HYD : ON BAN:

CHE # configure terminal HYD # configure terminal BAN # configure terminal

CHE(config) # ip routing
CHE(config) # ip route 10.0.0.0 255.0.0.0 172.16.0.2
CHE(config) # ip route 192.168.2.0 255.255.255.0
172.16.0.2
CHE(config) # ip route 172.17.0.0 255.255.0.0
172.16.0.2
HYD(config) # ip routing BAN(config) # ip routing
HYD(config) # ip route 192.168.1.0 255.255.255.0 BAN(config) # ip route 10.0.0.0 255.0.0.0 S1
172.16.0.1 BAN(config) # ip route 192.168.1.0 255.255.255.0 S1
HYD(config) # ip route 192.168.2.0 255.255.255.0 BAN(config) # ip route 172.16.0.0 255.255.0.0 S1
172.17.0.2

Show commands:

ROUTER # show ip route 26

Fill the Blanks before Starting your configuration

Router Name:_________________
ROUTER # configure terminal
ROUTER(config) #
ROUTER(config) # ip routing
ROUTER(config) # ip route _________________ ___________________ _________

26
Hyderabad# show ip route
Default gateway is not set

Host Gateway Last Use Total Uses Interface

ICMP redirect cache is empty

The above output implies that IP Routing process is disabled. To enable IP Routing use the following command
in Global Configuration Mode:

Router(Config)# ip routing

Hyderabad#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR

Gateway of last resort is not set

C 172.16.0.0/16 is directly connected, Serial0/1

C 172.17.0.0/16 is directly connected, Serial0/0
C 10.0.0.0/8 is directly connected, Ethernet0/1
S 192.168.1.0/24 [1/0] via 172.16.0.1
S 192.168.2.0/24 [1/0] via 172.17.0.2

“C" represents that the IP Network was learnt through the local Routers Interface.
“S” represents that the IP Network was learnt through the Static route.

www.keygroups.in 30
Default Routing - Example

172.16.0.1
S0

CHE
E0
192.168.1.1

ON CHE :

CHE # configure terminal

CHE(config) # ip routing
CHE(config) # ip route 0.0.0.0 0.0.0.0 serial 0

Show commands:

ROUTER # show ip route

Router Name:_________________
ROUTER(config) # ip routing
ROUTER(config) # ip route 0.0.0.0 0.0.0.0 _____ ____

www.keygroups.in 30
Hyderabad#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR

Gateway of last resort is not set

C 172.16.0.0/16 is directly connected, Serial0/1

C 172.17.0.0/16 is directly connected, Serial0/0
C 10.0.0.0/8 is directly connected, Ethernet0/1
S* 0.0.0.0/0 is directly connected, Serial0/1

“S*” represents Static Default route

Check if you have completed the following labs

1. Assign the IP address and make the serial interface

administratively up.

2. Understanding the importance of extended ping command.

3. Understanding the importance of debug IP packet command.

4. Understanding the IP Routing table.

5. Configure Static route using the next hop address.

6. Configure Static route using the exit interface.

7. Configure a Static Default route.

www.keygroups.in 30
Lab-4
Configure RIP Routing Protocol
To configure RIP on the router, go to the configuration mode

Enable Rip by giving the following command

Router(config)# router rip

Ones you are in the router configuration mode advertise your directly connected networks by using the
network command
Router(config-router)# network <network ID>

To verify the output:

Router# show ip route

To verify the RIP updates sent and received, use the following command :
Router# debug ip rip

To see the output on the telnet session:

Router# terminal monitor

To verify which dynamic routing protocols are configured and their properties give the following command
Router#show ip protocols

Configure RIP version 2

To configure RIP version 2, give the following command

Router(config)# router rip
Router(config-router)# version 2
Router(config-router)# network <Network ID>

www.keygroups.in 30
RIP - Example:

172.16.0.1/16 172.17.0.1/16
S0 S0

HYD S1
CHE S1
172.16.0.2/16
E0 172.17.0.2/16 BAN
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
N

LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24

ON CHE: ON HYD : ON BAN:

CHE# configure terminal HYD # config terminal
CHE(config)#ip routing HYD(config) # ip routing
CHE(config)#router rip HYD(config) # router rip
CHE(config-router)# network 192.168.1.0 HYD(config-router) # network 10.0.0.0 0
CHE(config-router) # network 172.16.0.0 HYD(config-router) # network 172.16.0.0
CHE(config-router) #^z HYD(config-router) # network 172.17.0.0
CHE# HYD(config-router) # ^z
HYD#
BAN # config terminal
BAN(config) # ip routing
BAN(config) # router rip
BAN(config-router) # network 192.168.2.0
BAN(config-router) # network 172.17.0.0
BAN(config-router) # ^z
BAN#

Show commands: Debug commands:

HYD # show ip route HYD # debug ip rip

HYD # show ip protocol HYD# terminal monitor 21
HYD# undebug all (to turnoff debugging)
Fill the Blanks before Starting your configuration

Router Name:_________________ ROUTER(config) # ip routing

ROUTER # configure terminal ROUTER(config) # router rip
ROUTER (config) # interface serial 0 ROUTER(config-router) # network ________________
ROUTER (config-if) # ip address ____________ ___________ ROUTER(config-router) # network ________________
ROUTER (config-if) # no shutdown ROUTER(config-router) # network________________
ROUTER (config-if) # clock rate 64000 ROUTER(config-router) # ^z
ROUTER (config-if) # encapsulation hdlc ROUTER#
ROUTER (config-if) # exit
ROUTER (config) # interface serial 1
ROUTER (config-if) # ip address ____________ ___________
ROUTER (config-if) # no shutdown
ROUTER (config-if) # encapsulation hdlc
ROUTER (config-if) # clock rate 64000
ROUTER (config-if) # exit
ROUTER(config) #
22
 RIP output verification:

Hyderabad#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial0/0

C 172.16.0.0/16 is directly connected, Serial0/1
C 10.0.0.0/8 is directly connected, Ethernet0/1
R 192.168.1.0/24 [120/1] via 172.16.0.1, 00:00:04, Serial0/1
R 192.168.2.0/24 [120/1] via 172.17.0.2, 00:00:16, Serial0/0

“R” represents RIP learnt Route, “120“ is the Administrative distance and “1” is the metric (Hop
count), IP network was learnt through RIP.

Check if you have completed the following labs

1. Enabling RIP Protocol process on the respective networks

2. Understanding the RIP protocol routes in the routing table

3. Understanding the RIP updates using debug IP RIP command

4. Check the Administrative Distance usage with RIP and Static

www.keygroups.in 23
Lab -5
Configure EIGRP Routing protocol
To configure EIGRP routing protocol

Use the following command in configuration mode.

Router(config)#router eigrp <autonomous system no>
The Autonomous system number is between 1 – 65535

To Advertised directly connected network use following command.

Router(config-router)# network <network ID>

To see the output use following command

To see the directly connected neighbors of EIGRP give the command

Router# show ip eigrp neighbors

To see the topology table of EIGRP give the command

Router# show ip eigrp topology

To see the routing table the command is

Router# show ip route

www.keygroups.in 24
 EIGRP – Example:
172.16.0.1/16 172.17.0.1/16
S0 S0

HYD S1
CHE S1
172.16.0.2/16
E0 172.17.0.2/16 BAN
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
N

LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24

ON CHE: ON HYD: ON BAN:

CHE # configure terminal HYD # configure terminal
CHE(config) # ip routing HYD(config) # ip routing
CHE(config) # router eigrp 10 HYD(config) # router eigrp 10
CHE(config-router)# network 192.168.1.0 HYD(config-router)#network 10.0.0.0
CHE(config-router)# network 172.16.0.0 HYD(config-router)#network 172.16.0.0
CHE(config-router)# exit HYD(config-router)#network 172.17.0.0
CHE(config) # exit HYD(config-router)#exit
HYD(config) # exit
BAN # configure terminal
BAN(config) # ip routing
BAN(config) # router eigrp 10
BAN(config-router)#network 192.168.2.0
BAN(config-router)#network 172.17.0.0
BAN(config-router)#exit
BAN(config)#exit

Show commands: Show commands:

HYD # show ip route HYD # show ip eigrp topology

HYD # show ip protocols HYD # show ip eigrp neighbor
HYD # show ip eigrp
25 neighbor detail
Fill the Blanks before Starting the configuration

Router Name:_________________
ROUTER(config) #
ROUTER # configure terminal ROUTER(config) # ip routing
ROUTER (config) # interface serial 0 ROUTER(config) # router eigrp _______
ROUTER (config-if) # ip address ___________ ____________ ROUTER(config-router) # network ________________
ROUTER (config-if) # no shutdown ROUTER(config-router) # network ________________
ROUTER (config-if) # clock rate 64000 ROUTER(config-router) # network________________
ROUTER (config-if) # encapsulation hdlc ROUTER(config-router) # ^z
ROUTER (config-if) # exit ROUTER#
ROUTER (config) # interface serial 1
ROUTER (config-if) # ip address ___________ ____________
ROUTER (config-if) # no shutdown
ROUTER (config-if) # encapsulation hdlc
ROUTER (config-if) # clock rate 64000
ROUTER (config-if) # exit

26
EIGRP output verification
hyderabad#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial1/0

C 172.16.0.0/16 is directly connected, Serial1/1
C 10.0.0.0/8 is directly connected, Loopback0
D 192.168.1.0/24 [90/2195456] via 172.16.0.1, 00:00:06, Serial0/1
D 192.168.2.0/24 [90/2195456] via 172.17.0.2, 00:00:06, Serial0/0

hyderabad#show ip eigrp topology

IP-EIGRP Topology Table for AS(10)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status

P 10.0.0.0/8, 1 successors, FD is 281600

via Connected, Ethernet0/0
P 192.168.1.0/24, 1 successors, FD is 2195456
via 172.16.0.1 (2195456/281600), Serial0/1
P 192.168.2.0/24, 1 successors, FD is 2195456
via 172.17.0.2 (2195456/281600), Serial0/0
P 172.16.0.0/16, 1 successors, FD is 2169856
via Connected, Serial0/1
P 172.17.0.0/16, 1 successors, FD is 2169856
via Connected, Serial0/0

hyderabad#show ip eigrp neighbors

IP-EIGRP neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.17.0.2 Se0/0 11 00:05:15 207 1242 0 9
0 172.16.0.1 Se0/1 10 00:09:41 202 1212 0 10

www.keygroups.in 27
 Check if you have completed the following labs

1. Configuration of EIGRP

2. Verify Neighbor table

3. Verify topology table (FD/AD)

4. Verify the routing table

www.keygroups.in 28
Lab - 6
Configure OSPF Routing protocol
To configure OSPF routing protocol
Use the following command in configuration mode.
Router(config)#router ospf <process id>

To advertise directly connected network command is

Router(config-router)# network <network ID> <wildcard mask> area <area no>

To see the output use following commands

To see the directly connected neighbors and DR/BDR of OSPF give the command
Router#show ip ospf neighbour

To see the database table of ospf give the command

Router#show ip ospf database

To see the routing table give the following command

Router#show ip route

www.keygroups.in 29
 OSPF – Example:
AREA 0

172.16.0.1/16 172.17.0.1/16
S0 S0

HYD S1
CHE BAN
172.16.0.2/16 CHE S1
BAN
E0 172.17.0.2/16
E0 E0
192.168.1.1/24 10.0.0.1/8
N
192.168.2.1/24
N

LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24

ON CHE: ON HYD: ON BAN:

CHE # configure terminal HYD # configure terminal BAN # configure terminal
CHE(config) # ip routing HYD(config) # ip routing BAN(config) # ip routing
CHE(config) # router ospf 5 HYD(config) # router ospf 3 BAN(config) # router ospf 3
CHE(config-router)#network 192.168.1.0 0.0.0.255 area 0 HYD(config-router)# network 10.0.0.0 0.255.255.255 area 0 BAN(config-router)#network 192.168.2.0 0.0.0.255 area 0
CHE(config-router)#network 172.16.0.0 0.0.255.255 area 0 HYD(config-router)# network 172.16.0.0 0.0.255.255 area 0 BAN(config-router)#network 172.17.0.0 0.0.255.255 area 0
CHE(config-router) #^z HYD(config-router)# network 172.17.0.0 0.0.255.255 area 0 BAN(config-router)#^z
CHE# HYD(config-router)# ^z BAN#
HYD #

Show commands: Debug commands:

Router # show ip route Router # debug ip ospf adj

Router # show ip ospf database Router # debug ip ospf packet
Router # show ip ospf neighbors Router # debug ip ospf event
30
 Fill in the Blanks before starting the configuration

Router Name:_________________
ROUTER(config) #
ROUTER(config) # ip routing
ROUTER # configure terminal ROUTER(config) # router OSPF ____
ROUTER (config) # interface serial 0 ROUTER(config-router) # network _________ _______ area _____
ROUTER (config-if) # ip address ______________ _________ ROUTER(config-router) # network _________ _______ area _____
ROUTER (config-if) # no shutdown ROUTER(config-router) # network _________ _______ area _____
ROUTER (config-if) # clock rate 64000 ROUTER(config-router) # ^z
ROUTER (config-if) # encapsulation hdlc ROUTER#
ROUTER (config-if) # exit
ROUTER (config) # interface serial 1
ROUTER (config-if) # ip address ______________ _________
ROUTER (config-if) # no shutdown
ROUTER (config-if) # encapsulation hdlc
ROUTER (config-if) # clock rate 64000
ROUTER (config-if) # exit

31
OSPF output verification:

Hyderabad#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial0/0

C 172.16.0.0/16 is directly connected, Serial0/1
C 10.0.0.0/8 is directly connected, Ethernet0/1
O 192.168.1.0/24 [110/74] via 172.16.0.1, 00:00:23, Serial0/1
O 192.168.2.0/24 [110/74] via 172.17.0.2, 00:00:23, Serial0/0

hyderabad#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.1.1 0 FULL/ - 00:00:31 172.16.0.1 Serial0/1
192.168.2.1 0 FULL/ - 00:00:34 172.17.0.2 Serial0/0

hyderabad#show ip ospf database

OSPF Router with ID (172.17.0.1) (Process ID 3)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

172.17.0.1 172.17.0.1 67 0x80000003 0x0023DE 5
192.168.1.1 192.168.1.1 88 0x80000002 0x007456 3
192.168.2.1 192.168.2.1 68 0x80000002 0x00BD07 3

www.keygroups 31
Check if you have completed the following labs

1. Configuration of OSPF

2. Automatic selection of router-id

3. Debugging and understanding the functioning of hello packet

4. Debugging and understanding the adjacency formation

5. Verification of OSPF database

6. Verification of OSPF Neighbor table

7. Election of DR/BDR

www.keygroups 31
Lab - 7
ACCESS CONTROL LIST:
There are two types of Access Control Lists

Syntax for configuring Standard ACL is as Follows

Router(config)# access-list <No> permit/deny <source ip> <source wildcard mask>

To implement ACL in Interface

Router(config)# interface <type> <no>
Router(config-if)# ip access-group <no> in/out

To verify the output

Router# show ip access-list

Syntax for configuring Extended ACL is as Follows

Router(config)# access-list <No> permit/deny <protocol> <source ip> <source wildcard mask>
<destination ip> <destination wildcard mask> [operator] [port No.]

To implement ACL in Interface

Router(config)# interface <type> <no>
Router(config-if)# ip access-group <no> in/out

To verify the output

Router# show ip access-list

www.keygroups 31
 STANDARD ACCESS-LIST - Example:
172.16.0.1/16 172.17.0.1/16
S0 S0

HYD S1
CHE S1
172.16.0.2/16
E0 172.17.0.2/16
BAN
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
N

LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24

ON CHE: ON HYD: ON BAN:

SCENARIO 1: SCENARIO 2: SCENARIO 3:
Only 192.168.2.0 should communicate with 192.168.1.0
Configuration of an access-list on HYD that administrative Configuration of an standard access-list on Bangalore Ethernet
access through Telnet is possible only from 10.0.0.10 0 in the outbound direction denying 10.0.0.10
CHE # configure terminal
CHE (config) # access-list 1 permit 192.168.2.0 0.0.0.255 HYD # configure terminal BAN (config) # access-list 1 deny 10.0.0.10 0.0.0.0
CHE (config) # int e0 HYD (config) # access-list 1 permit 10.0.0.10 0.0.0.0 BAN (config)#access-list 1 permit any
CHE (config-if) # ip access-group 1 out HYD (config) # line vty 0 4 BAN (config)#interface Ethernet 0
CHE (config-if) # exit HYD (config-line) # access-class 1 in BAN (config-if) # ip access-group 1 out
CHE (config) # exit HYD (config-line) # exit BAN (config-if) # exit
HYD (config) # exit BAN (config) # exit
CHE # show ip access-list
Note: Use the command prompt of a PC try to ping the filtered
ip address
 EXTENDED ACCESS-LIST - Example:
172.16.0.1/16 172.17.0.1/16
S0 S0
HYD S1
CHE S1
172.16.0.2/16
E0 172.17.0.2/16
BAN
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
N

LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24

SCENARIO :2 SCENARIO :1 SCENARIO :3

Condition: Condition: Condition:

deny PING (Echo) from Bang LAN to Chen LAN
permit all other services.
On CHE:
CHE#configure terminal
CHE (config)#access-list 110 deny icmp 192.168.2.0
0.0.0.255 192.168.1.0 0.0.0.255 echo
CHE (config)#access-list 110 permit ip any any
CHE (config)#interface serial 0
CHE (config-if)#ip access-group 110 in
CHE (config-if)^z
Allow only FTP service from Bang LAN
On HYD:
HYD#configure terminal
HYD (config)# access-list 101 permit tcp 192.168.2.0
0.0.0.255 10.0.0.0 0.255.255.255 eq ftp
HYD (config)#interface ethernet 0
HYD (config-if)#ip access-group 101 out
HYD (config-if)#exit
HYD (config)#
Deny HTTP from Chen LAN to Bang LAN.
Permit all other services from any network.
On BAN:
BAN#configure terminal
BAN (config)#access-list 111 deny tcp 192.168.1.0
0.0.0.255 192.168.2.0 0.0.0.255 eq 80
BAN (config)#access-list 111 permit ip any any
BAN (config)#interface serial 1
BAN (config-if)#ip access-group 111 in
BAN (config-if)^z

CHE # show ip access-list HYD # show ip access-list BAN # show ip access-list

33
Access Control Verification:

Hyderabad#show ip access-list
Standard IP access list 1
permit 10.0.0.10

Hyderabad#show ip access-list
Extended IP access list 101
permit tcp 192.168.2.0 0.0.0.255 host 10.0.0.10 eq ftp

Check if you have completed the following labs

1. Configure any routing protocol (e.g. RIP) & check the

communication

2. Configure Standard access-list on CHE Ethernet 0 in the out

bound direction, permitting only 192.168.2.0

3. Configure an access-list on HYD that administrative access

through Telnet is possible only from 10.0.0Configure an access-
list on BAN Ethernet 0 in the outbound direction, denying
10.0.0.10 host only

4. Configuration an access-list on CHE serial 0 in the inbound

direction, deny ping request from 192.168.2.0 to 192.168.1.0
and permitting any other services.

5. Configuration of an extended access-list on HYD Ethernet 0 in

the outbound direction permitting only FTP service from the
network 192.168.2.0 to 10.0.0.10

6. Configuration of an extended access-list on BAN serial 1 in

inbound direction denying HTTP from 192.168.1.0 to
192.168.2.0 and permitting other traffic from any network to
192.168.2.0 network.

www.keygroups.in 34
LAB 9:
CDP Cisco Discovery Protocol

CDP is enabled by default on all Cisco devices. It is used for troubleshooting connectivity between Cisco
devices. To check the output of Cisco discovery protocol(cdp) give the following command.

This command will show the timer of cdp hello and the holddown interval
Router#show cdp

This command will show the brief information of the directly connected Cisco devices
Like hostname, interface to which it is connected, the model of the device etc
Router#show cdp neighbour

This command will show detail information of the directly connected Cisco devices
Like- Ip address Ios version, platform of the remote device etc
Router#show cdp neighbour detail

LAB 9.a
IOS Backup

For taking the backup of the IOS and the configuration file backup like the Running configuration and the
startup configuration

First install the TFTP server software in any of the PC in the network and at the time of the backup the
software should be running on the PC where it is installed.
Login to the router
Go to the privilege mode

To take the backup of the statup configuration give the command

Router#copy startup-config tftp

To take the backup of the IOS give the command

Router#copy flash tftp

To see where the files have been backed up go to the tftp server the files are stored in the directory ie
C:\Program Files\Cisco Systems\Cisco TFTP Server

www.keygroups.in 35
LAB - 10
Password Recovery

The following steps required to reset the password of Cisco Router.

The procedure for Fixed & Modular Router is slightly different.

Step1:
Connect the console port of Router to com port of pc.

Step2:
Configure the hyper terminal software for console communication (see steps as shown in Initial configuration)

Step3:
Power on the router (if already power on restart it by power button).

Step4:
Press “Ctrl + Break” within 60 sec after power on.

Step5:
Router will enter Rom monitor mode.
ROMMON 1>
or
>

Step6:
For fixed router, use the following commands:
>o/r 0x2142
>i

For modular router, use the following ROM MON commands:

ROMMON 1>confreg 0x2142
ROMMON 2>reset

Configure Register Value 0x2142 will skip executing the startup configuration from nvram during
bootup.

www.keygroups.in 36
Step7:
After the router boots up,

Would you like to enter the initial configuration dialog? [yes/no]: no

Router>enable
Router#copy startup-config running-config
Destination filename [running-config]? <Just Press Enter Key>

Old configuration file which has the password is enabled:

Since we are already in the privilege mode, we can setup a new privilege password.

Hyderabad#
Hyderabad#configure terminal
Hyderabad(config)#enable secret ccna
Hyderabad(config)#line vty 0 4
Hyderabad(config-line)#password ccna

Hyderabad(config-line)#line console 0
Hyderabad(config-line)#password ccna
Hyderabad(config-line)#exit

Reset the configuration register back to the default:

Hyderabad(config)#config-register 0x2102

Enable the Ethernet interface:

Hyderabad(config)#interface ethernet 0/0
Hyderabad(config-if)#no shutdown
Hyderabad(config-if)#^Z

Save the new password in NVRAM and restart the router:

Hyderabad#copy running-config startup-config
Hyderabad#reload

www.keygroups.in 37
Lab 11
VLAN’S AND TRUNKING

To Create a VLAN on a Switch

VLAN Creation:
Switch(config)# vlan <VLAN No.>
Switch(config-vlan)# name <name>

Assigning VLAN membership to the ports:

Switch(config) # interface <type> <No.>
Switch(config-if) # switchport mode access
Switch(config-if) # switchport access vlan <VLAN No.>
Switch(config-if) # exit

To configure a trunk link on interface

TRUNKING:
Switch(config) # interface <type> <No.>
Switch(config-if) # switchport mode trunk
Switch(config-if) # switchport trunk allowed vlan all
Switch(config-if) # exit

VLAN Trunking Protocol:

To configure VTP on Switch
Switch(config) # vtp domain <name>
Switch(config) # vtp mode server / client / transparent
Switch(config) # vtp password <password>
Switch(config) # vtp pruning

www.keygroups.in 38
Lab - 11
VLAN
ON 192.168.20.50
VLAN CREATION:
2950(config) # vlan 10
2950(config-vlan) # name sales
2950(config) # vlan 20
2950(config-vlan) # name mkt
Assigning membership to ports:
2950(config) # interface fa0/2
2950(config-if) # switchport mode access
2950(config-if) # switchport access vlan 10
2950(config-if) # exit
2950(config)# interface fa0/4
2950(config-if) # switchport mode access
2950(config-if)# switchport access vlan 20
TRUNKING:
2950 # config terminal
2950(config) # interface fa0/24
2950(config-if) # switchport mode trunk
2950(config-if) # switchport trunk
allowed vlan all
2950(config-if) # ^Z
Verify and troubleshooting:
2950 #show mac-address-table
2950 #show vlan
2950 #show interface status
2950 #show interface trunk
www.keygroups.in
ON 192.168.20.51
VLAN CREATION:
2950(config) # vlan 10
2950(config-vlan) # name sales
2950(config) # vlan 20
2950(config-vlan) # name mkt
Assigning membership to ports:
2950(config) # interface fa0/14
2950(config-if) # switchport mode access
2950(config-if) # switchport access vlan 10
2950(config-if) # exit
2950(config)# interface fa0/17
2950(config-if) # switchport mode access
2950(config-if)# switchport access vlan 20
TRUNKING:
2950 # config terminal
2950(config) # interface fa0/24
2950(config-if) # switchport mode trunk
2950(config-if) # switchport trunk
allowed vlan all
2950(config-if) # ^Z
Verify and troubleshooting:
2950 #show mac-address-table
2950 #show vlan
2950 #show interface status
2950 #show interface trunk
39
VLAN output verification

SWITCH-50#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 000d.28f0.63c0 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 0002.169c.0ba1 DYNAMIC Fa0/1
1 0002.b945.ea80 DYNAMIC Fa0/2
1 000c.8577.2058 DYNAMIC Fa0/24
1 0010.7b0b.a2c0 DYNAMIC Fa0/23
1 0013.20b7.07cc DYNAMIC Fa0/8
1 0013.20b7.08a5 DYNAMIC Fa0/9
1 0013.20b7.1d15 DYNAMIC Fa0/15
1 0013.20b7.1d53 DYNAMIC Fa0/5
1 0013.20b7.1d8c DYNAMIC Fa0/24
1 0013.8ff9.9ad1 DYNAMIC Fa0/24
1 0050.50d0.971a DYNAMIC Fa0/23
20 0013.20b7.08e6 DYNAMIC Fa0/6
Total Mac Addresses for this criterion: 16

SWITCH-50#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
10 sales active Fa0/2
20 mkt active Fa0/4
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

www.keygroups.in 40
SWITCH-50#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/24 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/24 1-4094

Port Vlans allowed and active in management domain

Fa0/24 1,10,20

Port Vlans in spanning tree forwarding state and not pruned

Fa0/24 1,10,20

SWITCH-50#show interface status

Port Name Status Vlan Duplex Speed Type

Fa0/1 connected 1 a-half a-10 10/100BaseTX
Fa0/2 connected 10 a-half a-10 10/100BaseTX
Fa0/3 notconnect 1 auto auto 10/100BaseTX
Fa0/4 connect 20 auto auto 10/100BaseTX
Fa0/5 connected 1 a-full a-100 10/100BaseTX
Fa0/6 connected 1 a-full a-100 10/100BaseTX
Fa0/7 notconnect 1 auto auto 10/100BaseTX
Fa0/8 connected 1 a-full a-100 10/100BaseTX
Fa0/9 notconnect 1 auto auto 10/100BaseTX
Fa0/10 notconnect 1 auto auto 10/100BaseTX
Fa0/11 notconnect 1 auto auto 10/100BaseTX
Fa0/12 notconnect 1 auto auto 10/100BaseTX
Fa0/13 notconnect 1 auto auto 10/100BaseTX
Fa0/14 notconnect 1 auto auto 10/100BaseTX
Fa0/15 connected 1 a-full a-100 10/100BaseTX
Fa0/16 notconnect 1 auto auto 10/100BaseTX
Fa0/17 notconnect 1 auto auto 10/100BaseTX
Fa0/18 notconnect 1 auto auto 10/100BaseTX
Fa0/19 notconnect 1 auto auto 10/100BaseTX
Fa0/20 notconnect 1 auto auto 10/100BaseTX
Fa0/21 notconnect 1 auto auto 10/100BaseTX
Fa0/22 notconnect 1 auto auto 10/100BaseTX
Fa0/23 connected 1 a-full a-100 10/100BaseTX
Fa0/24 connected trunk a-full a-100 10/100BaseTX
SWITCH-50#

www.keygroups.in 41
 VTP – Example:

Server

Client

ON 192.168.20.50 Note: verify vlan before and after

configuration
VTP Configuration:
ON 192.168.20.51
2950 # config terminal
2950(config) # vtp domain keygroup VTP Configuration:
2950(config) # vtp mode server
2950 # config terminal
2950(config) # vtp pruning
2950(config) # vtp domain keygroup
2950(config) # vtp password ccna
2950(config) # vtp mode client
VLAN CREATION: 2950(config) # vtp password ccna

2950 # config terminal Verify and troubleshooting:

2950(config) # vlan 101
2950(config-vlan) # name accounts 2950 #sow vlan
2950(config-vlan) #exit 2950 #show vtp status
2950(config) # vlan 102
2950(config-vlan) # name programmer
2950(config-vlan) # ^z

Verify and troubleshooting:

2950 #sow vlan
2950 #show vtp status

www.keygroups.in 42
VTP output verification:

SWITCH-50#show vtp status

VTP Version :2
Configuration Revision : 10
Maximum VLANs supported locally : 64
Number of existing VLANs :7
VTP Operating Mode : Server
VTP Domain Name : keygroups
VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x6B 0xBE 0x07 0xC5 0xCD 0xFC 0xC8 0xEE
Configuration last modified by 192.168.20.50 at 3-1-93 08:28:15
Local updater ID is 192.168.20.50 on interface Vl1 (lowest numbered VLAN interface found)
SWITCH-50#

www.keygroups.in 43
Lab – 12
Inter-VLAN Routing

To Create a VLAN on a Switch

VLAN CREATION:
Switch(config)# vlan <VLAN No.>
Switch(config-vlan)# name <name>

To Assign a interface to VLAN

ASSIGNING MEMBERSHIP TO THE PORTS:
Switch(config) # interface <type> <No.>
Switch(config-if) # switchport mode access
Switch(config-if) # switchport access vlan <VLAN No.>
Switch(config-if) # exit

To configure a trunk link on interface connected to router

TRUNKING:
Switch(config) # interface <type> <No.>
Switch(config-if) # switchport mode trunk
Switch(config-if) # switchport trunk allowed vlan all
Switch(config-if) # exit

To configure interval VLAN routing on A Router

To configure interface on a router

Default configuration on Ethernet of a Router:
Router(config) # interface <type> <No.>
Router (config-if) # no shutdown
Router (config-if) # no ip address
Router (config-if) # exit

To configure sub interface on a router

Configuration on sub interface of a Router:
Router(config) # interface <type> <no.no>
Router (config-if) # encapsulation dot1q <vlan no> [native]
Router (config-if) # no ip address
Router (config-if) # exit

www.keygroups.in 44
 Inter-VLAN – Example:

E0.1 E0.
192.168.1.1 192
VLAN 10 VLA

Configuration on Switch: Configuration on Router

switch# configure terminal router# configure terminal

switch(config)#vlan 10 router(config)# interface ethernet 0
VLAN 10 VLAN 20
switch(config-vlan)# name Sales router(config-if)#
Trunk Port
no ip address
Sales
switch(config-vlan)# exit Marketing
router(config-if)# no shutdown
switch(config)# vlan 20 router(config-if)# exit
switch(config-vlan)# name Marketing router(config)# interface ethernet 0.1
switch(config-vlan)# exit router(config-if)# encapsulation dot1q 10
switch(config)# interface range fa0/1 - 2 router(config-if)# ip address 192.168.1.1
switch(config-if-range)# switchport mode access 255.255.255.0
switch(config-if-range)# switchport access vlan 10 router(config-if)# exit
switch(config-if-range)# exit router(config)# interface ethernet 0.2
switch(config)# interface range fa0/5 - 6 router(config-if)# encapsulation dot1q 20
switch(config-if-range)# switchport mode access router(config-if)# ip address 192.168.2.1
switch(config-if-range)# switchport access vlan 20 255.255.255.0
switch(config-if-range)# exit router(config-if)# exit
switch(config)# interface fa0/10 router(config)# no ip routing
switch(config-if)# switchport mode trunk router(config)# ip routing
switch(config-if)# switchport trunk allowed vlan all router(config)#exit
switch(config-if)# ^z router# show ip route
switch# show vlan router# show running-config
switch# show interface trunk

www.keygroups.in 45
Inter-Vlan output verification:

On Switch:

SWITCH-50#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/7, Fa0/8,
Fa0/9, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
10 sales active Fa0/1, Fa0/2
20 Marketing active Fa0/5, Fa0/6
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

SWITCH-50#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/10 on 802.1q trunking 1
Fa0/24 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/2 1-4094
Fa0/24 1-4094

On Router:

Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.1.0/24 is directly connected, Ethernet0.1

C 192.168.2.0/24 is directly connected, Ethernet0.2

www.keygroups.in 46
Check if you have completed the following labs

1. Verification of MAC address table

2. Creation of VLAN

3. Assigning the hosts to a VLAN

4. Configure Trunking between switches

5. Created Sub-interfaces on Router

6. Changed sub-interface encapsulation to dot1q

7. Inter-VLAN communication through an external router.

8. Understanding the concepts of VTP modes

 Server mode

 Client mode

 Transparent mode

www.keygroups.in 47
Lab 13 - Port Security

To configure port security on a switch interface

Port Security:
Switch(config) # interface <type> <No.>
Switch(config-if) # switchport mode access
Switch(config-if) # Switchport port-security
Switch(config-if) # Switchport port-security maximum <No. of MAC address>
Switch(config-if) # Switchport port-security mac-address <MAC ADDRESS/ sticky>
Switch(config-if) # Switchport port-security violation <shutdown/protect/restrict>

Switch
Port no. 1 Port no. 3

Port no. 2

00-13-20-B7-1D-8C
00-13-20-B7-1E-1C
00-13-20-B7-1D-1

Switch(config)#Interface fa0/1
Switch(config-if)#Switchport port-security
Switch(config-if)#Switchport port-security maximum 1
Switch(config-if)#Switcport port-security mac-address 0013.20B7.1D8C
Switch(config-if)#Switchport port-security violation shutdown
Switch(config-if)#^Z

Switch# show port-security

Switch# show interface status

www.keygroups.in 48
Lab – 14
NAT Configuration

To implement NAT in Interface

Router(config)# interface <type> <no>
Router(config-if)#ip NAT inside/outside

Syntax for configuring NAT is as Follows

Router(config)#ip nat inside source <IP / ACL no.> <IP / pool name / <int type no>> [overload]

Syntax for configuring NAT Pool is as Follows

Router(config)#ip nat pool name <starting ip> <ending ip> [subnet mask]

To verify the output

Router#show ip nat transelation

www.keygroups.in 49
NAT Configuration – Example:

192.168.5.0/24
SUR
S0
200.1.0.18/29
192.168.4.0/24
S1
BOM 200.2.0.18/29 JAI
S1
202.4.0.18/29

200.3.0.18/29
S0

192.168.3.0/24
GOA S0
202.3.0.18/29

S1
200.4.0.18
S1
202.2.0.18/29
192.168.2.0/24
BAN S0 LUC
202.1.0.18/29

192.168.1.0/24
CHE

Configuration of PAT Configuration of Static NAT

CHE# configure terminal
CHE(config)# interface s0
CHE(config-if)#ip address 202.1.0.18
255.255.255.248
CHE(config-if)#no shutdown
CHE(config-if)#encapsulation ppp
CHE(config-if)#ip nat outside
CHE(config-if)#exit
CHE(config)#interface Ethernet 0
CHE(config-if)#ip nat inside
CHE(config-if)#exit
CHE(config)#access-list 10 permit 192.168.1.0
www.keygroups.in
0.0.0.255
CHE(config)#ip nat inside source list 10 interface
serial 0 overload
CHE# configure terminal
CHE(config)# interface s0
CHE(config-if)#ip address 202.1.0.18
255.255.255.248
CHE(config-if)#no shutdown
CHE(config-if)#encapsulation ppp
CHE(config-if)#ip nat outside
CHE(config-if)#exit
CHE(config)#interface Ethernet 0
CHE(config-if)#ip nat inside
CHE(config-if)#exit
CHE(config)#ip nat inside source static
50
192.168.1.10 202.1.0.19
NAT output verification:
CHE#show ip nat translation
Pro Inside global Inside local Outside local Outside global
--- 202.1.0.19 192.168.1.10 --- ---

CHE#sh ip nat translations

Pro Inside global Inside local Outside local Outside global
tcp 202.1.0.18 :4965 192.168.1.10:4965 82.204.219.231:21 82.204.219.231:21
tcp 202.1.0.18 :4973 192.168.1.10:4973 64.12.171.246:25 64.12.171.246:25
tcp 202.1.0.18 :4974 192.168.1.10:4974 82.204.219.231:21 82.204.219.231:21
tcp 202.1.0.18 :53955 192.168.1.10:53955 64.4.52.182:80 64.4.52.182:80
tcp 202.1.0.18 :53958 192.168.1.10:53958 207.46.208.105:80 207.46.208.105:80
tcp 202.1.0.18 :53961 192.168.1.10:53961 207.46.208.105:80 207.46.208.105:80

Check the following if you have completed the lab

1. Configure and verify Static Nat

2. Configure and verify Port Address Translation

3. Check the Nat table

4. Configure and verify PAT

5. Debugging of NAT

www.keygroups.in 51