CCENT L A B GUIDE 4 -1

Interconnecting Cisco Network Devices

version 3.0

DAVID
BOMBAL
David Bombal CCNA Labs Lab 4.1

Lab 4-1: Configuring Static Routes

Task 1: Initial Lab Setup and Interface Addressing

Task 2: Configuring Static routes using a directly connected Interface

Task 3: Configuring Static routes using a next-hop IP Address

Task 4: Configuring Static Default Routes

Task 5: Can you complete the Lab

Visual Objective Lab 4-1: Configuring Static Routing

om
l.c
ba
om
db
vi
da

Rev 1.0.1 L4.1-1

David Bombal CCNA Labs Lab 4.1

Lab 4-1: Topology and IP Addressing Job Aid

Device Interface IP Addressing Services

PC1 10.1.1.100
PC2 10.1.1.101
Branch Router G0/0 209.165.201.1
G0/0/0 192.168.1.1
G0/1 10.1.1.1

HQ Router G0/0 209.165.200.1

om
G0/0/0 192.168.1.2
G0/1.1 172.16.1.1
G0/1.2 172.16.2.1

l.c
G0/1.3 172.16.3.1
G0/1.4 172.16.4.1
ba
ISP Router G0/0 209.165.201.2
om

G0/1 209.165.200.2
G0/2 209.165.202.1
db

ISP DNS Server 209.165.202.30 DNS

www.cisco.com 23.43.20.35 HTTP, HTTPS, FTP
vi

www.facebook.com 31.13.65.38 HTTP, HTTPS,

www.twitter.com 104.244.42.65 HTTP, HTTPS,
da

www.google.com 216.58.206.132 HTTP, HTTPS, FTP

Rev 1.0.1 L4.1-2

David Bombal CCNA Labs Lab 4.1

NOTE: The following table of commands is reference only. Do not try to type
them all in your lab now. Follow the steps after the table.

Command List Useful Shortcut Description

Command
>enable >en Activates privilege exec mode

#configure terminal #conf t Activates configuration Mode from the

terminal

#show ip interface #sh ip int brief Displays the interfaces status

brief

(config)#interface (config)#int f0/ Enters interface configuration mode

‘type/number’

om
(config-if)#ip (config-if)#ip Enters an IP address on an interface
address ‘ip add
address/subnet mask’

l.c
(config-if)#no (config-if)#no sh Enables an interface
shutdown
ba
#ping ‘ip address’ Pings an IP address to test connectivity

#show ip route Displays the routing table entries

om

(config)#ip route Creates a static route (Interface or next

X.X.X.X X.X.X.X hop)
‘interface/ip next
hop’
db

(config)#ip route Creates a static default route

0.0.0.0 0.0.0.0
vi

‘interface/ip next
hop’
da

#show ip interface #sh ip int ‘int’ Displays IP statistics for an interface

‘interface’

#copy run start Saves the running configuration to

NVRAM

Rev 1.0.1 L4.1-3

David Bombal CCNA Labs Lab 4.1

Task 1: Initial Lab setup

Open the Packet Tracer file ‘CCENT Lab 4-1Configuring Static Routes.pkt’

Task 2: Configuring Static routing using a directly connected

interface.
In this lab, you will focus on the configuration of static routes to enable your company
Branch and HQ routers to allow communication between the non-directly connected
sites as well as provide internet connectivity.

om
Step 1: Access the Branch router

l.c
Press RETURN to get started!

********************Warning**********************************
ba
Access to this device is restricted to Authorized personnel only!
Unauthorized access is prohibited. Violators will be prosecuted.
*****************************************************************
User Access Verification
om

Username: ccna
Password: cisco
db

Branch> en
Password: secret123
vi
da

Rev 1.0.1 L4.1-4

David Bombal CCNA Labs Lab 4.1

Step 2: Using the appropriate command, verify the current interface settings on the
Branch Router

Branch# sh ip int brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 209.165.201.1 YES DHCP up up
GigabitEthernet0/1 10.1.1.1 YES manual up up
GigabitEthernet0/0/0 unassigned YES unset administratively down
down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
Serial0/2/0 unassigned YES unset administratively down down
Serial0/2/1 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down

om
Summary:

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 209.165.201.1

l.c
YES DHCP up up
ba
GigabitEthernet0/1 10.1.1.1 YES manual up up
GigabitEthernet0/0/0 unassigned YES unset administratively down
down
Serial0/1/0 unassigned YES unset administratively down
om

down
Serial0/1/1 unassigned YES unset administratively down
down
Serial0/2/0 unassigned YES unset administratively down
db

down
Serial0/2/1 unassigned YES unset administratively down
down
vi

Vlan1 unassigned YES unset administratively down

down
da

The Branch router currently only has the LAN and internet connections configured.
You will need a third interface configured for IP in order to provide connectivity
between the sites.

Rev 1.0.1 L4.1-5

David Bombal CCNA Labs Lab 4.1

Step 3: Configure the interface facing the HQ router with the appropriate address
and mask combination.

Branch# conf t
Branch(config)# int g0/0/0
Branch(config-if)# ip address 192.168.1.1 255.255.255.252
Branch(config-if)# no shut
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to
down

Notice that this connection is using a 255.255.255.252 subnet mask, which allows for
two host IP addresses. Networks that have a .252 in the last octet subnet mask
portion go up in increments of 4 and the subnets would be 192168.1.0, 192.168.1.4,
192.168.1.8 etc with useable host IP’s on those networks being .1 & .2, .5& .6 and .9

om
& .10 respectively. You should have also noticed that there was a logging message
after you enabled the interface, but that it stated that interface changed state to
down. This because the HQ end is still shutdown.

l.c
Step 4: Repeat step 2 to confirm the interface status.
ba
Branch# sh ip int brief
Interface IP-Address OK? Method Status Protocol
om

GigabitEthernet0/0 209.165.201.1 YES DHCP up up

GigabitEthernet0/1 10.1.1.1 YES manual up up
GigabitEthernet0/0/0 192.168.1.1 YES unset down down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
db

Serial0/2/0 unassigned YES unset administratively down down

Serial0/2/1 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
vi
da

Summary:

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 209.165.201.1 YES DHCP up up

GigabitEthernet0/1 10.1.1.1 YES manual up up
GigabitEthernet0/0/0 192.168.1.1 YES unset down down
Serial0/1/0 unassigned YES unset administratively down
down
Serial0/1/1 unassigned YES unset administratively down
down
Serial0/2/0 unassigned YES unset administratively down
down

Rev 1.0.1 L4.1-6

David Bombal CCNA Labs Lab 4.1

Serial0/2/1 unassigned YES unset administratively down

down
Vlan1 unassigned YES unset administratively down
down

Observe the status of the G0/0/0 interface as down, down. Even though the branch
router has a configured and enabled interface, because the HQ router has not
enabled its interface then the connection will be in the down, down state.

Step 5: Access the HQ router. Verify the current interface status of the HQ router.

HQ con0 is now available

om
Press RETURN to get started.

HQ> en
HQ# sh ip int brief
Interface IP-Address OK? Method Status Protocol

l.c
GigabitEthernet0/0 209.165.200.1 YES manual up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/1.1 172.16.1.1 YES manual up up
ba
GigabitEthernet0/1.2 172.16.2.1 YES manual up up
GigabitEthernet0/1.3 172.16.3.1 YES manual up up
GigabitEthernet0/1.4 172.16.4.1 YES manual up up
om

GigabitEthernet0/2 unassigned YES unset administratively

down down
GigabitEthernet0/0/0 unassigned YES unset administratively
down down
Serial0/1/0 unassigned YES unset administratively down down
db

Serial0/1/1 unassigned YES unset administratively down down

Serial0/2/0 unassigned YES unset administratively down down
Serial0/2/1 unassigned YES unset administratively down down
vi

Vlan1 unassigned YES unset up down

da

Summary:

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 209.165.200.1 YES manual up up

GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/1.1 172.16.1.1 YES manual up up
GigabitEthernet0/1.2 172.16.2.1 YES manual up up
GigabitEthernet0/1.3 172.16.3.1 YES manual up up
GigabitEthernet0/1.4 172.16.4.1 YES manual up up

Rev 1.0.1 L4.1-7

David Bombal CCNA Labs Lab 4.1

GigabitEthernet0/2 unassigned YES unset administratively down

down
GigabitEthernet0/0/0 unassigned YES unset administratively down
down
Serial0/1/0 unassigned YES unset administratively down
down
Serial0/1/1 unassigned YES unset administratively down
down
Serial0/2/0 unassigned YES unset administratively down
down
Serial0/2/1 unassigned YES unset administratively down
down
Vlan1 unassigned YES unset up down

Step 6: Configure the interface facing the Branch router with the appropriate address

om
and mask combination.

HQ# conf t

l.c
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)# int g0/0/0
HQ(config-if)# ip address 192.168.1.2 255.255.255.252
ba
HQ(config-if)# no shut

%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to

om

up

%LINEPROTO-5-UPDOWN: Line protocol on Interface

GigabitEthernet0/0/0, changed state to up
db

Observe that the logging messages now indicate that the interface is working now.
vi
da

Rev 1.0.1 L4.1-8

David Bombal CCNA Labs Lab 4.1

Step 7: Repeat the verification step to confirm the interface is now correctly
configured.

HQ# sh ip int brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 209.165.200.1 YES manual up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/1.1 172.16.1.1 YES manual up up
GigabitEthernet0/1.2 172.16.2.1 YES manual up up
GigabitEthernet0/1.3 172.16.3.1 YES manual up up
GigabitEthernet0/1.4 172.16.4.1 YES manual up up
GigabitEthernet0/2 unassigned YES unset administratively
down down
GigabitEthernet0/0/0 unassigned YES unset administratively
down down

om
Serial0/1/0 unassigned YES unset administratively
down down
Serial0/1/1 unassigned YES unset administratively
down down

l.c
Serial0/2/0 unassigned YES unset administratively
down down
Serial0/2/1 unassigned YES unset administratively
ba
down down
Vlan1 unassigned YES unset up down
om

Summary:
db

Interface IP-Address OK? Method Status Protocol

vi

GigabitEthernet0/0 209.165.200.1 YES manual up up

GigabitEthernet0/1 unassigned YES unset up up
da

GigabitEthernet0/1.1 172.16.1.1 YES manual up up

GigabitEthernet0/1.2 172.16.2.1 YES manual up up
GigabitEthernet0/1.3 172.16.3.1 YES manual up up
GigabitEthernet0/1.4 172.16.4.1 YES manual up up
GigabitEthernet0/2 unassigned YES unset administratively down
down
GigabitEthernet0/0/0 unassigned YES unset administratively down
down
Serial0/1/0 unassigned YES unset administratively down
down
Serial0/1/1 unassigned YES unset administratively down
down
Serial0/2/0 unassigned YES unset administratively down
down
Serial0/2/1 unassigned YES unset administratively down
Rev 1.0.1 L4.1-9
David Bombal CCNA Labs Lab 4.1

down
Vlan1 unassigned YES unset up down

Step 8: Test connectivity from the HQ router to the Branch routers newly configured
interface.

HQ(config-if)# ^Z
HQ#
%SYS-5-CONFIG_I: Configured from console by console

HQ# ping 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2

om
seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0
ms

l.c
Remember, the first echo-reply may timeout as ARP learns the mac address of the
ba
Branch routers G0/0/0 interface. If you repeat the step there will be no timeouts.

HQ# ping 192.168.1.1

om

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2
seconds:
!!!!!
db

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1

ms
vi

Step 9: Save your configuration on the HQ router.

da

HQ# copy run start

Destination filename [startup-config]?
Building configuration...
[OK]

Rev 1.0.1 L4.1-10

David Bombal CCNA Labs Lab 4.1

Task 2: Configuring Static routes using a directly connected

Interface
Step 1: Return to the Branch router and view the routing table.

Branch(config-if)# ^Z
Branch#
%SYS-5-CONFIG_I: Configured from console by console

Branch# sh ip route
Codes: L - local, C - connected, S - static, R – RIP
M - mobile, B – BGP, D - EIGRP, EX - EIGRP external,
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1
E2 - OSPF external type 2, E - EGPi - IS-IS

om
L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area

l.c
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
ba
Gateway of last resort is 209.165.201.2 to network 0.0.0.0
om

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.1.1.0/24 is directly connected, GigabitEthernet0/1
L 10.1.1.1/32 is directly connected, GigabitEthernet0/1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
db

C 192.168.1.0/30 is directly connected, GigabitEthernet0/0/0

L 192.168.1.1/32 is directly connected, GigabitEthernet0/0/0
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.201.0/27 is directly connected, GigabitEthernet0/0
vi

L 209.165.201.1/32 is directly connected, GigabitEthernet0/0

da

S* 0.0.0.0/0 [254/0] via 209.165.201.2

The Branch router has multiple entries in its RIB (Routing Information Base). You
should see that there are 3 x ‘C’ codes for the connected Interfaces and 3 x ‘L’ for
the local interface IP address. The Branch router already has a default route or
gateway of last resort learned from the ‘Connecting to the internet Lab’. Observe the
Gateway of last resort is 209.165.201.2 to network 0.0.0.0 and the static route of
S* 0.0.0.0/0 [254/0] via 209.165.201.2 in the Routing Table.

Remember that the static route in this case was a learned route entry from the DHCP
servers (ISP) provided IP address as the gateway to use. You can recognise this
from the Administrative distance value of 254 seen in the brackets of the S* 0.0.0.0/0
[254/0]. DHCP learned default gateways have a ‘trust’ or AD value of 254 in IOS.
Rev 1.0.1 L4.1-11
David Bombal CCNA Labs Lab 4.1

The directly connected networks must be in an UP, UP state for them to appear in
the routing table. Any routes (static or dynamic) that use an interface or a next hop IP
address that is not in the routing table will also not appear in the routing table.

Step 2: Configure a manual static route to the HQ Server farm networks.

In this step, you will verify that the HQ networks are currently not reachable, as they
are not directly attached to the Branch router. You will create a static route on the
Branch router that points to the HQ router using its directly connected network
shared with the HQ router.

Review the routing table in Step 10 and observe that there are no entries in the table
for the 172.16.x.x networks.

From the Branch router, ping the HQ Server Farm IP address and observe the
results.

om
The pings to the server farm networks fail, as there are no entries in the routing
table.
Branch# ping 172.16.1.100

l.c
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2
ba
seconds:
U.U.U
Success rate is 0 percent (0/5)
om

Branch# ping 172.16.2.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.100, timeout is 2
db

seconds:
U.U.U
Success rate is 0 percent (0/5)
vi

Branch# ping 172.16.3.100

da

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.3.100, timeout is 2
seconds:
U.U.U
Success rate is 0 percent (0/5)

Branch# ping 172.16.4.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.4.100, timeout is 2
seconds:
U.U.U
Success rate is 0 percent (0/5)

Rev 1.0.1 L4.1-12

David Bombal CCNA Labs Lab 4.1

Step 3: Configure a static route to the HQ networks from Branch. In this case, you
will create a route to any 172.16.X.X networks as the only networks that are
172.16.X.X exist on the HQ site.

Branch# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Branch(config)# ip route 172.16.0.0 255.255.0.0 g0/0/0
Branch(config)# end
Branch#
%SYS-5-CONFIG_I: Configured from console by console

Observe that you use a ‘Standard Mask’ when creating a static route entry

Static routing becomes far more complicated and less scalable the more networks
there are to learn, and when there are redundant paths available to reach the

om
networks. You have to plan for redundancy and failover. There can be a huge
amount of admin involved in static routing decisions.

Static routes work well in a simple small-scale environment but do not scale well with

l.c
large networks. ba
om
db
vi
da

Rev 1.0.1 L4.1-13

David Bombal CCNA Labs Lab 4.1

Step 4: Recall the command to verify the routing table entries on the router.
Branch# sh ip route

Codes: L - local, C - connected, S - static, R – RIP

M - mobile, B – BGP, D - EIGRP, EX - EIGRP external
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1
N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGPi - IS-IS, L1 - IS-IS level-1
L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is 209.165.201.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

om
C 10.1.1.0/24 is directly connected, GigabitEthernet0/1
L 10.1.1.1/32 is directly connected, GigabitEthernet0/1
S 172.16.0.0/16 is directly connected, GigabitEthernet0/0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

l.c
C 192.168.1.0/30 is directly connected, GigabitEthernet0/0/0
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0/0
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
ba
C 209.165.201.0/27 is directly connected, GigabitEthernet0/0
L 209.165.201.1/32 is directly connected, GigabitEthernet0/0
S* 0.0.0.0/0 [254/0] via 209.165.201.2
m

There is now an entry in the routing table of the Branch router for the HQ Server
bo

networks. Notice that the entry is displayed as a Static (S) as it was manually
configured and shows as 172.16.0.0/16
id

Static routes configured using a directly connected interface have an AD

(Administrative Distance) vlaue of 1.
da

Rev 1.0.1 L4.1-14

David Bombal CCNA Labs Lab 4.1

Step 5: Repeat the ping to the Server networks and observe the results this time.

Branch# ping 172.16.1.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2
seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0
ms

Branch# ping 172.16.2.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.100, timeout is 2
seconds:
.!!!!

om
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/1/4
ms

Branch# ping 172.16.3.100

l.c
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.100, timeout is 2
ba
seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/3
ms
om

Branch# ping 172.16.4.100

Type escape sequence to abort.

db

Sending 5, 100-byte ICMP Echos to 172.16.4.100, timeout is 2

seconds:
vi

.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max =
da

0/0/0 ms

The pings are successful this time. However, this only works as the HQ router has a
pathway back to the source of the ping – 192.168.1.1 in this case.

Rev 1.0.1 L4.1-15

David Bombal CCNA Labs Lab 4.1

Step 6: Observe Packet forwarding behaviour.

You can observe this by changing to ‘simulation mode’ in Packet Tracer. Follow the
steps to fully understand this process – it is important for your exam and networking
career.

In the Packet Tracer main lab topology view, notice there is what looks like a
stopwatch in the bottom right-hand corner

om
l.c
ba
om
db
vi

Click the stopwatch icon. The simulation panel will display as below
da

Rev 1.0.1 L4.1-16

David Bombal CCNA Labs Lab 4.1

om
l.c
ba
om

 I
n
db

The Edit Filters section at the bottom of the simulation panel, select Show
All/None until no visible events show in the list.
vi
da

Rev 1.0.1 L4.1-17

David Bombal CCNA Labs Lab 4.1

Click the Edit Filters button and select ARP and ICMP only for the filters.

om
l.c
ba
om
db

Return to the Branch router but try to have the Lab topology and the Branch
router in view at the same time to observe the sequence of events during the
testing. From the Branch router ping Server 1 IP address.
vi
da

Branch# ping 172.16.1.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:

At this point, the ping temporarily halts on the Branch console as packet forwarding
is examined in detail.

Rev 1.0.1 L4.1-18

David Bombal CCNA Labs Lab 4.1

Observe the main topology window. You should see a small ‘envelope’
appearing on the Branch router in simulation mode.

om
Click on the envelope and a PDU information callout will open in Packet Tracer as
shown below

l.c
ba
om
db
vi
da

Rev 1.0.1 L4.1-19

David Bombal CCNA Labs Lab 4.1

om
l.c
ba
om
db

Observe the initial packet created by the router. The Layer 3 header has the
 Source IP:192.168.1.1 and Destination IP:172.16.1.100 (Server1)
 The Source IP is gleaned from the layer 1 port IP address association of
vi

G0/0/0
da

Observe the detailed steps in the PDU information screen:

1. The Ping process starts the next ping request.

2. The Ping process creates an ICMP Echo Request message (ICMP Type 8)
and sends it to the lower process.
3. The device encapsulates the data into an IP packet.
4. The device looks up the destination IP address in the routing table.
5. The routing table finds a routing entry to the destination IP address.
6. The destination routing entry is connected static route. The device sets
destination as the next-hop.

Rev 1.0.1 L4.1-20

David Bombal CCNA Labs Lab 4.1

If you click on the Outbound PDU tab, the information fields contained within each of
the layers are displayed in full.

 Observe the source and destination IP information

om
l.c
ba
om
db
vi
da

 Click on the next layer button in the bottom right of the PDU. This will display
the layer 2 information for the Ethernet frame
o Observe the detailed steps 1-3 explaining the ARP process.

Rev 1.0.1 L4.1-21

David Bombal CCNA Labs Lab 4.1

om
l.c
ba
om
db

 Click on the next layer button in the bottom right of the PDU. This will display
vi

the layer 1 information

o Observe port G0/0/0 is the associated exit interface
da

 Close the PDU.

Rev 1.0.1 L4.1-22

David Bombal CCNA Labs Lab 4.1

 Click the capture forward button in the simulation panel to move the packet
on

 Observe the packet travel across the G0/0/0 connection to HQ

 The envelope will now be at the HQ router. Click the envelope to examine the

om
packet contents.

l.c
ba
om
db
vi
da

Rev 1.0.1 L4.1-23

David Bombal CCNA Labs Lab 4.1

om
l.c
ba
om

 Observe the Inbound packet details on the OSI tab. This is the same as the
information seen from Branch.
db

 The outbound packet details display the source and destination IP

unchanged,
 The outbound Layer2 information changes:
vi

o The router re-writes the layer 2 information with the outbound source
da

mac-address being 0001.97CD.C202 and the destination mac-

address being 0001.C925.9301
o 0001.97CD.C202 is the G0/1HQ interface mac-address
o 0001.C925.9301 is the Server1 interface mac-address.
o Routers re-write layer 2 information on a per network basis as the
ARP process only works on each contained network for mac
discovery.
o Router do not re-write layer 3 information headers as the intermediate
routers need to be able to read the destination IP to route the packet
correctly and the destination would need to be able to see the source
requestor to return the communication.
 Click on the next headers to examine the next steps.
 Close the PDU

Rev 1.0.1 L4.1-24
David Bombal CCNA Labs Lab 4.1

 Click the capture forward button again to move the envelope to the next
device (Switch), where the packet will stop again in the sequence

om
l.c
ba
 Click on the envelope, now at the HQ switch, to open the details
om
db
vi
da

Rev 1.0.1 L4.1-25

David Bombal CCNA Labs Lab 4.1

 Observe the details steps as you click through the layers.

o GigabitEthernet0/1 receives the frame.
o The frame source MAC address was found in the MAC table of
Switch.
o This is a unicast frame. Switch looks in its MAC table for the
destination MAC address.
o The frame destination MAC address is not in the MAC table. The
Switch floods the frame to all ports in the same VLAN except the
receiving port.
 Close the PDU and click the capture forward button again to observe the
switch flooding process as the mac-address of Server 1 is an unknown
Unicast (Unknown Unicasts are flooded).

om
l.c
ba
 In this case, the destination mac-address should already be known in the
switch CAM table as you have pinged the destination IP of Server1 already.
PT may have some issues presenting the correct detailed steps at each point
om

in the sequence of the packet delivery!

db
vi
da

Rev 1.0.1 L4.1-26

David Bombal CCNA Labs Lab 4.1

 Observe the envelope being forwarded out port F0/1 towards Server 1.Click
on the packet details envelope on last time

om
l.c
ba
om

o Observe F0 receives the frame on the input layers.

db

o In the output layers, Server 1 reverses the details in the source and
destination mac-address fields and reverses the source and
destination IP addresses in the layer 3 information in order to return
vi

the packet to the Branch router.

o Click through the next layer button and examine the information
da

sequences

 Close the PDU.

Rev 1.0.1 L4.1-27

David Bombal CCNA Labs Lab 4.1

 At this point, click the Auto Capture / Play button to observe the automated
sequences involved in the return packet. You can if you wish do this one at a
time and examine each of the packets information.

om
l.c
ba
om
db

Exam Tip:
The ‘Journey of the Packet’ is extremely important to understand for the
vi

CCENT exam
da

 Observe the echo replies received on the branch router in time with the
envelope arriving at the Branch router. The five pings should be successful
and the Simulation Panel event list can be viewed using the scroll bar. Any
individual packet at any location can be selected from the event list for
viewing. This is a really great feature of Packet Tracer to help understanding.

Rev 1.0.1 L4.1-28

David Bombal CCNA Labs Lab 4.1

om
 Close the simulation Panel by clicking on the Clock face next to the
stopwatch.

l.c
Step 7: The pings are successful from the directly G0/0/0 source interface. Now
attempt an extended ping from the branch router, using the LAN interface (10.1.1.1)
ba
as the source IP address. At each of the separate line prompts enter the details as
shown or press the enter key to accept the option. Observe the results this time.
om

Branch# ping
Protocol [ip]:
Target IP address: 172.16.1.100
db

Repeat count [5]:

Datagram size [100]:
Timeout in seconds [2]:
vi

Extended commands [n]: y

Source address or interface: 10.1.1.1
da

Type of service [0]:

Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2
seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)

Observe that using 10.1.1.1 as the source IP address for this ping
that there was a success rate is 0 %. Why do you think that
is?...................

Rev 1.0.1 L4.1-29

David Bombal CCNA Labs Lab 4.1

In the next steps, you will examine why this occurred and then fix the problem.

Step 8: Access the HQ router and enable icmp debugging.

HQ> en
HQ# debug ip icmp
ICMP packet debugging is on

Step 9: Access the Branch router console session and position the HQ console
session in view simultaneously. In this step, you will observe the results of the

om
extended ping with the Branch and HQ sessions open. Repeat the extended ping
from step 6, using 10.1.1.1 as the source IP address again.

l.c
ba
om
db
vi
da

Observe the Branch router’s unsuccessful pings again. However, at the same time,
the HQ router responds with Host unreachable messages sent to Server 1 for each
of the 5 echo replies that the Server is attempting to send to the Branch router’s
10.1.1.1 source IP address of the packet.

The ….. (5 timeouts) of the Branch router echo-request are actually routed through to
Server 1 using the configured static route on Branch. However, because the HQ
router does not yet have a return configured path, the HQ router returns the host
unreachable message to the Server.

Rev 1.0.1 L4.1-30

David Bombal CCNA Labs Lab 4.1

Step 10: Access the HQ router.

Verify the routing table does not have an entry for Branch 10.1.1.0 /24 network.

HQ# sh ip route
Codes: L - local, C - connected, S - static, R – RIP
M - mobile, B – BGP, D - EIGRP, EX - EIGRP external
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1
N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGPi - IS-IS, L1 - IS-IS level-1
L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

om
172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks
C 172.16.1.0/24 is directly connected, GigabitEthernet0/1.1
L 172.16.1.1/32 is directly connected, GigabitEthernet0/1.1
C 172.16.2.0/24 is directly connected, GigabitEthernet0/1.2

l.c
L 172.16.2.1/32 is directly connected, GigabitEthernet0/1.2
C 172.16.3.0/24 is directly connected, GigabitEthernet0/1.3
L 172.16.3.1/32 is directly connected, GigabitEthernet0/1.3
ba
C 172.16.4.0/24 is directly connected, GigabitEthernet0/1.4
L 172.16.4.1/32 is directly connected, GigabitEthernet0/1.4
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/30 is directly connected, GigabitEthernet0/0/0
om

L 192.168.1.2/32 is directly connected, GigabitEthernet0/0/0

209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.200.0/27 is directly connected, GigabitEthernet0/0
L 209.165.200.1/32 is directly connected, GigabitEthernet0/0
db

The HQ router does not have an entry for the Branch 10.1.1.0 /24 network. Hence
vi

the host unreachable returned to Server 1 in the debug output of Step 9 above.
da

An alternative to the above output could have been to specifically query the routing
table for the entry.

HQ# sh ip route 10.1.1.0

% Network not in table

Rev 1.0.1 L4.1-31

David Bombal CCNA Labs Lab 4.1

Step 11: Disable the debugging on the HQ router.

HQ# u all

All possible debugging has been turned off

Task 3: Configuring Static routes using a next-hop IP Address

Step 1: Access the HQ router console. Create a static route to reach the Branch
router LAN network. However, this time using the Branch routers G0/0/0 IP address
as the ‘next-hop’ address for the entry.

om
HQ# conf t
Enter configuration commands, one per line. End with CNTL/Z.

l.c
HQ(config)# ip route 10.1.1.0 255.255.255.0 192.168.1.1
ba
om
db
vi
da

Rev 1.0.1 L4.1-32

David Bombal CCNA Labs Lab 4.1

Step 2: Verify the entry in the HQ routing table (RIB):

HQ# sh ip route

Codes: L - local, C - connected, S - static, R – RIP

M - mobile, B – BGP, D - EIGRP, EX - EIGRP external
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1
N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGPi - IS-IS, L1 - IS-IS level-1
L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

om
Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

S 10.1.1.0/24 [1/0] via 192.168.1.1

C
l.c
172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks
172.16.1.0/24 is directly connected, GigabitEthernet0/1.1
ba
L 172.16.1.1/32 is directly connected, GigabitEthernet0/1.1
C 172.16.2.0/24 is directly connected, GigabitEthernet0/1.2
L 172.16.2.1/32 is directly connected, GigabitEthernet0/1.2
om

C 172.16.3.0/24 is directly connected, GigabitEthernet0/1.3

L 172.16.3.1/32 is directly connected, GigabitEthernet0/1.3
C 172.16.4.0/24 is directly connected, GigabitEthernet0/1.4
L 172.16.4.1/32 is directly connected, GigabitEthernet0/1.4
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
db

C 192.168.1.0/30 is directly connected, GigabitEthernet0/0/0

L 192.168.1.2/32 is directly connected, GigabitEthernet0/0/0
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
vi

C 209.165.200.0/27 is directly connected, GigabitEthernet0/0

L 209.165.200.1/32 is directly connected, GigabitEthernet0/0
da

This time, you should see an S for the static route next to the 10.1.1.0/24 entry.
Observe the [1/0] after the network indicating that this type of static route (next-hop)
has an administrative distance (AD) of 1. This is the same as a static route entry
using a directly connected interface also having an AD of 1.

Both types of entries are valid. Directly connected static routes are only used on
point-to-point links, whereas next-hop IP routes are very useful when on Point-to-
Multipoint networks, where a link does not connect to only one neighboring device.

Rev 1.0.1 L4.1-33

David Bombal CCNA Labs Lab 4.1

Step 3: Repeat the extended ping from the Branch router once more and observe
the results.

Branch# ping
Protocol [ip]:
Target IP address: 172.16.1.100
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:

om
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2
seconds:

l.c
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
ba
0/2/12 ms
om

This time the pings are successful. There are now separate unidirectional paths
through the network to and from Branch and HQ networks.
db
vi
da

Rev 1.0.1 L4.1-34

David Bombal CCNA Labs Lab 4.1

Step 4: The pings should now be successful from PC1 and PC2. Ping Server 1 and
2 from PC1 and ping Server 3 and 4 from PC2 to complete the tests.
Access PC1. Open the desktop tab and launch the Command Prompt to complete
your tests

om
l.c
ba
om

PC1 pings are successful.

db

Access PC2. Open the desktop tab and launch the Command Prompt to complete
your tests.
vi
da

Rev 1.0.1 L4.1-35

David Bombal CCNA Labs Lab 4.1

om
l.c
The pings are unsuccessful from PC2. Remember that PC2 was denied using ping
or trace through the ACL on Branch.
ba
Step 5: Create an edited entry in the access-list to allow PC2 to ping through the
om

network for testing purposes.

Access the Branch router. Verify the current ACL entries and then edit the ACL to
allow PC2 pings to succeed.
db

Branch# sh access-list | begin Outbound

Extended IP access list Outbound_Access
vi

10 permit udp 10.1.1.0 0.0.0.255 host 209.165.202.30 eq domain

da

20 permit tcp host 10.1.1.100 host 23.43.20.35 eq 443

30 permit tcp host 10.1.1.100 host 104.244.42.65 eq 443
40 permit tcp host 10.1.1.100 host 216.58.206.132 eq 443
50 permit tcp host 10.1.1.101 host 23.43.20.35 eq 443
60 permit tcp host 10.1.1.101 host 216.58.206.132 eq 443
70 permit icmp host 10.1.1.100 any echo (8 match(es))
80 permit icmp host 10.1.1.100 any echo-reply
90 permit udp host 10.1.1.100 any gt 33434
100 permit tcp any host 216.58.206.132 eqsmtp
110 permit tcp any host 216.58.206.132 eq pop3
120 permit tcp 10.1.1.0 0.0.0.255 172.16.0.0 0.0.255.255 eq www
130 permit tcp 10.1.1.0 0.0.0.255 172.16.0.0 0.0.255.255 eq 443
140 deny ip any any (4 match(es))

Rev 1.0.1 L4.1-36

David Bombal CCNA Labs Lab 4.1

Observe the 4 denials from the PC2 attempted ping to Server 3.

Step 6: Edit the ACL to allow PC2 to ping.

Branch# conf t
Branch(config)# ip access-list ext Outbound_Access
Branch(config-ext-nacl)# 75 permit icmp host 10.1.1.101 any echo
Branch(config-ext-nacl)# end

Step 7: Repeat the Pings from PC2 now the ACL has been edited.

om
l.c
ba
om
db
vi
da

The pings are now successful. PC1 and PC2 have connectivity to the HQ Server
Farm networks.

Rev 1.0.1 L4.1-37

David Bombal CCNA Labs Lab 4.1

Task 4: Configuring Static Default Routes.

In this task, the Branch router G0/0 interface will be updated with a static IP address
and the DHCP ‘learned’ default route will be replaced by a new static default route.
The HQ router will also have a static default route created to enable the Server
network to reach the internet and vice-versa.

Step 1: Access the branch router. Verify the running-configuration currently holds the
DHCP imported static route information and the current interface IP address method
for the G0/0 interface

Branch# sh run | inc ip route

ip route 172.16.0.0 255.255.0.0 GigabitEthernet0/0/0

Branch# sh run | begin interface

om
interface GigabitEthernet0/0
ip address dhcp
ip nat outside

l.c
duplex auto
speed auto
ba
no cdp enable
om

Step 2: Re-configure the Branch router to have a static IP address of 209.165.201.1

db

/27 and configure a static default route using the ISP as a next-hop address for the
route entry.
vi

Branch# conf t
da

Branch(config)# int g0/0

Branch(config-if)# ip address 209.165.201.1 255.255.255.224

As soon as you configure a static IP address on the interface, DHCP is disabled and
the learned default route is removed from the routing table.

Branch(config-if)# exit
Branch(config)# ip route 0.0.0.0 0.0.0.0 209.165.201.2
Branch(config)# end
Branch#

Rev 1.0.1 L4.1-38

David Bombal CCNA Labs Lab 4.1

Step 3: Verify the routing table now has a manually configured static route

Branch# sh ip route
Codes: L - local, C - connected, S - static, R – RIP
M - mobile, B – BGP, D - EIGRP, EX - EIGRP external
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1
N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGPi - IS-IS, L1 - IS-IS level-1
L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is 209.165.201.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

om
C 10.1.1.0/24 is directly connected, GigabitEthernet0/1
L 10.1.1.1/32 is directly connected, GigabitEthernet0/1
S 172.16.0.0/16 is directly connected, GigabitEthernet0/0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

l.c
C 192.168.1.0/30 is directly connected, GigabitEthernet0/0/0
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0/0
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
ba
C 209.165.201.0/27 is directly connected, GigabitEthernet0/0
L 209.165.201.1/32 is directly connected, GigabitEthernet0/0
S* 0.0.0.0/0 [1/0] via 209.165.201.2
om

The Static route is now visible with an administrative Distance of 1 – a static route
db

pointing to a next-hop IP.

vi

Step 4: Save your configuration

da

Branch# copy run start

Destination filename [startup-config]?
Building configuration...
[OK]

Rev 1.0.1 L4.1-39

David Bombal CCNA Labs Lab 4.1

Step 5: Configure a static default route on the HQ router.

HQ# conf t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)# ip route 0.0.0.0 0.0.0.0 209.165.200.2
HQ(config)# end
HQ#
%SYS-5-CONFIG_I: Configured from console by console
HQ# sh ip route

Codes: L - local, C - connected, S - static, R – RIP

M - mobile, B – BGP,D - EIGRP, EX - EIGRP external
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1
N2 - OSPF NSSA external type 2

om
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGPi - IS-IS, L1 - IS-IS level-1
L2 - IS-IS level-2, ia - IS-IS inter area

l.c
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
ba
Gateway of last resort is 209.165.200.2 to network 0.0.0.0
om

10.0.0.0/24 is subnetted, 1 subnets

S 10.1.1.0/24 [1/0] via 192.168.1.1
172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks
C 172.16.1.0/24 is directly connected, GigabitEthernet0/1.1
db

L 172.16.1.1/32 is directly connected, GigabitEthernet0/1.1

C 172.16.2.0/24 is directly connected, GigabitEthernet0/1.2
L 172.16.2.1/32 is directly connected, GigabitEthernet0/1.2
vi

C 172.16.3.0/24 is directly connected, GigabitEthernet0/1.3

L 172.16.3.1/32 is directly connected, GigabitEthernet0/1.3
C 172.16.4.0/24 is directly connected, GigabitEthernet0/1.4
da

L 172.16.4.1/32 is directly connected, GigabitEthernet0/1.4

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/30 is directly connected, GigabitEthernet0/0/0
L 192.168.1.2/32 is directly connected, GigabitEthernet0/0/0
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.200.0/27 is directly connected, GigabitEthernet0/0
L 209.165.200.1/32 is directly connected, GigabitEthernet0/0
S* 0.0.0.0/0 [1/0] via 209.165.200.2

The HQ router now has a default route in the routing table.

Rev 1.0.1 L4.1-40

David Bombal CCNA Labs Lab 4.1

Step 6: Verify connectivity to the ISP gateway address.

HQ# ping 209.165.200.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 209.165.200.2, timeout is 2
seconds:
.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms

Step 7: Save your configuration

Branch# copy run start

Destination filename [startup-config]?

om
Building configuration...
[OK]

l.c
ba
om
db
vi
da

Rev 1.0.1 L4.1-41

David Bombal CCNA Labs Lab 4.1

Task 5: Can you complete the Lab - Configuring Static Routes.

Assessment File: CCENT Lab 4-1 Configuring Static Routing PTSA.pka
Acme Engineering is growing fast and they now have a multisite network. They
do not want to have dynamic routing protocols on their network just yet as they
don't think their small network necessitates it. However, they have asked you to
assist with the deployment of the static routes in the network. Your tasks are as
follows:
1. Configure the Branch and HQ routers with a Fibre link over their G0/0/0
interfaces. The IP addressing has been supplied in the Network topology
diagram. Ensure that Branch and HQ have connectivity to each other before
proceeding with any routing
2. Configure the Branch router with a static next-hop route to the HQ Server
Farm networks. Routes should be summarized so that the B class range

om
referenced on the HQ Server network can be entered as the route.
3. Configure the HQ router with a static next-hop route to the Branch LAN
network. The route entry should only allow the current LAN to access the Server

l.c
Farm network, even with expansion in the future.
4. Reconfigure the Branch router with a statically defined IP address facing the
ba
ISP. The address to be used should be the same as the current DHCP assigned
address.
om

5. With DHCP disabled on the ISP facing interface, create a new static default
route to the internet. The route should have an administrative distance of 1.
6. Configure a static default route on the HQ router for internet access. The route
db

should have an administrative distance of 1

7. The HQ Server Farm network also now requires access to the internet. Ensure
that the 4 Servers have internet access. The Server mappings for Internet access
vi

should be maintained as follows:

da

Server 1: 172.16.1.100 209.165.200.10

Server 2: 172.16.2.100 209.165.200.11
Server 3: 172.16.3.100 209.165.200.12
Server 4: 172.16.4.100 209.165.200.13
8. Ensure that the Server Farm devices can access all External Servers by
FQDN.

Rev 1.0.1 L4.1-42