Upload
cuong-nm
View
115
Download
4
Tags:
Embed Size (px)
Citation preview
1
CCNA Labs
2
Cisco Icons and Symbols
Access Server
Switch Router Multilayer Switch
Digital Signal Processor
DSPDSP
Cisco CallManager Server
File ServerPersonal Computer
Cisco IP Phone
Voice Gateway Router
WAN “Cloud” VLAN or Cluster(Color May Vary)
PBX PSTN “Cloud”
Ethernet Serial Line Fast Ethernet Circuit-SwitchedLine
3
Cisco Icons and Symbols
Impo
rt 10
0:10
2
Metro NetworkDWDM/SONET/Ethernet
4
LabS2- Basic Router Configuration
Objectives: In this lab, students configure some basic router settings:
1. Router name.
2. Router passwords:console, vty, enable password, perform password encryption.
3. Serial interfaces, FastEthernet interfaces.
4. Interface description.
5. Login banners.
6. Host name resolution.
7. Using Router show commands.
8. Making configuration changes.
9. Backing up configuration files, IOS on TFTP servers.
10. Capture the configuration .
11. Verifying and Troubleshooting: show, telnet, ping, traceroute
RA RB RC RD RE RF
S0/0 S0/1 S0/0 S0/1 S0/0 S0/1 S0/0 S0/1 S0/0 S0/1
SW1
Lab-SW TFTP Server
172.16.X.0/24
1 2 3 4 5
F0/0.10
F0/0.11
F0/0.12
F0/0.13
F0/0.14
F0/0.15
10.0.Y.0/24
RA:+1RB:+2RC:+3RD:+4RE:+5RF:+6Lab1, Lab2:Y=6Lab3: Y=8
5
LabS2- Managing Cisco IOS Software
Objectives: 1. Using the boot system command2. Configuration Register3. Managing configuration files using TFTP 4. Managing configuration files using copy and paste 5. Managing IOS images using TFTP 6. Download using TFTP from ROMmon7. Password Recovery8. Verifying and Troubleshooting: show, telnet, ping, traceroute
RA RB RC
TFTP Server
F0/0.10
F0/0.11
Network:10.0.Y.0/24Lab1, Lab2:Y=6Lab3: Y=8
F0/0.12
F0/0.13 F0/0
.14
F0/0.15RD
RERF
LAB-SW
6
LabS3-RIP-OSPF-EIGRP
GATE1
SW1
BORDER
OFF1
OFF2
OFF3
SW2
Default route1: 20.0.0.0/24
Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7
1
Objectives:1. Configuring RIP ver2, EIGRP,
OSPF routing protocols2. Propagating a default route (use one
and only):1. Default route 12. Default route 23. Default route 3
3. Redistrbute RIP, OSPF, EIGRP routes
4. Enable MD5 authentication 5. Verifying and Troubleshooting
GATE2
GATE3
Default route2: 30.0.0.0/24
Default route3: 40.0.0.0/24
OSPF, 172.16.X.0/24
EIGRP 88, 173.17.X.0/24
RIP ver2174.18.X.0/24
2
3
4
5
6
7
8
9
key-id=1key-string=”green123"mode MD5 level 7
Key=2key-string=”blue123"mode MD5
7
LabS2b-RIP-EIGRP-OSPF
Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7
Objectives:1. Propagate the default route (use one and
only):Default route 1 or Default route 2 or
Default route 32. OFF router: Disable routing protocol3. GATE1: configure and redistribute static
routes to 16,17,18 subnets
OSPF authentication: key-id=1 password=red123 MD5 level 7
RIP authentication: key=2 key-string=blue123 MD5
EIGRP authentication: key=3 key-string=green123 MD5
BR2
CENTER
GATE2
OFF
Default route2: 2.0.0.0/24
1
GATE1
BR3
Default route1: 1.0.0.0/24
Default route3: 3.0.0.0/24
OSPF, 133.33.X.0/24
EIGRP 55, 155.55.X.0/24 RIP ver2144.44.0/24
2
3
13
15
16
7
8
10
4
5
6
EIGRP 22, 122.22.X.0/24
GATE3
OSPF, 166.66.X.0/24
11
9
12
1718
14
Disable routing protocol
(config)# router ospf {process-id}(config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}](config)# router rip(config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value}(config)# router eigrp {as_number}(config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
8
LabS2-OpenLab2
Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7
BR1
BR2
GATE1
GATE3
Default route1: 1.1.1.0/24
1
GATE2
BR3
Default route2: 2.2.2.0/24
Default route3: 3.3.3.0/24
OSPF, 177.77.X.0/24
EIGRP 88, 155.55.X.0/24
RIP ver2122.22.X.0/24
2
6
8
11
14
16
key-id=1password=”green123"MD5
Key=2Key-string=”blue123" MD5
3
9
10
7
4
5
12
13
15
Key=4Key-string=”cyan123"MD5
(config)# router ospf {process-id}(config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}](config)# router rip(config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value}(config)# router eigrp {as_number}(config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
key-id=3password=”red123"MD5
OSPF, 133.33.X.0/24
Objectives:1. Propagate the default route (use one and
only): Default route 1 or Default route 2 or Default route 3
2. Redistrbute RIP, OSPF, EIGRP routes3. Enable MD5 authentication
9
LabS2- RIPv2-EIGRP-OSPF
Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7
BR1
BR2
SITE1
SITE3
1
GATE
BR3
Default route: 200.200.200.0/24
EIGRP AS=44, 144.44.X.0/24
RIPver2, 133.33.X.0/24
OSPF122.22.X.0/24
4
7
8
11
14
16
3
9
10
5
6
12
13
15
(config)# router ospf {process-id}(config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}](config)# router rip(config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value}(config)# router eigrp {as_number}(config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
19
EIGRP AS=55, 155.55.X.0/24
SITE2
2
18
17
S0/0
S0/1
SW1SW2
S0/0
S0/1
S0/1
S0/0
S0/0S0/1
F0/0 F0/1
Ext LANs172.0.0.0/16
…172.255.0.0/16
Ext LANs173.0.0.0/16
…173.255.0.0/16
Ext LANs174.0.0.0/16
…174.255.0.0/16
F0/0F0/1
10
LabS3-Switch Configuration
GATE1
SW1
SW3
Objectives:1. Configuring RIP routing protocol2. Resetting the switch defaults3. Assigning the switch host name and password4. Assigning the switch IP address and Default gateway 5. Enabling HTTP service and port on all switchs6. Configuring static MAC addresses7. Configuring port security8. Back up the IOS to a local TFTP server9. Password recovery (reference: CCNA3_lab_6_2_8_en.pdf )10. Verifying and Troubleshooting: show, debug, ping,
traceroute, telneton switchs: debug ip packet, debug ip icmp, show mac-address-table, show arp, clear mac-address-table dynamic ...
GATE2
RIP ver2172.16.X.0/24
3
12
SW2
Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7
Sw1:+8Sw2:+9
Sw3:+10
PC11 PC12
PC21 PC22 PC23 PC24
TFTPServer1
TFTPServer2
11
LabS4-NAT-DHCP-PPP
SW1
ISP1
Objectives:1. Configuring OSPF routing protocol
in ISP area2. Configuring PPP-Multilink, CHAP
(one-way), NAT, DHCP, ACLs3. Verifying and Troubleshooting
200.0.X.0/24
1 2 3
CHAP CHAP CHAP
NATDHCP
NATDHCP
NATDHCP 172.16.X.0/24
4
ISP2ISP3
USER3USER2
USER1
5 6
7 8 9
Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7
200.0.X.0/24
OSPFKey-id=1Pass=“student”MD5 level 7
12
LabS4-NAT-DHCP-PPP-VLANs
SW1(Server)
ISP1
Objectives:1. Configuring OSPF routing protocol
in user area2. Configuring PPP, CHAP (bi-
direction), NAT, DHCP, ACLs3. Configuring Vlans, VTP4. Verifying and Troubleshooting:
all PCs can access Internet
1CHAP
NATDHCP
172.16.X.0/24
10.0.Y.0/24
DNS server192.168.2.1
VLAN2
USER3
OSPFKey-id=1Pass=“student”MD5 level 7
ISP2 ISP3
USER2USER1
CHAP CHAP
T
T T
VLAN3
23
4 5
6 7
NAT
192.168.X.0/24
VTP ver2Domain: bkacadPass=“redblue”Vlan2: TechnicalVlan3: Admin
SW2(Client)
SW3(Client)
Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7
Lab1:Y=6Lab2:Y=6Lab3:Y=8
13
Open Lab 1
WEB Server2(www.yahoo.com)
Router1
LAN4
LAN5
LAN7LAN2
LAN1 LAN8
Switch1
WAN
S0/1S0/0
F0/0 F0/0Loopback2 Loopback7
DNS Server
DHCPServer1
PC2
Router2
Switch2
TFTPServer
DHCPServer2
WEB Server1(www.cisco.com)
Loopback3LAN3 LAN6Loopback6F0/1 F0/1
PC1 PC3 PC4
Switch3 Switch4
14
NS2 Skill Practice
HUB+DHCP server+EzVPN server for SP2
SP1+CA
+EzVPN server for mobile users
SP2+EzVPN client
SP3+DHCP client
SP5+EzVPN server for mobile users
SP4+EzVPN server for mobile users
1
2
3
4
5
31
2
3
4
5
100
ISP
Mobile users
100
15
NS1- OpenLab1
• Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM …
• Configure 802.1X on SW-2950 for Inside users.• Inside users can access to DMZ, Internet.• Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts.• Tech networks can access into together.
F0/0 F0/0
E0 E0
E1 E1
E2 E2
T T
RIP ver2Outside Network192.168.131.0/24
DMZ1
TECH1
DMZ2
TECH2
INSIDE1 INSIDE2
WEB FTP WEB FTPF0/1 F0/1
AAA ServerSW-3550
ISP
SW-2950
SW-2950 SW-2950
SW-2950
SW-3550
GATE1 GATE2
PIX1 PIX2
Network address1: 10.0.0.0/242,7: 172.16.0.0/243,4,5,6: X.0.0.0/24
1
2
3
4 5
7
6
Outside User
16
NS1- OpenLab2
• Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM …
• Configure 802.1X on SW-2950 for Inside users.• Inside users can access to DMZ, Internet.• Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts.• Tech networks can access into together.
F0/0 F0/0
E0 E0
E1 E1
E2 E2
T T
RIP ver2Outside Network192.168.131.0/24
DMZ1
TECH1
DMZ2
TECH2
INSIDE1 INSIDE2
WEB FTP WEB FTPF0/1 F0/1
AAA ServerSW-3550
ISP
SW-2950
SW-2950 SW-2950
SW-2950
SW-3550
GATE1 GATE2
PIX1 PIX2
Network address1: 10.0.0.0/242,7: 172.16.0.0/243,4,5,6: X.0.0.0/24
1
2
3
4 5
7
6
Outside User
17
NS1- OpenLab2
• Basic configurations: NAT, ACL, Object-group, Vlan, Trunking, Routing
• Outside user can access to the devices by SSH
• Inside user can access to the devices by Telnet, SDM or ASDM
• Outside user can access to DMZ servers
• Eng1 and Eng2 can access into together
SW-2950
SW-2950
Lab-SW
SW-2950
AAA Server
SW-2950
SW-3550 SW-3550
GATE1 GATE2
SITE1 SITE2 SITE3 SITE4
INSIDE1 INSIDE2 INSIDE3 INSIDE4
F0/0
E0
E1
E2
F0/1
F0/0
F0/1
F0/0
F0/1.1
E0
E1
E2
F0/0
F0/1.1
BKACAD network192.168.131.0/24
DMZ1 DMZ4
WEB FTP WEB FTP
SW-2950
Network address1,2,3,4,12: 10.0.X.0/245: 100.0.0.0/246,7,8,9: 200.0.X.0/2410,11: 172.16.0.0/24
1 2 3 4
125
6 7 8 9
10 11
F0/1.2 F0/1.2
ENG1 ENG2
Outside User Outside User
• Enable Authentication-Proxy, Cut-through
• Configure FTP, HTTP Inspection
• Mitigate layer 2 attack
18
LabS2- RIP version1
Tasks:• Basic Router configuration:
– Hostname– Passwords– Banner Message– Descriptions– Host Table– disable the Name Service– Logging Synchronous– …
• Basic RIPv1 configuration :– Enable RIP– Passive interfaces– Configure and propagate the default route– Create and redistribute the static route
• Configuring the Servers, PCs• Backing up configuration files on the TFTP server• Verifying and Troubleshooting:
– Show– Telnet– Ping– Traceroute, Tracert– Debug
ISP
GATE
SITE1
SITE2
SITE3
WEB(www.bkacad.com) DNS
200.200.X.0/24
RIP172.16.X.0/24
1
2
3
4
5
8
7
PC1
TFTP
SITE1:+1SITE2:+2SITE3:+3GATE:+4ISP:+5
External LAN30.30.30.0/24
6
19
10.0.0.1/16
10.0.0.2/24
10.1.0.1/16 10.2.0.1/16
RIP version1
20
LabS2- OpenLab1
EIGRP 55155.55.X.0/24
RIP ver2177.77.X.0/24
OSPF133.33.X.0/24
Default Route200.200.200.0/24
1
2
3
4
5
6
8 9
10
7
11
13
12
16
17
18
20
19
HoanKiem BaDinh
HaiBaTrung
ThanhXuan
CauGiayTayHo
SW1
Ext LANs172.0.0.0/16…172.127.0.0/16
Ext LANs192.168.0.0/24…192.168.255.0/24
Backup Route100.100.100.0/24
(HaTay only)
(DR)
(BDR)
15 14
HaTay
(config)# router ospf {process-id}(config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}](config)# router rip(config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value}(config)# router eigrp {as_number}(config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
Ext LANs172.128.0.0/16…172.255.0.0/16
key-id=1password=”green123"MD5
Key=2Key-string=”blue123" MD5
Key=3Key-string=”cyan123"MD5
password=”green123"clear text
21
LabS4-Load Balancing
• Tasks:– Multilink: use interface Multilink– DHCP– Load Balancing: enable Process Switching– RIP ver2:
• MD1, MD2, MD3, GATE• GATE: propagate subnets 172.16.X.0/24 only• Change RIP timer
• distribute-list command:(config-router)# distribute-list {access-list} { in | out } [ interface ]
• Adjust static route:(config)# ip route static adjust-time {seconds}
NAT/PAT
NAT/PAT
FPT VNN VIETTEL
10.0.Y.0/24
MD1MD2
MD3
F0/0F0/0
F0/0
F0/0
F0/1
GATE
F0/0F0/0
F0/0
SW-ALab-SW
SW-B
SW-C
DHCP
200.0.X.0/24
172.16.X.0/24
4 5 6
2 4
5
PAP PAP PAPCHAP CHAP CHAP
Vlan2 Vlan3
Vlan4
Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7Lab1,2:Y=6Lab3:Y=8Lab4,5:Y=4Lab6:Y=5
RIP ver2
3
T
22
LabS3- STP
Tasks:• Configuring VTP:
– VTP ver2– VTP domain: ccna– VTP password: cisco123– SW1: server; SW2,SW3: clients– Vlan10: teacher– Vlan20: student– Vlan30: admin– Vlan99: management; 10.0.X.0/24
• Configuring STP:– SW1: root bridge– PortFast– UplinkFast– BackboneFast
• Troubleshooting: show, debug …
SW1
SW2SW3
F0/1
F0/2
F0/3F0/4
F0/3F0/4F0/1F0/5
F0/2
F0/6
F0/5
F0/6
T T
TF0/10 F0/10
F0/9
Lab-SW
23
LabS3- OpenLab1
GATE
BR
SITE1
SITE2
SITE3
SITE4
S0/0
S0/1
S0/1 S0/1
S0/0 S0/0T
F0/0
F0/0 F0/0
1 2
3
20
30
4
5
6
7
8
9
10
11
12
13
• VTP:
Ver 2
Domain: ccna
Password: 1234
SW1: server; SW2,SW3: client
• VLANs:
Vlan20: teacher; 144.44.20.0/24
Vlan30: student; 144.44.30.0/24
Vlan99: management; 144.44.99.0/24
SW1 (Server)
SW2 (Client)SW3 (Client)
T T
RIP ver2133.33.X..0/24
OSPF144.44.X..0/24
EIGRP,55155.55.X..0/24
EIGRP,66166.66.X..0/24
Default route:200.200.200.0/24
OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7RIPv2 Authentication: key=2 key-string=blue123 MD5EIGRP Authentication: key=3 key-string=red123 MD5
Ra:+1
Rb:+2
Rc:+3
Rd:+4
Re:+5
Rf:+6
Rg:+7
SW1:+8
SW2:+9
SW3:+10
24
LabS3- OpenLab2
GATE
AP
SITE1
BR1
SITE2
SITE3
BR2
Default route:200.200.200.0/24
10
1 2
10
20
30
3
4
5
6
7
8
40
50
9
11
12
T
T T
RIP ver2133.33.X.0/24
OSPF155.55.X.0/24
EIGRP, AS=77177.77.X.0/24
VTP ver2 domain name: BKACAD password: ciscoVLANs Vlan40: teacher Vlan50: student
SW2 (server) SW3 (client)
SW1 (server)
WLAN Local IP:172.16.0.0/24 DNS: 203.162.0.181 210.245.0.11 Mode: Mixed SSID: CCNA Channel: 11 Authentication: Auto Encryption: WPA2 Access Restriction: - deny access to www.bbc.com website - deny Telnet trafficsVLANs Vlan10: technic Vlan20: staff Vlan30: admin
OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7RIPv2 Authentication: key=2 key-string=blue123 MD5EIGRP Authentication: key=3 key-string=red123 MD5
Ra:+1
Rb:+2
Rc:+3
Rd:+4
Re:+5
Rf:+6
Rg:+7
SW1:+8
SW2:+9
SW3:+10
25
WLAN Local IP:172.16.0.0/24 DNS: 203.162.0.181 208.67.222.222 Mode: Mixed SSID: CCNA Channel: 11 Authentication: Auto Encryption: WPA Access Restrictions: - deny access to www.24h.com website - deny Telnet, FTP trafficsVLANs Vlan10: student; 144.44.10.0/24 Vlan20: teacher; 144.44.20.0/24 Vlan30: sale; 144.44.30.0/24 Vlan99: management; 144.44.99.0/24VTP ver2 Domain name: STUDENT Password: cisco123 SW1: server; SW2,SW3: clientSTP SW1: the primary root for Vlan10 the secondary root for Vlan20 SW2: the primary root for Vlan20 the secondary root for Vlan30 SW3: the primary root for Vlan30 BackboneFast, UplinkFast, PortFast, udld, BPDU Guard
LabS3- OpenLab4
Default route:192.168.X.0/24
BR
SITE3
SITE1 SITE2
SW1(client)
SW2(client)
SW3(server)
502010
5
40
3
2 4
1
T
T
T T
30
OSPF
144.44.X.0/24key-id=2password=red123MD5
GATE
RIP ver2
155.55.X.0/24key=3key-string=cyan123MD5
NAT/PAT
(Configure by Instructor)
ftp://121.100.48.11Username:cisco
Password: sadikhov
6
Lab-SW
EIGRP, AS=33
133.33.X.0/24key=1key-string=blue123MD5
26
LabS4- PAP - CHAP
Objectives:1. Configuring PPP2. Configuring PAP, CHAP authentication: the username must match the hostname 3. Verifying and Troubleshooting:
- show - debug ppp authentication
- debug ppp packet- ...
4. Other: - The hostname on one router don’t match the username that the other router has configured. - The passwords don’t match (PAP only)
Subnet address: 172.16.X.0/24Authentication password: 0101X; X=[1,3,5,7,9]
SITE2
S0/0S0/1
S0/0
S0/1
S0/0
S0/1S0/0
S0/0
S0/1
S0/1
S0/0
S0/1
CHAP
PAP
CHAP
CHAP PAP
PAP
CHAPPAP
CHAP
PAP
PAP
CHAP
SITE3
SITE4
SITE5 SITE6
5 1
2
3
4
6
7
8 10
9
11
12
SITE1
27
LabS4- Full Mesh Frame Relay
SITE1 SITE2
SITE4 SITE3
S0/0
S0/1
S0/1
S0/0
S0/2
S0/1
S0/3
S0/0
28
LabS4- NAT/PAT
• Notes:– MD1,MD2,MD3: Enable PAT with the interface– FW1,FW2,FW3: Enable dynamic NAT with the pool. Configure DHCP servers.– SW2: Create Vlans 10,20,30– MD1,MD2,MD3: Interface F0/0 assigned an IP address automatically
S0/0
S0/1
S0/0
S0/1
S0/0
S0/1
F0/0 F0/0 F0/0
F0/0 F0/0 F0/0
SW1
MD1
MD2 MD3
FW1
FW2
FW3
Lab-SW
SW2
1 2 3
10
PC1 PC2 PC3
PAT (Interface)
NAT (Dynamic)/ DHCP
DHCP Pool:
Excluded-Address: 172.16.X.1 –
172.16.X.10
DNS server: 203.162.0.181,
210.245.0.11
Duration: 3days, 3hours, 30 minutes
10.0.Y.0/24
Y=[4,5,6,8]
192.168.X.0/24
172.16.X.0/24
NAT Pool:
192.168.X.10 – 192.168.X.20/24
20
30