CCNA Labs

1

CCNA Labs

2

Cisco Icons and Symbols

Access Server

Switch Router Multilayer Switch

Digital Signal Processor

DSPDSP

Cisco CallManager Server

File ServerPersonal Computer

Cisco IP Phone

Voice Gateway Router

WAN “Cloud” VLAN or Cluster(Color May Vary)

PBX PSTN “Cloud”

Ethernet Serial Line Fast Ethernet Circuit-SwitchedLine

3

Cisco Icons and Symbols

Impo

rt 10

0:10

2

Metro NetworkDWDM/SONET/Ethernet

4

LabS2- Basic Router Configuration

Objectives: In this lab, students configure some basic router settings:

1. Router name.

2. Router passwords:console, vty, enable password, perform password encryption.

3. Serial interfaces, FastEthernet interfaces.

4. Interface description.

5. Login banners.

6. Host name resolution.

7. Using Router show commands.

8. Making configuration changes.

9. Backing up configuration files, IOS on TFTP servers.

10. Capture the configuration .

11. Verifying and Troubleshooting: show, telnet, ping, traceroute

RA RB RC RD RE RF

S0/0 S0/1 S0/0 S0/1 S0/0 S0/1 S0/0 S0/1 S0/0 S0/1

SW1

Lab-SW TFTP Server

172.16.X.0/24

1 2 3 4 5

F0/0.10

F0/0.11

F0/0.12

F0/0.13

F0/0.14

F0/0.15

10.0.Y.0/24

RA:+1RB:+2RC:+3RD:+4RE:+5RF:+6Lab1, Lab2:Y=6Lab3: Y=8

5

LabS2- Managing Cisco IOS Software

Objectives: 1. Using the boot system command2. Configuration Register3. Managing configuration files using TFTP 4. Managing configuration files using copy and paste 5. Managing IOS images using TFTP 6. Download using TFTP from ROMmon7. Password Recovery8. Verifying and Troubleshooting: show, telnet, ping, traceroute

RA RB RC

TFTP Server

F0/0.10

F0/0.11

Network:10.0.Y.0/24Lab1, Lab2:Y=6Lab3: Y=8

F0/0.12

F0/0.13 F0/0

.14

F0/0.15RD

RERF

LAB-SW

6

LabS3-RIP-OSPF-EIGRP

GATE1

SW1

BORDER

OFF1

OFF2

OFF3

SW2

Default route1: 20.0.0.0/24

Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7

1

Objectives:1. Configuring RIP ver2, EIGRP,

OSPF routing protocols2. Propagating a default route (use one

and only):1. Default route 12. Default route 23. Default route 3

3. Redistrbute RIP, OSPF, EIGRP routes

4. Enable MD5 authentication 5. Verifying and Troubleshooting

GATE2

GATE3



OSPF, 172.16.X.0/24

EIGRP 88, 173.17.X.0/24

RIP ver2174.18.X.0/24

2

3

4

5

6

7

8

9

key-id=1key-string=”green123"mode MD5 level 7

Key=2key-string=”blue123"mode MD5

7

LabS2b-RIP-EIGRP-OSPF


Objectives:1. Propagate the default route (use one and

only):Default route 1 or Default route 2 or

Default route 32. OFF router: Disable routing protocol3. GATE1: configure and redistribute static

routes to 16,17,18 subnets

OSPF authentication: key-id=1 password=red123 MD5 level 7

RIP authentication: key=2 key-string=blue123 MD5

EIGRP authentication: key=3 key-string=green123 MD5

BR2

CENTER

GATE2

OFF


1

GATE1

BR3



OSPF, 133.33.X.0/24

EIGRP 55, 155.55.X.0/24 RIP ver2144.44.0/24

2

3

13

15

16

7

8

10

4

5

6

EIGRP 22, 122.22.X.0/24

GATE3

OSPF, 166.66.X.0/24

11

9

12

1718

14

Disable routing protocol

(config)# router ospf {process-id}(config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}](config)# router rip(config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value}(config)# router eigrp {as_number}(config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }

8

LabS2-OpenLab2


BR1

BR2

GATE1

GATE3


1

GATE2

BR3



OSPF, 177.77.X.0/24

EIGRP 88, 155.55.X.0/24

RIP ver2122.22.X.0/24

2

6

8

11

14

16

key-id=1password=”green123"MD5

Key=2Key-string=”blue123" MD5

3

9

10

7

4

5

12

13

15

Key=4Key-string=”cyan123"MD5


key-id=3password=”red123"MD5

OSPF, 133.33.X.0/24

Objectives:1. Propagate the default route (use one and

only): Default route 1 or Default route 2 or Default route 3

2. Redistrbute RIP, OSPF, EIGRP routes3. Enable MD5 authentication

9

LabS2- RIPv2-EIGRP-OSPF


BR1

BR2

SITE1

SITE3

1

GATE

BR3

Default route: 200.200.200.0/24

EIGRP AS=44, 144.44.X.0/24

RIPver2, 133.33.X.0/24

OSPF122.22.X.0/24

4

7

8

11

14

16

3

9

10

5

6

12

13

15


19

EIGRP AS=55, 155.55.X.0/24

SITE2

2

18

17

S0/0

S0/1

SW1SW2

S0/0

S0/1

S0/1

S0/0

S0/0S0/1

F0/0 F0/1

Ext LANs172.0.0.0/16

…172.255.0.0/16

Ext LANs173.0.0.0/16

…173.255.0.0/16

Ext LANs174.0.0.0/16

…174.255.0.0/16

F0/0F0/1

10

LabS3-Switch Configuration

GATE1

SW1

SW3

Objectives:1. Configuring RIP routing protocol2. Resetting the switch defaults3. Assigning the switch host name and password4. Assigning the switch IP address and Default gateway 5. Enabling HTTP service and port on all switchs6. Configuring static MAC addresses7. Configuring port security8. Back up the IOS to a local TFTP server9. Password recovery (reference: CCNA3_lab_6_2_8_en.pdf )10. Verifying and Troubleshooting: show, debug, ping,

traceroute, telneton switchs: debug ip packet, debug ip icmp, show mac-address-table, show arp, clear mac-address-table dynamic ...

GATE2

RIP ver2172.16.X.0/24

3

12

SW2


Sw1:+8Sw2:+9

Sw3:+10

PC11 PC12

PC21 PC22 PC23 PC24

TFTPServer1

TFTPServer2

11

LabS4-NAT-DHCP-PPP

SW1

ISP1

Objectives:1. Configuring OSPF routing protocol

in ISP area2. Configuring PPP-Multilink, CHAP

(one-way), NAT, DHCP, ACLs3. Verifying and Troubleshooting

200.0.X.0/24

1 2 3

CHAP CHAP CHAP

NATDHCP

NATDHCP

NATDHCP 172.16.X.0/24

4

ISP2ISP3

USER3USER2

USER1

5 6

7 8 9


200.0.X.0/24

OSPFKey-id=1Pass=“student”MD5 level 7

12

LabS4-NAT-DHCP-PPP-VLANs

SW1(Server)

ISP1

Objectives:1. Configuring OSPF routing protocol

in user area2. Configuring PPP, CHAP (bi-

direction), NAT, DHCP, ACLs3. Configuring Vlans, VTP4. Verifying and Troubleshooting:

all PCs can access Internet

1CHAP

NATDHCP

172.16.X.0/24

10.0.Y.0/24

DNS server192.168.2.1

VLAN2

USER3

OSPFKey-id=1Pass=“student”MD5 level 7

ISP2 ISP3

USER2USER1

CHAP CHAP

T

T T

VLAN3

23

4 5

6 7

NAT

192.168.X.0/24

VTP ver2Domain: bkacadPass=“redblue”Vlan2: TechnicalVlan3: Admin

SW2(Client)

SW3(Client)


Lab1:Y=6Lab2:Y=6Lab3:Y=8

13

Open Lab 1

WEB Server2(www.yahoo.com)

Router1

LAN4

LAN5

LAN7LAN2

LAN1 LAN8

Switch1

WAN

S0/1S0/0

F0/0 F0/0Loopback2 Loopback7

DNS Server

DHCPServer1

PC2

Router2

Switch2

TFTPServer

DHCPServer2

WEB Server1(www.cisco.com)

Loopback3LAN3 LAN6Loopback6F0/1 F0/1

PC1 PC3 PC4

Switch3 Switch4

14

NS2 Skill Practice

HUB+DHCP server+EzVPN server for SP2

SP1+CA

+EzVPN server for mobile users

SP2+EzVPN client

SP3+DHCP client

SP5+EzVPN server for mobile users

SP4+EzVPN server for mobile users

1

2

3

4

5

31

2

3

4

5

100

ISP

Mobile users

100

15

NS1- OpenLab1

• Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM …

• Configure 802.1X on SW-2950 for Inside users.• Inside users can access to DMZ, Internet.• Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts.• Tech networks can access into together.

F0/0 F0/0

E0 E0

E1 E1

E2 E2

T T

RIP ver2Outside Network192.168.131.0/24

DMZ1

TECH1

DMZ2

TECH2

INSIDE1 INSIDE2

WEB FTP WEB FTPF0/1 F0/1

AAA ServerSW-3550

ISP

SW-2950

SW-2950 SW-2950

SW-2950

SW-3550

GATE1 GATE2

PIX1 PIX2

Network address1: 10.0.0.0/242,7: 172.16.0.0/243,4,5,6: X.0.0.0/24

1

2

3

4 5

7

6

Outside User

16

NS1- OpenLab2

• Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM …

• Configure 802.1X on SW-2950 for Inside users.• Inside users can access to DMZ, Internet.• Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts.• Tech networks can access into together.

F0/0 F0/0

E0 E0

E1 E1

E2 E2

T T

RIP ver2Outside Network192.168.131.0/24

DMZ1

TECH1

DMZ2

TECH2

INSIDE1 INSIDE2

WEB FTP WEB FTPF0/1 F0/1

AAA ServerSW-3550

ISP

SW-2950

SW-2950 SW-2950

SW-2950

SW-3550

GATE1 GATE2

PIX1 PIX2

Network address1: 10.0.0.0/242,7: 172.16.0.0/243,4,5,6: X.0.0.0/24

1

2

3

4 5

7

6

Outside User

17

NS1- OpenLab2

• Basic configurations: NAT, ACL, Object-group, Vlan, Trunking, Routing

• Outside user can access to the devices by SSH

• Inside user can access to the devices by Telnet, SDM or ASDM

• Outside user can access to DMZ servers

• Eng1 and Eng2 can access into together

SW-2950

SW-2950

Lab-SW

SW-2950

AAA Server

SW-2950

SW-3550 SW-3550

GATE1 GATE2

SITE1 SITE2 SITE3 SITE4

INSIDE1 INSIDE2 INSIDE3 INSIDE4

F0/0

E0

E1

E2

F0/1

F0/0

F0/1

F0/0

F0/1.1

E0

E1

E2

F0/0

F0/1.1

BKACAD network192.168.131.0/24

DMZ1 DMZ4

WEB FTP WEB FTP

SW-2950

Network address1,2,3,4,12: 10.0.X.0/245: 100.0.0.0/246,7,8,9: 200.0.X.0/2410,11: 172.16.0.0/24

1 2 3 4

125

6 7 8 9

10 11

F0/1.2 F0/1.2

ENG1 ENG2

Outside User Outside User

• Enable Authentication-Proxy, Cut-through

• Configure FTP, HTTP Inspection

• Mitigate layer 2 attack

18

LabS2- RIP version1

Tasks:• Basic Router configuration:

– Hostname– Passwords– Banner Message– Descriptions– Host Table– disable the Name Service– Logging Synchronous– …

• Basic RIPv1 configuration :– Enable RIP– Passive interfaces– Configure and propagate the default route– Create and redistribute the static route

• Configuring the Servers, PCs• Backing up configuration files on the TFTP server• Verifying and Troubleshooting:

– Show– Telnet– Ping– Traceroute, Tracert– Debug

ISP

GATE

SITE1

SITE2

SITE3

WEB(www.bkacad.com) DNS

200.200.X.0/24

RIP172.16.X.0/24

1

2

3

4

5

8

7

PC1

TFTP

SITE1:+1SITE2:+2SITE3:+3GATE:+4ISP:+5

External LAN30.30.30.0/24

6

19

10.0.0.1/16

10.0.0.2/24

10.1.0.1/16 10.2.0.1/16

RIP version1

20

LabS2- OpenLab1

EIGRP 55155.55.X.0/24

RIP ver2177.77.X.0/24

OSPF133.33.X.0/24

Default Route200.200.200.0/24

1

2

3

4

5

6

8 9

10

7

11

13

12

16

17

18

20

19

HoanKiem BaDinh

HaiBaTrung

ThanhXuan

CauGiayTayHo

SW1

Ext LANs172.0.0.0/16…172.127.0.0/16

Ext LANs192.168.0.0/24…192.168.255.0/24

Backup Route100.100.100.0/24

(HaTay only)

(DR)

(BDR)

15 14

HaTay


Ext LANs172.128.0.0/16…172.255.0.0/16

key-id=1password=”green123"MD5

Key=2Key-string=”blue123" MD5

Key=3Key-string=”cyan123"MD5

password=”green123"clear text

21

LabS4-Load Balancing

• Tasks:– Multilink: use interface Multilink– DHCP– Load Balancing: enable Process Switching– RIP ver2:

• MD1, MD2, MD3, GATE• GATE: propagate subnets 172.16.X.0/24 only• Change RIP timer

• distribute-list command:(config-router)# distribute-list {access-list} { in | out } [ interface ]

• Adjust static route:(config)# ip route static adjust-time {seconds}

NAT/PAT

NAT/PAT

FPT VNN VIETTEL

10.0.Y.0/24

MD1MD2

MD3

F0/0F0/0

F0/0

F0/0

F0/1

GATE

F0/0F0/0

F0/0

SW-ALab-SW

SW-B

SW-C

DHCP

200.0.X.0/24

172.16.X.0/24

4 5 6

2 4

5

PAP PAP PAPCHAP CHAP CHAP

Vlan2 Vlan3

Vlan4

Ra:+1Rb:+2Rc:+3Rd:+4Re:+5Rf:+6Rg:+7Lab1,2:Y=6Lab3:Y=8Lab4,5:Y=4Lab6:Y=5

RIP ver2

3

T

22

LabS3- STP

Tasks:• Configuring VTP:

– VTP ver2– VTP domain: ccna– VTP password: cisco123– SW1: server; SW2,SW3: clients– Vlan10: teacher– Vlan20: student– Vlan30: admin– Vlan99: management; 10.0.X.0/24

• Configuring STP:– SW1: root bridge– PortFast– UplinkFast– BackboneFast

• Troubleshooting: show, debug …

SW1

SW2SW3

F0/1

F0/2

F0/3F0/4

F0/3F0/4F0/1F0/5

F0/2

F0/6

F0/5

F0/6

T T

TF0/10 F0/10

F0/9

Lab-SW

23

LabS3- OpenLab1

GATE

BR

SITE1

SITE2

SITE3

SITE4

S0/0

S0/1

S0/1 S0/1

S0/0 S0/0T

F0/0

F0/0 F0/0

1 2

3

20

30

4

5

6

7

8

9

10

11

12

13

• VTP:

Ver 2

Domain: ccna

Password: 1234

SW1: server; SW2,SW3: client

• VLANs:

Vlan20: teacher; 144.44.20.0/24

Vlan30: student; 144.44.30.0/24

Vlan99: management; 144.44.99.0/24

SW1 (Server)

SW2 (Client)SW3 (Client)

T T

RIP ver2133.33.X..0/24

OSPF144.44.X..0/24

EIGRP,55155.55.X..0/24

EIGRP,66166.66.X..0/24

Default route:200.200.200.0/24

OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7RIPv2 Authentication: key=2 key-string=blue123 MD5EIGRP Authentication: key=3 key-string=red123 MD5

Ra:+1

Rb:+2

Rc:+3

Rd:+4

Re:+5

Rf:+6

Rg:+7

SW1:+8

SW2:+9

SW3:+10

24

LabS3- OpenLab2

GATE

AP

SITE1

BR1

SITE2

SITE3

BR2

Default route:200.200.200.0/24

10

1 2

10

20

30

3

4

5

6

7

8

40

50

9

11

12

T

T T

RIP ver2133.33.X.0/24

OSPF155.55.X.0/24

EIGRP, AS=77177.77.X.0/24

VTP ver2 domain name: BKACAD password: ciscoVLANs Vlan40: teacher Vlan50: student

SW2 (server) SW3 (client)

SW1 (server)

WLAN Local IP:172.16.0.0/24 DNS: 203.162.0.181 210.245.0.11 Mode: Mixed SSID: CCNA Channel: 11 Authentication: Auto Encryption: WPA2 Access Restriction: - deny access to www.bbc.com website - deny Telnet trafficsVLANs Vlan10: technic Vlan20: staff Vlan30: admin

OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7RIPv2 Authentication: key=2 key-string=blue123 MD5EIGRP Authentication: key=3 key-string=red123 MD5

Ra:+1

Rb:+2

Rc:+3

Rd:+4

Re:+5

Rf:+6

Rg:+7

SW1:+8

SW2:+9

SW3:+10

25

WLAN Local IP:172.16.0.0/24 DNS: 203.162.0.181 208.67.222.222 Mode: Mixed SSID: CCNA Channel: 11 Authentication: Auto Encryption: WPA Access Restrictions: - deny access to www.24h.com website - deny Telnet, FTP trafficsVLANs Vlan10: student; 144.44.10.0/24 Vlan20: teacher; 144.44.20.0/24 Vlan30: sale; 144.44.30.0/24 Vlan99: management; 144.44.99.0/24VTP ver2 Domain name: STUDENT Password: cisco123 SW1: server; SW2,SW3: clientSTP SW1: the primary root for Vlan10 the secondary root for Vlan20 SW2: the primary root for Vlan20 the secondary root for Vlan30 SW3: the primary root for Vlan30 BackboneFast, UplinkFast, PortFast, udld, BPDU Guard

LabS3- OpenLab4

Default route:192.168.X.0/24

BR

SITE3

SITE1 SITE2

SW1(client)

SW2(client)

SW3(server)

502010

5

40

3

2 4

1

T

T

T T

30

OSPF

144.44.X.0/24key-id=2password=red123MD5

GATE

RIP ver2

155.55.X.0/24key=3key-string=cyan123MD5

NAT/PAT

(Configure by Instructor)

ftp://121.100.48.11Username:cisco

Password: sadikhov

6

Lab-SW

EIGRP, AS=33

133.33.X.0/24key=1key-string=blue123MD5

26

LabS4- PAP - CHAP

Objectives:1. Configuring PPP2. Configuring PAP, CHAP authentication: the username must match the hostname 3. Verifying and Troubleshooting:

- show - debug ppp authentication

- debug ppp packet- ...

4. Other: - The hostname on one router don’t match the username that the other router has configured. - The passwords don’t match (PAP only)

Subnet address: 172.16.X.0/24Authentication password: 0101X; X=[1,3,5,7,9]

SITE2

S0/0S0/1

S0/0

S0/1

S0/0

S0/1S0/0

S0/0

S0/1

S0/1

S0/0

S0/1

CHAP

PAP

CHAP

CHAP PAP

PAP

CHAPPAP

CHAP

PAP

PAP

CHAP

SITE3

SITE4

SITE5 SITE6

5 1

2

3

4

6

7

8 10

9

11

12

SITE1

27

LabS4- Full Mesh Frame Relay

SITE1 SITE2

SITE4 SITE3

S0/0

S0/1

S0/1

S0/0

S0/2

S0/1

S0/3

S0/0

28

LabS4- NAT/PAT

• Notes:– MD1,MD2,MD3: Enable PAT with the interface– FW1,FW2,FW3: Enable dynamic NAT with the pool. Configure DHCP servers.– SW2: Create Vlans 10,20,30– MD1,MD2,MD3: Interface F0/0 assigned an IP address automatically

S0/0

S0/1

S0/0

S0/1

S0/0

S0/1

F0/0 F0/0 F0/0

F0/0 F0/0 F0/0

SW1

MD1

MD2 MD3

FW1

FW2

FW3

Lab-SW

SW2

1 2 3

10

PC1 PC2 PC3

PAT (Interface)

NAT (Dynamic)/ DHCP

DHCP Pool:

Excluded-Address: 172.16.X.1 –

172.16.X.10

DNS server: 203.162.0.181,

210.245.0.11

Duration: 3days, 3hours, 30 minutes

10.0.Y.0/24

Y=[4,5,6,8]

192.168.X.0/24

172.16.X.0/24

NAT Pool:

192.168.X.10 – 192.168.X.20/24

20

30

Documents

CCNA Labs