Icnd 210 Cag

ICND2

Interconnecting Cisco Networking Devices Part 2 Course Administration Guide

For Student Guide Version 1.0

Text Part Number: N/A

DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS.” CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.

ICND2

Course Management

Cisco CCNA Curriculum Changes in 2007 Designed to Job Tasks

The CCNA® curriculum was revised in 2007 to teach and test on-the-job tasks, skills, and knowledge that are expected of a CCNA graduate. The following course and exam objectives were designed from the job tasks.

Describe how a network works

— Describe the purpose and functions of various network devices

— Select the components required to meet a network specification

— Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network

— Describe common networked applications including web applications

— Describe the purpose and basic operation of the protocols in the OSI and TCP models

— Describe the implementation of VoIP in a small network

— Interpret network diagrams

— Determine the path between two hosts across the Internet

— Describe the components required for network and Internet communications

— Identify and correct common network problems at Layers 1, 2, 3, and 7 using a layered model approach

— Differentiate between LAN and WAN operation and features

Configure, verify, and troubleshoot a switch with VLANs and inter switch communications

— Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts

— Explain the technology and media access control method for Ethernet networks

— Explain network segmentation and basic traffic management concepts

— Explain basic switching concepts and the operation of Cisco switches

2 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.

— Perform and verify initial switch configuration tasks including remote access management

— Verify network status and switch operation using basic utilities (ping, traceroute, Telnet, SSH, ARP, ipconfig), show and debug commands

— Identify and resolve common switched network media issues, configuration issues, autonegotiation, and SwitchHardware failures

— Describe enhanced switching technologies (VTP, RSTP, VLAN, PVSTP, 802.1Q)

— Describe how VLANs create logically separate networks and the need for routing between them

— Configure, verify, and troubleshoot VLANs

— Configure, verify, and troubleshoot trunking on Cisco switches

— Configure, verify, and troubleshoot inter-VLAN routing

— Configure, verify, and troubleshoot VTP

— Configure, verify, and troubleshoot RSTP operation

— Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network

— Implement basic switch security (port security, unassigned ports, trunk access, management VLAN other than VLAN 1, and so on)

Implement an IP addressing scheme and IP services to meet network requirements

— Describe the operation and benefits of using private and public IP addressing

— Explain the operation and benefits of using DHCP and DNS

— Configure, verify, and troubleshoot DHCP operation on a router

— Implement static and dynamic addressing services for hosts in a LAN environment.

— Configure a device to support NAT and DHCP

— Calculate and apply a VLSM IP addressing design to a network

— Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in LAN and WAN environments

— Describe the technological requirements for running IPv6 (such as, protocols, dual stack, tunneling, and so on)

— Describe IPv6 addresses

— Identify and correct common problems associated with IP addressing and host configurations

— Configure, verify, and troubleshoot basic router operation and routing on Cisco devices

— Describe basic routing concepts (packet forwarding and router lookup process)

— Describe the operation of Cisco routers (router bootup process, POST, and router components)

— Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts

— Configure, verify, and troubleshoot RIPv2

© 2007 Cisco Systems, Inc. Course Administration Guide 3

— Access and use the router CLI to set basic parameters

— Connect, configure, and verify the operation status of a device interface

— Verify device configuration and network connectivity using ping, traceroute, telnet, SSH, or other utilities

— Perform and verify routing configuration tasks for a static or default route given specific routing requirements

— Manage Cisco IOS configuration files (save, edit, upgrade, and restore)

— Manage Cisco IOS Software images

— Compare and contrast methods of routing and routing protocols

— Configure, verify, and troubleshoot OSPF

— Configure, verify, and troubleshoot EIGRP

— Verify configuration and connectivity using ping, traceroute, and Telnet or SSH

— Troubleshoot routing implementation issues

— Verify router hardware and software operation using show and debug commands.

— Implement basic router security

— Install a small wireless network

— Describe standards associated with wireless media (802.11a, b, g, and n and Wi-Fi)

— Identify and describe the purpose of the components in a small wireless network

— Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point

— Describe wireless security concerns and explain how to configure WPA security (open, WEP, WPA1, and WPA2)

— Identify common issues with implementing wireless networks

— Identify security threats to a small network and describe general methods to mitigate those threats

— Describe modern, increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats

— Explain general methods to mitigate common security threats to network devices, hosts, and applications

— Describe the functions of common security appliances and applications

— Describe security recommended practices including initial steps to secure network devices

— Describe the components of a VPN (importance, benefits, role, and impact)

— Identify Cisco VPN Client issues

— Implement and troubleshoot NAT and ACLs.

— Describe the purpose and types of ACLs

— Configure and apply ACLs based on network filtering requirements

— Configure and apply an ACL to limit Telnet and SSH access to the router

— Verify and monitor ACLs in a network environment


— Troubleshoot ACL implementation issues

— Explain the basic operation of NAT

— Use CLI to configure NAT with specific network requirements

— Troubleshoot NAT implementation issues

— Implement and verify WAN links

— Describe different methods for connecting to a WAN

— Configure and verify a basic WAN serial connection

— Configure and verify Frame Relay on Cisco routers

— Configure and verify a PPP connection between Cisco routers

— Troubleshoot WAN implementation issues

CCNA Curriculum in the Certification Pyramid Changes to the CCNA curriculum are intended to maintain the integrity and quality of the CCNA certification as the premier industry networking certification. CCNA certification remains the foundation for Professional- and Expert-level certifications, and for many Specialist certifications.

The CCNA curriculum was adjusted in mid-2007 to better fit and prepare for the Cisco CCNP® curriculum, as revised earlier in 2007. Topics and skills are introduced in CCNA as preparation for further study in the CCNP curriculum. The Course Administration Guides (CAGs) of each course within the curriculum specify the depth to teach on these topics, and when to recommend more advanced courses to students.

The Cisco Certified Entry Networking Technician (CCENT™) certification was introduced in mid-2007. The CCENT certification is attained by passing the Interconnecting Cisco Networking Devices Part 1 (ICND1) exam. This new certification, which is a step below CCNA certification, is a preparation and partial-completion of CCNA certification. CCENT certification may also be used as a prerequisite for specializations that do not require all of the skills and knowledge of CCNA certification.

During the transition from Introduction to Cisco Networking Technologies (INTRO) and ICND to ICND1 and ICND2, the CCNA certification website details how to qualify for CCNA certification by passing combinations of the INTRO, ICND, and CCNA exams and the ICND1, ICND2, and CCNA exams.

ICND1 and ICND2 Compared to INTRO and ICND Designed to Job Tasks

The CCNA curriculum was revised to base all topics and activities on the job tasks that are expected of a CCNA graduate. Course objectives were revised to teach and practice these job tasks. The list of job tasks for the curriculum was subdivided into task lists for each course. Each task list includes all skills and knowledge taught in the course, and the CAG specifies the depth to teach for each task. The course task list is detailed in the CAG for the course.


Two Equally Balanced Parts The CCNA curriculum is now composed of two balanced courses. Each course is a self-contained course with labs positioned throughout to practice skills soon after discussion. Each is a five-day course.

ICND1 Goal: Upon completing the ICND1 course, the learner should have the knowledge and skills necessary to install, operate, and troubleshoot a small branch office enterprise network, including configuring a switch, a router, and connecting to a WAN and implementing network security. A learner should be able to complete configuration and implementation of a small branch office network under supervision.

ICND2 Goal: Upon completing the ICND2 course, the learner should have the knowledge and skills necessary to install, operate, and troubleshoot a small to medium-size branch office enterprise network, including configuring several switches and routers, connecting to a WAN, and implementing network security. A learner should be ready to participate on a team to implement a small to medium-size branch office network and to serve on a tier-one help desk or network operating center.

Lessons have been moved from ICND (which is now ICND2) into ICND1. PPP, Network Address Translation (NAT) and Port Address Translation (PAT), and RIP version 2 (RIPv2) are introduced, and configuration skills are developed in ICND1. In ICND2, more advanced skills build on these foundations. This shift of topics results in a more comfortable allotment of time for ICND2.

ICND1 is a prerequisite to ICND2; a learner cannot participate and complete ICND2 without mastering the skills and knowledge of ICND1. Unlike INTRO, ICND1 is not simply a collection of background topics, but it is a complete, self-contained course with frequent lab practices.

Topics Added and Deleted The ISDN and Interior Gateway Routing Protocol (IGRP) topics have been removed because they are outdated and are no longer commonly encountered at an Associate level. The following new topics and lessons were added:

Network security topics and lessons have been added. Learners secure switches, routers, and ports, and implement basic network security. Learners do not design security policy but implement only basic security measures according to a given policy.

Connecting a WLAN to a network was added to ICND1. Only the client security aspects are discussed. The learner is not expected to implement wireless access points. The learner troubleshoots client connectivity. To avoid the expense of adding WLAN equipment, no lab is specified.

Learners are still directed to verify changes and configurations they have made. Troubleshooting topics and lessons have been added to broaden the job tasks of a CCNA graduate. Troubleshooting tasks are positioned as part of day-to-day or “Day Two” activities. CCNA learners would be expected to perform elementary troubleshooting when they are acting as members of a network operations center or help desk.

Although Telnet is still taught, students are encouraged to employ SSH as the preferred method of remotely accessing devices.

Learners are expected to be proficient in configuring with both command-line interface (CLI) and Cisco Router and Security Device Manager (SDM).


Labs have been updated as follows:

ICND1 and ICND2 are each five-day courses, which allows the learner to have more practice in labs. Lab activities are about 40 percent of each course time budget. This lecture-to-lab ratio can be further refined.

Labs occur throughout the courses, requiring students to practice each set of skills and job tasks soon after they are discussed. Labs are positioned within modules but can be collected at the end of each module at the convenience of the instructor or availability of lab equipment.

All labs are designed for remote access.

The lab topology and equipment list are common to both ICND1 and ICND2. Cisco equipment that is currently available, including Cisco Integrated Services Routers, is specified. Note that the specified Cisco IOS Software version introduces a restriction on device naming; this is documented in the CAGs and Lab Guides.

Labs are not “cookbook” labs; students are not expected to rigidly perfom each step in the Lab Guide. The CAG describes how to introduce and conduct each lab. The Lab Guide presents the objective and scenario for the lab and a series of tasks to be performed. A solution or sample is provided at the end of the Lab Guide. The Instructor should reference the CAG and employ the Lab Guide to mentor students during labs, maximizing their hands-on experience.

The concluding lab activity of ICND1 is a “capstone” lab in which the student will pull together all the knowledge and skills of the course to implement a small branch office.

The first module—and the first student activity—of ICND2 is a “warm-up” lab. Learners review and practice the skills and knowledge of the prerequisite ICND1 to implement a small branch office network. This network is the basis for ICND2 labs, in which the student extends the features and functionality of the network. This lab is positioned at the beginning of the ICND2 course for the instructor to assess the students completion of the prerequisites and readiness to deepen their skills and knowledge in ICND2.

Overview Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 is a five-day instructor-led course that focuses on using Cisco Catalyst switches and Cisco routers that are connected in LANs and WANs and are typically found at medium-sized network sites.

Outline The Course Management section of the Course Administration Guide includes these topics:

Overview

Course Instruction Details

Course Delta Information

Course Evaluations

Course Version This course supersedes Interconnecting Cisco Network Devices (ICND) v2.3.


Course Objectives Upon completing this course, the learner will be able to meet these overall objectives:

Review how to configure and troubleshoot a small network

Expand the switched network from a small LAN to a medium-sized LAN with multiple switches, supporting VLANs, trunking, and spanning tree

Describe routing concepts as they apply to a medium-sized network and discuss considerations when implementing routing on the network

Configure, verify, and troubleshoot OSPF

Configure, verify, and troubleshoot EIGRP

Determine how to apply ACLs based on network requirements, and to configure, verify, and troubleshoot ACLs on a medium-sized network

Describe when to use NAT or PAT on a medium-sized network and configure NAT or PAT on routers

Identify and implement the appropriate WAN technology based on network requirements

Target Audience The primary audience for this course is as follows:

Network administrators

Network engineers

Network managers

Systems engineers

The secondary audience for this course is as follows:

Network designers

Project managers

The tertiary audience for this course is as follows:

Program managers

Learner Skills and Knowledge The knowledge and skills that a learner must have before attending this course are as follows:

Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)

The ability to install, configure, and troubleshoot a small network


Course Instruction Details This topic provides the information that you need to prepare the course materials and set up the classroom environment.

Instructor Requirements To teach this course, instructors must have attended the following training or completed the following requirements:

An active Cisco Certified Systems Instructor who has been certified to teach INTRO and ICND must complete the CCNA Instructor Update Briefing.

All other Cisco Certified Systems Instructors in good standing will need to do the following:

— Complete the ICND1 course as a learner.

— Attend the ICND2 course as a learner.

— Pass the CCNA certification test (or both the ICND1 and ICND2 certification tests).

— For instructors who have yet to take the certification test but have completed the courses, certifications will be provisional. The guidelines for ICND instructors apply.

A Cisco Certified Systems Instructor who is certified in technology and is a WAN-certified instructor is part of a “common pool” and may teach courses in either area. All other Cisco Certified Systems Instructors may only teach courses in the area of specialization for which they are certified.

Note Submit questions concerning instructor certification to [email protected].

Classroom Reference Materials These items should be available for the learner during the course:

Student guide

Lab guide

Class Environment This information describes recommended class size and classroom setup:

Room set up classroom style with chairs and tables large enough for 16 learners

Eight pairs of chairs sharing access to eight laptops or eight PCs

A projector to display course Microsoft PowerPoint slides; projection screen as needed

Sufficient power for all equipment

For local labs, rack and floor space to locate all equipment

For remote lab delivery, access to the Internet for all learners and the instructor


Course Flow This is the suggested course schedule. You may make adjustments based on the skills, knowledge, and preferences of the learners in attendance. The presentation of all topics is optional for noncertification offerings, but you are encouraged to use them because they are designed to reinforce the lesson concepts and ensure that learners apply some of the concepts.

Day 1: Course Introduction, Small Network Implementation, and Medium-Sized Switched Network Construction

8:30–9:20 (0830–0920)

Course Introduction

9:30–10:20 (0930–1020)

Introducing the Review Lab

10:30–12:00 (1030–1200)

Lab 1-1: Implementing a Small Network (Review Lab)

12:00–1:00 (1200–1300)

Lunch

1:00–1:50 (1300–1350)

Implementing VLANs and Trunks

2:00–2:50 (1400–1450)

Implementing VLANs and Trunks (Cont.)

Improving Performance with Spanning Tree

3:00–3:50 (1500–1550)

Improving Performance with Spanning Tree (Cont.)

4:00–5:00 (1600–1700)

Routing Between VLANS

Securing the Expanded Network

5:00 (1700) Day ends

Day 2: Medium-Sized Switched Network Construction and Medium-Sized Routed Network Construction

8:00–8:30 (0800–0830)

Review of Day 1

8:30–9:20 (0830–0920)

Lab 2-1: Configuring Expanded Switched Networks

9:30–12:00 (0930–1200)

Lab 2-1: Configuring Expanded Switched Networks (Cont.)

12:00–1:00 (1200–1300)

Lunch

1:00–1:50 (1300–1350)

Troubleshooting Switched Networks

2:00–2:50 (1400–1450)

Lab 2-2: Troubleshooting Switched Networks

3:00–5:00 (1500–1700)

Reviewing Routing Operations

5:00 (1700) Day ends


Day 3: Medium-Sized Routed Network Construction, Single-Area OSPF Implementation, and EIGRP Implementation

8:00–8:30 (0800–0830)

Review of Day 2

8:30–9:20 (0830–0920)

Reviewing Routing Operations (Cont.)

Implementing VLSM

9:30–12:00 (0930–1200)

Implementing OSPF

12:00–1:00 (1200–1300)

Lunch

1:00–1:50 (1300–1350)

Lab 4-1: Implementing OSPF

2:00–2:50 (1400–1450)

Troubleshooting OSPF

3:00–5:00 (1500–1700)

Lab 4-2: Troubleshooting OSPF

Implementing EIGRP

5:00 (1700) Day ends

Day 4: EIGRP Implementation, Access Control Lists, and Address Space Management

8:00–8:30 (0800–0830)

Review of Day 3

8:30–9:20 (0830–0920)

Implementing EIGRP (Cont.)

Lab 5-1: Implementing EIGRP

9:30–12:00 (0930–1200)

Troubleshooting EIGRP

Lab 5-2: Troubleshooting EIGRP

12:00–1:00 (1200–1300)

Lunch

1:00–1:50 (1300–1350)

Introducing ACL Operation

Configuring and Troubleshooting ACLs

2:00–2:50 (1400–1450)

Lab 6-1: Implementing and Troubleshooting ACLs

3:00–5:00 (1500–1700)

Scaling the Network with NAT and PAT

Lab 7-1: Configuring NAT and PAT

5:00 (1700) Day ends

Day 5: Address Space Management and LAN Extension into a WAN

8:00–8:30 (0800–0830)

Review of Day 4

8:30–9:20 (0830–0920)

Transitioning to IPv6

9:30–10:20 (0930–1020)

Lab 7-2: Implementing IPv6

10:30–12:00 (1030–1200)

Introducing VPN Solutions

12:00–1:00 (1200–1300)

Lunch


1:00–1:50 (1300–1350)

Establishing a Point-to-Point WAN Connection with PPP

Establishing a WAN connection with Frame Relay

2:00–2:50 (1400–1450)

Lab 8-1: Establishing a Frame Relay WAN

3:00–4:30 (1500–1630)

Troubleshooting Frame Relay WANs

Lab 8-2: Troubleshooting Frame Relay WANs

4:30–5:00 (1630–1700)

Wrap-up

High-Level Course Outline This subtopic provides an overview of how the course is organized. The course contains these components:

Course Introduction

Small Network Implementation

Medium-Sized Switched Network Construction

Medium-Sized Routed Network Construction

Single-Area OSPF Implementation

EIGRP Implementation

Access Control Lists

Address Space Management

LAN Extension into a WAN

Detailed Course Outline This in-depth outline of the course structure lists each module, lesson, and topic.

Course Introduction The Course Introduction provides learners with the course objectives and prerequisite learner skills and knowledge. The Course Introduction presents the course flow diagram and the icons that are used in the course illustrations and figures. This course component also describes the curriculum for this course, providing learners with the information that they need to make decisions regarding their specific learning path.

Overview

— Learner Skills and Knowledge

Course Goal and Objectives

Course Flow

Additional References

— Cisco Glossary of Terms

Your Training Curriculum


Module 1: Small Network Implementation Upon completing this module, the learner will have reviewed how to configure and troubleshoot a small network.

Lesson 1: Introducing the Review Lab This lesson reviews how to configure a small network. Upon completing this lesson, the learner will be able to meet this objective:

Describe the functions of the CLI

Describe the configuration modes of the Cisco IOS Software

Describe the help facilities available in the Cisco IOS Software

Implement a basic switch and router configuration and ensure that they operate properly

The lesson includes these topics:

Cisco IOS CLI Functions

Configuration Modes of Cisco IOS Software

Help Facilities of the Cisco IOS CLI

Commands Review

The lesson includes this activity:



Module 2: Medium-Sized Switched Network Construction Upon completing this module, the learner will be able to expand a small-sized, switched LAN to a medium-sized LAN with multiple switches, supporting VLANs, trunking, and spanning tree.

Lesson 1: Implementing VLANs and Trunks This lesson defines how and when to implement and verify VLANs and trunking, and implement them on the network. Upon completing this lesson, the learner will be able to meet these objectives:

Define the purpose and function of VLANs on Cisco Catalyst switches

Define the purpose and function of IEEE 802.1Q trunking on Cisco Catalyst switches

Define the purpose and function of VTP on Cisco Catalyst switches

List the steps required to configured a normal-range VLAN that uses VTP and 802.1Q trunking


Understanding VLANs

Understanding Trunking with 802.1Q

Understanding VLAN Trunking Protocol

Configuring VLANs and Trunks

Lesson 2: Improving Performance with Spanning Tree This lesson describes situations in which spanning tree is used and how to implement it on the network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the methods that are used to create fast physical connections between switches in a redundant topology

Identify the potential issues of a redundant switched topology

Describe how spanning tree resolves issues of redundant switched networks

Configure RSTP, including the root switch and a backup root switch


Building a Redundant Switched Topology

Recognizing Issues of a Redundant Switched Topology

Resolving Issues with STP

Configuring RSTP

Lesson 3: Routing Between VLANs This lesson defines how to describe the application and configuration of inter-VLAN routing for a medium-sized routed network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the purpose of subinterfaces for inter-VLAN routing


Configure inter-VLAN routing using 802.1Q and an external router


Understanding Inter-VLAN Routing

Configuring Inter-VLAN Routing

Lesson 4: Securing the Expanded Network This lesson describes situations in which security is required at Layer 2, and implements it on the network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the security needs of the expanded network and the characteristics of an organizational security policy

Describe how to secure switch devices, including securing access to the switch and switch protocols, and mitigating compromises that are launched through a switch


Overview of Switch Security Concerns

Secure switch devices



Lesson 5: Troubleshooting Switched Networks This lesson defines how to identify an approach for troubleshooting and isolating common switched network problems and offer solutions. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the basic steps that are used to troubleshoot a switched network

Identify and resolve port connectivity issues

Identify and resolve VLAN and trunking issues

Identify and resolve VTP issues

Identify and resolve STP issues


Troubleshooting Switches

Troubleshooting Port Connectivity

Troubleshooting VLANs and Trunking

Troubleshooting VTP

Troubleshooting Spanning Tree




Module 3: Medium-Sized Routed Network Construction Upon completing this module, the learner will be able to describe routing concepts as they apply to a medium-sized network and discuss considerations when implementing routing on the network.

Lesson 1: Reviewing Routing Operations This lesson describes the application and limitations of dynamic routing for a medium-sized routed network. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the purpose and types of dynamic routing protocols

Describe the operation and implementation of distance vector routing protocols

Describe the operation and implementation of link-state routing protocols


Reviewing Dynamic Routing

Understanding Distance Vector Routing Protocols

Understanding Link-State Routing Protocols

Lesson 2: Implementing VLSM This lesson describes the operation of VLSM and classless interdomain routing (CIDR) on Cisco routers and explains how Cisco routers implement route summarization. Upon completing this lesson, the learner will be able to meet these objectives:

Review subnet mask calculation

Describe the purpose of a VLSM and calculate VLSM

Describe the route summarization process and how routers manage route summarization


Reviewing Subnets

Introducing VLSM

Summarizing Routes


Module 4: Single-Area OSPF Implementation Upon completing this module, the learner will be able to configure, verify, and troubleshoot OSPF.

Lesson 1: Implementing OSPF This lesson defines the operation and configuration of a single-area OSPF network, including load balancing and authentication. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features of OSPF

Describe how OSPF neighbor adjacencies are established

Describe the SPF algorithm that OSPF uses

Configure a single-area OSPF network

Configure a loopback interface to be used as the router ID

Verify a single-area OSPF network configuration

Use the OSPF debug commands to troubleshoot OSPF

Configure load balancing with OSPF

Configure authentication for OSPF


Introducing OSPF

Establishing OSPF Neighbor Adjacencies

SPF Algorithm

Configuring and Verifying OSPF

Loopback Interfaces

OSPF Configuration Verification

Using OSPF debug Commands

Load Balancing with OSPF

Authentication with OSPF




Lesson 2: Troubleshooting OSPF This lesson defines how to identify an approach for troubleshooting common OSPF problems and offer solutions. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the basic components of OSPF troubleshooting

Identify and resolve errors with OSPF neighbor adjacencies

Identify and resolve errors with OSPF routing tables

Identify and resolve authentication problems


Components of Troubleshooting OSPF

Troubleshooting OSPF Neighbor Adjacencies

Troubleshooting OSPF Routing Tables

Troubleshooting Plaintext Password Authentication




Module 5: EIGRP Implementation Upon completing this module, the learner will be able to configure, verify, and troubleshoot EIGRP.

Lesson 1: Implementing EIGRP This lesson defines the operation and configuration of EIGRP, including load balancing and authentication. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features of EIGRP

Configure and verify EIGRP

Configure load balancing with EIGRP

Configure MD5 authentication with EIGRP


Introducing EIGRP

Configuring and Verifying EIGRP

Load Balancing with EIGRP

EIGRP Authentication



Lesson 2: Troubleshooting EIGRP This lesson defines how to identify an approach for troubleshooting common EIGRP problems and offer solutions. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the basic components of troubleshooting a network that is running EIGRP

Identify and resolve EIGRP neighbor relationship issues

Identify and resolve EIGRP routing table issues

Identify and resolve EIGRP authentication


Components of Troubleshooting EIGRP

Troubleshooting EIGRP Neighbor Issues

Troubleshooting EIGRP Routing Tables

Troubleshooting EIGRP Authentication




Module 6: Access Control Lists Upon completing this module, the learner will be able to determine how to apply ACLs based on network requirements and configure, verify, and troubleshoot ACLs on a medium-sized network.

Lesson 1: Introducing ACL Operation This lesson defines the different types of IPv4 ACLs. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the purpose of ACLs and give examples of when to use them

Explain how inbound and outbound ACLs operate

Describe numbered and named, standard and extended IPv4 ACLs

Describe time-based, reflexive, and dynamic extended ACLs

Use wildcard masking to create IPv4 ACLs


Understanding ACLs

ACL Operation

Types of ACLs

Additional Types of ACLs

ACL Wildcard Masking

Lesson 2: Configuring and Troubleshooting ACLs This lesson defines how to configure and troubleshoot standard and extended, numbered and named IPv4 ACLs. Upon completing this lesson, the learner will be able to meet these objectives:

Configure and verify numbered standard IPv4 ACLs

Configure and verify numbered extended IPv4 ACLs

Configure and verify both standard and extended named IPv4 ACLs

Identify and resolve common ACL configuration errors


Configuring Numbered Standard IPv4 ACLs

Configuring Numbered Extended IPv4 ACLs

Configuring Named ACLs

Troubleshooting ACLs




Module 7: Address Space Management Upon completing this module, the learner will be able to describe when to use NAT or PAT on a medium-sized network and configure NAT or PAT on routers.

Lesson 1: Scaling the Network with NAT and PAT This lesson defines how to configure and verify static, dynamic, and overloading NAT and identify key show and debug command parameters that are required for troubleshooting. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features and benefits of NAT and PAT

Describe how to translate inside source addresses by using static and dynamic translation and configure NAT

Configure PAT by overloading an inside global address

Identify and resolve issues with the NAT translation table

Identify and resolve issues with using the correct translation entry


Introducing NAT and PAT

Translating Inside Source Addresses

Overloading an Inside Global Address

Resolving Translation Table Issues

Resolving Issues with Using the Correct Translation Entry




Lesson 2: Transitioning to IPv6 This lesson defines how to explain the format of IPv6 addresses and components that are required to run IPv6, explain the impact of IPv6 on network routing, and configure basic IPv6 parameters. Upon completing this lesson, the learner will be able to meet these objectives:

Explain the need for IPv6

Describe the format of the IPv6 address

Explain the methods that are used to assign an IPv6 address

Explain how IPv6 affects common routing protocols and the necessary modifications you need to make to these protocols

Explain transition strategies for implementing IPv6

Configure IPv6 with RIPng through an IPv4 network


Reasons for Using IPv6

Understanding the IPv6 Address

Assigning IPv6 Addresses

Routing Considerations with IPv6

Strategies for Implementing IPv6

Configuring IPv6




Module 8: LAN Extension into a WAN Upon completing this module, the learner will be able to identify and implement the appropriate WAN technology based on network requirements.

Lesson 1: Introducing VPN Solutions This lesson defines how to describe the uses of VPNs for site-to-site and remote-user access. You will learn about the benefits of VPN implementations and the underlying hardware, software, and protocols required to configure a VPN solution. Upon completing this lesson, the learner will be able to meet these objectives:

Define a VPN

Define the different types of and uses for VPNs

Describe the components of VPN

Describe IPsec and its components

Describe how encryption, integrity, and authentication are applied to the IPsec protocol suite


VPNs and Their Benefits

Types of VPNs

Components of VPNs

Introducing IPsec

IPsec Protocol Framework

Lesson 2: Establishing a Point-to-Point WAN Connection with PPP This lesson defines how to connect to a service provider over a network and describe the operation and configuration of PPP. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the types of encapsulation that are available on Cisco routers

Describe the features and functionality of PPP

Configure and verify PPP


Understanding WAN Encapsulations

Overview of PPP

Configuring and Verifying PPP


Lesson 3: Establishing a WAN Connection with Frame Relay This lesson defines how to connect to a service provider over a network and describe the operation and configuration of Frame Relay. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the features and functions of Frame Relay

Configure Frame Relay

Verify that Frame Relay is functioning as configured


Understanding Frame Relay

Configuring Frame Relay

Verifying Frame Relay



Lesson 4: Troubleshooting Frame Relay WANs This lesson defines how to identify an approach for troubleshooting common Frame Relay problems and offer solutions. Upon completing this lesson, the learner will be able to meet these objectives:

Describe the basic steps that are used to troubleshoot a Frame Relay WAN

Identify and resolve the most common Frame Relay connectivity issues


Components of Troubleshooting Frame Relay

Troubleshooting Frame Relay Connectivity Issues




Course Evaluations Cisco uses a post-course evaluation system, Metrics That Matter (MTM), for its instructor-led courses. The instructor must ensure that each learner is aware of the confidential evaluation process and that all learners submit an evaluation for each course. There are two options for learners to complete the evaluation.

For Classes with Internet Access A URL will be made available, specific to each Cisco Learning Partner. Obtain the URL from your MTM system administrator before the last day of class.

1. Upon completion of the course, instruct the learners to enter the URL into their browser.

2. Make sure that the learners input their e-mail address (used only for a follow-up evaluation).

Note Sixty days following a learning event, learners will receive a brief follow-up evaluation, and, again, responses will be kept confidential. E-mail addresses will not be used for marketing purposes. (If learners do not have e-mail addresses, they may type in a “dummy” address.)

3. Instruct the learners to select the appropriate course from the drop-down list.

4. Instruct the learners to complete the course evaluation and click Submit one time only.

5. Advise the learners to wait for “Thank you” to appear on the screen before leaving.

For Classes Without Internet Access A paper-based version of the post-course evaluation is available. Your MTM system administrator can provide you with copies.

1. Distribute paper-based evaluations at the beginning of the last day of class.

2. Instruct the learners to complete the survey only after completing the course.

3. Collect the evaluations and submit them to your MTM system administrator.

To View Evaluation Results To view your post-course evaluation results:

1. Go to www.metricsthatmatter.com/client. (Reminder: All data is confidential; you will see only your own data.)

2. Log in using your ID and the password sent to you from MTM or provided by your company MTM system administrator to ensure confidentiality.

3. Choose Menu Option – Learner Evaluation Reports:

— Evaluation Retrieval Tool

— Class Evaluation Summary Report

4. Search for and select the appropriate class.


Lab Setup

Overview The purpose of the “Lab Setup” section is to assist in the setup and configuration of the training equipment for Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 course. This section includes these topics:

Lab Topology

Hardware and Software Requirements

Workstation Configuration

Lab Equipment Configuration

General Lab Setup













Configuration Files Summary

Lab Activity Solutions

Teardown and Restoration


Lab Topology This topic describes the lab topology for Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0.

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—3

CCNA Lab Topology

Note The ICND2 course shares a common lab topology with the ICND1 course. However, the ICND1 course lab uses a third core switch (core switch C), which is not used in ICND2.


ICND2 Lab Configuration: CoreSwitchC Not Shown Example: Two out of Eight Total Workgroups


The ICND2 lab consists of eight workgroups, A through H, supporting 16 learners. A workgroup consists of a workgroup router (for example, RouterA), and a workgroup switch (for example, SwitchA). Each workgroup has connectivity to the core equipment (for example, CoreRouter, CoreSwitchA, and CoreSwitchB), which are managed by the instructor.

Due to lab design, lab activities will eventually require an even number of workgroups; workgroup A will collaborate with workgroup B, C with D, E with F, and G with H.

The IP addressing changes during the course. Check the addressing tables that accompany the corresponding lab activities.


Hardware and Software Requirements Hardware List

The hardware listed in the following table is suggested for supporting both the ICND1 and ICND2 course labs.

Description Mfr. Part Number Qty.

Learner Pod Equipment: 2 Learners Per Pod, 8 Pods Total Per Class

Cisco Catalyst 2960 Series Switch Cisco WS-2960-24TT-L 8

Cisco 2811 Integrated Services Router Cisco CISCO2811 8

2-Port Serial WIC Cisco WIC-2T 8

Cables DTE Cisco CAB-SS-X21MT 12

Cables DCE Cisco CAB-SS-X21FC 4

Microsoft Windows PC Varies N/A 8

Common Equipment: Supports 8 Pods, 1 Set Per Class (ICND 1 and 2)

Cisco Catalyst 2960 Series Switch (CoreSwitchA, CoreSwitchB, and CoreSwitchC)

Cisco WS-2960-24TT-L 3

Cisco 2811 Integrated Services Router (Core Router)

Cisco CISCO 2811 1

8-Port Asynchronous Serial Network Module Cisco NM-8A/S 1

Cables DCE Cisco CAB-X21FC 8

2-Port Serial WIC Cisco WIC-2T 1

Cables DTE Cisco CAB-SS-X21MT 1

Cables DCE Cisco CAB-SS-X21FC 1

Cisco 2811 Integrated Services Router (VPN or console server)

Cisco CISCO2811 1

16-Port Asynchronous Module Cisco NM-16A 1

Cables for NM-16A Cisco CAB-OCTAL-ASYNC 2

8-Port Asynchronous HWIC Cisco HWIC8A 1

High-density 8-port EIA-232 Async Cable Cisco CAB-HD-ASYNC 1

Other Required Equipment

A TFTP server is required to support local services.

Generic N/A 1


Software List The software listed in the following table is suggested for supporting both the ICND1 and ICND2 course labs.

Description Mfr. Part Number Qty.

Cisco IOS Release 12.2 on Cisco Catalyst switches

(C2960-LANBASEK9-M), Version 12.2(25)SEE2

Cisco TBD 1 per device

Cisco IOS Release 12.4 on Cisco Integrated Services Routers

(C2800NM-ADVIPSERVICESK9-M), Version 12.4(12)

Cisco TBD 1 per device

PCs: Windows 2000 or XP Microsoft N/A 1 per PC

PCs: Cisco VPN Client software Cisco N/A 8 (download from Cisco.com)

Wireshark Packet Sniffer Wireshark N/A 8 (on course CD)

PuTTY term emulator PuTTY N/A 8 (on course CD)

TFTP32

Go to http://tftpd32.jounin.net/ for more information

Jounin N/A


Lab Equipment Configuration This equipment configuration information is necessary for initial setup of the lab configuration.

Lab Cabling Workgroup Routers and Switches

Device Interface Device Interface Remarks

RouterA Fa0/0 SwitchA Fa0/2 ST

S0/0/0 CoreRouter S 1/0 DTE

S0/0/1 RouterB S 0/0/1 DTE

SwitchA Fa0/2 RouterA Fa0/0 ST

Fa0/11 CoreSwitchA Fa0/1 XO

Fa0/12 CoreSwitchB Fa0/1 XO

Router B Fa0/0 SwitchB Fa0/2 ST

S0/0/0 CoreRouter S1/1 DTE

S0/0/1 RouterA S0/0/1 DCE

SwitchB Fa0/2 RouterB Fa0/0 ST



RouterC Fa0/0 SwitchC Fa0/2 ST


S0/0/1 RouterD S0/0/1 DTE

SwitchC Fa0/2 RouterC Fa0/0 ST



RouterD Fa0/0 SwitchD Fa0/2 ST


S0/0/1 RouterC S0/0/1 DCE

SwitchD Fa0/2 RouterD Fa0/0 ST





RouterE Fa0/0 SwitchE Fa0/2 ST


S0/0/1 RouterF S0/0/1 DTE

SwitchE Fa0/2 RouterE Fa0/0 ST



RouterF Fa0/0 SwitchF Fa0/2 ST


S0/0/1 RouterE S0/0/1 DCE

SwitchF Fa0/2 RouterF Fa0/0 ST



RouterG Fa0/0 SwitchG Fa0/2 ST


S0/0/1 RouterH S0/0/1 DTE

SwitchG Fa0/2 RouterG Fa0/0 ST



RouterH Fa0/0 SwitchH Fa0/2 ST


S0/0/1 RouterG S0/0/1 DCE

SwitchH Fa0/2 RouterH Fa0/0 ST



ST = straight RJ-45; XO = cross-over RJ-45


Core SwitchAfc


Core switch A Fa0/1 SwitchA Fa0/11 XO

Fa0/2 SwitchB Fa0/11 XO

Fa0/3 SwitchC Fa0/11 XO

Fa0/4 SwitchD Fa0/11 XO

Fa0/5 SwitchE Fa0/11 XO

Fa0/6 SwitchF Fa0/11 XO

Fa0/7 SwitchG Fa0/11 XO

Fa0/8 SwitchH Fa0/11 XO

Fa0/9–fa0/12 Unused




Fa0/23 CoreRouter Fa0/0 ST

Fa0/24 TFTP ST

Gi0/1 Unused

Gi0/2 Unused

Core SwitchB


Core SwitchB Fa0/1 SwitchA Fa0/12 XO

Fa0/2 SwitchB Fa0/12 XO

Fa0/3 SwitchC Fa0/12 XO

Fa0/4 SwitchD Fa0/12 XO

Fa0/5 SwitchE Fa0/12 XO

Fa0/6 SwitchF Fa0/12 XO

Fa0/7 SwitchG Fa0/12 XO

Fa0/8 SwitchH Fa0/12 XO





Gi0/1 Unused

Gi0/2 Unused


Core Router/Frame Relay Switch


Core Router

Fa0/0 CoreSwitchA FA0/23 ST

S1/0 RouterA S0/0/0 DCE

S1/1 RouterB S0/0/0 DCE

S1/2 RouterC S0/0/0 DCE

S1/3 RouterD S0/0/0 DCE

S1/4 RouterE S0/0/0 DCE

S1/5 RouterF S0/0/0 DCE

S1/6 RouterG S0/0/0 DCE

S1/7 RouterH S0/0/0 DCE

S0/0/0 CoreRouter S0/0/1 Loopback DCE

S0/0/1 CoreRouter S0/0/0 Loopback DTE

TFTP Server Preparation Several labs require the use of a TFTP server. Configure the server with the address of 10.1.1.1/24 and default gateway of 10.1.1.3. Also, copy the following files into the TFTP root directory so they are available for download.

i2-corero1-dot1Q.txt i2-corero2-routing.txt

i2-corero3-frame.txt i2-coreswa1-no-trunk-to-wg.txt

i2-coreswa2-trunk-to-wg.txt i2-coreswa3-ports-to-wg-shut.txt

i2-coreswb1-ports-to-wg-shut.txt i2-coreswb2-trunk-to-wg.txt

i2-wg_ro-config-lab2-2.txt i2-wg_ro-config-lab4-2.txt

i2-wg_ro-config-lab6-1.txt i2-wg_ro-config-lab8-2.txt

i2-wg_sw-config-lab2-2.txt i2-wg_sw-config-lab6-1.txt

Terminal Server Preparation Several lab activities require learners to open multiple console connections simultaneously, for example, one session with the workgroup router and one session with the workgroup switch. Lab developers should ensure the remote lab equipment terminal server has an adequate number of vty lines available, the suggested minimum number of which is 18 to 20.


General Lab Setup This information details the procedure to set up and configure the lab equipment at the beginning of each class.

Step 1 Download the initial core configuration from the TFTP server into each of the startup-configuration of the core devices. The initial core configuration files are as follows:

Device Configuration File to Install

CoreRouter i2-corero1-dot1Q.txt

CoreSwitchA i2-coreswa1-no-trunk-to-wg.txt

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt

Workgroup routers or switches None

Note Learners will create their own initial workgroup configurations.

Step 2 Reload each core device.

Caution If your ICND2 course is sharing the lab topology that supports the ICND1 course, it is suggested that all ports on core SwitchC remain disabled for all ICND2 labs. CoreSwitchC is not used for any ICND2 labs.



This topic details the lab activity for Lab 1-1.

Objectives You will complete these tasks in this lab:

Return your workgroup switch and router to their default configurations

Configure your workgroup switch and router with their proper identities and IP addressing

Provide basic security with passwords and port security

Visual Objective The figure displays the lab topology that you will use to complete this lab.


Visual Objective 1-1: Implementing a Small Network (Review Lab)

WG Switch Routerfa0/0

A 10.1.1.10 10.1.1.11B 10.1.1.20 10.1.1.21 C 10.1.1.30 10.1.1.31D 10.1.1.40 10.1.1.41E 10.1.1.50 10.1.1.51F 10.1.1.60 10.1.1.61G 10.1.1.70 10.1.1.71H 10.1.1.80 10.1.1.81


Setup The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero1-dot1Q.txt See “General Lab Setup”

CoreSwitchA i2-coreswa1-no-trunk-to-wg.txt See “General Lab Setup”

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt See “General Lab Setup”

Workgroup routers and switches

None See “General Lab Setup”

Additional Setup Notes IP Addresses

Workgroup Workgroup Switch Name

Workgroup Router Name

SwitchX Port

CoreSwitchA Port

Workgroup Switch Interface

VLAN 1

(SwitchX)

Workgroup RouterFa0/0

Interface

(RouterX)

A SwitchA RouterA Fa0/11 Fa0/1 10.1.1.10/24 10.1.1.11/24

B SwitchB RouterB Fa0/11 Fa0/2 10.1.1.20/24 10.1.1.21/24

C SwitchC RouterC Fa0/11 Fa0/3 10.1.1.30/24 10.1.1.31/24

D SwitchD RouterD Fa0/11 Fa0/4 10.1.1.40/24 10.1.1.41/24

E SwitchE RouterE Fa0/11 Fa0/5 10.1.1.50/24 10.1.1.51/24

F SwitchF RouterF Fa0/11 Fa0/6 10.1.1.60/24 10.1.1.61/24

G SwitchG RouterG Fa0/11 Fa0/7 10.1.1.70/24 10.1.1.71/24

H SwitchH RouterH Fa0/11 Fa0/8 10.1.1.80/24 10.1.1.81/24

Instructor Notes In this lab, the learner removes any previous configuration from the workgroup router and switches and creates a basic workgroup router and switch configuration, which becomes the basis for all future labs.

The purpose of this lab is not to introduce new concepts to the learners but to review prerequisite concepts and commands the learners should understand prior to attending this course. The instructor should use this lab to gain the following information:

Gauge the prerequisite learner knowledge

Identify the topical strengths and weaknesses of the learners

Help determine learner workgroup partner pairings for future labs

The instructor will also provide the setup information to access the remote lab equipment.





Configure the switch to participate in a VTP domain and configure the switch for transparent mode

Configure trunking on a trunk port to provide access to a router on the network

Configure separate VLANs for separate logical networks

Enable RSTP and configure the root switch and backup root switch



Visual Objective 2-1: Configuring Expanded Switched Networks

Subnet VLAN Devices10.1.1.0 1 Core Switches, CoreRouter, SwitchX10.2.2.0 2 CoreRouter, RouterA 10.3.3.0 3 CoreRouter, RouterB10.4.4.0 4 CoreRouter, RouterC10.5.5.0 5 CoreRouter, RouterD10.6.6.0 6 CoreRouter, RouterE10.7.7.0 7 CoreRouter, RouterF10.8.8.0 8 CoreRouter, RouterG10.9.9.0 9 CoreRouter, RouterH




CoreRouter i2-corero1-dot1Q.txt This setup is the same as the previous lab.

CoreSwitchA i2-coreswa2-trunk-to-wg.txt Copy this configuration to the running configuration.

CoreSwitchBB i2-coreswb2-trunk-to-wg.txt Copy this configuration to the running configuration.

Instructor Notes If time permits, in optional Task 5, the learner configures a Per VLAN Rapid Spanning Tree (PVRST) primary and secondary root bridge with a partner workgroup. The instructor may assign this task to groups that finish the previous tasks and are waiting for the remainder of the class to complete the lab.


Lab 2-2: Troubleshooting Switched Networks This topic details the lab activity for Lab 2-2.

Objectives You will complete this task in this lab:

Discover switched network connectivity issues, follow troubleshooting guidelines to ascertain switched connectivity problems, and re-establish switched network connectivity



Visual Objective 2-2: Troubleshooting Switched Networks

WG Switch Routerfa0/0

A 10.1.1.10 10.2.2.12B 10.1.1.20 10.3.3.12 C 10.1.1.30 10.4.4.12D 10.1.1.40 10.5.5.12E 10.1.1.50 10.6.6.12F 10.1.1.60 10.7.7.12G 10.1.1.70 10.8.8.12H 10.1.1.80 10.9.9.12




CoreRouter i2-corero1-dot1Q.txt This setup is the same as the previous lab.

CoreSwitchA i2-coreswa2-trunk-to-wg.txt This setup is the same as the previous lab.

CoreSwitchB i2-coreswb2-trunk-to-wg.txt This setup is the same as the previous lab.

Workgroup routers i2-wg_ro-config-lab2-2.txt Learners download this configuration from the TFTP server as part of the lab.

It is used at end of lab activity to test whether the learners have troubleshot and fixed the problems correctly. It is simply a “congratulations” banner.

Workgroup switches i2-wg_sw-config-lab2-2.txt Learners download this configuration from the TFTP server as part of the lab.

Instructor Notes Learners will download a faulty configuration into their workgroup switches from the TFTP server and troubleshoot to correct the problems. The problems introduced are as follows:

A VLAN is missing from the VLAN database.

Trunking to the core is turned off and an incorrect trunking mode (dynamic desirable) is introduced.

A duplex mismatch with the core is configured.

Instructors should remind learners to refrain from simply issuing a show run command and comparing the problem configuration with the working baseline configuration. One of the objectives of the lab activity is for the learners to work on their troubleshooting skills by practicing using a variety of applicable show and debug commands.

After all of the learners have completed the lab activity, instructors will facilitate a debriefing that reviews the possible steps learners took to gather symptoms and isolate and correct problems. Instructors should encourage learners to complete the “Troubleshooting Steps” table in the “Job Aids” section of the lab as they troubleshoot and to reference the table during the debriefing process.


Lab 4-1: Implementing OSPF This topic details the lab activity for Lab 4-1.


Disable the LAN connections to the core

Enable the serial connections on a workgroup router

Configure OSPF on a workgroup router

Configure plaintext authentication for OSPF

Verify the correct operation and configuration of OSPF routing and OSPF plaintext authentication



Visual Objective 4-1: Implementing OSPF




CoreRouter i2-corero2-routing.txt Copy this configuration to the running configuration.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt Copy this configuration to the running configuration.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt Copy this configuration to the running configuration.


Workgroup Workgroup Switch

Interface VLAN 1

(SwitchX)


Interface

(RouterX)

Workgroup Router

Loopback 0 Interface

(RouterX)

Workgroup Router S0/0/0

Interface

(RouterX)


Interface

(RouterX)

Core Router Serial

Interface

(CoreRouter)

A 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.23.23.1/24 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.23.23.2/24 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.45.45.1/24 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.45.45.2/24 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.67.67.1/24 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.67.67.2/24 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.89.89.1/24 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.89.89.2/24 10.140.8.1/24

Instructor Notes With the implementation of OSPF plaintext authentication, instructors may find that learners have a partial OSPF neighbor table during the lab activity. To have a complete OSPF neighbor table, the local and peer routers must have successfully configured OSPF with authentication.


Lab 4-2: Troubleshooting OSPF This topic details the lab activity for Lab 4-2.


Discover OSPF network connectivity issues and follow troubleshooting guidelines to isolate and fix OSPF connectivity problems



Visual Objective 4-2: Troubleshooting OSPF



CoreRouter i2-corero2-routing.txt This setup is the same as the previous lab.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt This setup is the same as the previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt This setup is the same as the previous lab.

Workgroup routers i2-wg_ro-config-lab4-2.txt Learners download this file as part of the lab.




Interface VLAN 1

(SwitchX)


Interface

(RouterX)

Workgroup Router


(RouterX)


Interface

(RouterX)


Interface

(RouterX)

Core Router Serial

Interface

(CoreRouter)

A 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.23.23.1/24 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.23.23.2/24 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.45.45.1/24 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.45.45.2/24 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.67.67.1/24 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.67.67.2/24 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.89.89.1/24 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.89.89.2/24 10.140.8.1/24

Instructor Notes Learners will download a faulty configuration into their workgroup routers from the TFTP server and troubleshoot to correct the problems. The problems introduced are as follows:

An incorrect wildcard bit mask in the OSPF network statement

An incorrect OSPF authentication key configured with the CoreRouter

Instructors should remind learners to refrain from simply issuing a show run command and comparing the problem configuration with the working baseline configuration. One of the objectives of the lab activity is for the learners to work on their troubleshooting skills by practicing using a variety of applicable show and debug commands.



Lab 5-1: Implementing EIGRP This topic details the lab activity for Lab 5-1.


Configure EIGRP on the router

Configure MD5 authentication for EIGRP

Verify the correct operation and configuration of EIGRP routing using show commands, and verify the correct operation and configuration of EIGRP MD5 authentication

Debug the EIGRP neighbor processes



Visual Objective 5-1: Implementing EIGRP




CoreRouter i2-corero2-routing.txt The setup is the same as the previous lab.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt The setup is the same as the previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt The setup is the same as the previous lab.



Interface VLAN 1

(SwitchX)


Interface

(RouterX)

Workgroup Router


(RouterX)


Interface

(RouterX)


Interface

(RouterX)

Core Router Serial

Interface

(CoreRouter)

A 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.23.23.1/24 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.23.23.2/24 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.45.45.1/24 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.45.45.2/24 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.67.67.1/24 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.67.67.2/24 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.89.89.1/24 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.89.89.2/24 10.140.8.1/24

Instructor Notes With the implementation of EIGRP Message Digest 5 (MD5) authentication, instructors may find learners have a partial EIGRP neighbor table during the lab activity. A complete EIGRP neighbor table requires the local and peer routers to have successfully configured EIGRP with authentication.


Lab 5-2: Troubleshooting EIGRP This topic details the lab activity for Lab 5-2.


Discover EIGRP network connectivity issues and follow troubleshooting guidelines to isolate and fix EIGRP connectivity problems

Test EIGRP network connectivity



Visual Objective 5-2: Troubleshooting EIGRP








Workgroup Workgroup Router Fa0/0

Interface

(RouterX)

Workgroup Router


(RouterX)

Workgroup Router


(RouterX)


Interface

(RouterX)


Interface

(RouterX)

Core Router Serial

Interface

(CoreRouter)

A 10.2.2.3/24 192.168.1.65/28 172.16.2.1/24 10.140.1.2/24 10.23.23.1/24 10.140.1.1/24

B 10.3.3.3/24 192.168.1.81/28 172.16.3.1/24 10.140.2.2/24 10.23.23.2/24 10.140.2.1/24

C 10.4.4.3/24 192.168.2.65/28 172.16.4.1/24 10.140.3.2/24 10.45.45.1/24 10.140.3.1/24

D 10.5.5.3/24 192.168.2.81/28 172.16.5.1/24 10.140.4.2/24 10.45.45.2/24 10.140.4.1/24

E 10.6.6.3/24 192.168.3.65/28 172.16.6.1/24 10.140.5.2/24 10.67.67.1/24 10.140.5.1/24

F 10.7.7.3/24 192.168.3.81/28 172.16.7.1/24 10.140.6.2/24 10.67.67.2/24 10.140.6.1/24

G 10.8.8.3/24 192.168.4.65/28 172.16.8.1/24 10.140.7.2/24 10.89.89.1/24 10.140.7.1/24

H 10.9.9.3/24 192.168.4.81/28 172.16.9.1/24 10.140.8.2/24 10.89.89.2/24 10.140.8.1/24

Instructor Notes Learners will create a loopback interface in the 172.16.0.0 network causing a discontiguous network addressing scheme with the core loopback. To provide connectivity from their loopback network to the core loopback network, learners must configure EIGRP with the no auto-summary statement.

Instructors should remind learners to refrain from simply issuing a show run command and comparing the problem configuration with the working baseline configuration. One of the objectives of the lab activity is for learners to work on their troubleshooting skills by practicing using a variety of applicable show and debug commands.






Create an IP extended access list to block Telnet traffic, apply it to an interface, and verify its operation

Create an IP extended ACL to block TFTP requests from a workgroup

Troubleshoot to isolate and resolve an ACL problem



Visual Objective 6-1: Implementing and Troubleshooting ACLs

WG Router s0/0/0 Router fa0/0 Switch

A 10.140.1.2 10.2.2.3 10.2.2.11B 10.140.2.2 10.3.3.3 10.3.3.11C 10.140.3.2 10.4.4.3 10.4.4.11D 10.140.4.2 10.5.5.3 10.5.5.11E 10.140.5.2 10.6.6.3 10.6.6.11F 10.140.6.2 10.7.7.3 10.7.7.11G 10.140.7.2 10.8.8.3 10.8.8.11H 10.140.8.2 10.9.9.3 10.9.9.11







Workgroup routers i2-wg_ro-config-lab6-1.txt Learners will download this configuration as part of the lab.


Workgroup Workgroup Subnets

10.x.x.0/24

Workgroup Switch

Interface VLAN 1

(SwitchX)

Workgroup RouterFa0/0 Interface

(RouterX)

Workgroup Router


(RouterX)


Interface

(RouterX)

Core Router Serial

Interface

(CoreRouter)

A 10.2.2.0/24 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.140.1.1/24

B 10.3.3.0/24 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.140.2.1/24

C 10.4.4.0/24 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.140.3.1/24

D 10.5.5.0/24 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.140.4.1/24

E 10.6.6.0/24 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.140.5.1/24

F 10.7.7.0/24 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.140.6.1/24

G 10.8.8.0/24 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.140.7.1/24

H 10.9.9.0/24 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.140.8.1/24

Instructor Notes Learners will download a faulty configuration into their workgroup routers from the TFTP server and troubleshoot to correct the problem. The objective of the ACL is to deny TFTP traffic from the workgroup but allow all other traffic. The problem introduced is that the ACL allows all other UDP traffic rather than all other IP traffic.

When testing the effectiveness of the ACL, a learner will attempt to use TFTP to upload a configuration file from the TFTP server into the workgroup switch. If the TFTP is successful, meaning that the ACL failed, the workgroup switch will have a new banner displaying the message, “Your Access List Failed, Please Try Again!”


Lab 7-1: Configuring NAT and PAT This topic details the lab activity for Lab 7-1.


Configure inside and outside NAT interfaces and an IP ACL to permit hosts to use PAT

Use show commands to verify the NAT configuration



Visual Objective 7-1: Configuring NAT and PAT

WG Router s0/0/0 Router fa0/0 Switch

A 10.140.1.2 10.2.2.3 10.2.2.11B 10.140.2.2 10.3.3.3 10.3.3.11C 10.140.3.2 10.4.4.3 10.4.4.11D 10.140.4.2 10.5.5.3 10.5.5.11E 10.140.5.2 10.6.6.3 10.6.6.11F 10.140.6.2 10.7.7.3 10.7.7.11G 10.140.7.2 10.8.8.3 10.8.8.11H 10.140.8.2 10.9.9.3 10.9.9.11








Workgroup Workgroup Subnets

10.x.x.0/24

Workgroup Switch Interface

VLAN 1

(SwitchX)


Interface

(RouterX)

Workgroup Router


(RouterX)


Interface

(RouterX)

Core Router Serial

Interface

(CoreRouter)

A 10.2.2.0/24 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.140.1.1/24

B 10.3.3.0/24 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.140.2.1/24

C 10.4.4.0/24 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.140.3.1/24

D 10.5.5.0/24 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.140.4.1/24

E 10.6.6.0/24 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.140.5.1/24

F 10.7.7.0/24 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.140.6.1/24

G 10.8.8.0/24 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.140.7.1/24

H 10.9.9.0/24 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.140.8.1/24

Instructor Notes In order to test the NAT effectiveness of the workgroup router, ensure that the learner tests the configuration by executing a ping from the workgroup switch. If the ping is initiated from the workgroup router, the source address of the ping will not trigger the translation.


Lab 7-2: Implementing IPv6 This topic details the lab activity for Lab 7-2.


Determine how to allocate IPv6 addresses for the assigned routers, given an IPv6 numbering scheme and a prefix

Configure router interfaces for IPv6 and assign addresses

Configure RIP to support IPv6 and IPv6 addresses

Configure and verify a dual-stack router configuration



Visual Objective 7-2: Implementing IPv6







Instructor Notes Task 1 is an information-gathering exercise. The learner should not be configuring the router in this task but, instead, complete a worksheet identifying the IPv6 addresses that will be used to configure the router in subsequent tasks.

To better understand the different methods of assigning IPv6 addresses, the learner is asked to use both a fully defined 128-bit IPv6 address on one interface and an IPv6 address that uses the EUI-64 interface identifier method on a second interface.


Lab 8-1: Establishing a Frame Relay WAN This topic details the lab activity for Lab 8-1.


Configure a serial interface to use Frame Relay encapsulation

Verify the Frame Relay connection using show and ping commands

Configure the debug frame-relay lmi command and interpret the output

Configure a router subinterface and associate it with a specific DLCI



Visual Objective 8-1: Establishing a Frame Relay WAN

WG Router s0/0/0

A 10.140.1.2B 10.140.2.2C 10.140.3.2D 10.140.4.2E 10.140.5.2F 10.140.6.2G 10.140.7.2H 10.140.8.2




CoreRouter i2-corero3-frame.txt Copy this configuration to the running-configuration.




Workgroup Workgroup Switch Interface

VLAN 1

(SwitchX)

Workgroup Router Fa0/0

Interface

(RouterX)


Interface

(RouterX)

Local DLCI Identifying

PVC to Core

Core Router Serial

Interface

(CoreRouter)

A 10.2.2.11/24 10.2.2.3/24 10.140.1.2/24 100 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 10.140.2.2/24 110 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 10.140.3.2/24 120 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 10.140.4.2/24 130 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 10.140.5.2/24 140 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 10.140.6.2/24 150 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 10.140.7.2/24 160 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 10.140.8.2/24 170 10.140.8.1/24

Instructor Notes Learners will create a Frame Relay connection to the CoreRouter using the workgroup router physical serial interface, tear it down, and then re-create the Frame Relay connection to the core router using a point-to-point subinterface. Occasionally, the interface status remains down, and rebooting the workgroup router appears to be the only fix.

In order to relearn remote networks through the Frame Relay subinterface via EIGRP, the lab reminds the learner to reconfigure EIGRP authentication on the subinterface.


Lab 8-2: Troubleshooting Frame Relay WANs This topic details the lab activity for Lab 8-2.


Discover Frame Relay network connectivity issues and follow troubleshooting guidelines to determine and fix frame relay connectivity problems



Visual Objective 8-2: Troubleshooting Frame Relay WANs

WG Router s0/0/0

A 10.140.1.2B 10.140.2.2C 10.140.3.2D 10.140.4.2E 10.140.5.2F 10.140.6.2G 10.140.7.2H 10.140.8.2




CoreRouter i2-corero3-frame.txt The setup is the same as the previous lab.



Workgroup routers i2-wg_ro-config-lab8-2.txt Learners download this file as part of the lab.


Workgroup Workgroup Switch Interface

VLAN 1

(SwitchX)


Interface

(RouterX)


Interface

(RouterX)

Local DLCI Identifying

PVC to Core

Core Router Serial

Interface

(CoreRouter)

A 10.2.2.11/24 10.2.2.3/24 10.140.1.2/24 100 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 10.140.2.2/24 110 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 10.140.3.2/24 120 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 10.140.4.2/24 130 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 10.140.5.2/24 140 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 10.140.6.2/24 150 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 10.140.7.2/24 160 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 10.140.8.2/24 170 10.140.8.1/24

Instructor Notes Learners will download a faulty configuration into their workgroup routers from the TFTP server and troubleshoot to correct the problems. The problem introduced is that an incorrect Frame Relay DLCI is configured.

Instructors should remind learners to refrain from simply issuing a show run command and comparing the problem configuration with the working baseline configuration. One of the objectives of the lab activity is for learners to work on their troubleshooting skills by practicing using a variety of applicable show and debug commands.



Configuration Files Summary This topic details the course configuration files, which provide information about the starting condition of each lab.

Configuration Filename Comments

i2-corero1-dot1Q.txt The “switching labs” configuration for the core router. The core router is configured as a router-on-a-stick. The Fast Ethernet interface is configured with subinterfaces and 802.1Q trunking. All serial interfaces are shut down.

i2-corero2-routing.txt The “routing labs” configuration for the core router. All subinterfaces are removed from the Fast Ethernet interface. The serial interfaces are enabled for HDLC connectivity to the workgroups. OSPF and EIGRP are enabled and configured for authentication.

i2-corero3-frame.txt The “frame relay labs” configuration for the core router. The core router is configured to also be a Frame Relay switch. The serial interfaces are enabled for Frame Relay connectivity to the workgroups EIGRP remains configured for authentication.

i2-coreswa1-no-trunk-to-wg.txt The initial CoreSwitchA configuration. There is no trunking to the workgroups. PVRST is the enabled spanning-tree protocol.

i2-coreswa2-trunk-to-wg.txt The trunked configuration for CoreSwitchA. All ports to the workgroups are trunked. Fa0/13 and fa0/14 are an EtherChannel bundle trunked between the core switches. Fa0/23 is trunked to the CoreRouter for a router-on-a-stick configuration. PVRST is the enabled spanning-tree protocol and CoreSwitchA is configured to be the root bridge for all learner VLANs.

i2-coreswa3-ports-to-wg-shut.txt The “routing labs” configuration for CoreSwitchA. All ports to the workgroups are shut down. All workgroup connectivity to the core must come through the core router.

i2-coreswb1-ports-to-wg-shut.txt All ports to the workgroups are shut down. All workgroup connectivity to the core must come through core switch A for the switching labs or the core router for the routing labs.

i2-coreswb2-trunk-to-wg.txt The trunked configuration for CoreSwitchB. All ports to the workgroups are trunked. Fa0/13 and fa0/14 are an EtherChannel bundle trunked between the core switches. PVRST is the enabled spanning-tree protocol and CoreSwitchB is configured to be the secondary root bridge for all learner VLANs.

i2-wg_ro-config-lab2-2.txt Downloaded by the learners from the TFTP server as part of the lab: Used at end of the lab activity to test whether the learners have troubleshot and fixed the problems correctly. It is simply a “congratulations” banner.


i2-wg_ro-config-lab4-2.txt Learners will download this faulty configuration into their workgroup routers from the TFTP server and troubleshoot to correct the problems. The problems introduced are as follows:

An incorrect wildcard bit mask in the OSPF network statement

An incorrect OSPF authentication key configured with the CoreRouter

i2-wg_ro-config-lab6-1.txt Learners will download this faulty configuration into their workgroup routers from the TFTP server and troubleshoot to correct the problem. The objective of the ACL is to deny TFTP traffic from the workgroup but allow all other traffic. The problem introduced is that the ACL allows all other UDP traffic rather than all other IP traffic.

i2-wg_ro-config-lab8-2.txt Learners will download this faulty configuration into their workgroup routers from the TFTP server and troubleshoot to correct the problems. The problem introduced is that an incorrect Frame Relay DLCI number is configured.

i2-wg_sw-config-lab2-2.txt Learners will download this faulty configuration into their workgroup switches from the TFTP server and troubleshoot to correct the problems. The problems introduced are as follows:

A VLAN is missing from the VLAN database.

The trunking to the core is turned off and an incorrect trunking mode (dynamic desirable) is introduced.

A duplex mismatch with the core is configured.

i2-wg_sw-config-lab6-1.txt When testing the effectiveness of the ACL, a learner will attempt to use TFTP to download this configuration file from the TFTP server into the workgroup switch. If the TFTP is successful, meaning that the ACL failed, the workgroup switch will have a new banner displaying the message, “Your Access List Failed, Please Try Again!”


Lab Activity Solutions This section presents the solutions to the practice activities.

Lab Activity 1-1: Implementing the Small Network (Review Lab) Workgroup Switch Configuration

When you complete this lab activity, your workgroup switch configuration will be similar to the following, with differences that are specific to your workgroup: version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SwitchX ! enable secret 5 $1$DbHt$Zq1t4P2kmfMGUeZSRRy0g0 ! no aaa new-model ip subnet-zero ! ! ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 ! interface FastEthernet0/2 description To RouterX Fa0/0 switchport mode access switchport port-security switchport port-security mac-address xxxx.xxxx.xxxx ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 description Connected to CoreSwitchA speed 100 duplex full !


interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.1.1.X 255.255.255.0 no ip route-cache ! ip default-gateway 10.1.1.3 ip http server ip http secure-server ! control-plane ! banner motd ^C Authorized access only. Unauthorized users disconnect.^C ! line con 0 password cisco logging synchronous login line vty 0 4 password sanjose login line vty 5 15 no login ! end

Workgroup Router Configuration When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX !


boot-start-marker boot-end-marker ! enable secret 5 $1$HNdR$hOG1GhzoNoHMEgZQU21mo1 ! no aaa new-model ! ! ip cef ! ! ! ! voice-card 0 no dspfarm ! interface FastEthernet0/0 description To SwitchX Fa0/2 ip address 10.1.1.X 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 no ip address shutdown ! ! ! ip http server no ip http secure-server ! ! ! ! ! control-plane ! banner motd ^C Authorized access only. Unauthorized users disconnect.^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose login ! scheduler allocate 20000 1000 ! end


Lab Activity 2-1: Configuring Expanded Switched Networks Workgroup SwitchConfiguration

When you complete this lab activity, your workgroup SwitchConfiguration will be similar to the following, with differences that are specific to your workgroup: version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SwitchX ! enable secret 5 $1$.9i2$TbVkDQfzCgf/CeFNEKMm9/ ! no aaa new-model vtp domain ICND vtp mode transparent ip subnet-zero ! no file verify auto ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan X0 priority 24576 spanning-tree vlan X0 priority 28672 ! vlan internal allocation policy ascending ! vlan X,X0,X0 ! interface FastEthernet0/1 ! interface FastEthernet0/2 description To RouterX Fa0/0 spanning-tree portfast switchport access vlan X switchport mode access switchport port-security switchport port-security mac-address xxxx.xxxx.xxxx ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 description port connected to CoreSwitchA switchport mode trunk speed 100 duplex full ! interface FastEthernet0/12 description port connected to CoreSwitchB


switchport mode trunk speed 100 duplex full ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 description Management VLAN interface ip address 10.1.1.X 255.255.255.0 no ip route-cache ! ip default-gateway 10.1.1.3 ip http server ip http secure-server ! control-plane ! banner motd ^C Authorized Access Only! ^C ! line con 0 password cisco logging synchronous login line vty 0 4 password sanjose login line vty 5 15 no login ! end

Workgroup Router Configuration When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec


no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$HNdR$hOG1GhzoNoHMEgZQU21mo1 ! no aaa new-model ! ! ip cef ! ! ! ! voice-card 0 no dspfarm ! interface FastEthernet0/0 description To SwitchX Fa0/2 ip address 10.X.X.12 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 no ip address shutdown ! ip route 0.0.0.0 0.0.0.0 10.X.X.3 ! ! ip http server no ip http secure-server ! ! ! ! ! control-plane ! banner motd ^C Authorized access only. Unauthorized users disconnect.^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose login ! scheduler allocate 20000 1000 ! end


Lab Activity 2-2: Troubleshooting Switched Networks Workgroup Switch Configuration

When you complete this lab activity, your workgroup switch configuration will be similar to the following, with differences that are specific to your workgroup: version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SwitchX ! enable secret 5 $1$.9i2$TbVkDQfzCgf/CeFNEKMm9/ ! no aaa new-model vtp domain ICND vtp mode transparent ip subnet-zero ! no file verify auto ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan X0 priority 24576 spanning-tree vlan X0 priority 28672 ! vlan internal allocation policy ascending ! vlan X,X0,X0 ! interface FastEthernet0/1 ! interface FastEthernet0/2 description To RouterX Fa0/0 spanning-tree portfast switchport access vlan X switchport mode access switchport port-security switchport port-security mac-address xxxx.xxxx.xxxx ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 description port connected to CoreSwitchA switchport mode trunk speed 100 duplex full ! interface FastEthernet0/12 description port connected to CoreSwitchB


switchport mode trunk shutdown speed 100 duplex full ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 description Management VLAN interface ip address 10.1.1.X 255.255.255.0 no ip route-cache ! ip default-gateway 10.1.1.3 ip http server ip http secure-server ! control-plane ! banner motd ^C *************************************************************** wg_sw-config-lab2-2 **************************************************************** ^C ! line con 0 password cisco logging synchronous login line vty 0 4 password sanjose login line vty 5 15 no login


! end

Workgroup Router Configuration When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.12 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 no ip address shutdown ! ip route 0.0.0.0 0.0.0.0 10.X.X.3 ! ! ip http server no ip http secure-server ! control-plane ! banner motd ^C ******************************************************************** wg_ro-config-lab2-2 *******************************************************************


^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 4-1: Implementing OSPF Workgroup Switch Configuration

When you complete this lab activity, your workgroup switch configuration will be similar to the following, with differences that are specific to your workgroup: version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SwitchX ! enable secret 5 $1$.9i2$TbVkDQfzCgf/CeFNEKMm9/ ! no aaa new-model vtp domain ICND vtp mode transparent ip subnet-zero ! no file verify auto ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan X0 priority 24576 spanning-tree vlan X0 priority 28672 ! vlan internal allocation policy ascending ! vlan X,X0,X0 ! interface FastEthernet0/1 ! interface FastEthernet0/2 description To RouterX Fa0/0 spanning-tree portfast switchport mode access switchport port-security switchport port-security mac-address xxxx.xxxx.xxxx ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5


! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 description port connected to CoreSwitchA switchport mode trunk shutdown speed 100 duplex full ! interface FastEthernet0/12 description port connected to CoreSwitchB switchport mode trunk shutdown speed 100 duplex full ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 description Management VLAN interface ip address 10.X.X.11 255.255.255.0 no ip route-cache ! ip default-gateway 10.X.X.3 ip http server ip http secure-server ! control-plane ! banner motd ^C


***************************************************************** wg_sw-config-lab2-2 ***************************************************************** ^C ! line con 0 password cisco logging synchronous login line vty 0 4 password sanjose login line vty 5 15 no login ! end

Workgroup Router Configuration When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0


ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip ospf authentication ip ospf authentication-key san-fran ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! control-plane ! banner motd ^C ******************************************************************** wg_ro-config-lab2-2 ******************************************************************** ^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 4-2: Troubleshooting OSPF Workgroup Router Configuration

When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker !


enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip ospf authentication ip ospf authentication-key san-fran ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! control-plane ! banner motd ^C *********************************************************************** wg_ro-config-lab4-2 *********************************************************************** ^C ! line con 0 password cisco logging synchronous login


line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 5-1: Implementing EIGRP Workgroup Router Configuration

When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran


! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! router eigrp 100 network 10.0.0.0 network 192.168.X.0 auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! control-plane ! banner motd ^C ****************************************************************** wg_ro-config-lab4-2 ****************************************************************** ^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 5-2: Troubleshooting EIGRP Workgroup Router Configuration

When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption


! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 no auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0


! ip http server no ip http secure-server ! control-plane ! banner motd ^C *************************************************************** wg_ro-config-lab4-2 *************************************************************** ^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 6-1: Implementing and Troubleshooting ACLs Workgroup Router Configuration

When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1


key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip access-group 101 in ip access-group 175 out ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ! ! ip http server no ip http secure-server ! access-list 101 deny tcp any any eq telnet access-list 101 permit ip any any access-list 175 deny udp any any eq tftp access-list 175 permit ip any any ! control-plane ! banner motd ^C


*************************************************************** wg_ro-config-lab6-1 ************************************************************** ^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end ================

OR

============== ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip access-group KILLTELNET in ip access-group 175 out ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! ! ip access-list extended KILLTELNET deny tcp any any eq telnet permit ip any any !

Lab Activity 7-1: Configuring NAT and PAT Workgroup Router Configuration

When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model


! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip nat outside ip virtual-reassembly ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ip nat inside source list 1 interface Serial0/0/0 overload


! access-list 1 permit 10.X.X.0 0.0.0.255 ! control-plane ! banner motd ^C ****************************************************************** wg_ro-config-lab6-1 ******************************************************************* ^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 7-2: Implementing IPv6 Workgroup Router Configuration

When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$HNdR$hOG1GhzoNoHMEgZQU21mo1 ! no aaa new-model ! ! ip cef ! ! ! ipv6 unicast-routing ! voice-card 0 no dspfarm ! !


key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.252 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface Loopback2 ip address 10.XXX.XXX.1 255.255.255.0 ipv6 address 2001:410:4:8::/64 eui-64 ipv6 rip cisco enable ! interface FastEthernet0/0 description To SwtichX Fa0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ipv6 address 2001:410:4:10::/65 eui-64 ipv6 rip cisco enable ! router eigrp 100 network 10.0.0.0 network 192.168.X.0 auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.XX 0.0.0.0 area 0 ! ! ! ip http server no ip http secure-server ! ipv6 router rip cisco ! control-plane ! banner motd ^C


****************************************************************** wg_ro-config-lab6-1 ******************************************************************* ^C ! banner motd ^C Authorized access only. Unauthorized users disconnect.^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose login ! scheduler allocate 20000 1000 ! end

Lab Activity 8-1: Establishing a Frame Relay WAN Workgroup Router Configuration

When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1


ip address 172.16.X.1 255.255.255.0 ! interface Loopback2 ip address 10.XXX.XXX.1 255.255.255.0 ipv6 address 2001:410:4:8::/64 eui-64 ipv6 rip cisco enable ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 no ip address encapsulation frame-relay ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/0.1 point-to-point ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain frame-relay interface-dlci 120 ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 no auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! access-list 1 permit 10.X.X.0 0.0.0.255 ! control-plane ! banner motd ^C ****************************************************************


wg_ro-config-lab6-1 ********************************************************** ^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 8-2: Troubleshooting Frame Relay WANs Workgroup Router Configuration

When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface Loopback2 ip address 10.XXX.XXX.1 255.255.255.0 ipv6 address 2001:410:4:8::/64 eui-64 ipv6 rip cisco enable


! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 no ip address encapsulation frame-relay IETF ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/0.1 point-to-point ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain frame-relay interface-dlci 120 ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 no auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! access-list 1 permit 20.4.4.0 0.0.0.255 ! control-plane ! banner motd ^C ********************************************************************** wg_ro-config-lab8-2 **********************************************************************


^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 !

end

Teardown and Restoration This topic describes how to tear down and restore the equipment that is used in the course.

Step 1 Erase the startup configuration of each of the core devices.

Step 2 Reload each of the core devices.

Step 3 Verify that all of the core devices reload and that the initial prompt appears.


Course Delta Information This document provides a summary of the differences between Interconnecting Cisco Network Devices (ICND) v2.3 and Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0.

Executive Summary Overview

ICND2 content is a minor revision of the ICND v2.3 content, with these new developments:

The foundational, conceptual content of WAN, RIP2, and the PPP lab section are moved to ICND1.

The “verify” tasks are expanded in lecture and labs in topics such as EIGRP and OSPF to serve the following purposes:

— Explain more of the commands used to verify the configuration

— Interpret output

— Extend troubleshooting tasks from those performed during installation to those performed during regular operations

Course Objectives This table provides a comparison between the previous course objectives and the updated course objectives.

ICND v2.3 (previous) ICND2 v1.0 (updated)

Course Introduction Course Introduction

Module 1: Configure a Catalyst Switch for Basic Operations

Module 1: Review how to configure and troubleshoot a small network

Module 2: Improve the Scalability, Interoperability, and Throughput by Implementing VLANs

Module 2: Expand a small-sized, switched LAN to a medium-sized LAN with multiple switches, supporting VLANs, trunking, and spanning tree

Module 3: Configure and Troubleshoot RIP, IGRP, EIGRP, and OSPF

Module 3: Describe routing concepts as they apply to a medium-sized network and discuss considerations when implementing routing on the network

Module 4: Configure Different Types of IP ACLs in Order to Manage IP Traffic

Module 4: Configure, verify, and troubleshoot OSPF

Module 5: Establish a Serial Point-to-Point connection using PPP and HDLC

Module 5: Configure, verify, and troubleshoot EIGRP

Module 6: Configure Frame Relay Module 6: Determine how to apply ACLs based on network requirements and configure, verify, and troubleshoot ACLs on a medium-sized network

Module 7: Configure DDR between two routers with BRI or PRI

Module 7: Configure NAT or PAT on routers, explain IPv6 addressing, and configure IPv6 on a Cisco router

— Module 8: Identify and implement the appropriate WAN technology based on network requirements


Module Content Comparison This table provides a high-level summary of changes for each module.

ICND v2.3 (previous) ICND2 v1.0 (updated) Changes/Reason

— Module 1: Small Network Implementation

Module 1 is a review module in which learners use the concepts and commands taught in the ICND1 course to create a basic configuration, which becomes the basis for all future labs.

Module 1: Configuring Catalyst Switch Operations

Module 2: Extending Switched Networks with Virtual LANs

Module 2: Medium-Sized Switched Network Construction

Module 2 combines the content of ICND v2.3 modules 1 and 2.

Additions:

Voice VLANs (basics)

EtherChannel (basics)

PVRST with multiple root bridges

Switched network troubleshooting lesson and lab

Deletions:

ISL Trunking

Module 3: Medium-Sized Routed Network Construction

ICND v2.3 module 3 was broken into three modules in ICND2, modules 3, 4, and 5.

Deletions:

Static routing

RIP/IGRP discussion and labs

Module 4: Single-Area OSPF Implementation

Additions:

OSPF Load balancing

OSPF Authentication

OSPF Troubleshooting lesson and lab

Module 3: Determining IP Routes

Module 5: EIGRP Implementation

Additions:

EIGRP Load balancing

EIGRP Authentication

EIGRP Troubleshooting lesson and lab

Module 6: Access Control Lists

ICND v2.3 module 4 was broken into two modules in ICND2, modules 6 and 7.

Additions:

Dynamic, Reflexive, Time-Based ACLs

ACL Sequence numbers

ACL Comments

ACL Troubleshooting discussion and lab

Module 4: Managing IP Traffic with ACLs

Module 7: Address Space Management

Additions:

NAT troubleshooting discussion

Transitioning to IPv6 lesson and lab


ICND v2.3 (previous) ICND2 v1.0 (updated) Changes/Reason

Module 5: Establishing Serial Point-to-Point Connections

Module 6: Establishing Frame Relay Connections

Module 8: LAN Extension into a WAN

Module 8 combines the content of ICND v2.3 modules 5 and 6

Additions:

VPN solutions lesson

Frame Relay troubleshooting lesson and lab

Deletions:

PPP lab

ISDN discussion and lab

Module 7: Completing ISDN Calls

— —

Lesson and Lab Activity Objectives This table provides a comparison of the lesson and lab activity objectives for each module.

Module Lesson Topic Delta Source

0 0 Course Introduction

Overview MIN ICND v2.3

Course Goal and Objectives MIN ICND v2.3

Course Flow MIN ICND v2.3

Additional References MIN ICND v2.3

Your Training Curriculum MIN ICND v2.3

1 0 Small Network Implementation

1 1 Introducing the Review Lab

Overview MAJ INTRO v2.1

CLI Functions of Cisco IOS Software MAJ INTRO v2.1

Configuration Modes of Cisco IOS Software MAJ INTRO v2.1

Help Facilities in the Cisco IOS CLI MAJ INTRO v2.1

Commands Review MAJ INTRO v2.1

1 Lab 1-1 Implementing a Small Network (Review Lab) NEW New

2 0 Medium-Sized Switched Network Construction

2 1 Implementing VLANs and Trunks


Understanding VLANs MIN ICND v2.3

Understanding Trunking with 802.1Q MIN ICND v2.3

Understanding VLAN Trunking Protocol MIN ICND v2.3

Configuring VLANs and Trunks MIN ICND v2.3



2 2 Improving Performance with Spanning Tree


Building a Redundant Switched Topology MIN ICND v2.3

Recognizing Issues of a Redundant Switched Topology MIN ICND v2.3

Resolving Issues with STP MIN ICND v2.3

Configuring RSTP MAJ BCMSN v3.0

2 3 Understanding Inter-VLAN Routing MIN ICND v2.3


Understanding Inter-VLAN Routing MIN ICND v2.3

Configuring Inter-VLAN Routing MIN ICND v2.3

2 4 Securing the Expanded Network MIN ICND v2.3


Overview of Switch Security Concerns MIN ICND v2.3

Securing SwitchDevices MIN ICND v2.3

2 5 Troubleshooting Switched Networks

Overview NEW New

Troubleshooting Switches NEW New

Troubleshooting Port Connectivity NEW New

Troubleshooting VLANs and Trunking NEW New

Troubleshooting VTP NEW New

Troubleshooting Spanning Tree NEW New

2 Lab 2-1 Configuring Expanded Switched Networks MIN ICND v2.3

2 Lab 2-2 Troubleshooting Switched Networks NEW New

3 0 Medium-Sized Routed Network Construction

3 1 Reviewing Routing Operations


Reviewing Dynamic Routing MIN ICND v2.3

Understanding Distance Vector Routing Protocols MIN ICND v2.3

Understanding Link-State Routing Protocols MIN ICND v2.3

3 2 Implementing VLSM

Overview MAJ INTRO v2.1

Reviewing Subnet MAJ INTRO v2.1

Introducing VLSMs MAJ ICND v2.3

Summarizing Routes MAJ ICND v2.3



4 0 Single-Area OSPF Implementation

4 1 Implementing OSPF


Introducing OSPF MIN ICND v2.3

SPF Algorithm MIN ICND v2.3

Configuring and Verifying OSPF MIN ICND v2.3

Loopback Interfaces MIN ICND v2.3

Verifying OSPF Configuration MIN ICND v2.3

Using OSPF debug Commands MIN ICND v2.3

Load Balancing with OSPF MAJ BSCI v3.0

Authentication with OSPF MAJ BSCI v3.0

4 2 Troubleshooting OSPF

Overview NEW New

Components of Troubleshooting OSPF NEW New

Troubleshooting OSPF Neighbor Adjacencies NEW New

Troubleshooting OSPF Routing Tables NEW New

Troubleshooting OSPF Plaintext Password Authentication

NEW New

4 Lab 4-1 Implementing OSPF MIN ICND v2.3

4 Lab 4-2 Troubleshooting OSPF NEW New

5 0 EIGRP Implementation

5 1 Implementing EIGRP


Introducing EIGRP MIN ICND v2.3

Configuring and Verifying EIGRP MIN ICND v2.3

Load Balancing with EIGRP MAJ BSCI v3.0

Authentication with EIGRP MAJ BSCI v3.0

5 2 Troubleshooting EIGRP

Overview NEW New

Components of Troubleshooting EIGRP NEW New

Troubleshooting EIGRP Neighbor Issues NEW New

Troubleshooting EIGRP Routing Tables NEW New

Troubleshooting EIGRP Authentication NEW New

5 Lab 5-1 Implementing EIGRP MIN ICND v2.3

5 Lab 5-2 Troubleshooting EIGRP NEW New



6 0 Access Control Lists

6 1 Introducing ACL Operation


Understanding ACLs MIN ICND v2.3

ACL Operation MIN ICND v2.3

Types of ACLs MAJ ICND v2.3

Additional Types of ACLs NEW New

ACL Wildcard Masking MIN ICND v2.3

6 2 Configuring and Troubleshooting ACLs


Configuring Numbered Standard IPv4 ACLs MIN ICND v2.3

Configuring Numbered Extended IPv4 ACLs MIN ICND v2.3

Configuring Named ACLs MAJ ICND v2.3

Troubleshooting ACLs NEW New

6 Lab 6-1 Implementing and Troubleshooting ACLs ICND v2.3

7 0 Address Space Management

7 1 Scaling the Network with NAT and PAT


Introducing NAT and PAT MIN ICND v2.3

Translating Inside Source Addresses MIN ICND v2.3

Overloading an Inside Global Address MIN ICND v2.3

Resolving Translation Table Issues NEW New

Resolving Issues by Using the Correct Translation Entry NEW New

7 2 Transitioning to IPv6

Overview MAJ BSCI v3.0

Reasons for Using IPv6? MAJ BSCI v3.0

Understanding IPv6 Addresses MAJ BSCI v3.0

Assigning IPv6 Addresses MAJ BSCI v3.0

Routing Considerations with IPv6 MAJ BSCI v3.0

Strategies for Implementing IPv6 MAJ BSCI v3.0

Configuring IPv6 MAJ BSCI v3.0

7 Lab 7-1 Configuring NAT and PAT MIN ICND v2.3

7 Lab 7-2 Implementing IPv6 MAJ BSCI v3.0



8 0 LAN Extension into a WAN

8 1 Introducing VPN Solutions

Overview MAJ CSVPN v4.0

VPNs and Their Benefits MAJ CSVPN v4.0

Types of VPNs MAJ CSVPN v4.0

Components of VPNs MAJ CSVPN v4.0

Introducing IPsec MAJ CSVPN v4.0

IPsec Protocol Framework MAJ CSVPN v4.0

8 2 Establishing a Point-to-Point WAN Connection with PPP


Understanding WAN Encapsulations MIN ICND v2.3

Overview of PPP MIN ICND v2.3

Configuring and Verifying PPP MIN ICND v2.3

8 3 Establishing a WAN with Frame Relay

Understanding Frame Relay MIN ICND v2.3

Configuring Frame Relay MIN ICND v2.3

Verifying Frame Relay MIN ICND v2.3

8 4 Troubleshooting Frame Relay WANs

Overview NEW New

Approaching Frame Relay Troubleshooting NEW New

Resolving Frame Relay Connectivity Issues NEW New

8 Lab 8-1 Establishing a Frame Relay WAN MIN ICND v2.3

8 Lab 8-2 Troubleshooting Frame Relay WANs NEW New

MIN = Existing content, only minor edits

MAJ = Existing content from other courses, major edits to existing ICND content

NEW = New content and not from any other course


Documents

Icnd 210 Cag