2
Copyright CTTC Professional Development Program. CCNA Lab Manual (200-120) Copyright@ CTTC Published By CTTC 45-M, Block-6 P.E.C.H.S Karachi-75400 Pakistan. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording and information storage or retrieval system without written permission from the publisher, except for the inclusion of quotation in a review. Warning and Disclaimer This manual is designed to provide information about CCNA (200-120). Every effort Has been made to make this manual as complete and accurate as possible, but no warranty of fitness is implied. The information is provided on as basis and CTTC shall have neither liability nor responsibility to any person or entity with respect to any loss or damage Arising from the information contained in this manual. Authors Mr. Muddasar Sharif (Network Engineer) Mr. Tharpal Das (Associate Network Engineer) Reviewed By Mr. Ahmed Saeed (Head of Department-Cisco Division)
Copyright@ CTTC
3
Table of Contents Topics
page#
Basic Network Using CISCO Switch
6
Accessing Console of the Switch/Router Modes of CLI How to Set Hostname and Configure Console Password How to Set Privilege level password How to Set User Authentication in Switch Password Recovery How to Set Telnet password How to Enable the Device to Establish Telnet/SSH Session Configuring SSH
7 8 9 10 10 12 13 13 13
SWITHCING VLAN Configuration Port security Rapid Spanning Tree Protocol (RSTP) Ether channel Configuration Inter VLAN Routing (IVR)
15 17 20 23
ROUTING Static Routing Enhanced Interior Gateway Routing Protocol (EIGRP) Open Shortest Path First (OSPF)
27 30 33
First Hop Redundancy Protocols Hot Standby Router Protocol (HSRP) Virtual Router Redundancy Protocol(VRRP) Gateway Load balancing Protocol (GLBP)
36 40 43
IPV6 How to Configure IPv6 on CISCO Router Configuring IPv6 Auto configures Configure RIP ng on Router Configuring OSPF V3 Configuring EIGRP
Copyright@ CTTC
47 49 51 55 59
4
WAN Encapsulation Frame Relay Configuring DHCP
62 64 68
ACCESS LIST & N.A.T Standard Acl Extended Acl Static Nat Dynamic Nat Pat
71 74 76 78
TROUBLESHOOTING OF EIGRP
81
SYSLOG
83
Copyright@ CTTC
5
LAB: Basic Network Using CISCO Switch OBJECTIVE: To configure a cisco switch with basic configuration Accessing Console of the Switch/Router
Accessing Console of the Switch/Router Modes of CLI How to Set Hostname and Configure Console Password How to Set Privilege level password How to Set User Authentication in Switch How to Set Telnet password How to Enable The Device to Establish Telnet/SSH Session Configuring SSH
Copyright@ CTTC
6
Topology
PC-1 is directly connected to switch with ip address 192.168.1.1 PC-2 is directly connected to switch with ip address 192.168.1.2 Switch being the intermediate device provide the communication path to both PC’s. Note: Both the PC’s must be on the same network.
Accessing Console of the Switch/Router
Copyright@ CTTC
7
RJ-45 to DB-9 adapter is used on the PC (COM port) to the device console Port through a roll-over cable. Hyper Terminal is used to access the Command Line Interface (CLI) of the Device. (Start --Menu—Programs—Accessories—Communications--Hyper Terminal)
Switch Console Modes of CLI:
User-exec mode Switch> Privilege mode Switch# Global Configuration mode Switch(config)#
How to switch in different modes: Switch> enable Switch# config terminal Switch(config)# Note: To return to the previous mode use “Exit” command in the current mode. Copyright@ CTTC
8
How to Set Hostname and Configure Console Password: Switch(config)# hostname CISCO CISCO(config)#line console 0 CISCO(config-line)#password cisco123 CISCO(config-line)#login
How to Set Privilege level password: !!! Clear Text Password not encrypted(less priority) CISCO(config)#enable password ccna123 !!! Encrypted password (more Priority) CISCO(config)#enable secret cttc123
Verify the Password CISCO(config)#exit CISCO#exit CISCO con0 is now available Press RETURN to get started. User Access Verification !!! TYPE HERE LINE CONSOLE Password Password: CISCO>enable !!! TYPE HERE Privilege Level Password Password:
Copyright@ CTTC
9
How to Set User Authentication in Switch CISCO#config terminal CISCO(config)#line console 0 CISCO(config-line)# login local CISCO(config-line)#exit CISCO(config)#username cttc password ccna123
Copyright@ CTTC
10
Verify the Authentication
CISCO(config)#exit CISCO#exit
Verify the User Status CISCO#show users Line User Host(s) Idle Location * 0 con 0 cttc idle 00:00:00
Copyright@ CTTC
11
Password Recovery
Configuration on Router Router>enable Router#config t Router(config)#line console 0 Router(config-line)Password cisco Router(config-line)#Login Router(config-line)#Exit
For password recovery power cycle the router and press ctrl+break.
After we enter the rommon mode type: Rommon 1 > confreg 0x2142 Rommon 2 > reset
Copyright@ CTTC
12
How to Set Telnet password: CISCO(config)#line vty 0 15 CISCO(config-line)#password cisco CISCO(config-line)#login CISCO(config-line)#exit
How to Enable The Device to Establish Telnet/SSH Session: CISCO(config)#interface vlan 1 CISCO(config-if)#ip address 10.0.0.10 255.0.0.0 CISCO(config-if)#no shutdown Note: VLAN 1 IP address is used to establish the telnet session. Go to command prompt and use telnet command to make a telnet session with the device. C:\>telnet 10.0.0.10
Configuring SSH: CISCO(config)#username taha password abc123 CISCO(config)#ip domain-name cttc.net CISCO(config)#crypto key generate rsa The name for the keys will be: CISCO.cttc.net Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 512 % Generating 512 bit RSA keys ...[OK] CISCO(config)#line vty 0 15 CISCO(config-line)#login local CISCO(config-line)#transport input ssh
Copyright@ CTTC
13
Note: VLAN 1 must be configured as show in TELNET section. Putty software iscommonly used to establish SSH session.
Verify Command’s: CISCO(config)#show line vty 0 15 Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 1 VTY - -13 0 0/0 2 VTY - - - - - 0 0 0/0 3 VTY - - - - - 0 0 0/0 4 VTY - - - - - 0 0 0/0 5 VTY - - - - - 0 0 0/0 6 VTY - - - - - 0 0 0/0 7 VTY - - - - - 0 0 0/0 8 VTY - - - - - 0 0 0/0 9 VTY - - - - - 0 0 0/0 10 VTY - - - - - 0 0 0/0 11 VTY - - - - - 0 0 0/0 12 VTY - - - - - 0 0 0/0 13 VTY - - - - - 0 0 0/0 14 VTY - - - - - 0 0 0/0 15 VTY - - - - - 0 0 0/0 16 VTY - - - - - 0 0 0/0 – !!! ―*‖ show that one VTY Session is active:
Copyright@ CTTC
14
LAB: VLAN Configuration Objective: To Create and Configure VLAN CISCO#config terminal CISCO(config)#vlan 10 CISCO(config-vlan)#name HR CISCO(config-vlan)#exit CISCO(config)#vlan 20 CISCO(config-vlan)#name Sales CISCO(config-vlan)#exit
Verify VLANs CISCO#show vlan brief VLAN Name Status Ports ------- ---------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 HR active 20 Sales active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Note: All ports of the switch are member of VLAN 1 by default.
How to Assign Ports to Different VLANs: CISCO(config)#interface fa0/1 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport access vlan 10 CISCO(config-if)#exit CISCO(config)#interface fa0/2 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport access vlan 20
Copyright@ CTTC
15
Verify Ports in VLANS CISCO#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 HR active Fa0/1 20 Sales active Fa0/2
Copyright@ CTTC
16
LAB:PORT SECURITY OBJECTIVE: TO IMPLEMENT BASIC PORT SECURITY FEATURES ON INTERFACE
CISCO(config)#interface fa0/1 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport port-security CISCO(config-if)#switchport port-security mac-address sticky CISCO(config-if)#switchport port-security maximum 1 CISCO(config-if)#switchport port-security violation shutdown CISCO(config-if)#exit CISCO(config)#interface fa0/2 CISCO(config-if)#switchport mode access CISCO(config-if)#switchport port-security CISCO(config-if)#switchport port-security mac-address sticky CISCO(config-if)#switchport port-security maximum 1 CISCO(config-if)#switchport port-security violation shutdown
Copyright@ CTTC
17
Verify Port-Security MAC Address: CISCO#show port-security address Secure Mac Address Table ------------------------------------------------------------------------------Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------1 0060.705E.07CB SecureSticky FastEthernet0/1 1 0090.21BD.4810 SecureSticky FastEthernet0/2 -----------------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024
Verify Port-Security Interface FastEnthernet Fa0/1: CISCO#show port-security interface f0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0060.705E.07CB:1 Security Violation Count : 0 Note: Max Addresses value depends upon the model of the device. Manual MAC address can be entered in port-security instead on using ―sticky‖ command. Violation modes can be set to protect, restrict or shutdown.
What happens if violation occurred: When a new PC is attached to the port on which port-security is enabled then Switch will take an action which is set in the violation mode.
Copyright@ CTTC
18
Verify when violation is occurred: CISCO#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) ------------------------------------------------------------------------------------------------------------Fa0/1 1 1 1 Shutdown Fa0/2
1
1
1
Shutdown
-------------------------------------------------------------------------------------------------------------
Copyright@ CTTC
19
LAB: Rapid Spanning Tree Protocol (RSTP) OBJECTIVE: To Implement STP, It’s Improvement RSTP and To Configure Root Bridges for Different VLANS.
Verify Root Bridge on Switch-1: Switch-1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0002.16EE.8B7E This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0002.16EE.8B7E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/1 Desg FWD 19 128.1 P2p Fa0/2 Desg FWD 19 128.2 P2p Note: If the switch is ―Root Bridge‖, it will display the message ―This bridge is the root‖. Root ID Address and Bridge ID Address will be same in case of Root Bridge. Default priority is 32768. VLAN ID (System Extension ID) is added to the default priority. VLAN 1 is the default VLAN so the priority for VLAN 1 is 32769 (32768+1). Copyright@ CTTC
20
Enabling RSTP: Switch-1(config)#spanning-tree mode rapid-pvst Note: The above command will be issued on all the switches of the network.
Verify RSTP: Switch-1#show spanning-tree VLAN0001
Spanning tree enabled protocol rstp Root ID
Bridge ID
Priority 32769 Address 0002.16EE.8B7E This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 0002.16EE.8B7E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20
Changing Switch-2 to Root Bridge: Switch-2(config)#spanning-tree vlan 1 priority 4096 Note: Priority must be in the multiple 4096. To change the root bridge, you can also use the following command: Switch-2(config)#spanning-tree vlan 1 root primary
Verify Switch-2 as Root Bridge: Switch-2#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 000C.CF21.CBC1 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 000C.CF21.CBC1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20
Copyright@ CTTC
21
Enabling Portfast feature on all switches: Switch-1(config)#spanning-tree portfast default Note: Above command will be issued to all the switches in the network. By enabling portfast feature on all the switches, will disable the STP process on all non-trunk ports. It will cause to take less time to change the state to up on all non-trunking ports. To verify this feature, connect a PC to the switch and the port will be up within 5 seconds.
Copyright@ CTTC
22
Etherchannel Configuration:
Configuring Switch-1: Switch-1(config)#interface range fa0/1 - 2 Switch-1(config-if-range)#channel-group 1 mode on Switch-1(config-if-range)#exit Switch-1(config)#interface port-channel 1 Switch-1(config-if)#switchport mode trunk
Configuring Switch-2: Switch-2(config)#interface range fa0/1 - 2 Switch-2(config-if-range)#channel-group 1 mode on Switch-2(config-if-range)#exit Switch-2(config)#interface port-channel 1 Switch-2(config-if)#switchport mode trunk
Verify Etherchannel: Switch-1#show etherchannel summary …