ZOOM TECHNOLOGIES CCNA LAB GUIDE
I N I T I A L
R O U T E R
C O N F I G U R A T I O N
User mode: Router > Router > enable Privilege mode: Router # Router # configure terminal Global configuration mode: Router(config) # Assign ing ip address to Ethernet interface: Router(config) # interface
Router(config-if) Router(config-if) # ip address address address> Router(config-if) Router(config-if) # no shut Assigning Telnet password: Router(config) Router(config) # line li ne vty 0 4 Router(config-line) Router(config-line) #login Router(config-line) Router(config-line) #password
(Interface mode)
(line mode)
Show commands: Router Router Router Router
# # # #
show running-config show startup-config show version show flash
Commands to save the configuration : Router # copy running-config startup-config ( OR ) Router # write memory ( OR ) Router # wr Enabling password authentication against the local database Router(config)#line vty 0 4 Router(config-line)#login local Router(config-line)#exit
1. Establishing a console session to the Router 2. Configuring Ethernet interface of the Router 3. Establish Telnet session to the Router 4. Password protection on the Console session 5. Password protection on the Telnet session 6. Setting Enable Password.
WAN INTERFACE CONFIGURATION: 10.0.0.1/ 8 S 0/ 0
11.0.0.1/ 8 S 0/ 0
H YD
BAN
CH E S 0/ 1 10.0.0.2/ 8
E 0/ 0 192.168.1.150/24
LAN - 192.168.1.0/ 24
S0/1 11.0.0.2/ 8
E0/0 192.168.2.150/ 24
LAN - 192.168.2.0/ 24
ON HYD:
ON CHE:
HYD# configure terminal HYD (config)# interface serial 0/0 HYD (config-if)# ip address 10.0.0.1 255.0.0.0 HYD (config-if)# no shutdown HYD (config-if)# encapsulation hdlc HYD (config-if)# exit HYD (config)# exit
CHE CHE CHE CHE CHE CHE CHE CHE CHE CHE CHE CHE CHE CHE
E0/0 192.168.3.150/24
LA N - 192.168.3.0/ 24
ON BAN:
Zoom Technologies®
# configure terminal (config) # interface serial 0/1 (config-if) # ip address 10.0.0.2 255.0.0.0 (config-if) # no shutdown (config-if) # clock rate 64000 (config-if) # encapsulation hdlc (config-if) # ^z # configure terminal (config) # interface serial 0 (config-if) # ip address 11.0.0.1 255.0.0.0 (config-if) # no shutdown (config-if) # encapsulation hdlc (config-if) # clock rate 64000 (config-if) # ^z
4
BAN # configure terminal BAN (config)#interface serial BAN(config-if)#ip address 11.0.0.2 255.0.0.0 BAN (config-if) # no shutdown BAN (config-if) # encapsulation hdlc BAN (config-if) # ^z
Zoom Technologies®
5
Show commands: Router # show interfaces s 0/ 0 1. 2. 3. 4.
Serial 0/0 is up , line protocol is up (connectivity is fine) Serial 0/0 is administratively down, line protocol is down (No Shutdown has to be given on the local router serial interface) Serial 0/0 is up, line protocol is down (Encapsulation mismatch or clock rate has to be given on dce) Serial 0/0 is down, line protocol is down (Serial interface on the remote router has to be configure)
Router # show controllers s0/ 0 (To know whether the cable connected to the serial interface is DCE or DTE)
Zoom Technologies®
6
STATIC ROUTING
10.0.0.1/ 8 S0/0
11.0.0.1/ 8 S0/0
HYD E0/0 192.168.1.1/ 24
LAN - 192.168.1.0/ 24
ON HYD :
BAN
CH E S 0/ 1 10.0.0.2/ 8
S 0/ 1 11.0.0.2/ 8
E0/0 192.168.2.1/ 24
LA N - 192.168.2.0/ 24
E0/0 192.168.3.1/ 24
LAN - 192.168.3.0/ 24
ON CHE :
ON BAN:
CHE # config terminal CHE(config) # ip routing CHE(config) # ip route 192.168.1.0 255.255.255.0 10.0.0.1 CHE(config) # ip route 192.168.3.0 255.255.255.0 11.0.0.2
BAN # config terminal BAN(config) # ip routing BAN(config) # ip route 192.168.2.0 255.255.255.0 11.0.0.1 BAN(config) # ip route 192.168.1.0 255.255.255.0 11.0.0.1 BAN(config) # ip route 10.0.0.0 255.0.0.0 11.0.0.1
AREA 0 HYD # config terminal HYD(config) # ip routing HYD(config) # ip route 192.168.2.0 255.255.255.0 10.0.0.2 HYD(config) # ip route 192.168.3.0 255.255.255.0 10.0.0.2 HYD(config) # ip route 11.0.0.0 255.0.0.0 10.0.0.2
Show commands: ROUTER # show ip route
Zoom Technologies®
7
1. Assign the ipaddress IP addresses and making the interface administratively up. 2. Understanding
the importance of keepalives.
3. Importance of clock rate command. 4. Understanding the importance of extended ping command. 5. Understanding the importance of debug IP packet command. 6. Understanding the •
Sending
•
Unrouteable
•
Encapsulation failed
•
Forward
•
Sending, received.
7. Understanding the importance of debug ARP command. 8. Understanding the importance of debug ip icmp command. 9. Understanding the routing table. 10.Adding a static route by defining the next hop address.
RIP: 10.0.0.1/ 8 S 0/ 0
11.0.0.1/ 8 S 0/ 0
H YD E 0/ 0 192.168.1.1/ 24
LAN - 192.168.1.0/ 24
BAN
CH E S 0/ 1 10.0.0.2/ 8
S0/1 11.0.0.2/ 8
E0/0 192.168.2.1/ 24
LAN - 192.168.2.0/ 24
E0/0 192.168.3.1/24
LA N - 192.168.3.0/ 24
ON HYD : HYD#config terminal HYD(config)#ip routing HYD(config)#router rip HYD(config-router)# network 192.168.1.0 HYD(config-router) # network 10.0.0.0 HYD(config-router) #^z AREA 0 HYD#
ON CHE :
ON BAN:
CHE # config terminal CHE(config) # ip routing CHE(config) # router rip CHE(config-router) # network 192.168.2.0 CHE(config-router) # network 10.0.0.0 0 CHE(config-router) # network 11.0.0.0 0 CHE(config-router) # ^z CHE#
BAN # config terminal BAN(config) # ip routing BAN(config) # router rip BAN(config-router) # network 192.168.3.0 BAN(config-router) # network 11.0.0.0 0 BAN(config-router) # ^z BAN#
Show commands: HYD # show ip route HYD # show ip protocols HYD # debug ip rip HYD# terminal monitor
Zoom Technologies®
9
1. Enabling RIP Protocol process on the respective networks 2. Understanding the RIP protocol routes in the routing table 3. Understanding the RIP updates using debug IP RIP command 4. Changing the basic timers 5. Split horizon 6. Effect of passive-interface command 7. Invalid Timer 8. Hold-Down timer 9. Route poison 10.Poison reverse 11.Flush Interval 12.Flash Updates 13.Adding a static route with different administrative distance.
AREA 0 10.0.0.1/ 8 S 0/ 0
11.0.0.1/ 8 S 0/ 0
BAN
CH E
H YD S 0/ 1 10.0.0.2/ 8
E 0/ 0 192.168.1.1/ 24
LAN - 192.168.1.0/ 24
S0/1 11.0.0.2/ 8
E0/0 192.168.2.1/ 24
LAN - 192.168.2.0/ 24
E0/0 192.168.3.1/24
LA N - 192.168.3.0/ 24
ON HYD :
ON CHE :
ON BAN:
HYD # config terminal HYD(config) # ip routing HYD(config) # router ospf 5 HYD(config-router)#network 192.168.1.0 0.0.0.255 area 0 HYD(config-router)#network 10.0.0.0 0.255.255.255 area 0 HYD(config-router) #^z HYD#
CHE # config terminal CHE(config) # ip routing CHE(config) # router ospf 3 CHE(config-router) # network 192.168.2.0 0.0.0.255 area 0 CHE(config-router) # network 10.0.0.0 0.255.255.255 area 0 CHE(config-router) # network 11.0.0.0 0.255.255.255 area 0 CHE(config-router) # ^z CHE#
BAN # config terminal BAN(config) # ip routing BAN(config) # router ospf 3 BAN(config-router)#network 192.168.3.0 0.0.0.255 area 0 BAN(config-router)#network 11.0.0.0 0.255.255.255 area 0 BAN(config-router)#^z BAN#
AREA 0
Show commands: HYD # show ip route HYD # show ip ospf database HYD # show ip ospf neighbors
Zoom Technologies®
11
1. Configuration of OSPF 2. Automatic selection process of router-id 3. Manual selection of router-id 4. Manipulation of hello-interval 5. Debugging and understanding the functioning of hello protocol 6. Debugging and understanding the adjacency formation. 7. Understanding the different neighbor states 8. Verification of OSPF database 9. Verification of OSPF Neighbor table. 10.Election of DR/BDR 11.Configuration of OSPF in Multiple Areas.
EIGRP: 10.0.0.1/ 8 S 0/ 0
11.0.0.1/ 8 S 0/ 0
HYD E0/0 192.168.1.1/ 24
LAN - 192.168.1.0/ 24
BAN
CH E S0/1 10.0.0.2/ 8
S0/1 11.0.0.2/ 8
E0/0 192.168.2.1/ 24
LA N - 192.168.2.0/ 24
E 0/ 0 192.168.3.1/ 24
LAN - 192.168.3.0/ 24
ON HYD:
ON CHE :
ON BAN:
HYD # config terminal HYD(config) # ip routing HYD(config) # router eigrp 10 HYD(config-router)# network 192.168.1.0 HYD(config-router)# network 10.0.0.0 HYD(config-router)# exit AREA # 0 exit HYD(config)
CHE # config terminal CHE(config) # ip routing CHE(config) # router eigrp 10 CHE(config-router)#network 192.168.2.0 CHE(config-router)#network 10.0.0.0 CHE(config-router)#network 11.0.0.0 CHE(config-router)#exit CHE(config) # exit
BAN # config terminal BAN(config) # ip routing BAN(config) # router eigrp 10 BAN(config-router)#network 192.168.3.0 BAN(config-router)#network 11.0.0.0 BAN(config-router)#exit BAN(config)#exit
Show commands:
Show commands:
debug commands:
HYD # show ip route HYD # show ip protocols
HYD # show ip eigrp topology / all HYD # show ip eigrp neighbor HYD # show ip eigrp neighbor details
HYD # debug ip eigrp events HYD # debug ip eigrp transaction HYD # debug eigrp packets
Zoom Technologies®
13
1. Configuration of EIGRP 2. Configuring delay for all the interfaces 3. Calculation of the parameters of DUAL 4. Verification of DUAL parameters 5. Debugging and Understanding the Dual Concepts
Zoom Technologies®
14
STANDARD ACCESSLIST:
10.0.0.1/ 8 S 0/ 0
11.0.0.1/ 8 S 0/ 0
HYD E0/0 192.168.1.1/ 24
LAN - 192.168.1.0/ 24
BAN
CH E S 0/ 1 10.0.0.2/ 8
S 0/ 1 11.0.0.2/ 8
E 0/ 0 192.168.2.1/24
LAN - 192.168.2.0/ 24
E0/0 192.168.3.1/24
LA N - 192.168.3.0/ 24
ON HYD :
ON CHE :
ON BAN:
HYD # config terminal HYD(config) # ip routing HYD(config) AREA 0# router rip HYD(config-router)#network 192.168.1.0 HYD(config-router) # network 10.0.0.0 HYD(config-router) #^z HYD#
CHE # config terminal CHE(config) # ip routing CHE(config) # router rip CHE(config-router)#network 192.168.2.0 CHE(config-router)#network 10.0.0.0 0 CHE(config-router)#network 11.0.0.0 0 CHE(config-router) # ^z CHE#
BAN # config terminal BAN(config)#ip routing BAN(config)#router ri p BAN(config-router)#network 192.168.3.0 BAN(config-router)#network 11.0.0.0 0 BAN(config-router) # ^z BAN#
Zoom Technologies®
15
SCENARIO 1:
SCENARIO 2:
Only 192.168.3.0 should communicate with 192.168.1.0
Configuration of an access-list on Chennai that administrative access through Telnet is possible only from 192.168.2.10
ON HYD:
ON CHE:
HYD #config terminal HYD (config) # access-list 1 permit 192.168.3.0 0.0.0.255 HYD (config) # int e0 HYD (config-if) # ip access-group 1 out HYD (config-if) # exit HYD (config) # exit
CHE #config terminal CHE (config) # access-list 1 permit 192.168.2.10 0.0.0.0 CHE (config) # line vty 0 4 CHE (config-line) # ip access-class in CHE (config-line) # exit CHE (config) # exit
SCENARIO 3: Configuration of an standard access-list on Chennai Ethernet 0 in the outbound direction denying 192.168.3.10 ON CHE:
CHE # show ip access-list Che # show ip access-list Note: Use the command prompt of a PC try to ping the filtered ip address
Zoom Technologies®
16
CHE #config terminal CHE (config) # access-list 1 deny 192.168.3.10 0.0.0.0 CHE (config)#access-list 1 permit any CHE (config)#interface Ethernet 0 CHE (config-if) # ip access-group 1 out CHE (config-if) # exit CHE (config) # exit
EXTENDED ACCESSLIST: 10.0.0.1/ 8 S 0/ 0
11.0.0.1/ 8 S 0/ 0
HYD
BAN
CH E S 0/ 1 10.0.0.2/ 8
E0/0 192.168.1.1/ 24
LA N - 192.168.1.0/ 24
E0/0 192.168.2.1/ 24
LA N - 192.168.2.0/ 24
SCENARIO :1
Configuration of an extended access-list on Hyd Serial 0 in inbound direction denying PING (Echo) from 192.168.3.0 to 192.168.1.0 and permitting any other service.
Configuration of an extended access-list on Chennai Ethernet 0 in the outbound direction permitting only FTP service from the network 192.168.3.0 to 192.168.2.10
Hyd#configure terminal Hyd(config)#access-list 110 deny icmp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 echo hyd(config)#access-list 110 permit ip any any hyd(config)#interface serial 0 hyd(config-if)#ip access-group 110 in hyd(config-if)^z Hyd # sh ip access-list
Zoom Technologies®
E0/0 192.168.3.1/24
LA N - 192.168.3.0/ 24
SCENARIO :2
On Hyd:
S0/1 11.0.0.2/ 8
On CHE: Chen#configure terminal Chen(config)#access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.2.10 0.0.0.0 eq ftp chen(config)#interface ethernet 0 chen(config-if)#ip access-group 101 out chen(config-if)#exit chen(config)# CHE # sh ip access-list
17
SCENARIO :3 Configuration of an extended access-list on Hyd serial 0 in inbound direction denying HTTP from 192.168.2.0 to 192.168.1.0 and permitting and denying ping from any network to 192.168.1.0. On Hyd: Hyd#configure terminal Hyd(config)#access-list 111 deny tcp 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 eq 80
hyd(config)#access-list 111 permit ip any any hyd(config)#interface serial 0 hyd(config-if)#ip access-group 111 in hyd(config-if)^z Hyd # sh ip access-list
Zoom Technologies®
18
1. Configuration of a Standard access-list on Hyd Ethernet 0 in the out bound direction, permitting only 192.168.3.0 2. Configuration of an access-list on Chennai that administrative access through Telnet is possible only from 192.168.2.10 3. configuration of an standard access-list on Chennai Ethernet 0 in the outbound direction denying 192.168.3.10 4. Configuration of an extended access-list on Chennai Ethernet 0 in the outbound direction permitting only FTP service from the network 192.168.3.0 to 192.168.2.10 5. Configuration of an extended access-list on Hyd Serial 0 in inbound direction denying PING (Echo) from 192.168.3.0 to 192.168.1.0 and permitting any other service. 6. Configuration of an extended access-list on Hyd serial 0 in inbound direction denying HTTP from 192.168.2.0 to 192.168.1.0 and permitting and denying ping from any network to 192.168.1.0.
FRAME-RELAY
FRAME-RELAY SWITCH
10.0.0.1/ 8 S0/0
H YD
DLCI NO : 100
E 0/ 0 192.168.1.1/ 24
10.0.0.2/ 8 S 0/ 1
S 0/ 0
S0/1
BAN
CH E
DLCI NO : 200
E 0/ 0 192.168.2.1/24
E0/0 192.168.3.1/ 24
LAN - 192.168.1.0/ 24 LAN - 192.168.2.0/ 24
Zoom Technologies®
LAN - 192.168.3.0/ 24
20
CONFIGURATION ON HYD :
ON CHE :
ON BAN:
HYD # config terminal HYD (config) # interface s 0/0 HYD (config-if) # ip address 10.0.0.1 255.0.0.0 HYD (config-if) # no shutdown HYD (config-if) #encapsulation frame-relay HYD (config-if) #frame-relay lmi-type cisco HYD (config-if) #frame-relay interface–dlci 100 HYD (config-if) #exit
CHE # config terminal CHE (config) # frame-relay switching CHE (config) # interface s 0/1 CHE (config-if) # no ip address CHE (config-if) # no shutdown CHE (config-if) # encapsulation frame-relay CHE (config-if) # clockrate 64000 CHE (config-if) # frame-relay intf-type dce CHE (config-if) # frame-relay lmi-type cisco CHE (config-if) # frame-relay route 100 interface s0/0 200 CHE (config-if) # exit CHE (config) # interface s 0/0 CHE (config-if) # no ip address CHE (config-if) # no shutdown CHE (config-if) # encapsulation frame-relay CHE (config-if) # clockrate 64000 CHE (config-if) # frame-relay intf-type dce CHE (config-if) # frame-relay lmi-type cisco CHE (config-if) # frame-relay route 200 interface s0/1 100 CHE (config-if) # exit CHE (config) # exit
BAN # config terminal BAN (config) # interface s 0/1 BAN (config-if) # ip add 10.0.0.2 255.0.0.0 BAN (config-if) # no shut BAN (config-if) # encapsulation frame-relay BAN (config-if) # frame-relay lmi-type cisco BAN (config-if) # frame-relay interface-dlci 200 BAN (config-if) # exit
HYD (config) # ip routing HYD (config) # router rip HYD (config-router) # network 192.168.1.0 HYD (config-router) # network 10.0.0.0 HYD (config-router) #^Z
Show commands: ROUTER# show frame-relay pvc ROUTER# show frame-relay map ROUTER # show ip route
Zoom Technologies®
21
BAN BAN BAN BAN BAN BAN
(config) # ip routing (config) # router rip (config-router) # network 192.168.3.0 (config-router) # network 10.0.0.0 (config-router) # exit (config) # exit
Zoom Technologies®
22
1. Configuration of the router as a frame-relay switch 2. Changing the encapsulation type to frame relay 3. Creation of PVCs by defining DLCI numbers 4. Configurations of the static frame relay mappings 5. Observation of the status of PVCS in a frame relay switch 6. Verification of the frame relay map tables 7. Configuration of the head office and branch office routers with rip 8. Verification of the routing tables. 9. Verification of the reachability.
Zoom Technologies®
24
ON 19 2.168.20.50
ON 19 2.168.20.51
VLAN CREATION:
VLAN CREATION:
2950 # config terminal 2950(config) # vlan 10 2950(config-vlan) # name sales 2950(config) # vlan 20 2950(config-vlan) # name mkt
2950 # config terminal 2950(config) # vlan 10 2950(config-vlan) # name sales 2950(config) # vlan 20 2950(config-vlan) # name mkt
ASSIGNING MEMBERSHIP TO THE PORTS:
ASSIGNING MEMBERSHIP TO THE PORTS:
2950(config) # interface range fa0/1 -2 2950(config-if) # switchport mode access 2950(config-if) # switchport access vlan 10 2950(config-if) # exit 2950(config)#interface range fa0/4 - 5 2950(config)# switchport access vlan 20
2950(config) # interface range fa0/13 - 14 2950(config-if) # switchport mode access 2950(config-if) # switchport access vlan 10 2950(config-if) # exit 2950(config)#interface range fa0/16 - 17 2950(config)# switchport access vlan 20
TRUNKING: 2950 # config terminal 2950(config) #interface fa0/24 2950(config-if) # switchport mode trunk 2950(config-if) # switchport trunk allowed vlan all 2950 confi -if # exit
TRUNKING: 2950 # config terminal 2950(config) #interface fa0/24 2950(config-if) # switchport mode trunk 2950(config-if) # switchport trunk allowed vlan all 2950 confi -if # exit
Zoom Technologies®
25
1. Understanding the concepts of address learning 2. Creation of VLAN 3. Assigning the hosts to a particular VLAN 4. Configuration of the Trunk link between the router and a switch 5. Configuration of encapsulation for the trunk link 6. Inter-VLAN communication through an external router. 7. Understanding the concepts of VTP modes •
Server mode
•
Client mode
•
Transparent mode
Inter-VLAN Routing
Configuration on Switch
Configuration on Router
Switch#configure terminal Switch(config)#vlan 10 Switch(config-vlan)#name sales Switch(config-vlan)#exit Switch(config)#vlan 20 Switch(config-vlan)#name mkt Switch(config-vlan)#exit
router#configure terminal router(config)#interface Ethernet 0 router(config-if)#no ip address router(config-if)#no shut router(config-if)exit router(config)#interface Ethernet 0.1 router(config-if)#encapsulation dot1q 10
Configuring port security Switch65(config-if)#Switchport port-security Switch65(config-if)#Switchport port-security maximum Switch65(config-if)#Switchport port-security mac-address Switch65(config-if)#Switchport port-security violation {protect|restrict|shutdown}
Interface serial 0 configuration
Interface serial 1 configuration
Router#configure terminal Router(config)#interface serial 0 Router(config-if)#ip address 11.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#encapsulation hdlc Router(config-if)#exit
Router#configure terminal Router(config)#interface serial 1 Router(config-if)#ip address 12.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#encapsulation hdlc Router(config-if)#exit
Configuring Tun nel
Configuring Tunnel
Router(config)# interface tunnel 1 Router(config-if)# Ip address 192.168.0.1 255.255.255.0 Router(config-if)# Tunnel Source 11.0.0.1 Router(config-if)# Tunnel Destination 12.0.0.1
Router(config)# interface tunnel 1 Router(config-if)# Ip address 192.168.0.2 255.255.255.0 Router(config-if)# Tunnel Source 12.0.0.1 Router(config-if)# Tunnel Destination 11.0.0.1
Routing P rotocol Configuration
Routing P rotocol Configuration
Router(config)#no ip routing Router(config)# ip routing Router(config)#router ri p Router(config-router)# network 192.168.1.0 Router(config-router)# network 192.168.0.0
Router(config)#no ip routing Router(config)# ip routing Router(config)#router ri p Router(config-router)# network 192.168.2.0 Router(config-router)# network 192.168.0.0
Zoom Technologies®
29
