Professional Documents
Culture Documents
Completed Topology
Objectives
View the default Layer 2 configuration. Configure EtherChannel.
Background/Scenario
EtherChannel enables the switch administrator to increase bandwidth between switches by bundling together between 2 and 8 links. In this scenario, you will bundle two Fast Ethernet links to form a single logical link with an effective full-duplex bandwidth of 400 Mb/s. NOTE: This activity is for observation purposes only and does not require configuration, thus grading will not be conducted.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 32
CCNA Exploration
LAN Switching and Wireless b. Verify that all switches are running IEEE 802.1D spanning-tree. c. Verify that S1 is the root bridge for VLANs 1-1001. Observation: Both switches are running IEEE 802.1D. DLS1 is the spanning-tree root bridge for all VLANs.
Step 2. Add a logical Port Channel associated with the physical interfaces.
a. Create Port Channel 1 with the interface port-channel 1 command. b. Enter the switchport mode trunk command.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 32
CCNA Exploration
Background/Scenario
Four routers must be interconnected in a hub-and-spoke Frame Relay configuration. Router R1 is the hub, and routers R2, R3, and R4 are spoke routers. The Frame Relay connections will be established using Frame Relay point-to-point connections over subinterfaces from R1 to each spoke router. Routing will be established using static routes on the hub router and default routes on all spoke routers. The frame relay switch(es) have already been configured within the cloud. Remote administrative access is established using SSH with the username admin and password cisco.
Task 1: Configure Frame Relay and Static Routing on the Hub Router (R1).
Step 1. Verify Default Configurations.
e. On all four routers, enter privileged EXEC mode with the password cisco. f. From privileged EXEC mode on all four routers, issue the show running-config command to verify running configurations.
Note: All routers have been preconfigured with hostnames, enable password, and SSH connectivity. All LAN interfaces have also been configured with IP addresses and are currently active. g. Use the show ip route command to verify routing tables.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 32
CCNA Exploration
j.
Create and configure subinterface s0/0/0.102. From global configuration mode, enter the following commands: R1(config)# interface Serial0/0/0.102 point-to-point R1(config-subif)# ip address 10.0.1.1 255.255.255.252 R1(config-subif)# frame-relay interface-dlci 102 R1(config-subif)# exit
k.
Repeat the above steps to create and configure subinterface s0/0/0.103 and s0/0/0.104. R1(config)# interface Serial0/0/0.103 point-to-point R1(config-subif)# ip address 10.0.1.5 255.255.255.252 R1(config-subif)# frame-relay interface-dlci 103 R1(config-subif)# exit R1(config)# interface Serial0/0/0.104 point-to-point R1(config-subif)# ip address 10.0.1.9 255.255.255.252 R1(config-subif)# frame-relay interface-dlci 104 R1(config-subif)# exit
Step 4. Configure Static Routing on R1 to reach the LANs of each spoke router.
Routing between sites could be configured using dynamic or static routing. In this activity, you will configure static routes to each remote LAN sites. l. From global configuration mode, enter the following static routes. R1(config)# ip route 10.20.20.0 255.255.255.0 10.0.1.2 R1(config)# ip route 10.30.30.0 255.255.255.0 10.0.1.6 R1(config)# ip route 10.40.40.0 255.255.255.0 10.0.1.10 m. Exit out of configuration mode and issue the show running-config command to view the final configuration on R1.
Task 2: Configure Frame Relay and Default routing on the Spoke Routers.
Step 1. Configure the Physical Frame Relay Interface on the spoke routers.
Just as we configured the hub router for Frame Relay, the spoke routers must also be configured.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 32
CCNA Exploration
LAN Switching and Wireless n. From privileged EXEC mode on R2, enter global configuration mode. o. Configure the main physical interface for Frame Relay connectivity. Enter the following commands on R2. R2(config)# interface serial0/0/0 R2(config-if)# encapsulation frame-relay R2(config-if)# no shutdown
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 32
CCNA Exploration
s.
t.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 32
CCNA Exploration
DLCI = 103, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.103 input pkts 14055 out bytes 6216155 in BECN pkts 0 in DE pkts 0 out bcast pkts 32795 output pkts 32795 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 6216155 in bytes 1096228 in FECN pkts 0 out BECN pkts 0
DLCI = 104, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.104 input pkts 14055 out bytes 6216155 in BECN pkts 0 in DE pkts 0 out bcast pkts 32795 output pkts 32795 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 6216155 in bytes 1096228 in FECN pkts 0 out BECN pkts 0
NOTE: PC1 and PC3 should now be able to successfully ping each other and the web server. If not, make sure that you entered all the commands exactly as specified in the previous steps.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 32
CCNA Exploration
Objectives
View the default Layer 2 configuration. Configure the switch virtual interfaces (SVIs). Verify inter-VLAN routing.
Background/Scenario
Inter-VLAN routing on distribution layer switches is made possible with switch virtual interfaces (SVIs). Multilayer switches, such as Cisco Catalyst 3560 switches, are capable of wirespeed IP routing in addition to traditional Layer 2 switching. In this case, distribution layer bound IP subnets with hosts pointing to the SVIs as default gateways for the respective IP subnets. Full IP communications, previously available only with dedicated routers, are made available with these multilayer switches. In this configuration, two distribution layer switches, DLS1 and DLS2 are connected in a partial-mesh topology with the access layer switches, ALS1 and ALS2. DLS1 and DLS2 load balance the traffic at Layer 2 on a perVLAN basis. SVIs are configured for each VLAN to enable inter-VLAN IP communication.
w. On the two distribution switches, issue the show vlan command to verify proper VLAN configuration.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 32
CCNA Exploration
LAN Switching and Wireless Observation: Fa0/1, Fa0/2, and Fa0/3 are configured for 802.1q trunking. Additionally, all three are configured to trunk VLANs 1, 10, 20, 30, 99 and all default vlans. The native management VLAN is VLAN99.
Observation: DLS1 is the root bridge for VLANs 1, 20, and 99. DLS2 is the root bridge for VLANs 10 and 30.
Step 2. Test ICMP connectivity from the access layer switches to the distribution layer SVIs.
aa. On ALS1, issue the privileged EXEC command ping 10.0.10.1. Repeat for 10.0.10.2, 10.0.20.1, 10.0.20.2, 10.0.30.1, 10.0.30.2, 10.0.99.1, and 10.0.99.2. The ping tests should all be successful. bb. On ALS2, issue the privileged EXEC command ping 10.0.10.1. Repeat for 10.0.10.2, 10.0.20.1, 10.0.20.2, 10.0.30.1, 10.0.30.2, 10.0.99.1, and 10.0.99.2. The ping tests should all be successful.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 32
CCNA Exploration
Background/Scenario
Three routers must be interconnected in a simple IPv6 configuration. Routing will be established using RIPng.
Task 1: Configure Router R1 to Support IPv6. Step 1. Enable IPv6 Unicast Routing on R1.
All IPv6 routers must be enabled to support IPv6 unicast routing. a. From privileged EXEC mode on R1, enter global configuration mode. b. Enter the ipv6 unicast-routing command.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 32
CCNA Exploration
Task 2: Configure Router R2 and R3 to Support IPv6. Step 1. Configure Router R2.
Just as we configured the router R1 to support IPv6, we must also configure routers R2 and R3 as well. On router R2, enable IPv6 unicast routing, configure an EUI IPv6 address and enable the RIPng process called "PROCESS1" on interfaces Serial 0/0/0 and Serial 0/0/1 using the following commands. Note that only the S0/0/1 interface requires the clock rate. R2# conf t R2(config)# ipv6 unicast-routing R2(config)# interface Serial0/0/0 R2(config-if)# ipv6 address 2001:410:1:10::/65 eui-64 R2(config-if)# ipv6 rip PROCESS1 enable R2(config-if)# no shutdown R2(config-if)# exit R2(config)# interface Serial0/0/1 R2(config-if)# ipv6 address 2001:410:2:10::/65 eui-64 R2(config-if)# ipv6 rip PROCESS1 enable R2(config-if)# clock rate 64000 R2(config-if)# no shutdown R2(config-if)# exit
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 11 of 32
CCNA Exploration
Task 3: Verify the IPv6 Configuration. Step 1. Verify the IPv6 Configuration on R1.
There are several commands available to verify the IPv6. IPv6 retains the same common commands as IPv4 with the exception that we must specify that these are IPv6 commands. The following are several IPv6 commands. a. First, verify which interfaces have been configured to support IPv6 using the show ipv6 interface brief command on R1, R2 and R3. Note: On R1, only Serial 0/0/0 displays any IPv6 addresses. To get more information on these addresses use the show ipv6 interface s0/0/0 command. R2 and R3 will be different. The address beginning with FE80 is the link local address and the address beginning with 2001 is the global unicast address. Both were created when the ipv6 address with the EUI-64 option specified. Recall that the EUI-64 inserts the hex digits FFE in the IPv6 address. Write down the global unicast address for each of the interfaces. b. Issue the show ipv6 rip database command to verify the specifics of the IPv6 RIP database. c. Next, verify the routing IPv6 table using the show ipv6 route command on R1. d. Finally, test connectivity by pinging the R3 serial0/0/0 interface from R1. Use the address that you wrote down as the global unicast address (starting with 2001). When asked for the outgoing interface, specify serial0/0/0.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 32
CCNA Exploration
Objectives
View the default Layer 2 configuration. Configure port security.
Background/Scenario
Port security enables the switch administrator to prevent unauthorized devices from gaining access to the network. Port security is normally enabled on access layer switches for this purpose. NOTE: This activity is for observation purposes only and does not require configuration, thus grading will not be conducted.
CCNA Exploration
LAN Switching and Wireless Observation: On S1, ports F0/1 and F0/2 are 802.1Q trunk ports. On S2, port F0/1 is an 802.1Q trunk port. On S3, port F0/2 is an 802.1Q trunk port. The native VLAN is 99 for all trunk ports. ee. Issue the show vlan command to verify proper VLAN configuration. Observation: VLANs 10 (faculty/staff), 20 (students), 30 (guest), and 99 (management) are configured on the three switches: VLAN 1 is the default VLAN on each switch. S1 VLAN 1: all ports except for trunk ports F0/1 and F0/2. S2 VLAN 1: ports F0/2-5, G1/1-2. S2 VLAN 10: ports F0/11-17 S2 VLAN 20: ports F0/18-24 S2 VLAN 30: ports F0/6-10 S3 VLAN 1: ports F0/1, F0/3-5, G1/1-2 S3 VLAN 10: ports F0/18-24 S3 VLAN 20: ports F0/11-17 S3 VLAN 30: ports F0/6-10
kk. Repeat step 1.a. on ports F0/11 and F0/18 of S2. ll. On ports F0/6, F0/11, and F0/18 of S2, enter the command switchport port-security maximum Enter the show run command in privileged EXEC mode to see the effect of step 2.a.
mm.
Observation: The command switchport port-security maximum 1 does not appear under the interfaces F0/6, F0/11, and F0/18. This is because the default maximum for port security on an interface
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 14 of 32
CCNA Exploration
LAN Switching and Wireless is 1. The command switchport port-security maximum # will only appear if a value higher than 1 is configured. nn. Repeat steps a through d on ports F0/6, F0/11, and F0/18 of switch S3.
Step 2. Configure dynamic learning for port security and verify operation.
oo. On ports F0/6, F0/11, and F0/18 of S2 and S3, enter the command switchport port-security macaddress sticky. Issue the show run command to view the final configuration on both S2 and S3. pp. Click on PC6. PC6 is currently connected to Fa0/6 on S3. From the command prompt on PC6, issue the command ping 172.17.30.23. This will ping PC3, which is connected to Fa0/6 on S2. The ping should be successful. qq. On S2 and S3, enter the command show run and check to see if anything has changed in the output. Observation: On S2, the entry switchport port-security mac-address sticky 0001.C7CA.E31C now appears under the configuration for port F0/6. On S3, the entry switchport port-security mac-address sticky 0030.A3A5.A8C2 now appears under the configuration for port F0/6. rr. On S3, enter the command show port-security interface fa0/6. Observation: Port security is enabled, port-status is secure-up, security violation count is 0.
CCNA Exploration
xx. From the command prompt on PC6, type the command ping 172.17.30.23. The ping should succeed. On S3, issue the command show port-security interface Fa0/6. The status of the port should be back to normal. You have completed this configuration/observation activity.
Configuring RSTP
Objectives
View the default Layer 2 configuration. Enable RSTP. Configure primary and secondary root bridges.
Background/Scenario
Spanning tree modes other than PVST+ are available. One of these modes is RSTP (rapid spanning tree protocol), which greatly reduces the time between a port coming up and changing to forwarding, while still preventing bridging loops. During the transition period between RSTP states, rapid spanning tree falls back to regular spanning tree on links that have regular spanning tree on one side. In this configuration, two distribution layer switches, DLS1 and DLS2 are connected in a full-mesh topology with the access layer switches, ALS1 and ALS2. DLS1 and DLS2 load balance the traffic at Layer 2 on a per-VLAN basis.
Task 1: View the Default Configuration. Step 1. Verify the trunking and VLAN configuration on the switches.
a. On all four switches, enter privileged EXEC mode with the enable command. b. From privileged EXEC mode, issue the show interfaces trunk and show interfaces switchport commands. Observation: Fa0/7, Fa0/9 and Fa0/11 have all been configured as trunk ports. c. On the two distribution switches (DLS1 and DLS2), issue the show vlan command to verify proper VLAN configuration. Observation: Ports Fa0/7, Fa0/9 and Fa0/11 are not listed within a specific vlan. Also VLAN100, 110, 120 and 130 are created and active: 100 Server-Farm-1 active 110 Server-Farm-2 active 120 Net-Eng active 130 Staff active
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 16 of 32
CCNA Exploration
Step 4. Verify IEEE 802.1D spanning-tree and port status on DLS2, ALS1, and ALS2.
a. On each switch, issue the show spanning-tree command. b. On DLS2, verify that port F0/7 is designated forwarding, port F0/9 is non-designated blocking, and F0/11 is root forwarding. c. On ALS1, verify that port F0/7 is root forwarding and ports F0/9 and F0/11 are designated forwarding. d. On ALS2, verify that ports F0/7 and F0/11 are non-designated blocking and port F0/9 is root forwarding. Observation: in the show spanning-tree output, you should see each interface listed with the status set. Example: Fa0/9 Altn BLK (meaning non-designated blocking)
Task 2: Configure RSTP on the switches and load balance. Step 1. Enable RSTP.
To enable RSTP on the switches, enter the global configuration command spanning-tree mode rapid-pvst on each switch.
Step 2. Configure DLS1 as the primary root bridge for VLANs 1, 100, and 120 and as the secondary root bridge for VLANs 110 and 130.
a. On DLS1, issue the spanning-tree vlan 1,100,120 root primary command. b. On DLS1, issue the spanning-tree vlan 110,130 root secondary command.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 32
CCNA Exploration
Step 3. Configure DLS2 as the primary root bridge for VLANs 110 and 130 and as the secondary root bridge for VLANs 1, 100, and 120.
a. On DLS2, issue the spanning-tree vlan 110,130 root primary command. b. On DLS2, issue the spanning-tree vlan 1,100,120 root secondary command.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 18 of 32
CCNA Exploration
Configuring SSH
Objectives
View the default internetwork configuration. Enable SSH. Interconnect using SSH.
Background/Scenario
Traditionally, remote administrative access on routers was configured using Telnet on TCP port 23. However, Telnet was developed in the days when security was not an issue. For this reason, all Telnet traffic is forwarded in plain text. SSH has replaced Telnet as the best practice for providing remote router administration with connections that support strong privacy and session integrity. SSH uses port TCP 22. It provides functionality that is similar to that of an outbound Telnet connection, except that the connection is encrypted. With authentication and encryption, SSH allows for secure communications over an insecure network. In this configuration, four routers are interconnected in a hub-and-spoke Frame Relay configuration. Router R1 is the hub, and routers R2, R3, and R4 are the spokes. Dynamic routing has been configured using multiarea OSPF.
CCNA Exploration
a. The hostname on R1 is pre-configured. Therefore configure the domain name cisco.com using the ip domainname domain-name command. b. The asymmetrical RSA keys must be generated on R1 using the crypto key generate rsa command. When prompted for a modulus size, specify a modulus of 1024 bits. c. SSH will prompt for a username and password combination when enabled. Therefore, a local username database entry must be configured using the username name password password command. Create a local account for the user admin and password cisco. d. Configure the SSH version using the ip ssh version command. In this lab, we will be configuring to use version 2. e. Next, we need to disable Telnet and enable SSH communication to the VTY lines. To do so, enter the following commands on R1. R1(config)# line vty 0 4 R1(config-line)# no transport input all R1(config-line)# transport input ssh R1(config-line)# login local R1(config-line)# end f. Save the configuration.
CCNA Exploration
LAN Switching and Wireless SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3 b. Next, issue the show ip ssh command to verify if SSH is currently running. R1#show ssh %No SSHv2 server connections running. %No SSHv1 server connections running.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 21 of 32
CCNA Exploration
Background/Scenario
The spanning-tree protocol is useful in ensuring that loops do not exist in the network. However, it can introduce increased latency and unintended inefficiencies if left to auto negotiate the root bridge. In this activity, observe how the spanning-tree protocol affects path selection and how that path selection can change based on the configuration of the root bridge.
Observation: Switch1 is NOT the root bridge. Notice that all ports are forwarding, and fa0/22 is specified as Root Fwd. Fa0/22 is connected to SW-B. bbb. On SW-B, from the privileged EXEC mode, issue the show spanning-tree command.
Observation: SW-B is the root bridge. This is evident by the line This bridge is the root.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 22 of 32
CCNA Exploration
LAN Switching and Wireless ddd. Close the Event List window by selecting the x in the upper right-hand corner, just below the Viewport button. This will allow you to see then entire topology. eee. Notice the Auto Capture / Play button and the Capture / Forward button on the bottom screen of the PT window. Below these buttons is a drop down box with Scenario 0 and Scenario 1. Be sure that Scenario 0 is selected. Scenario 0 is a ping originating from PC-PT E1 and destined to Server-PT Workgroup Server 1. Click the Auto Capture / Play button to view the path that the packet will take to reach that server. When the Buffer Full message appears, click on view previous events. fff. Is the path that the packet took to reach that destination the most efficient path? Why did the packet take that path? ggg. Next, in the drop down box, select Scenario 1. Scenario 1 is a ping originating from PC-PT E2 and destined for Server-PT Workgroup Server 2. Click the Auto Capture / Play button to view the path that the packet will take to reach that server. When the Buffer Full message appears, click on view previous events. hhh. Is the path that the packet took to reach that destination the most efficient path? Why did the packet take that path?
CCNA Exploration
LAN Switching and Wireless through the blocking, listening, or learning states. For this exercise, enable portfast on ports that are connected to servers. ppp. Click on SW-A
qqq. Using the interface range command, enable portfast on ports Fa0/1 Fa0/4. Additionally enable portfast on the port connected to Workgroup Server 2 (Fa0/13) Example: Switch(config)# interface range fa0/1 fa0/4 Switch(config-if-range)# spanning-tree portfast Switch(config-if-range)# interface fa0/13 Switch(config-if)# spanning-tree portfast rrr. Save the configuration with the copy run start command. sss.Repeat steps a and b on switches SW-B, SW-C, SW-D, SW-E, and SW-F. In addition, on switch Central, enable portfast on port fa0/13 ttt. Once you have completed the configuration, click the button power cycle devices. This will reboot all devices and allow you to watch the spanning-tree convergence. Be sure that you saved all configurations before rebooting devices.
vvv.Close the Event List window by selecting the x in the upper right-hand corner, just below the Viewport button. This will allow you to see then entire topology. www. In the drop down box, select Scenario 0. Scenario 0 is a ping originating from PC-PT E1 and destined to Server-PT Workgroup Server 1. Click the Auto Capture / Play button to view the path that the packet will take to reach that server. When the Buffer Full message appears, click on view previous events. xxx.How has the path changed? Is the path more efficient? Is there more efficient paths available? yyy.Next, in the drop down box, select Scenario 1. Scenario 1 is a ping originating from PC-PT E2 and destined for Server-PT Workgroup Server 2. Click the Auto Capture / Play button to view the path that the packet will take to reach that server. When the Buffer Full message appears, click on view previous events. zzz.How has the path changed? Is the path more efficient? Is there more efficient paths available?
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 24 of 32
CCNA Exploration
Step 7. Reflection.
aaaa. How does specifying the root bridge affect efficiencies in the network? Changing the root bridge affects how packets are forwarded. With the root bridge, all ports are placed to forwarding. Whereas on other switches, certain ports may be placed in blocking, preventing traffic from taking the most efficient path. bbbb. What are some factors that may be important to consider when selecting the root bridge? The decision varies on several factors. In this case, Central is the connection to the Internet and the Workgroup Server 1 and may be the most important or commonly accessed path for all devices. In addition, the speed of the connections to Central is Gigabit, versus Fastethernet. So packets taking that path have faster connection times. cccc. In this topology there is only one VLAN and 1 root bridge. There is a separate instance of spanning-tree for each VLAN. How can specifying multiple VLANS and different root bridges for each VLAN improve efficiency? If there are several devices that must reach a specific server, such as workgroup server 2, it is possible to place all of these devices and the server in a separate VLAN. The root bridge for that VLAN can then be specified based on the most efficient path to reach that server. dddd. How does enabling portfast increase efficiency in the network? The STP for that port assumes that the port is not part of a loop and immediately moves to the forwarding state and does not go through the blocking, listening, or learning states. For a switch that is newly connected to the network, this means that host devices connected to portfast enabled ports will be able to start sending and receiving traffic immediately.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 25 of 32
CCNA Exploration
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 26 of 32
CCNA Exploration
CCNA Exploration
LAN Switching and Wireless router eigrp 101 network 10.0.0.0 auto-summary ! ip classless ! ! access-list 101 permit ip host 10.100.1.1 any access-list 101 deny tcp any any eq telnet access-list 101 deny icmp any any echo access-list 101 permit tcp any any established access-list 101 permit tcp any host 10.1.4.3 eq www access-list 101 permit tcp 10.10.2.0 0.0.0.255 host 10.1.1.2 eq www access-list 101 permit tcp 10.20.2.0 0.0.0.255 host 10.1.1.2 eq www ! assuming that peer1 and peer2 users are also participating access-list 101 permit eigrp any any ! ! ! no cdp run ! line con 0 line vty 0 4 login ! ! end Router# Router1: Current configuration : 1188 bytes ! version 12.2 no service password-encryption ! hostname Router ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! ip ssh version 1 ! ! interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0 ip access-group 101 out duplex auto speed auto ! interface FastEthernet0/1 ip address 10.1.2.1 255.255.255.0
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 28 of 32
CCNA Exploration
LAN Switching and Wireless duplex auto speed auto ! interface Serial0/0 ip address 10.1.3.1 255.255.255.0 ! interface Serial0/1 no ip address shutdown ! interface Serial0/2 no ip address shutdown ! interface Serial0/3 no ip address shutdown ! interface FastEthernet1/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet1/1 no ip address duplex auto speed auto shutdown ! router eigrp 101 network 10.0.0.0 auto-summary ! ip classless ! ! access-list 101 permit ip host 10.100.1.1 any access-list 101 permit tcp 10.10.2.0 0.0.0.255 host 10.1.1.2 eq www access-list 101 permit tcp 10.20.2.0 0.0.0.255 host 10.1.1.2 eq www ! assuming that peer1 and peer2 users are also participating access-list 101 permit ip 10.1.2.0 0.0.0.255 host 10.1.1.2 access-list 101 permit ip host 10.1.4.2 host 10.1.1.2 access-list 101 permit tcp 10.1.4.0 0.0.0.255 host 10.1.1.2 eq www ! ! ! no cdp run ! line con 0 line vty 0 4 login ! ! end
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 29 of 32
CCNA Exploration
PT: Troubleshoot a Multipoint Frame Relay Connection with OSPF Addressing Table Device Interface S0/0/0 (DTE) Fa0/0 S0/0/0 (DTE) Fa0/0 S0/0/0 (DTE) Fa0/0 IP Address 192.168.0.1 10.1.2.1 192.168.0.2 10.1.1.1 192.168.0.3 10.1.3.1 10.1.3.50 10.1.2.50 Subnet Mask 255.255.255.252 255.255.255.0 255.255.255.252 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 DLCI 192.168.0.2 - 401 192.168.0.3 - 402 192.168.0.1 - 410 192.168.0.3 - 412 192.168.0.1 - 420 192.168.0.2 - 421
Router0
Router 1
A network administrator recently implemented a frame relay connection from the New York office to the offices in Paris and London. Users at the New York location are complaining that they are unable to reach the web server www.exlond.com. Information located on both the Paris and London servers are time sensitive. Determine the cause of the connectivity issue and fix the problem as quickly as possible. Step 1: Verify connectivity to both the Paris and London web servers
a. On NY admin, use the web browser to attempt to access both www.exlond.com and www.exparis.com.
Observation: www.exparis.com connects, however when attempting to connect to www.exlond.com, the request times out.
b. From the command prompt, ping the IP address of the exlond server (10.1.2.50)
Observation: By pinging the server by the IP address, this confirms whether the problem is with the DNS server (name translation) or if connectivity is truely down. The ping fails, therefore, the problem is with the connection between NY admin and the server. This could be a frame-relay connection issue or an OSPF issue.
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 30 of 32
CCNA Exploration
Step 2: Verify the frame relay and OSPF configurations and make any necessary configuration changes.
a. b. On NY admin, use the terminal window to access Router1 via the console cable. Use the show ip route command to view the routes that are available
Observation: OSPF has discovered a route to the 10.1.3.0 network, but not the 10.1.2.0 network. c. d. Ping the inside interface on Router0 (192.168.0.1). Does the ping pass or fail? Ping the outside interface on Router0 (10.1.2.1). Does the ping pass or fail?
Observation: The ping to 192.168.0.1 passes. This indicates that the frame-relay connection is operational. However, the ping to 10.1.2.1 fails, indicating that routing is not operating as expected. e. Use various tools and show commands to verify the OSPF configuration on Router1 and Router0 (this requires telnetting to Router0). Make any necessary configuration changes. NOTE: In Packet Tracer, OSPF convergence across a frame relay network may take up to a minute. After making a configuration change, save the configuration and select the button "power cycle devices" to speed up convergence times.
Reflection 1. Why would an administrator attempt to connect to both the www.exparis.com and www.exlond.com web servers as a first step, even though www.exparis.com is not on the same network as www.exlond.com? This confirms that the issue is only with the network connection that contains the exlond server and narrows down where the administrator must troubleshoot.
2. List the steps that you took to solve the problem. Looking at them again, was there a more efficient way to determine the problem? Answers vary 3. What is the purpose of the ip ospf network broadcast command? This command is used to define the network type as broadcast. The network type is defined on nonbroadcast networks to avoid configuring the neighbors explicitly
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 31 of 32
CCNA Exploration
All contents are Copyright 19922008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 32 of 32