ICND2 Exercise v1

Table of Contents
Exercise 1-1: Configuring RIPv2
Exercise 2-1: Spanning-Tree Protocol
Exercise 2-2: VLAN Trunking Protocol
Exercise 2-3: Configuring Inter-VLAN Routing
13
Exercise 3-1: Calculating VLSM Subnets
16
Exercise 4-1: Configuring OSPF with MD5 Authentication
19
Exercise 4-2: Electing DR and BDR
23
Exercise 4-3: Tuning OSPF Routing Protocol
27
Exercise 5-1: Load Balancing with EIGRP
31
Exercise 6-1: Understanding Wildcard Mask
34
Exercise 6-2: Configuring Standard ACL
37
Exercise 6-3: Configuring Extended ACL
40
Exercise 7-1: Configuring NAT
44
Exercise 7-2: Configuring RIPng for IPv6
47
Exercise 7-3: Configuring Manual IPv6 Tunnel
52
Exercise 8-1: Configuring Back-to-Back Frame-Relay
54
Exercise 8-2: Configuring Frame-Relay Switch
56
Exercise 1-1: Configuring RIPv2

Objective
Configure RIP v2 on routers.
Use show commands to verify RIP v2 operation.
Use debug commands to verify proper RIP operation and analyze data transmitted
between routers.
Use ip route 0.0.0.0 0.0.0.0 command to add a default route to border

router and use default-information originate command to advertise
default route in autonomous system (RIP domain).
Internet
R1
R2
200.20.2.0/24
.2
172.16.0.0/16
.1
.1
172.17.0.0/16
.2
.1
PC
RIPv2
222.22.2.0/24
Step 1: Configure all of three routers Internet, R1 and R2

1. On the routers, configure the hostnames as well as the console, virtual terminal,
and enable passwords. Next configure address interfaces, configure clock rate on
the serial interfaces. Finally configure IP host names. Be sure to save the
configurations just created.
2. The configuration for the host connected to the router R2 is:
IP Address 172.17.0.10 / 255.255.0.0
Default gateway 172.17.0.1
3. Check interfaces on all routers with the command show ip interface brief.
4. Check connectivity between the routers and the workstation and R2 using ping.
Step 2: Configure the routing protocol
1. From the global configuration mode in the router R1, enter the following:
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 172.16.0.0
R1(config-router)#end
1 of 59
3. Prevent the R1 router from advertising its routes to the Internet router, enter the
following command in the router configuration mode:
R1(config-router)# passive-interface FastEthernet 0/0
To confirm this, use the debug ip rip events command on the R1 router.
Verify from the output that the router is not sending updates out the interface to
the Internet router.
Disable the debug output with the no debug all command.
4. Ping all of the interfaces of the router R1 and R2 on the network from host
Were all of the interfaces still able to be pinged? ___________________________
If not, troubleshoot the network and ping again.
Step 3: Change the network addressing scheme
1. Show the routing tables on both routers again.
What is the difference between RIP v2 and RIP v1? ________________________
What must be done in order to see a difference between RIP v2 and RIP v1?
__________________________________________________________________
2. Change the Fast Ethernet IP subnet mask on the R2 router
Change the subnet mask of FastEthernet 0/0 on router R2 from a default Class B
mask (255.255.0.0) to a default Class C mask (255.255.255.0). Use the same IP
address.
R2(config)# interface FastEthernet 0/0
R2(config-if)# ip address 172.17.0.1 255.255.255.0
R3(config-if)# exit
Show the R1 routing table.

Has the output changed with the addition of a subnetted IP address? ___________
How has it changed? _________________________________________________
3. Change the addressing scheme of the network to a single Class B network with a
255.255.255.0 (default Class C) mask.
On the R1 router:
R1(config)# interface serial 0/0
On the R2 router:
4. Show the routing table

Has the output changed with the addition of subnetted IP addresses? ___________
How has it changed? _________________________________________________
2 of 59
5. Change the host configuration to reflect the new IP addressing scheme of the
network:
IP Address 172.17.0.10 / 255.255.255.0
6. Ping all of the interfaces on the network from each host
Step 4: Configuring default route and advertising default route
1. Since Internet router is not getting routing updates, it does not have a route to the
RIP domain. It needs to be provided with a static route.
From the global configuration mode of Internet, enter:
Internet(config)# ip route 172.17.0.0 255.255.0.0 200.20.2.1
Verify the static route is in the Internet routing table by issuing the show ip
route command.
There should be an output similar to the following:
Internet# show ip route
<Output eliminated. >
C 200.20.2.0/24 is directly connected, FastEthernet0/0
S 172.17.0.0/16 [1/0] via 200.20.2.1
2. Because router R1 link RIP domain with the outside world, R1 should be
configured with a default route therefore R1 can send packet to every Internet
destination. A default route is the route that data is sent out if the routing table
does not have a specific route to use.
From the global configuration mode of R1, enter:
R1(config)# ip route 0.0.0.0 0.0.0.0 200.20.2.2
Verify the default route is in the R1 routing table by issuing the show ip route
command.
From R1 privileged mode, try to ping Internets interface on the subnet 222.22.2.0
3. Check connectivity from the workstations to the Internet using ping. From the
workstation attached to the R2, ping any interfaces on the Internet router.
Was the ping successful? _____________________________________________
Why did the ping fail? _______________________________________________
4. Using the command show ip route, view the IP routing table for R2.
R2#show ip route
Gateway of last resort is not set
172.17.0.0 is variably subnetted, 2 subnets, 2 masks
C
172.17.0.0/24 is directly connected, FastEthernet0/0
172.17.1.0/30 is directly connected, Serial0/1
Are all of the routes needed in the routing tables? __________________________

3 of 59
Based on these output from the show ip route, can a host on network
172.17.0.0 connect to a host on network 222.22.2.0? _______________________
5. R2 needs to know a route to Internet. Use default-information originate
command on the router R1 to advertise default route into RIP domain.
From the router configuration mode of R1, enter:
R1(config-router)# default-information originate
Verify the default route is in the R2 routing table by issuing the show ip route
command.
There should be an output similar to the following:
R2#show ip route
Gateway of last resort is not set
172.17.0.0 is variably subnetted, 2 subnets, 2 masks
C
172.17.0.0/24 is directly connected, FastEthernet0/0
172.17.1.0/30 is directly connected, Serial0/1
R*
0.0.0.0/0 [120/1] via 172.17.1.1, 00:00:21, Serial0/1
6. Check connectivity between the workstations and Internet router using ping.
From the workstation attached to the router R2, ping interface at 222.22.2.0 subnet
of the Internet router.
C:\>ping 222.22.2.1
Pinging 222.22.2.1 with 32 bytes of data:
Reply from 222.22.2.1: bytes=32 time=32ms TTL=254
Ping statistics for 222.22.2.1: Packets: Sent = 4, Received
= 4, Lost = 0 (0% loss), Approximate round trip times in
milli-seconds: Minimum = 32ms, Maximum = 32ms, Average =
32ms
If the ping was not successful, check routing table to make sure static routes are
entered correctly.
Step 5: Verifying RIP v2 Configuration
1. Enter show ip route connected on the R1 router.
What networks are displayed? _________________________________________
What interface is directly connected? ____________________________________
Enter show ip route rip
List the routes listed in the routing table? _________________________________
What is the administrative distance? ____________________________________
2. Enter show ip route connected on the R2 router.
What networks are displayed? _________________________________________
What interface is directly connected? ____________________________________
Enter show ip route rip
List the routes listed in the routing table? _________________________________
4 of 59
3. Enter show ip protocol on the R1 router.

When will the routes be flushed? _______________________________________
What is the default distance listed for RIP? _______________________________
Step 6: Troubleshooting RIP v2 using debug
1. Show the debug IP options
At the privileged EXEC mode type debug ip ?
Which routing protocols can use debug commands?
__________________________________________________________________
At the privileged EXEC mode type debug ip rip ?
How many options are available for debug ip rip ? _____________________
2. Show the RIP routing updates
From the enable privileged EXEC mode, examine the routing table entries using
command debug ip rip command on each router.
What are the three operations that take place listed in the rip debug statements?
__________________________________________________________________
3. Clear the routing table
Instead of waiting for the routes to time out, type clear ip route *. Then type
show ip route.
When an RIP update is sent how many source addresses are used? ____________
Why are multiple source addresses used? ________________________________
What is the source address used? _______________________________________
Why is this address used? _____________________________________________
4. Start the debug RIP database function
Start the RIP database debugging by typing debug ip rip database, then
clear the routing table by typing clear ip route *.
Are the old routes in the table deleted? __________________________________
Are new routes added back into the table? ________________________________
What does the last entry in the debug output say? __________________________
Turn off debugging by typing either no debug ip rip or undebug all.
5. Use the debug events function to see routing updates
Use the debug function to see routing updates by typing debug ip rip events
in privileged EXEC mode on the R1 router.
What interfaces are the routing updates sent on? ___________________________
How many routes are in the routing updates being sent? _____________________
5 of 59
Exercise 2-1: Spanning-Tree Protocol

Objective
Create a basic switch configuration and verify it.
Determine which switch is selected as the root with the factory default settings.
Force the other switch to be selected as the root switch.
Observe the behavior of spanning-tree algorithm in presence of switched network

topology changes.
PC1
192.168.1.1/24
S1
192.168.1.2/24
PC2
S2
192.168.1.3/24
192.168.1.4/24
Step 1: Configure switches and workstations

1. Configure the hostname, access and command mode passwords, as well as the
management LAN settings.
Configure the host to use the same subnet for the address, mask, and default
gateway as on the switch.
To verify that the hosts and switches are correctly configured, ping the switches
from the hosts.
Were the pings successful? ____________________________________________
If the answer is no, troubleshoot the hosts and switches configurations.
2. Display and verify configuration
Type show interface vlan 1
List some of the options available: _____________ ____________ ____________
On switch S1 and S2, type the command show interface VLAN 1 at the
Privileged EXEC mode prompt.
What is the MAC address of the switch S1? ______________________________
What is the MAC address of the switch S2? ______________________________
Which switch should be the root of the spanning-tree for VLAN 1? ___________
Step 2: Verify the spanning-tree information
1. Display the spanning-tree table on each switch
At the Privileged EXEC mode prompt on switches S1 and S2, type show
spanning-tree brief if running version 12.0 of the IOS. If running version
12.1 of the IOS, type show spanning-tree.
2. Examine the output and answer the following questions.
Which switch is the root switch? _______________________________________
What is the priority of the root switch? __________________________________
What is the bridge id of the root switch? _________________________________
6 of 59
Which ports are forwarding on the root switch? ___________________________

Which ports are blocking on the root switch? _____________________________
What is the priority of the non-root switch? _______________________________
What is the bridge id of the non-root switch? _____________________________
Which ports are forwarding on the non-root switch? ________________________
Which ports are blocking on the non-root switch? __________________________
What is the status of the link light on the blocking port? _____________________
Step 3: Reassign the root bridge
It has been determined that the switch selected as the root bridge, by using default
values, is not the best choice. It is necessary to force the other switch to become
the root switch.
For example the root switch by default is S1. Switch S2 is preferred as the root
switch. Go to the console and enter configuration mode if necessary.
1. Determine the parameters that can be configured for the Spanning-Tree Protocol
by issuing the following:
S2(config)# spanning-tree ?
List the options.

________________ ________________ ________________ ________________
________________ ________________ ________________ ________________
Set the priority of the switch that is not root to 4096.
S2(config)# spanning-tree vlan 1 priority 4096
S2(config)# exit
2. Display the switch spanning-tree table

3. Examine the output and answer the following questions.
Which switch is the root switch? _______________________________________
What is the priority of the root switch? __________________________________
Which ports are forwarding on the root switch? ___________________________
Which ports are blocking on the root switch? _____________________________
What is the priority of the non-root switch? _______________________________
Which ports are forwarding on the non-root switch? ________________________
Which ports are blocking on the non-root switch? __________________________
What is the status of the link light on the blocking port? _____________________
4. Verify the running configuration file on the root switch
On the switch that was changed to be the root bridge, type show runningconfig at the Privileged EXEC mode prompt.
Is there an entry in the running configuration file that specifies the spanning-tree
priority of this router? ________________________________________________
What does that entry say? _____________________________________________
7 of 59
Step 4: Spanning-Tree Recalculation

1. Remove the cable from the forwarding port on the non-root switch. For this
example this is interface FastEthernet 0/1 on switch S2.
Wait for at least two minutes.
What has happened to the switch port LEDs? _____________________________
Look at the spanning-tree table on each switch
What changes have taken place in the command output?
On switch S1? ______________________________________________________
On switch S2? ______________________________________________________
2. Replace the cable in the port that it was removed from. For this example this is
interface FastEthernet 0/1 on switch S2.
Wait for at least two minutes.
What has happened to the switch port LEDs? _____________________________
Look at the spanning-tree table on each switch
What changes have taken place in the command output?
On switch S1? ______________________________________________________
On switch S2? ______________________________________________________
8 of 59
Exercise 2-2: VLAN Trunking Protocol

Objective
Create multiple VLANs, name them, and assign multiple member ports to them.
Create an 802.1q trunk line between the two switches to allow communication
between paired VLANs.
Configure the VTP protocol to establish Server and client switches.
Test the VLANs functionality by moving a workstation from one VLAN to

another.
PC1
S1
Fa0/12
192.168.20.1/24
VLAN Number
PC2
S2
Fa0/1
Fa0/1
Fa0/12
192.168.1.2/24
192.168.1.3/24
VLAN Name
Assigned Port (S1 & S2)
1 (Native)
192.168.20.4/24
Fa0/2 Fa0/3
10
Accounting
Fa0/4 Fa0/6
20
Marketing
Fa0/7 Fa0/9
30
Engineering
Fa0/10 Fa0/12

1. Configure the Hostname, access and command mode passwords, as well as the
management LAN settings.
2. Configure the IP address, mask, and default gateway on each host.
3. To verify that the host and switch are correctly configured, ping the switch from
the hosts.
If the answer is no, troubleshoot the host and switches configurations.
4. On switch S1 and S2, type the command show vlan at the Privileged EXEC
prompt as follows:
S1# show vlan
Note:
There should be an entry for VLAN 1 and the default VLANs (1002 +). If
other VLANs appear, they could be deleted by no vlan command on
global configuration mode.
Step 2: Configure VTP Server

1. VLAN Trunking Protocol (VTP) needs to be configured on both switches. VTP is
the protocol that will communicate information about which VLANs exist from
one switch to another. If VTP did not provide this information, VLANs would
have to be created on all switches individually.
9 of 59
2. By default, the Catalyst switch series are configured as VTP servers. In the event
that the server services are turned off, use the following command to turn it back
on:
S1# vlan database
S1(vlan)# vtp server
S1(vlan)# vtp domain group1
S1(vlan)# exit.
Step 3: Create and name three VLANs

1. Enter the following commands to create and name three VLANs on the switches
S1 and S2:
S1# vlan database
S1(vlan)# vlan 10 name Accounting
S1(vlan)# vlan 20 name Marketing
S1(vlan)# vlan 30 name Engineering
S1(vlan)# exit
2. Use the show vlan command to verify that the VLANs have been created
correctly.
Step 4: Create the trunk
1. On both switches, S1 and S2, type the following command at the fastEthernet 0/1
interface command prompt. Note that it is not necessary to specify the
encapsulation on a 2950, since it only supports 802.1Q.
S1(config)# interface fastEthernet 0/1
S1(config-if)# switchport mode trunk
S1(config-if)# end
S2(config)# interface fastEthernet 0/1
S2(config-if)# end
2. To verify that port FastEthernet 0/1 has been established as a trunk port, type
show interface fastethernet 0/1 switchport at the Privileged EXEC
mode prompt.
What type of trunking encapsulation is shown on the output results? ___________
3. According to the output with show interface fastEthernet 0/1
switchport on S2, is there a difference from the Administrative Trunking
Encapsulation from the Operational Trunking Encapsulation?
__________________________________________________________________
On the fragment Trunking VLANs Enable from the output, what does the
word ALL mean?
__________________________________________________________________
What would happen if the two ports of the trunk were using different
encapsulation? Explain.
__________________________________________________________________
__________________________________________________________________
10 of 59
Step 5: Configure VTP Client

1. Enter the following commands to configure S2 to be a VTP client:
S2# vlan database
S2(vlan)# vtp client
S2(vlan)# vtp domain group1
S2(vlan)# exit
2. On S2, type the command show vlan at the Privileged EXEC prompt as follows:
S2# show vlan
Do VLANs 10, 20, and 30 show without having to type them in? _____________
Why did this happen? ________________________________________________
Step 6: Assign ports to VLANs
1. Assigning ports to VLANs must be done from the interface mode. For example,
enter the following commands to add ports VLAN on switch S1:
S1# configure terminal
S1(config)# interface range fastethernet 0/4 - 6
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# exit
S1(config-if)# exit
S1(config-if)# end
Repeat above tasks on the switch S2 to assign ports to its VLANs

2. On both switches, type the command show vlan at the Privileged EXEC prompt.
Are ports 0/10 through 0/12 assigned to VLAN 30? ________________________
Step 7: Test the VLANS and the trunk
1. Ping from the host in S1 port 0/12 to the host in S2 port 0/12.
Why? _____________________________________________________________
Ping from the host in S1 port 0/12 to the switch IP 192.168.1.2.
Why? _____________________________________________________________
2. Move the host in S1 from port 0/12 to port 0/8. Wait until the port LED goes green
and then go to the next step.
Ping from the host in S1 port 0/8 to the host in S2 port 0/12.
11 of 59

Why? _____________________________________________________________
Why? _____________________________________________________________
Why? _____________________________________________________________
Why? _____________________________________________________________
Why? _____________________________________________________________
Why? _____________________________________________________________
Why? _____________________________________________________________
Why? _____________________________________________________________
6. What conclusions can be drawn from the testing that was just performed in regards
to VLAN membership and VLANs across a trunk?
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
12 of 59
Exercise 2-3: Configuring Inter-VLAN Routing

Objective
Create multiple VLANs, name them and assign multiple member ports to them.
Create a basic configuration on a router.
Create an 802.1q trunk line between the switch and router to allow communication
between VLANs.
Test the routing functionality.

PC1
Fa0/5
S1
R1
Fa0/1
PC2
Fa0/9
VLAN Number
VLAN Name
1 (Native)
Assigned Port (S1 & S2)

Fa0/1 Fa0/4
10
Sales
Fa0/5 Fa0/8
20
Support
Fa0/9 Fa0/12

1. Configure the hostname, access, and command mode passwords, as well as the
management LAN settings. These values are shown in the chart. If problems occur
while performing this configuration, refer to the Basic Switch Configuration lab.
2. Configure the hosts using the following information.
For the host in port 0/5:
IP address 192.168.5.2
Subnet mask 255.255.255.0
For the host in port 0/9:
3. Check to see if the hosts can ping the switch.
Ping the switch IP address from the hosts.
Why or why not? ___________________________________________________
13 of 59
Step 2: Create two VLANs, assign port to VLANs

1. Enter the following commands to create and name two VLANs:
S1# vlan database
S1# vlan 10 name Sales
S1(vlan)# vlan 20 name Support
S1(vlan)# exit
2. Assigning ports to VLANs must be done from the interface mode. Enter the
following commands to add ports 0/5 to 0/8 to VLAN 10:
S1(config-if)# end
3. Enter the following commands to add ports 0/9 to 0/12 to VLAN 20:
S1(config)# interface
range
fastethernet 0/9 - 12

S1(config-if)# end
4. Display the VLAN interface information

On S1, type the command show vlan at the Privileged EXEC prompt as follows:
S1# show vlan
Are ports assigned correctly? __________________________________________

Step 3: Create the trunk
1. On S1, type the following commands at the Fast Ethernet 0/1 interface command
prompt.
S1(config)# interface fastethernet0/1
Step 4: Create the router

1. Configure the router with the following data. Note that in order to support
trunking and inter-VLAN routing, the router must have a Fast Ethernet interface.
Hostname is R1
Console, VTY, and enable passwords are cisco.
Enable secret password is class.
2. Then configure the Fast Ethernet interface using the following commands:
R1(config)# interface fastethernet 0/0
R1(config-if)# no shutdown
R1(config-if)# interface fastethernet 0/0.1
R1(config-subif)# encapsulation dot1q 1 native
R1(config-subif)# ip address 192.168.1.1 255.255.255.0
14 of 59
R1(config-subif)# encapsulation dot1q 10

R1(config-subif)# end
3. If IOS doesnt support parameter native in the encapsulation command:

R1(config-subif)# end
4. Save the router configuration

Step 4: Verify the configuration
1. Type show ip route at the Privileged EXEC mode prompt.
Are there entries in the routing table? ___________________________________
What interface are they all pointing to? __________________________________
Why is there not a need to run a routing protocol? _________________________
2. Ping from the host in S1 port 0/9 to the host in port 0/5.
Why? _____________________________________________________________
3. Ping from the host in S1 port 0/5 to the switch IP 192.168.1.2.
4. Move the hosts to other VLANs and try pinging the management VLAN 1.
Note the results of the pinging.
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
15 of 59
Exercise 3-1: Calculating VLSM Subnets

Objective
Use variable-length subnet mask (VLSM) to support more efficient use of the
assigned IP addresses and to reduce the amount of routing information at the top
level.
28 hosts
192.168.10.0/24
R1
R3
R2
60 hosts
12 hosts
R4
12 hosts
Step 1: Divide the allocated address into four equal size address blocks
The first step in the sub-netting process is to divide the allocated address of
192.168.10.0/24 into four equal size address blocks. Since 4 = 22, 2 bits are
required to identify each of the 4 subnets.
Next, take subnet #0 (192.168.10.0/26) and identify each of its hosts.
Allocated Address
Sub-Networks
Usable hosts
192.168.10.0/24
192.168.10.0/26
192.168.10.1 192.168.10.62
192.168.10.64/26
192.168.10.65 192.168.10.126
192.168.10.128/26
192.168.10.129 192.168.10.190
192.168.10.192/26
192.168.10.193 192.168.10.254
Here is the range for the /26 mask.

R2
Range of addresses in the last octets
192.168.10.0/26
From 0 to 63, 60 hosts required.

Hosts 0 and 63 cannot be used because they are the
network and broadcast addresses for their subnet.
Step 2: Allocate the next level for R1s LANs

Allocate the next level after all the requirements are met for the higher level or
levels.
16 of 59
R1 requires 28 hosts. The next available address after 192.168.10.63/26 is

192.168.10.64/26. Note from the above table that this is subnet number #1. Since
28 hosts are required, 5 bits will be needed for the host addresses, 25 2 = 30
usable host addresses. Thus 5 bits will be required to represent the hosts and 3 bits
will be used to represent the extended-network-prefix of /27. Applying VLSM on
address 192.168.10.64/27 gives:
Sub-Networks #1
Sub-Sub-Networks
Usable hosts
192.168.10.64/24
192.168.10.64/27
192.168.10.65 192.168.10.94
192.168.10.96/27
192.168.10.97 192.168.10.126

R1
192.168.10.64/27

Hosts 64 and 95 cannot be used because they are the
network and broadcast addresses for their subnet. Thirty
usable addresses are available in this range for the hosts.
Step 4: Allocate the next level for R3 and R4s LANs

Now R3 and R4 require 12 hosts each. The next available address starts from
192.168.10.96/27. Note from Table 2 that this is the next subnet available. Since
12 hosts are required, 4 bits will be needed for the host addresses, 24 = 16, 16 2
= 14 usable addresses. Thus 4 bits are required to represent the hosts and 4 bits for
the extended-network-prefix of /28. Applying VLSM on address 192.168.10.96/27
gives:
Sub-Networks
Sub-Sub-Networks
Usable hosts
192.168.10.96/27
192.168.10.96/28
192.168.10.97 192.168.10.110
192.168.10.112/28
192.168.10.113 192.168.10.126

R1
192.168.10.96/28

Hosts 96 and 111 cannot be used because they are
network and broadcast addresses for their subnet. Fourteen
useable addresses are available in this range for the hosts.
Since R4 also requires 12 hosts, the next set of host addresses can be derived from
the next available subnet (192.168.10.112/28). Here is the range for the /28 mask.
R1
192.168.10.112/28

Hosts 112 and 127 cannot be used because they are
network and broadcast addresses for their subnet. Fourteen
usable addresses are available in this range for the hosts.
17 of 59
Step 5: Allocate the next level for WAN links

Now allocate addresses for the WAN links. Remember that each WAN link will
require two IP addresses. The next available subnet is 192.168.10.128/26. Since 2
network addresses are required for each WAN link, 2 bits will be needed for host
addresses, 22 2 = 2 usable addresses. Thus 2 bits are required to represent the
links and 6 bits for the extended-network-prefix of /30. Applying VLSM on
192.168.10.128/26 gives:
Sub-Networks
Sub-Sub-Networks
Usable hosts
192.168.10.128/26
192.168.10.128/30
192.168.10.129 192.168.10.130
192.168.10.132/30
192.168.10.133 192.168.10.134
192.168.10.136/30
192.168.10.137 192.168.10.138
192.168.10.140/30
192.168.10.141 192.168.10.142
192.168.10.144/30
192.168.10.145 192.168.10.146
192.168.10.148/30
192.168.10.149 192.168.10.150
192.168.10.152/30
192.168.10.153 192.168.10.154
192.168.10.156/30
192.168.10.157 192.168.10.158
192.168.10.160/30
192.168.10.161 192.168.10.162
192.168.10.164/30
192.168.10.165 192.168.10.166
192.168.10.168/30
192.168.10.168 192.168.10.169
192.168.10.172/30
192.168.10.173 192.168.10.174
192.168.10.176/30
192.168.10.177 192.168.10.178
192.168.10.180/30
192.168.10.181 192.168.10.182
192.168.10.184/30
192.168.10.184 192.168.10.185
192.168.10.188/30
192.168.10.189 192.168.10.190
The available addresses for the WAN links can be taken from the available
addresses in each of the /30 subnets.
18 of 59
Exercise 4-1: Configuring OSPF with MD5 Authentication

Objective
Setup an IP addressing scheme for OSPF area 0.
Configure and verify Open Shortest Path First (OSPF) routing.
Introduce OSPF authentication into the area.
Configure the OSPF network so that all hosts in OSPF area can connect to outside
networks.
200.20.2.0/24
ISP
R1
R2
192.168.1.0/24
.2
.1
.1
.2
192.168.2.0/24
.1
PC
OSPF
Area 0
222.22.2.0/24
Step 1: Configure the routers and workstation

1. On the routers, enter the global configuration mode and configure the hostname as
shown in the diagram. Then configure the console, virtual terminal and enable
passwords. Next configure the interfaces according to the diagram. Do not
configure the routing protocol until specifically told to.
Save the configuration information from the privileged EXEC command mode.
1. Configure the hosts with the proper IP address, subnet mask, and default gateway
The workstation should be able to ping the attached router. Troubleshoot as
necessary. Remember to assign a specific IP address and default gateway to the
workstation.
At this point the workstation will not be able to communicate with R1 and
Internet. The following steps will demonstrate the process required to get
communication working using OSPF as the routing protocol.
2. Using the show ip interface brief command, check the status of interfaces.
Ping from one of the connected Serial or Ethernet interfaces to the other.
If the ping was not successful, troubleshoot the router configuration.
Step 2: Configure OSPF routing on router R1 and R2
1. Configure an OSPF routing process on router R1. Use OSPF process number 1
and ensure all networks are in area 0.
R1(config)# router ospf 1
R1(config-router)# log-adjacency-changes
R1(config-router)# network 192.168.1.0 0.0.0.255 area 0
R1(config-router)# end
2. Show the routing table for the R1 router.

R1# show ip route
Are there any entries in the routing table? __________________

19 of 59
Why? _______________________________________________________
3. Configure an OSPF routing process on router R2. Use OSPF process number 1
4. Show the routing table for the R2 router:

R2# show ip route
Are there any OSPF entries in the routing table now? _______________________
What is the metric value of the OSPF route? ______________________________
What is the via address in the OSPF route? ____________________________
Are routes to all networks shown in the routing table? ______________________
What does the O mean in the first column of the routing table? _______________
5. Ping the R1 from the workstation. Was it successful? _______________________
If not troubleshoot as necessary.
Step 3: Configure the ISP router
1. Normally the ISP router would be configured by the Internet service provider
(ISP). For the purpose of this lab, after erasing the old configuration, configure the
ISP router this way by typing:
Router> enable
Router# configure terminal
Router(config)# hostname ISP
ISP(config)# line vty 0 4
ISP(config-line)# password cisco
ISP(config-line)# login
ISP(config-line)# interface serial 0/0
ISP(config-if)# ip address 200.20.2.2 255.255.255.255
ISP(config-if)# clock rate 64000
ISP(config-if)# no shutdown
ISP(config-if)# interface loopback 0
ISP(config-if)# ip address 222.22.2.1 255.255.255.0
ISP(config-if)# exit
ISP(config)# ip route 192.168.1.0 255.255.255.0 200.20.2.1
ISP(config)# ip route 192.168.2.0 255.255.255.0 200.20.2.1
ISP(config)# end
ISP# copy running-config startup-config
20 of 59
Step 4: Create a default route to the ISP

1. On the R1 router only, type in a static default route through serial interface.
R1(config)# ip route 0.0.0.0 0.0.0.0 200.20.2.2
Verify the default static route by looking at the R1 routing table.

Is the default route in the routing table? __________________________________
2. Verify connectivity from the R1 router by pinging the ISP serial interface from the
R1 router.
Can the interface be pinged? __________________________________________
3. This time, ping the loopback address of the ISP router, which represents the ISP
connection to the Internet.
Can the loopback interface be pinged? ___________________________________
All of these pings should be successful. If they are not, troubleshoot the
configurations on the host and the R1 and ISP routers.
4. Verify the connection between the ISP and the R2 by pinging the serial interface
of the ISP router on the R2 router.
Can the interface be pinged? __________________________________________
If yes, why? If not, why not? __________________________________________
Step 5: Redistribute the static default route
1. Propagate the gateway of last resort to the other routers in the OSPF domain. At
the configure router prompt on the R1 router type default-information
originate.
R1(config-router)# default-information originate
Is there now a default route on the R2 router? _____________________________

What is the address of the Gateway of last resort? _________________________
There is an O* E2 entry in the routing table. What type of route it is? __________
Can the ISP server address at 222.22.2.0 be pinged from both workstations? ____
If no, troubleshoot both hosts and all three routers.
Step 6: Configuring OSPF MD5 Authentication
1. OSPF authentication is being established on the routers in the network. First,
introduce authentication only on the R1 router.
In the interface configuration mode on the R1s interface in which connects to
router R2, enter the command ip ospf message-digest-key 1 md5 7
secret_key.
R1(config-if)# ip ospf message-digest-key 1 md5 7 secret_key
What is the OSPF password being used for md5 authentication? ______________
What encryption type is being used? ____________________________________
2. Enable OSPF authentication in this area, area 0
R1(config-if)# router ospf 1
R2(config-router)# area 0 authentication message-digest
21 of 59
Wait for a few seconds. Does the router generate any output? ________________
3. Enter the command show ip ospf neighbor.
Are there any OSPF neighbors? ________________________________________
Examine the routing table by entering show ip route.
Are there any OSPF routes in the R1 router routing table?
Can the R1 ping the R2 host? __________________________________________
4. Enter these configuration commands, one per line. End with CNTL/Z.
R2#configure terminal
R2(config-if)# ip ospf message-digest-key 1 md5 7 secret_key
R2(config-if)# router ospf 1
R2(config-router)# area 0 authentication message-digest
5. Verify that there is an OSPF neighbor by entering show ip ospf neighbor

command.
Show the routing table by typing show ip route.
Ping the R2 host from R1. If this was not successful troubleshoot as necessary.
22 of 59
Exercise 4-2: Electing DR and BDR

Objective
Configure routers with a Class C IP addressing scheme.
Observe the election process for designated routers (DR) and backup designated
routers (BDR) on the multiaccess network.
Configure loopback addresses for Open Shortest Path First (OSPF) stability.
Assign priority to force the election of a specific router as DR.

R2
OSPF
Area 0
192.168.1.0/24
R1
R3
PC

passwords. Next configure the interfaces according and the IP hostnames. Do not
configure loopback interfaces and routing protocol yet.
2. Configure the hosts with the proper IP address, subnet mask and default gateway.
3. Each workstation should be able to ping all of the attached routers. That is because
they are all part of the same subnetwork. Troubleshoot as necessary.
Step 2: View the routers configuration and interface information
1. Using the show ip interface brief command, check the status of each
interface.
What is the state of the interfaces on each router?
R1, FastEthernet 0/0: ________________________________________________
R2, FastEthernet 0/0: ________________________________________________
R3, FastEthernet 0/0: ________________________________________________
2. Ping all of the connected FastEthernet interfaces from each other.
If the pings were not successful, troubleshoot the router configuration, until the
ping is successful.
23 of 59
Step 3: Configure OSPF routing

1. Configure an OSPF routing process on the router R1. Use OSPF process number 1
R1# show ip route
Are there any entries in the routing table? ________________________________

Why? _____________________________________________________________
Step 4: Test network connectivity

1. Ping the R3 router from the R1 router.
Was it successful? ___________________________________________________
2. Type the command show ip ospf neighbor on all routers to verify that the
OSPF routing has formed adjacencies.
Is there a designated router identified? ___________________________________
Is there a backup designated router? _____________________________________
3. Type the command show ip ospf neighbor detail for more information.
What is the neighbor priority of R1 from router R3? ________________________
What interface is Identified as being part of Area 0? ________________________
24 of 59
Step 5: Configure the loopback interfaces

1. Configure the loopback interface on each router to allow for an interface that will
not go down due to network change or failure. This task is performed by typing
interface loopback # at the global configuration mode prompt, where the #
represents the number of the loopback interface from 0 - 2,147,483,647.
R1(config)# interface loopback 0
2. Type the command show ip ospf neighbor on all routers to verify that the
Is there a designated router identified? ___________________________________
Write down the router ID and link address of the DR:
_________________________________ ________________________________
Is there a backup designated router? _____________________________________
Write down the router ID and link address of the BDR:
_________________________________ ________________________________
What is the third router referred to as? ___________________________________
Write down that Routers ID and link address:
_________________________________ ________________________________
3. Type the command show ip ospf neighbor detail for more information.
What is the neighbor priority of R1 from router R3? ________________________
What interface is Identified as being part of Area 0? ________________________
4. Type show ip ospf interface fastethernet 0/0 on the R1 router.
What is the OSPF state of the interface? _________________________________
What is the default priority of the interface? ______________________________
What is the network type of the interface? ________________________________
25 of 59
Step 6: Configure R1 to always be the DR

1. To ensure that the R1 router always becomes the DR for this multi-access
segment, the OSPF priority must be set. R1 is the most powerful router in the
network and so best suited to become DR. To assign the R1 loopback a higher IP
address is not advised, as the numbering system has advantages for
troubleshooting. Also R1 is not to act as DR for all segments to which it may
belong. Set the priority of the interface to 50 on the R1 router only.
R1(config)# interface Fastethernet 0/0
R1(config-if)# ip ospf priority 50
R1(config-if)# end
2. Display the priority for Interface fastethernet 0/0.

R1# show ip ospf interface fastethernet 0/0
3. To watch the OSPF election process restart all of the routers using the reload
command. Be sure to save the running config before restarting the routers. As
soon as the router prompt is available type:
R2> enable
R2# debug ip ospf events
Which router was elected DR? _________________________________________

Which router was elected BDR? _______________________________________
Why? _____________________________________________________________
To turn off all debugging type undebug all.
4. Type the command show ip ospf neighbor on the R2 router to verify that the
What is the priority of the DR? ________________________________________
26 of 59
Exercise 4-3: Tuning OSPF Routing Protocol

Objective
Setup an IP addressing scheme for Open Shortest Path First (OSPF) area.
Configure and verify OSPF routing.
Modify OSPF cost metric on an interface.
Modify OSPF interface timers to adjust efficiency of network.
PC1
192.168.1.0/24
.1
R1
192.168.2.0/24
.1
R2
.2
PC2
192.168.3.0/24
.1
OSPF
Area 0

Save the configuration information from the privileged EXEC command mode
3. Each workstation should be able to ping the attached router. Troubleshoot as
necessary. Remember to assign a specific IP address and default gateway to the
workstation.
At this point the workstations will not be able to communicate with each other.
4. Using the show ip interface brief command, check the status of each
interface.
What is the state of the interfaces on each router?
R1, FastEthernet 0/0: ________________________________________________
R1, Serial 0/0: ______________________________________________________
R2, FastEthernet 0/0: ________________________________________________
Serial 0/1: _________________________________________________________
5. On a router, ping the serial interface of the other router.
If the ping was not successful, troubleshoot the router configuration until the ping
is successful.
Step 2: Configure OSPF routing
1. Configure OSPF routing on each router. Use OSPF process number 1 and ensure
all networks are in area 0.
27 of 59

2. Configure OSPF routing on R2 router.

3. Show the routing table entries for the R1 router.

R1# show ip route
Are there any OSPF entries in the routing table now? _______________________
What is the metric value of the OSPF route? ______________________________
What is the VIA address in the OSPF route? ______________________________
Are routes to all networks shown in the routing table? ______________________
What does the O mean in the first column of the routing table? _______________
4. Ping the R1 host from the R2 host. Was it successful? ______________________
Step 3: Determining OSPF cost
Link Bandwidth
Default OSPF Cost
56 Kbps
1785
T1
65
Ethernet 10 Mbps
10
Token-Ring 16 Mbps
FDDI / Fast Ethernet 100 Mbps
1. Show the properties of the R1 router serial and FastEthernet interfaces using the
show interfaces command.
What is the default bandwidth of the interfaces?
Serial Interface: _____________________________________________________
FastEthernet Interface: _______________________________________________
Calculate the OSPF cost.
Serial Interface: _____________________________________________________
FastEthernet Interface: _______________________________________________
2. Using the show ip ospf interface command, record the OSPF cost of the
serial and Fast Ethernet interfaces.
OSPF cost of Serial Interface: _________________________________________
28 of 59
OSPF cost of Ethernet Interface: _______________________________________

Do these agree with the calculations? ____________________________________
The clock rate set for the interface should have been 64000. To calculate the cost
of this actual bandwidth divide 108 by 64000.
Step 4: Manually set the cost on the serial interface
1. On the Serial interface of the R1 router, set the OSPF cost to 1562 by typing ip
ospf cost 1562 at the serial interface configuration mode prompt.
Note that it is essential that all connected links agree about the cost for consistent
calculation of the shortest path first algorithm (SPF) in an area.
Verify that the interface OSPF cost was successfully modified.
2. Reverse the effect of this command by entering in interface configuration mode
the command no ip ospf cost.
Verify that the default cost for the interface has returned.
3. Enter the command bandwidth 2000 at the serial 0 interface configuration
mode.
Record the new OSPF cost of the Serial interface. __________________________
Can the OSPF cost of an Ethernet interface be modified in this way? ___________
4. The speed can be set on an Ethernet interface. Will this affect the OSPF cost of
that interface?
__________________________________________________________________
Verify or explain the above answer.
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
5. Reset the bandwidth on the serial interface using the no bandwidth 2000 at the
serial 0 interface configuration mode.
Step 4: Determining OSPF timers
1. At the privileged EXEC mode type the command debug ip ospf events and
observe the output.
How frequently are Hello messages sent? ________________________________
Where are they coming from? _________________________________________
Turn off debugging by typing no debug ip ospf events or undebug all.
2. Show the hello and dead interval timers on the R1 router Ethernet and Serial
interfaces by entering the command show ip ospf interface in privileged
EXEC mode.
Record the Hello and Dead Interval timers for these interfaces
Hello Interval: ______________________________________________________
Dead Interval: ______________________________________________________
What is the purpose of the dead interval? _________________________________
29 of 59
Step 5: Modify the OSPF timers

1. Modify the Hello and Dead-Interval timers to smaller values to try to improve
performance. On the R1 router only enter the commands ip ospf hellointerval 5 and ip ospf dead-interval 20 for interface Serial 0/0.
R1(config)# interface Serial 0/0
R1(config-if)# ip ospf hello-interval 5
R1(config-if)# ip ospf dead-interval 20
2. Wait for a minute and then enter the command show ip ospf neighbor.
Are there any OSPF neighbors? ________________________________________
3. Examine the R1 router routing table by entering show ip route.
Are there any OSPF routes in the table? __________________________________
Can the R1 Host ping the R2 host? ______________________________________
4. Enter the command debug ip ospf events in privileged EXEC mode.
Is there an issue that is identified? ______________________________________
If there is, what is the issue? ___________________________________________
5. a. On the R2 router check the routing table by typing show ip route.
Are there any OSPF routes in the table? __________________________________
6. Set the R2 router interval timers
Match the timer values on the R2 serial link with the R1 router.
R2(config-if)# ip ospf hello-interval 5
R2(config-if)# ip ospf dead-interval 20
Verify the OSPF neighbor by entering show ip ospf neighbor command.

7. Show the routing table by typing show ip route.
Are there OSPF routes in the table? _____________________________________
8. Ping the R2 host from R1.
If this was not successful troubleshoot the configurations.
9. Use the no form of the ip ospf hello-interval and the ip ospf deadinterval to reset the OSPF timers back to their default values.
Use the show ip ospf interface command to verify the timers are reset to
their default values.
Are the values back to the default? ______________________________________
30 of 59
Exercise 5-1: Load Balancing with EIGRP

Objective
Configure and verify EIGRP routing.
Observe unequal-cost load balancing.

EIGRP
AS 100
192.168.2.0/24
PC1
192.168.1.0/24
R1
S0/0
S0/0
S0/1
S0/1
R2
PC2
192.168.3.0/24
192.168.4.0/24

1. On the routers, enter the global configuration mode and configure the hostname.
Then configure the console, virtual terminal and enable passwords. Next configure
the interfaces. Finally configure EIGRP routing on the routers using the
Autonomous System (AS) of 100.
Make sure to copy the running-config to the startup-config on each router.
2. Configure the hosts with the proper IP address, subnet mask and default gateway.
Test the configuration by pinging all interfaces from each host.
If the pinging is not successful, troubleshoot the configuration.
Step 2: Configure bandwidth on the R1 router interfaces
1. In order to make unequal cost load balancing to work, it is necessary need to
establish different metrics for the EIGRP routes. This is done with the bandwidth
command. The serial 0/0 interface will be set to a bandwidth of 56K and the serial
0/1 interface will be set to a value of 384K.
Note: The route-cache must also be turned off for load balancing. Both
serial interfaces must use process switching. Process switching forces the
router to look in the routing table for the destination network of each
routed packet. In contrast fast-switching, which is the default, stores the
initial table lookup in a high-speed cache and uses the info to route
packets to the same destination.
2. Enter the following statements on the R1 router:
R1(config-if)# bandwidth 56
R1(config-if)# no ip route-cache
R1(config-if)# interface serial 0/1
R1(config-if)# bandwidth 384
R1(config-if)# no ip route-cache
Because the EIGRP metric includes bandwidth in its calculation, bandwidth must
be manually configured on the serial interfaces in order too ensure accuracy. For
31 of 59
the purposes of this lab, the alternative paths to network 192.168.3.0 from the R1
router are not of unequal cost until the appropriate bandwidths are set.
3. Use the show interface command output to verify the correct bandwidth
settings and the show ip interface command to ensure that fast switching is
disabled.
Can the bandwidth of Ethernet interfaces be set manually? ___________________
Step 3: Configure unequal-cost load balancing
1. The variance value determines whether EIGRP will accept unequal-cost routes.
An EIGRP router will only accept routes equal to the local best metric for the
destination multiplied by the variance value. So if the local best metric of an
EIGRP router for a network is 10000, and the variance is 3, the router will accept
unequal-cost routes with any metric up to 30000 or 10,000 x 3. This is as long as
the advertising router is closer to the destination. An EIGRP router accepts only
up to four paths to the same network.
Note: An alternate route is added to the route table only if the next-hop
router in that path is closer to the destination (has a lower metric value)
than the current route.
By default, EIGRP variance is set to 1, which means that only routes that are
exactly 1 times the local best metric are installed. Therefore, a variance of 1
disables unequal-cost load balancing.
2. Configure the R1 router to enable unequal-cost load balancing using the following
commands:
R1(config)# router eigrp 100
R2(config-router)# variance 10
According to the help feature, what is the maximum variance value? ___________
3. Check the R1 routing table. It should have two routes to network 192.168.3.0 with
unequal metrics.
What is the EIGRP metric for the route to 192.168.3.0 through serial 0/0? ______
What is the EIGRP metric for the route to 192.168.3.0 through serial 0/1? ______
Step 4: Verify per-packet load balancing
1. Because there are two routes to the destination network, half the packets will be
sent along one path, and half will travel over the other. The path selection
alternates with each packet received.
Observe this process by using the debug ip packet command on the R1 router.
Send a 30 ping packets across the network from the host attached to R2 router to
the host attached to the R1 router. This can be done with the ping 192.168.1.2
n 30 command on the host. As the pings are responded to, the router outputs IP
packet information.
Stop the debug after the pings by using the command undebug all.
2. Examine and record part of the debug output.
What is the evidence of load balancing in the output?
__________________________________________________________________
__________________________________________________________________
32 of 59
Step 5: Verify per-destination load balancing

1. After verifying per-packet load balancing, configure the router to use perdestination load balancing. Both serial interfaces must use fast switching so that
the route-cache can be used after the initial table lookup.
2. Use the command ip route-cache on both serial interfaces of the R1 router.
3. Use the show ip interface to verify that fast switching is enabled.
Is fast switching enabled? _____________________________________________
The routing table is consulted only once per destination. Therefore, packets that
are part of a packet train to a specific host will all follow the same path. Only
when a second destination forces another table lookup or when the cached entry
expires will the alternate path be used.
4. Use the debug ip packet command and ping across the network. Note which
serial interface the packet was sent out on.
Examine and record part of the debug output.
Which serial interface was the packet sent out on?
__________________________________________________________________
33 of 59
Exercise 6-1: Understanding Wildcard Mask

Objective
Study wildcard mask structure.
Write wildcard mask from a given IP address range.
Determine IP address range.
Step 1: Understand the wildcard masking

1. Which two of the following could be used to permit or deny one computer?
A. 1.1.1.1
B. 0.0.0.0
C. Any
D. Host
2. In a wildcard mask, a bit value of zero mans that the bit must be _____________,
while a bit value of one means that the bit must be ___________.
3. In a subnet mask, a bit value of zero mans that the bit must be ___________,
while a bit value of one means that the bit must be ___________.
4. Why should each Access Control List (ACL) have to have at least one permit
statement in it? _____________________________________________________
Step 2: Calculate IP address range from a given ACL statement
1. After you have successfully entered the command below, will a host with an IP
address of 172.16.10.25 be allowed, denied, or neither?
R1(config)# access-list 1 deny 172.16.10.0 0.0.0.255
Answer: ___________________________________________________________
2. Which networks would be denied by the following router command?
Answer: ___________________________________________________________
3. Which networks will be allowed by the following router command?
R1(config)# access-list 3 permit 210.105.23.0 0.0.16.255
Answer: ___________________________________________________________
Answer: ___________________________________________________________
Answer: ___________________________________________________________
Answer: ___________________________________________________________
34 of 59

Answer: ___________________________________________________________
Answer: ___________________________________________________________
Answer: ___________________________________________________________
Answer: ___________________________________________________________
Answer: ___________________________________________________________
Answer: ___________________________________________________________
Answer: ___________________________________________________________
R1(config)# access-list 14 deny 222.16.5.0 0. 0.3.15.255
Answer: ___________________________________________________________
Answer: ___________________________________________________________
Answer: ___________________________________________________________
Step 3: Determine a wildcard mask from a range of IP addresses
1. Finish the command below such that it allows IP Addresses 112.85.96-99.0-255
Answer: R1(config)# access-list 1 deny 112.85.96.0 ____________
__________________________________________________________________
2. Finish the command below such that it denies IP Addresses 133.8-15.0-31.0-255
Answer: R1(config)# access-list 2 deny 133.8.0.0 ______________
__________________________________________________________________
3. Complete the command below such that it allows IP Addresses 192-223.108.23.29
35 of 59
Answer: R1(config)# access-list 3 permit 198.108.23.29 ________

__________________________________________________________________
4. Complete the command below such that it allows IP Addresses 65.163.234.16-31
__________________________________________________________________
5. Complete the command below such that it allows IP Addresses 144-147.216223.34.0-255
Answer: R1(config)# access-list 5 permit 144.216.34.0 _________
__________________________________________________________________
Answer: R1(config)# access-list 6 permit 160.80.19.0 __________
__________________________________________________________________
7. Complete the command below such that it allows IP Addresses 198.133.208223.0-255
__________________________________________________________________
8. Complete the command below such that it allows IP Addresses 0-31.160-191.160191.0-255
__________________________________________________________________
__________________________________________________________________
10. Complete the command below such that it allows IP Addresses 0-255.104-107.0255.64-127
__________________________________________________________________
11. Complete the command below
122.70.3,7,11,15,19,23,27,31.12
such
that
it
allows
IP
Addresses

__________________________________________________________________
12. Complete the command below such
193,195,197,199,201,203,205,207.5.16.2
that
it
allows
IP
Addresses

__________________________________________________________________
13. Complete the command below such that it allows IP
192.168.123.0,2,16,18,64,66,80,82,128,130,144,146,192,194,208,210
Addresses
Answer: R1(config)# access-list 13 permit 192.168.123.0 _______

__________________________________________________________________
36 of 59
Exercise 6-2: Configuring Standard ACL

Objective
Configure, and apply a standard ACL to permit or deny specific traffic.
Test the ACL to determine if the desired results were achieved.

PC1
192.168.1.0/24
R1
.1
192.168.2.0/24
.1
.2
R2
Lo0
.2
192.168.3.0/24

2. Configure the workstation
3. Confirm connectivity by pinging the default gateway from the host
If the pings are not successful, correct the configuration and repeat until they are
successful.
Ping all of the interfaces of the router R1 and R2 on the network from the host
37 of 59
Step 3: Prevent access to the Ethernet interface of R1 from the hosts

1. Create an access list that will prevent access to FastEthernet 0/0 from the
192.168.1.0 network.
At the router configuration prompt type the following command:
R1(config)# access-list 1 permit any
Why is the second statement needed? ___________________________________

2. Ping the router from the hosts
Were these pings successful? __________________________________________
Why or why not? ___________________________________________________
3. Apply the Access list to the interface
At the FastEthernet 0/0 interface mode prompt type the following:
R1(config-if)# ip access-group 1 in

Why or why not? ___________________________________________________
5. Remove the Access list from the interface before finishing step
R1(config-if)# no ip access-group 1 in
Step 4: Create an access list that will not allow the even numbered hosts to
ping but permit the odd numbered hosts to ping the Ethernet interface of R1
1. What will that access list look like? Finish this command with an appropriate
comR3on IP address and wildcard mask:
access-list 2 permit ____.____.____.____ ____.____.____.____
Why was it not necessary to have the permit any statement at the end this time?
__________________________________________________________________
Apply the new access list by typing ip access-group 2 in
2. Assign an even address to host and ping the router R1
Was the ping from host successful? _____________________________________
Why or why not? ___________________________________________________
3. Assign an odd address to host and ping the router R1
Was the ping from host 2 successful? ___________________________________
Why or why not? ___________________________________________________
Step 4: Prevent access from the host to the local network on the router R2
1. The host needs to be prevented access to the local network on the router R2. It is
determined that a standard access list needs to be created to prevent traffic from
this host from accessing loopback interface of R2. The access control list should
block traffic from this host and not affect other traffic from this network.
38 of 59
2. First, define the information needed to create the ACL. Remember that statements
are added sequentially to an ACL. Therefore, the order of the statements needs to
be planned carefully.
3. It has been determined that this ACL will require 2 logical steps. Each of these
steps can be accomplished with one statement each:
! stop traffic from host
! permit all other traffic
4. From this logic the actual ACL will be written. Write each statement: access-list
[permit/deny], comR3on IP address and wildcard mask.
access-list 3 ______ ____.____.____.____ ____.____.____.____
access-list 3 ______ ____.____.____.____ ____.____.____.____
What would be the result of not including a statement to permit all other source
addresses?
__________________________________________________________________
What would be the result of reversing the order of the 2 statements in the list?
__________________________________________________________________
Why are both statements using the same ACL number?
__________________________________________________________________
5. The final step is to determine the best location for the access list and the direction
the list should be applied. Examine the inter-network diagram and choose the
appropriate interface and direction:
Router: _____________, Interface: ______________, Direction: ______________
The command to apply the access list: ip access-group 3 _____
6. Now that the ACL is completed, the ACL needs to be confirmed and tested.
Test the functionality of the ACL by trying to send packets from the source host
and verify that is to be permitted or denied as appropriate. In this case, ping will
be used to test this.
Ping the router from the host 192.168.1.2
Why or why not? ___________________________________________________
Change host IP address to 192.168.1.3, ping the router from the host
Why or why not? ___________________________________________________
Rx(config-if)# no ip access-group 3 [ in | out ]
39 of 59
Exercise 6-3: Configuring Extended ACL

Objective
Configure, and apply an extended ACL to permit or deny specific traffic.
Test the ACL to determine if the desired results were achieved.
PC1
192.168.1.0/24
R1
.1
192.168.2.0/24
.1
.2
R2
Lo0
.2
192.168.3.0/24

2. Configure the workstation
3. Confirm connectivity by pinging the default gateway from the host
If the pings are not successful, correct the configuration and repeat until they are
successful.
Ping all of the interfaces of the router R1 and R2 on the network from the host
40 of 59
Step 3: Prevent access to HTTP (port 80) of R1 from hosts

1. Allow HTTP access in the router R1 by issuing the ip http server command
in global configuration mode.
From a host, connect to the router using a Web browser to ensure that the Web
server function is active.
2. Create an access list that will prevent Web browsing access to FastEthernet 0/0
from the 192.168.1.0 network.
At the router configuration prompt type the following commands:
R1(config)# access-list 101 deny tcp 192.168.1.0 0.0.0.255
any eq 80
R1(config)# access-list 101 permit ip any any
Why is the second statement needed? ___________________________________

3. Apply the access list to the interface
At the FastEthernet 0/0 interface mode prompt on the router R1 type:
R1(config-if)# ip access-group 101 in

5. Connect to the router using the web browser
Was the browser able to connect? ______________________________________
6. Telnet to the router from the hosts
Were you able to Telnet successfully? ___________________________________
Step 4: Prevent a group of hosts from accessing the 192.168.3.0 network

1. There are two group of hosts in the192.168.1.0 network:
Group A: 192.168.1.1 192.168.1.127
Group B: 192.168.1.128 192.168.1.255
2. Only the group A should have access to the R2 LAN. The group B should be
restricted from accessing that network.
3. It is decided that it would be best to use an extended access list. Enter the
following:
R1(config)# access-list 102 deny ip 192.168.1.128 0.0.0.127
192.168.3.0 0.0.0.255
This statement will deny ip access for any users on the 192.168.1.128
192.168.1.255 network if they are trying to access network 192.168.3.0.
4. Remember that there is an implicit deny all at the of every access list. We must
now make sure to let the group A access the R2 LAN network. Enter the following
statement:
R1(config)#
access-list 102 permit ip any any
5. Now we need to apply the access list to an interface. We could apply the list to
any incoming traffic going to the R1 Ethernet interface. However, if there were a
great deal of traffic between the R1 LAN and the R2 LAN, the router would have
41 of 59
to check every packet. There is concern that this would add unwanted overhead to
the router. Therefore the access list is applied to the any outgoing traffic going
through the R1 router serial interface.
R1(config)# interface s0/0
R1(config-if)# ip access-group 102 out
6. Verify the syntax of the access-list with the show running-config command.
Another valuable command is the show access-lists command. The show
access-lists command also displays counters, indicating how many times the
list has been used. No counters are listed here since we havent attempted to verify
it yet.
Note: Use the clear access-list counters command to restart the
access list counters
7. Test the functionality of the ACL by trying to send packets from the source host
and verify that is to be permitted or denied as appropriate. In this case, ping will
be used to test this.
Ping the R2 loopback interface from the host 192.168.1.2
Change host IP address to 192.168.1.130 then ping the R2 loopback interface
8. Issue the show access-lists command. How many matches are there? ___________
Note: The show access-lists command displays the number of
matches per line. Therefore the number of deny matches may seem odd
until it is realized that the pings matched the deny statement and the
permit statement.
Step 5: Allow a user in the group B from accessing the 192.168.3.0 network
1. Configure an extended access-list to allow that user access to R2 LAN.
To allow a host (192.168.1.200) from accessing R2 LAN, an extended access list
needs to be altered to allow them access to the R2 LAN, while denying everyone
else on the group B.
Unfortunately, it is not possible to reorder an access list, skip statements, edit
statements, or delete statements from a numbered access list. With numbered
access lists, any attempt to delete a single statement results in the entire lists
deletion.
2. Therefore the initial extended access list needs to be deleted and a new one
created. To delete access-list 102, enter the following:
R1(config)# no access-list 102
Verify that it has been deleted with the show access-lists command.
3. Now create a new extended access list. Always filter from the most specific to the
most generic. Therefore the first line of the access list should allow the host
192.168.1.200 access to the R2 LAN. The remainder of the access-list should be
the same as the previous we had entered.
R1(config)# access-list
192.168.3.0 0.0.0.255
103
permit
ip
host
192.168.1.200
4. Now deny all of the remaining hosts of the group B access to the R2 LAN and
permit any on else. Refer to the previous step for the next two lines of the
configuration.
42 of 59
5. The show access-list command would display output similar to the following:
R1# show access-lists
Extended IP access list 103
permit ip host 192.168.1.200 192.168.3.0 0.0.0.255
deny ip 192.168.1.128 0.0.0.127 192.168.3.0 0.0.0.255
permit ip any any
R1#
6. Now test the access list by verifying reachability to the R2 LAN:

Ping the R2 loopback interface from the host 192.168.1.2
Host 192.168.1.200 should now be able to ping the R2 loopback interface.
However, all other hosts in group B should not be able to ping the R2 loopback
interface. The router should return a reply message to the host stating Destination
net unreachable.
R1(config-if)# no ip access-group 103 out
43 of 59
Exercise 7-1: Configuring NAT

Objective
Configure a router to use network address translation (NAT) to convert internal IP

addresses, typically private addresses, into outside public addresses.
PC1
Inside
Outside
.2
R1
192.168.1.0/24
.1
PC2
.3
R2
200.0.0.0/24
.1
Lo0
.2
.2
222.0.0.0/24
Public pool:
199.0.0.32/27

2. From the attached hosts, ping the FastEthernet interface of the R1 router.
Was the ping from the first host successful? ______________________________
Was the ping from the second host successful? ____________________________
If the answer is no for either question, troubleshoot the router and host
configurations to find the error. Ping again until they are both successful.
Step 2: Configure the static routing
1. Internal network has been allocated a block of IP address 199.0.0.32/27. This is
equivalent to 30 public IP addresses. Since the company has an internal
requirement for more than 30 addresses, it has decided to implement NAT. The
addresses 199.0.0.33 199.0.0.39 for static allocation and 199.0.0.40 199.0.0.62
for dynamic allocation. A static route will be used between R2 and R1 and a
default route will be used between R1 and R2. The R2 connection to the Internet
will be represented by a loopback address on the R2 router.
2. Create a static route from the R2 to the R1 router. Use the ip route command to
create the static route.
R2(config)# ip route 199.0.0.0 255.255.255.224 200.0.0.1
Is the static route in the routing table? ___________________________________

What command checks the routing table contents? _________________________
If the route was not in the routing table, give one reason why this might be so?
__________________________________________________________________
3. From the R1 router to the R2 router, create a static route to network 0.0.0.0
0.0.0.0, using the ip route command. This will forward any unknown
44 of 59
destination address traffic to the R2 by setting a Gateway of Last Resort on the R1

router.
R1(config)# ip route 0.0.0.0 0.0.0.0 200.0.0.2
Is the static route in the routing table? ___________________________________

4. Try to ping from one of the workstations to the R2 serial interface IP address.
Step 3: Configure dynamic NAT
1. Define the pool of usable public IP addresses, use the ip nat pool command:
R1(config)# ip nat pool PUBLIC-ACCESS 199.0.0.40 199.0.0.62
netmask 255.255.255.224
2. Define an access list that will match the inside private IP addresses, use the
access-list command:
3. Define the NAT translation from inside list to outside pool, use the ip nat
inside source command:
R1(config)# ip nat inside source list 1 pool PUBLIC-ACCESS
4. The active interfaces on the router need to be specified as either inside or outside
interfaces with respect to NAT. To do this, use the ip nat inside or ip nat
outside command:
R1(config-if)# ip nat inside
R1(config-if)#interface serial 0/0
R1(config-if)# ip nat outside
5. From the PC2, ping 222.0.0.2. If successful, look at the NAT translation on the R1
router, using the command show ip nat translations.
What is the translation of the inside local host addresses?
_______________ = _______________ ________________ = _______________
The inside global address is assigned by? ________________________________
The inside local address is assigned by? _________________________________
Step 4: Configure static NAT
1. PC1, 192.168.1.2/24, will be designated as the public WWW server. Thus, it
needs a permanent public IP address. This mapping is defined using a static NAT
mapping.
2. To configure a static IP NAT mapping, use the ip nat inside source
static command at the privileged EXEC mode prompt:
R1(config)# ip nat inside source static 192.168.1.2
199.0.0.33
This permanently maps 199.0.0.33 to the inside address 192.168.1.2.

3. Look at the translation table:
R1# show ip nat translations
Does the mapping appear in the output of the show command? _______________
45 of 59
4. From the 192.168.1.2 workstation, verify it can ping 222.0.0.2

Is the ping successful? _______________________________________________
Why? _____________________________________________________________
5. From the R2 router, ping the host with the static NAT translation by typing ping
192.168.1.2.
What were the results of the ping, was it successful? _______________________
Why? _____________________________________________________________
6. From the R2 router, ping 199.0.0.33. If successful, look at the NAT translation on
the R1 router, using the command show ip nat translations.
What is the translation of the inside local host addresses?
_______________ = _______________ ________________ = _______________
46 of 59
Exercise 7-2: Configuring RIPng for IPv6

Objective
Configure IPv6 addresses on interfaces, both static addresses and EUI-64

addresses. Then, you will configure RIPv3 to route between the IPv6 networks.
Loopback 0:
10.1.2.1/24
FEC0::2:1/112
:2
:?
R2
FEC0::23:0/112
FEC0::12:0/112
:1
Loopback 0:
10.1.1.1/24
FEC0::1:1/112
R1
FEC0::13:0/112
:1
R3
:?
:3
Loopback 0:
10.1.3.1/24
FEC0::3:1/112
Step 1: Configuring the loopback interfaces

1. Start this lab by clearing out your configurations and reloading your routers. Once
your routers are reloaded, set up the appropriate hostnames.
2. Configure the loopback interface on each router with both the IPv4 address and
IPv6 address given in the diagram. The IPv4 address is configured the traditional
way with ip address address mask. The IPv6 address configuration is
similar, using the command ipv6 address address/mask. IPv6 addresses let
you put in the mask length with a /mask, rather than typing the whole mask out in
hexadecimal (imagine typing up to 128 bits worth of 1s).
You also can put in the abbreviated form of an IPv6 address. IPv6 addresses
normally are 8 groups of 16 bit groups of hexadecimal, separated by colons.
You can abbreviate any continuous group of 0s with ::. You can only use this
abbreviation once per address. For example, FEC0:0:0:0:0:0:12:1/112 can
be shortened to FEC0::12:1/112.
R1(config)# interface loopback0
R1(config-if)# ipv6 address FEC0::1:1/112
47 of 59
3. If you accidentally put the wrong IPv6 address on an interface, make sure you take
it off with the no version of the command you entered. Unlike IPv4 addresses,
where the ip address command overwrites the existing address, multiple IPv6
addresses can exist on an interface. Putting in the command ipv6 address
multiple times will add more addresses, not replace them.
Also, notice that we put both an IPv4 and IPv6 address on the same interface, and
neither conflict with each other. This is because they are different layer 3
protocols and they run independently.
Step 2: Configuring the static IPv6 addresses
1. Now, configure the two serial links with IPv6 addresses. Use the ipv6 address
address/mask command again to configure the interfaces with the addresses
given in the diagram. Remember to set the clock rates where appropriate and put a
no shutdown on the interfaces. Verify with ping for local subnet connectivity.
R1(config)# interface serial0/0
R1(config-if)# clockrate 64000
R1# ping FEC0::12:2
R1# ping FEC0::13:3
R2# ping FEC0::12:1
R3# ping FEC0::13:1
2. Use the command show ipv6 interface to look at IPv6 related properties of
the router interfaces. You can also specify a specific type/number of an interface
with this command to see the output for only that interface.
Step 3: Changing the Link-local address on an interface
1. Notice that in addition to the address you already configured, there is a link local
address starting with FE80. Your actual address may vary. You can change this on
the link between R1 and R2 by putting the link-local address FE80::1 on R1 and
FE80::2 on R2. There is no subnet mask on link-local addresses, because they are
not routed; hence the term link-local. To configure this, use the command ipv6
address address link-local. Verify that you can ping the link local address
on the other side. When pinging link local addresses, you must specify an
outgoing interface because the addresses are not routed and not in the routing
table.
48 of 59

R1(config-if)# ipv6 address FE80::1 link-local
R2(config-if)# ipv6 address FE80::2 link-local
R1#ping FE80::2
Output Interface: Serial0/0
2. Verify the link local addresses with the command show ipv6 interface.
Step 4: Configuring EUI-64 Addresses
1. EUI-64 IPv6 addresses are addresses where the first 64 bits are the network
portion of the address and specified, and the second 64 bits are the host portion of
the address and automatically generated by the device. To configure IPv6 EUI-64
addresses on an interface, use ipv6 address address/mask eui-64.
2. Configure this on the FastEthernet interfaces of R2 and R3 with the subnet given
in the diagram. Also, make sure you put a no shutdown on the interfaces. Find
out the IPv6 addresses of the interfaces with show ipv6 interface or show
ipv6 interface brief, and then ping the other side of the link.
R2(config)# interface fastethernet0/0
R2(config-if)# ipv6 address FEC0:23::/64 eui-64
R3(config)# interface fastethernet0/0
R3(config-if)# ipv6 address FEC0:23::/64 eui-64
R2# show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::218:B9FF:FE92:28D8
FEC0:23::218:B9FF:FE92:28D8
<Output eliminated >
R3# ping FEC0:23::218:B9FF:FE92:28D8
Note: Your addresses will be different from the addresses displayed in the
example, because EUI-64 addresses include the MAC address of the
interface in them, which will be unique per interface.
Step 5: Enabling IPv6 Routing and CEF
1. As of the time of this writing, the current IOS version has IPv6 routing and CEF
disabled by default. To enable IPv6 routing, use the global configuration
command ipv6 unicast-routing. To enable IPv6 CEF, use the command
ipv6 cef. Use these commands on all three routers.
R1(config)# ipv6 unicast-routing
R1(config)# ipv6 cef
49 of 59
Step 6: Setting up RIPng

1. Unlike IPv4 RIP, where networks are added to the RIP process with network
statements under the routing protocol configuration prompt, IPv6 RIPng uses the
interface level command ipv6 rip name enable to add an interface to RIPng
process.
R1(config)# ipv6 router rip cisco
R1(config-router)# exit
R1(config-if)# ipv6 rip cisco enable
R1(config-if)# exit
R1(config-if)# interface serial0/0
R1(config-if)# exit
R1(config-if)# exit
R2 and R3 configuration is similar.

2. Verify that you have enabled IPv6 RIPng with the command show ipv6 rip.
R1# show ipv6 rip
RIP process cisco, port 521, multicast-group FF02::0, pid
230
Administrative distance is 120. Maximum paths is 16
Updates every 30 seconds, expire after 180
Holddown lasts 0 seconds, garbage collect after 120
Split horizon is on; poison reverse is off
Default routes are not generated
Periodic updates 6, trigger updates 1
Interfaces:
Loopback0
Serial0/0
Serial0/1
3. View the routing table on all three routers with the command show ipv6 route.
R1# show ipv6 route
IPv6 Routing Table - 11 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BG
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS s
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSP
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
50 of 59
FEC0::1:0/112 [0/0]
via ::, Loopback0
FEC0::1:1/128 [0/0]
via ::, Loopback0
FEC0::2:1/128 [120/2]
via FE80::2, Serial0/0
FEC0::3:1/128 [120/2]
via FE80::218:B9FF:FECD:BEF0, Serial0/1
FEC0::12:0/112 [0/0]
via ::, Serial0/0
FEC0::12:1/128 [0/0]
via ::, Serial0/0
FEC0::13:0/112 [0/0]
via ::, Serial0/1
FEC0::13:1/128 [0/0]
via ::, Serial0/1
FEC0:23::/64 [120/2]
via FE80::2, Serial0/0
via FE80::218:B9FF:FECD:BEF0, Serial0/1
FE80::/10 [0/0]
via ::, Null0
FF00::/8 [0/0]
via ::, Null0
51 of 59
Exercise 7-3: Configuring Manual IPv6 Tunnel

Objective
Configure RIPv2 for IPv4
Create a manual IPv6 tunnel

Loopback 0:
10.1.2.1/24
.2
.2
R2
172.16.12.0/24
R1
172.16.23.0/24
.1
.3
:1
FEC0::13:0/112
R3
:3
Loopback 0:
10.1.3.1/24
FEC0::3:1/112
Loopback 0:
10.1.1.1/24
FEC0::1:1/112
Step 1: Configuring the loopback and physical interfaces

1. Configure the loopback interfaces with IPv4 addresses and IPv6 addresses where
appropriate. Also configure the serial interfaces with the IPv4 addresses shown in
the diagram. Set the clock rates on the appropriate interfaces and issue no
shutdown on all serial connections. Verify that you have local subnet
connectivity with ping.

Step 2: Configuring IPv4 routing protocol
1. Configure RIPv2 on all three routers. Make sure you disable auto-summarization.
R1(config)# router rip
R1(config-router)# no auto-summary
R1(config-router)# version 2
R1(config-router)# network 10.0.0.0
52 of 59
Step 3: Configure a Manual IPv6 Tunnel

1. A tunnel is a logical interface that acts as a logical connection between two
endpoints. It is similar to a loopback interface in that there is no corresponding
physical interface, but it is different in that there is more than one router involved.
An IPv6 manual tunnel is a type of tunnel that has hard-coded source and
destination addresses, with an IPv6 address on the tunnel itself. To configure a
manual IPv6 tunnel, first issue the interface tunnel number command. For
simplicity, use tunnel number 0 on both routers.
2. Next configure the tunnel mode for a manual tunnel with the tunnel mode
ipv6ip command. Then configure an IPv6 address with the ipv6 address
address/mask command. Finally, assign source and destination addresses for
the tunnel using the tunnel source address and tunnel destination
address commands. You can also specify the source by interface.
R1(config)# interface tunnel0
R1(config-if)# tunnel mode ipv6ip
R1(config-if)# tunnel source s0/0
R1(config-if)# tunnel destination 172.16.23.3
R1(config-if)# ipv6 add FEC0::13:1/112
R3(config)# interface tunnel0
R3(config-if)# tunnel mode ipv6ip
R3(config-if)# tunnel source s0/1
R3(config-if)# tunnel destination 172.16.12.1
R3(config-if)# ipv6 add FEC0::13:3/112
3. Verify that you can ping across the tunnel to the other side.
R1#ping FEC0::13:3
Step 4: Configure RIPng over a Tunnel

1. Enable IPv6 routing with the ipv6 unicast-routing command on R1 and R3.
Configure RIPng on those routers to run over the tunnel and advertise the
loopback interfaces into RIPng. Verify the configuration using the show ipv6
rip command and verifying that you can ping the remote loopback interfaces.
R1(config-if)# interface tunnel0
R3(config-if)# interface tunnel0
R1# ping FEC0::3:1
53 of 59
Exercise 8-1: Configuring Back-to-Back Frame-Relay

Objective
Configure two routers back-to-back as a Frame Relay permanent virtual circuit

(PVC). This will be done manually, in the absence of a Frame Relay switch, and
therefore there will be no Local Management Interface (LMI).
PC1
192.168.1.0/24
Encapsulation
Frame-Relay
R1
R2
PC2
192.168.3.0/24
.1
.1
192.168.2.0/24
.1
DLCI
101
.2
DLCI
101
Step 1: Configure the serial interfaces

1. First, define the Frame Relay frame type to be used on this link. To configure the
encapsulation type, use the command encapsulation frame-relay. Disable
keepalive messages since there is no Frame Relay switch in this configuration and
consequently no Frame Relay DCE:
R1(config-if)# encapsulation frame-relay
R1(config-if)# no keepalive
R1(config-if)# clock rate 64000
Configure R2 using the same command syntax:

R2(config-if)# no keepalive
2. Configure the Frame Relay map

When sending an Ethernet frame to a remote IP address, the remote MAC address
must be discovered, so that the correct frame type can be constructed. Frame
Relay needs a similar mapping.
The remote IP address needs to be mapped to the local DLCI, so the correctly
addressed frame can be created locally for this PVC. Since there is no way of
mapping the DLCI automatically with LMI disabled, this map must be created
manually, using the frame-relay map command. The broadcast parameter also
allows for IP broadcasts to use the same mapping for crossing this PVC:
R1(config-if)# frame-relay map ip 192.168.2.2 101 broadcast
And R2:
R2(config-if)# frame-relay map ip 192.168.2.1 101 broadcast
54 of 59
Step 2: Verify the configuration

1. Verifying Frame Relay PVC
On the R1 router, type the command show frame-relay pvc:
R1# show frame-relay pvc
What is the DLCI number reported? ____________________________________

What is the PVC status? ______________________________________________
What is the value of the DLCI USAGE? _________________________________
2. Showing Frame Relay map
To view the Layer 2 to Layer 3 mapping, use the show frame-relay map
command at the privileged EXEC mode prompt:
R1# show frame-relay map
What is the IP address shown? _________________________________________

What state is interface serial 0 in? ______________________________________
3. Verify Frame Relay connectivity
From the R1 router, ping the R2 router serial interface.
If the ping was not successful, troubleshoot the router configurations.
55 of 59
Exercise 8-2: Configuring Frame-Relay Switch

Objective
Configure a router as a Frame Relay switch, connecting two routers in a point-topoint topology.
Frame-Relay
Switch
S0/1
S0/0
R2
PC 1
DLCI
102
R1
.2
.1
DLCI
201
.1
PC 2
R3
.2
.1
.2
192.168.2.0/24
192.168.3.0/24
192.168.1.0/24
Step 1: Configure the Frame Relay switch with static mapping

4. Enable frame-relay switching on the router acting as the service provider Frame
Relay cloud:
R2(config)# frame-relay switching
5. The remaining configurations on the Frame Relay switch are specific to the
interfaces. On each serial interface, configure the encapsulation to Frame Relay,
define the interface as a Frame Relay DCE, and set the clock rate. The following is
an example:
R2(config-if)# frame-relay intf-type dce
R2(config-if)# clock rate 56000 (If DCE cable is attached)
6. Frame Relay switches identify inbound frames by their data-link connection

identifier (DLCI). The DLCI is then referenced in a switching table to determine
the outbound port. Statically define an end-to-end PVC between R1 and R3. A
static route needs to be configured for each serial interface, as shown in the
following:
R2(config)# interface serial 0
R2(config-if)# frame-relay route 102 int serial 0/1 201
R2(config-if)# interface serial 1
R2(config-if)# frame-relay route 201 int serial 0/0 102
7. The switch logic indicates that if the frame inbound to interface serial 0/0 is
labeled DLCI 102, then send the frame to the outbound interface serial 0/1 labeled
with DLCI 201. For traffic traveling in the opposite direction, the logic indicates
that if the frame inbound to interface serial 0/1 is labeled DLCI 201, then send the
frame to the outbound interface serial 0/0 labeled with DLCI 102.
56 of 59
Confirm with the show frame-relay route on the switch, as shown in the
following:
R2# show frame-relay route
Input Intf
Input Dlci
Output Intf
Output Dlci
Status
Serial0/0
102
Serial0/1
201
active
Serial0/1
201
Serial0/0
102
active
Step 2: Configure Frame-Relay encapsulation

1. Next, configure R1 and R3 with IP addresses and a routing protocol. The default
encapsulation for Cisco routers is HDLC. Therefore, the interface serial needs to
be configured for Frame Relay encapsulation, as the following shows:
R1(config)# interface ethernet 0/0
R1(config-if)# interface serial 0/0
R1(config-if)# ip address 192.168.2.1.255.255.255.0
R1(config-if)# exit
2. Configure R3 using the same command syntax.

R3(config)# interface ethernet 0/0
R3(config-if)# interface serial 0
R3(config-if)# exit
3. Use extended pings and show ip route to test Frame Relay connectivity and
route propagation.
Step 3: Verifying the Frame Relay configuration
1. To verify the configuration, use the show interfaces commands, related to
Frame Relay. To view the serial interface configuration use the following
command:
R1# show interfaces serial 0/0
What is the state of the interface? Serial 0 is ________, line protocol is _________
57 of 59
What is the encapsulation type? ________________________________________

What state is the DTE LMI in? _________________________________________
What is the LMI type? _______________________________________________
2. To verify that the data-link connection identifiers (DLCIs) are defined on the
switch use show frame-relay pvc. The DLCIs are learned by the router via
LMI, and can be viewed with the following command:
R1# show frame-relay pvc
What DLCI numbers are available on the switch? __________________________

What is the PVC status of the first DLCI? ________________________________
3. Check the Frame Relay map
R1# show frame-relay map
What DLCI numbers are used? ________________________________________

List the current mapping between the Layer 2 DLCI and Layer 3 IP address:
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
58 of 59

ICND2 Exercise v1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ICND2 Exercise v1

Uploaded by

Copyright:

Available Formats

Table of Contents

Exercise 1-1: Configuring RIPv2

Exercise 2-1: Spanning-Tree Protocol

Exercise 2-2: VLAN Trunking Protocol

Exercise 2-3: Configuring Inter-VLAN Routing

Exercise 3-1: Calculating VLSM Subnets

Exercise 4-1: Configuring OSPF with MD5 Authentication

Exercise 4-2: Electing DR and BDR

Exercise 4-3: Tuning OSPF Routing Protocol

Exercise 5-1: Load Balancing with EIGRP

Exercise 6-1: Understanding Wildcard Mask

Exercise 6-2: Configuring Standard ACL

Exercise 6-3: Configuring Extended ACL

Exercise 7-1: Configuring NAT

Exercise 7-2: Configuring RIPng for IPv6

Exercise 7-3: Configuring Manual IPv6 Tunnel

Exercise 8-1: Configuring Back-to-Back Frame-Relay

Exercise 8-2: Configuring Frame-Relay Switch

Exercise 1-1: Configuring RIPv2

Configure RIP v2 on routers.

Use show commands to verify RIP v2 operation.

Use ip route 0.0.0.0 0.0.0.0 command to add a default route to border

Step 1: Configure all of three routers Internet, R1 and R2

Show the R1 routing table.

4. Show the routing table

172.17.0.0/24 is directly connected, FastEthernet0/0

172.17.1.0/30 is directly connected, Serial0/1

Are all of the routes needed in the routing tables? __________________________

172.17.0.0/24 is directly connected, FastEthernet0/0

172.17.1.0/30 is directly connected, Serial0/1

0.0.0.0/0 [120/1] via 172.17.1.1, 00:00:21, Serial0/1

3. Enter show ip protocol on the R1 router.

Exercise 2-1: Spanning-Tree Protocol

Create a basic switch configuration and verify it.

Force the other switch to be selected as the root switch.

Observe the behavior of spanning-tree algorithm in presence of switched network

Step 1: Configure switches and workstations

Which ports are forwarding on the root switch? ___________________________

List the options.

2. Display the switch spanning-tree table

Step 4: Spanning-Tree Recalculation

Exercise 2-2: VLAN Trunking Protocol

Configure the VTP protocol to establish Server and client switches.

Test the VLANs functionality by moving a workstation from one VLAN to

Assigned Port (S1 & S2)

Step 1: Configure switches and workstations

Step 2: Configure VTP Server

Step 3: Create and name three VLANs

Step 5: Configure VTP Client

Repeat above tasks on the switch S2 to assign ports to its VLANs

Was the ping successful? _____________________________________________

Exercise 2-3: Configuring Inter-VLAN Routing

Create a basic configuration on a router.

Test the routing functionality.

Assigned Port (S1 & S2)

Step 1: Configure switches and workstations

Step 2: Create two VLANs, assign port to VLANs

S1(config-if)# switchport mode access

4. Display the VLAN interface information

Are ports assigned correctly? __________________________________________

Step 4: Create the router

R1(config-subif)# encapsulation dot1q 10

3. If IOS doesnt support parameter native in the encapsulation command:

4. Save the router configuration