You are on page 1of 98

ICND2

Interconnecting Cisco
Networking Devices
Part 2
Course Administration Guide

For Student Guide


Version 1.0
Text Part Number: N/A
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS.” CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN
CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF
THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED
WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR
PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
ICND2

Course Management
Cisco CCNA Curriculum Changes in 2007
Designed to Job Tasks
The CCNA® curriculum was revised in 2007 to teach and test on-the-job tasks, skills, and
knowledge that are expected of a CCNA graduate. The following course and exam objectives
were designed from the job tasks.
„ Describe how a network works
— Describe the purpose and functions of various network devices
— Select the components required to meet a network specification
— Use the OSI and TCP/IP models and their associated protocols to explain how data
flows in a network
— Describe common networked applications including web applications
— Describe the purpose and basic operation of the protocols in the OSI and TCP
models
— Describe the implementation of VoIP in a small network
— Interpret network diagrams
— Determine the path between two hosts across the Internet
— Describe the components required for network and Internet communications
— Identify and correct common network problems at Layers 1, 2, 3, and 7 using a
layered model approach
— Differentiate between LAN and WAN operation and features
„ Configure, verify, and troubleshoot a switch with VLANs and inter switch communications
— Select the appropriate media, cables, ports, and connectors to connect switches to
other network devices and hosts
— Explain the technology and media access control method for Ethernet networks
— Explain network segmentation and basic traffic management concepts
— Explain basic switching concepts and the operation of Cisco switches
— Perform and verify initial switch configuration tasks including remote access
management
— Verify network status and switch operation using basic utilities (ping, traceroute,
Telnet, SSH, ARP, ipconfig), show and debug commands
— Identify and resolve common switched network media issues, configuration issues,
autonegotiation, and SwitchHardware failures
— Describe enhanced switching technologies (VTP, RSTP, VLAN, PVSTP, 802.1Q)
— Describe how VLANs create logically separate networks and the need for routing
between them
— Configure, verify, and troubleshoot VLANs
— Configure, verify, and troubleshoot trunking on Cisco switches
— Configure, verify, and troubleshoot inter-VLAN routing
— Configure, verify, and troubleshoot VTP
— Configure, verify, and troubleshoot RSTP operation
— Interpret the output of various show and debug commands to verify the operational
status of a Cisco switched network
— Implement basic switch security (port security, unassigned ports, trunk access,
management VLAN other than VLAN 1, and so on)
„ Implement an IP addressing scheme and IP services to meet network requirements
— Describe the operation and benefits of using private and public IP addressing
— Explain the operation and benefits of using DHCP and DNS
— Configure, verify, and troubleshoot DHCP operation on a router
— Implement static and dynamic addressing services for hosts in a LAN environment.
— Configure a device to support NAT and DHCP
— Calculate and apply a VLSM IP addressing design to a network
— Determine the appropriate classless addressing scheme using VLSM and
summarization to satisfy addressing requirements in LAN and WAN environments
— Describe the technological requirements for running IPv6 (such as, protocols, dual
stack, tunneling, and so on)
— Describe IPv6 addresses
— Identify and correct common problems associated with IP addressing and host
configurations
— Configure, verify, and troubleshoot basic router operation and routing on Cisco
devices
— Describe basic routing concepts (packet forwarding and router lookup process)
— Describe the operation of Cisco routers (router bootup process, POST, and router
components)
— Select the appropriate media, cables, ports, and connectors to connect routers to
other network devices and hosts
— Configure, verify, and troubleshoot RIPv2

2 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
— Access and use the router CLI to set basic parameters
— Connect, configure, and verify the operation status of a device interface
— Verify device configuration and network connectivity using ping, traceroute, telnet,
SSH, or other utilities
— Perform and verify routing configuration tasks for a static or default route given
specific routing requirements
— Manage Cisco IOS configuration files (save, edit, upgrade, and restore)
— Manage Cisco IOS Software images
— Compare and contrast methods of routing and routing protocols
— Configure, verify, and troubleshoot OSPF
— Configure, verify, and troubleshoot EIGRP
— Verify configuration and connectivity using ping, traceroute, and Telnet or SSH
— Troubleshoot routing implementation issues
— Verify router hardware and software operation using show and debug commands.
— Implement basic router security
— Install a small wireless network
— Describe standards associated with wireless media (802.11a, b, g, and n and Wi-Fi)
— Identify and describe the purpose of the components in a small wireless network
— Identify the basic parameters to configure on a wireless network to ensure that
devices connect to the correct access point
— Describe wireless security concerns and explain how to configure WPA security
(open, WEP, WPA1, and WPA2)
— Identify common issues with implementing wireless networks
— Identify security threats to a small network and describe general methods to mitigate
those threats
— Describe modern, increasing network security threats and explain the need to
implement a comprehensive security policy to mitigate the threats
— Explain general methods to mitigate common security threats to network devices,
hosts, and applications
— Describe the functions of common security appliances and applications
— Describe security recommended practices including initial steps to secure network
devices
— Describe the components of a VPN (importance, benefits, role, and impact)
— Identify Cisco VPN Client issues
— Implement and troubleshoot NAT and ACLs.
— Describe the purpose and types of ACLs
— Configure and apply ACLs based on network filtering requirements
— Configure and apply an ACL to limit Telnet and SSH access to the router
— Verify and monitor ACLs in a network environment

© 2007 Cisco Systems, Inc. Course Administration Guide 3


— Troubleshoot ACL implementation issues
— Explain the basic operation of NAT
— Use CLI to configure NAT with specific network requirements
— Troubleshoot NAT implementation issues
— Implement and verify WAN links
— Describe different methods for connecting to a WAN
— Configure and verify a basic WAN serial connection
— Configure and verify Frame Relay on Cisco routers
— Configure and verify a PPP connection between Cisco routers
— Troubleshoot WAN implementation issues

CCNA Curriculum in the Certification Pyramid


Changes to the CCNA curriculum are intended to maintain the integrity and quality of the
CCNA certification as the premier industry networking certification. CCNA certification
remains the foundation for Professional- and Expert-level certifications, and for many
Specialist certifications.

The CCNA curriculum was adjusted in mid-2007 to better fit and prepare for the Cisco CCNP®
curriculum, as revised earlier in 2007. Topics and skills are introduced in CCNA as preparation
for further study in the CCNP curriculum. The Course Administration Guides (CAGs) of each
course within the curriculum specify the depth to teach on these topics, and when to
recommend more advanced courses to students.

The Cisco Certified Entry Networking Technician (CCENT™) certification was introduced in
mid-2007. The CCENT certification is attained by passing the Interconnecting Cisco
Networking Devices Part 1 (ICND1) exam. This new certification, which is a step below
CCNA certification, is a preparation and partial-completion of CCNA certification. CCENT
certification may also be used as a prerequisite for specializations that do not require all of the
skills and knowledge of CCNA certification.

During the transition from Introduction to Cisco Networking Technologies (INTRO) and ICND
to ICND1 and ICND2, the CCNA certification website details how to qualify for CCNA
certification by passing combinations of the INTRO, ICND, and CCNA exams and the ICND1,
ICND2, and CCNA exams.

ICND1 and ICND2 Compared to INTRO and ICND


Designed to Job Tasks
The CCNA curriculum was revised to base all topics and activities on the job tasks that are
expected of a CCNA graduate. Course objectives were revised to teach and practice these job
tasks. The list of job tasks for the curriculum was subdivided into task lists for each course.
Each task list includes all skills and knowledge taught in the course, and the CAG specifies the
depth to teach for each task. The course task list is detailed in the CAG for the course.

4 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Two Equally Balanced Parts
The CCNA curriculum is now composed of two balanced courses. Each course is a self-
contained course with labs positioned throughout to practice skills soon after discussion. Each
is a five-day course.

ICND1 Goal: Upon completing the ICND1 course, the learner should have the knowledge and
skills necessary to install, operate, and troubleshoot a small branch office enterprise network,
including configuring a switch, a router, and connecting to a WAN and implementing network
security. A learner should be able to complete configuration and implementation of a small
branch office network under supervision.

ICND2 Goal: Upon completing the ICND2 course, the learner should have the knowledge and
skills necessary to install, operate, and troubleshoot a small to medium-size branch office
enterprise network, including configuring several switches and routers, connecting to a WAN,
and implementing network security. A learner should be ready to participate on a team to
implement a small to medium-size branch office network and to serve on a tier-one help desk
or network operating center.

Lessons have been moved from ICND (which is now ICND2) into ICND1. PPP, Network
Address Translation (NAT) and Port Address Translation (PAT), and RIP version 2 (RIPv2)
are introduced, and configuration skills are developed in ICND1. In ICND2, more advanced
skills build on these foundations. This shift of topics results in a more comfortable allotment of
time for ICND2.

ICND1 is a prerequisite to ICND2; a learner cannot participate and complete ICND2 without
mastering the skills and knowledge of ICND1. Unlike INTRO, ICND1 is not simply a
collection of background topics, but it is a complete, self-contained course with frequent lab
practices.

Topics Added and Deleted


The ISDN and Interior Gateway Routing Protocol (IGRP) topics have been removed because
they are outdated and are no longer commonly encountered at an Associate level. The
following new topics and lessons were added:
„ Network security topics and lessons have been added. Learners secure switches, routers,
and ports, and implement basic network security. Learners do not design security policy but
implement only basic security measures according to a given policy.
„ Connecting a WLAN to a network was added to ICND1. Only the client security aspects
are discussed. The learner is not expected to implement wireless access points. The learner
troubleshoots client connectivity. To avoid the expense of adding WLAN equipment, no
lab is specified.
„ Learners are still directed to verify changes and configurations they have made.
Troubleshooting topics and lessons have been added to broaden the job tasks of a CCNA
graduate. Troubleshooting tasks are positioned as part of day-to-day or “Day Two”
activities. CCNA learners would be expected to perform elementary troubleshooting when
they are acting as members of a network operations center or help desk.
„ Although Telnet is still taught, students are encouraged to employ SSH as the preferred
method of remotely accessing devices.
„ Learners are expected to be proficient in configuring with both command-line interface
(CLI) and Cisco Router and Security Device Manager (SDM).

© 2007 Cisco Systems, Inc. Course Administration Guide 5


Labs have been updated as follows:
„ ICND1 and ICND2 are each five-day courses, which allows the learner to have more
practice in labs. Lab activities are about 40 percent of each course time budget. This
lecture-to-lab ratio can be further refined.
„ Labs occur throughout the courses, requiring students to practice each set of skills and job
tasks soon after they are discussed. Labs are positioned within modules but can be collected
at the end of each module at the convenience of the instructor or availability of lab
equipment.
„ All labs are designed for remote access.
„ The lab topology and equipment list are common to both ICND1 and ICND2. Cisco
equipment that is currently available, including Cisco Integrated Services Routers, is
specified. Note that the specified Cisco IOS Software version introduces a restriction on
device naming; this is documented in the CAGs and Lab Guides.
„ Labs are not “cookbook” labs; students are not expected to rigidly perfom each step in the
Lab Guide. The CAG describes how to introduce and conduct each lab. The Lab Guide
presents the objective and scenario for the lab and a series of tasks to be performed. A
solution or sample is provided at the end of the Lab Guide. The Instructor should reference
the CAG and employ the Lab Guide to mentor students during labs, maximizing their
hands-on experience.
„ The concluding lab activity of ICND1 is a “capstone” lab in which the student will pull
together all the knowledge and skills of the course to implement a small branch office.
„ The first module—and the first student activity—of ICND2 is a “warm-up” lab. Learners
review and practice the skills and knowledge of the prerequisite ICND1 to implement a
small branch office network. This network is the basis for ICND2 labs, in which the student
extends the features and functionality of the network. This lab is positioned at the
beginning of the ICND2 course for the instructor to assess the students completion of the
prerequisites and readiness to deepen their skills and knowledge in ICND2.

Overview
Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 is a five-day instructor-led
course that focuses on using Cisco Catalyst switches and Cisco routers that are connected in
LANs and WANs and are typically found at medium-sized network sites.

Outline
The Course Management section of the Course Administration Guide includes these topics:
„ Overview
„ Course Instruction Details
„ Course Delta Information
„ Course Evaluations

Course Version
This course supersedes Interconnecting Cisco Network Devices (ICND) v2.3.

6 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Course Objectives
Upon completing this course, the learner will be able to meet these overall objectives:
„ Review how to configure and troubleshoot a small network
„ Expand the switched network from a small LAN to a medium-sized LAN with multiple
switches, supporting VLANs, trunking, and spanning tree
„ Describe routing concepts as they apply to a medium-sized network and discuss
considerations when implementing routing on the network
„ Configure, verify, and troubleshoot OSPF
„ Configure, verify, and troubleshoot EIGRP
„ Determine how to apply ACLs based on network requirements, and to configure, verify,
and troubleshoot ACLs on a medium-sized network
„ Describe when to use NAT or PAT on a medium-sized network and configure NAT or
PAT on routers
„ Identify and implement the appropriate WAN technology based on network requirements

Target Audience
The primary audience for this course is as follows:
„ Network administrators
„ Network engineers
„ Network managers
„ Systems engineers

The secondary audience for this course is as follows:


„ Network designers
„ Project managers

The tertiary audience for this course is as follows:


„ Program managers

Learner Skills and Knowledge


The knowledge and skills that a learner must have before attending this course are as follows:
„ Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking
Devices Part 1 (ICND1)
„ The ability to install, configure, and troubleshoot a small network

© 2007 Cisco Systems, Inc. Course Administration Guide 7


Course Instruction Details
This topic provides the information that you need to prepare the course materials and set up the
classroom environment.

Instructor Requirements
To teach this course, instructors must have attended the following training or completed the
following requirements:
„ An active Cisco Certified Systems Instructor who has been certified to teach INTRO and
ICND must complete the CCNA Instructor Update Briefing.
„ All other Cisco Certified Systems Instructors in good standing will need to do the
following:
— Complete the ICND1 course as a learner.
— Attend the ICND2 course as a learner.
— Pass the CCNA certification test (or both the ICND1 and ICND2 certification tests).
— For instructors who have yet to take the certification test but have completed the
courses, certifications will be provisional. The guidelines for ICND instructors
apply.
„ A Cisco Certified Systems Instructor who is certified in technology and is a WAN-certified
instructor is part of a “common pool” and may teach courses in either area. All other Cisco
Certified Systems Instructors may only teach courses in the area of specialization for which
they are certified.

Note Submit questions concerning instructor certification to icad@external.cisco.com.

Classroom Reference Materials


These items should be available for the learner during the course:
„ Student guide
„ Lab guide

Class Environment
This information describes recommended class size and classroom setup:
„ Room set up classroom style with chairs and tables large enough for 16 learners
„ Eight pairs of chairs sharing access to eight laptops or eight PCs
„ A projector to display course Microsoft PowerPoint slides; projection screen as needed
„ Sufficient power for all equipment
„ For local labs, rack and floor space to locate all equipment
„ For remote lab delivery, access to the Internet for all learners and the instructor

8 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Course Flow
This is the suggested course schedule. You may make adjustments based on the skills,
knowledge, and preferences of the learners in attendance. The presentation of all topics is
optional for noncertification offerings, but you are encouraged to use them because they are
designed to reinforce the lesson concepts and ensure that learners apply some of the concepts.

Day 1: Course Introduction, Small Network Implementation, and Medium-Sized Switched Network
Construction

8:30–9:20 Course Introduction


(0830–0920)

9:30–10:20 Introducing the Review Lab


(0930–1020)

10:30–12:00 Lab 1-1: Implementing a Small Network (Review Lab)


(1030–1200)

12:00–1:00 Lunch
(1200–1300)

1:00–1:50 Implementing VLANs and Trunks


(1300–1350)

2:00–2:50 Implementing VLANs and Trunks (Cont.)


(1400–1450)
Improving Performance with Spanning Tree

3:00–3:50 Improving Performance with Spanning Tree (Cont.)


(1500–1550)

4:00–5:00 Routing Between VLANS


(1600–1700)
Securing the Expanded Network

5:00 (1700) Day ends

Day 2: Medium-Sized Switched Network Construction and Medium-Sized Routed Network


Construction

8:00–8:30 Review of Day 1


(0800–0830)

8:30–9:20 Lab 2-1: Configuring Expanded Switched Networks


(0830–0920)

9:30–12:00 Lab 2-1: Configuring Expanded Switched Networks


(0930–1200) (Cont.)

12:00–1:00 Lunch
(1200–1300)

1:00–1:50 Troubleshooting Switched Networks


(1300–1350)

2:00–2:50 Lab 2-2: Troubleshooting Switched Networks


(1400–1450)

3:00–5:00 Reviewing Routing Operations


(1500–1700)

5:00 (1700) Day ends

© 2007 Cisco Systems, Inc. Course Administration Guide 9


Day 3: Medium-Sized Routed Network Construction, Single-Area OSPF Implementation, and
EIGRP Implementation

8:00–8:30 Review of Day 2


(0800–0830)

8:30–9:20 Reviewing Routing Operations (Cont.)


(0830–0920)
Implementing VLSM

9:30–12:00 Implementing OSPF


(0930–1200)

12:00–1:00 Lunch
(1200–1300)

1:00–1:50 Lab 4-1: Implementing OSPF


(1300–1350)

2:00–2:50 Troubleshooting OSPF


(1400–1450)

3:00–5:00 Lab 4-2: Troubleshooting OSPF


(1500–1700)
Implementing EIGRP

5:00 (1700) Day ends

Day 4: EIGRP Implementation, Access Control Lists, and Address Space Management

8:00–8:30 Review of Day 3


(0800–0830)

8:30–9:20 Implementing EIGRP (Cont.)


(0830–0920)
Lab 5-1: Implementing EIGRP

9:30–12:00 Troubleshooting EIGRP


(0930–1200)
Lab 5-2: Troubleshooting EIGRP

12:00–1:00 Lunch
(1200–1300)

1:00–1:50 Introducing ACL Operation


(1300–1350)
Configuring and Troubleshooting ACLs

2:00–2:50 Lab 6-1: Implementing and Troubleshooting ACLs


(1400–1450)

3:00–5:00 Scaling the Network with NAT and PAT


(1500–1700)
Lab 7-1: Configuring NAT and PAT

5:00 (1700) Day ends

Day 5: Address Space Management and LAN Extension into a WAN

8:00–8:30 Review of Day 4


(0800–0830)

8:30–9:20 Transitioning to IPv6


(0830–0920)

9:30–10:20 Lab 7-2: Implementing IPv6


(0930–1020)

10:30–12:00 Introducing VPN Solutions


(1030–1200)

12:00–1:00 Lunch
(1200–1300)

10 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
1:00–1:50 Establishing a Point-to-Point WAN Connection with PPP
(1300–1350)
Establishing a WAN connection with Frame Relay

2:00–2:50 Lab 8-1: Establishing a Frame Relay WAN


(1400–1450)

3:00–4:30 Troubleshooting Frame Relay WANs


(1500–1630)
Lab 8-2: Troubleshooting Frame Relay WANs

4:30–5:00 Wrap-up
(1630–1700)

High-Level Course Outline


This subtopic provides an overview of how the course is organized. The course contains these
components:
„ Course Introduction
„ Small Network Implementation
„ Medium-Sized Switched Network Construction
„ Medium-Sized Routed Network Construction
„ Single-Area OSPF Implementation
„ EIGRP Implementation
„ Access Control Lists
„ Address Space Management
„ LAN Extension into a WAN

Detailed Course Outline


This in-depth outline of the course structure lists each module, lesson, and topic.

Course Introduction
The Course Introduction provides learners with the course objectives and prerequisite learner
skills and knowledge. The Course Introduction presents the course flow diagram and the icons
that are used in the course illustrations and figures. This course component also describes the
curriculum for this course, providing learners with the information that they need to make
decisions regarding their specific learning path.
„ Overview
— Learner Skills and Knowledge
„ Course Goal and Objectives
„ Course Flow
„ Additional References
— Cisco Glossary of Terms
„ Your Training Curriculum

© 2007 Cisco Systems, Inc. Course Administration Guide 11


Module 1: Small Network Implementation
Upon completing this module, the learner will have reviewed how to configure and
troubleshoot a small network.

Lesson 1: Introducing the Review Lab


This lesson reviews how to configure a small network. Upon completing this lesson, the learner
will be able to meet this objective:
„ Describe the functions of the CLI
„ Describe the configuration modes of the Cisco IOS Software
„ Describe the help facilities available in the Cisco IOS Software
„ Implement a basic switch and router configuration and ensure that they operate properly

The lesson includes these topics:


„ Cisco IOS CLI Functions
„ Configuration Modes of Cisco IOS Software
„ Help Facilities of the Cisco IOS CLI
„ Commands Review

The lesson includes this activity:


„ Lab 1-1: Implementing a Small Network (Review Lab)

12 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Module 2: Medium-Sized Switched Network Construction
Upon completing this module, the learner will be able to expand a small-sized, switched LAN
to a medium-sized LAN with multiple switches, supporting VLANs, trunking, and spanning
tree.

Lesson 1: Implementing VLANs and Trunks


This lesson defines how and when to implement and verify VLANs and trunking, and
implement them on the network. Upon completing this lesson, the learner will be able to meet
these objectives:
„ Define the purpose and function of VLANs on Cisco Catalyst switches
„ Define the purpose and function of IEEE 802.1Q trunking on Cisco Catalyst switches
„ Define the purpose and function of VTP on Cisco Catalyst switches
„ List the steps required to configured a normal-range VLAN that uses VTP and 802.1Q
trunking

The lesson includes these topics:


„ Understanding VLANs
„ Understanding Trunking with 802.1Q
„ Understanding VLAN Trunking Protocol
„ Configuring VLANs and Trunks

Lesson 2: Improving Performance with Spanning Tree


This lesson describes situations in which spanning tree is used and how to implement it on the
network. Upon completing this lesson, the learner will be able to meet these objectives:
„ Describe the methods that are used to create fast physical connections between switches in
a redundant topology
„ Identify the potential issues of a redundant switched topology
„ Describe how spanning tree resolves issues of redundant switched networks
„ Configure RSTP, including the root switch and a backup root switch

The lesson includes these topics:


„ Building a Redundant Switched Topology
„ Recognizing Issues of a Redundant Switched Topology
„ Resolving Issues with STP
„ Configuring RSTP

Lesson 3: Routing Between VLANs


This lesson defines how to describe the application and configuration of inter-VLAN routing
for a medium-sized routed network. Upon completing this lesson, the learner will be able to
meet these objectives:
„ Describe the purpose of subinterfaces for inter-VLAN routing

© 2007 Cisco Systems, Inc. Course Administration Guide 13


„ Configure inter-VLAN routing using 802.1Q and an external router

The lesson includes these topics:


„ Understanding Inter-VLAN Routing
„ Configuring Inter-VLAN Routing

Lesson 4: Securing the Expanded Network


This lesson describes situations in which security is required at Layer 2, and implements it on
the network. Upon completing this lesson, the learner will be able to meet these objectives:
„ Describe the security needs of the expanded network and the characteristics of an
organizational security policy
„ Describe how to secure switch devices, including securing access to the switch and switch
protocols, and mitigating compromises that are launched through a switch

The lesson includes these topics:


„ Overview of Switch Security Concerns
„ Secure switch devices

The lesson includes this activity:


„ Lab 2-1: Configuring Expanded Switched Networks

Lesson 5: Troubleshooting Switched Networks


This lesson defines how to identify an approach for troubleshooting and isolating common
switched network problems and offer solutions. Upon completing this lesson, the learner will
be able to meet these objectives:
„ Describe the basic steps that are used to troubleshoot a switched network
„ Identify and resolve port connectivity issues
„ Identify and resolve VLAN and trunking issues
„ Identify and resolve VTP issues
„ Identify and resolve STP issues

The lesson includes these topics:


„ Troubleshooting Switches
„ Troubleshooting Port Connectivity
„ Troubleshooting VLANs and Trunking
„ Troubleshooting VTP
„ Troubleshooting Spanning Tree

The lesson includes this activity:


„ Lab 2-2: Troubleshooting Switched Networks

14 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Module 3: Medium-Sized Routed Network Construction
Upon completing this module, the learner will be able to describe routing concepts as they
apply to a medium-sized network and discuss considerations when implementing routing on the
network.

Lesson 1: Reviewing Routing Operations


This lesson describes the application and limitations of dynamic routing for a medium-sized
routed network. Upon completing this lesson, the learner will be able to meet these objectives:
„ Describe the purpose and types of dynamic routing protocols
„ Describe the operation and implementation of distance vector routing protocols
„ Describe the operation and implementation of link-state routing protocols

The lesson includes these topics:


„ Reviewing Dynamic Routing
„ Understanding Distance Vector Routing Protocols
„ Understanding Link-State Routing Protocols

Lesson 2: Implementing VLSM


This lesson describes the operation of VLSM and classless interdomain routing (CIDR) on
Cisco routers and explains how Cisco routers implement route summarization. Upon
completing this lesson, the learner will be able to meet these objectives:
„ Review subnet mask calculation
„ Describe the purpose of a VLSM and calculate VLSM
„ Describe the route summarization process and how routers manage route summarization

The lesson includes these topics:


„ Reviewing Subnets
„ Introducing VLSM
„ Summarizing Routes

© 2007 Cisco Systems, Inc. Course Administration Guide 15


Module 4: Single-Area OSPF Implementation
Upon completing this module, the learner will be able to configure, verify, and troubleshoot
OSPF.

Lesson 1: Implementing OSPF


This lesson defines the operation and configuration of a single-area OSPF network, including
load balancing and authentication. Upon completing this lesson, the learner will be able to meet
these objectives:
„ Describe the features of OSPF
„ Describe how OSPF neighbor adjacencies are established
„ Describe the SPF algorithm that OSPF uses
„ Configure a single-area OSPF network
„ Configure a loopback interface to be used as the router ID
„ Verify a single-area OSPF network configuration
„ Use the OSPF debug commands to troubleshoot OSPF
„ Configure load balancing with OSPF
„ Configure authentication for OSPF

The lesson includes these topics:


„ Introducing OSPF
„ Establishing OSPF Neighbor Adjacencies
„ SPF Algorithm
„ Configuring and Verifying OSPF
„ Loopback Interfaces
„ OSPF Configuration Verification
„ Using OSPF debug Commands
„ Load Balancing with OSPF
„ Authentication with OSPF

The lesson includes this activity:


„ Lab 4-1: Implementing OSPF

16 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lesson 2: Troubleshooting OSPF
This lesson defines how to identify an approach for troubleshooting common OSPF problems
and offer solutions. Upon completing this lesson, the learner will be able to meet these
objectives:
„ Describe the basic components of OSPF troubleshooting
„ Identify and resolve errors with OSPF neighbor adjacencies
„ Identify and resolve errors with OSPF routing tables
„ Identify and resolve authentication problems

The lesson includes these topics:


„ Components of Troubleshooting OSPF
„ Troubleshooting OSPF Neighbor Adjacencies
„ Troubleshooting OSPF Routing Tables
„ Troubleshooting Plaintext Password Authentication

The lesson includes this activity:


„ Lab 4-2: Troubleshooting OSPF

© 2007 Cisco Systems, Inc. Course Administration Guide 17


Module 5: EIGRP Implementation
Upon completing this module, the learner will be able to configure, verify, and troubleshoot
EIGRP.

Lesson 1: Implementing EIGRP


This lesson defines the operation and configuration of EIGRP, including load balancing and
authentication. Upon completing this lesson, the learner will be able to meet these objectives:
„ Describe the features of EIGRP
„ Configure and verify EIGRP
„ Configure load balancing with EIGRP
„ Configure MD5 authentication with EIGRP

The lesson includes these topics:


„ Introducing EIGRP
„ Configuring and Verifying EIGRP
„ Load Balancing with EIGRP
„ EIGRP Authentication

The lesson includes this activity:


„ Lab 5-1: Implementing EIGRP

Lesson 2: Troubleshooting EIGRP


This lesson defines how to identify an approach for troubleshooting common EIGRP problems
and offer solutions. Upon completing this lesson, the learner will be able to meet these
objectives:
„ Describe the basic components of troubleshooting a network that is running EIGRP
„ Identify and resolve EIGRP neighbor relationship issues
„ Identify and resolve EIGRP routing table issues
„ Identify and resolve EIGRP authentication

The lesson includes these topics:


„ Components of Troubleshooting EIGRP
„ Troubleshooting EIGRP Neighbor Issues
„ Troubleshooting EIGRP Routing Tables
„ Troubleshooting EIGRP Authentication

The lesson includes this activity:


„ Lab 5-2: Troubleshooting EIGRP

18 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Module 6: Access Control Lists
Upon completing this module, the learner will be able to determine how to apply ACLs based
on network requirements and configure, verify, and troubleshoot ACLs on a medium-sized
network.

Lesson 1: Introducing ACL Operation


This lesson defines the different types of IPv4 ACLs. Upon completing this lesson, the learner
will be able to meet these objectives:
„ Explain the purpose of ACLs and give examples of when to use them
„ Explain how inbound and outbound ACLs operate
„ Describe numbered and named, standard and extended IPv4 ACLs
„ Describe time-based, reflexive, and dynamic extended ACLs
„ Use wildcard masking to create IPv4 ACLs

The lesson includes these topics:


„ Understanding ACLs
„ ACL Operation
„ Types of ACLs
„ Additional Types of ACLs
„ ACL Wildcard Masking

Lesson 2: Configuring and Troubleshooting ACLs


This lesson defines how to configure and troubleshoot standard and extended, numbered and
named IPv4 ACLs. Upon completing this lesson, the learner will be able to meet these
objectives:
„ Configure and verify numbered standard IPv4 ACLs
„ Configure and verify numbered extended IPv4 ACLs
„ Configure and verify both standard and extended named IPv4 ACLs
„ Identify and resolve common ACL configuration errors

The lesson includes these topics:


„ Configuring Numbered Standard IPv4 ACLs
„ Configuring Numbered Extended IPv4 ACLs
„ Configuring Named ACLs
„ Troubleshooting ACLs

The lesson includes this activity:


„ Lab 6-1: Implementing and Troubleshooting ACLs

© 2007 Cisco Systems, Inc. Course Administration Guide 19


Module 7: Address Space Management
Upon completing this module, the learner will be able to describe when to use NAT or PAT on
a medium-sized network and configure NAT or PAT on routers.

Lesson 1: Scaling the Network with NAT and PAT


This lesson defines how to configure and verify static, dynamic, and overloading NAT and
identify key show and debug command parameters that are required for troubleshooting. Upon
completing this lesson, the learner will be able to meet these objectives:
„ Describe the features and benefits of NAT and PAT
„ Describe how to translate inside source addresses by using static and dynamic translation
and configure NAT
„ Configure PAT by overloading an inside global address
„ Identify and resolve issues with the NAT translation table
„ Identify and resolve issues with using the correct translation entry

The lesson includes these topics:


„ Introducing NAT and PAT
„ Translating Inside Source Addresses
„ Overloading an Inside Global Address
„ Resolving Translation Table Issues
„ Resolving Issues with Using the Correct Translation Entry

The lesson includes this activity:


„ Lab 7-1: Configuring NAT and PAT

20 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lesson 2: Transitioning to IPv6
This lesson defines how to explain the format of IPv6 addresses and components that are
required to run IPv6, explain the impact of IPv6 on network routing, and configure basic IPv6
parameters. Upon completing this lesson, the learner will be able to meet these objectives:
„ Explain the need for IPv6
„ Describe the format of the IPv6 address
„ Explain the methods that are used to assign an IPv6 address
„ Explain how IPv6 affects common routing protocols and the necessary modifications you
need to make to these protocols
„ Explain transition strategies for implementing IPv6
„ Configure IPv6 with RIPng through an IPv4 network

The lesson includes these topics:


„ Reasons for Using IPv6
„ Understanding the IPv6 Address
„ Assigning IPv6 Addresses
„ Routing Considerations with IPv6
„ Strategies for Implementing IPv6
„ Configuring IPv6

The lesson includes this activity:


„ Lab 7-2: Implementing IPv6

© 2007 Cisco Systems, Inc. Course Administration Guide 21


Module 8: LAN Extension into a WAN
Upon completing this module, the learner will be able to identify and implement the
appropriate WAN technology based on network requirements.

Lesson 1: Introducing VPN Solutions


This lesson defines how to describe the uses of VPNs for site-to-site and remote-user access.
You will learn about the benefits of VPN implementations and the underlying hardware,
software, and protocols required to configure a VPN solution. Upon completing this lesson, the
learner will be able to meet these objectives:
„ Define a VPN
„ Define the different types of and uses for VPNs
„ Describe the components of VPN
„ Describe IPsec and its components
„ Describe how encryption, integrity, and authentication are applied to the IPsec protocol
suite

The lesson includes these topics:


„ VPNs and Their Benefits
„ Types of VPNs
„ Components of VPNs
„ Introducing IPsec
„ IPsec Protocol Framework

Lesson 2: Establishing a Point-to-Point WAN Connection with PPP


This lesson defines how to connect to a service provider over a network and describe the
operation and configuration of PPP. Upon completing this lesson, the learner will be able to
meet these objectives:
„ Describe the types of encapsulation that are available on Cisco routers
„ Describe the features and functionality of PPP
„ Configure and verify PPP

The lesson includes these topics:


„ Understanding WAN Encapsulations
„ Overview of PPP
„ Configuring and Verifying PPP

22 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lesson 3: Establishing a WAN Connection with Frame Relay
This lesson defines how to connect to a service provider over a network and describe the
operation and configuration of Frame Relay. Upon completing this lesson, the learner will be
able to meet these objectives:
„ Describe the features and functions of Frame Relay
„ Configure Frame Relay
„ Verify that Frame Relay is functioning as configured

The lesson includes these topics:


„ Understanding Frame Relay
„ Configuring Frame Relay
„ Verifying Frame Relay

The lesson includes this activity:


„ Lab 8-1: Establishing a Frame Relay WAN

Lesson 4: Troubleshooting Frame Relay WANs


This lesson defines how to identify an approach for troubleshooting common Frame Relay
problems and offer solutions. Upon completing this lesson, the learner will be able to meet
these objectives:
„ Describe the basic steps that are used to troubleshoot a Frame Relay WAN
„ Identify and resolve the most common Frame Relay connectivity issues

The lesson includes these topics:


„ Components of Troubleshooting Frame Relay
„ Troubleshooting Frame Relay Connectivity Issues

The lesson includes this activity:


„ Lab 8-2: Troubleshooting Frame Relay WANs

© 2007 Cisco Systems, Inc. Course Administration Guide 23


Course Evaluations
Cisco uses a post-course evaluation system, Metrics That Matter (MTM), for its instructor-led
courses. The instructor must ensure that each learner is aware of the confidential evaluation
process and that all learners submit an evaluation for each course. There are two options for
learners to complete the evaluation.

For Classes with Internet Access


A URL will be made available, specific to each Cisco Learning Partner. Obtain the URL from
your MTM system administrator before the last day of class.
1. Upon completion of the course, instruct the learners to enter the URL into their browser.

2. Make sure that the learners input their e-mail address (used only for a follow-up
evaluation).

Note Sixty days following a learning event, learners will receive a brief follow-up evaluation, and,
again, responses will be kept confidential. E-mail addresses will not be used for marketing
purposes. (If learners do not have e-mail addresses, they may type in a “dummy” address.)

3. Instruct the learners to select the appropriate course from the drop-down list.

4. Instruct the learners to complete the course evaluation and click Submit one time only.
5. Advise the learners to wait for “Thank you” to appear on the screen before leaving.

For Classes Without Internet Access


A paper-based version of the post-course evaluation is available. Your MTM system
administrator can provide you with copies.
1. Distribute paper-based evaluations at the beginning of the last day of class.

2. Instruct the learners to complete the survey only after completing the course.

3. Collect the evaluations and submit them to your MTM system administrator.

To View Evaluation Results


To view your post-course evaluation results:
1. Go to www.metricsthatmatter.com/client. (Reminder: All data is confidential; you will see
only your own data.)

2. Log in using your ID and the password sent to you from MTM or provided by your
company MTM system administrator to ensure confidentiality.

3. Choose Menu Option – Learner Evaluation Reports:


— Evaluation Retrieval Tool
— Class Evaluation Summary Report
4. Search for and select the appropriate class.

24 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab Setup

Overview
The purpose of the “Lab Setup” section is to assist in the setup and configuration of the training
equipment for Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 course. This
section includes these topics:
„ Lab Topology
„ Hardware and Software Requirements
„ Workstation Configuration
„ Lab Equipment Configuration
„ General Lab Setup
„ Lab 1-1: Implementing a Small Network (Review Lab)
„ Lab 2-1: Configuring Expanded Switched Networks
„ Lab 2-2: Troubleshooting Switched Networks
„ Lab 4-1: Implementing OSPF
„ Lab 4-2: Troubleshooting OSPF
„ Lab 5-1: Implementing EIGRP
„ Lab 5-2: Troubleshooting EIGRP
„ Lab 6-1: Implementing and Troubleshooting ACLs
„ Lab 7-1: Configuring NAT and PAT
„ Lab 7-2: Implementing IPv6
„ Lab 8-1: Establishing a Frame Relay WAN
„ Lab 8-2: Troubleshooting Frame Relay WANs
„ Configuration Files Summary
„ Lab Activity Solutions
„ Teardown and Restoration

© 2007 Cisco Systems, Inc. Course Administration Guide 25


Lab Topology
This topic describes the lab topology for Interconnecting Cisco Networking Devices Part 2
(ICND2) v1.0.

CCNA Lab Topology

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—3

Note The ICND2 course shares a common lab topology with the ICND1 course. However, the
ICND1 course lab uses a third core switch (core switch C), which is not used in ICND2.

ICND2 Lab Configuration: CoreSwitchC Not Shown


Example: Two out of Eight Total Workgroups

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—2

26 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
The ICND2 lab consists of eight workgroups, A through H, supporting 16 learners. A
workgroup consists of a workgroup router (for example, RouterA), and a workgroup switch (for
example, SwitchA). Each workgroup has connectivity to the core equipment (for example,
CoreRouter, CoreSwitchA, and CoreSwitchB), which are managed by the instructor.

Due to lab design, lab activities will eventually require an even number of workgroups;
workgroup A will collaborate with workgroup B, C with D, E with F, and G with H.

The IP addressing changes during the course. Check the addressing tables that accompany the
corresponding lab activities.

© 2007 Cisco Systems, Inc. Course Administration Guide 27


Hardware and Software Requirements
Hardware List
The hardware listed in the following table is suggested for supporting both the ICND1 and ICND2
course labs.

Description Mfr. Part Number Qty.

Learner Pod Equipment: 2 Learners Per Pod, 8 Pods Total Per Class

Cisco Catalyst 2960 Series Switch Cisco WS-2960-24TT-L 8

Cisco 2811 Integrated Services Router Cisco CISCO2811 8

2-Port Serial WIC Cisco WIC-2T 8

Cables DTE Cisco CAB-SS-X21MT 12

Cables DCE Cisco CAB-SS-X21FC 4

Microsoft Windows PC Varies N/A 8

Common Equipment: Supports 8 Pods, 1 Set Per Class (ICND 1 and 2)

Cisco Catalyst 2960 Series Switch (CoreSwitchA, Cisco WS-2960-24TT-L 3


CoreSwitchB, and CoreSwitchC)

Cisco 2811 Integrated Services Router (Core Cisco CISCO 2811 1


Router)

8-Port Asynchronous Serial Network Module Cisco NM-8A/S 1

Cables DCE Cisco CAB-X21FC 8

2-Port Serial WIC Cisco WIC-2T 1

Cables DTE Cisco CAB-SS-X21MT 1

Cables DCE Cisco CAB-SS-X21FC 1

Cisco 2811 Integrated Services Router (VPN or Cisco CISCO2811 1


console server)

16-Port Asynchronous Module Cisco NM-16A 1

Cables for NM-16A Cisco CAB-OCTAL-ASYNC 2

8-Port Asynchronous HWIC Cisco HWIC8A 1

High-density 8-port EIA-232 Async Cable Cisco CAB-HD-ASYNC 1

Other Required Equipment

A TFTP server is required to support local Generic N/A


1
services.

28 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Software List
The software listed in the following table is suggested for supporting both the ICND1 and
ICND2 course labs.

Description Mfr. Part Number Qty.

Cisco IOS Release 12.2 on Cisco Catalyst Cisco TBD 1 per


switches device

(C2960-LANBASEK9-M), Version 12.2(25)SEE2

Cisco IOS Release 12.4 on Cisco Integrated Cisco TBD 1 per


Services Routers device

(C2800NM-ADVIPSERVICESK9-M), Version
12.4(12)

PCs: Windows 2000 or XP Microsoft N/A 1 per PC

PCs: Cisco VPN Client software Cisco N/A 8


(download
from
Cisco.com)

Wireshark Packet Sniffer Wireshark N/A 8 (on


course
CD)

PuTTY term emulator PuTTY N/A 8 (on


course
CD)

TFTP32 Jounin N/A

Go to http://tftpd32.jounin.net/ for more


information

© 2007 Cisco Systems, Inc. Course Administration Guide 29


Lab Equipment Configuration
This equipment configuration information is necessary for initial setup of the lab configuration.

Lab Cabling
Workgroup Routers and Switches

Device Interface Device Interface Remarks

RouterA Fa0/0 SwitchA Fa0/2 ST


S0/0/0 CoreRouter S 1/0 DTE
S0/0/1 RouterB S 0/0/1 DTE

SwitchA Fa0/2 RouterA Fa0/0 ST


Fa0/11 CoreSwitchA Fa0/1 XO
Fa0/12 CoreSwitchB Fa0/1 XO

Router B Fa0/0 SwitchB Fa0/2 ST


S0/0/0 CoreRouter S1/1 DTE
S0/0/1 RouterA S0/0/1 DCE

SwitchB Fa0/2 RouterB Fa0/0 ST


Fa0/11 CoreSwitchA Fa0/2 XO
Fa0/12 CoreSwitchB Fa0/2 XO

RouterC Fa0/0 SwitchC Fa0/2 ST


S0/0/0 CoreRouter S1/2 DTE
S0/0/1 RouterD S0/0/1 DTE

SwitchC Fa0/2 RouterC Fa0/0 ST


Fa0/11 CoreSwitchA Fa0/3 XO
Fa0/12 CoreSwitchB Fa0/3 XO

RouterD Fa0/0 SwitchD Fa0/2 ST


S0/0/0 CoreRouter S1/3 DTE
S0/0/1 RouterC S0/0/1 DCE

SwitchD Fa0/2 RouterD Fa0/0 ST


Fa0/11 CoreSwitchA Fa0/4 XO
Fa0/12 CoreSwitchB Fa0/4 XO

30 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Device Interface Device Interface Remarks

RouterE Fa0/0 SwitchE Fa0/2 ST

S0/0/0 CoreRouter S1/4 DTE

S0/0/1 RouterF S0/0/1 DTE

SwitchE Fa0/2 RouterE Fa0/0 ST

Fa0/11 CoreSwitchA Fa0/5 XO

Fa0/12 CoreSwitchB Fa0/5 XO

RouterF Fa0/0 SwitchF Fa0/2 ST

S0/0/0 CoreRouter S1/5 DTE

S0/0/1 RouterE S0/0/1 DCE

SwitchF Fa0/2 RouterF Fa0/0 ST

Fa0/11 CoreSwitchA Fa0/6 XO

Fa0/12 CoreSwitchB Fa0/6 XO

RouterG Fa0/0 SwitchG Fa0/2 ST

S0/0/0 CoreRouter S1/6 DTE

S0/0/1 RouterH S0/0/1 DTE

SwitchG Fa0/2 RouterG Fa0/0 ST

Fa0/11 CoreSwitchA Fa0/7 XO

Fa0/12 CoreSwitchB Fa0/7 XO

RouterH Fa0/0 SwitchH Fa0/2 ST

S0/0/0 CoreRouter S1/7 DTE

S0/0/1 RouterG S0/0/1 DCE

SwitchH Fa0/2 RouterH Fa0/0 ST

Fa0/11 CoreSwitchA Fa0/8 XO

Fa0/12 CoreSwitchB Fa0/8 XO

ST = straight RJ-45; XO = cross-over RJ-45

© 2007 Cisco Systems, Inc. Course Administration Guide 31


Core SwitchAfc

Device Interface Device Interface Remarks

Core switch A Fa0/1 SwitchA Fa0/11 XO

Fa0/2 SwitchB Fa0/11 XO

Fa0/3 SwitchC Fa0/11 XO

Fa0/4 SwitchD Fa0/11 XO

Fa0/5 SwitchE Fa0/11 XO

Fa0/6 SwitchF Fa0/11 XO

Fa0/7 SwitchG Fa0/11 XO

Fa0/8 SwitchH Fa0/11 XO

Fa0/9–fa0/12 Unused

Fa0/13 CoreSwitchB Fa0/13 XO

Fa0/14 CoreSwitchB Fa0/14 XO

Fa0/15–fa0/22 Unused

Fa0/23 CoreRouter Fa0/0 ST

Fa0/24 TFTP ST

Gi0/1 Unused

Gi0/2 Unused

Core SwitchB

Device Interface Device Interface Remarks

Core SwitchB Fa0/1 SwitchA Fa0/12 XO

Fa0/2 SwitchB Fa0/12 XO

Fa0/3 SwitchC Fa0/12 XO

Fa0/4 SwitchD Fa0/12 XO

Fa0/5 SwitchE Fa0/12 XO

Fa0/6 SwitchF Fa0/12 XO

Fa0/7 SwitchG Fa0/12 XO

Fa0/8 SwitchH Fa0/12 XO

Fa0/9–fa0/12 Unused

Fa0/13 CoreSwitchA Fa0/13 XO

Fa0/14 CoreSwitchA Fa0/14 XO

Fa0/15–fa0/24 Unused

Gi0/1 Unused

Gi0/2 Unused

32 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Core Router/Frame Relay Switch

Device Interface Device Interface Remarks

Core Router

Fa0/0 CoreSwitchA FA0/23 ST

S1/0 RouterA S0/0/0 DCE

S1/1 RouterB S0/0/0 DCE

S1/2 RouterC S0/0/0 DCE

S1/3 RouterD S0/0/0 DCE

S1/4 RouterE S0/0/0 DCE

S1/5 RouterF S0/0/0 DCE

S1/6 RouterG S0/0/0 DCE

S1/7 RouterH S0/0/0 DCE

S0/0/0 CoreRouter S0/0/1 Loopback DCE

S0/0/1 CoreRouter S0/0/0 Loopback DTE

TFTP Server Preparation


Several labs require the use of a TFTP server. Configure the server with the address of
10.1.1.1/24 and default gateway of 10.1.1.3. Also, copy the following files into the TFTP root
directory so they are available for download.
„ i2-corero1-dot1Q.txt i2-corero2-routing.txt
„ i2-corero3-frame.txt i2-coreswa1-no-trunk-to-wg.txt
„ i2-coreswa2-trunk-to-wg.txt i2-coreswa3-ports-to-wg-shut.txt
„ i2-coreswb1-ports-to-wg-shut.txt i2-coreswb2-trunk-to-wg.txt
„ i2-wg_ro-config-lab2-2.txt i2-wg_ro-config-lab4-2.txt
„ i2-wg_ro-config-lab6-1.txt i2-wg_ro-config-lab8-2.txt
„ i2-wg_sw-config-lab2-2.txt i2-wg_sw-config-lab6-1.txt

Terminal Server Preparation


Several lab activities require learners to open multiple console connections simultaneously, for
example, one session with the workgroup router and one session with the workgroup switch.
Lab developers should ensure the remote lab equipment terminal server has an adequate
number of vty lines available, the suggested minimum number of which is 18 to 20.

© 2007 Cisco Systems, Inc. Course Administration Guide 33


General Lab Setup
This information details the procedure to set up and configure the lab equipment at the
beginning of each class.
Step 1 Download the initial core configuration from the TFTP server into each of the
startup-configuration of the core devices. The initial core configuration files are as
follows:

Device Configuration File to Install

CoreRouter i2-corero1-dot1Q.txt

CoreSwitchA i2-coreswa1-no-trunk-to-wg.txt

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt

Workgroup routers or switches None

Note Learners will create their own initial workgroup configurations.

Step 2 Reload each core device.

Caution If your ICND2 course is sharing the lab topology that supports the ICND1 course, it is
suggested that all ports on core SwitchC remain disabled for all ICND2 labs. CoreSwitchC is
not used for any ICND2 labs.

34 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 1-1: Implementing a Small Network (Review
Lab)
This topic details the lab activity for Lab 1-1.

Objectives
You will complete these tasks in this lab:
„ Return your workgroup switch and router to their default configurations
„ Configure your workgroup switch and router with their proper identities and IP addressing
„ Provide basic security with passwords and port security

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 1-1: Implementing a


Small Network (Review Lab)
WG Switch Router
fa0/0

A 10.1.1.10 10.1.1.11
B 10.1.1.20 10.1.1.21
C 10.1.1.30 10.1.1.31
D 10.1.1.40 10.1.1.41
E 10.1.1.50 10.1.1.51
F 10.1.1.60 10.1.1.61
G 10.1.1.70 10.1.1.71
H 10.1.1.80 10.1.1.81

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—3

© 2007 Cisco Systems, Inc. Course Administration Guide 35


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero1-dot1Q.txt See “General Lab Setup”

CoreSwitchA i2-coreswa1-no-trunk-to-wg.txt See “General Lab Setup”

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt See “General Lab Setup”

Workgroup routers and None See “General Lab Setup”


switches

Additional Setup Notes


IP Addresses

Workgroup Workgroup Workgroup SwitchX CoreSwitchA Workgroup Workgroup


Switch Interface RouterFa0/0
Switch Name Router Name Port Port
VLAN 1 Interface

(SwitchX) (RouterX)

A SwitchA RouterA Fa0/11 Fa0/1 10.1.1.10/24 10.1.1.11/24

B SwitchB RouterB Fa0/11 Fa0/2 10.1.1.20/24 10.1.1.21/24

C SwitchC RouterC Fa0/11 Fa0/3 10.1.1.30/24 10.1.1.31/24

D SwitchD RouterD Fa0/11 Fa0/4 10.1.1.40/24 10.1.1.41/24

E SwitchE RouterE Fa0/11 Fa0/5 10.1.1.50/24 10.1.1.51/24

F SwitchF RouterF Fa0/11 Fa0/6 10.1.1.60/24 10.1.1.61/24

G SwitchG RouterG Fa0/11 Fa0/7 10.1.1.70/24 10.1.1.71/24

H SwitchH RouterH Fa0/11 Fa0/8 10.1.1.80/24 10.1.1.81/24

Instructor Notes
In this lab, the learner removes any previous configuration from the workgroup router and
switches and creates a basic workgroup router and switch configuration, which becomes the
basis for all future labs.

The purpose of this lab is not to introduce new concepts to the learners but to review
prerequisite concepts and commands the learners should understand prior to attending this
course. The instructor should use this lab to gain the following information:
„ Gauge the prerequisite learner knowledge
„ Identify the topical strengths and weaknesses of the learners
„ Help determine learner workgroup partner pairings for future labs

The instructor will also provide the setup information to access the remote lab equipment.

36 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 2-1: Configuring Expanded Switched
Networks
This topic details the lab activity for Lab 2-1.

Objectives
You will complete these tasks in this lab:
„ Configure the switch to participate in a VTP domain and configure the switch for
transparent mode
„ Configure trunking on a trunk port to provide access to a router on the network
„ Configure separate VLANs for separate logical networks
„ Enable RSTP and configure the root switch and backup root switch

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 2-1: Configuring


Expanded Switched Networks
Subnet VLAN Devices
10.1.1.0 1 Core Switches, CoreRouter, SwitchX
10.2.2.0 2 CoreRouter, RouterA
10.3.3.0 3 CoreRouter, RouterB
10.4.4.0 4 CoreRouter, RouterC
10.5.5.0 5 CoreRouter, RouterD
10.6.6.0 6 CoreRouter, RouterE
10.7.7.0 7 CoreRouter, RouterF
10.8.8.0 8 CoreRouter, RouterG
10.9.9.0 9 CoreRouter, RouterH

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—4

© 2007 Cisco Systems, Inc. Course Administration Guide 37


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero1-dot1Q.txt This setup is the same as the previous lab.

CoreSwitchA i2-coreswa2-trunk-to-wg.txt Copy this configuration to the running


configuration.

CoreSwitchBB i2-coreswb2-trunk-to-wg.txt Copy this configuration to the running


configuration.

Instructor Notes
If time permits, in optional Task 5, the learner configures a Per VLAN Rapid Spanning Tree
(PVRST) primary and secondary root bridge with a partner workgroup. The instructor may
assign this task to groups that finish the previous tasks and are waiting for the remainder of the
class to complete the lab.

38 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 2-2: Troubleshooting Switched Networks
This topic details the lab activity for Lab 2-2.

Objectives
You will complete this task in this lab:
„ Discover switched network connectivity issues, follow troubleshooting guidelines to
ascertain switched connectivity problems, and re-establish switched network connectivity

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 2-2:


Troubleshooting Switched Networks
WG Switch Router
fa0/0

A 10.1.1.10 10.2.2.12
B 10.1.1.20 10.3.3.12
C 10.1.1.30 10.4.4.12
D 10.1.1.40 10.5.5.12
E 10.1.1.50 10.6.6.12
F 10.1.1.60 10.7.7.12
G 10.1.1.70 10.8.8.12
H 10.1.1.80 10.9.9.12

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—5

© 2007 Cisco Systems, Inc. Course Administration Guide 39


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero1-dot1Q.txt This setup is the same as the previous lab.

CoreSwitchA i2-coreswa2-trunk-to-wg.txt This setup is the same as the previous lab.

CoreSwitchB i2-coreswb2-trunk-to-wg.txt This setup is the same as the previous lab.

Workgroup routers i2-wg_ro-config-lab2-2.txt Learners download this configuration from


the TFTP server as part of the lab.

It is used at end of lab activity to test


whether the learners have troubleshot and
fixed the problems correctly. It is simply a
“congratulations” banner.

Workgroup switches i2-wg_sw-config-lab2-2.txt Learners download this configuration from


the TFTP server as part of the lab.

Instructor Notes
Learners will download a faulty configuration into their workgroup switches from the TFTP
server and troubleshoot to correct the problems. The problems introduced are as follows:
„ A VLAN is missing from the VLAN database.
„ Trunking to the core is turned off and an incorrect trunking mode (dynamic desirable) is
introduced.
„ A duplex mismatch with the core is configured.

Instructors should remind learners to refrain from simply issuing a show run command and
comparing the problem configuration with the working baseline configuration. One of the
objectives of the lab activity is for the learners to work on their troubleshooting skills by
practicing using a variety of applicable show and debug commands.

After all of the learners have completed the lab activity, instructors will facilitate a debriefing
that reviews the possible steps learners took to gather symptoms and isolate and correct
problems. Instructors should encourage learners to complete the “Troubleshooting Steps” table
in the “Job Aids” section of the lab as they troubleshoot and to reference the table during the
debriefing process.

40 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-1: Implementing OSPF
This topic details the lab activity for Lab 4-1.

Objectives
You will complete these tasks in this lab:
„ Disable the LAN connections to the core
„ Enable the serial connections on a workgroup router
„ Configure OSPF on a workgroup router
„ Configure plaintext authentication for OSPF
„ Verify the correct operation and configuration of OSPF routing and OSPF plaintext
authentication

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 4-1: Implementing OSPF

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—6

© 2007 Cisco Systems, Inc. Course Administration Guide 41


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero2-routing.txt Copy this configuration to the


running configuration.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt Copy this configuration to the


running configuration.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt Copy this configuration to the


running configuration.

Additional Setup Notes


IP Addresses

Workgroup Workgroup Workgroup Workgroup Workgroup Workgroup Core Router


Switch RouterFa0/0 Router Router S0/0/0 Router S0/0/1 Serial
Interface Interface Loopback 0 Interface Interface Interface
VLAN 1 Interface
(RouterX) (RouterX) (RouterX) (CoreRouter)
(SwitchX) (RouterX)

A 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.23.23.1/24 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.23.23.2/24 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.45.45.1/24 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.45.45.2/24 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.67.67.1/24 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.67.67.2/24 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.89.89.1/24 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.89.89.2/24 10.140.8.1/24

Instructor Notes
With the implementation of OSPF plaintext authentication, instructors may find that learners
have a partial OSPF neighbor table during the lab activity. To have a complete OSPF neighbor
table, the local and peer routers must have successfully configured OSPF with authentication.

42 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-2: Troubleshooting OSPF
This topic details the lab activity for Lab 4-2.

Objectives
You will complete this task in this lab:
„ Discover OSPF network connectivity issues and follow troubleshooting guidelines to
isolate and fix OSPF connectivity problems

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 4-2:


Troubleshooting OSPF

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7

Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero2-routing.txt This setup is the same as the previous lab.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt This setup is the same as the previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt This setup is the same as the previous lab.

Workgroup routers i2-wg_ro-config-lab4-2.txt Learners download this file as part of the lab.

© 2007 Cisco Systems, Inc. Course Administration Guide 43


Additional Setup Notes
IP Addresses

Workgroup Workgroup Workgroup Workgroup Workgroup Workgroup Core Router


Switch RouterFa0/0 Router Router S0/0/0 Router S0/0/1 Serial
Interface Interface Loopback 0 Interface Interface Interface
VLAN 1 Interface
(RouterX) (RouterX) (RouterX) (CoreRouter)
(SwitchX) (RouterX)

A 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.23.23.1/24 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.23.23.2/24 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.45.45.1/24 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.45.45.2/24 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.67.67.1/24 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.67.67.2/24 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.89.89.1/24 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.89.89.2/24 10.140.8.1/24

Instructor Notes
Learners will download a faulty configuration into their workgroup routers from the TFTP
server and troubleshoot to correct the problems. The problems introduced are as follows:
„ An incorrect wildcard bit mask in the OSPF network statement
„ An incorrect OSPF authentication key configured with the CoreRouter

Instructors should remind learners to refrain from simply issuing a show run command and
comparing the problem configuration with the working baseline configuration. One of the
objectives of the lab activity is for the learners to work on their troubleshooting skills by
practicing using a variety of applicable show and debug commands.

After all of the learners have completed the lab activity, instructors will facilitate a debriefing
that reviews the possible steps learners took to gather symptoms and isolate and correct
problems. Instructors should encourage learners to complete the “Troubleshooting Steps” table
in the “Job Aids” section of the lab as they troubleshoot and to reference the table during the
debriefing process.

44 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 5-1: Implementing EIGRP
This topic details the lab activity for Lab 5-1.

Objectives
You will complete these tasks in this lab:
„ Configure EIGRP on the router
„ Configure MD5 authentication for EIGRP
„ Verify the correct operation and configuration of EIGRP routing using show commands,
and verify the correct operation and configuration of EIGRP MD5 authentication
„ Debug the EIGRP neighbor processes

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 5-1:


Implementing EIGRP

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—8

© 2007 Cisco Systems, Inc. Course Administration Guide 45


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero2-routing.txt The setup is the same as the


previous lab.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt The setup is the same as the


previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt The setup is the same as the


previous lab.

Additional Setup Notes


IP Addresses

Workgroup Workgroup Workgroup Workgroup Workgroup Workgroup Core Router


Switch RouterFa0/0 Router Router S0/0/0 Router S0/0/1 Serial
Interface Interface Loopback 0 Interface Interface Interface
VLAN 1 Interface
(RouterX) (RouterX) (RouterX) (CoreRouter)
(SwitchX) (RouterX)

A 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.23.23.1/24 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.23.23.2/24 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.45.45.1/24 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.45.45.2/24 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.67.67.1/24 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.67.67.2/24 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.89.89.1/24 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.89.89.2/24 10.140.8.1/24

Instructor Notes
With the implementation of EIGRP Message Digest 5 (MD5) authentication, instructors may
find learners have a partial EIGRP neighbor table during the lab activity. A complete EIGRP
neighbor table requires the local and peer routers to have successfully configured EIGRP with
authentication.

46 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 5-2: Troubleshooting EIGRP
This topic details the lab activity for Lab 5-2.

Objectives
You will complete these tasks in this lab:
„ Discover EIGRP network connectivity issues and follow troubleshooting guidelines to
isolate and fix EIGRP connectivity problems
„ Test EIGRP network connectivity

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 5-2:


Troubleshooting EIGRP

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—9

Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero2-routing.txt The setup is the same as the previous lab.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt The setup is the same as the previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt The setup is the same as the previous lab.

© 2007 Cisco Systems, Inc. Course Administration Guide 47


Additional Setup Notes
IP Addresses

Workgroup Workgroup Workgroup Workgroup Workgroup Workgroup Core Router


Router Fa0/0 Router Router Router S0/0/0 Router S0/0/1 Serial
Interface Loopback 0 Loopback 1 Interface Interface Interface
Interface Interface
(RouterX) (RouterX) (RouterX) (CoreRouter)
(RouterX) (RouterX)

A 10.2.2.3/24 192.168.1.65/28 172.16.2.1/24 10.140.1.2/24 10.23.23.1/24 10.140.1.1/24

B 10.3.3.3/24 192.168.1.81/28 172.16.3.1/24 10.140.2.2/24 10.23.23.2/24 10.140.2.1/24

C 10.4.4.3/24 192.168.2.65/28 172.16.4.1/24 10.140.3.2/24 10.45.45.1/24 10.140.3.1/24

D 10.5.5.3/24 192.168.2.81/28 172.16.5.1/24 10.140.4.2/24 10.45.45.2/24 10.140.4.1/24

E 10.6.6.3/24 192.168.3.65/28 172.16.6.1/24 10.140.5.2/24 10.67.67.1/24 10.140.5.1/24

F 10.7.7.3/24 192.168.3.81/28 172.16.7.1/24 10.140.6.2/24 10.67.67.2/24 10.140.6.1/24

G 10.8.8.3/24 192.168.4.65/28 172.16.8.1/24 10.140.7.2/24 10.89.89.1/24 10.140.7.1/24

H 10.9.9.3/24 192.168.4.81/28 172.16.9.1/24 10.140.8.2/24 10.89.89.2/24 10.140.8.1/24

Instructor Notes
Learners will create a loopback interface in the 172.16.0.0 network causing a discontiguous
network addressing scheme with the core loopback. To provide connectivity from their
loopback network to the core loopback network, learners must configure EIGRP with the no
auto-summary statement.

Instructors should remind learners to refrain from simply issuing a show run command and
comparing the problem configuration with the working baseline configuration. One of the
objectives of the lab activity is for learners to work on their troubleshooting skills by practicing
using a variety of applicable show and debug commands.

After all of the learners have completed the lab activity, instructors will facilitate a debriefing
that reviews the possible steps learners took to gather symptoms and isolate and correct
problems. Instructors should encourage learners to complete the “Troubleshooting Steps” table
in the “Job Aids” section of the lab as they troubleshoot and to reference the table during the
debriefing process.

48 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 6-1: Implementing and Troubleshooting
ACLs
This topic details the lab activity for Lab 6-1.

Objectives
You will complete these tasks in this lab:
„ Create an IP extended access list to block Telnet traffic, apply it to an interface, and verify
its operation
„ Create an IP extended ACL to block TFTP requests from a workgroup
„ Troubleshoot to isolate and resolve an ACL problem

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 6-1: Implementing


and Troubleshooting ACLs
WG Router s0/0/0 Router fa0/0 Switch

A 10.140.1.2 10.2.2.3 10.2.2.11


B 10.140.2.2 10.3.3.3 10.3.3.11
C 10.140.3.2 10.4.4.3 10.4.4.11
D 10.140.4.2 10.5.5.3 10.5.5.11
E 10.140.5.2 10.6.6.3 10.6.6.11
F 10.140.6.2 10.7.7.3 10.7.7.11
G 10.140.7.2 10.8.8.3 10.8.8.11
H 10.140.8.2 10.9.9.3 10.9.9.11

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—10

© 2007 Cisco Systems, Inc. Course Administration Guide 49


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero2-routing.txt The setup is the same as the previous lab.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt The setup is the same as the previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt The setup is the same as the previous lab.

Workgroup routers i2-wg_ro-config-lab6-1.txt Learners will download this configuration


as part of the lab.

Additional Setup Notes


IP Addresses

Workgroup Workgroup Workgroup Workgroup Workgroup Workgroup Core Router


Subnets Switch RouterFa0/ Router Router S0/0/0 Serial
Interface 0 Interface Loopback 0 Interface Interface
10.x.x.0/24
VLAN 1 Interface
(RouterX) (RouterX) (CoreRouter)
(SwitchX) (RouterX)

A 10.2.2.0/24 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.140.1.1/24

B 10.3.3.0/24 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.140.2.1/24

C 10.4.4.0/24 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.140.3.1/24

D 10.5.5.0/24 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.140.4.1/24

E 10.6.6.0/24 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.140.5.1/24

F 10.7.7.0/24 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.140.6.1/24

G 10.8.8.0/24 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.140.7.1/24

H 10.9.9.0/24 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.140.8.1/24

Instructor Notes
Learners will download a faulty configuration into their workgroup routers from the TFTP
server and troubleshoot to correct the problem. The objective of the ACL is to deny TFTP
traffic from the workgroup but allow all other traffic. The problem introduced is that the ACL
allows all other UDP traffic rather than all other IP traffic.

When testing the effectiveness of the ACL, a learner will attempt to use TFTP to upload a
configuration file from the TFTP server into the workgroup switch. If the TFTP is successful,
meaning that the ACL failed, the workgroup switch will have a new banner displaying the
message, “Your Access List Failed, Please Try Again!”

50 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 7-1: Configuring NAT and PAT
This topic details the lab activity for Lab 7-1.

Objectives
You will complete these tasks in this lab:
„ Configure inside and outside NAT interfaces and an IP ACL to permit hosts to use PAT
„ Use show commands to verify the NAT configuration

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 7-1:


Configuring NAT and PAT
WG Router s0/0/0 Router fa0/0 Switch

A 10.140.1.2 10.2.2.3 10.2.2.11


B 10.140.2.2 10.3.3.3 10.3.3.11
C 10.140.3.2 10.4.4.3 10.4.4.11
D 10.140.4.2 10.5.5.3 10.5.5.11
E 10.140.5.2 10.6.6.3 10.6.6.11
F 10.140.6.2 10.7.7.3 10.7.7.11
G 10.140.7.2 10.8.8.3 10.8.8.11
H 10.140.8.2 10.9.9.3 10.9.9.11

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—11

© 2007 Cisco Systems, Inc. Course Administration Guide 51


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero2-routing.txt The setup is the same as the previous lab.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt The setup is the same as the previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt The setup is the same as the previous lab.

Additional Setup Notes


IP Addresses

Workgroup Workgroup Workgroup Workgroup Workgroup Workgroup Core Router


Subnets Switch Interface RouterFa0/0 Router Router S0/0/0 Serial
VLAN 1 Interface Loopback 0 Interface Interface
10.x.x.0/24
Interface
(SwitchX) (RouterX) (RouterX) (CoreRouter)
(RouterX)

A 10.2.2.0/24 10.2.2.11/24 10.2.2.3/24 192.168.1.65/28 10.140.1.2/24 10.140.1.1/24

B 10.3.3.0/24 10.3.3.11/24 10.3.3.3/24 192.168.1.81/28 10.140.2.2/24 10.140.2.1/24

C 10.4.4.0/24 10.4.4.11/24 10.4.4.3/24 192.168.2.65/28 10.140.3.2/24 10.140.3.1/24

D 10.5.5.0/24 10.5.5.11/24 10.5.5.3/24 192.168.2.81/28 10.140.4.2/24 10.140.4.1/24

E 10.6.6.0/24 10.6.6.11/24 10.6.6.3/24 192.168.3.65/28 10.140.5.2/24 10.140.5.1/24

F 10.7.7.0/24 10.7.7.11/24 10.7.7.3/24 192.168.3.81/28 10.140.6.2/24 10.140.6.1/24

G 10.8.8.0/24 10.8.8.11/24 10.8.8.3/24 192.168.4.65/28 10.140.7.2/24 10.140.7.1/24

H 10.9.9.0/24 10.9.9.11/24 10.9.9.3/24 192.168.4.81/28 10.140.8.2/24 10.140.8.1/24

Instructor Notes
In order to test the NAT effectiveness of the workgroup router, ensure that the learner tests the
configuration by executing a ping from the workgroup switch. If the ping is initiated from the
workgroup router, the source address of the ping will not trigger the translation.

52 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 7-2: Implementing IPv6
This topic details the lab activity for Lab 7-2.

Objectives
You will complete these tasks in this lab:
„ Determine how to allocate IPv6 addresses for the assigned routers, given an IPv6
numbering scheme and a prefix
„ Configure router interfaces for IPv6 and assign addresses
„ Configure RIP to support IPv6 and IPv6 addresses
„ Configure and verify a dual-stack router configuration

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 7-2: Implementing IPv6

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—12

© 2007 Cisco Systems, Inc. Course Administration Guide 53


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero2-routing.txt The setup is the same as the previous lab.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt The setup is the same as the previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt The setup is the same as the previous lab.

Instructor Notes
Task 1 is an information-gathering exercise. The learner should not be configuring the router in
this task but, instead, complete a worksheet identifying the IPv6 addresses that will be used to
configure the router in subsequent tasks.

To better understand the different methods of assigning IPv6 addresses, the learner is asked to
use both a fully defined 128-bit IPv6 address on one interface and an IPv6 address that uses the
EUI-64 interface identifier method on a second interface.

54 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 8-1: Establishing a Frame Relay WAN
This topic details the lab activity for Lab 8-1.

Objectives
You will complete these tasks in this lab:
„ Configure a serial interface to use Frame Relay encapsulation
„ Verify the Frame Relay connection using show and ping commands
„ Configure the debug frame-relay lmi command and interpret the output
„ Configure a router subinterface and associate it with a specific DLCI

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 8-1:


Establishing a Frame Relay WAN
WG Router s0/0/0

A 10.140.1.2
B 10.140.2.2
C 10.140.3.2
D 10.140.4.2
E 10.140.5.2
F 10.140.6.2
G 10.140.7.2
H 10.140.8.2

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—13

© 2007 Cisco Systems, Inc. Course Administration Guide 55


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero3-frame.txt Copy this configuration to the running-


configuration.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt The setup is the same as the previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt The setup is the same as the previous lab.

Additional Setup Notes


IP Addresses

Workgroup Workgroup Workgroup Workgroup Local DLCI Core Router


Switch Interface Router Fa0/0 Router S0/0/0 Identifying Serial
VLAN 1 Interface Interface PVC to Core Interface

(SwitchX) (RouterX) (RouterX) (CoreRouter)

A 10.2.2.11/24 10.2.2.3/24 10.140.1.2/24 100 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 10.140.2.2/24 110 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 10.140.3.2/24 120 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 10.140.4.2/24 130 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 10.140.5.2/24 140 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 10.140.6.2/24 150 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 10.140.7.2/24 160 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 10.140.8.2/24 170 10.140.8.1/24

Instructor Notes
Learners will create a Frame Relay connection to the CoreRouter using the workgroup router
physical serial interface, tear it down, and then re-create the Frame Relay connection to the core
router using a point-to-point subinterface. Occasionally, the interface status remains down, and
rebooting the workgroup router appears to be the only fix.

In order to relearn remote networks through the Frame Relay subinterface via EIGRP, the lab
reminds the learner to reconfigure EIGRP authentication on the subinterface.

56 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab 8-2: Troubleshooting Frame Relay WANs
This topic details the lab activity for Lab 8-2.

Objectives
You will complete this task in this lab:
„ Discover Frame Relay network connectivity issues and follow troubleshooting guidelines
to determine and fix frame relay connectivity problems

Visual Objective
The figure displays the lab topology that you will use to complete this lab.

Visual Objective 8-2:


Troubleshooting Frame Relay WANs
WG Router s0/0/0

A 10.140.1.2
B 10.140.2.2
C 10.140.3.2
D 10.140.4.2
E 10.140.5.2
F 10.140.6.2
G 10.140.7.2
H 10.140.8.2

© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—14

© 2007 Cisco Systems, Inc. Course Administration Guide 57


Setup
The table describes how to set up lab configurations with equipment for this lab.

Device Configuration File to Install Configuration Instructions

CoreRouter i2-corero3-frame.txt The setup is the same as the previous lab.

CoreSwitchA i2-coreswa3-ports-to-wg-shut.txt The setup is the same as the previous lab.

CoreSwitchB i2-coreswb1-ports-to-wg-shut.txt The setup is the same as the previous lab.

Workgroup routers i2-wg_ro-config-lab8-2.txt Learners download this file as part of the


lab.

Additional Setup Notes


IP Addresses

Workgroup Workgroup Workgroup Workgroup Local DLCI Core Router


Switch Interface RouterFa0/0 Router S0/0/0 Identifying Serial
VLAN 1 Interface Interface PVC to Core Interface

(SwitchX) (RouterX) (RouterX) (CoreRouter)

A 10.2.2.11/24 10.2.2.3/24 10.140.1.2/24 100 10.140.1.1/24

B 10.3.3.11/24 10.3.3.3/24 10.140.2.2/24 110 10.140.2.1/24

C 10.4.4.11/24 10.4.4.3/24 10.140.3.2/24 120 10.140.3.1/24

D 10.5.5.11/24 10.5.5.3/24 10.140.4.2/24 130 10.140.4.1/24

E 10.6.6.11/24 10.6.6.3/24 10.140.5.2/24 140 10.140.5.1/24

F 10.7.7.11/24 10.7.7.3/24 10.140.6.2/24 150 10.140.6.1/24

G 10.8.8.11/24 10.8.8.3/24 10.140.7.2/24 160 10.140.7.1/24

H 10.9.9.11/24 10.9.9.3/24 10.140.8.2/24 170 10.140.8.1/24

Instructor Notes
Learners will download a faulty configuration into their workgroup routers from the TFTP
server and troubleshoot to correct the problems. The problem introduced is that an incorrect
Frame Relay DLCI is configured.

Instructors should remind learners to refrain from simply issuing a show run command and
comparing the problem configuration with the working baseline configuration. One of the
objectives of the lab activity is for learners to work on their troubleshooting skills by practicing
using a variety of applicable show and debug commands.

After all of the learners have completed the lab activity, instructors will facilitate a debriefing
that reviews the possible steps learners took to gather symptoms and isolate and correct
problems. Instructors should encourage learners to complete the “Troubleshooting Steps” table
in the “Job Aids” section of the lab as they troubleshoot and to reference the table during the
debriefing process.

58 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Configuration Files Summary
This topic details the course configuration files, which provide information about the starting
condition of each lab.

Configuration Filename Comments

i2-corero1-dot1Q.txt The “switching labs” configuration for the core router.


The core router is configured as a router-on-a-stick. The
Fast Ethernet interface is configured with subinterfaces
and 802.1Q trunking. All serial interfaces are shut
down.

i2-corero2-routing.txt The “routing labs” configuration for the core router. All
subinterfaces are removed from the Fast Ethernet
interface. The serial interfaces are enabled for HDLC
connectivity to the workgroups. OSPF and EIGRP are
enabled and configured for authentication.

i2-corero3-frame.txt The “frame relay labs” configuration for the core router.
The core router is configured to also be a Frame Relay
switch. The serial interfaces are enabled for Frame
Relay connectivity to the workgroups EIGRP remains
configured for authentication.

i2-coreswa1-no-trunk-to-wg.txt The initial CoreSwitchA configuration. There is no


trunking to the workgroups. PVRST is the enabled
spanning-tree protocol.

i2-coreswa2-trunk-to-wg.txt The trunked configuration for CoreSwitchA. All ports to


the workgroups are trunked. Fa0/13 and fa0/14 are an
EtherChannel bundle trunked between the core
switches. Fa0/23 is trunked to the CoreRouter for a
router-on-a-stick configuration. PVRST is the enabled
spanning-tree protocol and CoreSwitchA is configured
to be the root bridge for all learner VLANs.

i2-coreswa3-ports-to-wg-shut.txt The “routing labs” configuration for CoreSwitchA. All


ports to the workgroups are shut down. All workgroup
connectivity to the core must come through the core
router.

i2-coreswb1-ports-to-wg-shut.txt All ports to the workgroups are shut down. All


workgroup connectivity to the core must come through
core switch A for the switching labs or the core router
for the routing labs.

i2-coreswb2-trunk-to-wg.txt The trunked configuration for CoreSwitchB. All ports to


the workgroups are trunked. Fa0/13 and fa0/14 are an
EtherChannel bundle trunked between the core
switches. PVRST is the enabled spanning-tree protocol
and CoreSwitchB is configured to be the secondary root
bridge for all learner VLANs.

i2-wg_ro-config-lab2-2.txt Downloaded by the learners from the TFTP server as


part of the lab: Used at end of the lab activity to test
whether the learners have troubleshot and fixed the
problems correctly. It is simply a “congratulations”
banner.

© 2007 Cisco Systems, Inc. Course Administration Guide 59


i2-wg_ro-config-lab4-2.txt Learners will download this faulty configuration into their
workgroup routers from the TFTP server and
troubleshoot to correct the problems. The problems
introduced are as follows:

„ An incorrect wildcard bit mask in the OSPF


network statement

„ An incorrect OSPF authentication key configured


with the CoreRouter

i2-wg_ro-config-lab6-1.txt Learners will download this faulty configuration into their


workgroup routers from the TFTP server and
troubleshoot to correct the problem. The objective of the
ACL is to deny TFTP traffic from the workgroup but
allow all other traffic. The problem introduced is that the
ACL allows all other UDP traffic rather than all other IP
traffic.

i2-wg_ro-config-lab8-2.txt Learners will download this faulty configuration into their


workgroup routers from the TFTP server and
troubleshoot to correct the problems. The problem
introduced is that an incorrect Frame Relay DLCI
number is configured.

i2-wg_sw-config-lab2-2.txt Learners will download this faulty configuration into their


workgroup switches from the TFTP server and
troubleshoot to correct the problems. The problems
introduced are as follows:

„ A VLAN is missing from the VLAN database.

„ The trunking to the core is turned off and an


incorrect trunking mode (dynamic desirable) is
introduced.
„ A duplex mismatch with the core is configured.

i2-wg_sw-config-lab6-1.txt When testing the effectiveness of the ACL, a learner will


attempt to use TFTP to download this configuration file
from the TFTP server into the workgroup switch. If the
TFTP is successful, meaning that the ACL failed, the
workgroup switch will have a new banner displaying the
message, “Your Access List Failed, Please Try Again!”

60 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab Activity Solutions
This section presents the solutions to the practice activities.

Lab Activity 1-1: Implementing the Small Network (Review Lab)


Workgroup Switch Configuration
When you complete this lab activity, your workgroup switch configuration will be similar to
the following, with differences that are specific to your workgroup:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SwitchX
!
enable secret 5 $1$DbHt$Zq1t4P2kmfMGUeZSRRy0g0
!
no aaa new-model
ip subnet-zero
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
description To RouterX Fa0/0
switchport mode access
switchport port-security
switchport port-security mac-address xxxx.xxxx.xxxx
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
description Connected to CoreSwitchA
speed 100
duplex full
!

© 2007 Cisco Systems, Inc. Course Administration Guide 61


interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.1.1.X 255.255.255.0
no ip route-cache
!
ip default-gateway 10.1.1.3
ip http server
ip http secure-server
!
control-plane
!
banner motd ^C
Authorized access only. Unauthorized users disconnect.^C
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password sanjose
login
line vty 5 15
no login
!
end

Workgroup Router Configuration


When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!

62 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HNdR$hOG1GhzoNoHMEgZQU21mo1
!
no aaa new-model
!
!
ip cef
!
!
!
!
voice-card 0
no dspfarm
!
interface FastEthernet0/0
description To SwitchX Fa0/2
ip address 10.1.1.X 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
banner motd ^C
Authorized access only. Unauthorized users disconnect.^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
login
!
scheduler allocate 20000 1000
!
end

© 2007 Cisco Systems, Inc. Course Administration Guide 63


Lab Activity 2-1: Configuring Expanded Switched Networks
Workgroup SwitchConfiguration
When you complete this lab activity, your workgroup SwitchConfiguration will be similar to
the following, with differences that are specific to your workgroup:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SwitchX
!
enable secret 5 $1$.9i2$TbVkDQfzCgf/CeFNEKMm9/
!
no aaa new-model
vtp domain ICND
vtp mode transparent
ip subnet-zero
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan X0 priority 24576
spanning-tree vlan X0 priority 28672
!
vlan internal allocation policy ascending
!
vlan X,X0,X0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
description To RouterX Fa0/0
spanning-tree portfast
switchport access vlan X
switchport mode access
switchport port-security
switchport port-security mac-address xxxx.xxxx.xxxx
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
description port connected to CoreSwitchA
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet0/12
description port connected to CoreSwitchB

64 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
description Management VLAN interface
ip address 10.1.1.X 255.255.255.0
no ip route-cache
!
ip default-gateway 10.1.1.3
ip http server
ip http secure-server
!
control-plane
!
banner motd ^C
Authorized Access Only!
^C
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password sanjose
login
line vty 5 15
no login
!
end

Workgroup Router Configuration


When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec

© 2007 Cisco Systems, Inc. Course Administration Guide 65


no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HNdR$hOG1GhzoNoHMEgZQU21mo1
!
no aaa new-model
!
!
ip cef
!
!
!
!
voice-card 0
no dspfarm
!
interface FastEthernet0/0
description To SwitchX Fa0/2
ip address 10.X.X.12 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 10.X.X.3
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
banner motd ^C
Authorized access only. Unauthorized users disconnect.^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
login
!
scheduler allocate 20000 1000
!
end

66 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Lab Activity 2-2: Troubleshooting Switched Networks
Workgroup Switch Configuration
When you complete this lab activity, your workgroup switch configuration will be similar to
the following, with differences that are specific to your workgroup:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SwitchX
!
enable secret 5 $1$.9i2$TbVkDQfzCgf/CeFNEKMm9/
!
no aaa new-model
vtp domain ICND
vtp mode transparent
ip subnet-zero
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan X0 priority 24576
spanning-tree vlan X0 priority 28672
!
vlan internal allocation policy ascending
!
vlan X,X0,X0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
description To RouterX Fa0/0
spanning-tree portfast
switchport access vlan X
switchport mode access
switchport port-security
switchport port-security mac-address xxxx.xxxx.xxxx
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
description port connected to CoreSwitchA
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet0/12
description port connected to CoreSwitchB

© 2007 Cisco Systems, Inc. Course Administration Guide 67


switchport mode trunk
shutdown
speed 100
duplex full
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
description Management VLAN interface
ip address 10.1.1.X 255.255.255.0
no ip route-cache
!
ip default-gateway 10.1.1.3
ip http server
ip http secure-server
!
control-plane
!
banner motd ^C

***************************************************************

wg_sw-config-lab2-2

****************************************************************

^C
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password sanjose
login
line vty 5 15
no login

68 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
!
end

Workgroup Router Configuration


When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/
!
no aaa new-model
!
resource policy
!
ip cef
!
voice-card 0
no dspfarm
!
interface FastEthernet0/0
description To SwitchX F0/2
ip address 10.X.X.12 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 10.X.X.3
!
!
ip http server
no ip http secure-server
!
control-plane
!
banner motd ^C

********************************************************************

wg_ro-config-lab2-2

*******************************************************************

© 2007 Cisco Systems, Inc. Course Administration Guide 69


^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
logging synchronous
login
!
scheduler allocate 20000 1000
!
end

Lab Activity 4-1: Implementing OSPF


Workgroup Switch Configuration
When you complete this lab activity, your workgroup switch configuration will be similar to
the following, with differences that are specific to your workgroup:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SwitchX
!
enable secret 5 $1$.9i2$TbVkDQfzCgf/CeFNEKMm9/
!
no aaa new-model
vtp domain ICND
vtp mode transparent
ip subnet-zero
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan X0 priority 24576
spanning-tree vlan X0 priority 28672
!
vlan internal allocation policy ascending
!
vlan X,X0,X0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
description To RouterX Fa0/0
spanning-tree portfast
switchport mode access
switchport port-security
switchport port-security mac-address xxxx.xxxx.xxxx
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5

70 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
description port connected to CoreSwitchA
switchport mode trunk
shutdown
speed 100
duplex full
!
interface FastEthernet0/12
description port connected to CoreSwitchB
switchport mode trunk
shutdown
speed 100
duplex full
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
description Management VLAN interface
ip address 10.X.X.11 255.255.255.0
no ip route-cache
!
ip default-gateway 10.X.X.3
ip http server
ip http secure-server
!
control-plane
!
banner motd ^C

© 2007 Cisco Systems, Inc. Course Administration Guide 71


*****************************************************************

wg_sw-config-lab2-2

*****************************************************************

^C
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password sanjose
login
line vty 5 15
no login
!
end

Workgroup Router Configuration


When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/
!
no aaa new-model
!
resource policy
!
ip cef
!
voice-card 0
no dspfarm
!
interface Loopback0
ip address 192.168.X.X 255.255.255.240
!
interface FastEthernet0/0
description To SwitchX F0/2
ip address 10.X.X.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 64
ip address 10.140.X.2 255.255.255.0

72 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
ip ospf authentication
ip ospf authentication-key san-fran
!
interface Serial0/0/1
bandwidth 64
ip address 10.XX.XX.X 255.255.255.0
ip ospf authentication
ip ospf authentication-key san-fran
!
router ospf 100
log-adjacency-changes
network 10.X.X.3 0.0.0.0 area 0
network 10.XX.XX.X 0.0.0.0 area 0
network 10.140.X.2 0.0.0.0 area 0
network 192.168.X.X 0.0.0.0 area 0
!
ip http server
no ip http secure-server
!
control-plane
!
banner motd ^C

********************************************************************
wg_ro-config-lab2-2

********************************************************************

^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
logging synchronous
login
!
scheduler allocate 20000 1000
!
end

Lab Activity 4-2: Troubleshooting OSPF


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!

© 2007 Cisco Systems, Inc. Course Administration Guide 73


enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/
!
no aaa new-model
!
resource policy
!
ip cef
!
voice-card 0
no dspfarm
!
interface Loopback0
ip address 192.168.X.X 255.255.255.240
!
interface FastEthernet0/0
description To SwitchX F0/2
ip address 10.X.X.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 64
ip address 10.140.X.2 255.255.255.0
ip ospf authentication
ip ospf authentication-key san-fran
!
interface Serial0/0/1
bandwidth 64
ip address 10.XX.XX.X 255.255.255.0
ip ospf authentication
ip ospf authentication-key san-fran
!
router ospf 100
log-adjacency-changes
network 10.X.X.3 0.0.0.0 area 0
network 10.XX.XX.X 0.0.0.0 area 0
network 10.140.X.2 0.0.0.0 area 0
network 192.168.X.X 0.0.0.0 area 0
!
ip http server
no ip http secure-server
!
control-plane
!
banner motd ^C

***********************************************************************

wg_ro-config-lab4-2

***********************************************************************

^C
!
line con 0
password cisco
logging synchronous
login

74 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
line aux 0
line vty 0 4
password sanjose
logging synchronous
login
!
scheduler allocate 20000 1000
!
end

Lab Activity 5-1: Implementing EIGRP


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/
!
no aaa new-model
!
resource policy
!
ip cef
!
voice-card 0
no dspfarm
!
!
key chain icndchain
key 1
key-string san-fran
!
interface Loopback0
ip address 192.168.X.X 255.255.255.240
!
interface FastEthernet0/0
description To SwitchX F0/2
ip address 10.X.X.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 64
ip address 10.140.X.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran

© 2007 Cisco Systems, Inc. Course Administration Guide 75


!
interface Serial0/0/1
bandwidth 64
ip address 10.XX.XX.X 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
!
router eigrp 100
network 10.0.0.0
network 192.168.X.0
auto-summary
!
router ospf 100
log-adjacency-changes
network 10.X.X.3 0.0.0.0 area 0
network 10.XX.XX.X 0.0.0.0 area 0
network 10.140.X.2 0.0.0.0 area 0
network 192.168.X.X 0.0.0.0 area 0
!
ip http server
no ip http secure-server
!
control-plane
!
banner motd ^C

******************************************************************

wg_ro-config-lab4-2

******************************************************************

^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
logging synchronous
login
!
scheduler allocate 20000 1000
!
end

Lab Activity 5-2: Troubleshooting EIGRP


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

76 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/
!
no aaa new-model
!
resource policy
!
ip cef
!
voice-card 0
no dspfarm
!
!
key chain icndchain
key 1
key-string san-fran
!
interface Loopback0
ip address 192.168.X.X 255.255.255.240
!
interface Loopback1
ip address 172.16.X.1 255.255.255.0
!
interface FastEthernet0/0
description To SwitchX F0/2
ip address 10.X.X.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 64
ip address 10.140.X.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
!
interface Serial0/0/1
bandwidth 64
ip address 10.XX.XX.X 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
!
router eigrp 100
network 10.0.0.0
network 172.16.0.0
network 192.168.X.0
no auto-summary
!
router ospf 100
log-adjacency-changes
network 10.X.X.3 0.0.0.0 area 0
network 10.XX.XX.X 0.0.0.0 area 0
network 10.140.X.2 0.0.0.0 area 0
network 192.168.X.X 0.0.0.0 area 0

© 2007 Cisco Systems, Inc. Course Administration Guide 77


!
ip http server
no ip http secure-server
!
control-plane
!
banner motd ^C

***************************************************************

wg_ro-config-lab4-2

***************************************************************

^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
logging synchronous
login
!
scheduler allocate 20000 1000
!
end

Lab Activity 6-1: Implementing and Troubleshooting ACLs


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/
!
no aaa new-model
!
resource policy
!
ip cef
!
voice-card 0
no dspfarm
!
!
key chain icndchain
key 1

78 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
key-string san-fran
!
interface Loopback0
ip address 192.168.X.X 255.255.255.240
!
interface Loopback1
ip address 172.16.X.1 255.255.255.0
!
interface FastEthernet0/0
description To SwitchX F0/2
ip address 10.X.X.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 64
ip address 10.140.X.2 255.255.255.0
ip access-group 101 in
ip access-group 175 out
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
!
interface Serial0/0/1
bandwidth 64
ip address 10.XX.XX.X 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
shutdown
!
router eigrp 100
network 10.0.0.0
network 172.16.0.0
network 192.168.X.0
auto-summary
!
router ospf 100
log-adjacency-changes
network 10.X.X.3 0.0.0.0 area 0
network 10.XX.XX.X 0.0.0.0 area 0
network 10.140.X.2 0.0.0.0 area 0
network 192.168.X.X 0.0.0.0 area 0
!
!
!
ip http server
no ip http secure-server
!
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any
access-list 175 deny udp any any eq tftp
access-list 175 permit ip any any
!
control-plane
!
banner motd ^C

© 2007 Cisco Systems, Inc. Course Administration Guide 79


***************************************************************

wg_ro-config-lab6-1

**************************************************************

^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
logging synchronous
login
!
scheduler allocate 20000 1000
!
end

================

OR

==============
!
interface Serial0/0/0
bandwidth 64
ip address 10.140.X.2 255.255.255.0
ip access-group KILLTELNET in
ip access-group 175 out
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
!
!
ip access-list extended KILLTELNET
deny tcp any any eq telnet
permit ip any any
!

Lab Activity 7-1: Configuring NAT and PAT


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/
!
no aaa new-model

80 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
!
resource policy
!
ip cef
!
voice-card 0
no dspfarm
!
!
key chain icndchain
key 1
key-string san-fran
!
interface Loopback0
ip address 192.168.X.X 255.255.255.240
!
interface Loopback1
ip address 172.16.X.1 255.255.255.0
!
interface FastEthernet0/0
description To SwitchX F0/2
ip address 10.X.X.3 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 64
ip address 10.140.X.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip nat outside
ip virtual-reassembly
ip ospf authentication
ip ospf authentication-key san-fran
!
interface Serial0/0/1
bandwidth 64
ip address 10.XX.XX.X 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
shutdown
!
router eigrp 100
network 10.0.0.0
network 172.16.0.0
network 192.168.X.0
auto-summary
!
router ospf 100
log-adjacency-changes
network 10.X.X.3 0.0.0.0 area 0
network 10.XX.XX.X 0.0.0.0 area 0
network 10.140.X.2 0.0.0.0 area 0
network 192.168.X.X 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Serial0/0/0 overload

© 2007 Cisco Systems, Inc. Course Administration Guide 81


!
access-list 1 permit 10.X.X.0 0.0.0.255
!
control-plane
!
banner motd ^C

******************************************************************

wg_ro-config-lab6-1

*******************************************************************

^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
logging synchronous
login
!
scheduler allocate 20000 1000
!
end

Lab Activity 7-2: Implementing IPv6


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HNdR$hOG1GhzoNoHMEgZQU21mo1
!
no aaa new-model
!
!
ip cef
!
!
!
ipv6 unicast-routing
!
voice-card 0
no dspfarm
!
!

82 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
key chain icndchain
key 1
key-string san-fran
!
interface Loopback0
ip address 192.168.X.X 255.255.255.252
!
interface Loopback1
ip address 172.16.X.1 255.255.255.0
!
interface Loopback2
ip address 10.XXX.XXX.1 255.255.255.0
ipv6 address 2001:410:4:8::/64 eui-64
ipv6 rip cisco enable
!
interface FastEthernet0/0
description To SwtichX Fa0/2
ip address 10.X.X.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 64
ip address 10.140.X.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
shutdown
!
interface Serial0/0/1
bandwidth 64
ip address 10.XX.XX.X 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
ipv6 address 2001:410:4:10::/65 eui-64
ipv6 rip cisco enable
!
router eigrp 100
network 10.0.0.0
network 192.168.X.0
auto-summary
!
router ospf 100
log-adjacency-changes
network 10.X.X.3 0.0.0.0 area 0
network 10.XX.XX.X 0.0.0.0 area 0
network 10.140.X.2 0.0.0.0 area 0
network 192.168.X.XX 0.0.0.0 area 0
!
!
!
ip http server
no ip http secure-server
!
ipv6 router rip cisco
!
control-plane
!
banner motd ^C

© 2007 Cisco Systems, Inc. Course Administration Guide 83


******************************************************************

wg_ro-config-lab6-1

*******************************************************************

^C
!
banner motd ^C
Authorized access only. Unauthorized users disconnect.^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
login
!
scheduler allocate 20000 1000
!
end

Lab Activity 8-1: Establishing a Frame Relay WAN


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/
!
no aaa new-model
!
resource policy
!
ip cef
!
voice-card 0
no dspfarm
!
!
key chain icndchain
key 1
key-string san-fran
!
interface Loopback0
ip address 192.168.X.X 255.255.255.240
!
interface Loopback1

84 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
ip address 172.16.X.1 255.255.255.0
!
interface Loopback2
ip address 10.XXX.XXX.1 255.255.255.0
ipv6 address 2001:410:4:8::/64 eui-64
ipv6 rip cisco enable
!
interface FastEthernet0/0
description To SwitchX F0/2
ip address 10.X.X.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 64
no ip address
encapsulation frame-relay
ip ospf authentication
ip ospf authentication-key san-fran
!
interface Serial0/0/0.1 point-to-point
ip address 10.140.X.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
frame-relay interface-dlci 120
!
interface Serial0/0/1
bandwidth 64
ip address 10.XX.XX.X 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
shutdown
!
router eigrp 100
network 10.0.0.0
network 172.16.0.0
network 192.168.X.0
no auto-summary
!
router ospf 100
log-adjacency-changes
network 10.X.X.3 0.0.0.0 area 0
network 10.XX.XX.X 0.0.0.0 area 0
network 10.140.X.2 0.0.0.0 area 0
network 192.168.X.X 0.0.0.0 area 0
!

ip http server
no ip http secure-server
!
access-list 1 permit 10.X.X.0 0.0.0.255
!
control-plane
!
banner motd ^C

****************************************************************

© 2007 Cisco Systems, Inc. Course Administration Guide 85


wg_ro-config-lab6-1

**********************************************************

^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
logging synchronous
login
!
scheduler allocate 20000 1000
!
end

Lab Activity 8-2: Troubleshooting Frame Relay WANs


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the
following, with differences that are specific to your workgroup:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/
!
no aaa new-model
!
resource policy
!
ip cef
!
voice-card 0
no dspfarm
!
!
key chain icndchain
key 1
key-string san-fran
!
interface Loopback0
ip address 192.168.X.X 255.255.255.240
!
interface Loopback1
ip address 172.16.X.1 255.255.255.0
!
interface Loopback2
ip address 10.XXX.XXX.1 255.255.255.0
ipv6 address 2001:410:4:8::/64 eui-64
ipv6 rip cisco enable

86 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
!
interface FastEthernet0/0
description To SwitchX F0/2
ip address 10.X.X.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 64
no ip address
encapsulation frame-relay IETF
ip ospf authentication
ip ospf authentication-key san-fran
!
interface Serial0/0/0.1 point-to-point
ip address 10.140.X.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
frame-relay interface-dlci 120
!
interface Serial0/0/1
bandwidth 64
ip address 10.XX.XX.X 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 icndchain
ip ospf authentication
ip ospf authentication-key san-fran
shutdown
!
router eigrp 100
network 10.0.0.0
network 172.16.0.0
network 192.168.X.0
no auto-summary
!
router ospf 100
log-adjacency-changes
network 10.X.X.3 0.0.0.0 area 0
network 10.XX.XX.X 0.0.0.0 area 0
network 10.140.X.2 0.0.0.0 area 0
network 192.168.X.X 0.0.0.0 area 0
!

ip http server
no ip http secure-server
!
access-list 1 permit 20.4.4.0 0.0.0.255
!
control-plane
!
banner motd ^C

**********************************************************************

wg_ro-config-lab8-2

**********************************************************************

© 2007 Cisco Systems, Inc. Course Administration Guide 87


^C
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password sanjose
logging synchronous
login
!
scheduler allocate 20000 1000
!

end

Teardown and Restoration


This topic describes how to tear down and restore the equipment that is used in the course.

Step 1 Erase the startup configuration of each of the core devices.

Step 2 Reload each of the core devices.

Step 3 Verify that all of the core devices reload and that the initial prompt appears.

88 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Course Delta Information
This document provides a summary of the differences between Interconnecting Cisco Network
Devices (ICND) v2.3 and Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0.

Executive Summary
Overview
ICND2 content is a minor revision of the ICND v2.3 content, with these new developments:
„ The foundational, conceptual content of WAN, RIP2, and the PPP lab section are moved to
ICND1.
„ The “verify” tasks are expanded in lecture and labs in topics such as EIGRP and OSPF to
serve the following purposes:
— Explain more of the commands used to verify the configuration
— Interpret output
— Extend troubleshooting tasks from those performed during installation to those
performed during regular operations

Course Objectives
This table provides a comparison between the previous course objectives and the updated
course objectives.

ICND v2.3 (previous) ICND2 v1.0 (updated)

Course Introduction Course Introduction

Module 1: Configure a Catalyst Switch for Basic Module 1: Review how to configure and
Operations troubleshoot a small network

Module 2: Improve the Scalability, Interoperability, Module 2: Expand a small-sized, switched LAN to
and Throughput by Implementing VLANs a medium-sized LAN with multiple switches,
supporting VLANs, trunking, and spanning tree

Module 3: Configure and Troubleshoot RIP, IGRP, Module 3: Describe routing concepts as they apply
EIGRP, and OSPF to a medium-sized network and discuss
considerations when implementing routing on the
network

Module 4: Configure Different Types of IP ACLs in Module 4: Configure, verify, and troubleshoot
Order to Manage IP Traffic OSPF

Module 5: Establish a Serial Point-to-Point Module 5: Configure, verify, and troubleshoot


connection using PPP and HDLC EIGRP

Module 6: Configure Frame Relay Module 6: Determine how to apply ACLs based on
network requirements and configure, verify, and
troubleshoot ACLs on a medium-sized network

Module 7: Configure DDR between two routers Module 7: Configure NAT or PAT on routers,
with BRI or PRI explain IPv6 addressing, and configure IPv6 on a
Cisco router

— Module 8: Identify and implement the appropriate


WAN technology based on network requirements

© 2007 Cisco Systems, Inc. Course Administration Guide 89


Module Content Comparison
This table provides a high-level summary of changes for each module.

ICND v2.3 (previous) ICND2 v1.0 (updated) Changes/Reason

— Module 1: Small Network Module 1 is a review module in which


Implementation learners use the concepts and commands
taught in the ICND1 course to create a basic
configuration, which becomes the basis for all
future labs.

Module 1: Configuring Module 2: Medium-Sized Module 2 combines the content of ICND v2.3
Catalyst Switch Switched Network modules 1 and 2.
Operations Construction
Additions:
Module 2: Extending
Switched Networks with „ Voice VLANs (basics)
Virtual LANs
„ EtherChannel (basics)

„ PVRST with multiple root bridges

„ Switched network troubleshooting lesson


and lab

Deletions:
„ ISL Trunking

Module 3: Determining IP Module 3: Medium-Sized ICND v2.3 module 3 was broken into three
Routes Routed Network modules in ICND2, modules 3, 4, and 5.
Construction
Deletions:
„ Static routing

„ RIP/IGRP discussion and labs

Module 4: Single-Area Additions:


OSPF Implementation
„ OSPF Load balancing

„ OSPF Authentication

„ OSPF Troubleshooting lesson and lab

Module 5: EIGRP Additions:


Implementation
„ EIGRP Load balancing

„ EIGRP Authentication

„ EIGRP Troubleshooting lesson and lab

Module 4: Managing IP Module 6: Access Control ICND v2.3 module 4 was broken into two
Traffic with ACLs Lists modules in ICND2, modules 6 and 7.

Additions:

„ Dynamic, Reflexive, Time-Based ACLs

„ ACL Sequence numbers

„ ACL Comments

„ ACL Troubleshooting discussion and lab

Module 7: Address Space Additions:


Management
„ NAT troubleshooting discussion

„ Transitioning to IPv6 lesson and lab

90 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
ICND v2.3 (previous) ICND2 v1.0 (updated) Changes/Reason

Module 5: Establishing Module 8: LAN Extension Module 8 combines the content of ICND v2.3
Serial Point-to-Point into a WAN modules 5 and 6
Connections
Additions:
Module 6: Establishing
Frame Relay Connections „ VPN solutions lesson

„ Frame Relay troubleshooting lesson and


lab

Deletions:
„ PPP lab

„ ISDN discussion and lab

Module 7: Completing — —
ISDN Calls

Lesson and Lab Activity Objectives


This table provides a comparison of the lesson and lab activity objectives for each module.

Module Lesson Topic Delta Source

0 0 Course Introduction

Overview MIN ICND v2.3


Course Goal and Objectives MIN ICND v2.3
Course Flow MIN ICND v2.3
Additional References MIN ICND v2.3
Your Training Curriculum MIN ICND v2.3
1 0 Small Network Implementation
1 1 Introducing the Review Lab
Overview MAJ INTRO v2.1
CLI Functions of Cisco IOS Software MAJ INTRO v2.1
Configuration Modes of Cisco IOS Software MAJ INTRO v2.1
Help Facilities in the Cisco IOS CLI MAJ INTRO v2.1
Commands Review MAJ INTRO v2.1
1 Lab 1-1 Implementing a Small Network (Review Lab) NEW New
2 0 Medium-Sized Switched Network Construction
2 1 Implementing VLANs and Trunks
Overview MIN ICND v2.3
Understanding VLANs MIN ICND v2.3
Understanding Trunking with 802.1Q MIN ICND v2.3
Understanding VLAN Trunking Protocol MIN ICND v2.3
Configuring VLANs and Trunks MIN ICND v2.3

© 2007 Cisco Systems, Inc. Course Administration Guide 91


Module Lesson Topic Delta Source

2 2 Improving Performance with Spanning Tree


Overview MIN ICND v2.3
Building a Redundant Switched Topology MIN ICND v2.3
Recognizing Issues of a Redundant Switched Topology MIN ICND v2.3
Resolving Issues with STP MIN ICND v2.3
Configuring RSTP MAJ BCMSN v3.0
2 3 Understanding Inter-VLAN Routing MIN ICND v2.3
Overview MIN ICND v2.3
Understanding Inter-VLAN Routing MIN ICND v2.3
Configuring Inter-VLAN Routing MIN ICND v2.3
2 4 Securing the Expanded Network MIN ICND v2.3
Overview MIN ICND v2.3
Overview of Switch Security Concerns MIN ICND v2.3
Securing SwitchDevices MIN ICND v2.3

2 5 Troubleshooting Switched Networks


Overview NEW New
Troubleshooting Switches NEW New
Troubleshooting Port Connectivity NEW New
Troubleshooting VLANs and Trunking NEW New
Troubleshooting VTP NEW New
Troubleshooting Spanning Tree NEW New
2 Lab 2-1 Configuring Expanded Switched Networks MIN ICND v2.3
2 Lab 2-2 Troubleshooting Switched Networks NEW New
3 0 Medium-Sized Routed Network Construction
3 1 Reviewing Routing Operations
Overview MIN ICND v2.3
Reviewing Dynamic Routing MIN ICND v2.3
Understanding Distance Vector Routing Protocols MIN ICND v2.3
Understanding Link-State Routing Protocols MIN ICND v2.3
3 2 Implementing VLSM
Overview MAJ INTRO v2.1
Reviewing Subnet MAJ INTRO v2.1
Introducing VLSMs MAJ ICND v2.3
Summarizing Routes MAJ ICND v2.3

92 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Module Lesson Topic Delta Source

4 0 Single-Area OSPF Implementation


4 1 Implementing OSPF
Overview MIN ICND v2.3
Introducing OSPF MIN ICND v2.3
SPF Algorithm MIN ICND v2.3
Configuring and Verifying OSPF MIN ICND v2.3
Loopback Interfaces MIN ICND v2.3
Verifying OSPF Configuration MIN ICND v2.3
Using OSPF debug Commands MIN ICND v2.3
Load Balancing with OSPF MAJ BSCI v3.0
Authentication with OSPF MAJ BSCI v3.0
4 2 Troubleshooting OSPF
Overview NEW New
Components of Troubleshooting OSPF NEW New
Troubleshooting OSPF Neighbor Adjacencies NEW New
Troubleshooting OSPF Routing Tables NEW New
Troubleshooting OSPF Plaintext Password NEW New
Authentication
4 Lab 4-1 Implementing OSPF MIN ICND v2.3
4 Lab 4-2 Troubleshooting OSPF NEW New
5 0 EIGRP Implementation
5 1 Implementing EIGRP
Overview MIN ICND v2.3
Introducing EIGRP MIN ICND v2.3
Configuring and Verifying EIGRP MIN ICND v2.3
Load Balancing with EIGRP MAJ BSCI v3.0
Authentication with EIGRP MAJ BSCI v3.0
5 2 Troubleshooting EIGRP
Overview NEW New
Components of Troubleshooting EIGRP NEW New
Troubleshooting EIGRP Neighbor Issues NEW New
Troubleshooting EIGRP Routing Tables NEW New
Troubleshooting EIGRP Authentication NEW New
5 Lab 5-1 Implementing EIGRP MIN ICND v2.3
5 Lab 5-2 Troubleshooting EIGRP NEW New

© 2007 Cisco Systems, Inc. Course Administration Guide 93


Module Lesson Topic Delta Source

6 0 Access Control Lists


6 1 Introducing ACL Operation
Overview MIN ICND v2.3
Understanding ACLs MIN ICND v2.3
ACL Operation MIN ICND v2.3
Types of ACLs MAJ ICND v2.3
Additional Types of ACLs NEW New
ACL Wildcard Masking MIN ICND v2.3
6 2 Configuring and Troubleshooting ACLs
Overview MIN ICND v2.3
Configuring Numbered Standard IPv4 ACLs MIN ICND v2.3
Configuring Numbered Extended IPv4 ACLs MIN ICND v2.3
Configuring Named ACLs MAJ ICND v2.3
Troubleshooting ACLs NEW New
6 Lab 6-1 Implementing and Troubleshooting ACLs ICND v2.3
7 0 Address Space Management
7 1 Scaling the Network with NAT and PAT
Overview MIN ICND v2.3
Introducing NAT and PAT MIN ICND v2.3
Translating Inside Source Addresses MIN ICND v2.3
Overloading an Inside Global Address MIN ICND v2.3
Resolving Translation Table Issues NEW New
Resolving Issues by Using the Correct Translation
Entry NEW New
7 2 Transitioning to IPv6
Overview MAJ BSCI v3.0
Reasons for Using IPv6? MAJ BSCI v3.0
Understanding IPv6 Addresses MAJ BSCI v3.0
Assigning IPv6 Addresses MAJ BSCI v3.0
Routing Considerations with IPv6 MAJ BSCI v3.0
Strategies for Implementing IPv6 MAJ BSCI v3.0
Configuring IPv6 MAJ BSCI v3.0
7 Lab 7-1 Configuring NAT and PAT MIN ICND v2.3
7 Lab 7-2 Implementing IPv6 MAJ BSCI v3.0

94 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.
Module Lesson Topic Delta Source

8 0 LAN Extension into a WAN


8 1 Introducing VPN Solutions
Overview MAJ CSVPN v4.0
VPNs and Their Benefits MAJ CSVPN v4.0
Types of VPNs MAJ CSVPN v4.0
Components of VPNs MAJ CSVPN v4.0
Introducing IPsec MAJ CSVPN v4.0
IPsec Protocol Framework MAJ CSVPN v4.0
Establishing a Point-to-Point WAN Connection with
8 2 PPP
Overview MIN ICND v2.3
Understanding WAN Encapsulations MIN ICND v2.3
Overview of PPP MIN ICND v2.3
Configuring and Verifying PPP MIN ICND v2.3
8 3 Establishing a WAN with Frame Relay
Understanding Frame Relay MIN ICND v2.3
Configuring Frame Relay MIN ICND v2.3
Verifying Frame Relay MIN ICND v2.3
8 4 Troubleshooting Frame Relay WANs
Overview NEW New
Approaching Frame Relay Troubleshooting NEW New
Resolving Frame Relay Connectivity Issues NEW New
8 Lab 8-1 Establishing a Frame Relay WAN MIN ICND v2.3
8 Lab 8-2 Troubleshooting Frame Relay WANs NEW New

MIN = Existing content, only minor edits

MAJ = Existing content from other courses, major edits to existing ICND content

NEW = New content and not from any other course

© 2007 Cisco Systems, Inc. Course Administration Guide 95


96 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 © 2007 Cisco Systems, Inc.