Professional Documents
Culture Documents
PRACTICE COMPUTER
NETWORKING
Course summary
The course chooses the presentation according to the top-down approach and uses
the actual protocols of the network to illustrate. Accordingly, the contents will be
presented in order: basic concepts in computer networks, network architecture
models, network application services, core network operating principles, and
infrastructure techniques/standards. In this course, students will also get acquainted
with basic network equipment configuration, protocol analysis, simple network
design with tools such as Telnet, Wireshark, help consolidate the theory.
FACULTY OF INFORMATION TECHNOLOGY
For internal circulation only, 2020
i
Contents
PRACTICE 1: CONFIGURE INITIAL SWITCH SETTINGS ......................................................................... 1
OVERVIEW ................................................................................................................................................... 1
1.1.1 Introduction ............................................................................................................................................ 1
1.1.2 Objective ................................................................................................................................................. 1
1.1.3 Program Learning Outcome ................................................................................................................... 1
CONTENTS ................................................................................................................................................... 2
1.2.1 Summary ................................................................................................................................................. 2
1.2.2 Basic Practice ......................................................................................................................................... 2
1.2.3 Skills Intergration Challenge .................................................................................................................. 5
PRACTICE 2: CONFIGURE INITIAL ROUTER SETTINGS ........................................................................ 7
OVERVIEW ................................................................................................................................................... 7
2.1.1 Introduction ............................................................................................................................................ 7
2.1.2 Objective ................................................................................................................................................. 7
CONTENTS ................................................................................................................................................... 7
2.2.1 Summary ................................................................................................................................................. 7
2.2.2 Basic Practice ......................................................................................................................................... 7
2.2.3 Skills Intergration Challenge ................................................................................................................ 10
PRACTICE 3: COMMUNICATIONS AND NETWORK PROTOCOLS ......................................................
13
OVERVIEW ................................................................................................................................................. 13
3.1.1 Introduction .......................................................................................................................................... 13
3.1.2 Objective ............................................................................................................................................... 13
CONTENTS ................................................................................................................................................. 13
3.2.1 Summary ............................................................................................................................................... 13
3.2.2 Basic Practice ....................................................................................................................................... 13
PRACTICE 4: MAC AND IP ADDRESS........................................................................................................... 23
OVERVIEW ................................................................................................................................................. 23
4.1.1 Introduction .......................................................................................................................................... 23
4.1.2 Objective ............................................................................................................................................... 23
CONTENTS ................................................................................................................................................. 23
4.2.1 Summary ............................................................................................................................................... 23
4.2.2 Basic Practice ....................................................................................................................................... 23
4.2.3 Skills Intergration Challenge ................................................................................................................ 28
PRACTICE 5: TRANSPORT LAYER ............................................................................................................... 30
1.1.1 Introduction
1.1.2 Objective
- Present about the role of computer networks in nowadays; Basic concepts of network
models, characteristics of common network devices, common network applications,
principles of data transmission/reception via networks.
CONTENTS
1.2.1 Summary
Configuring and managing device configuration is one of the tasks of the system
administrator. In a network, there are many network devices operating with different
functions. In order for the system to operate properly as required, it is necessary to
configure the complete device and manage the configuration file well. The following
lesson will help students gain knowledge and skills for configuration on command line
switches (CLI).
Check and configure basic equipment.
Configure security port "console", password encryption
Configure "Banner" on the device when the user "logs" into the Switch.
Topology:
Addressing table:
Device Interface IP Address Subnet Mask Default Gateway
Required Resources:
• 1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or
comparable)
• 1 PC (Windows 7, Vista, or XP with terminal emulation program, such as
Tera Term, and Telnet capability)
• 1 Console cable to configure the Cisco IOS device via the console port
• 1 Ethernet cable as shown in the topology
In this step, you will examine the default switch settings, such as current switch
configuration, IOS information, interface properties, VLAN information, and flash
memory
S1# exit
Switch con0 is now available
Press RETURN to get started. User
Access Verification Password:
S1>
S1> enable
S1# configure terminal
S1(config)# enable password c1$c0
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
S1# config t
S1(config)# service password-encryption
S1(config)# exit
S1# config t
S1(config)# banner motd "This is a secure system. Authorized Access
Only!"
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
Select Desktop -> enter TCP / IP parameters according to the address table above Step
2: Check the connection to the switch
From PCs, go to "Command Promt" -> use the "ping" command to the following address:
S1 # configure terminal
Enter configuration commands, one per line. End with CNTL / Z.
S1 (config) # interface vlan 1
S1 (config-if) # ip address 192.168.1.2 255.255.255.0
S1 (config-if) # no shutdown
% LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to
up
S1 (config-if) # S1 (config-if) # exit S1
#
Addressing table:
Device Interface IP Address Subnet Mask
Requirements:
Configurate on S1 and S2:
1. Set hostname for S1 and S2
2. Set a password for the Console and Privilege EXEC modes:
2.1 Set the password "cisco" for Console mode
2.2 Set a password "class" for Privilege EXEC mode
3. Configure Motd Banner
4. Configure IP VLAN 1 according to the address table above
5. Save the configuration to NVRAM.
2.1.1 Introduction
2.1.2 Objective
2.2.1 Summary
You can access all the router commands from privileged EXEC mode. However,
because many of the privileged commands configure operating parameters, privileged
access should be password-protected to prevent unauthorized use.
a. Enter privileged EXEC mode by entering the enable command.
Router> enable
Router#
i. Exit the current console session until you see the following message:
R1 con0 is now available
Password:
Why should every router have a message-of-the-day (MOTD) banner?
______________________________________________________________________________
If you are not prompted for a password, what console line command did you forget to configure?
______________________________________________________________________________
m. If you configure any more passwords on the router, are they displayed in the
configuration file as plain text or in encrypted form? Explain.
______________________________________________________________________________
Addressing table:
Addressing Table:
Requirements:
• Provide the missing information in the Addressing Table.
• Name the router and the second switch. You will not be able to access.
• Use cisco as the user EXEC password for all lines.
• Use class as the privileged EXEC password.
• Encrypt all plain text passwords.
• Configure an appropriate banner.
• Configure addressing for all devices according to the Addressing Table.
• Document interfaces with descriptions, including the VLAN 1 interface.
• Save your configurassstions.
• Verify connectivity between all devices. All devices should be able to ping any other
device.
• Troubleshoot and document any issues.
• Implement the solutions necessary to enable and verify full end-to-end connectivity.
3.1.1 Introduction
3.1.2 Objective
3.2.1 Summary
This exercise provides knowledge of the TCP / IP protocol suite and its relationship to
the 7-layer OSI model. Data packets when sent from "source" to "destination" will move
through many layers (layers) and many different networks (network), will be subdivided
into PDU and add an identifier to re-assemble at the receiving device . In this lesson,
students will understand the communication and communication issues in computer
networks.
Topology:
Step 1: Switch from Realtime to Simulation mode in the lower right corner of Packet
Tracert, go to "Edit Filters" then select only HTTP protocol
Open the web browser (Web Browser) in the Desktop tab of the Web Client, enter in
the address bar the following page www.osi.local and click the "Go" button.
Select "Capture / Forward" in the following image and observe the results in the
Event List when successfully opening the web page on the Web Client.
Topology:
ff. The activity should be 100% complete. Do not close the Sales configuration window or the Mail
Browser window.
Step 5: Send an Email from the Sales client and the PC3 client.
gg. From the Sales Mail Browser window, click Compose.
hh. Enter the following values into their respective fields: 1) To: central-user@centralserver.pt.pka 2)
Subject: Personalize the subject line.
3) Email Body: Personalize the email.
ii. Click Send. jj. Verify that PC3 received the email. Click PC3. If the Mail Browser window is closed,
click E Mail. kk. Click Receive. An email from Sales displays. Double-click the email. ll. Click
Reply, personalize a response, and click Send.
mm. Verify that Sales received the reply.
centralserver.pt.pka 10.10.10.2
branchserver.pt.pka 64.100.200.1
d. Close the famous.dns.pka window.
e. Click Back to exit the Internet cloud.
Now that you have configured DNS records, Home Laptop and Tablet should be able to access the
websites by using the names instead of the IP addresses. First, check that the DNS client is working
properly and then verify access to the website. a. Click Home Laptop or Tablet.
b. If the web browser is open, close it and select Command Prompt.
Verify the IPv4 addressing by entering the command ipconfig /all. You should see the IP address
for the DNS server.
c. Ping the DNS server at 64.100.8.8 to verify connectivity.
Note: The first two or three pings may fail as Packet Tracer simulates all the various processes
that must occur for successful connectivity to a remote resource.
Test the functionality of the DNS server by entering the commands nslookup
centralserver.pt.pka and nslookup branchserver.pt.pka. You should get a name resolution
showing the IP address for each.
d. Close the Command Prompt window and click Web Browser. Verify that Home Laptop or Tablet
can now access the web pages for CentralServer and BranchServer.
Step 1: Transfer the README.txt file from the home laptop to CentralServer.
As network administrator, you must place a notice on the FTP servers. The document has been
created on the home laptop and must be uploaded to the FTP servers. iii. Click Home Laptop
and click the Desktop tab > Text Editor.
jjj. Open the README.txt file and review it. Close the Text Editor when done.
Note: Do not change the file because this affects scoring.
kkk. In the Desktop tab, open the Command Prompt window and perform the following steps:
1) Type ftp centralserver.pt.pka. Wait several seconds while the client connects.
Note: Because Packet Tracer is a simulation, it can take up to 30 seconds for FTP to connect
the first time.
2) The server prompts for a username and password. Use the credentials for the administrator
account.
3) The prompt changes to ftp>. List the contents of the directory by typing dir. The file directory
on CentralServer displays.
4) Transfer the README.txt file: at the ftp> prompt, type put README.txt. The README.txt
file is transferred from the home laptop to CentralServer.
5) Verify the transfer of the file by typing dir. The README.txt file is now listed in the file
directory.
6) Close the FTP client by typing quit. The prompt will return to PC>.
Step 2: Transfer the README.txt file from the home laptop to BranchServer.
lll. Repeat Step 1c to transfer the README.txt file to branchserver.pt.pka. mmm. Close the
Command Prompt and Home Laptop windows, respectively. Part 4.3 Download a File from the
FTP Server
6) Close the FTP client by typing quit. The prompt returns to the PC> prompt.
7) Verify the transfer of the file to PC2 by typing dir. README.txt is listed in the directory.
8) Close the command line window.
ooo. In the Desktop tab, open the Text Editor and then the README.txt file to verify the integrity
of the file. ppp. Close the Text Editor and then the PC2 configuration window.
Step 2: Transfer the README.txt file from BranchServer to the Smart Phone.
Repeat Step 1 for Smart Phone, except download the README.txt file from branchserver.pt.pka.
Address Table:
Device Interface IP Address Subnet Mask Default Gateway
Requirements
• Configure IP addressing on _____________________________ according to the Addressing
Table.
• Console into _____________________________ from the Terminal on PC-A.
• Configure IP addressing on _____________________________ and enable the interface.
• Configure the hostname as _____________________________.
• Encrypt all plaintext passwords.
_________________(config)# service password-encryption
• Set a strong secret password of your choosing.
• Set the domain name to _____________________________.com (case-sensitive for scoring in
PT).
_________________(config)# ip domain-name [[R1Name]].com
• Create a user of your choosing with a strong password.
_________________(config)# username any_user password any_password
Generate 1024-bit RSA keys.
Note: In Packet Tracer, enter the crypto key generate rsa command and press Enter to continue.
_________________(config)# crypto key generate rsa
______________________________________________________________________________
______
_________________________________________________________________________
___________
• Block anyone for three minutes who fails to log in after four attempts within a two-minute period.
_________________(config)# login block-for 180 attempts 4 within 120
• Configure the VTY lines for SSH access and use the local user profiles for authentication.
_________________(config)# line vty 0 4
_________________(config-line)# transport input ssh
_________________(config-line)# login local
Save the configuration to NVRAM.
• Be prepared to demonstrate to your instructor that you have established SSH access from
_____________________________ to _____________________________. Isomorph ID:
_______ _______ _______
4.1.1 Introduction
4.1.2 Objective
4.2.1 Summary
This exercise provides knowledge of the TCP / IP protocol suite and its relationship to
the 7-layer OSI model. Data packets when sent from "source" to "destination" will move
through many layers (layers) and many different networks (network), will be subdivided
into PDU and add an identifier to re-assemble at the receiving device . In this lesson,
students will understand the communication and communication issues in computer
networks.
Basic Practice
Test At Device Dest. MAC Src MAC Src IPv4 Dest IPv4
Step 1: Subnet the 192.168.100.0/24 network into the appropriate number of subnets.
vvv. Based on the topology, how many subnets are needed?
www. ______________________________________________________________________________
____ H ow many bits must be borrowed to support the number of subnets in the topology table?
xxx. How many subnets does this create?
yyy. How many usable hosts does this create per subnet?
Note: If your answer is less than the 25 hosts required, then you borrowed too many bits.
zzz. Calculate the binary value for the first five subnets. The first subnet is already shown.
Net 0: 192 . 168 . 100 . 0 0 0 0 0 0 0 0
Net 1: 192 . 168 . 100 . ___ ___ ___ ___ ___ ___ ___ ___
Net 2: 192 . 168 . 100 . ___ ___ ___ ___ ___ ___ ___ ___
Net 3: 192 . 168 . 100 . ___ ___ ___ ___ ___ ___ ___ ___
Net 4: 192 . 168 . 100 . ___ ___ ___ ___ ___ ___ ___ ___ aaaa.
__________________________________________________________________________________ C
alculate the binary and decimal value of the new subnet mask.
11111111.11111111.11111111. ___ ___ ___ ___ ___ ___ ___ ___
bbbb. __________________________________________________________________________________
F ill in the Subnet Table, listing the decimal value of all available subnets, the first and last usable host
address, and the broadcast address. Repeat until all addresses are listed.
Note: You may not need to use all rows.
Address Table:
Device Interface IPv6 Address Link-Local
G0/0 FE80::1
R1 G0/1 FE80::1
S0/0/0 FE80::1
G0/0 FE80::2
R2 G0/1 FE80::2
S0/0/0 FE80::2
PC1 NIC Auto Config
PC2 NIC Auto Config
PC3 NIC Auto Config
PC4 NIC Auto Config
Step 1: Determine the number of subnets needed.
Start with the IPv6 subnet 2001:DB8:ACAD:00C8::/64 and assign it to the R1 LAN attached to
GigabitEthernet 0/0, as shown in the Subnet Table. For the rest of the IPv6 subnets, increment the
2001:DB8:ACAD:00C8::/64 subnet address by 1 and complete the Subnet Table with the IPv6 subnet
addresses.
Subnet Table
Subnet Description Subnet Address
f. Assign the first IPv6 addresses to R2 for the two LANs. Assign the second IPv6 address for the WAN link.
g. Document the IPv6 addressing scheme in the Addressing Table.
Part 3.2 Configure the IPv6 Addressing on Routers and PCs and Verify Connectivity
Configure the four PCs for autoconfiguration. Each should then automatically receive full IPv6 addresses
from the routers.
Address Table:
G0/0 N/A
G0/1 N/A
G0/2 2001:DB8:FFFF:FFFF::2/64 N/A
PC-A1 NIC
PC-A2 NIC
PC-B1 NIC
PC-B2 NIC
Requirements
• Configure the initial settings on Branch-A and Branch-B, including the hostname, banner, lines, and
passwords. Use cisco as the user EXEC password and class as the privileged EXEC password.
Encrypt all passwords.
• LAN A1 is using the subnet 172.20.16.0/23. Assign the next available subnet to LAN A2 for a
maximum of 250 hosts.
• LAN B1 is using the subnet 2001:DB8:FADE:00FF::/64. Assign the next available subnet to LAN B2.
• Finish documenting the addressing scheme in the Addressing Table using the following guidelines:
- Assign the first IP address for LAN A1, LAN A2, LAN B1, and LAN B2 to the router interface.
- For the IPv4 networks, assign the last IPv4 address to the PCs.
- For the IPv6 networks, assign the 16th IPv6 address to the PCs.
• Configure the routers addressing according to your documentation. Include an appropriate description
for each router interface. Branch-B uses FE80::B as the link-local address.
• Configure PCs with addressing according to your documentation. The DNS Server addresses for IPv4
and IPv6 are shown in the topology.
• Verify connectivity between the IPv4 PCs and between the IPv6 PCs.
• Verify the IPv4 PCs can access the web page at central.pka.
• Verify the IPv6 PCs can access the web page at centralv6.pka.
TRANSPORT LAYER
5.1.1 Introduction
5.1.2 Objective
Part 1: TCP
Part 2: UDP
Part 3: Skills Integration Challenge
CONTENTS
5.2.1 Summary
Part 1: TCP
Step 1: Generate traffic to fill in the address resolution table (ARP)
a. Select Multiserver and select Desktop> Command Prompt
b. Type ping command 192.168.1.255> wait for the response.
i. To: user@multiserver.pt.ptu
ii. Subject: Pesonalizethe subject line
iii. E-mail body: Personalize the Email
c. Select Send
Result:
Step 6: Observe and check the simulation results in each client to see the network traffic
needed in each application.
Part 2: UDP
Use the Capture / Forward function to retrieve all PDUs that appear in the model and answer the following
questions:
On the switch:
• Why are some PDUs lost compared to the original?
• Có Should all clients receive responses? Why is only one PDU transmitted at a time?
• Why do PDUs come in so many different colors?
HTTP protocol:
• Filter the HTTP (TCP) protocol when the Client accesses the Web service on the Server:
• In “Inbound PDU Details”, please indicate the value in the “last section” field?
• Is this communication between Client and Server reliable?
• What are the values of the following fields: SRC PORT, DEST PORT, SEQUENCE NUM, and
ACK NUM? Compare these values at Client and Server locations?
• Please indicate the first message that the Client sent to MultiServer during communication
with HTTP?
FTP protocol:
• Filter out the FTP (TCP) protocol, then open and analyze the PDU packet sent from the Client
• In “Inbound PDU Details”, please indicate the value in the “last section” field?
• Is this communication between Client and Server reliable?
• What are the values of the following fields: SRC PORT, DEST PORT, SEQUENCE NUM, and
ACK NUM?
• Open and analyze PDU packages sent from the Server
• Compare these values at 2 Client locations? Indicate the values of the following fields: SRC
PORT, DEST PORT, SEQUENCE NUM, and ACK NUM?
• Open and analyze the 2nd PDU packet sent from the Server, indicating the message content
The message contained in this PDU?
DNS protocol:
• Please filter out DNS protocol (UDP)
• In “Inbound PDU Details”, please indicate the value in the “last section” field?
• Is this communication between Client and Server reliable?
• What is the value of SRC PORT, DEST PORT? Why are there no schools?
• SEQUENCE NUM, and ACK NUM
• Compare the SEQUENCE NUM, and PORT fields in the PDU packet sent from the Client and
from the Server?
• What was the last PDU package sent with content? Protocol used in email
• Please filter for the following protocols POP3, SMTP and TCP and indicate Which
transport protocol is used?
• Is this communication between Client and Server reliable
• What is the value of SRC PORT, DEST PORT? Why are there no schools? SEQUENCE
NUM, and ACK NUM
• Compare the SEQUENCE NUM, and PORT fields in the PDU packet sent from the Client and
from the Server?
• Please tell me which protocol uses port 25?
• Please tell me which protocol uses port 110 Service port number on the server:
• Select MultiServer> Desktop tab> Command Prompt> netstat Which protocols are listed?
• Nào Which service port number is the server using?
• What is the status of the service port?
• Repeat the "netstat" command until a "session" is "ESTABLISHED", indicating which service
is still connected?
6.1.1 Introduction
6.1.2 Objective
6.2.1 Summary
Topology:
Part 1.1 Examine the Networt and Evaluete the Need for Static Routing
a. Looking at the topology diagram, how many networks are there in total? 5
b. How many networks are directly connected to R1, R2, and R3? R1 has 2, R2 has 3,
and R3 has 2.
c. How many static routes are required by each router to reach networks that are not
directly connected? R1 needs 3 static routes, R2 needs 2 static routes, and R3
needs 3 static
routes.
d. Test connectivity to the R2 and R3 LANs by pinging PC2 and PC3 from PC1.
Why were you unsuccessful? Because there are no routes to these networks on R1.
a. What is recursive static route? A recursive static route relies on the next hop router in order
for packets to be sent to its destination. A recursive static route requires two routing table
lookups.
b. Why does a recursive static route require two routing table lookups? It must first look in
the routing table for the destination network and then look up the exit interface/direction of
the network for the next hop router.
c. Configure a recursive static route to every network not directly connected to R1, including
the WAN link between R2 and R3.
ip route 172.31.0.0 255.255.255.0 172.31.1.193 ip
172.31.1.193
d. Test connectivity to the R2 LAN and ping the IP addresses of PC2 and PC3.
Why were you unsuccessful? R1 has a route to the R2 and R3 LANs, but R2 and R3
do not have a routes to R1.
a. How does a directly attached static route differ from a recursive static route?
A directly attached static route relies on its exit interface in order for packets
to be sent to its destination, while a recursive static route uses the IP address
of
the next hop
router.
b. Configure a directly attached static route from R2 to every network not directly
connected.
ip route 172.31.1.0 255.255.255.128 Serial0/0/0 ip
route 172.31.1.128 255.255.255.192 Serial0/0/1
a. How does a default route differ from a regular static route? A default route, also known
as the gateway of last resort, is the network route used by a router when no other known route exists
for a destination network. A static route is used to route traffic to a specific network.
b. Configure a default route on R3 so that every network not directly connected is
reachable. ip route 0.0.0.0 0.0.0.0 Serial0/0/1
c. How is a static route displayed in the routing table? S* 0.0.0.0/0 Step 4: Document
the commands for fully specified routes.
Note: Packet Tracer does not currently support configuring fully specified
static routes. Therefore, in this step, document the configuration for fully
specified routes.
a. Explain a fully specified route. A fully specified route is a static route that is configured with an exit
interface and the next hop address.
b. Which command provides a fully specified static route from R3 to the R2 LAN?
d. Write a fully specified static route from R3 to the R1 LAN. Do not configure the route; just calculate
it.
R3(config)# ip route 172.31.1.0 255.255.255.128 s0/0/1 172.31.1.197
Which show commands can you use to verify that the static routes are
configured correctly? show ip route, show ip route static, and the show ip route
[network] commands
Address Table:
Part 2.1 Examine the Networt and Evaluete the Need for Static Routing
a. Looking at the topology diagram, how many networks are there in total? 5
b. How many networks are directly connected to R1, R2, and R3? R1 has 2, R2 has 3,
and R3 has 2.
c. How many static routes are required by each router to reach networks that are not
directly connected? R1 needs to configure 3 static routes, R2 needs to configure 2
static routes, and R3 needs to configure 3 static routes.
d. Which command is used to configure IPv6 static routes? ipv6 route
[network/prefix] [exit interface/next hop address]
Part 2.2 Configuring Ipv4 Static and Default Routes
Step 1: Enable IPv6 routing on all routers.
Before configuring static routes, we must configure the router to forward IPv6 packets
Which command accomplishes this? ipv6 unicast-routing
Configure an IPv6 recursive static route to every network not directly connected to R1.
Step 3: Configure a directly attached and a fully specified static route on R2.
Configure a recursive default route on R3 to reach all networks not directly connected.
a. Which command is used to verify the IPv6 configuration of a PC from the command
prompt? ipv6config
a. Which command displays the IPv6 addresses configured on a router's interface?
show ipv6 interface brief
b. Which command displays the contents of the IPv6 routing table? show ipv6
route
Part 2.3 Verify Connectivity
Every device should now be able to ping every other device. If not, review
your static and default route configurations.
a. Configure a directly attached static default route from Edge_Router to the Internet.
The primary default route should be through ISP1.
Edge_Router(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0
b. Display the contents of the routing table. Verify that the default route is visible in the routing
table.
Edge_Router# show ip route
<output omitted>
Trace complete.
a. What is the administrative distance of a static route? 0 for directly attached and 1 for
recursive
b. Configure a directly attached floating static default route with an administrative distance of
5. The route should point to ISP2.
Edge_Router(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1 5
c. View the running configuration and verify that the floating static default route is there, as
well as the static default route.
Edge_Router# show run
Building configuration...
<output omitted>
ip route 0.0.0.0
0.0.0.0 Serial0/0/0 ip
route 0.0.0.0 0.0.0.0
Serial0/0/1 5
!
d. Display the contents of the routing table. Is the floating static route visible in the routing
table? Why or why not? No. It is not being displayed because it is not the primary route. Routers
will only place the best path in the routing table and since this is the backup route, it will only be
visible in the routing table when the primary route goes down.
Edge_Router(config-if)# shutdown
<output omitted>
3 0 ms 2 ms0 ms
Trace complete.
Did the backup route work? If not, wait a few more seconds for convergence and then
re-test. If the backup route is still not working, investigate your floating static route
configuration.
d. Restore connectivity to the primary route.
Edge_Router(config)# interface s0/0/0
Edge_Router(config-if)# no shutdown
e. Trace the route from PC-A to the Web Server to verify that the primary route is restored.
Trace complete.
c. Use version 2 of the RIP protocol and disable the summarization of networks.
R1(config-router)# version 2
R1(config-router)# no auto-summary
e. Configure the LAN port that contains no routers so that it does not send out any routing information.
R1(config-router)# passive-interface gig 0/0
f. Advertise the default route configured in step 1a with other RIP routers.
b. Use version 2 of the RIP protocol and disable the summarization of networks.
R2(config-router)# version 2
R2(config-router)# no auto-summary
R3(config-router)# version 2
R3(config-router)# no auto-summary
a. Use the appropriate command to show the routing table of R1. RIP (R) now appears
with connected (C) and local (L) routes in the routing table. All networks have an
entry. You also see a default route listed.
b. View the routing tables for R2 and R3. Notice that each router has a full listing of all
the 192.168.x.0 networks and a default route.
Every device should now be able to ping every other device inside the network. In
addition, all devices should be able to ping the Web Server.
Address Table:
7.1.1 Introduction
7.1.2 Objective
CONTENTS
7.2.1 Summary
Address Table:
Device Interface IP Address Subnet Mask
h. Why is PC2 able to ping PC1, but the Rouge Laptop is not? Part 2: Configuring VLAN
Topology:
Address Table:
On S1, issue the command that displays all VLANs configured. By default, all interfaces are assigned
to VLAN 1.
Which command will only display the VLAN name, status, and associated ports on a switch?
S3 uses the same VLAN access port assignments as S2. Configure the interfaces as access ports and
assign the VLANs as follows:
• VLAN 10: FastEthernet 0/11
• VLAN 20: FastEthernet 0/18
• VLAN 30: FastEthernet 0/6
S3(config)# interface f0/11
S3(config-if)# switchport mode access
S3(config-if)# switchport access vlan 10
S3(config-if)# interface f0/18
S3(config-if)# switchport mode access
S3(config-if)# switchport access vlan 20
S3(config-if)# interface f0/6
S3(config-if)# switchport mode access
S3(config-if)# switchport access vlan 30
Address Table:
b. Configure VLAN 99 as the native VLAN for G0/1 and G0/2 interfaces on S1.
The trunk port takes about a minute to become active due to Spanning Tree. Click Fast Forward
Time to speed the process. After the ports become active, you will periodically receive the
following syslog messages:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
GigabitEthernet0/2 (99), with S3 GigabitEthernet0/2 (1).
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
GigabitEthernet0/1 (99), with S2 GigabitEthernet0/1 (1).
You configured VLAN 99 as the native VLAN on S1. However, S2 and S3 are using VLAN 1 as the
default native VLAN as indicated by the syslog message.
Although you have a native VLAN mismatch, pings between PCs on the same VLAN are now
successful. Why?
Step 2: Verify trunking is enabled on S2 and S3.
On S2 and S3, issue the show interface trunk command to confirm that DTP has successfully
negotiated trunking with S1 on S2 and S3. The output also displays information about the trunk
interfaces on S2 and S3.
Which active VLANs are allowed to cross the trunk?
Address Table:
From PC1, ping PC3. The pings should still fail. Why were the pings unsuccessful?
Part 4.3 Configure Subnet Interface
k. How can you determine that the interface is a trunk port using the show vlan command?
l. Issue the show interface trunk command to verify the interface is configured as a trunk.
o. You should see ARP requests and replies between S1 and R1. Then ARP requests and replies
between R1 and S3. Then PC1 can encapsulate an ICMP echo request with the proper data-link
layer information and R1 will route the request to PC3.
Note: After the ARP process finishes, you may need to click Reset Simulation to see the ICMP
process complete.
Address Table:
Requirements:
- VTY lines only accept SSH connections and use local login for authentication
Configure the port security feature to restrict network access:
- Disable all unused ports.
- Set the interface mode to access.
- Enable port security to allow only two hosts per port.
- Record the MAC address in the running configuration.
- Ensure that port violations disable ports
Address Table:
10 Faculty/Staff Fa0/11-17
20 Students Fa0/18-24
30 Guest(Default) Fa0/6-10
88 Native G0/1
99 Management VLAN 99
Requeirements:
• Assign IP addressing to R1 and S1 based on the Addressing Table.
• Create, name and assign VLANs on S1 based on the VLAN and Port Assignments Table. Ports
should be in access mode.
• Configure S1 to trunk, allow only the VLANs in the VLAN and Port Assignments Table.
• Configure the default gateway on S1.
• All ports not assigned to a VLAN should be disabled.
• Configure inter-VLAN routing on R1 based on the Addressing Table.
• Verify connectivity. R1, S1, and all PCs should be able to ping each other and the cisco.pka
server.
Challeng 3:
Topology:
Address Table:
VLAN Table:
VLAN Name Interfaces
10 Sales F0/11-15
20 Production F0/16-20
30 Marketing F0/5-10
88 Management F0/21-24
99 Native G0/1
Requirements
• Configure inter-VLAN routing on R1 based on the Addressing Table.
• Configure trunking on S1.
• Configure four directly attached static route on HQ to each VLANs 10, 20, 30 and 88.
• Configure directly attached static routes on HQ to reach Outside Host.
- Configure the primary path through the Serial 0/1/0 interface.
- Configure the backup route through the Serial 0/1/1 interface with a 10 AD.
• Configure a directly attached default route on R1.
• Verify connectivity by making sure all the PCs can ping Outside Host.
8.1.1 Introduction
8.1.2 Objective
CONTENTS
8.2.1 Summary
Address Table:
PC-A (Simulated
Server) NIC 192.168.1.20 255.255.255.0 192.168.1.1
PC-B NIC 192.168.1.21 255.255.255.0 192.168.1.1
Step 1: Configure a static mapping.
A static map is configured to tell the router to translate between the private inside server address
192.168.1.20 and the public address 209.165.200.225. This allows a user from the Internet to access
PC-A. PC-A is simulating a server or device with a constant address that can be accessed from the
Internet.
Gateway(config)# ip nat inside source static 192.168.1.20 209.165.200.225
Issue the ip nat inside and ip nat outside commands to the interfaces.
Gateway(config)# interface g0/1
Gateway(config-if)# ip nat inside
Gateway(config-if)# interface s0/0/1
Note: The NAT for the ICMP request may have timed out and been removed from the NAT table.
What was the protocol used in this translation? ____________ What
are the port numbers used?
Inside global / local: ________________
Outside global / local: ________________
d. Because static NAT was configured for PC-A, verify that pinging from ISP to PC-A at the static
NAT public address (209.165.200.225) is successful.
e. On the Gateway router, display the NAT table to verify the translation.
Gateway# show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 209.165.200.225:12 192.168.1.20:12 209.165.201.17:12 209.165.201.17:12
--- 209.165.200.225 192.168.1.20 --- ---
Notice that the Outside local and Outside global addresses are the same. This address is the ISP
remote network source address. For the ping from the ISP to succeed, the Inside global static NAT
address 209.165.200.225 was translated to the Inside local address of PC-A (192.168.1.20).
f. Verify NAT statistics by using the show ip nat statistics command on the Gateway router.
Gateway# show ip nat statistics
Total active translations: 2 (1 static, 1 dynamic; 1 extended)
Peak translations: 2, occurred 00:02:12 ago Outside
interfaces:
Serial0/0/1
Inside interfaces:
GigabitEthernet0/1
Hits: 39 Misses: 0
CEF Translated packets: 39, CEF Punted packets: 0
Expired translations: 3 Dynamic
mappings:
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Note: This is only a sample output. Your output may not match exactly.
Step 2: Define an access control list (ACL) that matches the LAN private IP address range.
ACL 1 is used to allow 192.168.1.0/24 network to be translated.
Gateway(config)# access-list 1 permit 192.168.1.0 0.0.0.255 Step
Issue the show ip nat statistics command on the Gateway router to verify the NAT configurations.
Step 5: Define the NAT from the inside source list to the outside pool.
Note: Remember that NAT pool names are case-sensitive and the pool name entered here must
match that used in the previous step.
Gateway(config)# ip nat inside source list 1 pool public_access Step
p. From PC-B, ping the Lo0 interface (192.31.7.1) on ISP. If the ping was unsuccessful, troubleshoot
and correct the issues. On the Gateway router, display the NAT table.
Gateway# show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 209.165.200.225 192.168.1.20 --- --- icmp
209.165.200.242:1 192.168.1.21:1 192.31.7.1:1 192.31.7.1:1
--- 209.165.200.242 192.168.1.21 --- ---
What is the translation of the Inside local host address for PC-B?
192.168.1.21 = _________________________________________________________
A dynamic NAT entry was added to the table with ICMP as the protocol when PC-B sent an ICMP
message to 192.31.7.1 on ISP.
What port number was used in this ICMP exchange? ______________
q. From PC-B, open a browser and enter the IP address of the ISP-simulated web server (Lo0
interface). When prompted, log in as webuser with a password of webpass.
r. Display the NAT table.
Pro Inside global Inside local Outside local Outside global
--- 209.165.200.225 192.168.1.20 --- --- tcp
209.165.200.242:1038 192.168.1.21:1038 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1039 192.168.1.21:1039 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1040 192.168.1.21:1040 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1041 192.168.1.21:1041 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1042 192.168.1.21:1042 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1043 192.168.1.21:1043 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1044 192.168.1.21:1044 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1045 192.168.1.21:1045 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1046 192.168.1.21:1046 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1047 192.168.1.21:1047 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1048 192.168.1.21:1048 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1049 192.168.1.21:1049 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1050 192.168.1.21:1050 192.31.7.1:80 192.31.7.1:80 tcp
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Note: This is only a sample output. Your output may not match exactly.
Static entry in use, do you want to delete child entries? [no]: yes u.
Clear the NATs and statistics.
v. Ping the ISP (192.31.7.1) from both hosts.
w. Display the NAT table and statistics.
Gateway# show ip nat statistics
Total active translations: 4 (0 static, 4 dynamic; 2 extended)
Peak translations: 15, occurred 00:00:43 ago
Outside interfaces:
Serial0/0/1
Inside interfaces:
GigabitEthernet0/1
Hits: 16 Misses: 0
CEF Translated packets: 285, CEF Punted packets: 0
Expired translations: 11 Dynamic
mappings:
-- Inside Source
[Id: 1] access-list 1 pool public_access refcount 4 pool
public_access: netmask 255.255.255.224 start 209.165.200.242
end 209.165.200.254 type generic, total addresses 13,
allocated 2 (15%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
This is only a sample output. Your output may not match exactly.
Address Table:
Step 2: Set PC1 and PC2 to receive IP addressing information from DHCP.
bb. Configure the Gigabit Ethernet 0/1 interface on R2 to receive IP addressing from DHCP and
activate the interface.
R2(config)# interface g0/1
R2(config-if)# ip address dhcp
R2(config-if)# no shutdown
Note: Use Packet Tracer’s Fast Forward Time feature to speed up the process or wait until R2
forms an EIGRP adjacency with the ISP router.
cc. Use the show ip interface brief command to verify that R2 received an IP address from DHCP.
2: Verify configurations.
Verify that PC1 and PC2 can now ping each other and all other devices.
Address Table:
Requirements
Using the information in the tables above, implement the following requirements:
• Create VLANs on S2 and assign VLANs to appropriate ports. Names are case-sensitive
Configure S2 ports for trunking.
• Configure all non-trunk ports on S2 as access ports.
• Configure R1 to route between VLANs. Subinterface names should match the VLAN number.
• Configure R1 to act as a DHCP server for the VLANs attached to S2.
- Create a DHCP pool for each VLAN. Names are case-sensitive.
- Assign the appropriate addresses to each pool.
- Configure DHCP to provide the default gateway address
- Configure the DNS server 209.165.201.14 for each pool.
- Prevent the first 10 addresses from each pool from being distributed to end devices.
• Verify that each PC has an address assigned from the correct DHCP pool.
Note: DHCP address assignments may take some time. Click Fast Forward Time to speed up the
process.
• Configure R1 as a DHCP client so that it receives an IP address from the ISP network.
• Verify all devices can now ping each other and www.cisco.pka.
9.1.1 Introduction
- Requiment: Students gain knowledge and skills for command-line configuration (CLI).
9.1.2 Objective
9.2.1 Summary
Address Table:
b. By default, an ACL denies all traffic that does not match any rules. To permit all other traffic, create
a second rule for ACL 1.
R3(config)# access-list 1 permit any
c. Apply the ACL by placing it for outbound traffic on the Gigabit Ethernet 0/0 interface.
R3(config)# interface GigabitEthernet0/0 R3(config-if)#
ip access-group 1 out
Address Table:
Address Table:
Requirements:
This network is meant to have the following three policies implemented:
1. Do not allow hosts from the LAN1 (10.0.0.0/8) network access to the LAN2 (172.16.0.0/16)
network. Permit all other access.
2. Do not allow host L2 in LAN2 (172.16.0.0/16) network access to the LAN3 (192.168.0.0/24).
Permit all other access.
3. Only permit host L3 in LAN3 (192.168.0.0/24) network access to the LAN1 (10.0.0.0/8).
No other restrictions should be in place. Unfortunately, the rules that have been implemented are not
working correctly. Your task is to find and fix the errors related to the access lists on R1.
Note: To attain full marks in this lab, it is best to remove and re-enter ACLs. It is also best to remove
and re-enter any invalid ip access-group command.
Topology:
Address Table:
REVIEW AND TEST
Requirements:
dd. Divide 172.16.128.0/19 into two equal subnets for use on Branch.
1) Assign the last usable address of the second subnet to the Gigabit Ethernet 0/0 interface.
2) Assign the last usable address of the first subnet to the Gigabit Ethernet 0/1 interface.
3) Document the addressing in the Addressing Table.
4) Configure Branch with appropriate addressing ee. Configure B1 with appropriate
addressing using the first available address of the network to which it is attached. Document the
addressing in the Addressing Table.
ff. Configure HQ and Branch with RIPv2 routing according to the following criteria:
• Advertise all three attached networks. Do not advertise the link to the Internet.
• Configure appropriate interfaces as passive.
gg. Set a default route on HQ which directs traffic to S0/0/1 interface. Redistribute the route to Branch.
hh. Design a named access list HQServer to prevent any computers attached to the Gigabit Ethernet
0/0 interface of the Branch router from accessing HQServer.pka. All other traffic is permitted.
Configure the access list on the appropriate router, apply it to the appropriate interface and in the
appropriate direction.
ii. Design a named access list BranchServer to prevent any computers attached to the Gigabit
Ethernet 0/0 interface of the HQ router from accessing the Branch server. All other traffic is
permitted. Configure the access list on the appropriate router, apply it to the appropriate interface
and in the appropriate direction.