(GTTH) (ENG) Computer Networking

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY
PRACTICE COMPUTER
NETWORKING
Course summary
The course chooses the presentation according to the top-down approach and uses
the actual protocols of the network to illustrate. Accordingly, the contents will be
presented in order: basic concepts in computer networks, network architecture
models, network application services, core network operating principles, and
infrastructure techniques/standards. In this course, students will also get acquainted
with basic network equipment configuration, protocol analysis, simple network
design with tools such as Telnet, Wireshark, help consolidate the theory.
FACULTY OF INFORMATION TECHNOLOGY
For internal circulation only, 2020
i
Contents
PRACTICE 1: CONFIGURE INITIAL SWITCH SETTINGS ......................................................................... 1
OVERVIEW ................................................................................................................................................... 1
1.1.1 Introduction ............................................................................................................................................ 1
1.1.2 Objective ................................................................................................................................................. 1
1.1.3 Program Learning Outcome ................................................................................................................... 1
CONTENTS ................................................................................................................................................... 2
1.2.1 Summary ................................................................................................................................................. 2
1.2.2 Basic Practice ......................................................................................................................................... 2
1.2.3 Skills Intergration Challenge .................................................................................................................. 5
PRACTICE 2: CONFIGURE INITIAL ROUTER SETTINGS ........................................................................ 7
OVERVIEW ................................................................................................................................................... 7
2.1.1 Introduction ............................................................................................................................................ 7
2.1.2 Objective ................................................................................................................................................. 7
CONTENTS ................................................................................................................................................... 7
2.2.1 Summary ................................................................................................................................................. 7
2.2.2 Basic Practice ......................................................................................................................................... 7
2.2.3 Skills Intergration Challenge ................................................................................................................ 10
PRACTICE 3: COMMUNICATIONS AND NETWORK PROTOCOLS ......................................................
13
OVERVIEW ................................................................................................................................................. 13
3.1.1 Introduction .......................................................................................................................................... 13
3.1.2 Objective ............................................................................................................................................... 13
CONTENTS ................................................................................................................................................. 13
3.2.1 Summary ............................................................................................................................................... 13
3.2.2 Basic Practice ....................................................................................................................................... 13
PRACTICE 4: MAC AND IP ADDRESS........................................................................................................... 23
OVERVIEW ................................................................................................................................................. 23
4.1.1 Introduction .......................................................................................................................................... 23
4.1.2 Objective ............................................................................................................................................... 23
CONTENTS ................................................................................................................................................. 23
4.2.1 Summary ............................................................................................................................................... 23
4.2.2 Basic Practice ....................................................................................................................................... 23
4.2.3 Skills Intergration Challenge ................................................................................................................ 28
PRACTICE 5: TRANSPORT LAYER ............................................................................................................... 30

OVERVIEW ................................................................................................................................................. 30
5.1.1 Introduction .......................................................................................................................................... 30
ii
5.1.2 Objective ............................................................................................................................................... 30

CONTENTS ................................................................................................................................................. 30
5.2.1 Summary ............................................................................................................................................... 30
5.2.2 Basic Practice ....................................................................................................................................... 30
PRACTICE 6: STATIC ROUTE, DEFAULT ROUTE AND RIPV2 .............................................................. 37
OVERVIEW ................................................................................................................................................. 37
6.1.1 Introduction .......................................................................................................................................... 37
6.1.2 Objective ............................................................................................................................................... 37
CONTENTS ................................................................................................................................................. 37
6.2.1 Summary ............................................................................................................................................... 37
6.2.2 Basic Practice ....................................................................................................................................... 37
6.2.3 Skills Integration Challenge ................................................................................................................. 46
PRACTICE 7: VLAN AND TRUNK .................................................................................................................. 48
OVERVIEW ................................................................................................................................................. 48
7.1.1 Introduction .......................................................................................................................................... 48
7.1.2 Objective ............................................................................................................................................... 48
CONTENTS ................................................................................................................................................. 48
7.2.1 Summary ............................................................................................................................................... 48
7.2.2 Basic Practice ....................................................................................................................................... 48
PRACTICE 8: NAT AND DHCPV4 USING CISCO IOS ................................................................................ 61
OVERVIEW ................................................................................................................................................. 61
8.1.1 Introduction .......................................................................................................................................... 61
8.1.2 Objective ............................................................................................................................................... 61
CONTENTS ................................................................................................................................................. 61
8.2.1 Summary ............................................................................................................................................... 61
8.2.2 Basic Practice ....................................................................................................................................... 61
PRACTICE 9: CONFIGURE STANDARD ACLS ........................................................................................... 71
OVERVIEW ................................................................................................................................................. 71
9.1.1 Introduction .......................................................................................................................................... 71
9.1.2 Objective ............................................................................................................................................... 71
CONTENTS ................................................................................................................................................. 71
9.2.1 Summary ............................................................................................................................................... 71
9.2.2 Basic Practice ....................................................................................................................................... 71
PRACTICE 10: REVIEW AND TEST ............................................................................................................... 77
REVIEW .................................................................................................................................................... 77
BUILD SMALL NETWORK ..................................................................................................................... 77

CONFIGURE INITIAL SWITCH SETTINGS
1
Practice 1: CONFIGURE INITIAL

SWITCH SETTINGS
OVERVIEW
1.1.1 Introduction
- Lab 1: configure initial switch settings

- Practice time: class: 3 study hour, self-studying: 3 study hour.
- Requiment: Students gain knowledge and skills for command-line (Switch)
configuration (CLI).
1.1.2 Objective
Part 1: Cable the Network and Verify the Default Switch

Configuration Part 2: Configure Basic Network Device Settings -
Configure basic switch settings.
- Configure MOTD Banner
- Configure the PC IP address.
- Save the switch running configuration file.
Part 3: Configuretion of switch management interface -

Display device configuration.
- Configure VLAN
Part 4: Practice lab
1.1.3 Program Learning Outcome
- Present about the role of computer networks in nowadays; Basic concepts of network
models, characteristics of common network devices, common network applications,
principles of data transmission/reception via networks.
CONTENTS
1.2.1 Summary

2
Configuring and managing device configuration is one of the tasks of the system
administrator. In a network, there are many network devices operating with different
functions. In order for the system to operate properly as required, it is necessary to
configure the complete device and manage the configuration file well. The following
lesson will help students gain knowledge and skills for configuration on command line
switches (CLI).
 Check and configure basic equipment.
 Configure security port "console", password encryption
 Configure "Banner" on the device when the user "logs" into the Switch.
1.2.2 Basic Practice
Topology:
Addressing table:
Device Interface IP Address Subnet Mask Default Gateway
S1 VLAN 1 192.168.1.2 255.255.255.0 192.168.1.1

PC-A NIC 192.168.1.10 255.255.255.0 192.168.1.1
Required Resources:
• 1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or
comparable)
• 1 PC (Windows 7, Vista, or XP with terminal emulation program, such as
Tera Term, and Telnet capability)
• 1 Console cable to configure the Cisco IOS device via the console port
• 1 Ethernet cable as shown in the topology
Part 1: Verify the default switch configuration

3
In this step, you will examine the default switch settings, such as current switch
configuration, IOS information, interface properties, VLAN information, and flash
memory
a) Use the enable command to enter privileged EXEC mode.

Switch> enable
Switch#
b) Examine the current running configuration file

Switch# show running-config
c) Awnser the questions:
• How many FastEthernet interfaces does a 2960 switch have? __24_____
• How many Gigabit Ethernet interfaces does a 2960 switch have? ___2____
• What is the range of values shown for the vty lines? ___0-4____5-15_
Part 2: Configure Basic Network Device Settings
In Part 2, you will configure basic settings for the switch and PC.
Configure basic switch settings.
a) Configure basic switch settings. Step
1: Set name for switch
Switch# configure terminal

Switch(config)# hostname S1
S1(config)# exit
S1#
Step 2: Set security for the console port
S1# configure terminal

S1(config)# line console 0
S1(config-line)# password letmein
S1(config-line)# login
S1(config-line)# exit
S1(config)# exit
S1#
Step 3: Check the security for the console port
S1# exit
Switch con0 is now available
Press RETURN to get started. User
Access Verification Password:
S1>

4
Step 4: Security settings for privileged mode
S1> enable
S1# configure terminal
S1(config)# enable password c1$c0
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
Step 5: Check security settings for privileged mode

Step 6: Configure password encryption to protect privileged access
Use password itsasecret to encrypt the password as follows:

S1# config t
S1(config)# enable secret itsasecret
S1(config)# exit
S1#
Step 7: Check password encryption to access privileged mode

Use the command show running-config to check the newly set password
Step 8: Encryption enable password and console port
S1# config t
S1(config)# service password-encryption
S1(config)# exit
b) Configure MOTD Banner

Step 1: Configure the message for banner motd
S1# config t
S1(config)# banner motd "This is a secure system. Authorized Access
Only!"
S1(config)# exit
S1#
Step 2: Awnser the questions:
• When will the banner banner message appear? ________

• Why does every switch need a banner motd? ________
Step 3: Save on NVRAM
S1# copy running-config startup-config Destination

filename [startup-config]?[Enter] Building
configuration...
[OK]
c) Configure the PC IP address

5
Step 1: set the IP for the PC
Select Desktop -> enter TCP / IP parameters according to the address table above Step
2: Check the connection to the switch
From PCs, go to "Command Promt" -> use the "ping" command to the following address:
PC> ping 192.168.1.2
Observe and explain the achieved results

Part 3: Configuration of switch management interface
Because the Switch device uses the MAC address to communicate, it does not
configure the IP parameters on this device. However, to manage, the device needs to
try IP parameters to identify. In this case, the IP address that needs to be set on "Vlan
1" (available by default on the Switch) will be used.
IP configuration on VLAN 1 of S1:
S1 # configure terminal
Enter configuration commands, one per line. End with CNTL / Z.
S1 (config) # interface vlan 1
S1 (config-if) # ip address 192.168.1.2 255.255.255.0
S1 (config-if) # no shutdown
% LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to
up
S1 (config-if) # S1 (config-if) # exit S1
#
1.2.3 Skills Intergration Challenge Topology:
Addressing table:
Device Interface IP Address Subnet Mask
S1 VLAN 1 192.168.1.253 255.255.255.0

S2 VLAN 1 192.168.1.254 255.255.255.0
PC1 NIC 192.168.1.1 255.255.255.0
PC2 NIC 192.168.1.2 255.255.255.0

6
Requirements:
Configurate on S1 and S2:
1. Set hostname for S1 and S2
2. Set a password for the Console and Privilege EXEC modes:
2.1 Set the password "cisco" for Console mode
2.2 Set a password "class" for Privilege EXEC mode
3. Configure Motd Banner
4. Configure IP VLAN 1 according to the address table above
5. Save the configuration to NVRAM.
Configurate the PCs:

1. Configure PC1 and PC2 according to the address table above
2. Test connectivity to switches
2. Ping PC1 -> S1
3. Ping PC2 -> S2
4. Ping PC1 -> PC2

7
CONFIGURE INITIAL ROUTER SETTINGS
Practice 2: CONFIGURE INITIAL

ROUTER SETTINGS
OVERVIEW
2.1.1 Introduction
- Lab 2: configure initial router settings

- Requiment: Students gain knowledge and skills for command-line (Router)
2.1.2 Objective
Part 1: Verify the Default Router Configuration

Part 2: Configure and Verify the Initial Router Configuration
Part 3: Save the Running Configuration File
Part 4: Configure Router Interfaces
CONTENTS
2.2.1 Summary
2.2.2 Basic Practice Topology:
Part 1: Verify the Default Router Configuration
Step 1: Establish a console connection to R1.

a. Choose a Console cable from the available connections.
b. Click PCA and select RS 2911.
c. Click R1 and select Console.
d. Click PCA > Desktop tab > Terminal.
e. Click OK and press ENTER. You are now able to configure R1.
Step 2: Enter privileged mode and examine the current configuration.

8
You can access all the router commands from privileged EXEC mode. However,
because many of the privileged commands configure operating parameters, privileged
access should be password-protected to prevent unauthorized use.
a. Enter privileged EXEC mode by entering the enable command.
Router> enable
Router#
b. Enter the show running-config command:

Router# show running-config
c. Answer the following questions:
How many Fast Ethernet interfaces does the Router have? _______________________________
How many Gigabit Ethernet interfaces does the Router have?
_____________________________
How many Serial interfaces does the router have? ______________________________________
Part 2: Configuretion and Verify the Initial Router Configuration
To configure parameters on a router, you may be required to move between various

configuration modes. Notice how the prompt changes as you navigate through the
router.
Step 1: Configure the initial settings on R1.

Note: If you have difficulty remembering the commands, refer to the content for
this topic. The commands are the same as you configured on a switch. d. R1 as the
hostname.
e. Use the following passwords:
1) Console: letmein
2) Privileged EXEC, unencrypted: cisco
3) Privileged EXEC, encrypted: itsasecret
f. Encrypt all plain text passwords.

g. Message of the day text: Unauthorized access is strictly prohibited.
Step 2: Verify the initial settings on R1.

h. Verify the initial settings by viewing the configuration for R1. What command do you use?
i. Exit the current console session until you see the following message:
R1 con0 is now available
Press RETURN to get started.
j. Press ENTER; you should see the following message:

Unauthorized access is strictly prohibited.
User Access Verification

9
Password:
Why should every router have a message-of-the-day (MOTD) banner?
______________________________________________________________________________
If you are not prompted for a password, what console line command did you forget to configure?
______________________________________________________________________________
k. Enter the passwords necessary to return to privileged EXEC mode.

l. Why would the enable secret password allow access to the privileged EXEC mode
and the enable password no longer be valid?
______________________________________________________________________________
m. If you configure any more passwords on the router, are they displayed in the
configuration file as plain text or in encrypted form? Explain.
______________________________________________________________________________
Part 3: Save the Running Configuration File
a. Examine the contents of flash using the show flash command:

R1# show flash
b. Save the startup configuration file to flash using the following commands:
R1# copy startup-config flash
Destination filename [startup-config]
Part 4: Configure Router Interfaces

Topology:
Addressing table:
R1 G0/0 192.168.10.1 255.255.255.0 N/A

S1
PC1 NIC 192.168.10.10 255.255.255.0 192.168.10.1
Step 1: Configure the GigabitEthernet 0/0 interface on R1.
c. Enter the following commands to address and activate the GigabitEthernet 0/0 interface on R1:
R1(config)# interface gigabitethernet 0/0

10
R1(config-if)# ip address 192.168.10.1 255.255.255.0

R1(config-if)# no shutdown
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0,
changed state to up
d. It is good practice to configure a description for each interface to help document the network
information. Configure an interface description indicating to which device it is connected.
R1(config-if)# description LAN connection to S1
e. R1 should now be able to ping PC1.
R1(config-if)# end
R1# ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/2/8 ms
Step 2: Back up the configurations to NVRAM
Addressing Table:

11
G0/0 10.10.10.1 255.255.255.0 N/A

College
G0/1 10.10.11.1 255.255.255.0 N/A
Class-A VLAN 1 10.10.10.100 255.255.255.0
Class-B VLAN 1 10.10.11.100 255.255.255.0
Student-1 NIC 10.10.10.101 255.255.255.0
Student-2 NIC 10.10.10.102 255.255.255.0
Student-3 NIC 10.10.11.101 255.255.255.0
Student-4 NIC 10.10.11.102 255.255.255.0
Requirements:
• Provide the missing information in the Addressing Table.
• Name the router and the second switch. You will not be able to access.
• Use cisco as the user EXEC password for all lines.
• Use class as the privileged EXEC password.
• Encrypt all plain text passwords.
• Configure an appropriate banner.
• Configure addressing for all devices according to the Addressing Table.
• Document interfaces with descriptions, including the VLAN 1 interface.
• Save your configurassstions.
• Verify connectivity between all devices. All devices should be able to ping any other
device.
• Troubleshoot and document any issues.
• Implement the solutions necessary to enable and verify full end-to-end connectivity.

12
COMMUNICATIONS AND NETWORK PROTOCOLS
Practice 3: COMMUNICATIONS AND

NETWORK PROTOCOLS
OVERVIEW
3.1.1 Introduction
- Lab 3: Communications and Network Protocols

- Requiment: Students gain knowledge and skills for command-line (Switch)
3.1.2 Objective
Part 1: Web and Email

Part 2: DHCP and DNS
Part 3: FTP
Part 4: Configure Secure Passwords and SSH
Part 5: Skills Integration Challenge
CONTENTS
3.2.1 Summary
This exercise provides knowledge of the TCP / IP protocol suite and its relationship to
the 7-layer OSI model. Data packets when sent from "source" to "destination" will move
through many layers (layers) and many different networks (network), will be subdivided
into PDU and add an identifier to re-assemble at the receiving device . In this lesson,
students will understand the communication and communication issues in computer
networks.

13
Topology:

14
Part 1: Congiurate HTTP
Step 1: Switch from Realtime to Simulation mode in the lower right corner of Packet
Tracert, go to "Edit Filters" then select only HTTP protocol
Step 2: Create WEB traffic (HTTP protocol)
Open the web browser (Web Browser) in the Desktop tab of the Web Client, enter in
the address bar the following page www.osi.local and click the "Go" button.
Select "Capture / Forward" in the following image and observe the results in the
Event List when successfully opening the web page on the Web Client.

15
Part 2: Confiigure and Verify Web and Email services

Part 2.1 Configure and Verify Web
Topology:
Step 1: Configure web services on CentralServer and BranchServer.

f. Click CentralServer and click the Services tab > HTTP.
g. Click On to enable HTTP and HTTP Secure (HTTPS).
h. Optional. Personalize the HTML code.
i. Repeat Step1a – 1c on BranchServer.
Step 2: Verify the web servers by accessing the web pages.

There are many endpoint devices in this network, but for the purposes of this step, use PC3. j.
Click PC3 and click the Desktop tab > Web Browser.
k. In the URL box, enter 10.10.10.2 as the IP address and click Go. The CentralServer website
displays.
l. In the URL box, enter 64.100.200.1 as the IP address and click Go. The BranchServer website
displays.
m. In the URL box, enter centralserver.pt.pka and click Go. The CentralServer website displays.
n. In the URL box, enter branchserver.pt.pka and click Go. The BranchServer website displays.

16
o. What protocol is translating the centralserver.pt.pka and branchserver.pt.pka names to IP

addresses?
Part 2.2 Configure and Verify Email
Step 1: Configure CentralServer to send (SMTP) and receive (POP3) Email.

p. Click CentralServer, and then select the Services tab followed by the EMAIL button.
q. Click On to enable the SMTP and POP3.
r. Set the domain name to centralserver.pt.pka and click Set.
s. Create a user named central-user with password cisco. Click + to add the user.
Step 2: Configure BranchServer to send (SMTP) and receive (POP3) Email.

t. Click BranchServer and click the Services tab > EMAIL.
u. Click On to enable SMTP and POP3.
v. Set the domain name to branchserver.pt.pka and click Set.
w. Create a user named branch-user with password cisco. Click + to add the user.
Step 3: Configure PC3 to use the CentralServer email service.

x. Click PC3 and click the Desktop tab > E Mail.
y. Enter the following values into their respective fields:
1) Your Name: Central User
2) Email Address: central-user@centralserver.pt.pka
3) Incoming Mail Server: 10.10.10.2
4) Outgoing Mail Server: 10.10.10.2
5) User Name: central-user
6) Password: cisco
z. Click Save. The Mail Browser window displays.
aa. Click Receive. If everything has been set up correctly on both the client and server, the Mail
Browser window displays the Receive Mail Success message confirmation.
Step 4: Configure Sales to use the Email service of BranchServer.

bb. Click Sales and click the Desktop tab > E Mail.
cc. Enter the following values into their respective fields:
1) Your Name: Branch User
2) Email Address: branch-user@branchserver.pt.pka
3) Incoming Mail Server: 172.16.0.3
4) Outgoing Mail Server: 172.16.0.3
5) User Name: branch-user
6) Password: cisco dd. Click Save. The Mail Browser window displays.
ee. Click Receive. If everything has been set up correctly on both the client and server, the Mail
Browser window displays the Receive Mail Success message confirmation.

17
ff. The activity should be 100% complete. Do not close the Sales configuration window or the Mail
Browser window.
Step 5: Send an Email from the Sales client and the PC3 client.
gg. From the Sales Mail Browser window, click Compose.
hh. Enter the following values into their respective fields: 1) To: central-user@centralserver.pt.pka 2)
Subject: Personalize the subject line.
3) Email Body: Personalize the email.
ii. Click Send. jj. Verify that PC3 received the email. Click PC3. If the Mail Browser window is closed,
click E Mail. kk. Click Receive. An email from Sales displays. Double-click the email. ll. Click
Reply, personalize a response, and click Send.
mm. Verify that Sales received the reply.
Part 3: Configure and Verify DHCP and DNS services

Part 3.1 Configure and Verify DHCP service Topology:
Step 1: Configure the Inkjet printer with static IPv4 addressing.

The home office computers need to know the printer’s IPv4 address to send information to it. The
printer, therefore, must use a static (unchanging) IPv4 address. nn. Click Inkjet and click the
Config tab, which displays the Global Settings.
oo. Statically assign the Gateway address as 192.168.0.1 and the DNS Server address as 64.100.8.8.
pp. Click FastEthernet0 and statically assign the IP address as 192.168.0.2 and the Subnet Mask
address as 255.255.255.0.
qq. Close the Inkjet window.
Step 2: Configure WRS to provide DHCP services.

rr. Click WRS and click the GUI tab, and maximize the window.
ss. The Basic Setup window displays, by default. Configure the following settings in the Network Setup
section:
1) Change the IP Address to 192.168.0.1.

18
2) Set the Subnet Mask to 255.255.255.0.

3) Enable the DHCP Server.
4) Set the Static DNS 1 address to 64.100.8.8.
5) Scroll to the bottom and click Save.
tt. Close the WRS window.
Step 3: Request DHCP addressing for the home laptop.

This activity focuses on the home office. The clients that you will configure with DHCP are Home
Laptop and Tablet.
uu. Click Home Laptop and click the Desktop tab > IP Configuration. vv. Click DHCP and wait until
the DHCP request is successful.
ww. Home Laptop should now have a full IP configuration. If not, return to Step 2 and verify your
configurations on WRS.
xx. Close the IP Configuration window and then close the Home Laptop window.
Step 4: Request DHCP addressing for the tablet.

yy. Click Tablet and click the Desktop tab > IP Configuration. zz. Click DHCP and wait until the
DHCP request is successful.
aaa. Tablet should now have a full IP configuration. If not, return to Step 2 and verify your
configurations on WRS.
Step 5: Test access to websites.

bbb. Close the IP Configuration window, and then click Web Browser.
ccc. In the URL box, type 10.10.10.2 (for the CentralServer website) or 64.100.200.1 (for the
BranchServer website) and click Go. Both websites should appear.
ddd. Reopen the web browser. Test the names for those same websites by entering
centralserver.pt.pka and branchserver.pt.pka. Click on Fast Forward Time on the yellow
bar below the topology to speed the process.
Part 3.2 Configure Records on the DNS Server
Step 1: Configure famous.dns.pka with records for CentralServer and BranchServer.

Typically, DNS records are registered with companies, but for the purposes of this activity you control
the famous.dns.pka server on the Internet.
a. Click the Internet cloud. A new network displays.
b. Click famous.dns.pka and click the Services tab > DNS.
c. Add the following resource records:
Resource Record Name Address
centralserver.pt.pka 10.10.10.2
branchserver.pt.pka 64.100.200.1
d. Close the famous.dns.pka window.
e. Click Back to exit the Internet cloud.
Step 2: Verify the ability of client computers to use DNS.

19
Now that you have configured DNS records, Home Laptop and Tablet should be able to access the
websites by using the names instead of the IP addresses. First, check that the DNS client is working
properly and then verify access to the website. a. Click Home Laptop or Tablet.
b. If the web browser is open, close it and select Command Prompt.
Verify the IPv4 addressing by entering the command ipconfig /all. You should see the IP address
for the DNS server.
c. Ping the DNS server at 64.100.8.8 to verify connectivity.
Note: The first two or three pings may fail as Packet Tracer simulates all the various processes
that must occur for successful connectivity to a remote resource.
Test the functionality of the DNS server by entering the commands nslookup
centralserver.pt.pka and nslookup branchserver.pt.pka. You should get a name resolution
showing the IP address for each.
d. Close the Command Prompt window and click Web Browser. Verify that Home Laptop or Tablet
can now access the web pages for CentralServer and BranchServer.
Part 4: Configure FTP service

Topology
Part 4.1 Configure FTP Services on Servers
Step 1: Configure the FTP service on CentralServer.

eee. Click CentralServer > Services tab > FTP. fff. Click On to enable FTP
service. ggg. In User Setup, create the following user accounts. Click Add to add
the account:
Username Password Permissions
anonymous anonymous limited to Read and List
administrator cisco full permission

hhh. Click the default cisco user account and click Remove to delete it. Close the
CentralServer configuration window.
Step 2: Configure the FTP service on BranchServer.

Repeat Step 1 on BranchServer.

20
Part 4.2 Upload a file to the FTP Server
Step 1: Transfer the README.txt file from the home laptop to CentralServer.
As network administrator, you must place a notice on the FTP servers. The document has been
created on the home laptop and must be uploaded to the FTP servers. iii. Click Home Laptop
and click the Desktop tab > Text Editor.
jjj. Open the README.txt file and review it. Close the Text Editor when done.
Note: Do not change the file because this affects scoring.
kkk. In the Desktop tab, open the Command Prompt window and perform the following steps:
1) Type ftp centralserver.pt.pka. Wait several seconds while the client connects.
Note: Because Packet Tracer is a simulation, it can take up to 30 seconds for FTP to connect
the first time.
2) The server prompts for a username and password. Use the credentials for the administrator
account.
3) The prompt changes to ftp>. List the contents of the directory by typing dir. The file directory
on CentralServer displays.
4) Transfer the README.txt file: at the ftp> prompt, type put README.txt. The README.txt
file is transferred from the home laptop to CentralServer.
5) Verify the transfer of the file by typing dir. The README.txt file is now listed in the file
directory.
6) Close the FTP client by typing quit. The prompt will return to PC>.
Step 2: Transfer the README.txt file from the home laptop to BranchServer.
lll. Repeat Step 1c to transfer the README.txt file to branchserver.pt.pka. mmm. Close the
Command Prompt and Home Laptop windows, respectively. Part 4.3 Download a File from the
FTP Server
Step 1: Transfer README.txt from CentralServer to PC2.

nnn. Click PC2 and click the Desktop tab > Command Prompt.
1) Type ftp centralserver.pt.pka.
2) The server prompts for a username and password. Use the credentials for the anonymous
account.
3) The prompt changes to ftp>. List the contents of the directory by typing dir. The README.txt
file is listed at the top of the directory list.
4) Download the README.txt file: at the ftp> prompt, type get README.txt. The README.txt file
is transferred to PC2.
5) Verify that the anonymous account does not have the permission to write files to
CentralServer by typing put sampleFile.txt. The following error message displays:
Writing file sampleFile.txt to centralserver.pt.pka:
File transfer in progress...
%Error ftp://centralserver.pt.pka/sampleFile.txt (No such file or directory

Or Permission denied)
550-Requested action not taken. permission denied).

21
6) Close the FTP client by typing quit. The prompt returns to the PC> prompt.
7) Verify the transfer of the file to PC2 by typing dir. README.txt is listed in the directory.
8) Close the command line window.
ooo. In the Desktop tab, open the Text Editor and then the README.txt file to verify the integrity
of the file. ppp. Close the Text Editor and then the PC2 configuration window.
Step 2: Transfer the README.txt file from BranchServer to the Smart Phone.
Repeat Step 1 for Smart Phone, except download the README.txt file from branchserver.pt.pka.
Part 5: Configure Secure Password and SSH Topology:
Address Table:
G0/0 255.255.255.0 N/A

NIC 255.255.255.0
Requirements
• Configure IP addressing on _____________________________ according to the Addressing
Table.
• Console into _____________________________ from the Terminal on PC-A.
• Configure IP addressing on _____________________________ and enable the interface.
• Configure the hostname as _____________________________.
• Encrypt all plaintext passwords.
_________________(config)# service password-encryption
• Set a strong secret password of your choosing.
• Set the domain name to _____________________________.com (case-sensitive for scoring in
PT).
_________________(config)# ip domain-name [[R1Name]].com
• Create a user of your choosing with a strong password.
_________________(config)# username any_user password any_password
 Generate 1024-bit RSA keys.
Note: In Packet Tracer, enter the crypto key generate rsa command and press Enter to continue.
_________________(config)# crypto key generate rsa

22
______________________________________________________________________________
______
_________________________________________________________________________
___________
• Block anyone for three minutes who fails to log in after four attempts within a two-minute period.
_________________(config)# login block-for 180 attempts 4 within 120
• Configure the VTY lines for SSH access and use the local user profiles for authentication.
_________________(config)# line vty 0 4
_________________(config-line)# transport input ssh
_________________(config-line)# login local
 Save the configuration to NVRAM.
• Be prepared to demonstrate to your instructor that you have established SSH access from
_____________________________ to _____________________________. Isomorph ID:
_______ _______ _______

23
MAC AND IP ADDRESS
Practice 4: MAC AND IP ADDRESS

OVERVIEW
4.1.1 Introduction
- Lab 3: Mac and IP Address

- Requiment: Students gain knowledge and skills for command-line configuration (CLI).
4.1.2 Objective
Part 1: Gather PDU Information

Part 2: Subneting Scenario
Part 3: Implementing a Subnetted IPv6 Addressing
CONTENTS
4.2.1 Summary
This exercise provides knowledge of the TCP / IP protocol suite and its relationship to
the 7-layer OSI model. Data packets when sent from "source" to "destination" will move
through many layers (layers) and many different networks (network), will be subdivided
into PDU and add an identifier to re-assemble at the receiving device . In this lesson,
students will understand the communication and communication issues in computer
networks.
Basic Practice
Part 1: Gather PDU Information

Step 1: Gather PDU information as a packet travels from 172.16.31.2 to 10.10.10.3.
qqq. Click 172.16.31.2 and open the Command Prompt.
rrr. Enter the ping 10.10.10.3 command.
sss. Switch to simulation mode and repeat the ping 10.10.10.3 command. A PDU appears next to
172.16.31.2.
ttt. Click the PDU and note the following information from the Outbound PDU Layer tab:

MAC AND IP ADDRESS
24
• Destination MAC Address: 00D0:BA8E:741A

• Source MAC Address: 000C:85CC:1DA7
• Source IP Address: 172.16.31.2
• Destination IP Address: 10.10.10.3
• At Device: Computer uuu. Click Capture / Forward to move the PDU to the next device.
Gather the same information from Step 1d. Repeat this process until the PDU reaches its destination.
Record the PDU information you gathered into a spreadsheet using a format like the table shown below:
Test At Device Dest. MAC Src MAC Src IPv4 Dest IPv4
Ping from 172.16.31.2 00D0:BA8E:741A 000C:85CC:1DA7 172.16.31.2 10.10.10.3

172.16.31.2
to 10.10.10.3 Hub -- -- -- --
Switch1 00D0:BA8E:741A 000C:85CC:1DA7 -- --
Router 0060:4706:572B 00D0:588C:2401 172.16.31.2 10.10.10.3
Switch0 0060:4706:572B 00D0:588C:2401 -- --
Access Point -- -- -- --
10.10.10.3 0060:4706:572B 00D0:588C:2401 172.16.31.2 10.10.10.3
Step 2: Gather additional PDU information from other pings.
Repeat the process in Step 1 and gather the information for the following tests:
• Ping 10.10.10.2 from 10.10.10.3.
• Ping 172.16.31.2 from 172.16.31.3.
• Ping 172.16.31.4 from 172.16.31.5.
• Ping 172.16.31.4 from 10.10.10.2.
• Ping 172.16.31.3 from 10.10.10.2.
Part 2: Subnetting Scenario

Part 2.1 Design an IP Addressing Scheme Topology:
Step 1: Subnet the 192.168.100.0/24 network into the appropriate number of subnets.
vvv. Based on the topology, how many subnets are needed?

MAC AND IP ADDRESS
25
www. ______________________________________________________________________________
____ H ow many bits must be borrowed to support the number of subnets in the topology table?
xxx. How many subnets does this create?
yyy. How many usable hosts does this create per subnet?
Note: If your answer is less than the 25 hosts required, then you borrowed too many bits.
zzz. Calculate the binary value for the first five subnets. The first subnet is already shown.
Net 0: 192 . 168 . 100 . 0 0 0 0 0 0 0 0
Net 1: 192 . 168 . 100 . ___ ___ ___ ___ ___ ___ ___ ___
Net 2: 192 . 168 . 100 . ___ ___ ___ ___ ___ ___ ___ ___
Net 3: 192 . 168 . 100 . ___ ___ ___ ___ ___ ___ ___ ___
Net 4: 192 . 168 . 100 . ___ ___ ___ ___ ___ ___ ___ ___ aaaa.
__________________________________________________________________________________ C
alculate the binary and decimal value of the new subnet mask.
11111111.11111111.11111111. ___ ___ ___ ___ ___ ___ ___ ___
255 . 255 . 255 . ______

MAC AND IP ADDRESS
26
bbbb. __________________________________________________________________________________
F ill in the Subnet Table, listing the decimal value of all available subnets, the first and last usable host
address, and the broadcast address. Repeat until all addresses are listed.
Note: You may not need to use all rows.
Step 3: Assign the subnets to the network shown in the topology.

a. Assign Subnet 0 to the LAN connected to the GigabitEthernet 0/0 interface of R1: _____________
b. Assign Subnet 1 to the LAN connected to the GigabitEthernet 0/1 interface of R1: _____________
c. Assign Subnet 2 to the LAN connected to the GigabitEthernet 0/0 interface of R2: _____________
d. Assign Subnet 3 to the LAN connected to the GigabitEthernet 0/1 interface of R2: _____________
e. Assign Subnet 4 to the WAN link between R1 to R2: ____________________________________
Step 4: Document the addressing scheme.

Fill in the Addressing Table using the following guidelines:
a. Assign the first usable IP addresses to R1 for the two LAN links and the WAN link.
b. Assign the first usable IP addresses to R2 for the LANs links. Assign the last usable IP address for the
WAN link.
c. Assign the second usable IP addresses to the switches.
d. Assign the last usable IP addresses to the hosts.
Part 2.2 Assign IP Addresses to Network Devices and Verify Connectivity

Step 1: Configure IP addressing on R1 LAN interfaces.
Step 2: Configure IP addressing on S3, including the default gateway.
Step 3: Configure IP addressing on PC4, including the default gateway.
Step 4: Verify connectivity.
Part 3: Implementing a Subnetted IPv6 Addressing Scheme

Part 3.1 Determine the IPv6 Subnets and Addressing Scheme
Topology:

MAC AND IP ADDRESS
27
Address Table:
Device Interface IPv6 Address Link-Local
G0/0 FE80::1
R1 G0/1 FE80::1
S0/0/0 FE80::1
G0/0 FE80::2
R2 G0/1 FE80::2
S0/0/0 FE80::2
PC1 NIC Auto Config
PC2 NIC Auto Config
PC3 NIC Auto Config
PC4 NIC Auto Config
Step 1: Determine the number of subnets needed.
Start with the IPv6 subnet 2001:DB8:ACAD:00C8::/64 and assign it to the R1 LAN attached to
GigabitEthernet 0/0, as shown in the Subnet Table. For the rest of the IPv6 subnets, increment the
2001:DB8:ACAD:00C8::/64 subnet address by 1 and complete the Subnet Table with the IPv6 subnet
addresses.
Subnet Table
Subnet Description Subnet Address
R1 G0/0 LAN 2001:DB8:ACAD:00C8::0/64

R1 G0/1 LAN
R2 G0/0 LAN
R2 G0/1 LAN
WAN Link
Step 2: Assign IPv6 addressing to the routers.
e. Assign the first IPv6 addresses to R1 for the two LAN links and the WAN link.

MAC AND IP ADDRESS
28
f. Assign the first IPv6 addresses to R2 for the two LANs. Assign the second IPv6 address for the WAN link.
g. Document the IPv6 addressing scheme in the Addressing Table.
Part 3.2 Configure the IPv6 Addressing on Routers and PCs and Verify Connectivity
Step 1: Configure the routers with IPv6 addressing.

Note: This network is already configured with some IPv6 commands that are covered in a later course. At
this point in your studies, you only need to know how to configure IPv6 address on an interface.
Configure R1 and R2 with the IPv6 addresses you specified in the Addressing Table and activate the
interfaces.
Router(config-if)# ipv6 address ipv6-address/prefix
Router(config-if)# ipv6 address ipv6-link-local link-local Step
2: Configure the PCs to automatically receive IPv6 addressing.
Configure the four PCs for autoconfiguration. Each should then automatically receive full IPv6 addresses
from the routers.
Step 3: Verify connectivity between the PCs.

Each PC should be able to ping the other PCs and the routers.
Address Table:
IPv4 Address Subnet Mask

Device Interface Default Gateway
IPv6 Address/Prefix
G0/0 N/A
Branch-A G0/1 N/A

G0/2 172.20.31.254 255.255.255.252 N/A
Branch-B G0/0 N/A

MAC AND IP ADDRESS
29
G0/1 N/A
G0/2 2001:DB8:FFFF:FFFF::2/64 N/A
PC-A1 NIC
PC-A2 NIC
PC-B1 NIC
PC-B2 NIC
Requirements
• Configure the initial settings on Branch-A and Branch-B, including the hostname, banner, lines, and
passwords. Use cisco as the user EXEC password and class as the privileged EXEC password.
Encrypt all passwords.
• LAN A1 is using the subnet 172.20.16.0/23. Assign the next available subnet to LAN A2 for a
maximum of 250 hosts.
• LAN B1 is using the subnet 2001:DB8:FADE:00FF::/64. Assign the next available subnet to LAN B2.
• Finish documenting the addressing scheme in the Addressing Table using the following guidelines:
- Assign the first IP address for LAN A1, LAN A2, LAN B1, and LAN B2 to the router interface.
- For the IPv4 networks, assign the last IPv4 address to the PCs.
- For the IPv6 networks, assign the 16th IPv6 address to the PCs.
• Configure the routers addressing according to your documentation. Include an appropriate description
for each router interface. Branch-B uses FE80::B as the link-local address.
• Configure PCs with addressing according to your documentation. The DNS Server addresses for IPv4
and IPv6 are shown in the topology.
• Verify connectivity between the IPv4 PCs and between the IPv6 PCs.
• Verify the IPv4 PCs can access the web page at central.pka.
• Verify the IPv6 PCs can access the web page at centralv6.pka.

30
TRANSPORT LAYER
Practice 5: TRANSPORT LAYER

OVERVIEW
5.1.1 Introduction
- Lab 3: Transport Layer

5.1.2 Objective
Part 1: TCP
Part 2: UDP
CONTENTS
5.2.1 Summary
5.2.2 Basic Practice Topology:
Part 1: TCP
Step 1: Generate traffic to fill in the address resolution table (ARP)
a. Select Multiserver and select Desktop> Command Prompt
b. Type ping command 192.168.1.255> wait for the response.

TRANSPORT LAYER
31
c. Close the Multiserver window.
Step 2: Generate HTTP traffic (used in WEB applications)

a. Select HTTP Client and select Desktop> Web Browser
b. On the URL line, enter 192.168.1.254 -> Go -> PDU which will appear in the simulation
window Result:

TRANSPORT LAYER
32
c. Minimize and not close the HTTP Client window
Step 3: Create FTP traffic

a. Select FTP Client and select Desktop> Command Prompt
b. Enter ftp command 192.168.1.254 -> PDU will appear in the simulation window Results:
c. Minimize and not close the FTP Client window

TRANSPORT LAYER
33
Step 4: Create DNS traffic.

a. Select DNS Client and select Desktop> Command Promt
b. Enter the command nslookup multiserver.pt.ptu -> PDU which will appear in the simulation
window Results:
c. Minimize and not close the DNS Client window
Step 5: Create Email Traffic

a. Select Email Client and select Desktop -> Email
b. Select Compose and type as follow:

TRANSPORT LAYER
34
i. To: user@multiserver.pt.ptu
ii. Subject: Pesonalizethe subject line
iii. E-mail body: Personalize the Email
c. Select Send
Result:
d. Minimize and not close the Email Client window
Step 6: Observe and check the simulation results in each client to see the network traffic
needed in each application.
Part 2: UDP

TRANSPORT LAYER
35
Use the Capture / Forward function to retrieve all PDUs that appear in the model and answer the following
questions:
On the switch:
• Why are some PDUs lost compared to the original?
• Có Should all clients receive responses? Why is only one PDU transmitted at a time?
• Why do PDUs come in so many different colors?
HTTP protocol:
• Filter the HTTP (TCP) protocol when the Client accesses the Web service on the Server:
• In “Inbound PDU Details”, please indicate the value in the “last section” field?
• Is this communication between Client and Server reliable?
• What are the values of the following fields: SRC PORT, DEST PORT, SEQUENCE NUM, and
ACK NUM? Compare these values at Client and Server locations?
• Please indicate the first message that the Client sent to MultiServer during communication
with HTTP?
FTP protocol:
• Filter out the FTP (TCP) protocol, then open and analyze the PDU packet sent from the Client
• What are the values of the following fields: SRC PORT, DEST PORT, SEQUENCE NUM, and
ACK NUM?
• Open and analyze PDU packages sent from the Server
• Compare these values at 2 Client locations? Indicate the values of the following fields: SRC
PORT, DEST PORT, SEQUENCE NUM, and ACK NUM?
• Open and analyze the 2nd PDU packet sent from the Server, indicating the message content
 The message contained in this PDU?
DNS protocol:
• Please filter out DNS protocol (UDP)
• What is the value of SRC PORT, DEST PORT? Why are there no schools?
• SEQUENCE NUM, and ACK NUM
• Compare the SEQUENCE NUM, and PORT fields in the PDU packet sent from the Client and
from the Server?
• What was the last PDU package sent with content? Protocol used in email
• Please filter for the following protocols POP3, SMTP and TCP and indicate  Which
transport protocol is used?
• Is this communication between Client and Server reliable
• What is the value of SRC PORT, DEST PORT? Why are there no schools? SEQUENCE
NUM, and ACK NUM
• Compare the SEQUENCE NUM, and PORT fields in the PDU packet sent from the Client and
from the Server?
• Please tell me which protocol uses port 25?
• Please tell me which protocol uses port 110 Service port number on the server:

TRANSPORT LAYER
36
• Select MultiServer> Desktop tab> Command Prompt> netstat  Which protocols are listed?
• Nào Which service port number is the server using?
• What is the status of the service port?
• Repeat the "netstat" command until a "session" is "ESTABLISHED", indicating which service
is still connected?

37
STATIC ROUTE, DEFAULT ROUTE AND RIPv2
Practice 6: STATIC ROUTE, DEFAULT

ROUTE AND RIPv2
OVERVIEW
6.1.1 Introduction
- Lab 3: Configuration Static and Default Routes

6.1.2 Objective
Part 1: Configuring IPv4 Static and Default Routes

Part 3: Configuring a Floating Static Route
Part 4: Configuring RIPv2
CONTENTS
6.2.1 Summary
Topology:

38
Part 1.1 Examine the Networt and Evaluete the Need for Static Routing
a. Looking at the topology diagram, how many networks are there in total? 5
b. How many networks are directly connected to R1, R2, and R3? R1 has 2, R2 has 3,
and R3 has 2.
c. How many static routes are required by each router to reach networks that are not
directly connected? R1 needs 3 static routes, R2 needs 2 static routes, and R3
needs 3 static
routes.
d. Test connectivity to the R2 and R3 LANs by pinging PC2 and PC3 from PC1.
Why were you unsuccessful? Because there are no routes to these networks on R1.
Part 1.2 Configuring Ipv4 Static and Default Routes

Step 1: Configure recursive static routes on R1.
a. What is recursive static route? A recursive static route relies on the next hop router in order
for packets to be sent to its destination. A recursive static route requires two routing table
lookups.

39
b. Why does a recursive static route require two routing table lookups? It must first look in
the routing table for the destination network and then look up the exit interface/direction of
the network for the next hop router.
c. Configure a recursive static route to every network not directly connected to R1, including
the WAN link between R2 and R3.
ip route 172.31.0.0 255.255.255.0 172.31.1.193 ip
route 172.31.1.196 255.255.255.252 172.31.1.193
ip route 172.31.1.128 255.255.255.192
172.31.1.193
d. Test connectivity to the R2 LAN and ping the IP addresses of PC2 and PC3.
Why were you unsuccessful? R1 has a route to the R2 and R3 LANs, but R2 and R3
do not have a routes to R1.
Step 2: Configure directly attached static routes on R2.
a. How does a directly attached static route differ from a recursive static route?
A directly attached static route relies on its exit interface in order for packets
to be sent to its destination, while a recursive static route uses the IP address
of
the next hop
router.
b. Configure a directly attached static route from R2 to every network not directly
connected.
ip route 172.31.1.0 255.255.255.128 Serial0/0/0 ip
route 172.31.1.128 255.255.255.192 Serial0/0/1
c. Which command only displays directly connected networks? show ip route

connected
d. Which command only displays the static routes listed in the routing table? show ip
route static
e. When viewing the entire routing table, how can you distinguish between a directly
attached static route and a directly connected network? The static route has an S and a
directly connected network has a C.
Step 3: Configure a default route on R3.
a. How does a default route differ from a regular static route? A default route, also known
as the gateway of last resort, is the network route used by a router when no other known route exists
for a destination network. A static route is used to route traffic to a specific network.
b. Configure a default route on R3 so that every network not directly connected is
reachable. ip route 0.0.0.0 0.0.0.0 Serial0/0/1

40
c. How is a static route displayed in the routing table? S* 0.0.0.0/0 Step 4: Document
the commands for fully specified routes.
Note: Packet Tracer does not currently support configuring fully specified
static routes. Therefore, in this step, document the configuration for fully
specified routes.
a. Explain a fully specified route. A fully specified route is a static route that is configured with an exit
interface and the next hop address.
b. Which command provides a fully specified static route from R3 to the R2 LAN?
R3(config)# ip route 172.31.0.0 255.255.255.0 s0/0/1

172.31.1.197
c. Write a fully specified route from R3 to the network between R2 and R1. Do not configure the route;
just calculate it.
R3(config)# ip route 172.31.1.192 255.255.255.252 s0/0/1 172.31.1.197
d. Write a fully specified static route from R3 to the R1 LAN. Do not configure the route; just calculate
it.
R3(config)# ip route 172.31.1.0 255.255.255.128 s0/0/1 172.31.1.197
Step 5: Verify static route configurations.
Use the appropriate show commands to verify correct configurations.
Which show commands can you use to verify that the static routes are
configured correctly? show ip route, show ip route static, and the show ip route
[network] commands
Part 1.3 Verify Connectivity

Every device should now be able to ping every other device. If not, review your static
and default route configurations.
Part 2: Configuring IPv6 Static and Default Routes Topology:

41
Address Table:
Device Interfac IPv6 Address/Prefix Default

e Gateway
G0/0 2001:DB8:1:1::1/64 N/A
R1
S0/0/0 2001:DB8:1:A001::1/64 N/A
G0/0 2001:DB8:1:2::1/64 N/A
S0/0/0 2001:DB8:1:A001::2/64 N/A
R2
S0/0/1 2001:DB8:1:A002::1/64 N/A
G0/0 2001:DB8:1:3::1/64 N/A
R3
S0/0/1 2001:DB8:1:A002::2/64 N/A
PC1 NIC 2001:DB8:1:1::F/64 FE80::1
PC2 NIC 2001:DB8:1:2::F/64 FE80::2
PC3 NIC 2001:DB8:1:3::F/64 FE80::3
Part 2.1 Examine the Networt and Evaluete the Need for Static Routing
a. Looking at the topology diagram, how many networks are there in total? 5
b. How many networks are directly connected to R1, R2, and R3? R1 has 2, R2 has 3,
and R3 has 2.
c. How many static routes are required by each router to reach networks that are not
directly connected? R1 needs to configure 3 static routes, R2 needs to configure 2
static routes, and R3 needs to configure 3 static routes.
d. Which command is used to configure IPv6 static routes? ipv6 route
[network/prefix] [exit interface/next hop address]
Part 2.2 Configuring Ipv4 Static and Default Routes
Step 1: Enable IPv6 routing on all routers.

42
Before configuring static routes, we must configure the router to forward IPv6 packets
Which command accomplishes this? ipv6 unicast-routing
Enter this command on each router.

Step 2: Configure recursive static routes on R1.
Configure an IPv6 recursive static route to every network not directly connected to R1.
ipv6 route 2001:DB8:1:2::/64 2001:DB8:1:A001::2 ipv6

route 2001:DB8:1:A002::/64 2001:DB8:1:A001::2 ipv6
route 2001:DB8:1:3::/64 2001:DB8:1:A001::2
Step 3: Configure a directly attached and a fully specified static route on R2.
a. Configure a directly attached static route from R2 to the R1 LAN.

ipv6 route 2001:DB8:1:1::/64 Serial0/0/0
b. Configure a fully specific route from R2 to the R3 LAN.

Note: Packet Tracer v6.0.1 only checks for directly attached and recursive static
routes. Your instructor may ask to review your configuration of a fully specified IPv6
static route.
ipv6 route 2001:DB8:1:3::/64 Serial0/0/1
2001:DB8:1:A002::2
Step 4: Configure a default route on R3.
Configure a recursive default route on R3 to reach all networks not directly connected.
ipv6 route ::/0 2001:DB8:1:A002::1
Step 5: Verify static route configurations.
a. Which command is used to verify the IPv6 configuration of a PC from the command
prompt? ipv6config
a. Which command displays the IPv6 addresses configured on a router's interface?
show ipv6 interface brief
b. Which command displays the contents of the IPv6 routing table? show ipv6
route
Part 2.3 Verify Connectivity
Every device should now be able to ping every other device. If not, review
your static and default route configurations.

43
Part 3: Configuring a Floating Static Route Topology:
Part 3.1 Configure a Floating Static Route

Step 1: Configure a directly attached static default route.
a. Configure a directly attached static default route from Edge_Router to the Internet.
The primary default route should be through ISP1.
Edge_Router(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0
b. Display the contents of the routing table. Verify that the default route is visible in the routing
table.
Edge_Router# show ip route
<output omitted>
S* 0.0.0.0/0 is directly connected, Serial0/0/0
c. What command is used to trace a path from a PC to a destination? tracert

From PC-A, trace the route to the Web Server. The route should start
at the default gateway 192.168.10.1 and go through the 10.10.10.1
address. If not, check your static default route configuration.
PC> tracert 198.0.0.10
Tracing route to 198.0.0.10 over a maximum of 30 hops:
Trace complete.
Step 2: Configure a floating static route.
a. What is the administrative distance of a static route? 0 for directly attached and 1 for
recursive
b. Configure a directly attached floating static default route with an administrative distance of
5. The route should point to ISP2.
Edge_Router(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1 5

44
c. View the running configuration and verify that the floating static default route is there, as
well as the static default route.
Edge_Router# show run
Building configuration...
Current configuration : 781 bytes
<output omitted>
ip route 0.0.0.0
0.0.0.0 Serial0/0/0 ip
route 0.0.0.0 0.0.0.0
Serial0/0/1 5
!
d. Display the contents of the routing table. Is the floating static route visible in the routing
table? Why or why not? No. It is not being displayed because it is not the primary route. Routers
will only place the best path in the routing table and since this is the backup route, it will only be
visible in the routing table when the primary route goes down.
Part 3.2 Test Failover to the Backup Route
a. On Edge_Router, administratively disable the exit interface of the primary route.

Edge_Router(config)# interface s0/0/0
Edge_Router(config-if)# shutdown
b. Verify that the backup route is now in the routing table.

Edge_Router# show ip route
<output omitted>
S* 0.0.0.0/0 is directly connected, Serial0/0/1
c. Trace the route from PC-A to the Web Server.


1 0 ms 0 ms 0 ms 192.168.10.1
2 0 ms 0 ms 2 ms 10.10.10.5
3 0 ms 2 ms0 ms
Trace complete.
Did the backup route work? If not, wait a few more seconds for convergence and then
re-test. If the backup route is still not working, investigate your floating static route
configuration.
d. Restore connectivity to the primary route.
Edge_Router(config)# interface s0/0/0
Edge_Router(config-if)# no shutdown
e. Trace the route from PC-A to the Web Server to verify that the primary route is restored.

45

1 3 ms 0 ms 0 ms 192.168.10.1
2 0 ms 1 ms 0 ms 10.10.10.1
3 1 ms 2 ms 0 ms 198.0.0.10
Trace complete.
Part 4: Configuring RIPv2

Topology:
Part 4.1 Config RIPv2

Step 1: Configure RIPv2 on R1.
a. Use the appropriate command to create a default route on R1 for all Internet traffic to exit the network
through S0/0/1.
R1(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1
b. Enter RIP protocol configuration mode.

R1(config)# router rip
c. Use version 2 of the RIP protocol and disable the summarization of networks.
R1(config-router)# version 2
R1(config-router)# no auto-summary
d. Configure RIP for the networks that connect to R1.

R1(config-router)# network 192.168.1.0
e. Configure the LAN port that contains no routers so that it does not send out any routing information.
R1(config-router)# passive-interface gig 0/0
f. Advertise the default route configured in step 1a with other RIP routers.

46
R1(config-router)# default-information originate
g. Save the configuration.
Step 2: Configure RIPv2 on R2.

a. Enter RIP protocol configuration mode.
b. Use version 2 of the RIP protocol and disable the summarization of networks.
c. Configure RIP for the networks directly connected to R2.

d. Configure the interface that contains no routers so that it does not send out routing information.
e. Save the configuration.

Step 3: Configure RIPv2 on R3 Repeat
Step 2 on R3.
Part 4.2 Verify configuraions

Step 1: View routing tables of R1, R2, and R3.
a. Use the appropriate command to show the routing table of R1. RIP (R) now appears
with connected (C) and local (L) routes in the routing table. All networks have an
entry. You also see a default route listed.
b. View the routing tables for R2 and R3. Notice that each router has a full listing of all
the 192.168.x.0 networks and a default route.
Step 2: Verify full connectivity to all destinations.

47
Every device should now be able to ping every other device inside the network. In
addition, all devices should be able to ping the Web Server.
6.2.3 Skills Integration Challenge Topology:
Address Table:

48
Device Interface IPv4 Address Subnet Mask Default Gateway
G0/0 172.31.1.1 255.255.255.128 N/A

R1 S0/0/0 172.31.1.194 255.255.255.252 N/A
G0/0 172.31.0.1 255.255.255.0 N/A
S0/0/0 172.31.1.193 255.255.255.252 N/A
R2 S0/0/1 172.31.1.197 255.255.255.252 N/A
G0/0 172.31.1.129 255.255.255.192 N/A
R3 S0/0/1 172.31.1.198 255.255.255.252 N/A
PC1 NIC 172.31.1.126 255.255.255.128 172.31.1.1
PC2 NIC 172.31.0.254 255.255.255.0 172.31.0.1
Server NIC 172.31.1.190 255.255.255.192 172.31.1.129
Requirements:
• Configure Default Route, RIPv2
• Ping PC1 -> PC2
• Ping PC1 -> Server
• Ping PC2 -> Server
Practice 7: VLAN AND TRUNK

OVERVIEW
7.1.1 Introduction
- Lab 3: Vlan and Trunk

7.1.2 Objective
Part 1: Configuring Port Security

Part 2: Configuring VLAN
Part 3: Configuring Trunk
Part 4: Configuring Router-on-a-Stick Inter-VLAN Routing

VLAN AND TRUNK
49
CONTENTS
7.2.1 Summary
Part 1: Configuring Port Security Topology:
Address Table:
S1 VLAN 1 10.10.10.2 255.255.255.0

PC1 NIC 10.10.10.10 255.255.255.0
PC2 NIC 10.10.10.11 255.255.255.0
Rogue Laptop NIC 10.10.10.12 255.255.255.0
Part 3.1 Configure Port Security

a. Access the command line for S1 and enable port security on Fast Ethernet ports 0/1 and 0/2.
S1(config)# interface range fa0/1 - 2
S1(config-if-range)# switchport port-security
b. Set the maximum so that only one device can access the Fast Ethernet ports 0/1 and 0/2.
S1(config-if-range)# switchport port-security maximum 1
c. Secure the ports so that the MAC address of a device is dynamically learned and added to the
running configuration.
S1(config-if-range)# switchport port-security mac-address sticky
d. Set the violation so that the Fast Ethernet ports 0/1 and 0/2 are not disabled when a violation
occurs, but a notification of the security violation is generated and packets from the unknown
source are dropped.
S1(config-if-range)# switchport port-security violation restrict
e. Disable all the remaining unused ports. Hint: Use the range keyword to apply this configuration to
all the ports simultaneously.
S1(config-if-range)# interface range fa0/3 - 24 , gi1/1 - 2

VLAN AND TRUNK
50
S1(config-if-range)# shutdown Part

3.2 Verify Port Security
a. From PC1, ping PC2.
b. Verify port security is enabled and the MAC addresses of PC1 and PC2 were added to the running
configuration.
c. Attach Rogue Laptop to any unused switch port and notice that the link lights are red.
d. Enable the port and verify that Rogue Laptop can ping PC1 and PC2. After verification, shut down
the port connected to Rogue Laptop.
e. Disconnect PC2 and connect Rogue Laptop to PC2’s port. Verify that Rogue Laptop is unable to
ping PC1.
f. Display the port security violations for the port Rogue Laptop is connected to.
S1# show port-security interface fa0/2
g. Disconnect Rouge Laptop and reconnect PC2. Verify PC2 can ping PC1.
h. Why is PC2 able to ping PC1, but the Rouge Laptop is not? Part 2: Configuring VLAN
Topology:
Address Table:
Device Interface IP Address Subnet Mask VLAN
PC1 NIC 172.17.10.21 255.255.255.0 10

PC2 NIC 172.17.20.22 255.255.255.0 20
PC3 NIC 172.17.30.23 255.255.255.0 30
PC4 NIC 172.17.10.24 255.255.255.0 10
PC5 NIC 172.17.20.25 255.255.255.0 20
PC6 NIC 172.17.30.26 255.255.255.0 30
Part 2.1 Verify the Default VLAN Configuration
Step 1: Display the current VLANs.

VLAN AND TRUNK
51
On S1, issue the command that displays all VLANs configured. By default, all interfaces are assigned
to VLAN 1.
Step 2: Verify connectivity between PCs on the same network.

Notice that each PC can ping the other PC that shares the same network.
• PC1 can ping PC4
Pings to PCs in other networks fail.
What benefit will configuring VLANs provide to the current configuration?
Part 2.2 Configure VLANs
Step 1: Create and name VLANs on S1.

Create the following VLANs. Names are case-sensitive:
• VLAN 10: Faculty/Staff
• VLAN 20: Students
• VLAN 30: Guest(Default)
• VLAN 99: Management&Native  VLAN 150: VOICE
S1#(config)# vlan 10
S1#(config-vlan)# name Faculty/Staff
S1#(config-vlan)# vlan 20
S1#(config-vlan)# name Students
S1#(config-vlan)# name Guest(Default)
S1#(config-vlan)# name Management&Native
S1#(config-vlan)# name VOICE Step
2: Verify the VLAN configuration.
Which command will only display the VLAN name, status, and associated ports on a switch?
Step 3: Create the VLANs on S2 and S3.

Using the same commands from Step 1, create and name the same VLANs on S2 and S3.
Step 4: Verify the VLAN configuration. Part
2.3 Assign VLANs to Ports
Step 1: Assign VLANs to the active ports on S2.

Configure the interfaces as access ports and assign the VLANs as follows:
• VLAN 10: FastEthernet 0/11
S2(config)# interface f0/11

VLAN AND TRUNK
52
S2(config-if)# switchport mode access

S2(config-if)# switchport access vlan 10
S2(config-if)# interface f0/18
S2(config-if)# switchport access vlan 30 Step
2: Assign VLANs to the active ports on S3.
S3 uses the same VLAN access port assignments as S2. Configure the interfaces as access ports and
assign the VLANs as follows:
Step 3: Assign the VOICE VLAN to FastEthernet 0/11 on S3.

As shown in the topology, the S3 FastEthernet 0/11 interface connects to a Cisco IP Phone and PC4.
The IP phone contains an integrated three-port 10/100 switch. One port on the phone is labeled Switch
and connects to F0/4. Another port on the phone is labeled PC and connects to PC4. The IP phone
also has an internal port that connects to the IP phone functions.
The S3 F0/11 interface must be configured to support user traffic to PC4 using VLAN 10 and voice
traffic to the IP phone using VLAN 150. The interface must also enable QoS and trust the Class of
Service (CoS) values assigned by the IP phone.
S3(config-if)# mls qos trust cos
S3(config-if)# switchport voice vlan 150
S3(config-if)# end
Step 4: Verify loss of connectivity.

Previously, PCs that shared the same network could ping each other successfully.
Try pinging between PC1 and PC4. Although the access ports are assigned to the appropriate VLANs,
were the pings successful? Why? What could be done to resolve this issue?
Part 3: Configuring Trunk Topology:

VLAN AND TRUNK
53
Address Table:
Device Interface IP Address Subnet Mask Switch Port VLAN
PC1 NIC 172.17.10.21 255.255.255.0 S2 F0/11 10

PC2 NIC 172.17.20.22 255.255.255.0 S2 F0/18 20
PC3 NIC 172.17.30.23 255.255.255.0 S2 F0/6 30
PC4 NIC 172.17.10.24 255.255.255.0 S3 F0/11 10
PC5 NIC 172.17.20.25 255.255.255.0 S3 F0/18 20
PC6 NIC 172.17.30.26 255.255.255.0 S3 F0/6 30
Part 3.1 Verify VLANs
Step 1: Display the current VLANs.

a. On S1, issue the command that will display all VLANs configured. There should be ten VLANs in
total. Notice how all 24 access ports on the switch are assigned to VLAN 1.
b. On S2 and S3, display and verify all the VLANs are configured and assigned to the correct switch
ports according to the Addressing Table.
Step 2: Verify loss of connectivity between PCs on the same network.

Although PC1 and PC4 are on the same network, they cannot ping one another. This is because the
ports connecting the switches are assigned to VLAN 1 by default. In order to provide connectivity
between the PCs on the same network and VLAN, trunks must be configured. Part 3.2 Configure
Trunks
Step 1: Configure trunking on S1 and use VLAN 99 as the native VLAN.

a. Configure G0/1 and G0/2 interfaces on S1 for trunking.
S1(config)# interface range g0/1 - 2

S1(config-if)# switchport mode trunk
b. Configure VLAN 99 as the native VLAN for G0/1 and G0/2 interfaces on S1.

VLAN AND TRUNK
54
S1(config-if)# switchport trunk native vlan 99
The trunk port takes about a minute to become active due to Spanning Tree. Click Fast Forward
Time to speed the process. After the ports become active, you will periodically receive the
following syslog messages:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
GigabitEthernet0/2 (99), with S3 GigabitEthernet0/2 (1).
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
GigabitEthernet0/1 (99), with S2 GigabitEthernet0/1 (1).
You configured VLAN 99 as the native VLAN on S1. However, S2 and S3 are using VLAN 1 as the
default native VLAN as indicated by the syslog message.
Although you have a native VLAN mismatch, pings between PCs on the same VLAN are now
successful. Why?
Step 2: Verify trunking is enabled on S2 and S3.
On S2 and S3, issue the show interface trunk command to confirm that DTP has successfully
negotiated trunking with S1 on S2 and S3. The output also displays information about the trunk
interfaces on S2 and S3.
Which active VLANs are allowed to cross the trunk?
Step 3: Correct the native VLAN mismatch on S2 and S3.

a. Configure VLAN 99 as the native VLAN for the appropriate interfaces on S2 and S3.
b. Issue show interface trunk command to verify the correct native VLAN configuration.
Step 4: Verify configurations on S2 and S3.

c. Issue the show interface interface switchport command to verify that the native VLAN is now 99.
d. Use the show vlan command to display information regarding configured VLANs. Why is port G0/1
on S2 no longer assigned to VLAN 1?
Part 4: Configuring Router-on-a-Stick Inter-VLAN Routing Topology:
Address Table:
G0/0.10 172.17.10.1 255.255.255.0 N/A

R1
G0/0.30 172.17.30.1 255.255.255.0 N/A
PC1 NIC 172.17.10.10 255.255.255.0 172.17.10.1
PC2 NIC 172.17.30.10 255.255.255.0 172.17.30.1

VLAN AND TRUNK
55
Part 4.1 Test Connectivity Without Inter-VLAN Routing
Step 1: Ping between PC1 and PC3.

Wait for switch convergence or click Fast Forward Time a few times. When the link lights are green for
PC1 and PC3, ping between PC1 and PC3. Because the two PCs are on separate networks and R1 is
not configured, the ping fails.
Step 2: Switch to Simulation mode to monitor pings.
a. Switch to Simulation mode by clicking the Simulation tab or pressing Shift+S.
b. Click Capture/Forward to see the steps the ping takes between PC1 and PC3. Notice how the
ping never leaves PC1. What process failed and why? Part 4.2 Add Vlans to a Switch
Step 1: Create VLANs on S1.

Return to Realtime mode and create VLAN 10 and VLAN 30 on S1.
S1(config)# vlan 10
S1(config-vlan)# vlan 30
Step 2: Assign VLANs to ports.

a. Configure interface F0/6 and F0/11 as access ports and assign VLANs.
• Assign PC1 to VLAN 10.
• Assign PC3 to VLAN 30.
S1(config-vlan)# int fa0/11
S1(config-if)# int fa0/6
b. Issue the show vlan brief command to verify VLAN configuration.

S1# show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
10 VLAN0010 active Fa0/11
30 VLAN0030 active Fa0/6
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active

VLAN AND TRUNK
56
1005 trnet-default active Step 3: Test
connectivity between PC1 and PC3.
From PC1, ping PC3. The pings should still fail. Why were the pings unsuccessful?
Part 4.3 Configure Subnet Interface
Step 1: Configure subinterfaces on R1 using the 802.1Q encapsulation.

a. Create the subinterface G0/0.10.
• Set the encapsulation type to 802.1Q and assign VLAN 10 to the subinterface.
• Refer to the Address Table and assign the correct IP address to the subinterface.
b. Repeat for the G0/0.30 subinterface.
R1(config)# int g0/0.10
R1(config-subif)# encapsulation dot1Q 10
R1(config-subif)# ip address 172.17.10.1 255.255.255.0
R1(config-subif)# int g0/0.30
R1(config-subif)# encapsulation dot1Q 30
R1(config-subif)# ip address 172.17.30.1 255.255.255.0
Step 2: Verify Configuration.

a. Use the show ip interface brief command to verify subinterface configuration. Both subinterfaces
are down. Subinterfaces are virtual interfaces that are associated with a physical interface.
Therefore, in order to enable subinterfaces, you must enable the physical interface that they are
associated with.
b. Enable the G0/0 interface. Verify that the subinterfaces are now active.
Patr 4.4 Test Connectivity With Inter-VLAN Routing
Step 1: Ping between PC1 and PC3.

From PC1, ping PC3. The pings should still fail.
Step 2: Enable trunking.

i. On S1, issue the show vlan command. What VLAN is G0/1 assigned to?
j. Because the router was configured with multiple subinterfaces assigned to different VLANs, the
switch port connecting to the router must be configured as a trunk. Enable trunking on interface
G0/1.
S1(config-if)# int g0/1
S1(config-if)# switchport mode trunk
k. How can you determine that the interface is a trunk port using the show vlan command?
l. Issue the show interface trunk command to verify the interface is configured as a trunk.
Step 3: Switch to Simulation mode to monitor pings.

m. Switch to Simulation mode by clicking the Simulation tab or pressing Shift+S.
n. Click Capture/Forward to see the steps the ping takes between PC1 and PC3.

VLAN AND TRUNK
57
o. You should see ARP requests and replies between S1 and R1. Then ARP requests and replies
between R1 and S3. Then PC1 can encapsulate an ICMP echo request with the proper data-link
layer information and R1 will route the request to PC3.
Note: After the ARP process finishes, you may need to click Reset Simulation to see the ICMP
process complete.
7.2.3 Skills Integration Challenge
Challeng 1: Switch Port Security

Topology:
Address Table:
S1 VLAN 1 10.10.10.2 255.255.255.0

PC1 NIC 10.10.10.10 255.255.255.0
PC2 NIC 10.10.10.11 255.255.255.0
Requirements:
• Configure S1 with the following initial settings:

- Hostname
- Banner that includes the word warning
- Console port login and password cisco
- Encrypted enable password of class
- Encrypt plain text passwords
- Management interface addressing
• Configure SSH to secure remote access with the following settings:
- Domain name of cisco.com
- RSA key-pair parameters to support SSH version 2
- Set SSH version 2
- User admin with secret password ccna

VLAN AND TRUNK
58
- VTY lines only accept SSH connections and use local login for authentication 
Configure the port security feature to restrict network access:
- Disable all unused ports.
- Set the interface mode to access.
- Enable port security to allow only two hosts per port.
- Record the MAC address in the running configuration.
- Ensure that port violations disable ports
Challeng 1: Inter-Vlan Routing Challenge Topology:
Address Table:
G0/0 172.17.25.2 255.255.255.252 N/A

G0/1.10 172.17.10.1 255.255.255.0 N/A
G0/1.20 172.17.20.1 255.255.255.0 N/A
R1
G0/1.30 172.17.30.1 255.255.255.0 N/A
G0/1.88 172.17.88.1 255.255.255.0 N/A
G0/1.99 172.17.99.1 255.255.255.0 N/A
S1 VLAN 99 172.17.99.10 255.255.255.0 172.17.99.1
PC1 NIC 172.17.10.21 255.255.255.0 172.17.10.1
PC2 NIC 172.17.20.22 255.255.255.0 172.17.20.1
PC3 NIC 172.17.30.23 255.255.255.0 172.17.30.1
VLAN and Port Assignment Table:
VLAN Name Interface
10 Faculty/Staff Fa0/11-17
20 Students Fa0/18-24
30 Guest(Default) Fa0/6-10

VLAN AND TRUNK
59
88 Native G0/1
99 Management VLAN 99
Requeirements:
• Assign IP addressing to R1 and S1 based on the Addressing Table.
• Create, name and assign VLANs on S1 based on the VLAN and Port Assignments Table. Ports
should be in access mode.
• Configure S1 to trunk, allow only the VLANs in the VLAN and Port Assignments Table.
• Configure the default gateway on S1.
• All ports not assigned to a VLAN should be disabled.
• Configure inter-VLAN routing on R1 based on the Addressing Table.
• Verify connectivity. R1, S1, and all PCs should be able to ping each other and the cisco.pka
server.
Challeng 3:
Topology:
Address Table:
Device Interface IP Address Subnet Mask Default Gateway VLAN
S0/0/0 172.31.1.2 255.255.255.0 N/A N/A

G0/0.10 172.31.10.1 255.255.255.0 N/A 10
G0/0.20 172.31.20.1 255.255.255.0 N/A 20
R1
G0/0.30 172.31.30.1 255.255.255.0 N/A 30
G0/0.88 172.31.88.1 255.255.255.0 N/A 88
G0/0.99 172.31.99.1 255.255.255.0 N/A 99
S1 VLAN 88 172.31.88.33 255.255.255.0 172.31.88.1 88
PC-A NIC 172.31.10.21 255.255.255.0 172.31.10.1 10

VLAN AND TRUNK
60
PC-B NIC 172.31.20.22 255.255.255.0 172.31.20.1 20

PC-C NIC 172.31.30.23 255.255.255.0 172.31.30.1 30
PC-D NIC 172.31.88.24 255.255.255.0 172.31.88.1 88
VLAN Table:
VLAN Name Interfaces
10 Sales F0/11-15
20 Production F0/16-20
30 Marketing F0/5-10
88 Management F0/21-24
99 Native G0/1
Requirements
• Configure inter-VLAN routing on R1 based on the Addressing Table.
• Configure trunking on S1.
• Configure four directly attached static route on HQ to each VLANs 10, 20, 30 and 88.
• Configure directly attached static routes on HQ to reach Outside Host.
- Configure the primary path through the Serial 0/1/0 interface.
- Configure the backup route through the Serial 0/1/1 interface with a 10 AD.
• Configure a directly attached default route on R1.
• Verify connectivity by making sure all the PCs can ping Outside Host.

NAT AND DHCPv4 USING CISCO IOS
61
Practice 8: NAT AND DHCPv4 USING

CISCO IOS
OVERVIEW
8.1.1 Introduction
- Lab 3: Communications and Network Protocols

8.1.2 Objective
Part 1: Configure and Verify Static NAT

Part 2: Configure and Verify Dynamic NAT
Part 3: Configure DHCP Using Cisco IOS
Part 4: Configure Secure Passwords and SSH Part
5: Skills Integration Challenge
CONTENTS
8.2.1 Summary
Part 1: Configure and Verify Static NAT Topology:
Address Table:

62
Gateway G0/1 192.168.1.1 255.255.255.0 N/A

S0/0/1 209.165.201.18 255.255.255.252 N/A
ISP S0/0/0 (DCE) 209.165.201.17 255.255.255.252 N/A

Lo0 192.31.7.1 255.255.255.255 N/A
PC-A (Simulated
Server) NIC 192.168.1.20 255.255.255.0 192.168.1.1
PC-B NIC 192.168.1.21 255.255.255.0 192.168.1.1
Step 1: Configure a static mapping.
A static map is configured to tell the router to translate between the private inside server address
192.168.1.20 and the public address 209.165.200.225. This allows a user from the Internet to access
PC-A. PC-A is simulating a server or device with a constant address that can be accessed from the
Internet.
Gateway(config)# ip nat inside source static 192.168.1.20 209.165.200.225
Step 2: Specify the interfaces.
Issue the ip nat inside and ip nat outside commands to the interfaces.
Gateway(config)# interface g0/1
Gateway(config-if)# ip nat inside
Gateway(config-if)# interface s0/0/1
Gateway(config-if)# ip nat outside Step 3:
Test the configuration.

a. Display the static NAT table by issuing the show ip nat translations command.
Gateway# show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 209.165.200.225 192.168.1.20 --- ---
What is the translation of the Inside local host address?

192.168.1.20 = _________________________________________________________ The
Inside global address is assigned by?
______________________________________________________________________________
______
The Inside local address is assigned by?
______________________________________________________________________________
______
b. From PC-A, ping the Lo0 interface (192.31.7.1) on ISP. If the ping was unsuccessful, troubleshoot
and correct the issues. On the Gateway router, display the NAT table.
icmp 209.165.200.225:1 192.168.1.20:1 192.31.7.1:1 192.31.7.1:1 ---
209.165.200.225 192.168.1.20 --- ---
A NAT entry was added to the table with ICMP listed as the protocol when PC-A sent an ICMP
request (ping) to 192.31.7.1 on ISP.

63
What port number was used in this ICMP exchange? ________________

Note: It may be necessary to disable the PC-A firewall for the ping to be successful.
c. From PC-A, telnet to the ISP Lo0 interface and display the NAT table.
icmp 209.165.200.225:1 192.168.1.20:1 192.31.7.1:1 192.31.7.1:1
tcp 209.165.200.225:1034 192.168.1.20:1034 192.31.7.1:23 192.31.7.1:23
--- 209.165.200.225 192.168.1.20 --- ---
Note: The NAT for the ICMP request may have timed out and been removed from the NAT table.
What was the protocol used in this translation? ____________ What
are the port numbers used?
Inside global / local: ________________
Outside global / local: ________________
d. Because static NAT was configured for PC-A, verify that pinging from ISP to PC-A at the static
NAT public address (209.165.200.225) is successful.
e. On the Gateway router, display the NAT table to verify the translation.
icmp 209.165.200.225:12 192.168.1.20:12 209.165.201.17:12 209.165.201.17:12
--- 209.165.200.225 192.168.1.20 --- ---
Notice that the Outside local and Outside global addresses are the same. This address is the ISP
remote network source address. For the ping from the ISP to succeed, the Inside global static NAT
address 209.165.200.225 was translated to the Inside local address of PC-A (192.168.1.20).
f. Verify NAT statistics by using the show ip nat statistics command on the Gateway router.
Gateway# show ip nat statistics
Total active translations: 2 (1 static, 1 dynamic; 1 extended)
Peak translations: 2, occurred 00:02:12 ago Outside
interfaces:
Serial0/0/1
Inside interfaces:
GigabitEthernet0/1
Hits: 39 Misses: 0
CEF Translated packets: 39, CEF Punted packets: 0
Expired translations: 3 Dynamic
mappings:
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Note: This is only a sample output. Your output may not match exactly.
Part 2: Configure and Verify Dynamic NAT
Step 1: Clear NATs.

Before proceeding to add dynamic NATs, clear the NATs and statistics from Part 2.
Gateway# clear ip nat translation *
Gateway# clear ip nat statistics

64
Step 2: Define an access control list (ACL) that matches the LAN private IP address range.
ACL 1 is used to allow 192.168.1.0/24 network to be translated.
Gateway(config)# access-list 1 permit 192.168.1.0 0.0.0.255 Step
3: Verify that the NAT interface configurations are still valid.
Issue the show ip nat statistics command on the Gateway router to verify the NAT configurations.
Step 4: Define the pool of usable public IP addresses.

Gateway(config)# ip nat pool public_access 209.165.200.242
209.165.200.254 netmask 255.255.255.224
Step 5: Define the NAT from the inside source list to the outside pool.
Note: Remember that NAT pool names are case-sensitive and the pool name entered here must
match that used in the previous step.
Gateway(config)# ip nat inside source list 1 pool public_access Step
6: Test the configuration.
p. From PC-B, ping the Lo0 interface (192.31.7.1) on ISP. If the ping was unsuccessful, troubleshoot
and correct the issues. On the Gateway router, display the NAT table.
--- 209.165.200.225 192.168.1.20 --- --- icmp
209.165.200.242:1 192.168.1.21:1 192.31.7.1:1 192.31.7.1:1
--- 209.165.200.242 192.168.1.21 --- ---
What is the translation of the Inside local host address for PC-B?
192.168.1.21 = _________________________________________________________
A dynamic NAT entry was added to the table with ICMP as the protocol when PC-B sent an ICMP
message to 192.31.7.1 on ISP.
What port number was used in this ICMP exchange? ______________
q. From PC-B, open a browser and enter the IP address of the ISP-simulated web server (Lo0
interface). When prompted, log in as webuser with a password of webpass.
r. Display the NAT table.
--- 209.165.200.225 192.168.1.20 --- --- tcp
209.165.200.242:1038 192.168.1.21:1038 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1039 192.168.1.21:1039 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1040 192.168.1.21:1040 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1041 192.168.1.21:1041 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1042 192.168.1.21:1042 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1043 192.168.1.21:1043 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1044 192.168.1.21:1044 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1045 192.168.1.21:1045 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1046 192.168.1.21:1046 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1047 192.168.1.21:1047 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1048 192.168.1.21:1048 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1049 192.168.1.21:1049 192.31.7.1:80 192.31.7.1:80 tcp
209.165.200.242:1050 192.168.1.21:1050 192.31.7.1:80 192.31.7.1:80 tcp

65
209.165.200.242:1051 192.168.1.21:1051 192.31.7.1:80 192.31.7.1:80 tcp

209.165.200.242:1052 192.168.1.21:1052 192.31.7.1:80 192.31.7.1:80
--- 209.165.200.242 192.168.1.22 --- ---
What protocol was used in this translation? ____________ What port

numbers were used?
Inside: ________________
Outside: ________________
What well-known port number and service was used? ________________
s. Verify NAT statistics by using the show ip nat statistics command on the Gateway router.
Peak translations: 17, occurred 00:06:40 ago Outside
interfaces:
Serial0/0/1
Inside interfaces:
GigabitEthernet0/1
Hits: 345 Misses: 0
mappings:
-- Inside Source
[Id: 1] access-list 1 pool public_access refcount 2 pool
public_access: netmask 255.255.255.224 start 209.165.200.242
end 209.165.200.254 type generic, total addresses 13,
allocated 1 (7%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Note: This is only a sample output. Your output may not match exactly.
Step 7: Remove the static NAT entry.

In Step 7, the static NAT entry is removed and you can observe the NAT entry.
t. Remove the static NAT from Part 2. Enter yes when prompted to delete child entries.
Gateway(config)# no ip nat inside source static 192.168.1.20
209.165.200.225
Static entry in use, do you want to delete child entries? [no]: yes u.
Clear the NATs and statistics.
v. Ping the ISP (192.31.7.1) from both hosts.
w. Display the NAT table and statistics.
Peak translations: 15, occurred 00:00:43 ago
Outside interfaces:

66
Serial0/0/1
Inside interfaces:
GigabitEthernet0/1
Hits: 16 Misses: 0
mappings:
-- Inside Source
[Id: 1] access-list 1 pool public_access refcount 4 pool
public_access: netmask 255.255.255.224 start 209.165.200.242
end 209.165.200.254 type generic, total addresses 13,
allocated 2 (15%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Gateway# show ip nat translation

Pro Inside global Inside local Outside local Outside global icmp
209.165.200.243:512 192.168.1.20:512 192.31.7.1:512 192.31.7.1:512
--- 209.165.200.243 192.168.1.20 --- --- icmp
209.165.200.242:512 192.168.1.21:512 192.31.7.1:512 192.31.7.1:512
--- 209.165.200.242 192.168.1.21 --- --- Note:
This is only a sample output. Your output may not match exactly.
Part 3: Configure DHCP Using Cisco IOS Topology:
Address Table:

67
G0/0 192.168.10.1 255.255.255.0 N/A

R1 S0/0/0 10.1.1.1 255.255.255.252 N/A
G0/0 192.168.20.1 255.255.255.0 N/A
G0/1 DHCP Assigned DHCP Assigned N/A
S0/0/0 10.1.1.2 255.255.255.252 N/A
R2 S0/0/1 10.2.2.2 255.255.255.252 N/A
G0/0 192.168.30.1 255.255.255.0 N/A
R3 S0/0/1 10.2.2.1 255.255.255.0 N/A
PC1 NIC DHCP Assigned DHCP Assigned DHCP Assigned
DNS Server NIC 192.168.20.254 255.255.255.0 192.168.20.1
Part 3.1 Configure a Router as a DHCP Server
Step 1: Configure the excluded IPv4 addresses.

Configure R2 to exclude the first 10 addresses from the R1 and R3 LANs. All other addresses should
be available in the DHCP address pool.
R2(config)# ip dhcp excluded-address 192.168.10.1 192.168.10.10
R2(config)# ip dhcp excluded-address 192.168.30.1 192.168.30.10 Step
2: Create a DHCP pool on R2 for the R1 LAN.
x. Create a DHCP pool named R1-LAN (case-sensitive).

R2(config)# ip dhcp pool R1-LAN
y. Configure the DHCP pool to include the network address, the default gateway, and the IP
address of the DNS server.
R2(dhcp-config)# network 192.168.10.0 255.255.255.0
R2(dhcp-config)# default-router 192.168.10.1
R2(dhcp-config)# dns-server 192.168.20.254 Step 3:
Create a DHCP pool on R2 for the R3 LAN.

z. Create a DHCP pool named R3-LAN (case-sensitive).
R2(config)# ip dh pool R3-LAN
aa. Configure the DHCP pool to include the network address, the default gateway, and the IP
address of the DNS server.
R2(dhcp-config)# network 192.168.30.0 255.255.255.0
R2(dhcp-config)# default-router 192.168.30.1
R2(dhcp-config)# dns-server 192.168.20.254

68
Part 3.2 Configure DHCP Relay

Step 1: Configure R1 and R3 as a DHCP relay agent.
!R1
R1(config)# interface g0/0
R1(config-if)# ip helper-address 10.1.1.2
!R3
R3(config-if)# ip helper-address 10.2.2.2
Step 2: Set PC1 and PC2 to receive IP addressing information from DHCP.
Part 3.3 Configure R2 as a DHCP Client
bb. Configure the Gigabit Ethernet 0/1 interface on R2 to receive IP addressing from DHCP and
activate the interface.
R2(config-if)# ip address dhcp
R2(config-if)# no shutdown
Note: Use Packet Tracer’s Fast Forward Time feature to speed up the process or wait until R2
forms an EIGRP adjacency with the ISP router.
cc. Use the show ip interface brief command to verify that R2 received an IP address from DHCP.
Part 3.4 Verify DHCP and Connectivity
Step 1: Verify DHCP bindings.

R2# show ip dhcp binding
IP address Client-ID/ Lease expiration Type
Hardware address
192.168.10.11 0002.4AA5.1470 -- Automatic
8.2.2.11 0004.9A97.2535 -- Automatic Step
2: Verify configurations.
Verify that PC1 and PC2 can now ping each other and all other devices.

69
Address Table:
G0/0.10 172.31.10.1 255.255.255.224 N/A

G0/0.20 172.31.20.1 255.255.255.240 N/A
R1 G0/0.30 172.31.30.1 255.255.255.128 N/A

G0/0.40 172.31.40.1 255.255.255.192 N/A
G0/1 DHCP Assigned DHCP Assigned N/A
VLAn Ports Assignments and AHCP Information

70
Ports VLAN Number - Name DHCP Pool Name Network
Fa0/5 – 0/9 VLAN 10 - Sales VLAN_10 172.31.10.0/27

Fa0/10 – Fa0/14 VLAN 20 - Production VLAN_20 172.31.20.0/28
Fa0/15 – Fa0/19 VLAN 30 - Marketing VLAN_30 172.31.30.0/25
Fa0/20 - Fa0/24 VLAN 40 - HR VLAN_40 172.31.40.0/26
Requirements
Using the information in the tables above, implement the following requirements:
• Create VLANs on S2 and assign VLANs to appropriate ports. Names are case-sensitive 
Configure S2 ports for trunking.
• Configure all non-trunk ports on S2 as access ports.
• Configure R1 to route between VLANs. Subinterface names should match the VLAN number.
• Configure R1 to act as a DHCP server for the VLANs attached to S2.
- Create a DHCP pool for each VLAN. Names are case-sensitive.
- Assign the appropriate addresses to each pool.
- Configure DHCP to provide the default gateway address
- Configure the DNS server 209.165.201.14 for each pool.
- Prevent the first 10 addresses from each pool from being distributed to end devices.
• Verify that each PC has an address assigned from the correct DHCP pool.
Note: DHCP address assignments may take some time. Click Fast Forward Time to speed up the
process.
• Configure R1 as a DHCP client so that it receives an IP address from the ISP network.
• Verify all devices can now ping each other and www.cisco.pka.
Practice 9: CONFIGURE STANDARD

ACLs
OVERVIEW
9.1.1 Introduction
- Lab 3: Configure Standard ACLs


CONFIGURE STANDARD ACLs
71
9.1.2 Objective
- Part 1: Configuring Numbered Standard IPv4 ACLs

- Part 2: Configuring Named Standard IPv4 ACLs
CONTENTS
9.2.1 Summary
Part 1: Configuring Numbered Standard IPv4 ACLs Topology:
Address Table:
G0/0 192.168.10.1 255.255.255.0 N/A

G0/1 192.168.11.1 255.255.255.0 N/A
R1
S0/0/0 10.1.1.1 255.255.255.252 N/A
S0/0/1 10.3.3.1 255.255.255.252 N/A
G0/0 192.168.20.1 255.255.255.0 N/A
R2 S0/0/0 10.1.1.2 255.255.255.252 N/A

S0/0/1 10.2.2.1 255.255.255.252 N/A
G0/0 192.168.30.1 255.255.255.0 N/A
R3 S0/0/0 10.3.3.2 255.255.255.252 N/A

S0/0/1 10.2.2.2 255.255.255.252 N/A
PC1 NIC 192.168.10.10 255.255.255.0 192.168.10.1
PC2 NIC 192.168.11.10 255.255.255.0 192.168.11.1

72
PC3 NIC 192.168.30.10 255.255.255.0 192.168.30.1

WebServer NIC 192.168.20.254 255.255.255.0 192.168.20.1
Part 1.1 Plan an ACL Implementation
Step 1: Investigate the current network configuration.

Before applying any ACLs to a network, it is important to confirm that you have full connectivity. Verify
that the network has full connectivity by choosing a PC and pinging other devices on the network. You
should be able to successfully ping every device.
Step 2: Evaluate two network policies and plan ACL implementations.

a. The following network policies are implemented on R2:
• The 192.168.11.0/24 network is not allowed access to the WebServer on the
192.168.20.0/24 network.
• All other access is permitted.
To restrict access from the 192.168.11.0/24 network to the WebServer at 192.168.20.254 without
interfering with other traffic, an ACL must be created on R2. The access list must be placed on the
outbound interface to the WebServer. A second rule must be created on R2 to permit all other
traffic.
b. The following network policies are implemented on R3:
• The 192.168.10.0/24 network is not allowed to communicate with the 192.168.30.0/24
network.
• All other access is permitted.
To restrict access from the 192.168.10.0/24 network to the 192.168.30/24 network without
interfering with other traffic, an access list will need to be created on R3. The ACL must be placed
on the outbound interface to PC3. A second rule must be created on R3 to permit all other traffic.
Part 1.2 Cofigure, Apply, and Verify a Standard ACL
Step 1: Configure and apply a numbered standard ACL on R2.

a. Create an ACL using the number 1 on R2 with a statement that denies access to the
192.168.20.0/24 network from the 192.168.11.0/24 network.
R2(config)# access-list 1 deny 192.168.11.0 0.0.0.255
b. By default, an access list denies all traffic that does not match any rules. To permit all other traffic,
configure the following statement:
R2(config)# access-list 1 permit any
c. For the ACL to actually filter traffic, it must be applied to some router operation. Apply the ACL by
placing it for outbound traffic on the Gigabit Ethernet 0/0 interface.
R2(config)# interface GigabitEthernet0/0 R2(config-if)#
ip access-group 1 out
Step 2: Configure and apply a numbered standard ACL on R3.

a. Create an ACL using the number 1 on R3 with a statement that denies access to the
192.168.30.0/24 network from the PC1 (192.168.10.0/24) network.
R3(config)# access-list 1 deny 192.168.10.0 0.0.0.255

73
b. By default, an ACL denies all traffic that does not match any rules. To permit all other traffic, create
a second rule for ACL 1.
R3(config)# access-list 1 permit any
c. Apply the ACL by placing it for outbound traffic on the Gigabit Ethernet 0/0 interface.
R3(config)# interface GigabitEthernet0/0 R3(config-if)#
ip access-group 1 out
Step 3: Verify ACL configuration and functionality.

a. On R2 and R3, enter the show access-list command to verify the ACL configurations. Enter the
show run or show ip interface gigabitethernet 0/0 command to verify the ACL placements.
b. With the two ACLs in place, network traffic is restricted according to the policies detailed in Part 1.
Use the following tests to verify the ACL implementations:
• A ping from 192.168.10.10 to 192.168.11.10 succeeds.
• A ping from 192.168.11.10 to 192.168.20.254 fails.
• A ping from 192.168.10.10 to 192.168.30.10 fails.
Part 2: Configuring Named Standard IPv4 ACLs Topology:
Address Table:
F0/0 192.168.10.1 255.255.255.0 N/A

F0/1 192.168.20.1 255.255.255.0 N/A
R1
E0/0/0 192.168.100.1 255.255.255.0 N/A
E0/1/0 192.168.200.1 255.255.255.0 N/A
File Server NIC 192.168.200.100 255.255.255.0 192.168.200.1
Web Server NIC 192.168.100.100 255.255.255.0 192.168.100.1
PC0 NIC 192.168.20.3 255.255.255.0 192.168.20.1

74
PC1 NIC 192.168.20.4 255.255.255.0 192.168.20.1

PC2 NIC 192.168.10.3 255.255.255.0 192.168.10.1
Part 2.1 Configure and Apply a Named Standard ACL
Step 1: Verify connectivity before the ACL is configured and applied.

All three workstations should be able to ping both the Web Server and File Server.
Step 2: Configure a named standard ACL.

Configure the following named ACL on R1.
R1(config)# ip access-list standard File_Server_Restrictions
R1(config-std-nacl)# permit host 192.168.20.4
R1(config-std-nacl)# deny any
Note: For scoring purposes, the ACL name is case-sensitive.
Step 3: Apply the named ACL.

a. Apply the ACL outbound on the interface Fast Ethernet 0/1.
R1(config-if)# ip access-group File_Server_Restrictions out
b. Save the configuration.
Part 2.2 Verify the Named Implementation
Step 1: Verify the ACL configuration and application to the interface.

Use the show access-lists command to verify the ACL configuration. Use the show run or show ip
interface fastethernet 0/1 command to verify that the ACL is applied correctly to the interface.
Step 2: Verify that the ACL is working properly.

All three workstations should be able to ping the Web Server, but only PC1 should be able to ping the
File Server.

75
Address Table:
G0/0 10.0.0.1 255.0.0.0 N/A
R1 G0/1 172.16.0.1 255.255.0.0 N/A

G0/2 192.168.0.1 255.255.255.0 N/A
Server1 NIC 172.16.255.254 255.255.0.0 172.16.0.1
Server2 NIC 192.168.0.254 255.255.255.0 192.168.0.1
Server3 NIC 10.255.255.254 255.0.0.0 10.0.0.1
L1 NIC 172.16.0.2 255.255.0.0 172.16.0.1
L2 NIC 192.168.0.2 255.255.255.0 192.168.0.1
L3 NIC 10.0.0.2 255.0.0.0 10.0.0.1
Requirements:
This network is meant to have the following three policies implemented:
1. Do not allow hosts from the LAN1 (10.0.0.0/8) network access to the LAN2 (172.16.0.0/16)
network. Permit all other access.
2. Do not allow host L2 in LAN2 (172.16.0.0/16) network access to the LAN3 (192.168.0.0/24).
Permit all other access.
3. Only permit host L3 in LAN3 (192.168.0.0/24) network access to the LAN1 (10.0.0.0/8).
No other restrictions should be in place. Unfortunately, the rules that have been implemented are not
working correctly. Your task is to find and fix the errors related to the access lists on R1.
Note: To attain full marks in this lab, it is best to remove and re-enter ACLs. It is also best to remove
and re-enter any invalid ip access-group command.

76
REVIEW AND TEST
Practice 10: REVIEW AND TEST

REVIEW
Review Practice 1 -> 9

BUILD SMALL NETWORK
Topology:
Address Table:
REVIEW AND TEST
G0/0 172.16.127.254 255.255.192.0 N/A

G0/1 172.16.63.254 255.255.192.0 N/A
HQ
S0/0/0 192.168.0.1 255.255.255.252 N/A
S0/0/1 64.104.34.2 255.255.255.252 64.104.34.1
G0/0 N/A
Branch
G0/1 N/A

77
S0/0/0 192.168.0.2 255.255.255.252 N/A

HQ1 NIC 172.16.64.1 255.255.192.0 172.16.127.254
HQ2 NIC 172.16.0.2 255.255.192.0 172.16.63.254
HQServer.pka NIC 172.16.0.1 255.255.192.0 172.16.63.254
B1 NIC
B2 NIC 172.16.128.2 255.255.240.0 172.16.143.254
BranchServer.pka NIC 172.16.128.1 255.255.240.0 172.16.143.254
Requirements:
dd. Divide 172.16.128.0/19 into two equal subnets for use on Branch.
1) Assign the last usable address of the second subnet to the Gigabit Ethernet 0/0 interface.
2) Assign the last usable address of the first subnet to the Gigabit Ethernet 0/1 interface.
3) Document the addressing in the Addressing Table.
4) Configure Branch with appropriate addressing ee. Configure B1 with appropriate
addressing using the first available address of the network to which it is attached. Document the
addressing in the Addressing Table.
ff. Configure HQ and Branch with RIPv2 routing according to the following criteria:
• Advertise all three attached networks. Do not advertise the link to the Internet.
• Configure appropriate interfaces as passive.
gg. Set a default route on HQ which directs traffic to S0/0/1 interface. Redistribute the route to Branch.
hh. Design a named access list HQServer to prevent any computers attached to the Gigabit Ethernet
0/0 interface of the Branch router from accessing HQServer.pka. All other traffic is permitted.
Configure the access list on the appropriate router, apply it to the appropriate interface and in the
appropriate direction.
ii. Design a named access list BranchServer to prevent any computers attached to the Gigabit
Ethernet 0/0 interface of the HQ router from accessing the Branch server. All other traffic is
permitted. Configure the access list on the appropriate router, apply it to the appropriate interface
and in the appropriate direction.

(GTTH) (ENG) Computer Networking

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(GTTH) (ENG) Computer Networking

Uploaded by

Copyright:

Available Formats

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

5.1.2 Objective ............................................................................................................................................... 30

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

Practice 1: CONFIGURE INITIAL

- Lab 1: configure initial switch settings

Part 1: Cable the Network and Verify the Default Switch

Part 3: Configuretion of switch management interface -

Part 4: Practice lab

1.1.3 Program Learning Outcome

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

1.2.2 Basic Practice

S1 VLAN 1 192.168.1.2 255.255.255.0 192.168.1.1

Part 1: Verify the default switch configuration

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

a) Use the enable command to enter privileged EXEC mode.

b) Examine the current running configuration file

Switch# configure terminal

Step 2: Set security for the console port

S1# configure terminal

Step 3: Check the security for the console port

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

Step 4: Security settings for privileged mode

Step 5: Check security settings for privileged mode

Use password itsasecret to encrypt the password as follows:

Step 7: Check password encryption to access privileged mode

b) Configure MOTD Banner

Step 2: Awnser the questions:

• When will the banner banner message appear? ________

S1# copy running-config startup-config Destination

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

Step 1: set the IP for the PC

PC> ping 192.168.1.2

Observe and explain the achieved results

1.2.3 Skills Intergration Challenge Topology:

S1 VLAN 1 192.168.1.253 255.255.255.0

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

Configurate the PCs:

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

CONFIGURE INITIAL ROUTER SETTINGS

Practice 2: CONFIGURE INITIAL

- Lab 2: configure initial router settings

Part 1: Verify the Default Router Configuration

2.2.2 Basic Practice Topology:

Part 1: Verify the Default Router Configuration

Step 1: Establish a console connection to R1.

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

b. Enter the show running-config command:

Part 2: Configuretion and Verify the Initial Router Configuration

To configure parameters on a router, you may be required to move between various

Step 1: Configure the initial settings on R1.

f. Encrypt all plain text passwords.

Step 2: Verify the initial settings on R1.

Press RETURN to get started.

j. Press ENTER; you should see the following message:

User Access Verification

PRACTICE COMPUTER NETWORKING FACULTY OF INFORMATION TECHNOLOGY

CONFIGURE INITIAL ROUTER SETTINGS

k. Enter the passwords necessary to return to privileged EXEC mode.

Part 3: Save the Running Configuration File

a. Examine the contents of flash using the show flash command:

Part 4: Configure Router Interfaces