CCNA 200 120 Lab Manual

By : Miftah Nurbeenur
Tel: 0911074401
Email: miftahnurbenur@yahoo.com
April, 2016
1
Table of Contents
LAB1 : Basic Networking Using CISCO Switch/Router ......................................................................... 4
LAB 1.1: Accessing Console of the Switch/Router on Packet Tracer Simulator ............................. 4
LAB 1.3: Accessing Console of the Switch/Router (HardWare Appliance) ..................................... 8
LAB 1.3: Password Recovery............................................................................................................... 10
LAB 1.4: Configuring the router by using the Cisco GUI facility (SDM) ....................................... 14
LAB2 : VLANs .......................................................................................................................................... 16
LAB 2.1: VLAN Configuration & assigment .................................................................................... 17
LAB 2.2: PORT SECURITY ............................................................................................................... 19
LAB2.3 : Rapid Spanning Tree Protocol (RSTP) .............................................................................. 20
LAB 2.4 :InterVLAN Routing (IVR): ................................................................................................. 24
Lab 3: ROUTING ..................................................................................................................................... 27
LAB 3.1: Static Routing: ...................................................................................................................... 28
LAB 3.2: Enhanced Interior Gateway Routing Protocol (EIGRP):................................................. 30
LAB 3.3: Open Shortest Path First (OSPF): ...................................................................................... 33
Lab 4: First Hop Redundancy Protocols ................................................................................................ 36
LAB 4.1: Hot Standby Router Protocol (HSRP): .............................................................................. 36
LAB 4.2: Virtual Router Redundancy Protocol(VRRP) ................................................................... 40
LAB 4.3: Gateway Load Balancing Protocol...................................................................................... 42
Lab 5: IPV6 ............................................................................................................................................... 45
LAB5.1: How to Configure IPv6 on CISCO Router.......................................................................... 45
LAB5.2: Configuring IPv6 Auto configures ....................................................................................... 47
LAB5.3: Configure RIPng on Router: ................................................................................................ 49
LAB 5.4: Configuring OSPF V.3.0 ...................................................................................................... 52
LAB5.6 : Configuring EIGRP ............................................................................................................. 55
Lab 6: WAN............................................................................................................................................... 57
LAB6.1: WAN Encapsulation .............................................................................................................. 57
LAB 6.2:Frame Relay ........................................................................................................................... 59
LAB7: IP Services ..................................................................................................................................... 63
LAB7.1 : Configuring DHCP on Cisco ROUTER ............................................................................. 63
LAB7.2: Standard ACL........................................................................................................................ 65
LAB 7.3: Extended ACL ..................................................................................................................... 66
LAB 7.4: Static NAT ............................................................................................................................. 68
2
LAB7.5: Dynamic NAT ........................................................................................................................ 69
LAB 7.6: PAT ........................................................................................................................................ 70
LAB7.7:Trouble shooting of EIGRP ................................................................................................... 71
LAB 7.8:SYSLOG ................................................................................................................................. 73
3
LAB1 : Basic Networking Using CISCO Switch/Router
OBJECTIVE: To configure a cisco switch with basic configuration
• Connect the console cabe

• Open the Terminal Emulator to connect to the Router/Switch
• Explore the Modes of CLI
• Perform basic Configuration (Hostname , Privelage Password, Console
Line Passwords, Internal User Database & Verify the configuration)
• Perform password recovery
• Configure Telnet & SSH
LAB 1.1: Accessing Console of the Switch/Router on Packet Tracer Simulator
4
Switch Console
Modes of CLI:
User-exec mode Switch>

Privilege mode Switch#
5
Global Configuration mode Switch(config)#
How to switch in different modes:

Switch> enable
Switch# config terminal
Switch (config) #
Note: To return to the previous mode use “Exit” command in the current mode.
How to Set Hostname and Configure Console Password:

Switch (config) # hostname CISCO
CISCO (config) #line console 0
CISCO (config-line) #password cisco123
CISCO (config-line) #login
How to Set Privilege level password:

Clear Text Password not encrypted(less priority)
CISCO(config)#enable password ccna123
Encrypted password (more Priority)

CISCO(config)#enable secret cttc123
Verify the Password

CISCO (config)#exit
CISCO #exit
CISCO con0 is now available
Press RETURN to get started.
User Access Verification
• TYPE HERE LINE CONSOLE Password Password:
CISCO>enable
• TYPE HERE Privilege Level Password Password:
6
How to Set User Authentication in Switch
CISCO# config terminal
CISCO(config)#line console 0
CISCO(config-line)# login local
CISCO(config-line)#exit
CISCO(config)#username cttc password ccna123
Verify the Authentication
7
CISCO(config)#exit
CISCO#exit
Verify the User Status

CISCO#show users
Line User Host(s) Idle Location

* 0 con 0 cttc idle 00:00:00
LAB 1.3: Accessing Console of the Switch/Router (HardWare Appliance)

• Prepare a roll over cable and use
• Install the Terminal Emulator
Accessing Console of the Switch/Router
• RJ-45 to DB-9 adapter is used on the PC (COM port) to the device console Port through a
roll-over cable.
• Hyper Terminal or Putty is used to access the Command Line Interface (CLI) of the Device.
For HyperTerminal in WinXP (Start --Menu—Programs—Accessories—Communications--
Hyper Terminal)
8
For Putty(Windows 7 and above):
9
LAB 1.3: Password Recovery
When you forget the passwords for the router/switch you can login to it bypassing it. The
following exercise shows you how to do just that.
Configuration on Router
Router>enable
Router#config t
Router(config)#line console 0
Router(config-line)Password cisco
Router(config-line)#Login
Router(config-line)#Exit
For password recovery, connect to the router through the terminal of the PC conncted to the
Router & power cycle the router and press ctrl+break.
10
After we enter the rommon mode type:
Rommon 1 > confreg 0x2142
Rommon 2 > reset
Once you login to the router

Router#copy startup-config running-config
And now change the password
And Don’t Foget to change back the configuration register value to the original value 0×2102
Check that by typing “Show Version”
Some important things to remember:
• Password is stored in a file named ‘startup-config’

• This startup-config file sis stored in the NVRAM ( Non Volatile – RAM)
• If you see the config using ‘show version’, you observer that the default configuration
register value is 0×2102. When this value for config register is set to the NVRAM , when
the router boots it will look for the startup-config file which is in the NVRAM
11
• In case we need to recover the password, then we need to change the configuration
register value to 0×2142. With this configured, the router would ignore or bypass the
startup-config file in NVRAM and enters to Setup Mode
• Whenever we make changes to the router’s configuration register settings, we must
manually reload the router.
• While recovering the password, PC must connect to the router using console
How to Set Telnet password:

CISCO(config)#line vty 0 15
CISCO(config-line)#password cisco
CISCO(config-line)#login
CISCO(config-line)#exit
How to Enable The Device to Establish Telnet/SSH

Session:
CISCO(config)#interface vlan 1
CISCO(config-if)#ip address 10.0.0.10 255.0.0.0
CISCO(config-if)#no shutdown
Note: VLAN 1 IP address is used to establish the telnet session. Go to

command prompt and use telnet command to make a telnet session with the
device. C:\>telnet 10.0.0.10
Configuring SSH:
CISCO(config)#username taha password abc123
CISCO(config)#ip domain-name cttc.net
CISCO(config)#crypto key generate rsa
The name for the keys will be: CISCO.cttc.net
12
Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys.
Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]: 512 % Generating 512 bit RSA keys ...[OK]
CISCO(config)#line vty 0 15
CISCO(config-line)#login local
CISCO(config-line)#transport input ssh
Note: VLAN 1 must be configured as show in TELNET section. Putty software iscommonly
used to establish SSH session.
Verify Command’s:
CISCO(config)#show line vty 0 15
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
1 VTY - -13 0 0/0 -
2 VTY - - - - - 0 0 0/0 -
3 VTY - - - - - 0 0 0/0 -
4 VTY - - - - - 0 0 0/0 -
5 VTY - - - - - 0 0 0/0 -
6 VTY - - - - - 0 0 0/0 -
7 VTY - - - - - 0 0 0/0 -
8 VTY - - - - - 0 0 0/0 -
9 VTY - - - - - 0 0 0/0 -
10 VTY - - - - - 0 0 0/0 -
13
11 VTY - - - - - 0 0 0/0 -
12 VTY - - - - - 0 0 0/0 -
13 VTY - - - - - 0 0 0/0 -
14 VTY - - - - - 0 0 0/0 -
15 VTY - - - - - 0 0 0/0 -
16 VTY - - - - - 0 0 0/0 –
!!! ―*‖ show that one VTY Session is active:
LAB 1.4: Configuring the router by using the Cisco GUI facility (SDM)
Objectives
• Prepare a router for access with Cisco Security Device Manager
• Install SDM onto a PC
• Connect to the router through SDM and do the above basic configurations
Prepare the Router for SDM
The Cisco SDM application uses the virtual terminal lines and HTTP server to manipulate the
configuration of the device. Since a user must log in to access or change the configuration, some
basic commands must be issued to allow remote access.
First, create a username and password on the router for SDM to use. This login will need to have
a privilege level of 15 so that SDM can change configuration settings on the router. Make the
password argument of this command the last argument on the line, since everything after the
password argument will become part of the password. The username and password combination
will be used later when accessing the router.
R1(config)# username ciscosdm privilege 15 password 0 ciscosdm
14
HTTP access to the router must be configured for SDM to work. If your image supports it (you
will need to have an IOS image that supports crypto functionality), you should also enable secure
HTTPS access using the ip http secure-server command. Enabling HTTPS generates some
output about RSA encryption keys. This is normal. Also, make sure the HTTP server uses the
local database for authentication purposes.
R1(config)# ip http server
R1(config)# ip http secure-server
R1(config)# ip http authentication local

Finally, configure the virtual terminal lines of the router to authenticate using the local
authentication database. Allow virtual terminal input through both telnet and SSH.
R1(config)# line vty 0 4
R1(config-line)# login local
R1(config-line)# transport input telnet ssh
Now that the router has all of the commands necessary for remote access, connectivity will need
to be established between the PC and the router. The first thing we will need to do is configure
the Fast Ethernet interface on the router with the IP address shown in the diagram. If you have
already configured the correct IP address, skip this step.
R1(config)# interface fastethernet0/0

R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# no shutdown
Next, assign an IP address to the PC.
Now that the router is ready to be accessed from SDM and there is connectivity between the
router and the PC, you can use SDM to configure the router.
You should start by extracting the SDM zip file to a directory on your hard drive.
Install SDM on the PC
15
LAB2 : VLANs
• Create VLANs(10 & 20)

• Verify VLANs
• Assign Ports to the VLANs
• Configure Port security for sticky mac with maximum value of 1 & shutdown
measure for any violation
• Configure and verify Rapid Spanning Tree Protocol (RSTP)
16
• Ether channel Configuration(for two trunk ports, use LACP)
• Inter VLAN Routing (IVR)-Router-On-Stick
LAB 2.1: VLAN Configuration & assigment
Objective: To Create and Configure VLAN

CISCO#config terminal
CISCO(config)#vlan 10
CISCO(config-vlan)#name HR
CISCO(config-vlan)#exit
17
CISCO(config)#vlan 20
CISCO(config-vlan)#name Sales
CISCO(config-vlan)#exit
Verify VLANs
CISCO#show vlan brief
VLAN Name Status Ports

------- ---------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 HR active
20 Sales active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Note: All ports of the switch are member of VLAN 1 by default.
How to Assign Ports to Different VLANs:

CISCO(config)#interface fa0/1
CISCO(config-if)#switchport mode access
CISCO(config-if)#switchport access vlan 10
CISCO(config-if)#exit

CISCO(config-if)#switchport access vlan 20
Verify Ports in VLANS

CISCO#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6

Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 HR active Fa0/1
20 Sales active Fa0/2
LAB 2.2: PORT SECURITY
OBJECTIVE: TO IMPLEMENT BASIC PORT SECURITY FEATURES ON

INTERFACE
CISCO(config-if)#switchport port-security
CISCO(config-if)#switchport port-security mac-address sticky
CISCO(config-if)#switchport port-security maximum 1
CISCO(config-if)#switchport port-security violation shutdown
CISCO(config-if)#exit
CISCO(config-if)#switchport port-security
CISCO(config-if)#switchport port-security mac-address sticky
CISCO(config-if)#switchport port-security maximum 1
CISCO(config-if)#switchport port-security violation shutdown
Verify Port-Security MAC Address:

CISCO#show port-security address
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age (mins)
---- ----------- ---- ----- -------------

1 0060.705E.07CB SecureSticky FastEthernet0/1 -
1 0090.21BD.4810 SecureSticky FastEthernet0/2 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
Verify Port-Security Interface FastEnthernet Fa0/1:

CISCO#show port-security interface f0/1
Port Security : Enabled
19
Port Status :Secure-up
Violation Mode :Shutdown
Aging Time :0 mins
Aging Type :Absolute
SecureStatic Address Aging :Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses :0
Sticky MAC Addresses : 1
Last Source Address:Vlan :0060.705E.07CB:1
Security Violation Count :0
Note:
Max Addresses value depends upon the model of the device.
Manual MAC address can be entered in port-security instead on using

―sticky‖ command.
Violation modes can be set to protect, restrict or shutdown.
What happens if violation occurred:

When a new PC is attached to the port on which port-security is enabled then Switch
will take an action which is set in the violation mode.
Verify when violation is occurred:

CISCO#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
-----------------------------------------------------------------------------------------
Fa0/1 1 1 1 Shutdown
Fa0/2 1 1 1 Shutdown
-----------------------------------------------------------------------------------------
LAB2.3 : Rapid Spanning Tree Protocol (RSTP)
OBJECTIVE: To Implement STP, It’s Improvement RSTP and To Configure
Root Bridges for Different VLANS.
20
Verify Root Bridge on Switch-1:
Switch-1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address0002.16EE.8B7E
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address0002.16EE.8B7E
Aging Time 20
Interface Role Sts Cost Prio Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Note:
If the switch is ―Root Bridge‖, it will display the message ―This bridge is the root‖.
Root ID Address and Bridge ID Address will be same in case of Root Bridge.
Default priority is 32768. VLAN ID (System Extension ID) is added to the default
priority. VLAN 1 is the default VLAN so the priority for VLAN 1 is 32769
(32768+1).
Enabling RSTP:
Switch-1(config)#spanning-tree mode rapid-pvst
Note: The above command will be issued on all the switches of the network.
21
Verify RSTP:
VLAN0001
Spanning tree enabled protocol rstp

Address 0002.16EE.8B7E

Address 0002.16EE.8B7E
Aging Time 20
Changing Switch-2 to Root Bridge:

Switch-2(config)#spanning-tree vlan 1 priority 4096
Note:
Priority must be in the multiple 4096.
To change the root bridge, you can also use the following command:
Switch-2(config)#spanning-tree vlan 1 root primary
Verify Switch-2 as Root Bridge:

VLAN0001
Spanning tree enabled protocol rstp
Address 000C.CF21.CBC1

Address 000C.CF21.CBC1
Aging Time 20
22
Enabling Portfast feature on all switches:
Switch-1(config)#spanning-tree portfast default
Note: Above command will be issued to all the switches in the network. By enabling portfast feature
on all the switches, will disable the STP process on all non-trunk ports. It will cause to take less time
to change the state to up on all non-trunking ports. To verify this feature, connect a PC to the switch
and the port will be up within 5 seconds.
Etherchannel Configuration:
Configuring Switch-1:
Switch-1(config)#interface range fa0/1 - 2
Switch-1(config-if-range)#channel-group 1 mode on
Switch-1(config-if-range)#exit
Switch-1(config)#interface port-channel 1
Switch-1(config-if)#switchport mode trunk
Configuring Switch-2:
Switch-2(config)#interface range fa0/1 - 2
Switch-2(config-if-range)#channel-group 1 mode on
Switch-2(config-if-range)#exit
Switch-2(config)#interface port-channel 1
Switch-2(config-if)#switchport mode trunk
Verify Etherchannel:
Switch-1#show etherchannel summary
…<Output omitted>…
Number of channel-groups in use: 1

Number of aggregators: 1
Group Port-channel Protocol Ports

--------+-----------------+------------+-------------------------
1 Po1(SU) - Fa0/1(P) Fa0/2(P)
23
LAB 2.4 :InterVLAN Routing (IVR):
Objective: To Create Vlans &to show Routing B/W the Vlans
Configuring Switch:
Switch(config)#vlan 10
Switch(config-vlan)#name HR
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name Sales
Switch(config-vlan)#exit
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
Switch(config-if)#switchport mode trunk
Configuring Router:
Router(config)#interface fa0/0
Router(config-if)#no shutdown
Router(config-if)#exit
Creating sub-interface for VLAN 10 on router:

Router(config)#interface fa0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 10.0.0.100 255.0.0.0
Router(config-subif)#exit
24
Creating sub-interface for VLAN 20 on router:
Router(config)#interface fa0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 20.0.0.100 255.0.0.0
Router(config-subif)#exit
Configuring IP on PC:
Verify InterVLAN Routing:
25
26
Lab 3: ROUTING
• Configure & Verify Static Routing
• Configure and Verify Enhanced Interior Gateway Routing Protocol (EIGRP)
• Open Shortest Path First (OSPF)
27
LAB 3.1: Static Routing:
Objective: To Implement Stating Routing in IPversion 4
Configuring R1:
R1(config)#interface fa0/0
R1(config-if)#ip address 10.0.0.100 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface s0/1/0
R1(config-if)#clock rate 64000
R2(config-if)#exit
Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given to this.
Configuring R2:

R2(config-if)#exit

R2(config-if)#exit
Adding static route on R1 for network 20.0.0.0:

R1(config)#ip route 20.0.0.0 255.255.255.0 s0/1/0
Adding static route on R2 for network 10.0.0.0:

R2(config)#ip route 10.0.0.0 255.255.255.0 192.168.1.1
28
Note: When configuring the static route on router R1 we used the local interface of the router
R1 i.e s0/1/0, whereas, when configuring router R2 we use the next hop address as Forwarding
router's address.
Verify the routes on Router R1:

R1#show ip route
Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets
S 20.0.0.0 is directly connected, Serial0/1/0 192.168.1.0/30 is subnetted, 1 subnets

C 192.168.1.0 is directly connected, Serial0/1/0

R2#show ip route
S 10.0.0.0 [1/0] via 192.168.1.1 20.0.0.0/24 is subnetted, 1 subnets
C 20.0.0.0 is directly connected, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets

Verifying the ping reply from PC-2 to PC-1:
29
LAB 3.2: Enhanced Interior Gateway Routing Protocol (EIGRP):
Objective: To Implement EIGRP in IP version 4
Configuring R1:

R1(config-if)#exit
30
R2(config-if)#exit
Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given
to this.
Configuring R2:
R2(config-if)#exit
R2(config-if)#exit
Adding networks for EIGRP on Router R1:

R1(config)#router eigrp 100
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#exit
Note: All directly connected networks will be issued in the router eigrp mode. Autonomous
System number must be same on all the routers in the network.
Adding networks for EIGRP on Router R2:

R1(config)#router eigrp 100
Verify the routes on Router R1: R1#show ip route

• 10.0.0.0 is directly connected, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets

• 20.0.0.0 [90/2172416] via 192.168.1.2, 00:00:16, Serial0/1/0
192.168.1.0/30 is subnetted, 1 subnets
31
Verify the routes on Router R2: R2#sh ip route
• 10.0.0.0 [90/2172416] via 192.168.1.1, 00:00:05, Serial0/1/0 20.0.0.0/24 is subnetted, 1

subnets

Verifying neighbors for R1:

R1#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q
Seq
(sec) (ms) Cnt
Num
0 192.168.1.2 Se0/1/0 11 0:02:05 40 1000 0 3
Verifying neighbors for R2:

IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q
Seq
Num (sec) (ms) Cnt
0 192.168.1.1 Se0/1/0 13 00:03:15 40 1000 0 3
Note: To verify the currently enabled routing protocols, use the following command:
R1#show ip protocols
To view all the routes that has been calculated by EIGRP, use the following command:
R1#show ip eigrp topology.
32
LAB 3.3: Open Shortest Path First (OSPF):
Objective: To Implement OSPF in IP version 4
Configuring R1:
R1(config-if)#exit
R2(config-if)#exit
Note: Interface Serial0/1/0 of Router R1 is a DCE end, so clock rate must be given
to this.
Configuring R2:
R2(config-if)#exit
R2(config-if)#exit
Configuring Central Router (ABR):

ABR(config)#int s0/1/0
ABR(config-if)#ip add
ABR(config-if)#ip address 192.168.1.2 255.255.255.252
ABR(config-if)#no shutdown
33
ABR(config-if)#exit
ABR(config)#int s0/1/1
ABR(config-if)#ip address 192.168.2.1 255.255.255.252
ABR(config-if)#clock rate 64000
ABR(config-if)#no shutdown
ABR(config-if)#exit
Adding networks for OSPF on Router R1 as Area 0 (Backbone Area):

R1(config)#router ospf 10
R1(config-router)#network 10.0.0.0 0.0.0.255 area 0
Adding networks for OSPF on Router R2 as Area 1 (Regular Area):

R2(config)#router ospf 20
Adding networks for OSPF on Router ABR as Area 0 and Area 1:

ABR(config)#router ospf 50
ABR(config-router)#network 192.168.1.0 0.0.0.3 area 0
ABR(config-router)#network 192.168.2.0 0.0.0.3 area 1
ABR(config-router)#exit
R1#show ip route
O IA 20.0.0.0 [110/129] via 192.168.1.2, 00:09:19, Serial0/1/0 192.168.1.0/30 is subnetted, 1

subnets
• 192.168.1.0 is directly connected, Serial0/1/0 192.168.2.0/30 is subnetted, 1 subnets
O IA 192.168.2.0 [110/128] via 192.168.1.2, 00:09:19, Serial0/1/0
Verify the routes on Router
34
R2: R2#show ip route:
Verify the routes on Router ABR:

ABR#show ip route:
• 10.0.0.0 [110/65] via 192.168.1.1, 00:13:30, Serial0/1/0 20.0.0.0/24 is subnetted, 1 subnets
• 20.0.0.0 [110/65] via 192.168.2.2, 00:13:11, Serial0/1/1 192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, Serial0/1/0 192.168.2.0/30 is subnetted, 1 subnets
C1 92.168.2.0 is directly connected, Serial0/1/1
Note: More commands to verify OSPF:
R1#show ip ospf neighbor

R1#show ip ospf database
35
Lab 4: First Hop Redundancy Protocols
• Configure and Verify Hot Standby Router Protocol (HSRP)
• Virtual Router Redundancy Protocol (VRRP) for the above network
• Gateway Load balancing Protocol (GLBP) for the above network
LAB 4.1: Hot Standby Router Protocol (HSRP):

Objective: How to show Redundancy by using HSRP
36
Configuring WAN-RT:
WAN-RT(config)#interface Loopback0
WAN-RT(config-if)#ip address 200.0.0.1 255.255.255.0

WAN-RT(config-if)#no shutdown
WAN-RT(config-if)#exit
WAN-RT(config)#interface FastEthernet0/0
WAN-RT(config)#router rip
WAN-RT(config-router)#version 2
WAN-RT(config-router)#network 172.16.0.0
WAN-RT(config-router)#no auto-summary
WAN-RT(config-router)#exit
Configuring Master-RT:
Master-RT(config)#interface FastEthernet0/0
Master-RT(config-if)#ip address 10.0.0.10 255.255.255.0
Master-RT(config-if)#standby 1 ip 10.0.0.100
Master-RT(config-if)#standby 1 priority 110
Master-RT(config-if)#standby 1 preempt
Master-RT(config-if)#standby 1 track FastEthernet0/1
Master-RT(config-if)#no shutdown
Master-RT(config-if)#exit
Master-RT(config-if)
Master-RT(config )#interface FastEthernet0/1
Master-RT(config)#router rip
Master-RT(config-router)#version 2
Master-RT(config-router)#network 10.0.0.0
Master-RT(config-router)#no auto-summary
Configuring Backup-RT:
Backup-RT(config)#interface FastEthernet0/0
Backup-RT(config-if)#ip address 10.0.0.9 255.255.255.0
37
Backup-RT(config-if)#standby 1 ip 10.0.0.100
Backup-RT(config-if)#standby 1 priority 95
Backup-RT(config-if)#standby 1 preempt
Backup-RT(config-if)#no shutdown
Backup-RT(config-if)#exit
Backup-RT(config)#router rip
Backup-RT(config-router)#version 2
Backup-RT(config-router)#network 10.0.0.0
Backup-RT(config-router)#no auto-summary
Verify Master-RT:
Master-RT#show standby
38
Note: When the network is perfectly up, Master-RT must be in Active State. If
FastEthernet port of Master-RT gone down then Backup-RT will become active.
Now check Backup-RT when the Fa0/1 of Master-RT is down
Verify Backup-RT when Fa0/1 of Master-RT is down:

Backup-RT#show standby
39
LAB 4.2: Virtual Router Redundancy Protocol(VRRP)
Objective: How to show Redundancy by using VRRP
Configuring WAN-RT:

40
Master-RT(config-if)#vrrp 1 ip 10.0.0.100
Backup-RT(config-if)#vrrp 1 ip 10.0.0.100
Verify Master-RT:
Master-RT# show VRRP
41
Note: When the network is perfectly up, Master-RT must be in Active State. If FastEthernet
port of Master-RT gone down then Backup-RT will become active. Now check Backup-RT
when the Fa0/1 of Master-RT is down

Backup-RT#show VRRP
LAB 4.3: Gateway Load Balancing Protocol

Objective: How to show Redundancy by using GLBP
42
Configuring WAN-RT:

Master-RT(config-if)#glbp 1 ip 10.0.0.100
Backup-RT(config-if)#glbp 1 ip 10.0.0.100
43
Verify Master-RT:
Master-RT# show GLBP

Backup-RT#show GLBP
44
Lab 5: IPV6
• How to Configure IPv6 on CISCO Router

• Configuring IPv6 Auto configures
• Configure RIP ng on Router
• Configuring OSPF V3
• Configuring EIGRP
LAB5.1: How to Configure IPv6 on CISCO Router

Objective: To Implement IP Version 6 on Routers
Configure R1’s interface S1/0 with ipv6 address

R1(config)#ipv6 unicast-routing
R1(config)#interface serial 1/0
R1(config-if)#ipv6 address 2001:abad:beef:1::1/64
45
R2(config)#interface serial 1/0
R2(config-if)#ipv6 address 2001:abad:beef:1::2/64
Verify IPv6 address:

R1#show ipv6 interface
Verify IPv6 communication between R2 and R1 using ping:
46
LAB5.2: Configuring IPv6 Auto configures
Objective: To Show How Routers Acquire The Ipv6 Address Automatically
Configuring R1#:
R1(config)#int fa0/0
R1(config-if)#ipv6 address 2001:abad:5001:1::1/64
R1(config-if)#ipv6 nd prefix 2001:abad:5001:1::/64
Configuring R2#:
R2(config-if)#ipv6 address autoconfig
R2(config-if)#exit
Configuring R3#:
R3(config-if)#ipv6 address autoconfig
R3(config-if)#end
Verify Autoconfigure IPv6 on R2’s interface Fa0/0:
47
48
LAB5.3: Configure RIPng on Router:
Background:
In this configuration example, routers R1 and R2 are connected via Serial interface
and Loopback addresses are configured to generate networks. All the interfaces are
configured with the IPv6 addresses.
Configure on R1:
R1(config)#int s1/0
R1(config-if)#ipv6 rip cttc enable
R1(config-if)#exit
R1(config)#int Loopback 10
R1(config-if)#ipv6 address 1:1:1:1::1/64
R1(config-if)#exit
R1(config-if)#exit
Configure on R2:
R2(config)#int s1/0
R2(config-if)#exit
49
R2(config-if)#exit
R2(config-if)#exit
Note: In the syntax cttc specified the Process, you can run multiple processes on
a Route
Verify RIPng Routes:

R1#show ipv6 route
Verify information about the current IPv6 RIP process
50
Verify the reachability between the routers R1 and R2, use the ping
command:
51
LAB 5.4: Configuring OSPF V.3.0
OBJECTIVE: TO IMPLEMENT OSPF ROUTING PROTOCOL IN IPV6
Configure R1:
R1(confg)#ipv6 unicast-routing
R1(config)#int s1/0
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#exit
R1(config-if)#exit
52
R1(config-if)#exit
R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 1.1.1.1
R1(config-if)#exit
Configuring R2:
R2(confg)#ipv6 unicast-routing
R2(config)#int s1/0
R2(config-if)#exit
R2(config-if)#exit

R2(config-if)#exit
R2(config)#ipv6 router ospf 1
R2(config-rtr)#router-id 2.2.2.2
R2(config-rtr)#exit
Configure R1′s Loopback 10, 20 and R2’s Loopback 0, 1 interface to participate in
OSPF Area 0 and ensure that R1 & R2 advertises Lo0 as a /64 subnet and not a
host route (/128).
Note: Loopback interfaces have their own OSPF network type in which case OSPF advertises a
host route to the loopback interface and not the configure subnet mask. To change OSPF to
advertise the subnet assigned to the loopback interface you’ll need to change the network type
to point-to-point as shown below:
For R1:
R1(config)#interface loopback 10
R1(config-if)#ipv6 ospf network point-to-point
R1(config-if)#exit
53
R1(config-if)#exit
For R2:

R2(config-if)#exit
R2(config-if)#exit
Verify R1′s Loopback0 network is in the IPv6 routing table of R2:

R1#show ipv6 route ospf
Verify R1′s Loopback10 network has IPv6 connectivity to R2′s Loopback0 network using
PING:
54
LAB5.6 : Configuring EIGRP
OBJECTIVE: TO Implement EIGRP in IPV6
Configure R1:
R1(config)#int s1/0
R1(config-if)#ipv6 eigrp 100
R1(config-if)#exit
R1(config)#ipv6 router eigrp 100
R1(config-rtr)#eigrp router-id 1.1.1.1
R1(config-rtr)#exit
R1(config-rtr)#exit
R1(config)#int loopback 20
R1(config-if)#exit
55
Configure R2:
R2(config)#int s1/0
R2(config-if)#exit
R2(config)#ipv6 router eigrp 100
R2(config-rtr)#eigrp router-id 2.2.2.2
R2(config-rtr)#exit
R2(config-rtr)#exit
R2(config-if)#exit
Verify R1′s Loopback0 network is in the IPv6 routing table of R2:

R1#show ipv6 route eigrp:
56
Lab 6: WAN
• Configure WAN Encapsulation
• Configure Frame Relay
LAB6.1: WAN Encapsulation
OBJECTIVE: To Implement authentication method and encapsulation used

for WAN
57
Configuring R1:
R1(config)#int s0/3/0

R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap pap
R1(config-if)#exit
R1(config)#username R2 password cisco
Configuring R2:
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap pap
R2(config-if)#exit
R2(config)#username R1 password cisco
Note: Username R2 must be created on Router R1 and username R1 must be created on Router
R2, where usernames R1 and R2 are the hostname of their respective Routers. Passwords on both
the routers must be same.
Verify point-to-point connectivity:
R1#ping 192.168.1.2
58
LAB 6.2:Frame Relay
OBJECTIVE: To Show How Router Connects With Each Other Over

Cloud Using Frame Relay
59
Configuring R1:
R1(config-if)#encapsulation frame-relay
R1(config-if)#exit
R1(config)#interface s0/3/0.122 point-to-point
R1(config-subif)#ip address 10.1.2.1 255.255.255.0
R1(config-subif)#frame-relay interface-dlci 122
R1(config-subif)#exit
R1(config)#interface s0/3/0.123 point-to-point
R1(config-subif)#ip address 10.1.3.1 255.255.255.0
R1(config-subif)#frame-relay interface-dlci 123
R1(config-subif)#exit
R1(config)#router rip
R1(config-router)#version 2
Configuring R2:
R2(config-if)#frame-relay interface-dlci 221
R2(config-if)#exit
Configuring R3:
R3(config-if)#frame-relay interface-dlci 321
R3(config-if)#exit
60
Configuring WAN Emulation Cloud:
Note: Click on WAN cloud then click on Config tab. You will see all the interfaces on the left hand
side. Now click on Serial0 button and add the DLCI value and Name as shown above and press
‖
―Add button. Serial0 is linked to two DLCI value, therefore both the
DLCI values must be added. Now repeat the same procedure for Serial1 and Serial2.
Configuring Frame Relay:
61
Note: Now click on ―Frame Relay‖ button and map the DLCI accordingly as shown above
and press the ―Add‖ button.
You can now verify the connectivity by sending ping packets as follows.
On Router R1:
R1#ping 10.1.2.2
R1#ping 10.1.3.2
On Router R2:
R2#ping 10.1.3.2
On Router R3:
R3#ping 10.1.2.2
62
LAB7: IP Services
LAB7.1 : Configuring DHCP on Cisco ROUTER
OBJECTIVE: To Configure DHCP in Order To Show How a Client Can

Be Assigned IP Address Automatically
Configuring Router R1:

R1(config-if)#ip address 192.168.1.1
R1(config-if)#exit
Configuring the DHCP pool:
R1(config)#ip dhcp pool cttc-pool
R1(dhcp-config)#network 192.168.1.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.1.1
R1(dhcp-config)#exit
R1(config)#ip dhcp exclude-address 192.168.1.1 192.168.1.5
R1(config)#end
Verify DHCP Binding:

R1#show ip dhcp binding
63
Configuring PC:
64
LAB7.2: Standard ACL
OBJECTIVE: To Implement Standard ACL in Order To Show How It

Does the Filtration Based On Source Address
Configuration on R1
Router>enable
Router#configure t
Router(config)#interface f0/0
Router(config-if)#ip address 10.0.0.100 255.255.255.0
Router(config-if)#ip add
Router(config-if)#no sh
Router(config-if)#ex
65
Ping from Pc0 to Pc 1
Router(config)#access-list 50 deny host 10.0.0.1

Router(config)#int f0/0
Router(config-if)#ip access-group 50 in
Ping after applying Acl
LAB 7.3: Extended ACL
OBJECTIVE: To show How Extended ACL Works by Filtration Based on

Source and Destination Address
66
Configuration on R0
Router>enable Router#configure t Router(config)#interface f0/0

Router(config)#access-list 100 permit tcp host 10.0.0.1 host 200.1.1.1 eq 80
Router(config)#access-list 100 deny tcp host 10.0.0.2 host 200.1.1.1 eq www
Router(config)#access-list 100 permit ip 10.0.0.0 0.0.0.255 any
Router(config)#access-list 100 permit ip any any
Router(config-if)#ip access-group 100 out
Router(config)#ip route 0.0.0.0 0.0.0.0 f0/0
67
Configuration on R1
Router>enable
Router#configure t
LAB 7.4: Static NAT
Objective: To Show Static Translation from Public Ip Address to Private

Ip Address by Implementing Static Nat
Configuration R0
Router#configure terminal
Router(config)#ip nat inside source static 10.0.0.1 172.16.1.3
Router(config-if)#ip nat outside
68
Router(config-if)#ip nat inside
Ping from pc 1 to server 1 after that run the show command

Router(config)#do sh ip nat translation
Pro Inside global Inside local Outside local Outside global
icmp 172.16.1.3:1 10.0.0.1:1 200.1.1.1:1 200.1.1.1:1
icmp 172.16.1.3:2 10.0.0.1:2 200.1.1.1:2 200.1.1.1:2
icmp 172.16.1.3:3 10.0.0.1:3 200.1.1.1:3 200.1.1.1:3
icmp 172.16.1.3:4 10.0.0.1:4 200.1.1.1:4 200.1.1.1:4
icmp 172.16.1.3:5 10.0.0.1:5 200.1.1.1:5 200.1.1.1:5
icmp 172.16.1.3:6 10.0.0.1:6 200.1.1.1:6 200.1.1.1:6
icmp 172.16.1.3:7 10.0.0.1:7 200.1.1.1:7 200.1.1.1:7
icmp 172.16.1.3:8 10.0.0.1:8 200.1.1.1:8 200.1.1.1:8
--- 172.16.1.3 10.0.0.1 --- ---
LAB7.5: Dynamic NAT
Objective: To Show Dynamic Translation from Public Ip Address to Private

Ip Address by Implementing Dynamic Nat
69
Router(config)#ip nat pool abc 172.16.1.3 172.16.1.4 netmask 255.255.255.0
Router(config)#ip nat inside source list 10 pool abc
Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255
Router(config-if)#ip access-group 10 out
Ping from Pc1 & from Pc2 but not from Pc3
Router# show ip nat translations

tcp 172.16.1.3:1025 10.0.0.1:1025 200.1.1.1:80 200.1.1.1:80
tcp 172.16.1.4:1025 10.0.0.2:1025 200.1.1.1:80 200.1.1.1:80
LAB 7.6: PAT
Objective: To Show Translation from One Public Ip Address to Many Private

Ip Address by Implementing Pat
70
Configuration on R1
Router(config)#ip nat pool abc 172.16.1.3 172.16.1.3 netmask 255.255.255.0
Router(config)#ip nat inside source list 10 pool abc overload
Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255
Router(config-if)#ip nat inside

Router(config-if)#ip nat outside
Ping 200.1.1.1 and then check the router translation

Router(config)#do sh ip nat translation

icmp 172.16.1.3:5 10.0.0.1:5 200.1.1.1:5 200.1.1.1:5
icmp 172.16.1.3:6 10.0.0.1:6 200.1.1.1:6 200.1.1.1:6
icmp 172.16.1.3:7 10.0.0.1:7 200.1.1.1:7 200.1.1.1:7
icmp 172.16.1.3:8 10.0.0.1:8 200.1.1.1:8 200.1.1.1:8
LAB7.7:Trouble shooting of EIGRP
Configuration on R1
Router>enable
Router(config)# interface s0/3/0

Router(config-if)#clock rate 64000
Router(config)#interface loopback 0
71
Router(config)#router eigrp 9
Router(config-router)#no auto-summary
Router(config-router)#network 10.0.0.0
Router(config-router)#exit
Configuration on R2
Router>enable
Router(config)#interface s0/3/0
Router(config)#interface loopback 0

Router(config-router)#no auto-summary
Router(config-router)#exit
After perform routing there is no ping from Router 1 to loopback 2.2.2.2,
Basically the reason is that , Router 1 have the A.S number is 10 and Router 2 have A.S no: 9,
that’s why there is no ping.
Now I have to change the A.S no: of R2.
72
LAB 7.8:SYSLOG
OBJECTIVE: To Implement Syslog and to Show The Output it Generates On

the Syslog Server
Configuration on Router
Router>enable
Router#conf t
Router(config)#int fa0/0
Router(config-if)#no shut
73
Router(config-if)#no shut
Router(config)#service timestamps log datetime msec
Router(config)#logging host 20.0.0.2
Router(config)#logging trap debugging
Router(config)#end
*Mar 01, 00:04:47.044: *Mar 01, 00:04:47.044: %SYS-5-CONFIG_I: Configured from console by
console
Enter configuration commands, one per line. End with CNTL/Z.
In order to generate the log do some configuration as below.

Router(configrouter)#exit
Router(config-if)#shutdown
*Mar 01, 00:05:50.055: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to

administratively down
*Mar 01, 00:05:50.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface

FastEthernet0/0, changed state to down
Router(config-if)#no shutdown Router(config-if)#
*Mar 01, 00:05:52.055: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

*Mar 01, 00:05:52.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up
Now click the server to see the syslog messages.
74
75

CCNA 200 120 Lab Manual

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNA 200 120 Lab Manual

Uploaded by

Copyright:

Available Formats

By : Miftah Nurbeenur

• Connect the console cabe

LAB 1.1: Accessing Console of the Switch/Router on Packet Tracer Simulator

User-exec mode Switch>

How to switch in different modes:

How to Set Hostname and Configure Console Password:

How to Set Privilege level password:

Encrypted password (more Priority)

Verify the Password

• TYPE HERE LINE CONSOLE Password Password:

• TYPE HERE Privilege Level Password Password:

Verify the User Status

Line User Host(s) Idle Location

LAB 1.3: Accessing Console of the Switch/Router (HardWare Appliance)

Accessing Console of the Switch/Router

Rommon 2 > reset

Once you login to the router

Check that by typing “Show Version”

Some important things to remember:

• Password is stored in a file named ‘startup-config’

How to Set Telnet password:

How to Enable The Device to Establish Telnet/SSH

Note: VLAN 1 IP address is used to establish the telnet session. Go to

The name for the keys will be: CISCO.cttc.net

Prepare the Router for SDM

R1(config)# username ciscosdm privilege 15 password 0 ciscosdm

R1(config)# ip http authentication local

R1(config)# interface fastethernet0/0

Next, assign an IP address to the PC.

• Create VLANs(10 & 20)

• Configure and verify Rapid Spanning Tree Protocol (RSTP)

• Inter VLAN Routing (IVR)-Router-On-Stick

LAB 2.1: VLAN Configuration & assigment

Objective: To Create and Configure VLAN

VLAN Name Status Ports

How to Assign Ports to Different VLANs:

CISCO(config-if)#switchport mode access

Verify Ports in VLANS

1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6

LAB 2.2: PORT SECURITY

OBJECTIVE: TO IMPLEMENT BASIC PORT SECURITY FEATURES ON

Verify Port-Security MAC Address:

Vlan Mac Address Type Ports Remaining Age (mins)

---- ----------- ---- ----- -------------

Verify Port-Security Interface FastEnthernet Fa0/1:

Port Security : Enabled

Max Addresses value depends upon the model of the device.

Manual MAC address can be entered in port-security instead on using

Violation modes can be set to protect, restrict or shutdown.

What happens if violation occurred:

Verify when violation is occurred:

LAB2.3 : Rapid Spanning Tree Protocol (RSTP)

OBJECTIVE: To Implement STP, It’s Improvement RSTP and To Configure

Root Bridges for Different VLANS.

Spanning tree enabled protocol rstp

This bridge is the root

Changing Switch-2 to Root Bridge:

Switch-2(config)#spanning-tree vlan 1 root primary

Verify Switch-2 as Root Bridge:

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Number of channel-groups in use: 1

Group Port-channel Protocol Ports

Creating sub-interface for VLAN 10 on router:

Verify InterVLAN Routing: