Professional Documents
Culture Documents
Ccna Workbook R&s
Ccna Workbook R&s
Data Encapsulation
Sending and receiving of data from a source device to the destination device is possible with the help of networking protocols
by using data encapsulation. When a host transmits data to another device across a network, the data is encapsulated with
protocol information at each layer of the OSI reference model. Each layer communicates with its neighbor layer on the
destination. Each layer uses Protocol Data Units (PDUs) to communicate and exchange information.
The Protocol Data Unit of each data flow layers is defined as follows:
IP Header Encapsulation
Each segment is then handed to the Network layer for logical addressing and routing through a routed protocol, for example IP,
IPX, Apple Talk and DECNET etc. The Network-layer protocol adds a header to the segment handed down to the Data Link layer.
Remember that the 3rd and 4rth layers work together to rebuild a data stream on a destination host. However, they have no
responsibility for placing their Protocol Data Units on a local network segment, which is the only way to get the information to
host or router.
User information is converted into data for transmission on the network. Data is converted into segments and a reliable or
unreliable connection is set up between the source and destination devices using connection oriented and connectionless
protocols. Segments are converted into packets using a logical address such as IP datagram using an IP address. Packets are
converted into frames for transmission on the local network. Media Access Control (MAC) addresses or Ethernet addresses are
commonly used to uniquely identify hosts on a local network segment. Frames are converted into bytes and bits, and a digital
encoding and clocking or signaling method is used.
De-Encapsulation
On destination side, the receiving devices will synchronize on the digital signal and extract the 1s and 0s from the digital signal.
At this point the devices build the frames, run a Cyclic Redundancy Check (CRC), and then check their output against the output
in the Frame Check Sequence (FCS) field of the data frame. If the information matches then the packet is pulled from the frame,
and the frame is discarded. This process is known as de-encapsulation. The packet then transfers to the Network layer, where
the IP address is checked. If the IP address matches then the segment is pulled from the packet, and the packet is discarded.
The data is processed at the Transport layer that rebuilds the data stream and acknowledges to the transmitting station that it
received each piece of segment. It then happily transfers the data stream to the upper layer application.
Collision Domain:
Collision domain is a set of LAN devices whose frames could collide with one another. This happens with hubs, bridges,
repeaters and wireless access points as only one device can send and receive at a time. If more than one device tries sending or
receiving, the information is lost and irrecoverable and it will need to be resent. This can slow down network performance
along with making it a security threat.
A hub is considered a layer one device of the OSI model; all it does is send packets out on all ports including the port in which
the packet was received on. This causes a collision because only one device can transmit at time. This also shares the bandwidth
of all devices connected to that collision domain
All the devices are connected to a hub in this diagram. When two pcs send data at the same time, there can be a collision so the
number of collision domain of hub is one.
Description:
Here our network has a Switch and a Hub. A switch uses layer two of the OSI model, so the switch uses MAC addresses to send
the packet to the correct device. Rather than sending it to all ports, a switch only sends the packet out one port, if it has the
MAC address in its MAC address table. If not the switch will send the packet on all ports except for the port in which the packet
was received on. Switches provide separate collision domains on each port. This provides dedicated bandwidth to that device.
This also allows simultaneous conversations between devices on different ports. Each port can be operated at full-duplex so the
device can send and receive information at the same time. Switch has collision domain per-port.
The 3 directly connected pc to the switch will have their own collision domain and the port with which the pc is connected to
the hub is shared with hub, as hub will entertain the switch as an end device and put the switch with the other two pc in the
same collision so the total number of collision domains is 4. 3 pc’s and 1 shared with hub.
Broadcast domain
The definition of a broadcast domain is a set of devices that if one device sends a broadcast frame, all other devices will receive
that frame in the same broadcast domain. So if devices are in the same IP network, they will be able to receive a broadcast
message. Having a smaller broadcast domain can improve network performance and improve against security attacks. The
more PCs and network devices connected to a single broadcast domain, the more broadcast messages you will have.
Remember a broadcast message goes to every PC and network device.
Switch by default has single broadcast domain and per-port collision domain.
2.
SUBNETTING
Subnetting is the process of making small networks (subnets) from a large network.
Suppose you have a network 192.168.10.0/24, it means you have a network of 256 addresses (0-255) or you can say you have a
network of block size 256. You normally use it as a class C Address. What will happen if you ON one more bit. Let’s try this out-
Network - 192.168.10.0/25
Now you have to find out what will be block size of your network
192.168.10.0/25.
Always choose a nonzero value from subnet mask and start reading the subnet mask from right to left. In the above case, your
value is 128.
If you have a subnet mask 255.255.192.0, then your value will be 192.
(Don’t consider the zero.) Now put the value in above formula.
x
No. of Subnets= 2 , here x is equal to the number of extra ON bits (except default ones).
In our case, you have one extra ON bit, don’t consider the default 24 bits of class C.
x 1
No. of subnets = 2 = 2 = 2
y
No of hosts per subnet = 2 -2, here y is number the OFF bits. In our case we have (32-25) 7 OFF bits.
7
So number of subnets = 2 -2=128-2=126.
st
Broadcast address of 1 subnet will be the ip address before 192.168.10.128 and that is 192.168.10.127 or you can count from
0 to 127 and that will give you a block size of 128.
nd
Broadcast address of 2 subnet will be 192.168.10.255
Host addresses will be the addresses between Network address and Broadcast address. Host addresses are those addresses
that you can assign to your devices.
st
From above table, you can see that the 1 host address and last host address of your first subnet and second subnet.
Example: 1
CIDR = 26
2
No. of subnets= 2 = 4
6
No. of hosts per subnet= 2 -2 =64-2 =62
CIDR = 17
1
No. of subnets= 2 = 2
15
No. of hosts per subnet= 2 -2
Example: 2
CIDR = 24
8
No. of subnets= 2 = 256
8
No. of hosts per subnet= 2 -2 =256-2 =254
Example: 3
CIDR = 25
9
No. of subnets= 2 = 512
7
No. of hosts per subnet= 2 -2 =126
Example: 1
CIDR = 9
1
No. of subnets= 2 = 2
23
No. of hosts per subnet= 2 -2
Example: 2
CIDR = 16
8
No. of subnets= 2 =256
16
No. of hosts per subnet= 2 -2 =65534
Before starting the VLSM, first understand the below table. This table says that if you want to get a block size of 128, then you
have to ON one extra bit, and to get a block size of 64, you have to ON two extra bits and so on.
Consider the above diagram; here you need a network having capability of at least 60 host addresses between R1 and SW1 and
also need a different network having at least 30 host addresses between R2 and SW2. Similar for networks b/w R3 and SW3, R1
and R2, R2 and R3.
Now suppose ISP gave you a network 192.168.10.0/24 and you have to use IP addresses of this network for your topology. You
cannot use the subnetting, because subnetting will divide the network into subnets with subnet mask of same length so you will
get blocks of same size. But in the above topology, you want a network with block size 64 b/w R1 and SW1 and network of
block size 32 b/w R2 and SW2 and so on. So there is only option is left, that is VLSM.
192.168.10.0 B/w R1 and SW1, you need 60 host addresses. To get 60 host
192.168.10.1 addresses, you need at least block size of 64 and to get a block
192.168.10.2 size of 64, you have to ON 2 extra bits. So total bits will be 26
192.168.10.3 (24bits of first three octets +2 extra bits to get a block size of 64).
192.168.10.4 So network
- b/w R1 and SW1 will be 192.168.10.0/26
-
192.168.10.63
192.168.10.64 B/w R2 and SW2, you need 30 host addresses, so block of size 32
192.168.10.65 will be enough. To get a block size of 32, you have to ON 3 extra
192.168.10.66 bits.
- So total ON bits will be 27(24+3).
- Network will be 192.168.10.64/27
192.168.10.95
192.168.10.96 B/w R3 and SW3, you need 12 host addresses, so block size =16
192.168.10.97 will be enough. So to get a block size of 16, you have to ON 4
192.168.10.98 extra bits. So total ON bits =28.
- Network will be 192.168.10.96/28
-
192.168.10.111
192.168.10.112 B/w R1 and R2, you need 2 host addresses, so block size =4 is
192.168.10.113 enough. So to get a block size of 4, you have to ON 6 extra bits. so
192.168.10.114 total ON bits =30. Network will be
192.168.10.115 192.168.10.112/30
Summarization/Supernetting
Summarization is reverse process of subnetting. In subnetting, you divided one large network into subnets but in
summarization, you will combine small subnets to make large network
Reduce the size of routing table. So that router can analyze the routing table faster.
It will be easy for router to send a summary route rather than individual subnets.
192.168.10.0/30
192.168.10.4/30
192.168.10.8/30
192.168.10.12/30
And you want to make a summarization of above subnets. First you have to understand the subnets. These subnets are
representing the IP addresses from 192.168.10.0 to 192.168.10.15. Now you have total 16 IP addresses, so block size of 16 is
enough and to get a block size of 16, you have to ON 4 extra bits. So you will get a subnet mask of length 28(24+4). And your
network address will be 192.168.10.0
Example: 1
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
rd
Solution: 3 octet is changing (0-3), so block size of 4 is enough. To get a block size of 4 , you have to ON 6 extra bits. So total
st nd
ON bits are 22(16 bits of 1 and 2 octet+6). Network address will be 10.0.0.0
Example: 2
10.0.1.0/24
10.0.2.0/24
10.0.4.0/24
rd
Solution: 3 octet is changing (1-4), in this case, block size of 4 is not enough. In block size of 4, you have numbers from 0 to 3.
So here you will choose a bigger block size than 4, and that will be 8. To get a block size of 8, you have to ON 5 extra bits. So
st nd
total ON bits are 21(16 bits of 1 and 2 octet+5). Network address will be 10.0.0.0 because when you use subnet mask length
21, then it will give you subnets like 10.0.0.0/21, 10.0.8.0/21, 10.0.16.0/21
Questions
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
9. You are working in a data center environment and are assigned the addressing plan to allow the maximum number of
subnets with as many as 30 hosts each. Which IP address range meets these requirements?
A. 10.188.31.0/27
B. 10.188.31.0/26
C. 10.188.31.0/29
D. 10.188.31.0/28
E. 10.188.31.0/25
10. In the implementation of VLSM techniques on a network using a single Class C IP address, which subnet mask is the most
efficient for point-to-point serial links?
11. You have an interface on a router with the IP address of 192.168.192.10/29. Including the router interface, how many hosts
can have IP addresses on the LAN attached to the router interface?
A. 6
B. 8
C. 30
D. 62
E. 126
12. Which configuration command must be in effect to allow the use of 8 subnets if the Class C subnet mask is
255.255.255.224?
A. Router(config)#ip classless
B. Router(config)#ip version 6
C. Router(config)#no ip classful
D. Router(config)#ip unnumbered
E. Router(config)#ip subnet-zero
F. Router(config)#ip all-nets
13. You have a network with a subnet of 172.16.17.0/22. Which is the valid host address?
A. 172.16.17.1-255.255.255.252
B. 172.16.0.1-255.255.240.0
C. 172.16.18.255-255.255.252.0
14. Your organization told you to use the network 192.168.10.0/24 for below diagram but there is condition that you have to
use the subnets with specific hosts according to the diagram. And do not waste the IP addresses.
192.168.10.24/30
192.168.10.28/30
192.168.10.32/30
192.168.10.36/30
Router Basics
Router Components
Think of a router as just like another computer just it is dedicated to its job in networks. So the components of the router are:
Power supply Supplies the power to the router just like we have a power supply in a Computer Cabinet.
Flash Contains IOS the operating system of the router. It is an EEPROM-Electrically Erasable
Programmable Read Only Memory i.e. non-volatile.
Boot ROM It is the ROM of the router just like a motherboard in PC. It contains bootstrap program
which locates and loads the IOS from flash into RAM
RAM It is volatile. Stores the running copy of IOS, running-config
CPU The processor of the router responsible for processing functions of router.
1. Console
You should have the physical access of router for this. This is used more commonly for putting initial configuration on
to the router or switch so that we can access it remotely.
Common use-
– Configuring a device directly, because you are physically located where the device is.
We connect this DB9 connector side to PC’s COM port and the RJ45 side of this cable is put into the console port of
the router.
Terminal emulation software is used to access the router on PC. When connected using console port PC is acting as a
Dumb Terminal, everything you do is being done in real time on the router. There are various terminal emulation
softwares like- HyperTerminal, TeraTerm, Secure CRT, Putty, etc. You can use any software of your choice as terminal
emulator.
As many people nowadays use Laptops and even new computer do not have COM ports, there are DB9 to USB converters
as shown below that can be used if you want to connect console to a computer that doesn’t have DB9 COM port
2. Virtual terminal
There are two options commonly used for virtual terminal-
a) Telnet- This method of configuring is less commonly used in Enterprise networks because the commands you
give to router are sent without encryption i.e. in clear text. So if someone manages to capture the packets, he
will be able to know what you are configuring on the router.
b) SSH- This method is used widely in Enterprise networks. Before sending the commands it encrypts them so even
if packet is captured, the text in them is not understandable.
IOS Basics
1. Getting familiar with the modes
Router>
Switch>
This mode you see here is called User mode. It will allow you to view the state of the router, but will not allow you to modify its
configuration.
Router> enable
Router#
If you give the enable command as shown up here in user mode notice the prompt changes and you move to the privilege
mode. This mode allows administrator to modify some of the configuration of the router or switch.
Router# disable
Router>
If you give the disable command as shown up here in privilege mode, notice the prompt changes and you move back to the
user mode.
Router#configure terminal
Router(config)#
If you give the above shown command in privilege mode you move into global configuration mode. This mode is used
commonly for configuring most of the configurations on router or to go further into other configuration modes like interface
configuration mode.
Router(config)#exit
Router#
If you want to move back to privilege mode use the command as shown.
NOTE: - There are other modes in a router which we will see as we configure routers and switches. Make sure before typing in a
particular command that you are in the appropriate mode otherwise the command will not be executed correctly .
After several lines of information on the screen you should eventually see:
• If you accidentally press “y” and enter Setup Mode, press and hold down the control key and press C (CTRL-C).
Router>
Entering a short command is sufficient in router CLI as long as there is no confusion over the command you are asking for.
For example
Router>en
Router#
As shown above, en is as good as enable because there is no other command in the user mode beginning with en.
You can use Tab key on the keyboard to complete your command in CLI. For example, if tab key is pressed after conf, the
command is completed with the command configure. If tab is pressed after configure t command, it would be completed as
configure terminal.
Router#conf
Router#configure t
Router#configure terminal
Router(config)#
Copyrights Network Bulls 2013-2018
Website NB: www.networkbulls.com || Website NBT: www.networkbulls.org
Placement portal: www.networkbulls.in || Study portal: www.networkbulls.net
Network Bulls
You can use? for help. Like shown below it shows all the command that can be typed in this mode. Here the output has been
omitted to save space.
Router#?
Exec commands:
Router#s?
Router>enable
Router#configure terminal
Router(config)#hostname R1
R1(config)#
4. Banner config
%SYS-5-CONFIG_I: Configured from console by console
R1(config)#banner motd @
NOTICE
THIS IS A PRIVATE NETWORK. DON'T PROCEED FURTHER IF YOU ARE NOT AUTHORISED TO.
@
Copyrights Network Bulls 2013-2018
R1(config)#
Website NB: www.networkbulls.com || Website NBT: www.networkbulls.org
Placement portal: www.networkbulls.in || Study portal: www.networkbulls.net
Network Bulls
Building configuration...
[OK]
R1#
R1(config)#end
R1#disable
R1>en
Password:
R1#
Building configuration...
hostname R1
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#
The first command here moves you into line configuration mode for console port. Then we set cisco as the password. The login
command here enables password checking or you can say that it tells the router to ask for password when someone is trying to
access through console port.
Now again this password is also shown as clear text if someone checks the running-config. So to encrypt all of our clear text
passwords we can use the below mentioned command to encrypt all of our passwords that are shown in clear text like console
password, enable password. To verify this you can use show run after this command.
R1(config)#service password-encryption
9. Configure IP on a router
You can configure IP on some interface of a router. Here first we move in to the interface configuration mode for the interface
fastethernet 0/0 using the first command. There we specify the IP address we want to assign to interface followed by the
subnet mask we intend to use.
R1(config-if)#no shutdown
R1(config-if)#
Now by default the interface is administratively down or in other words the interface has a command shutdown under
interface configuration. To remove any command from a router we can add no in front of that command. So we turn on the
interface by no shutdown. Router can be seen displaying a log message that it was successful in bringing the interface up.
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#
First we move into the line configuration mode for virtual terminal line. Here ‘0 4’ means we are configuring the router for 0 to
4 i.e. a total of five concurrent telnet sessions. A total of 5 people can telnet this router at the same time. Now we configure the
password as cisco for telnet and just like we enabled password checking for console using the login command, we are enabling
password checking for telnet. There are these 3 sub portions of telnet config which should be configured on to the router
before you can access it through-
1. An interface with IP
2. Enable or Enable secret
3. Vty config(which we just did)
Since our router R1 has these all these, lets verify by trying to telnet it.
Our topology looks like this. We haven’t configured anything on the switch.
We just assigned these two hosts IP address so that they can communicate with router. So let’s verify the reach ability to R1
using Ping.
. - means the device timed out while waiting for the reply.
So we need to set values for some variables using the below. Make sure you give these variables as it is. There meaning is quite
self explanatory.
To initiate the process of download of the file from TFTP server use
Router will erase all the registers on the flash and copy the file to flash.
1. Power cycle the device and interrupt the boot sequence by using a combination of the keys ctrl+break. It will take you
to the ROMMON mode
2. Change the configuration register value to 0x2142.
In show version commands output previously you can verify that the configuration register value by default is
0x2102. So if this value is at default the router after copying IOS from flash it during booting copies the startup-config
from NVRAM if present. By setting the value to 0x2142 we are telling the router to bypass the NVRAM during booting,
so the router will start fresh without any config.
3. Power cycle the device. It will boot without any config.
4. Go to privilege mode and do the following
7. Verify its value by using show version. Here the output has been omitted to the part which we are interested in.
TELNET PROTOCOL
The TELNET protocol provides a standardized interface, through which a program on one host (the TELNET client) may
access the resources of another host (the TELNET server) as though the client were a local terminal connected to the
server.
For example, a user on a workstation on a LAN may connect to a host attached to the LAN as if the workstation was a
terminal attached directly to the host. Of course, TELNET may be used across WANs as well as LANs.
TELNET Overview
TELNET is a general protocol, meant to support logging in from almost any type of terminal to almost any type of
computer.
It allows a user at one site to establish a TCP connection to a login server or terminal server at another site.
A TELNET server generally listens on TCP Port 23.
How it works
A user is logged in to the local system, and invokes a TELNET program (the TELNET client) by typing
telnet xxx.xxx.xxx
The TELNET client is started on the local machine (if it isn't already running). That client establishes a TCP connection
with the TELNET server on the destination system
On end devices like Windows PC, we use tracert command which works like traceroute command in Cisco Routers.
In the above diagram we will traceroute from r6 to r3 and check the results.
With the help of traceroute command we figure out the path of the network and the transit networks.
CDP messages are generated every 60 seconds as multicast messages on each of its active interfaces.
The information shared in a CDP packet about a Cisco device includes the following:
CDP allows devices to share basic configuration information without even configuring any protocol specific
information and is enabled by default on all interfaces. CDP is a Data link Protocol occurring at Layer 2 of the OSI
model. CDP is not routable and can only go over to directly connected devices.
CDP is enabled, by default, on all Cisco devices. CDP updates are generated as multicasts every 60 seconds with a
hold-down period of 180 seconds for a missing neighbor. The no cdp run command globally disables CDP, while the
no CDP enable command disables CDP on an interface. Use show CDP neighbors to list out your directly connected
Cisco neighboring devices. Adding the detail parameter will display the layer-3 addressing configured on the
neighbor.
Example:
With cdp neighbors command we get the interface type and platform type of the neighbor. It’s a easy way to find the device
types connected to a device.
IP ROUTING
Routing Protocols
There are three classes of routing protocols:
Distance vector The distance-vector protocols find the best path to a remote network by Judging distance. Each time a packet
goes through a router, that’s called a hop. The route with the least number of hops to the network is determined to be the best
route. The vector indicates the direction to the remote network. Both RIP and IGRP are distance-vector routing protocols. They
send the entire routing table to directly connected neighbors.
Link state In link-state protocols, also called shortest-path-first protocols, the routers each create three separate tables. One of
these tables keeps track of directly attached neighbors, one determines the topology of the entire internetwork, and one is
used as the routing table. Link-state routers know more about the internetwork than any distance vector routing protocol.
OSPF is an IP routing protocol that is completely link state. Link state protocols send updates containing the state of their own
links to all other routers on the network.
Hybrid Hybrid protocols use aspects of both distance vector and link state—for example, EIGRP.
Task 1.1:- Ping Router3 from Router1 and use static route
Solution:
Task2.1: ping from R1 to R4 without using any routing protocol and use default
route
Solution :
Verification:
Here gateway of last resort statement is showing that to reach any network which is not in the routing table, it should use
192.168.12.2 as next hop and forwarded it to R2.
2. Administrative distance
3. Metric
Solution :
R1(config)#router rip
R1(config-router)#network 192.168.12.0
R1(config-router)#exit
R2(config)#router rip
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0
R2(config-router)#exit
R3(config)#router rip
R3(config-router)#network 192.168.23.0
R3(config-router)#network 192.168.34.0
R3(config-router)#exit
R4(config)#router rip
R4(config-router)#network 192.168.34.0
R4(config-router)#exit
Verification:
We can see that R1 is able to ping R4 and the first Ping drop is because of Arp
Here the R in front of the routes shows that we are getting the RIP routes to these networks
And the [120/2] in the line represent the AD(administrative Distance) where as the 2 represent the metric i.e. hop count for RIP
so 192.168.34.0 is 2 hops away from R1.
RIP version 1 performs auto summary by default so if we advertise a class B network’s subnet it will advertise the whole class B
network to which that subnet belongs.
Example:
R1(config)#int l1
R1(config-if)#exit
R1(config)#router rip
R1(config-router)#network 192.168.12.0
R1(config-router)#network 172.16.20.0
R1(config-router)#exit
We have advertised a class B subnet of 172.16.20.0 but RIP version 1 by default will advertise the whole network i.e.
172.16.0.0/16
We can check the RIP database to understand how RIP is doing the summarization With the command
Here we can check that RIP is summarizing every sub network to its class full network
Ping from R1 to R4
Solution:
R1(config-if)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 172.16.12.0
R1(config-router)#exit
R2(config-if)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 172.16.12.0
R2(config-router)#network 192.168.23.0
R2(config-router)#exit
R3(config)#router rip
R3(config-router)#no auto-summary
R3(config-router)#version 2
R3(config-router)#network 192.168.23.0
R3(config-router)#network 172.16.34.0
R3(config-router)#exit
R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#no auto-summary
R4(config-router)#network 172.16.34.0
R4(config-router)#exit
R1 is successfully pinging R4
We can see that this time we are not getting summarized network that is 172.16.0.0/16 but we get another network i.e.
172.16.12.0 and 172.16.34.0
The command
no auto-summary’s behavior is not to automatically summarize the network which is RIP v1’s default behavior but RIP v1 must
be changed to RIP v2
And with this command RIP send and receive only version 2 updates
Whereas by default RIP sends version 1 and receives both version 1 and version 2
In the above diagram we can see that now we can receive only version 2 routes and auto-summarization is disabled.
R2’s f0/0 interface is passive interface i.e. no updates will be sent through this interface but all
the updates will be received. In this example, R2 will get routes from R3 but R3 will not get
routes from R2.
R1(config-router)#version 2
R1(config-router)#network 192.168.12.0
R1(config-router)#no auto-summary
R1(config-router)#exit
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#passive-interface fastethernet0/0
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0
R2(config-router)#network 192.168.24.0
R2(config-router)#no auto-summary
R2(config-router)#exit
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.23.0
R3(config-router)#network 3.0.0.0
R3(config-router)#exit
R4(config)#router rip
R4(config-router)#no auto-summary
R4(config-router)#version 2
R4(config-router)#network 192.168.24.0
R4(config-router)#exit
R4(config)#
Descriptions:
Solution:
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 192.168.12.0
R1(config-router)#network 192.168.14.0
R1(config-router)#exit
R2(config-if)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0
R2(config-router)#exit
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.23.0
R3(config-router)#network 192.168.34.0
R3(config-router)#network 3.0.0.0
R3(config-router)#exit
R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#no auto-summary
R4(config-router)#network 192.168.14.0
R4(config-router)#network 192.168.34.0
R4(config-router)#exit
And you can see that the cost to reach the 3.3.3.3 network is 2 so we are getting equal cost routes toward 3.3.3.3 hence we are
getting equal-cost load balancing.
Ping From R1 to R4
Solution:
R1(config)#router eigrp 10
R1(config-router)#no auto-summary
R1(config-router)#exit
R2(config)#router eigrp 10
R2(config-router)#no auto-summary
R2(config-router)#exit
R3(config-if)#router eigrp 10
R3(config-router)#no auto-summary
R3(config-router)#exit
R3(config)#
R4(config)#router eigrp 10
R4(config-router)#no auto-summary
R4(config-router)#exit
R5(config)#router eigrp 10
R5(config-router)#exit
R6(config)#router eigrp 10
R6(config-router)#no auto-summary
R6(config-router)#exit
Verification:
R5 will be getting R4’s loopback 1 network 4.4.4.4/32 via R3 and R1 And there will be load balancing at R5 because of same
metric at R5.
Configuration:
R1(config)#router eigrp 10
R1(config-router)#network 192.168.12.0
R1(config-router)#network 192.168.15.0
R1(config-router)#no auto-summary
R1(config-router)#exit
R2(config)#router eigrp 10
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0
R2(config-router)#network 192.168.24.0
Copyrights Network Bulls 2013-2018
Website NB: www.networkbulls.com || Website NBT: www.networkbulls.org
Placement portal: www.networkbulls.in || Study portal: www.networkbulls.net
Network Bulls
R2(config-router)#no auto-summary
R2(config-router)#exit
R3(config)#router eigrp 10
R3(config-router)#network 192.168.23.0
R3(config-router)#network 192.168.35.0
R3(config-router)#no auto-summary
R3(config-router)#exit
R4(config)#router eigrp 10
R4(config-router)#network 192.168.24.0
R4(config-router)#no auto-summary
R4(config-router)#exit
R5(config)#router eigrp 10
R5(config-router)#network 192.168.15.0
R5(config-router)#network 192.168.35.0
R5(config-router)#no auto-summary
R5(config-router)#exit
Description:
After all the configuration and neighbor establishment, EIGRP 10 on R5 will install routes it learns from its neighbors.
EIGRP install routes on the bases of the metric and if the metric is same than both routes are used with load-balancing
mechanism.
EIGRP neighbors:
We can see clearly the metric for 4.4.4.4/32 via f0/0 and f0/1 is same and exact because of which we get 2 routes for 4.4.4.4 in
routing table.
R2’s f0/0 interface is passive i.e. it will not send and receive updates through this interface i.e R2 will not have a neighborship
with R3 and they will not exchange routes
CONFIGURATION:
R3(config)#router eigrp 10
R3(config-router)#network 192.168.23.0
R3(config-router)#no auto-summary
R3(config-router)#exit
R2(config)#router eigrp 10
R2(config-router)#network 192.168.23.0
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.24.0
R2(config-router)#no auto-summary
R2(config-router)#passive-interface f0/0
R2(config-router)#exit
R4(config)#router eigrp 10
R4(config-router)#network 192.168.24.0
R4(config-router)#no auto-summary
R4(config-router)#exit
R1(config)#router eigrp 10
R1(config-router)#network 192.168.12.0
R1(config-router)#no auto-summary
R1(config-router)#exit
Description:
EIGRP 10 process on R2 will not for neighborship with R3 due to passive interface configured on R2.
We can clearly see that EIGRP is not working on f0/0 interface but R2 will advertise that network to R4 and R1
Solution:
R1(config)#router eigrp 10
R1(config-router)#variance 2
R1(config-router)#exit
EIGRP performs equal load balancing by default but we can also do unequal load balancing
But for unequal load balancing we will first reduce the bandwidth to 1200 at s1/0
R1(config-if)#router ospf 10
R1(config-router)#exit
R2(config-if)#router ospf 10
R2(config-router)#exit
R3(config-if)#router ospf 10
R3(config-router)#exit
R4(config-if)#router ospf 10
R4(config-router)#exit
Verification:
Lets check OSPF neighborship
Here we don’t have any OSPF route because we have created the neighborship through this network and it is common to all the
routers.
R1(config-if)#exit
R2(config)#int f0/0
R2(config-if)#exit
R4(config)#int f0/0
R4(config-if)#exit
Verification:
By default the Router ID is the highest IP address present in the routing table at the time of OSPF process configuration and
priority by default is 1
R1 is DR because R1 start up first and becomes DR and it will be challenged by R4 or R3 or R2 only if we clear ip ospf process
with command “Clear ip ospf process”
And 255 is the maximum priority value and 0 is the lowest priority
Lets have a look at the R1’s neighbor table after setting priorities
Here R2 will always remain BDR and R1 always remain DR even after we clear process of OSPF because their priorities are
better than R3 an R4
Hence
SWITCHING
Task 1: Interfaces
You have multiple tools to list the status and different parameters of all interfaces on an IOS based switch.
You can also show the configuration of an interface by showing the running-config related to that interface:
interface FastEthernet0/1
Selecting interfaces
Or non-contiguously:
For example, selecting interfaces from 1 to 5, 9 and 17 from the first module, 15 to 21, 25 and 29 from the second module.
You should hard code all essential configurations of interfaces on both sides to avoid mismatch parameters.
speed {auto|10|100|1000}
no shutdown
IP address and default gateway is used to configure switch remotely via telnet or SSH. Without these essential configurations,
you have to connect with switch via console cable each time. That's very tedious as you have to go near to switch each time.
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#interface vlan 1
S1(config-if)#ip address 10.0.0.10 255.0.0.0
S1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S1(config-if)#exit
S1(config)#ip default-gateway 10.0.0.1
You can secure a switch by using passwords to restrict various levels of access. Using passwords and assigning privilege levels
are simple ways of providing both local and remote terminal access control in a network. Passwords can be established on
individual lines, such as the console, and to the privileged EXEC (enable) mode. Passwords are case sensitive. By default there
Copyrights Network Bulls 2013-2018
Website NB: www.networkbulls.com || Website NBT: www.networkbulls.org
Placement portal: www.networkbulls.in || Study portal: www.networkbulls.net
Network Bulls
are five VTY ports on the switch, allowing five simultaneous Telnet sessions, noting that other Cisco devices might have more
than five logical VTY ports. The five total VTY ports are numbered from 0 through 4 and are referred to all at once as line VTY 0
4.
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
S1(config)#line vty 0 4
S1(config-line)#password Menu
S1(config-line)#login
S1(config-line)#exit
S1(config)#
This feature set allows you (among several other options) to disable a port if more than one MAC address is detected as being
connected to the port. This feature is commonly applied to ports that connect security-sensitive devices such as servers. You
can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations
allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with
source addresses outside the group of defined addresses.
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#interface fastEthernet 0/1
S2(config-if)#switchport mode access
S2(config-if)#switchport port-security
S2(config-if)#switchport port-security maximum 1
S2(config-if)#switchport port-security mac-address sticky
S2(config-if)#switchport port-security violation shutdown
S2(config-if)#exit
S2(config)#
On SW1, create 3 VLAN’s. VLAN 10 with the name Sales, VLAN 20 with the name Development, VLAN 30 with the name
Marketing.
Solution:
you can create the VLAN’s by using the vlan number name vlan_name command.
SW1>enable
SW1#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Assign Port Fa0/1 to VLAN 10, assign interface Fa0/2 to VLAN 20 and assign interface Fa0/3 to VLAN 30. Afterward, verify your
configuration.
To configure switchport interfaces in a specific VLAN you will use the switchport access vlan # command in interface
configuration mode. To verify your VLAN configuration you’ll use the show VLAN on a Cisco Catalyst Series switch in user or
privileged mode as shown below on a Catalyst Series switch.
SW1#configure terminal
SW1(config)#interface Fa0/1
SW1(config-if)#switchport access vlan 10
SW1(config-if)#interface Fa0/2
SW1(config-if)#switchport access vlan 20
SW1(config-if)#interface Fa0/3
SW1(config-if)#switchport access vlan 30
SW1(config-if)#end
SW#show vlan
VLAN Name Status Ports
---- ---------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 Sales active Fa0/1
20 Development active Fa0/2
30 Marketing active Fa0/3
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1#
SW1>enable
SW1>configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vlan 10
SW1(config-vlan)#name Management
SW1(config-vlan)#end
SW1#
To complete this objective you first need to create the VLAN interface by going into global configuration and then VLAN
interface configuration mode by using the command interface vlan # Keep in mind that the VLAN interface number is
proportional to the vlan number created. So Interface VLAN 10 is used for VLAN 10 whereas interface VLAN 20 would be used
for VLAN 20.
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface vlan10
SW1(config-if)#ip address 10.1.1.10 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#
SW1(config-if)#interface FastEthernet0/1
SW1(config-if)#switchport access vlan 10
SW1(config-if)#no shut
SW1(config-if)#end
SW1#
By this point you should now be able to ping the IP address of VLAN 10 of Switch from R1 interface f0/0 as shown below;
R1#ping 10.1.1.10
Step 4. – Verify the management VLAN configuration by using R1 to telnet the IP address of VLAN 10 on SW1.
R1#telnet 10.1.1.10
Trying 10.1.1.10 ... Open
Password:
SW1>
To configure an interface as a static trunk you’ll first need to configure the encapsulation type first as an interface whose trunk
encapsulation is “Auto” cannot be configured to “trunk” mode.
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config-if-range)#interface fa0/10
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#no shut
SW1(config-if)#end
SW1#
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config-if-range)#interface fa0/10
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#no shut
SW2(config-if)#end
SW2#
Verify your trunk link configuration by using the show interface FastEthernet0/10 trunk command as shown below on both SW1
and SW2;
You can use trunk links to pass traffic in multiple VLAN’s between multiple switches using a single link.
c3560-Switch1>enable
c3560-Switch1#configure terminal
c3560-Switch1(config)#interface fa0/10
c3560-Switch1(config-if)#switchport trunk encap isl
c3560-Switch1(config-if)#switchport mode trunk
c3560-Switch1(config-if)#end
c3560-Switch1#sh int fa0/10 trunk
Task 9: Configure SW1 as the VTP Server and configure SW2 and SW3 as VTP
Clients. Set the VTP Domain name to CISCO on all three switches.
Configuring the VTP Mode and VTP Domain are done by the use of the vtp mode modetype and the vtp domain domainname as
shown below; Keep in mind when setting the VTP Domain, this must be set prior to the VTP mode if you are setting the VTP
domain on a client switch. If you need to change the VTP domain you must set it to transparent then change the name and/or
password then set the switch back to VTP mode client.
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vtp mode server
Copyrights Network Bulls 2013-2018
Website NB: www.networkbulls.com || Website NBT: www.networkbulls.org
Placement portal: www.networkbulls.in || Study portal: www.networkbulls.net
Network Bulls
Device mode already VTP SERVER.
SW1(config)#vtp domain CISCO
Changing VTP domain name from NULL to CISCO
SW1(config)#
SW2>enable
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#vtp domain CISCO
Domain name already set to CISCO.
SW2(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW2(config)#
SW3>enable
SW3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#vtp domain CISCO
Domain name already set to CISCO.
SW3(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW3(config)#
Configure VLAN 10 with the name Development on the VTP Server and verify that it propagates to SW2 and SW3 properly.
To complete this objective you need to create the VLAN on the VTP Server, which in this case is SW1.
SW1(config)#vlan 10
SW1(config-vlan)#name Development
SW1(config-vlan)#end
SW1#
SW2#show vlan
SW3#show vlan
Task 10: Set the VTP Version to v2 and secure the VTP Domain by using the
password Cisco$123. Verify your configuration
To set the VTP version to v2, you execute the vtp version 2 command on the VTP Server switch, this setting is propagated to all
switches in the VTP domain.
To set the VTP password, use the vtp password Cisco$123 command in global configuration mode as shown below;
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vtp version 2
SW1(config)#vtp password Cisco$123
Setting device VLAN database password to Cisco$123
SW1(config)#end
SW2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#vtp password Cisco$123
Setting device VLAN database password to Cisco$123
SW2(config)#end
SW3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#vtp password Cisco$123
Setting device VLAN database password to Cisco$123
SW3(config)#end
To verify the VTP version mode use the show vtp status command in user or privileged mode as shown below;
Step 1. – Configure a new Sub-Interface on R1 to match the VLAN 20 (Fa0/0.20) and configure the sub-interface to use 802.1q
encapsulation and the Dot1q tag of 20. Configure the sub-interface to use the IP address 10.1.20.1/24.
To create a new sub-interface you’ll use the interface fa0/0.# command in global configuration mode. To enable the sub-
interface to use 802.1q you’ll use the encapsulation dot1q # command whereas # is the dot1q VLAN tag as shown below;
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface fa0/0
R1(config-if)#no shut
R1(config-if)#interface fa0/0.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip add 10.1.20.1 255.255.255.0
R1(config-subif)#exit
R1(config)#
R1(config)#interface fa0/0.30
R1(config-subif)#encapsulation dot1q 30
R1(config-subif)#ip add 10.1.30.1 255.255.255.0
R1(config-subif)#end
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 10.1.20.1 255.255.255.0
end
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 10.1.30.1 255.255.255.0
end
Step 3. – Verify that host1 can ping host2 using R1 as the default-gateway as shown below;
R2#ping 10.1.30.3
SW1>enable
SW1#configure terminal
SW1(config-if)#spanning-tree portfast
%Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode.
SW1(config-if)#end
We can enable port fast feature on a switch by using the global config command as well
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.
SW1(config)#end
SW1#
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning-tree vlan 1 priority 4096
SW1(config-if)#end
Verification command
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 4097
Address 0014.f2d2.4180
Cost 19
Port 13 (FastEthernet0/11)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
We can see that Switch 1 whose mac address 0014.f2d2.4180 has become the Root Bridge
____________________________________________________________________________
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fa0/10
SW1(config-if)#spanning-tree bpduguard enable
SW1(config-if)#end
SW1#
WAN Technologies
WANs connect networks, users and services across a broad geographic area. WANs connect LANs across a wide geographic
area.
WANs and their protocols function at layers 1 and 2 of the OSI model.
The physical Layer components of WANs define electrical and operational connection. Examples V.35, RJ-45,
The Data Link Layer defines WAN protocols that define how data is encapsulated for transmission across the WAN. Examples of
these protocols are frame-relay, ATM, HDLC and PPP.
WAN Devices
The following devices are used for WAN services:
Routers: connect the LAN to the WAN. Routers provide network layer services. They route data from one network to another.
Modems or DSU/CSUs: In analog lines, modems convert analog to digital, Modems modulate and demodulate a signal,
enabling data to be transmitted over telephone lines. In digital lines, data service units/channel service units (DSU/CSU) convert
one form of digital format to another digital format.
WAN networking devices: used in WAN network. These are Frame-relay switch, x.25 operate at the data link layer of the OSI
model.
Serial interfaces are specified as DTE (data terminal equipment) or data communication equipment (DCE). DCE converts user
data into the service provider in other words, DCE provide clocking for the serial link. As example DCE is a CSU/DSU or a serial
interfaces configured for clocking.
WAN Cabling
Several ways exist to carry traffic across the WAN. The implementation depends on distance, speed, and the type of service
required. Connection speeds typically vary from 56 kbps to T1/E1 ( 1.544/2.048 mbps, but can be as high as 10 Gbps)
WAN services area generally leased from service providers on a subscription basis. The following three main types of WAN
connections exist:
Leased-Line: A leased line ( or point-to-point dedicated connection) provides a preeestablished connection through the serivce
provider network (WAN) to a remote network. It provide a reserved connection for the client but are costly.
Circuit-swtched: Circuit switching provides a dedicated circuit path between sender and recevier for the duration of the call. It
is used for basic telephone serivce or ISDN.
Packet-switched: with packet switching, devices transport packets using virtual circuits (VC) that provide end-to-end
connectivity. Packet header identifies the destination. It provides much lower cost.
Configuring HDLC
PPP Provides connections between devices over several types of physical interfaces and ISDN. PPP works with many network
layer protocols, Including IP and IPX. PPP uses Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP).PPP uses a network control protocol (NCP) component to encapsulate multiple protocols and
the Link Control Protocol (LCP) to set up and Negotiate control options on the data link.
Task 2: Partial Map ( HUB and Spoke) on Physical interfaces Static Mapping
Configuration:
Gurgaon
USA
Verification Command:
Commands:
R1 ( config-if )# no shutdown
R2 ( config-if )# no shutdown
Reachability:
Task 4: RIPng
R2 Commands
R3 commands
Task 5: EIGRPv6
R1(config-rtr)# no shutdown
R2(config-rtr)# no shutdown
R3(config-rtr)# no shutdown
ACL
Introduction to Access Lists
An access list is kind of a security feature and it is a sequential collection of permit and deny conditions that apply to your
device. You can make your own list of conditions to control the traffic in your network using access lists. With the right
combination of access lists, network managers arm themselves with the power to enforce nearly any security policy they can
invent.
Filter IP Packets
Packet filtering helps control packet movement through the network. Such control can help limit network traffic and restrict
network use by certain users or devices. To permit or deny packets from crossing specified router interfaces, you can use access
lists.
This section summarizes how to create access lists and how to apply them.
The router checks addresses in the packets against the conditions in an access list one by one. The first match determines
whether the router accepts or rejects the packets. Because the router stops checking conditions after the first match, the order
of the conditions is critical. If no conditions match, the router rejects the packets
In the following example, network 36.0.0.0 is a Class A network whose second octet specifies a subnet; that is, its subnet mask
is 255.255.0.0. The third and fourth octets of a network 36.0.0.0 address specify a particular host. Using access list 2, the router
would accept one address on subnet 48 and reject all others on that subnet. The last line of the list shows that the router would
accept addresses on all other network 36.0.0.0 subnets.
The following access list only allows access for those hosts on the three specified networks. It assumes that subnetting is not
used; the masks apply to the
host portions of the network addresses. Any hosts with a source address that does not match the access list statements will be
rejected.
To specify a large number of individual addresses more easily, you can omit the address mask that is all zeros from the access-
list global configuration
command. Thus, the following two configuration commands are identical in effect:
Named access lists allow you to use names to both create and apply either standard or extended access lists. There is nothing
new or different about these access lists aside from being able to refer to them in a way that makes sense to humans. But there
are some changes in the commands.
For example, you can create the same outbound access list in the form of Named Access List. In the below configuration
example, name of access list is CCNA (you can give any name) and it is a standard access list and it is denying the traffic coming
from 192.168.15.0/24 and permit the rest of traffic.
R1(config-std-nacl)#permit any
R1(config-std-nacl)#exit
Inbound access list in the form of Named Access List (CCNA_2 is the name of access list.)
R1(config-ext-nacl)#exit
Suppose you want to apply the CCNA_2 access list on every weekdays in office hours (9:00am to 6:00pm)
Copyrights Network Bulls 2013-2018
Website NB: www.networkbulls.com || Website NBT: www.networkbulls.org
Placement portal: www.networkbulls.in || Study portal: www.networkbulls.net
Network Bulls
First create the Time-range using below configuration-
R1(config)#time-range CCNA2_time
R1(config-time-range)#exit
R1(config)#^Z
After creating the time-ranges for access-list, apply it on the access-lists using below configuration
R1(config-ext-nacl)#exit
R1#show time-range
Verification command:
Show ip access-list
Or
Show access-list
The system counts how many packets pass each line of an access list; the counters are displayed by the show access-lists
command. You can clear the counters of an access list by performing the following task in EXEC mode.
Makesure you use the most specific wildcard for all your access-lists.
Youare only allowed to use standard access-lists.
Configureyour network so traffic from router R1 L1 interface can't reach Loopback1 of R3
Configure your network so trafficfrom router R3 L2 interface can't reach Loopback2 of R1
Solution:
R1
interface FastEthernet0/1
ip access-group 2 in
no shut
R3
interface FastEthernet0/1
ip access-group 5 in
Make sure you use the most specific wildcard for all your access-lists.
You are only allowed to use extended access-lists.
Configure your network so traffic from router R1 L1 interface can't ping Loopback of R3
traffic from router R3 L1 interface should not be able to access port 80 of Loopback of R1
Solution:
R1
interface FastEthernet0/1
ip access-group 100 in
no shut
R3
interface FastEthernet0/1
ip access-group 105 in
Configure router R2 so users are unable to access the HTTP server 2.2.2.2 on weekdays between 9:00 - 17:00
Solution
R2
time-range TIME
access-list 100 deny tcp 192.168.12.0 0.0.0.255 host 2.2.2.2 eq www time-range TIME
interface FastEthernet0/0
ip access-group 100 in
no sh
exit
NAT
Why we need NAT
With the explosion of the Internet and the increase in home networks and business networks, the number of available IP
addresses is simply not enough. The obvious solution is to redesign the address format to allow for more possible addresses.
This is being developed (IPv6) but will take several years to implement because it requires modification of the entire
infrastructure of the Internet. That’s why we need NAT. NAT will not provide a long term solution but it will be fine for short
term. There are some more features like security and administration that we can get using NAT in our network.
Introduction
Network Address Translation allows a single device, such as a router, to act as agent between the Internet (or "public network")
and a local (or "private") network so that it can translate the traffic coming into and leaving the private network.
The internal network is usually a LAN (Local Area Network), commonly referred to as the stub domain. In above network,
NETWORKBULLS CORPORATION is a stub domain. A stub domain is a LAN that uses private IP addresses internally. Most of the
network traffic in a stub domain is local; it doesn't travel off the internal network. Of course, any computers that use private IP
addresses must use Network Address Translation to communicate with the rest of the world.
NAT can be configured in various ways.
In the example below the NAT router is configured to translate private IP addresses (inside local addresses) that reside on the
private (inside) network to public IP addresses. This happens whenever a device on the inside with a private address needs to
communicate with the public (outside) network.
IP addresses have different designations based on whether they are on the private network (stub domain) or on the public
network (Internet) and whether the traffic is incoming or outgoing:
Static NAT - mapping a private IP address to a public IP address on a one−to−one basis. It is particularly useful when a device
needs to be accessible from outside the network. For example, private address of server (192.168.10.1) can be translated into
single public address, so that it can be accessed from outside.
Dynamic NAT _ Maps a private IP address to a public IP address from a group of public IP addresses. Dynamic NAT also
establishes a one−to−one mapping between private and public IP address, but the mapping could vary depending on the public
address available in the pool, at the time of communication. For example, private addresses (192.168.10.2 -192.168.10.5) of
Marketing, IT, Sale and Finance departments can be translated into different public addresses using a pool of public addresses
(55.0.0.1 -55.0.0.54).
Overloading _ A form of dynamic NAT that maps multiple private IP addresses to a single public IP address by using different
ports. Known also as PAT (Port Address Translation), single address NAT or port−level multiplexed NAT.
In overloading, each computer on the private network (192.168.10.2 -192.168.10.5) is translated to the same IP address
(55.0.0.1) but with a different port number assignment.
Solution:
R2.
interface FastEthernet0/0
ip nat inside
no sh
interface FastEthernet1/0
ip nat outside
Solution:
interface FastEthernet0/0
ip nat inside
no sh
exit
ip nat inside
no sh
exit
interface FastEthernet2/0
ip nat outside
no sh
exit
Solution:
interface FastEthernet0/0
ip nat outside
no sh
interface FastEthernet1/0
ip nat inside
no sh