CCNA (RS) An Overview-Lab Manual2

PTCL Academy
Sector H-9/4, Islamabad

CCNA Training Lab Manual
CCNA Training
Lab Manual-2
Compiled by Nasir Majeed Senior Manager Certification PTCL Academy Islamabad April 2019 1
PTCL Academy
1- Basic Switch Configuration- LAB
Switch#configure terminal
Switch(config)#hostname ALSwitch
ALSwitch(config)#exit
ALSwitch(config)#line console 0
ALSwitch(config-line)#password cisco
ALSwitch(config-line)#login
ALSwitch(config-line)#exit
ALSwitch(config)#line vty 0 15
ALSwitch(config-line)#password cisco
ALSwitch(config-line)#login
ALSwitch(config-line)#exit
ALSwitch(config)#enable secret class
ALSwitch(config)#interface VLAN 1
ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0
ALSwitch(config-if)#exit
ALSwitch#show interface VLAN 1
ALSwitch(config)#interface VLAN 1
ALSwitch(config-if)#no shutdown
ALSwitch(config-if)#exit
ALSwitch(config)#ip default-gateway 192.168.1.1
ALSwitch(config)#exit
ALSwitch#copy running-config startup-config
ALSwitch#show startup-config
S1#show mac-address-table
ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 1

S1(config)#interface fastethernet 0/4
S1(config-if)#switchport mode access

S1(config-if)#switchport port-security
PTCL Academy
S1(config-if)#switchport port-security maximum 1

S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security violation shutdown
S1(config-if)#exit
S1#show running-config
S1#show interface fastethernet 0/4
S1(config)#interface fastethernet 0/4

S1(config-if)# shutdown
S1(config-if)# no shutdown
S1(config-if)#exit
PTCL Academy
2- VLANs-VTP-STP-Inter-VLAN Routing- LAB
PTCL Academy
PTCL Academy
S1#show vlan
Disable all ports by using the shutdown command.

S1(config)#interface range fa0/1-24
S1(config-if-range)#shutdown
S1(config-if-range)#interface range gi0/1-2


PTCL Academy
Re-enable the active user ports on S2 in access mode

S2(config)# interface range fastEthernet 0/6, fastEthernet 0/7
S2(config-if-range)#switchport mode access
S2(config-if-range)#no shutdown
S2(config)# interface fastEthernet 0/11, fastEthernet 0/12

S2(config)# interface fastEthernet 0/18, fastEthernet 0/19

S2#show interfaces fastEthernet 0/6 switchport

Configure VTP on the three switches using the following

S1 Server Lab6 cisco
S2 Client Lab6 cisco
S3 Client Lab6 cisco
S1(config)#vtp mode server

S1(config)#vtp domain Lab6
S1(config)#vtp password cisco
S2(config)#vtp mode client

S3(config)#vtp mode client

S1#show vtp status

S2#show vtp status
S3#show vtp status
Configure trunking ports and designate the native VLAN

S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 99
S2(config)# interface range fa0/1-4

S3(config)# interface range fa0/1-4
PTCL Academy


Configure VLANs on the VTP server

VLAN 99 management
VLAN 10 faculty-staff
VLAN 20 students
VLAN 30 guest
S1(config)#vlan 99
S1(config-vlan)#name management
S1(config)#vlan 10
S1(config-vlan)#name faculty-staff
S1(config)#vlan 20
S1(config-vlan)#name students
S1(config)#vlan 30
S1(config-vlan)#name guest
S1# show vlan brief

S2# show vlan brief
S3# show vlan brief
Configure the management interface address on all switches

S1(config)#interface vlan 99
S1(config-if)#ip address 192.168.99.11 255.255.255.0
S1(config-if)#no shutdown
S1#ping 192.168.99.12
S1#ping 192.168.99.13
S2#ping 192.168.99.11
S2#ping 192.168.99.13
S3#ping 192.168.99.11
S3#ping 192.168.99.12
Assign switch ports to VLANs on S2

PTCL Academy
S2(config-if-range)#switchport access vlan 30
S2(config-if-range)#interface range fa0/11-17

S2(config-if-range)#interface range fa0/18-24

S2(config-if-range)#end
S2#copy running-config startup-config
PC1>ping 192.168.20.22
PC2>ping 192.168.30.23
Configure the trunking interface on R1 Router

R1(config)#interface fastethernet 0/1
R1(config-if)# description R1 interface connected to VLANs
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastethernet 0/1.1
R1(config-subif)#encapsulation dot1q 1
R1(config-subif)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#interface fastethernet 0/1.10
R1(config-subif)#encapsulation dot1q 99 native
S1(config)#interface fa 0/5
S1(config-if)#switchport mode trunk
Configure the server LAN interface on R1

R1(config)# interface FastEthernet0/0
R1(config-if)#ip address 192.168.50.1 255.255.255.0
R1(config-if)#description R1 interface connected to the Server
R1(config-if)#no shutdown
R1(config-if)#end
R1#show ip route
PC1>ping 192.168.20.22
PC1>ping 192.168.30.23
PTCL Academy
PC1>ping 192.168.50.254
PTCL Academy
3- ACLs- LAB
Perform Basic Router Configurations

Configure the R1, R2, R3, S1, S2, and S3 routers and switches according to the following guidelines:
• Configure the router hostname to match the topology diagram.
• Disable DNS lookup.
PTCL Academy
• Configure an EXEC mode password of class.

• Configure a message-of-the-day banner.
• Configure a password of cisco for console connections.
• Configure a password for VTY connections.
• Configure IP addresses and masks on all devices.
• Enable OSPF area 0 on all routers for all networks.
• Configure a loopback interface on R2 to simulate the ISP.
• Configure IP addresses for the VLAN 1 interface on each switch.
• Configure each switch with the appropriate default gateway.
• Verify full IP connectivity using the ping command.
Configuring a Standard ACL

Step 1: Create the ACL on router R3.
R3(config)#ip access-list standard STND-1
R3(config-std-nacl)#deny 192.168.11.0 0.0.0.255 log
R3(config-std-nacl)#permit any
Step 2: Apply the ACL.

R3(config)#interface serial 0/0/1
R3(config-if)#ip access-group STND-1 in
R3(config-if)#end
R3#copy run start
Step 3: Test the ACL.

Test the ACL by pinging from PC2 to PC3. Since the ACL is designed to block traffic with source addresses from
the 192.168.11.0/24 network, PC2 (192.168.11.10) should not be able to ping PC3.
Configuring an Extended ACL

Step 1: Configure a named extended ACL.
R1(config)#ip access-list extended EXTEND-1
R1(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 host 209.165.200.225
R1(config-ext-nacl)#permit ip any any

R1(config-if)#ip access-group EXTEND-1 out log
R1(config-if)#end
R1#copy run start
Step 3: Test the ACL.

From PC1, ping the loopback interface on R2. These pings should fail, because all traffic from the
192.168.10.0/24 network is filtered when the destination is 209.165.200.225. If the destination is any other
address, the pings should succeed. Confirm this by pinging R3 from the 192.168.10.0/24 network device.
Control Access to the VTY Lines with a Standard ACL

Step 1: Configure the ACL.
R2(config)#ip access-list standard TASK-5
R2(config-std-nacl)#permit 10.2.2.0 0.0.0.3
PTCL Academy
R2(config-std-nacl)#permit 192.168.30.0 0.0.0.255

R2(config)#line vty 0 4
R2(config-line)#access-class TASK-5 in
R2(config-line)#end
R2#copy run start
Step 3: Test the ACL

Telnet to R2 from R1. Note that R1 does not have IP addresses in the address range listed in the ACL TASK-5
permit statements. Connection attempts should fail.
R1# telnet 10.1.1.2
Trying 10.1.1.2 …
% Connection refused by remote host
From R3, telnet to R2. You will be presented with a prompt for the VTY line password.
R3# telnet 10.1.1.2
Trying 10.1.1.2 … Open
User Access Verification
Password:
PTCL Academy
4- DHCP-NAT-PAT- LAB
PTCL Academy
Perform Basic Router Configurations

Configure the R1, R2, and ISP routers according to the following guidelines:
• Configure the device hostname.

• Configure a privileged EXEC mode password.
• Configure a password for the console connections.
• Configure a password for all vty connections.
• Configure IP addresses on all routers. The PCs receive IP addressing from DHCP later in the lab.
• Enable OSPF with process ID 1 on R1 and R2. Do not advertise the 209.165.200.224/27
Configure PC1 and PC2 to receive an IP address through DHCP
PTCL Academy
• On a Windows PC go to Start -> Control Panel -> Network Connections -> Local Area Connection. Right
mouse click on the Local Area Connection and select Properties.
• Scroll down and highlight Internet Protocol (TCP/IP). Click on the Properties button.
• Make sure the button is selected that says Obtain an IP address automatically.
Enable OSPF with process ID 1 on R1 and R2. Do not advertise the

209.165.200.224/27
R1(config)#router ospf 1
R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
R1(config-router)# network 192.168.10.0 0.0.0.255 area 0
R2(config)# router ospf 1

Configure a Cisco IOS DHCP Server on R2

Exclude statically assigned addresses
R2(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10
R2(config)#ip dhcp excluded-address 192.168.11.1 192.168.11.10
Configure the pool

R2(config)#ip dhcp pool R1Fa0/0
R2(dhcp-config)#network 192.168.10.0 255.255.255.0
R2(dhcp-config)#dns-server 192.168.11.5
R2(dhcp-config)#default-router 192.168.10.1
R2(config)#ip dhcp pool R1Fa0/1

R2(dhcp-config)#network 192.168.11.0 255.255.255.0
R2(dhcp-config)#dns-server 192.168.11.5
R2(dhcp-config)#default-router 192.168.11.1
Test DHCP
On PC1 and PC2 test whether each has received an IP address automatically. On each PC go to Start ->
Run -> cmd -> ipconfig
Configure a helper address

R1(config)#interface fa0/0
R1(config-if)#ip helper-address 10.1.1.2
R1(config)#interface fa0/1
R1(config-if)#ip helper-address 10.1.1.2
Test DHCP
PTCL Academy
On PC1 and PC2 test whether each has received an IP address automatically. On each PC go to Start ->
Run -> cmd -> ipconfig
Verify the DHCP configuration

R2#show ip dhcp binding
Configure Static Route on ISP Router

ISP(config)#ip route 209.165.200.240 255.255.255.240 serial 0/0/1
Configure Default Route on R2 Router

R2(config)#ip route 0.0.0.0 0.0.0.0 209.165.200.226
R2(config-router)#default-information originate
Configure Dynamic NAT with a Pool of Addresses

Define a pool of global addresses
R2(config)#ip nat pool MY-NAT-POOL 209.165.200.241 209.165.200.246 netmask 255.255.255.248
Create an ACL to identify which inside addresses are translated

R2(config)#ip access-list extended NAT
R2(config-ext-nacl)#permit ip 192.168.10.0 0.0.0.255 any
R2(config-ext-nacl)#permit ip 192.168.11.0 0.0.0.255 any
Establish dynamic source translation by binding the pool with the ACL
R2(config)#ip nat inside source list NAT pool MY-NAT-POOL
Specify inside and outside NAT interfaces

R2(config-if)#ip nat inside
R2(config-if)#ip nat outside
R2#show ip nat translations

R2#show ip nat statistics
Test Dynamic NAT with a Pool of Addresses

PC1>ping PC2 IP
PC1>ping 192.168.20.254
PC1>ping 209.165.200.226
PC2>ping PC1 IP
PC2>ping 192.168.20.254
PC2>ping 209.165.200.226
Configure Static NAT

Statically map a public IP address to a private IP address
PTCL Academy
R2(config)#ip nat inside source static 192.168.20.254 209.165.200.254
Specify inside and outside NAT interfaces

R2(config-if)#ip nat outside
R2(config-if)#interface fa0/0
R2(config-if)#ip nat inside
Verify the static NAT configuration

From ISP, ping the public IP address 209.165.200.254
Configure NAT Overload

Remove the NAT pool and mapping statement
R2(config)#no ip nat inside source list NAT pool MY-NAT-POOL
R2(config)#no ip nat pool MY-NAT-POOL 209.165.200.241 209.165.200.246 netmask 255.255.255.248
Configure PAT on R2 using the serial 0/0/1 interface public IP address

R2(config)#ip nat inside source list NAT interface S0/0/1 overload
Verify the configuration

R2#show ip nat translations
Note: In the previous task, you could have added the keyword overload to the ip nat inside source list
NAT pool MY-NAT-POOL
PTCL Academy
5- PPP- LAB
Perform Basic Router Configuration on R1, R2, and R3.

•Configure the router hostname.
• Configure an EXEC mode password.
• Configure a password for console connections.
• Configure synchronous logging.
• Configure a password for vty connections.
Perform Basic Router Configuration

• Configure interfaces on R1, R2, and R3
• Verify IP addressing and interfaces.
PTCL Academy
Use the show ip interface brief command to verify that the IP addressing is correct and that the interfaces
are active
• Configure the Ethernet interfaces of PC1 and PC3
• Test the configuration by pinging the default gateway from the PC
Configure OSPF on the Routers

Verify that you have full network connectivity

R1#show ip route
R1#ping 192.168.30.1
R2#show ip route
R2#ping 192.168.30.1
R2#ping 192.168.10.1
R3#show ip route
R3#ping 209.165.200.225
R3#ping 192.168.10.1
Configure PPP Encapsulation on Serial Interfaces

Use the show interface command to check whether HDLC is the default serial encapsulation
R1#show interface serial0/0/0
R2#show interface serial 0/0/0
Use debug commands on R1 and R2 to see the effects of configuring PPP
R1#debug ppp negotiation
R1#debug ppp packet
R2#debug ppp negotiation
R2#debug ppp packet
Change the encapsulation of the serial interfaces from HDLC to PPP

R1(config-if)#encapsulation ppp
Turn off debugging
R1#undebug all
R2#undebug all
PTCL Academy
Configure PPP Authentication

Configure PPP PAP authentication on the serial link between R1 and R2: Password don’t needs to be the
same on both routers
R1(config)#username R2 password cisco456 (R2’s username and password)
R1(config)#int s0/0/0
R1(config-if)#ppp authentication pap
R1(config-if)#ppp pap sent-username R1 password cisco123
R2(config)#interface Serial0/0/0
R2(config-if)#ppp authentication pap
R2(config-if)#ppp pap sent-username R2 password cisco456
Configure PPP Authentication

Configure PPP CHAP authentication on the serial link between R2 and R3: Password needs to be the
same on both routers
R2(config-if)#ppp authentication chap
R3#debug ppp authentication
R3(config)#username R2 password cisco456(R2’s username and password)
R3(config-if)#ppp authentication chap

CCNA (RS) An Overview-Lab Manual2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNA (RS) An Overview-Lab Manual2

Uploaded by

Copyright:

Available Formats

PTCL Academy

Sector H-9/4, Islamabad

1- Basic Switch Configuration- LAB

ALSwitch#show interface VLAN 1

ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 1

S1(config-if)#switchport mode access

S1(config-if)#switchport port-security maximum 1

S1(config)#interface fastethernet 0/4

2- VLANs-VTP-STP-Inter-VLAN Routing- LAB

Disable all ports by using the shutdown command.

S2(config)#interface range fa0/1-24

S3(config)#interface range fa0/1-24

Re-enable the active user ports on S2 in access mode

S2(config)# interface fastEthernet 0/11, fastEthernet 0/12

S2(config)# interface fastEthernet 0/18, fastEthernet 0/19

S2#show interfaces fastEthernet 0/6 switchport

Configure VTP on the three switches using the following

S1(config)#vtp mode server

S2(config)#vtp mode client

S3(config)#vtp mode client

S1#show vtp status

Configure trunking ports and designate the native VLAN

S2(config)# interface range fa0/1-4

S3(config)# interface range fa0/1-4

S3(config-if-range)#switchport mode trunk

S1#show interfaces fastEthernet 0/1 switchport

Configure VLANs on the VTP server

S1# show vlan brief

Configure the management interface address on all switches

Assign switch ports to VLANs on S2

S2(config-if-range)#switchport access vlan 30

S2(config-if-range)#interface range fa0/11-17

S2(config-if-range)#interface range fa0/18-24

S2#copy running-config startup-config

Configure the trunking interface on R1 Router

Configure the server LAN interface on R1

Perform Basic Router Configurations

• Configure an EXEC mode password of class.

Configuring a Standard ACL

Step 2: Apply the ACL.

Step 3: Test the ACL.

Configuring an Extended ACL

Step 2: Apply the ACL.

Step 3: Test the ACL.

Control Access to the VTY Lines with a Standard ACL

R2(config-std-nacl)#permit 192.168.30.0 0.0.0.255

Step 2: Apply the ACL.

Step 3: Test the ACL

Perform Basic Router Configurations

• Configure the device hostname.

Configure PC1 and PC2 to receive an IP address through DHCP

Enable OSPF with process ID 1 on R1 and R2. Do not advertise the

R2(config)# router ospf 1

Configure a Cisco IOS DHCP Server on R2

Configure the pool

R2(config)#ip dhcp pool R1Fa0/1

Configure a helper address

Verify the DHCP configuration

Configure Static Route on ISP Router

Configure Default Route on R2 Router

Configure Dynamic NAT with a Pool of Addresses

Create an ACL to identify which inside addresses are translated

Specify inside and outside NAT interfaces

R2#show ip nat translations