Professional Documents
Culture Documents
0 labs
Packet Tracer 8.0.0 supports labs created in previous Packet Tracer versions 7.3, 7.2, 7.1.
However, the files created in Packet Tracer 8.0.0 are not backward compatible with previous
versions. Please download the latest Cisco Packet Tracer 8.0.0 on Cisco Netacad before using
our labs.
All activities included in the new CCNA v7.02 curricula are fully compatible with Packet Tracer
8.0.0. CCNA v7 students should continue to use Packet Tracer 7.3.1. It is highly
recommended for CCNA Routing & Switching (v6), CCNA Discovery, CCNA Exploration, CCNA
Security students to stay with Packet Tracer 7.2.2 as they could encounter a warning
messages in Packet Tracer 8.0.0.
Coming
Lab 5 : Troubleshooting
soon
Coming
Lab 8 : RIP v2
soon
Coming
Lab 9 : Troubleshooting
soon
Lab 11 : HDLC
1
Lab 12 : PPP
Source: https://www.packettracernetwork.com/labs/packettracerlabs.html
2
Lab 1 : Basic switch setup
Introduction
A new switch just purchased from Cisco contains no default configuration. You need to
configure the switch with setup mode or from scratch using the command line interface (CLI)
before connecting it in your network environment.
As a Cisco certified professional (CCENT or CCNA), it is very important to know the basic
Cisco switch configuration commands to improve the performances and the security of the
enterprise network.
Network diagram
Lab instructions
This lab will test your ability to configure basic settings such as hostname, motd banner,
encrypted passwords, and terminal options on a Cisco Catalyst 2960 switch simulated in
Packet Tracer 7.2.1.
1. Use the local laptop connect to the switch console and configure the laptop with the
right parameters for console access to the Cisco 2960 Catalyst switch
4. Configure the password for privileged mode access as "cisco". The password must be
md5 encrypted
3
5. Configure password encryption on the switch using the global configuration command
7. Configure the IP address of the switch as 192.168.1.2/24 and it's default gateway IP
(192.168.1.1).
8. Test telnet connectivity from the Remote Laptop using the telnet client.
Lab solution
Configure Switch hostname as LOCAL-SWITCH
Switch(config)#hostname LOCAL-SWITCH
Switch(config)#banner motd #
Unauthorized access is forbidden#
4
Configure the password for privileged mode access as "cisco". The password
must be md5 encrypted
Switch(config)#service password-encryption
Switch(config)#line con 0
Switch(config-line)#password ciscoconsole
Switch(config-line)#logging synchronous
Switch(config-line)#login
Switch(config-line)#history size 15
Switch(config-line)#exec-timeout 6 45
Switch(config)#line vty 0 15
Switch(config-line)#exec-timeout 8 20
Switch(config-line)#password ciscotelnet
Switch(config-line)#logging synchronous
Switch(config-line)#login
Switch(config-line)#history size 15
Switch(config)#interface Vlan1
Switch(config-if)#ip address 192.168.1.2 255.255.255.0
Switch(config-if)#ip default-gateway 192.168.1.1
Source: https://www.packettracernetwork.com/labs/lab1-basicswitchsetup.html
5
Lab 2 : Interfaces configuration
Network diagram
This lab will test your ability to configure speed, duplex, and vlan settings on the network
interfaces of a Catalyst 2960 switch using Cisco Packet Tracer 7.2.1.
Lab instructions
1. Connect to Switch0 using console interface and configure each Switch0 fastethernet
switchport for operation.
4. Configure those two links as trunk lines without using trunk negotiation between
switches
Lab Solution
1. Connect to Switch0 using console interface and configure each Switch0
fastethernet switchport for operation.
Switch(config)#interface FastEthernet0/1
Switch(config)#interface FastEthernet0/2
Switch(config-if)#switchport mode access
Switch(config-if)#duplex full
Switch(config-if)#speed 100
Switch(config)#interface FastEthernet0/3
Switch(config-if)#switchport mode access
Switch(config-if)#duplex full
Switch(config-if)#speed 100
Switch(config)#interface FastEthernet0/4
Switch(config-if)#switchport mode access
Switch(config-if)#duplex full
7
Switch(config-if)#speed 100
2. PC "192.168.1.4" seems to be unable to ping other PCs in the network. Check
switch configuration.
Switch(config)#interface FastEthernet0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 1
Crossover network cable have to be used to connect two network of the same type together
(two network switches, two routers, two PC). Crossed wiring inside the crossover
cable connects the transmit PIN at one end of the cable to the receive PIN at the other end.
8
4. Configure those two links as trunk lines without using trunk negotiation
between switches
On every interface that has to be configured for trunk operation, configure the following
settings :
Switch(config)#interface GigabitEthernet0/1
Switch(config-if)#switchport mode trunk
Name: Gig0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
9
Port Vlans in spanning tree forwarding state and not pruned
Gig0/1 1
Source: https://www.packettracernetwork.com/labs/lab2-switchinterfacesconfig.html
10
Lab 3 : VLAN and VTP
Network diagram
The aim of this lab is to test your ability to configure VLAN and VTP on a small network of 4
switches using Packet Tracer 7.2.1.
This lab will help you to prepare the VTP testlet and simlet questions of the Cisco
ICND1 exam.
Lab instructions
1.Configure the VTP-SERVER switch as a VTP server
4.Configure VLAN 10 with name "STUDENTS" and VLAN 50 with name "SERVERS"
Lab solution
1. Configure VTP domain name as "TESTDOMAIN" and VTP password as "cisco"
11
VTP-SERVER(config)#vtp domain TESTDOMAIN
VTP-SERVER(config)#vtp password cisco
On each VTP client switch :
3. Connect to the 3 other Catalyst switches and configure them as VTP clients.
All links between swiches must be configured as trunk lines.
Verify the VTP operating mode of the switch using the show vtp status command. The
"VTP Operating Mode" shoud have the "Client" value. Example with VTP-CLIENT3 switch is
provided below.
12
VTP-CLIENT3#sh vtp status
VTP Version : 2
Configuration Revision : 4
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Client
VTP Domain Name : TESTDOMAIN
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xAE 0x4F 0x3F 0xC5 0xD3 0x41 0x9C 0x11
Configuration last modified by 192.168.1.1 at 3-1-93 00:27:41
Configure each link between switches as a trunk line using the switchport mode
trunk command
interface GigabitEthernet1/1
switchport mode trunk
interface GigabitEthernet1/2
switchport mode trunk
On the VTP server Catalyst 2960 switch, configure the following commands to create both
"STUDENTS" and "SERVERS" vlans :
VTP-SERVER(config)#vlan 10
VTP-SERVER(config-vlan)#name STUDENTS
VTP-SERVER(config)#vlan 50
VTP-SERVER(config-vlan)#name SERVERS
13
Use the show vlan brief on each switch to check propagation of the 2 VLANS.
Source: https://www.packettracernetwork.com/labs/lab3-vlanvtpconfig.html
14
Lab 4 : Port security
Introduction
A growing challenge for network administrators is to be able to control who is allowed - and
who isn't - to access the organization's internal network. This access control is mandatory for
critical infrastructure protection in your network. It is not on public parts of the network
where guest users should be able to connect.
Port security is a feature implemented in Cisco Catalyst switches which helps network
engineers in implementing network security on network boundaries.
In its most basic form, the Port Security feature remembers the MAC address of the device
connected to the switch edge port and allows only that MAC address to be active on that
port. If any other MAC address is detected on that port, port security feature shutdown the
switch port.
The switch can be configured to send a SNMP trap to a network monitoring solution to alert
that a port is disabled for security reasons.
Network diagram
Lab instructions
This lab will test your ability to configure port security on CiscoTM 2960 switch interfaces.
1. Configure port security on interface Fa 0/1 of the switch with the following settings :
15
- Port security enabled
- Mode : restrict
2. Configure port security on interface Fa 0/2 of the switch with the following settings :
- Mode : shutdown
3. Configure port security on interface Fa 0/3 of the switch with the following settings :
- Mode : protect
4. From LAPTOP 1 :
Lab Solution
Interface FastEthernet 0/1 configuration - Restrict mode
The port-security restrict mode drops packets with unknown source addresses until you
remove a sufficient number of secure MAC addresses to drop below the maximum value and
causes the SecurityViolation counter to increment.
Port security with sticky MAC addresses provides many of the same benefits as port
security with static MAC addresses, but sticky MAC addresses can be learned
16
dynamically. Port security with sticky MAC addresses retains dynamically learned MAC
addresses during a link-down condition.
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security maximum 3
switchport port-security mac-address sticky
switchport port-security violation restrict
When the rogue laptop is connected to the hub and tries to communicate with 192.168.1.4,
the number of mac-addresses learned ont the fastethernet 0/1 interface exceeds 3. The
interface drops traffic with the new mac-address (not learned by the switch because 3 mac
addresses have already been registered on the fa0/1 interface) and increases the security
viloation counter based on the 'restrict' port-security configuration of the interface.
Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
--------------------------------------------------------------------
Fa0/1 3 3 5 Restrict
Fa0/2 3 1 0 Shutdown
Fa0/3 1 1 0 Protect
----------------------------------------------------------------------
interface FastEthernet0/2
switchport mode access
switchport voice vlan 20
switchport port-security
switchport port-security maximum 3
switchport port-security mac-address sticky
17
switchport port-security violation shutdown
interface FastEthernet0/3
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address 00E0.A3CE.3236
Note that to delete the MAC address from the address table, we use
18
Lab 6 : Basic router setup
Introduction
At the first boot of a Cisco ISR router, some basic configuration has to be performed to secure
adminitrative access to the router. This lab will test your ability to configure the basic security
settngs of a Cisco ISR router and help you to get ready for the router configuration simulation
activities in the CCENT / ICND1 certification exam (Chapter 5.0 Infrastructure
Maintenance of Cisco Certified Entry Networking Technician (CCENT) exam)
Network diagram
Lab instructions
The aim of this lab is to test your ability to perform a basic router setup. You have 15 minutes
to complete this simulation.
1. Configure the LAPTOP terminal software with the right console parameters.
Lab solution
1. Configure the laptop terminal software
The terminal software in not correctly configured on the laptop. You have to change the
settings to 9600 / 8 / None / 1 to connect to the router's console. Remerber this tip as it
19
could help you answer CCENT questions or achieve CCENT simlet.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname GATEWAY
The enable secret <password> command stores a MD5 hash of the password required
for privileged mode access. The enable secret password of a Cisco ISR router is used for
restricting access to enable mode and to the global configuration mode (configure terminal)
of a router.
20
GATEWAY(config)#enable secret cisco
GATEWAY(config)#service password-encryption
Console access is protected by the 'cisco' password and login is required at console access.
The exec-timeout command automatically logs off user from console after defined
inactivity period (2'45'' in this lab)
GATEWAY(config)#line console 0
GATEWAY(config-line)#password cisco
GATEWAY(config-line)#login
GATEWAY(config-line)#logging synchronous
GATEWAY(config-line)#exec-timeout 2 45
GATEWAY(config-line)#history size 10
Video tutorial
https://youtu.be/J9ZTDLf01UE
Source: https://www.packettracernetwork.com/labs/lab6-basicroutersetup.html
21
Lab 11 : HDLC configuration
Introduction
HDLC (High-Level Data Link Control) is a data link protocol used on synchronous serial data
links. Because the standardized HDLC cannot support multiple protocols on a single link (lack
of a mechanism to indicate which protocol is carried), Cisco developped a proprietary version
of HDLC, called cHDLC, with a proprietary field acting as a protocol field. This field makes it
possible for a single serial link to accommodate multiple network-layer protocols.
Cisco’s HDLC is a point-to-point protocol that can only be used on serial links or leased lines
between two Cisco devices. PPP (Point-to-Point Protocol) has to be used when communicating
with non-Cisco devices. HDLC is the default encapsulation on serial links in a Cisco router.
However, to change the encapsulation back to HDLC from PPP, use the following command
from interface configuration mode:
Router(config-if)#encapsulation hdlc
With a back-to-back serial connection, the ISR (Integrated Service Router ) router connected
to the DCE (Data circuit -terminating equipment) end of the serial cable provides the clock
signal for the serial link. This clock is received by the DTE (Data Terminal Equipment) device.
The clock rate command in the interface configuration mode enables the router at the DCE
end of the cable to provide the clock signal for the serial link. The default clock rate is 64000.
Network diagram
Lab instructions
This lab will test your ability to configure HDLC back to back connection on a serial link
between two Cisco ISR routers in Packet Tracer 7.1 . Practicing this labs will you to get
ready for the CCNA certification exam simulation questions.
1. Use the connected laptops to find the DCE and DTE routers. You can connect to the
routers using CLI.
- Clock : 250000
- HDLC link between the routers
- DCE router IP : 192.168.10.5/30
22
- DTE router IP : 192.168.10.6/30
3. Check IP connectivity between the two routers using the ping command.
Lab solution
1. Use the connected laptops to find the DCE and DTE routers
The show controllers <serial interface> command is used to determine which side of the
cable is the DCE side.
In this example, Router-A is the DTE side, and Router-B the DCE side (DCE V.35, clock rate
set).
Router-B beeing the DCE, clock rate has to be configured on Router-B serial 1/0 interface
Then, configure HDLC encapsulation and IP address on Router-B serial 1/0 interface.
The encapsulation hdlc configures HDLC protocol on the serial interface.
Router-B beeing the DCE side of the serial link, the 192.168.1.5/30 IP address is configured
on Router-B serial 1/0 interface. Don't forget to enable the interface with a no
shutdown command.
23
Router-B(config-if)#encapsulation hdlc
Router-B(config-if)#ip address 192.168.10.5 255.255.255.252
Router-B(config-if)#no shutdown
The show interfaces serial 1/0 confirms that HDLC encapsulation is enabled on the interface
: Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Finally, configure HDLC encapsulation and IP address on Router-A serial 1/0 interface. The
link becomes up as both routers are correctly configured.
3. Check IP connectivity between the two routers using the ping command.
Issue a ping from Router-A to Router-B to test network connectivity between the two
routers.
Router-A#ping 192.168.10.5
Type escape sequence to abort.
24
Sending 5, 100-byte ICMP Echos to 192.168.10.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms
Source: https://www.packettracernetwork.com/labs/lab11-hdlc.html
25
Lab 12 : PPP configuration
Introduction
PPP (Point-to-Point Protocol) is a non-proprietary WAN data-link layer encapsulation
protocol which can be viewed as an enhancement of HDLC as it embeds many additional
features when compared with HDLC:
Network diagram
Lab instructions
This lab will test your ability to configure PPP on a serial link in Packet Tracer 7.1. Practicing
this labs will help you to better understand what is a DCE, a DTE, and aclock rates on a serial
router interconnection and make you ready for the CCNA ppp labs and simlets.
1. Use the connected laptops to find the DCE and DTE routers. You can connect to the
routers using CLI.
- Clock : 250000
- PPP link between the routers
- DCE IP : 192.168.10.5/30
- DTE IP : 192.168.10.6/30
3. Check IP connectivity between the two routers using the ping command.
Lab solution
1. Use the connected laptops to find the DCE and DTE routers
26
The show controllers <serial interface> command is used to determine which side of
the cable is the DCE side.
In this example, Router-A is the DTE side, and Router-B the DCE side (DCE V.35, clock rate
set).
Router-B beeing the DCE, clock rate has to be configured on Router-B serial 1/0 interface
Then, configure PPP encapsulation and IP address on Router-B serial 1/0 interface.
The encapsulation ppp configures PPP protocol on the serial interface. PPP authenication
can be optionnally configured using the following IOS commands which are not used in this
lab :
Finally, configure PPP encapsulation and IP address on Router-A serial 1/0 interface. The
link becomes up as both routers are correctly configured.
3. Check IP connectivity between the two routers using the ping command.
Issue a ping from Router-A to Router-B to test network connectivity between the two
routers.
Router-A#ping 192.168.10.5