You are on page 1of 120

ICND2

Interconnecting Cisco Networking Devices Part 2


Version 1.0

Lab Guide
Editorial, Production, and Web Services (EPWS): 07.25.07

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

ICND2

Lab Guide
Overview
This guide presents the instructions and other information concerning the activities for this course. You can find the solutions in the Lab Activity Answer Key.

Outline
This guide includes these activities: Lab 1-1: Implementing a Small Network (Review Lab) Lab 2-1: Configuring Expanded Switched Networks Lab 2-2: Troubleshooting Switched Networks Lab 4-1: Implementing OSPF Lab 4-2: Troubleshooting OSPF Lab 5-1: Implementing EIGRP Lab 5-2: Troubleshooting EIGRP Lab 6-1: Implementing and Troubleshooting ACLs Lab 7-1: Configuring NAT and PAT Lab 7-2: Implementing IPv6 Lab 8-1: Establishing a Frame Relay WAN Lab 8-2: Troubleshooting Frame Relay WANs Answer Key

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 1-1: Implementing a Small Network (Review Lab)


Complete this lab activity to practice what you reviewed in the related module.

Activity Objective
In this activity, you will use the skills and knowledge that you acquired prior to taking this course to implement a small network. You will use the commands reviewed in the related module to provide your workgroup switch and router with a basic configuration for IP connectivity. After completing this activity, you will be able to meet these objectives: Return your workgroup switch and router to their default configurations Configure your workgroup switch and router with their proper identities and IP addressing Provide basic security with passwords and port security

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 1-1: Implementing a Small Network Review Lab


WG Switch Router fa0/0 10.1.1.11 10.1.1.21 10.1.1.31 10.1.1.41 10.1.1.51 10.1.1.61 10.1.1.71 10.1.1.81

A B C D E F G H

10.1.1.10 10.1.1.20 10.1.1.30 10.1.1.40 10.1.1.50 10.1.1.60 10.1.1.70 10.1.1.80

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.04

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor
2 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Your instructor will provide setup information that you need to complete this and the subsequent lab activities. Your instructor will also assign you to a workgroup, identified by the letters A through H. Complete the following information as provided by your instructor:

Value Your workgroup IP address of your terminal Subnet mask IP address of the default gateway IP address of the terminal server Username to access the terminal server Password to access the terminal server IP address of the TFTP server

Information Provided by Your Instructor

2007 Cisco Systems, Inc.

Lab Guide

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Review Commands
Command Description Configures the message-of-the-day banner. Enters global configuration mode. Saves the running configuration into NVRAM as the startup configuration. Adds a descriptive comment to the configuration of an interfacevery useful with complex configurations. Enables full duplex on an interface. Enters the privileged EXEC mode command interpreter. Sets an enable secret password to enter privilege EXEC. Erases the startup configuration from NVRAM. Assigns your device a hostname. Specifies an interface and enters interface configuration mode. Sets the IP address and mask of the device. Sets the default gateway of the switch. Specifies the console line and enters line configuration mode. Specifies the vty lines and enters line configuration mode. Sets password checking at login. Enables synchronous logging of messages. Sets a password on a line. Uses ICMP echo requests and ICMP echo replies to determine whether a remote host is reachable. Reboots the device to make your changes take effect. Displays the Cisco Discovery Protocol updates received on each local interface of the device. Displays information on all of the device interfaces. Displays the administrative and operational status of all secure ports on a switch. Optionally displays specific interface security settings or all secure MAC addresses. Displays the active configuration. Displays the startup configuration settings that are saved in NVRAM. Disables or enables an interface.
2007 Cisco Systems, Inc.

banner motd configure terminal copy running-config startup-config description duplex full enable enable secret password erase startupconfiguration hostname name interface interface ip address address mask ip default-gateway address line console 0 line vty 0 4 login logging synchronous password password ping ip_address reload show cdp neighbors show interfaces show port-security [interface interface-id] [address] show running-configuration show startup-configuration shutdown/no shutdown
4

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command

Description Sets the speed of the port. Sets the port to access mode. Use the no version of this command to reset default values. Enables port security on an interface. Entered without keywords. Assigns a secure MAC address on a port. Use the no form of this command to remove it. Sets the maximum number of secure MAC addresses for the interface.

speed speed switchport mode access switchport port-security switchport port-security mac-address mac-address switchport port-security maximum value

Job Aids
These job aids are available to help you complete the lab activity.

Workgroup (WG)

Router Name

Router Fa0/0 Interface (RouterX)

Switch Name

Switch Interface SwitchX Port VLAN 1 to Core (SwitchX)

Core Switch A Port to (WG)

A B C D E F G H

RouterA RouterB RouterC RouterD RouterE RouterF RouterG RouterH

10.1.1.11/24 10.1.1.21/24 10.1.1.31/24 10.1.1.41/24 10.1.1.51/24 10.1.1.61/24 10.1.1.71/24 10.1.1.81/24

SwitchA SwitchB SwitchC SwitchD SwitchE SwitchF SwitchG Switch H

10.1.1.10/24 10.1.1.20/24 10.1.1.30/24 10.1.1.40/24 10.1.1.50/24 10.1.1.60/24 10.1.1.70/24 10.1.1.80/24

Fa0/11 Fa0/11 Fa0/11 Fa0/11 Fa0/11 Fa0/11 Fa0/11 Fa0/11

Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/7 Fa0/8

Task 1: Setting Up the Workgroup Router


In this task, you will use the commands reviewed in the related module to provide your workgroup router with a basic configuration for IP connectivity.

Activity Procedure
Complete these steps:
Step 1 Step 2 Step 3

From your PC, establish a connection to the lab equipment. Select your workgroup from the Main menu. Select your workgroup router from the Pod menu. If you are prompted for a console password, try a password of cisco (or consult the instructor for a password).

2007 Cisco Systems, Inc.

Lab Guide

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 4

Enter privileged EXEC mode. If you are prompted for a privileged EXEC password, try a password of sanfran. If a password of sanfran does not work, please consult with your instructor. Erase the startup configuration of your workgroup router. Reload your workgroup router. If you are prompted to save modifications, answer N. When you are prompted to confirm reload, answer Y. After your workgroup router reboots, you will be asked if you want to enter the Configuration Dialog. Answer N. If you are asked if you want to terminate AutoInstall, answer Y. Configure your workgroup router with a hostname. Use the name listed in the Job Aids table for this lab activity. Configure an enable secret password of sanfran, which will be used to gain access to privileged EXEC mode. Assign an IP address to the first Ethernet interface (Fa0/0) of your workgroup router. The IP address is listed in the Job Aids table for this lab. Enable the first Ethernet interface (Fa0/0) of your workgroup router. Provide a description for the interface configuration describing the connected destination. Configure a message of the day banner warning unauthorized users not to log in. Configure the router to require a password when accessing the router through the console port. Use the password cisco. Configure the router to require a password when accessing the router through the first five vty lines, 0 through 4. Use a password of sanjose. Configure the console port with the logging synchronous command. Save your running configuration to NVRAM. Utilize the following commands to verify your configuration settings: show interfaces What is the MAC address of the first Ethernet interface of the router (Fa0/0) which connects to your workgroup switch? (You will need this information for the next task.)

Step 5 Step 6

Step 7

Step 8

Step 9

Step 10

Step 11 Step 12

Step 13 Step 14

Step 15

Step 16 Step 17 Step 18

show running-configuration show startup-configuration

Activity Verification
You have completed this task when you attain these results: Your workgroup router has the proper identity and IP addresses. Your workgroup router has basic security configured with passwords.

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 2: Setting Up the Workgroup Switch


In this task, you will use the commands reviewed in the related module to provide your workgroup switch with a basic configuration for IP connectivity.

Activity Procedure
Complete these steps:
Step 1 Step 2 Step 3

From your PC, establish a connection to the lab equipment. Select your workgroup from the Main menu. Select your workgroup switch from the Pod menu. If you are prompted with a console password, try a password of cisco (or consult the instructor). Enter privileged EXEC mode. If you are prompted with a privileged EXEC password, try a password of sanfran, or consult your instructor if this password does not work. Erase your workgroup switch startup configuration. Delete the workgroup switch VLAN database using the following command: delete flash:vlan.dat.
When asked Delete filename [vlan.dat]? press the Enter key. When asked Delete flash:vlan.dat? [confirm] press the Enter key.

Step 4

Step 5 Step 6

Note

Step 7

Reload your switch. If you are prompted to save modifications, answer N. When you are prompted to confirm reload, answer Y. After your switch reboots, you will be asked if you want to enter Configuration Dialog. Answer N. Configure your switch with a hostname. Use the name listed in the Job Aids table for this lab activity. Configure an enable secret password of sanfran, which will be used to gain access to privileged EXEC mode. Assign an IP address to the management VLAN interface of your workgroup switch. Use the IP address listed in the Job Aids table for this lab activity. Enable the management VLAN interface of your workgroup switch. Assign a default gateway to your workgroup switch. Use the address of the core router, 10.1.1.3. Configure a message-of-the-day banner warning unauthorized users not to log in. Set the speed of port Fa0/11 on your workgroup switch to 100Mb/s. Set the duplex setting of port Fa0/11 on your workgroup switch to full duplex. Provide a description for the Fa0/11 interface describing the connected destination.

Step 8

Step 9

Step 10

Step 11

Step 12 Step 13

Step 14 Step 15 Step 16 Step 17

2007 Cisco Systems, Inc.

Lab Guide

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 18

Configure port security on switchport Fa0/2 to allow only your workgroup router to be able to use the port. Make sure the port is an access port. Allow only a maximum of one device to use the port (may be the default). Specify the MAC address of the router (found in Task 1) to be the one device allowed. Enable port security on the port. Provide a description for the Fa0/2 interface describing the connected destination. Configure the switch to require a password when accessing the switch through the console port. Use the password cisco. Configure the console port with the logging synchronous command. Configure the switch to require a password when accessing the switch using the first five vty lines, 0 through 4. Use a password of sanjose. Save your running configuration to NVRAM. Utilize the following commands to verify your configuration settings: show interfaces show port-security show running-configuration show startup-configuration

Step 19 Step 20

Step 21 Step 22

Step 23 Step 24

Activity Verification
You have completed this task when you attain these results: The workgroup switch has the proper identity and IP address. The workgroup switch has basic security with passwords and port security.

Task 3: Verifying Workgroup Connectivity


In this task, you will use the commands reviewed in the related module to verify your workgroup switch and router connectivity.

Activity Procedure
Complete these steps from your workgroup switch:
Step 1

Use Cisco Discovery Protocol to identify your workgroup router and core switch A as neighbors. Ping the first Ethernet interface (Fa0/0) of your workgroup router. Ping the TFTP server address of 10.1.1.1.

Step 2 Step 3

Complete these steps from your workgroup router:


Step 4
8

Use Cisco Discovery Protocol to identify your workgroup switch as a neighbor.


2007 Cisco Systems, Inc.

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 5 Step 6 Step 7

Ping the VLAN 1 interface of your workgroup switch. Ping the TFTP server address of 10.1.1.1. Notify your instructor that you have completed the activity.

Activity Verification
You have completed this task when you attain these results: You have successfully viewed your directly connected Cisco Discovery Protocol neighbors from you workgroup router and switch. All of the pings from your workgroup router and switch were successful.

2007 Cisco Systems, Inc.

Lab Guide

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 2-1: Configuring Expanded Switched Networks


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure a switch to meet the specific VLAN requirements. After completing this activity, you will be able to meet these objectives: Configure the switch to participate in a VTP domain and configure the switch for transparent mode Configure trunking on a trunk port to provide access to a router on the network Configure separate VLANs for separate logical networks Enable RSTP and configure the root switch and backup root switch

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 2-1: Configuring Expanded Switched Networks


Subnet 10.1.1.0 10.2.2.0 10.3.3.0 10.4.4.0 10.5.5.0 10.6.6.0 10.7.7.0 10.8.8.0 10.9.9.0 VLAN 1 2 3 4 5 6 7 8 9 Devices Core Switches, CoreRouter, SwitchX CoreRouter, RouterA CoreRouter, RouterB CoreRouter, RouterC CoreRouter, RouterD CoreRouter, RouterE CoreRouter, RouterF CoreRouter, RouterG CoreRouter, RouterH

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.05

10

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Commands
Command Description Executes an extended ping command. You will set the ping count and other options manually. (Use this command in privileged EXEC mode.) Interface configuration mode to set a Fast Ethernet or Gigabit Ethernet port to trunk mode. Interface configuration mode to assign a port to a VLAN. Common tool used to troubleshoot the accessibility of devices. It uses ICMP echo requests and ICMP echo replies to determine whether a remote host is active. The ping command also measures the amount of time it takes to receive the echo reply. Displays the trunk parameters. Displays spanning-tree information for a particular VLAN. Displays VLAN and trunk information. Displays information on all configured VLANs. Displays the VTP status. Disables or enables an interface. Global configuration mode to add a VLAN and enter configvlan subconfiguration mode. Use the no form of this command to delete the VLAN. Defines a VLAN name from config-vlan subconfiguration mode.

ping <cr>

switchport mode trunk switchport access vlan vlan# ping ip-address

show interface interface show spanning-tree vlan vlan# show interfaces interface switchport show vlan show vtp status shutdown/no shutdown vlan vlan-id

name vlan-name

2007 Cisco Systems, Inc.

Lab Guide

11

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command

Description Global configuration mode to enable the Rapid-PVST protocol Enables PortFast on an interface. Global configuration mode to designate a switch to be the primary root for a particular VLAN. Global configuration mode to designate a switch to be the secondary root for a particular VLAN. Sets the VTP mode; use the no form of this command to return to the default setting. Sets the VTP administrative domain.

spanning-tree mode rapid-pvst spanning-tree portfast spanning-tree vlan vlanID root primary spanning-tree vlan vlanID root secondary vtp mode {server | client | transparent} vtp domain domain

12

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Job Aids
These job aids are available to help you complete the lab activities. Here are the steps to prepare for this lab activity: Verify that you have a single connection between the workgroup switch and core switch A by using the show cdp neighbors command. Verify that the only core neighbor you see is core switch A. Your instructor needs to load new configurations on the core switches. Check with the instructor to be certain the new configurations have been loaded. This table lists the Fast Ethernet connections that are necessary to complete this lab activity.
WG A B C D E F G H Port Fa0/11 Fa0/11 Fa0/11 Fa0/11 Fa0/11 Fa0/11 Fa0/11 Fa0/11 Core A Port Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/7 Fa0/8 Port Fa0/12 Fa0/12 Fa0/12 Fa0/12 Fa0/12 Fa0/12 Fa0/12 Fa0/12 Core B Port Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/7 Fa0/8

Task 1: Configure VTP and VTP Domains


In this activity, you will configure your workgroup switch to participate in a VTP domain in the transparent mode. This will prevent VLAN changes made on the workgroup switch from propagating to other switches in the lab.

Activity Procedure
Complete the following steps on your workgroup switch:
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7

From your PC, establish a connection to the lab equipment. Select your workgroup from the Main menu. Select your workgroup switch from the Pod menu. Use the enable command to enter privileged EXEC mode. Shut down the Fa0/12 interface on your workgroup switch. Set the VTP domain name to ICND. Set the VTP mode to transparent. What command sequence do you use to set the domain name and VTP mode on your workgroup switch?

2007 Cisco Systems, Inc.

Lab Guide

13

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 8

Verify the VTP configuration using the show vtp status command. Your output should look similar to the following display:
SwitchA# sh vtp status VTP Version Configuration Revision Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest 0xA4 0xFF 0xD6 : 2 : 0 : 6 : Transparent : ICND : Disabled : Disabled : Disabled : 0x68 0x9E 0x44 0xAC 0xFE

Maximum VLANs supported locally : 255

Configuration last modified by 10.1.1.10 at 0-0-00 00:00:00

Is the domain name the same that you entered? Are you in transparent mode?

Step 9

Proceed to Task 2.

Activity Verification
You have completed this task when you attain this result: Configured your workgroup switch to participate in a VTP domain in the transparent mode so that any VLAN changes made on the workgroup switch are prevented from propagating to other switches.

Task 2: Assign a Switch Port to Perform Trunking


The instructor has configured the core switches to trunk to the workgroup switches from their previous nontrunking mode. This configuration effectively shuts off frames from passing between the core switches and the workgroup switches and blocks your access to the core devices. You will configure trunking on one of the trunk ports so that you can reach the core router again.

Activity Procedure
Complete the following steps to configure trunking mode on your workgroup switch:
Step 1

Set port Fa0/11 on your workgroup switch to trunk mode. What command do you use to set the port to trunk mode?

14

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 2

Verify the trunk configuration. What command do you use to display a trunk configuration?

Your output should look similar to the following display:


SwitchA#show interface FastEthernet 0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Appliance trust: none
Step 3

To verify trunking, ping the core router at 10.1.1.3 from the workgroup switch. (If it does not work, make sure that your Fa0/12 interface is shut down.) Proceed to Task 3.

Step 4

Activity Verification
You have completed this task when you attain these results. Configured trunking on one trunk port Pinged the core router to verify trunking and connectivity

2007 Cisco Systems, Inc.

Lab Guide

15

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 3: Configure Separate VLANs on the Switch


In this task, you will configure a VLAN for the switch port that is connected to your workgroup router and change the IP address of the first Ethernet interface on your workgroup router. The new address is in the VLAN that is assigned to your workgroup, and it can only reach other devices in the workgroup (in a different VLAN) via the core router. Your instructor has configured the core router to support inter-VLAN routing. The table, or VLAN assignment chart, provides information you need to complete this task.
WG VLAN Number VLAN Name Core Router RouterX Fa0/0 (in which x is the workgroup letter) 10.2.2.12 10.3.3.12 10.4.4.12 10.5.5.12 10.6.6.12 10.7.7.12 10.8.8.12 10.9.9.12

A B C D E F G H

2 3 4 5 6 7 8 9

VLAN0002 VLAN0003 VLAN0004 VLAN0005 VLAN0006 VLAN0007 VLAN0008 VLAN0009

10.2.2.3 10.3.3.3 10.4.4.3 10.5.5.3 10.6.6.3 10.7.7.3 10.8.8.3 10.9.9.3

Activity Procedure
Complete the following steps to configure separate VLANs on your workgroup switch:
Step 1

Using the VLAN assignment chart, create a VLAN only for your workgroup. What command do you use to create a VLAN on your switch?

Step 2

Using the show vlan command from the EXEC mode, verify that the correct VLAN has been added. Your output should look similar to the following display:

SwitchA# sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2 2 VLAN0002 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup

16

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 3

Set the workgroup switch port (port Fa0/2) that is connected to your workgroup router to your assigned VLAN number. What command do you use to set the port to your assigned VLAN number?

Step 4

Configure spanning-tree portfast on the workgroup switch port that is connected to your workgroup router (port Fa0/2). Enter the proper show command for verifying that port Fa0/2 is now in the correct VLAN. Your output should look similar to the following display:

Step 5

SwitchA# sh vlan brief VLAN Name Status Ports ---- -------------------------------- --------- -----------------------------1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active Fa0/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup

Step 6

Access the console port of your workgroup routerrouter X, in which x is the workgroup letter assigned to you for this lab activity. From your workgroup router, enter interface configuration mode for your first Ethernet interface (Fa0/0). Change the primary Ethernet interface in your workgroup router to 10.x.x.12 (in which x is your assigned VLAN number) and assign a subnet mask of 255.255.255.0. Ping the core router at 10.x.x.3, in which x is your assigned VLAN number, from your workgroup router. Your ping should be successful. Why?

Step 7

Step 8

Step 9

Step 10

Ping your workgroup switch from your workgroup router. Your ping should not be successful. Why?

2007 Cisco Systems, Inc.

Lab Guide

17

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 11

Enable inter-VLAN communications by configuring a default route on your workgroup router that points to the core router using the ip route 0.0.0.0 0.0.0.0 10.x.x.3 command, in which x is your assigned VLAN number. Now ping your workgroup switch. Your ping should be successful? Why?

Note

Notice that the default gateway on your workgroup switch is set to 10.1.1.3 so that your workgroup switch can ping devices in other VLANs via the core router. If the default gateway is not present in your configuration, add it by using the ip default-gateway 10.1.1.3 command in global configuration mode.

Step 12

Proceed to Task 4.

Activity Verification
You have completed this task when you attain these results: Configured a VLAN and assigned that VLAN to the switch port that is connected to your workgroup router Changed the IP address of the first Ethernet interface on your workgroup router Assigned a default route to your workgroup router Pinged devices in other VLANs to verify connectivity

18

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 4: Configure the Rapid-PVST Protocol


In this task, you will configure the Rapid-PVST protocol, configure the second trunk port on your workgroup switch so that it trunks to core switch B, and observe the Rapid-PVST convergence when a loop is created.

Activity Procedure
Complete the following steps to configure the Rapid-PVST protocol on your workgroup switch:
Step 1

Have the instructor verify that the interface on core switch B that connects to your workgroup switch is configured properly for trunking. (The instructor may need to enter the no shutdown command on this interface.) Make sure that the Fa0/12 interface on your workgroup switch is still shut down. Enable the Rapid-PVST protocol on your workgroup switch. Set the speed of port Fa0/12 on your workgroup switch to 100Mb/s. Set the duplex setting of port Fa0/12 on your workgroup switch to full duplex. Set the port Fa0/12 on your workgroup switch to trunk mode. What command do you use to set the port to trunk mode?

Step 2 Step 3 Step 4 Step 5

What command do you use to display a trunk configuration?

Your output should look similar to the following display:


SwitchA# show interfaces Fa0/12 switchport Name: Fa0/12 Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL

2007 Cisco Systems, Inc.

Lab Guide

19

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 6

Enter the no shutdown command on the Fa0/12 interface on your workgroup switch. Enter the command to determine the spanning-tree state of the VLAN you created earlier. Which interfaces are in the forwarding state for the VLAN you created?

Step 7

Note

Port Fa0/2 and Fa0/11 on your workgroup switch should be in the forwarding state.

Step 8

Keep your workgroup switch console session active and open a second console session to the workgroup router. (You need two open sessions to the lab equipment to accomplish this step.) From your workgroup router, use Telnet to connect to the core switches and repeat Step 6 from core switch A and core switch B.
The IP address for core switch A is 10.1.1.2 and the IP address for core switch B is 10.1.1.4. The vty password for the core switches is cisco. You do not need enable mode privileges on the core switches.

Step 9

Note

Step 10

Use the output of the show spanning-tree vlan x command that you performed on the core switches and your workgroup switch in the previous steps to answer the following questions: What is the MAC address of the root bridge for the VLAN you created earlier?

Which switch is the root bridge?

What is the priority of the root bridge?

Which port is in the blocking state?

20

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Your output should look similar to the following display:


CoreSwitchA> show spanning-tree vlan 2
VLAN0002 Spanning tree enabled protocol rstp Root ID Priority 24578 Address 001a.6dd7.1880 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID

Forward Delay 15 sec

Priority 24578 (priority 24576 sys-id-ext 2) Address 001a.6dd7.1880 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Desg Desg Desg Desg Desg Desg Sts --FWD FWD FWD FWD FWD FWD FWD FWD Cost --------19 19 19 19 19 19 19 12 Prio.Nbr -------128.1 128.2 128.3 128.4 128.5 128.6 128.23 128.72 Type -------------------------------P2p P2p P2p P2p P2p P2p P2p P2p Peer(STP)

Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/23 Po1

CoreSwitchB> sh spanning-tree vlan 2


VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 24578 Address 001a.6dd7.1880 Cost 12 Port 72 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID

Forward Delay 15 sec

Priority 28674 (priority 28672 sys-id-ext 2) Address 001a.6de6.d800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Desg Desg Desg Desg Root Sts --FWD FWD FWD FWD FWD FWD FWD Cost --------19 19 19 19 19 19 12 Prio.Nbr -------128.1 128.2 128.3 128.4 128.5 128.6 128.72 Type -------------------------------P2p P2p P2p P2p P2p P2p P2p

Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Po1 Step 11

While keeping the two console sessions active, (one to your switch and one to your router), from your workgroup router, perform an extended ping to the core router (10.x.x.3, in which x is your assigned VLAN number) with a count of 45000. Is the ping successful? Your output should look similar to the following display:
RouterA# ping Protocol [ip]: Target IP address: 10.1.1.3

2007 Cisco Systems, Inc.

Lab Guide

21

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Repeat count [5]: 45000 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sending 45000, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:

Note

You should see continuous successful ping replies from the core router. The current path from your switch to the core router should be via your FastEthernet0/11 port. If not, do not proceed to the next step; instead, troubleshoot the problem or ask your instructor for help.

Step 12

At your workgroup switch, shut down interface Fa0/11. What happened to the extended ping to the core router?

Is the ping successful after a few seconds?

Step 13

At your workgroup switch, re-enable interface Fa0/11. What happened to the extended ping to the core router?

Is the ping successful after a few seconds?

Step 14

Stop the extended ping from your workgroup router to the core router by pressing Ctrl-Shift-6, then Ctrl-Shift-6 again. Save your configuration to NVRAM, using copy run start. Notify your instructor that you have completed the activity.

Step 15 Step 16

Activity Verification
You have completed this activity when you attain these results: Configured a second trunk port on your workgroup switch to trunk to core switch B Observed an extended ping to the core router and shut down the forwarding trunking port to observe a break in the pings

22

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 5: Configure Primary and Secondary Root Bridges (Optional)


In this task, you will work with a student in another workgroup. You will configure two more VLANs, a primary and secondary. Your workgroup switch will become the root bridge for your primary VLAN and the secondary root bridge for the primary VLAN of your partner. Group Assignments: A-B, C-D, E-F, G-H Primary and Secondary VLAN Assignment
WG Primary VLAN Number 20 30 40 50 60 70 80 90 Secondary VLAN Number 30 20 50 40 70 60 90 80

A B C D E F G H

Activity Procedure
Complete the following steps to configure the primary and secondary root bridge on your workgroup switch:
Step 1

Using the Primary and Secondary VLAN Assignment table, create only the primary VLAN for your workgroup. Using the Primary and Secondary VLAN Assignment table, create only the secondary VLAN for your workgroup. What command do you use to create a VLAN on your switch?

Step 2

Step 3

Using the show vlan command from the EXEC mode, verify that the correct VLANs have been added. Configure your workgroup switch to be the root bridge for your primary VLAN. What command do you use to make a switch the root bridge for a particular VLAN?

Step 4

Step 5

Configure your workgroup switch to be the secondary root bridge for the primary VLAN of your partner. What command do you use to make a switch the secondary root bridge?

2007 Cisco Systems, Inc.

Lab Guide

23

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 6

Enter the command to determine the spanning-tree state of the VLANs you created earlier in this task. Which interfaces are in the forwarding state for the VLANs you created?

Step 7

Keep your workgroup switch console session active and open a second console session to the workgroup router. (You need two open sessions to the lab equipment to accomplish this step.) From your workgroup router, establish a Telnet session to the core switches and enter the command to determine the spanning-tree state of your primary VLAN and your secondary VLAN on core switch A and core switch B.
The IP address for core switch A is 10.1.1.2, and the IP address for core switch B is 10.1.1.4. The vty password for the core switches is cisco. You do not need enable mode privileges on the core switches.

Step 8

Note

Step 9

From the output of the show spanning-tree vlan x command performed on the core switches and your workgroup switch in the previous steps, answer the following questions: What is the MAC address of the root bridge for the primary VLAN you created earlier? What is the MAC address of the secondary VLAN?

Which switch is the root bridge for the primary VLAN? Which switch is the root bridge for the secondary VLAN?

What is the priority of the root bridge for the primary VLAN? What is the priority of the secondary VLAN?

Which port is in the blocking state for the primary VLAN? Which port is in the blocking state for the secondary VLAN?

24

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Your output should look similar to the following display:


SwitchA# sh spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol rstp Root ID Priority 24596 Address 0017.596d.2a00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID

Forward Delay 15 sec

Priority 24596 (priority 24576 sys-id-ext 20) Address 0017.596d.2a00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio.Nbr -------128.11 128.12 Type ---------------------------P2p P2p Peer(STP)

Interface ---------------Fa0/11 Fa0/12

SwitchA# sh spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol rstp Root ID Priority 24606 Address 0017.596d.1580 Cost 38 Port 11 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Bridge ID

Forward Delay 15 sec

Priority 28702 (priority 28672 sys-id-ext 30) Address 0017.596d.2a00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Root Altn Sts --FWD BLK Cost --------19 19 Prio.Nbr -------128.11 128.12 Type ---------------------------P2p P2p Peer(STP)

Interface ---------------Fa0/11 Fa0/12

CoreSwitchA> sh spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol rstp Root ID Priority 24596 Address 0017.596d.2a00 Cost 19 Port 1 (FastEthernet0/1) Hello Time 2 sec Max Age 20 sec Bridge ID

Forward Delay 15 sec

Priority 32788 (priority 32768 sys-id-ext 20) Address 001a.6dd7.1880 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Root Desg Desg Desg Desg Desg Desg Sts --FWD FWD FWD FWD FWD FWD FWD Cost --------19 19 19 19 19 19 19 Prio.Nbr -------128.1 128.2 128.3 128.4 128.5 128.6 128.23 Type ---------------------------P2p P2p P2p P2p P2p P2p P2p

Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/23

2007 Cisco Systems, Inc.

Lab Guide

25

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- ---------------------------Po1 Desg FWD 12 128.72 P2p Peer(STP)

CoreSwitchB> show spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol ieee Root ID Priority 24606 Address 0017.596d.1580 Cost 19 Port 2 (FastEthernet0/2) Hello Time 2 sec Max Age 20 sec Bridge ID

Forward Delay 15 sec

Priority 32798 (priority 32768 sys-id-ext 30) Address 001a.6de6.d800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Role ---Desg Root Desg Desg Desg Desg Altn Sts --FWD FWD FWD FWD FWD FWD BLK Cost --------19 19 19 19 19 19 12 Prio.Nbr -------128.1 128.2 128.3 128.4 128.5 128.6 128.72 Type -----------------------P2p P2p P2p P2p P2p P2p P2p

Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Po1

Activity Verification
You have completed this activity when you attain these results: Configured and verified a primary and secondary VLAN Configured and verified a root and secondary root bridge for the primary and secondary VLANs

26

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 2-2: Troubleshooting Switched Networks


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will use the troubleshooting guidelines discussed in the corresponding module to gather symptoms and isolate and correct problems commonly found in a switched network. After completing this activity, you will be able to meet these objectives: Discover switched network connectivity issues, follow troubleshooting guidelines to ascertain switched connectivity problems, and re-establish switched network connectivity

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 2-2: Troubleshooting Switched Networks


WG Switch Router fa0/0 10.2.2.12 10.3.3.12 10.4.4.12 10.5.5.12 10.6.6.12 10.7.7.12 10.8.8.12 10.9.9.12

A B C D E F G H

10.1.1.10 10.1.1.20 10.1.1.30 10.1.1.40 10.1.1.50 10.1.1.60 10.1.1.70 10.1.1.80

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.06

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

2007 Cisco Systems, Inc.

Lab Guide

27

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Commands
Command Description Merges a file on the TFTP server with device runningconfig Tests Layer 3 connectivity Displays interface status and statistics Displays switching-related interface statistics Displays interfaces configured to be trunk ports Displays interfaces configured with port security Displays the MAC addresses found on a secure port Displays spanning tree status Displays a switch VLAN database Displays VTP settings

copy tftp runningconfiguration ping 10.1.1.1 show interface show interface switchport show interface trunk show port-security show port-security address show spanning-tree vlan # show vlan show vtp status

Job Aids
These job aids are available to help you complete the lab activity. Use the table to document the troubleshooting process. Troubleshooting Steps
Command to Gather Symptoms Example: ping 172.16.2.2 show ip interface brief ping 172.16.2.2 show interface Fa0/1 ping 172.16.2.2 fails int Fa0/1 is administratively down still fails has incorrect ip address succeeds ----no shutdown ----ip address 192.168.1.2 Isolate the Problem Command to Correct the Problem

28

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 1: Update Your Workgroup Configurations


In this task, you will download new supplemental configurations to your workgroup switch and router from the TFTP server. These supplemental configurations may introduce a problem that will prevent you from completing the task, so you will troubleshoot to isolate and correct the problem.

Activity Procedure
Complete these steps:
Step 1 Step 2 Step 3

Shutdown the port Fa0/12 of your workgroup switch. Ping the TFTP server (10.1.1.1) from your workgroup router. Ensure connectivity with the TFTP server. Ping the TFTP server (10.1.1.1) from your workgroup switch.
If either of the pings is unsuccessful, contact your instructor.

Note

Step 4

From your workgroup switch, download the supplemental configuration from the TFTP server into the running configuration of your workgroup switch. The name of the file to download is i2-wg_sw-config-lab2-2.txt. Type exit from the privilege EXEC prompt and ensure your switch banner reads: ************** wg_sw-config-lab2-2 ***********************

Step 5

Step 6

From your workgroup router, download the supplemental configuration from the TFTP server into the running configuration of your workgroup router. The name of the file to download is i2-wg_ro-config-lab2-2.txt. Was the download successful?

Can you ping the TFTP server from your workgroup router?

Step 7

Without utilizing the show run command, use the troubleshooting guidelines and commands discussed in the corresponding module to gather symptoms, isolate the problem, and correct the problem. Use the Job Aids table on the previous page to document the troubleshooting process. Once you have re-established connectivity, download the supplemental configuration from the TFTP server into the running configuration of your workgroup router. The name of the file to download is i2-wg_ro-config-lab2-2.txt. Type exit from the privilege EXEC prompt and ensure your switch banner reads: ****** Congratulations! You have successfully completed the lab. ******

Step 8

Step 9

Step 10 Step 11
2007 Cisco Systems, Inc.

Save your running configuration to NVRAM. Notify your instructor that you have completed the activity.
Lab Guide 29

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Activity Verification
You have completed this task when you attain these results: Both your workgroup switch and workgroup router are able to ping the TFTP server. Both your workgroup switch and workgroup router have downloaded their lab2-2 configuration into their running configuration.

30

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 4-1: Implementing OSPF


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will determine IP routes with the OSPF routing protocol. After completing this activity, you will be able to meet these objectives: Disable the LAN connections to the core Enable the serial connections on a workgroup router Configure OSPF on a workgroup router Configure plain text authentication for OSPF Verify the correct operation and configuration of OSPF routing and OSPF plain text authentication

Visual Objective
The figure illustrates what you will accomplish in this lab activity.

Visual Objective 4-1: Implementing OSPF

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.08

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

2007 Cisco Systems, Inc.

Lab Guide

31

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Cisco Catalyst Switch Commands
Command Description Defines the IP address and subnet mask for the Cisco Catalyst switch. Defines a default gateway on the Cisco Catalyst switch. Common tool used to troubleshoot the accessibility of devices. This tool uses ICMP echo requests and ICMP echo replies to determine whether a remote host is active. The ping command also measures the amount of time it takes to receive the echo reply. Displays IP configuration on the Cisco Catalyst switch. Displays VLAN information on the Cisco Catalyst switch.

interface vlan1 ip address ip-address mask ip default-gateway ipaddress ping ip-address

show interfaces vlan 1 show vlan

switchport access vlan 1 Defines the VLAN membership of an interface

Cisco Router Commands


Command Description Configures the bandwidth on serial interfaces. Configures the clock rate on serial interfaces. Displays a summary of OSPF transaction information. Uses the interface global configuration command to configure an interface type and enter interface configuration mode. Assigns a password to be used for OSPF authentication. Enables plain text OSPF authentication.

bandwidth clock rate debug ip ospf events interface loopback ip ospf authenticationkey password ip ospf authentication

network network-number Starts the routing protocol on all interfaces that the router has in wildcard-mask area area- the specified network; specifies the number of bits significant for this network and the OSPF area with which the network is id
associated.

ping ip-address

Common tool used to troubleshoot the accessibility of devices. This tool uses ICMP echo requests and ICMP echo replies to determine whether a remote host is active. The ping command also measures the amount of time it takes to receive the echo reply. Enables the OSPF routing protocol. Displays the controller state that is specific to the controller hardware. Displays statistics for interfaces configured on the router. Determines the state of an OSPF neighbor. Displays values about routing protocols and routing protocol timer information associated with the router.
2007 Cisco Systems, Inc.

router ospf routerprocess-id show controllers type show interfaces type show ip ospf neighbor show ip protocols

32

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command

Description Displays the IP routing table. Disables or enables an interface. Turns off all debugging displays.

show ip route shutdown/no shutdown undebug all

Job Aids
These job aids are available to help you complete the lab activity. In this activity, you will use the default encapsulation for a serial link, HDLC, to distribute routing protocol traffic from your workgroup to the core. This requires shutting down the uplinks to the core switches on your workgroup switch and assigning an IP address to the first serial interface of your router. You will also configure the OSPF routing protocol, implementing OSPF authentication to ensure routing update authenticity. Then you will verify the configuration and operation of OSPF. The following table lists the IP addresses that you will use in this lab activity. Subnet masks are designated with /bits to indicate the number of network bits in the mask. IP Addresses
WG Switch Interface VLAN 1 (SwitchX) Router Fa0/0 Interface (RouterX) Router Loopback 0 Interface (RouterX) Router S0/0/0 Interface (RouterX) Router S0/0/1 Interface (RouterX) Core Router Serial Interface (Core Router) 10.140.1.1/24 10.140.2.1/24 10.140.3.1/24 10.140.4.1/24 10.140.5.1/24 10.140.6.1/24 10.140.7.1/24 10.140.8.1/24

A B C D E F G H

10.2.2.11/24 10.3.3.11/24 10.4.4.11/24 10.5.5.11/24 10.6.6.11/24 10.7.7.11/24 10.8.8.11/24 10.9.9.11/24

10.2.2.3/24 10.3.3.3/24 10.4.4.3/24 10.5.5.3/24 10.6.6.3/24 10.7.7.3/24 10.8.8.3/24 10.9.9.3/24

192.168.1.65/28 192.168.1.81/28 192.168.2.65/28 192.168.2.81/28 192.168.3.65/28 192.168.3.81/28 192.168.4.65/28 192.168.4.81/28

10.140.1.2/24 10.140.2.2/24 10.140.3.2/24 10.140.4.2/24 10.140.5.2/24 10.140.6.2/24 10.140.7.2/24 10.140.8.2/24

10.23.23.1/24 10.23.23.2/24 10.45.45.1/24 10.45.45.2/24 10.67.67.1/24 10.67.67.2/24 10.89.89.1/24 10.89.89.2/24

2007 Cisco Systems, Inc.

Lab Guide

33

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 1: Disable LAN Connections to the Core


This task requires that you shut down the LAN connection from your workgroup to the core. You will also change the IP address on your workgroup switch and the first Ethernet interface on your router.

Activity Procedure
Complete the following steps to disable the LAN connections between the workgroup and core:
Step 1 Step 2 Step 3 Step 4

From your PC, establish a connection to the lab equipment. Select your workgroup from the Main menu. Select your workgroup switch from the Pod menu. Shut down the ports (Fa0/11 and Fa0/12) that connect to core switch A and core switch B. Change the IP address on the VLAN 1 interface of your workgroup switch to the address listed in the Job Aids table for this lab activity. Change the default gateway on the switch to be the first Ethernet interface of your workgroup router. Check the address listed in the Job Aids table for this lab activity. For example, for workgroup A, the default gateway for the workgroup switch is 10.2.2.3. Change the workgroup switch port that is connected to your workgroup router (Fa0/2) to VLAN 1 by entering interface configuration mode and issuing the appropriate command. Exit global configuration mode. Enter the show interface vlan 1 command to verify that you have configured the correct IP address. Your output should look similar to the following display:
SwitchA# sh interface vlan 1 Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 0017.596d.2a40 (bia 0017.596d.2a40) Internet address is 10.2.2.11/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:11:45, output 00:11:45, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 280 packets input, 28716 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 142 packets output, 15568 bytes, 0 underruns

Step 5

Step 6

Step 7

Step 8 Step 9

34

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

0 output errors, 1 interface resets 0 output buffer failures, 0 output buffers swapped out Step 10

Show the running configuration to verify that the default gateway is properly configured. Enter the proper show vlan command to verify that the port to the workgroup router is now in VLAN 1.

Step 11

Your output should look similar to the following display:


SwitchA# sh vlan VLAN Name Status Ports ---- -------------------------------- --------- -----------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2 2 VLAN0002 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Step 12

Move to your workgroup router console connection. On the workgroup router, change the address of the Ethernet interface of the workgroup router to the address listed in the Job Aids table for this lab activity. Verify the first Ethernet interface of the workgroup router. Your output should look similar to the following display:
RouterA# sh ip int fa0/0 FastEthernet0/0 is up, line protocol is up Internet address is 10.2.2.3/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled

Step 13

Step 14

From your workgroup router, ping your workgroup switch to test connectivity. The ping should be successful.
Lab Guide 35

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 15

Proceed to Task 2.

Activity Verification
You have completed this task when you attain these results: Shut down the LAN connection from your workgroup to the core Changed the IP address on your workgroup switch and the first Ethernet interface on your router

Task 2: Enable Serial Connections on the Workgroup Router


This task requires that you remove the default route configured previously on the router, assign an IP address to your serial interfaces, and verify that you only have connectivity with directly connected devices. Also this task will have you verify that you cannot reach the core router IP address of 10.1.1.3. You will establish connectivity in the next task.

Activity Procedure
Complete the following steps on the workgroup router to enable a serial connection:
Step 1 Step 2

Enter global configuration mode. Remove the default route using the no ip route 0.0.0.0 0.0.0.0 10.x.x.3 command, which you configured in an earlier lab. Verify that the first two serial interfaces, S0/0/0 and S0/0/1, are configured for HDLC by using the show interfaces serial interface command. The fourth line in the output should indicate your encapsulation type. On the workgroup router, change the address of the first serial interface (S0/0/0) of the workgroup router to the address listed in the Job Aids table for this lab activity. For example, for workgroup A, the address is 10.140.1.2. Enter the no shutdown command on your first serial interface (S0/0/0). Ping the core router serial interface that is directly connected to your workgroup router. Refer to the Job Aids table of this lab activity for the correct IP address. For example, for workgroup A, the address is 10.140.1.1. The ping should work. Why?

Step 3

Step 4

Step 5 Step 6

Step 7

Ping the core router at 10.1.1.3. The ping did not work. Why not?

36

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 8

View your IP routing table to see all of the paths listed in the table. Which command do you enter to view the IP routing table? Your output should look similar to the following display:

RouterA# sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets 10.2.2.0 is directly connected, FastEthernet0/0 10.140.1.0 is directly connected, Serial0/0/0

C C
Step 9

Verify whether a DCE or DTE cable is connected on your second serial interface (S0/0/1) by using the show controllers serial interface command. (Notice there is a space between the word serial and the interface parameter.) If your second serial interface (S0/0/1), which connects to your partner workgroup router, is DCE, assign a clock rate of 64000.
DTE interfaces do not require a clock rate to be set.

Step 10

Note

Step 11

Configure the IP address of the second serial interface (S0/0/1) to the IP address listed in the Job Aids table for this lab activity. Enter the no shutdown command on your second serial interface. Ping the second serial interface (S0/0/1) of your partner router that is directly connected to your workgroup router. Refer to the Job Aids table of this lab activity for the correct IP address. The ping should work. Why?

Step 12 Step 13

Note

A successful ping requires the S0/0/1 interface of your partner router S0/0/1 to be configured correctly.

Step 14

Proceed to Task 3.

2007 Cisco Systems, Inc.

Lab Guide

37

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Activity Verification
You have completed this task when you attain these results: Removed the default route configured previously on the router Assigned an IP address to your serial interfaces Verified connectivity with your directly connected serial interface neighbor routers Verified that you cannot reach the core router IP address of 10.1.1.3 by unsuccessfully pinging the router

Task 3: Enable Routing with OSPF


The purpose of this task is to configure OSPF on the router. You will do this by assigning the routing process ID and identifying the networks that will participate in the OSPF routing process.

Activity Procedure
Complete the following steps on the workgroup router:
Step 1

Configure the loopback 0 interface with the address indicated in the Job Aids table of this lab activity. Enable the OSPF routing protocol. Use an OSPF process ID of 100. Enable OSPF on your loopback 0 interface, Fa0/0 interface, and two serial interfaces, S0/0/0 and S0/0/1. Refer to the Job Aids table of this lab activity. All of the interfaces should be in area 0. Use four network statements with a wildcard mask of 0.0.0.0 for each. For example:
RouterA(config)#router ospf 100 RouterA(config-router)#network 192.168.1.65 0.0.0.0 area 0 RouterA(config-router)#network 10.2.2.3 0.0.0.0 area 0 RouterA(config-router)#network 10.140.1.2 0.0.0.0 area 0 RouterA(config-router)#network 10.23.23.1 0.0.0.0 area 0

Step 2 Step 3

Step 4 Step 5

Configure a bandwidth of 64 Kb on both serial interfaces, S0/0/0 and S0/0/1. Proceed to Task 4.

Activity Verification
You have completed this task when you attain these results: Assigned the routing process ID Identified the networks that will participate in the OSPF routing process

38

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 4: Enable OSPF Plain Text Authentication


The purpose of this task is to configure OSPF authentication on the router. The OSPF protocol will not advertise routes between neighbors until they have correctly identified themselves.

Activity Procedure
Complete the following steps on the workgroup router:
Step 1

Assign a password to be used with all neighboring routers that use OSPF plain text password authentication (core router and partner router). Use san-fran as a password. Enable your workgroup router to utilize plain text OSPF authentication with each of your neighbor OSPF routers. Proceed to Task 5.

Step 2

Step 3

Activity Verification
You have completed this task when you attain these results: Assigned an authentication password Enabled authentication

Task 5: Verify OSPF Routing and Plain Text Authentication


In this topic, you will verify the operation and configuration of the OSPF routing protocol and plain text authentication. You will do this using several show commands.

Activity Procedure
Complete the following steps on the workgroup router:
Step 1

Use the show ip route command to verify the routes learned from the OSPF routing protocol. Your output should look similar to the following display:

RouterA# sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 5 subnets 10.23.23.0 is directly connected, Serial0/0/1 10.2.2.0 is directly connected, FastEthernet0/0 10.1.1.0 [110/1563] via 10.140.1.1, 00:03:15, Serial0/0/0 10.140.2.0 [110/3124] via 10.140.1.1, 00:03:15, Serial0/0/0 [110/3124] via 10.23.23.2, 00:03:15, Serial0/0/1 10.140.1.0 is directly connected, Serial0/0/0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks 192.168.1.64/28 is directly connected, Loopback0 192.168.1.81/32 [110/1563] via 10.23.23.2, 00:03:17, Serial0/0/1
Lab Guide 39

C C O O C C O

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 2

Use the show ip protocols command to verify that the OSPF routing protocol is enabled and that the routing process ID that you assigned in Task 1 are recognized by OSPF (the router ID should be the IP address of the loopback interface of your workgroup router). Your output should look similar to the following display:
RouterA# sh ip protocol Routing Protocol is "ospf 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.1.65 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 10.2.2.3 0.0.0.0 area 0 10.23.23.1 0.0.0.0 area 0 10.140.1.2 0.0.0.0 area 0 192.168.1.65 0.0.0.0 area 0 Reference bandwidth unit is 100 mbps Routing Information Sources: Gateway 192.168.1.81 172.16.31.100 Distance 110 110 Last Update 00:04:52 00:04:52

Distance: (default is 110)


Step 3

Use the show ip ospf neighbor command to display the neighbor status. Your output should look similar to the following display:

RouterA# sh ip ospf neighbor Neighbor ID 172.16.31.100 192.168.1.81 Pri 0 0 State FULL/ FULL/ Dead Time 00:00:31 00:00:31 Address 10.140.1.1 10.23.23.2 Interface Serial0/0/0 Serial0/0/1

What is the neighbor state to the core and adjacent workgroup router?

What is the neighbor ID used by these routers?

Note

You will not see your neighbors until they complete the preceding tasks of this lab activity.

Step 4

Ping the TFTP server at 10.1.1.1. Ping the Ethernet interface of another workgroup router. Use the Job Aids table for this lab activity to find an address to ping. If the other workgroup also has OSPF successfully configured, these pings should be successful.

40

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 5

Use the debug ip ospf events command to display the OSPF hello messages sent to the router. Your output should look similar to the following display:
RouterA# debug ip ospf events OSPF events debugging is on RouterA# *Feb 28 18:48:54.039: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/0 from 10.140.1.2 *Feb 28 18:48:54.039: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 10.2.2.3 *Feb 28 18:48:54.039: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/1 from 10.23.23.1 *Feb 28 18:48:56.979: OSPF: Rcv hello from 192.168.1.81 area 0 from Serial0/0/1 10.23.23.2 *Feb 28 18:48:56.979: OSPF: End of hello processing *Feb 28 18:48:57.187: OSPF: Rcv hello from 172.16.31.100 area 0 from Serial0/0/0 10.140.1.1 *Feb 28 18:48:57.191: OSPF: End of hello processing *Feb 28 18:49:04.039: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/0 from 10.140.1.2 *Feb 28 18:49:04.039: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 10.2.2.3 *Feb 28 18:49:04.039: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/1 from 10.23.23.1u a *Feb 28 18:49:06.979: OSPF: Rcv hello from 192.168.1.81 area 0 from Serial0/0/1 10.23.23.2 *Feb 28 18:49:06.979: OSPF: End of hello processing

Step 6

Turn debugging off. Your output should look similar to the following display:
RouterA# undebug all All possible debugging has been turned off

Step 7 Step 8

Save your running configuration to NVRAM. Notify your instructor that you have completed the activity.

Activity Verification
You have completed this task when you attain these results: Verified the operation and configuration of the OSPF routing protocol by using the appropriate show and debug commands Verified connectivity by pinging remote addresses that are not directly connected to your workgroup router

2007 Cisco Systems, Inc.

Lab Guide

41

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 4-2: Troubleshooting OSPF


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will use the troubleshooting guidelines discussed in the corresponding module to gather symptoms, isolate problems, and correct problems commonly found in an OSPF network. After completing this activity, you will be able to meet these objectives: Discover OSPF network connectivity issues and follow troubleshooting guidelines to isolate and fix OSPF connectivity problems

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 4-2: Troubleshooting OSPF

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.09

Required Resources
These are the resources and equipment that are required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

42

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. OSPF Troubleshooting Commands
Command Description Merges file on the TFTP server with the device runningconfig Displays the OSPF neighbor establishment process Displays a summary of OSPF transaction information Tests Layer 3 connectivity Displays statistics for interfaces configured on the router Displays statistics for interfaces that have OSPF enabled Determines the state of an OSPF neighbor Displays values about routing protocols and routing protocol timer information associated with the router Displays the routing table

copy tftp runningconfiguration debug ip ospf adj debug ip ospf events ping 10.1.1.1 show interfaces type show ip ospf interface show ip ospf neighbor show ip protocols show ip route

Job Aids
These job aids are available to help you complete the lab activity.
WG Switch Interface VLAN 1 (SwitchX) Router Fa0/0 Interface (RouterX) Router Loopback 0 Interface (RouterX) Router S0/0/0 Interface (RouterX) Router S0/0/1 Interface (RouterX) Core Router Serial Interface (Core Router) 10.140.1.1/24 10.140.2.1/24 10.140.3.1/24 10.140.4.1/24 10.140.5.1/24 10.140.6.1/24 10.140.7.1/24 10.140.8.1/24

A B C D E F G H

10.2.2.11/24 10.3.3.11/24 10.4.4.11/24 10.5.5.11/24 10.6.6.11/24 10.7.7.11/24 10.8.8.11/24 10.9.9.11/24

10.2.2.3/24 10.3.3.3/24 10.4.4.3/24 10.5.5.3/24 10.6.6.3/24 10.7.7.3/24 10.8.8.3/24 10.9.9.3/24

192.168.1.65/28 192.168.1.81/28 192.168.2.65/28 192.168.2.81/28 192.168.3.65/28 192.168.3.81/28 192.168.4.65/28 192.168.4.81/28

10.140.1.2/24 10.140.2.2/24 10.140.3.2/24 10.140.4.2/24 10.140.5.2/24 10.140.6.2/24 10.140.7.2/24 10.140.8.2/24

10.23.23.1/24 10.23.23.2/24 10.45.45.1/24 10.45.45.2/24 10.67.67.1/24 10.67.67.2/24 10.89.89.1/24 10.89.89.2/24

2007 Cisco Systems, Inc.

Lab Guide

43

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Use the table to document the troubleshooting process. Troubleshooting Steps


Command to Gather Symptoms Example: ping 172.16.2.2 show ip interface brief ping 172.16.2.2 show interface Fa0/1 ping 172.16.2.2 fails int Fa0/1 is administratively down still fails has incorrect ip address succeeds ----no shutdown ----ip address 192.168.1.2 Isolate the Problem Command to Correct the Problem

Task 1: Update Your Workgroup Configurations


In this task, you will download a new supplemental configuration to your workgroup router from the TFTP server. However, the supplemental configuration that you download contains configuration errors that cause loss of connectivity with the rest of the network. You will troubleshoot to isolate and correct the problem or problems that this supplemental file introduces.

Activity Procedure
Complete these steps:
Step 1

Ensure connectivity with the TFTP server. Ping the TFTP server (10.1.1.1) from your workgroup router.
If your ping is unsuccessful, contact your instructor.

Note

Step 2

Download the supplement configuration from the TFTP server into the running configuration of your workgroup router. The name of the file to download is i2wg_ro-config-lab4-2.txt.

44

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 3

Type exit from the privilege EXEC prompt and ensure your router banner reads: ************** wg_ro-config-lab4-2 ***********************

Step 4

Ping the TFTP server from your workgroup router. Are you successful?

Step 5

Check your workgroup router routing table. Check the OSPF neighbor relationships. What did you find?

Step 6

Use the debug ip ospf events command. What did you find?

Step 7

Without utilizing the show run command, use the troubleshooting guidelines and commands discussed in the corresponding module to gather symptoms and isolate and correct the problems. Use the Job Aids table of this lab to document the troubleshooting process. Once you have fixed the problem, save your running configuration to NVRAM.

Step 8

Activity Verification
You have completed this task when you attain these results: Re-established OSPF neighbor relationships with your directly connected routers Populated the routing table of your workgroup router with OSPF-learned routes from the core router Re-established network connectivity and can successfully ping the TFTP server

2007 Cisco Systems, Inc.

Lab Guide

45

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 5-1: Implementing EIGRP


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will determine routes from a workgroup to a core site with EIGRP. After completing this activity, you will be able to meet these objectives: Configure EIGRP on the router Configure MD5 authentication for EIGRP Verify the correct operation and configuration of EIGRP routing using show commands, and verify the correct operation and configuration of EIGRP MD5 authentication Debug the EIGRP neighbor processes

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 5-1: Implementing EIGRP

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.010

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

46

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Commands
Command Description Displays EIGRP neighbors discovered by EIGRP Specifies MD5 authentication for EIGRP packets

debug eigrp neighbors ip authentication mode eigrp autonomous-system md5 ip authentication keychain eigrp autonomoussystem name-of-chain key chain name-of-chain key key-id key-string text network network-number no debug all ping ip-address

Enables authentication of EIGRP packets using the key in the keychain

Enters configuration mode for the keychain Identifies a key and enters configuration mode for the keyid Identifies a key string (password) Enables the routing protocol on the interfaces that match the specified network Turns off all debugging displays Tests Layer 3 connectivity

router eigrp autonomous- Enables EIGRP system show interfaces show ip eigrp neighbors show ip protocols show ip route
Displays statistics for the interfaces configured on the router Determines the state of an EIGRP neighbor Displays values about routing protocols and routing protocol timer information associated with the router Displays the IP routing table

Job Aids
These job aids are available to help you complete the lab activity. In this activity, you will use the default encapsulation for a serial link, HDLC, to distribute routing protocol traffic from your workgroup to the core. You will configure the EIGRP routing protocol, implementing EIGRP MD5 authentication to ensure routing update authenticity. Then you will verify the configuration and operation of EIGRP. The following table lists the IP addresses that you will use in this lab activity. Subnet masks are designated with /bits to indicate the number of network bits in the mask.

2007 Cisco Systems, Inc.

Lab Guide

47

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

WG

Switch Interface VLAN 1 (SwitchX)

Router Fa0/0 Interface (RouterX)

Router Loopback 0 Interface (RouterX)

Router S0/0/0 Interface (RouterX)

Router S0/0/1 Interface (RouterX)

Core Router Serial Interface (Core Router) 10.140.1.1/24 10.140.2.1/24 10.140.3.1/24 10.140.4.1/24 10.140.5.1/24 10.140.6.1/24 10.140.7.1/24 10.140.8.1/24

A B C D E F G H

10.2.2.11/24 10.3.3.11/24 10.4.4.11/24 10.5.5.11/24 10.6.6.11/24 10.7.7.11/24 10.8.8.11/24 10.9.9.11/24

10.2.2.3/24 10.3.3.3/24 10.4.4.3/24 10.5.5.3/24 10.6.6.3/24 10.7.7.3/24 10.8.8.3/24 10.9.9.3/24

192.168.1.65/28 192.168.1.81/28 192.168.2.65/28 192.168.2.81/28 192.168.3.65/28 192.168.3.81/28 192.168.4.65/28 192.168.4.81/28

10.140.1.2/24 10.140.2.2/24 10.140.3.2/24 10.140.4.2/24 10.140.5.2/24 10.140.6.2/24 10.140.7.2/24 10.140.8.2/24

10.23.23.1/24 10.23.23.2/24 10.45.45.1/24 10.45.45.2/24 10.67.67.1/24 10.67.67.2/24 10.89.89.1/24 10.89.89.2/24

Task 1: Enable Routing with EIGRP


The purpose of this task is to configure EIGRP on the router. You will do this by assigning the routing autonomous system and identifying the networks that will participate in the EIGRP routing process.

Activity Procedure
Complete the following steps on the workgroup router:
Step 1 Step 2 Step 3 Step 4

From your PC, establish a connection to the lab equipment. Select your workgroup from the Main menu. Select your workgroup router from the Pod menu. Verify that the first two serial interfaces, S0/0/0 and S0/0/1, are configured for HDLC by using the show interfaces serial command. The fourth line in the output should indicate your encapsulation type. Verify whether a DCE or DTE cable is connected on your second serial interface (S0/0/1) by using the show controllers serial interface command. If you have the DCE side of the connection on your second serial interface (S0/0/1), verify that a clock rate of 64000 is set. (This should have been done in a previous lab.)
DTE interfaces do not require a clock rate to be set.

Step 5

Note

Step 6

Enable the EIGRP routing process. Use an EIGRP autonomous system number of 100. Enable EIGRP on your loopback 0 interface, your Fa0/0 interface, and your two serial interfaces, S0/0/0 and S0/0/1.Use two network statements. Configure the bandwidth of both serial interfaces, S0/0/0 and S0/0/1, to 64 Kb.
2007 Cisco Systems, Inc.

Step 7

Step 8
48

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 9

Proceed to Task 2.

Activity Verification
You have completed this task when you attain these results: Enabled EIGRP and assigned the autonomous system number Identified the networks that will participate in the EIGRP routing process

Task 2: Enable EIGRP MD5 Authentication


The purpose of this task is to configure EIGRP authentication on the router. The EIGRP protocol will not advertise routes between neighbors until they have correctly identified themselves.

Activity Procedure
Complete the following steps on the workgroup router:
Step 1 Step 2 Step 3

Create a keychain named icndchain. Configure a key 1 that has a key string of san-fran. Enable the workgroup router to utilize EIGRP MD5 authentication with each of your EIGRP neighbors and to use the keychain icndchain. Proceed to Task 3.

Step 4

Activity Verification
You have completed this task when you attain these results: Created and implemented an EIGRP keychain Enabled the EIGRP MD5 authentication

Task 3: Verify EIGRP Routing and MD5 Authentication


In this topic, you will verify the operation and configuration of the EIGRP routing protocol. You will do this using several show commands.

Activity Procedure
Complete the following steps on the workgroup router:
Step 1

Use the show ip route command to verify that the routes are learned from EIGRP. Your output should look similar to the following display:

RouterA# sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

2007 Cisco Systems, Inc.

Lab Guide

49

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks 172.16.31.0/24 [90/40640000] via 10.140.1.1, 00:01:09, Serial0/0/0 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 10.23.23.0/24 is directly connected, Serial0/0/1 10.3.3.0/24 [90/40514560] via 10.23.23.2, 00:01:09, Serial0/0/1 10.2.2.0/24 is directly connected, FastEthernet0/0 10.1.1.0/24 [90/40514560] via 10.140.1.1, 00:01:10, Serial0/0/0 10.0.0.0/8 is a summary, 00:27:11, Null0 10.140.2.0/24 [90/41024000] via 10.140.1.1, 00:01:12, Serial0/0/0 [90/41024000] via 10.23.23.2, 00:01:12, Serial0/0/1 10.140.1.0/24 is directly connected, Serial0/0/0 192.168.1.0/24 is variably subnetted, 3 subnets, 3 masks 192.168.1.64/28 is directly connected, Loopback0 192.168.1.81/32 [110/1563] via 10.23.23.2, 00:26:58, Serial0/0/1 192.168.1.0/24 is a summary, 00:01:09, Null0

D C D C D D D C C O D

Do you see a mix of OSPF and EIGRP routes? Why or why not?

Note

Not every workgroup in the class may have finished configuring EIGRP.

Step 2

Use the show ip protocols command to verify that EIGRP is enabled and that EIGRP recognizes the autonomous system. Your output should look similar to the following display:
RouterA# show ip protocols Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 100 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is in effect Automatic address summarization: 192.168.1.0/24 for FastEthernet0/0, Serial0/0/0, Serial0/0/1 Summarizing with metric 128256 10.0.0.0/8 for Loopback0 Summarizing with metric 28160 Maximum path: 4 Routing for Networks: 10.0.0.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update (this router) 90 00:01:08

50

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

10.140.1.1 90 00:01:08 Distance: internal 90 external 170


Step 3

Use the show ip eigrp neighbor command to display the neighbor status. Your output should look similar to the following display:

RouterA# sh ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface 1 0 Note 10.23.23.2 10.140.1.1 Se0/0/1 Se0/0/0

Hold Uptime SRTT (sec) (ms) 13 00:02:26 29 10 00:28:26 24

Q Cnt 2280 0 2280 0

RTO

Seq Num 15 25

You cannot see your neighbors until they complete the preceding tasks of this lab activity.

Step 4

Ping the loopback interface (172.16.31.100) of the core router. Once another workgroup has finished configuring EIGRP, ping their Ethernet LAN interface listed in the Job Aids table for this lab activity. These pings should be successful. Proceed to Task 4.

Step 5

Activity Verification
You have completed this task when you attain these results: Verified the operation and configuration of the EIGRP routing protocol by using the show commands Verified connectivity by pinging remote addresses not directly connected to your workgroup router

Task 4: Debug Routing with EIGRP


In this task, you will debug EIGRP. This will help you know what to look for when you need to troubleshoot EIGRP issues.

Activity Procedure
Complete the following steps on the workgroup router:
Step 1 Step 2

Display the EIGRP neighbor events with the debug eigrp neighbors command. Enter interface configuration mode and enter the shutdown command on your second serial interface. Wait ten seconds and then enter the no shutdown command on your serial interface. Your output should look similar to the following display:

Step 3

RouterA#debug eigrp neighbors *Feb 28 22:05:51.651: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.81 on Serial0/0/1 from FULL to DOWN, Neighbor Down: Interface down or detached *Feb 28 22:05:51.659: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 10.23.23.2 (Serial0/0/1) is down: interface downn *Feb 28 22:05:51.659: Going down: Peer 10.23.23.2 total=1 stub 0 template=1, iidb-stub=0 iid-all=0 *Feb 28 22:05:51.659: EIGRP: Neighbor 10.23.23.2 went down on Serial0/0/1 *Feb 28 22:05:52.559: EIGRP: Packet from ourselves ignoredo *Feb 28 22:05:53.651: %LINK-5-CHANGED: Interface Serial0/0/1, changed state to administratively down *Feb 28 22:05:54.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to do
2007 Cisco Systems, Inc. Lab Guide 51

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

*Feb 28 22:05:57.391: EIGRP: Packet from ourselves ignoredn *Feb 28 22:06:02.271: EIGRP: Packet from ourselves ignoredo shut RouterA(config-if)# *Feb 28 22:06:06.955: EIGRP: Packet from ourselves ignored *Feb 28 22:06:07.355: %LINK-3-UPDOWN: Interface Serial0/0/1, changed state to up *Feb 28 22:06:07.515: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.81 on Serial0/0/1 from LOADING to FULL, Loading Done *Feb 28 22:06:08.355: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up *Feb 28 22:06:10.715: EIGRP: New peer 10.23.23.2 total=2 stub 0 template=1 idbstub=0 iidball=1 *Feb 28 22:06:10.715: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 10.23.23.2 (Serial0/0/1) is up: new adjacency Step 4 Step 5 Step 6

Turn debugging off. Save your running configuration to NVRAM. Notify your instructor that you have completed the activity.

Activity Verification
You have completed this activity when you attain this result: Debugged EIGRP by using the debug eigrp neighbor command

52

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 5-2: Troubleshooting EIGRP


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will use the troubleshooting guidelines discussed in the corresponding module to gather symptoms and isolate and correct problems commonly found in an EIGRP network. After completing this activity, you will be able to meet these objectives: Discover EIGRP network connectivity issues and follow troubleshooting guidelines to isolate and fix EIGRP connectivity problems Test EIGRP network connectivity

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 5-2: Troubleshooting EIGRP

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.011

Required Resources
These are the resources and equipment that are required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

2007 Cisco Systems, Inc.

Lab Guide

53

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. EIGRP Troubleshooting Commands
Command Description Displays a summary of EIGRP transaction information Creates a loopback interface Enables the routing protocol on the interfaces that match the specified network An extended ping that tests Layer 3 connectivity, allowing you to provide options Displays statistics for interfaces configured on the router Determines the state of an EIGRP neighbor Displays values about routing protocols and routing protocol timer information associated with the router Displays the routing table

debug ip eigrp interface loopback 1 network 172.16.0.0 ping <cr> show interfaces type show ip eigrp neighbor show ip protocols show ip route

Job Aids
In this lab exercise, loopback interfaces on your workgroup router and the core router will represent LANs that you will interconnect via the EIGRP routing protocol. You will create a new loopback interface on your workgroup router that will represent a LAN and test connectivity to the core router loopback. If connectivity fails, you will troubleshoot to isolate and correct the problem. These job aids are available to help you complete the lab activity.
WG Router Fa0/0 Interface (RouterX) Router Loopback 0 Interface (RouterX) Router Loopback 1 Interface (RouterX) Router S0/0/0 Interface (RouterX) Router S0/0/1 Interface (RouterX) Core Router Serial Interface (Core Router) 10.140.1.1/24 10.140.2.1/24 10.140.3.1/24 10.140.4.1/24 10.140.5.1/24 10.140.6.1/24 10.140.7.1/24 10.140.8.1/24

A B C D E F G H

10.2.2.3/24 10.3.3.3/24 10.4.4.3/24 10.5.5.3/24 10.6.6.3/24 10.7.7.3/24 10.8.8.3/24 10.9.9.3/24

192.168.1.65/28 192.168.1.81/28 192.168.2.65/28 192.168.2.81/28 192.168.3.65/28 192.168.3.81/28 192.168.4.65/28 192.168.4.81/28

172.16.2.1/24 172.16.3.1/24 172.16.4.1/24 172.16.5.1/24 172.16.6.1/24 172.16.7.1/24 172.16.8.1/24 172.16.9.1/24

10.140.1.2/24 10.140.2.2/24 10.140.3.2/24 10.140.4.2/24 10.140.5.2/24 10.140.6.2/24 10.140.7.2/24 10.140.8.2/24

10.23.23.1/24 10.23.23.2/24 10.45.45.1/24 10.45.45.2/24 10.67.67.1/24 10.67.67.2/24 10.89.89.1/24 10.89.89.2/24

54

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Use the table to document the troubleshooting process. Troubleshooting Steps


Command to Gather Symptoms Example: ping 172.16.2.2 show ip interface brief ping 172.16.2.2 show interface Fa0/1 ping 172.16.2.2 fails int Fa0/1 is administratively down still fails has incorrect ip address succeeds ----no shutdown ----ip address 192.168.1.2 Isolate the Problem Command to Correct the Problem

Task 1: Create and Advertise Your LAN


In this task, you will create a new loopback interface on your workgroup router that will represent a LAN and advertise it to the rest of the network.

Activity Procedure
Complete these steps:
Step 1

Ensure connectivity with the loopback interface of the core router. Ping the loopback interface of the core router (172.16.31.100) from your workgroup router.
If your ping is unsuccessful, contact your instructor.

Note

Step 2

Create a loopback 1 interface on your workgroup router, and assign it the address listed in the Job Aids table for this lab activity. Configure EIGRP on your workgroup router to advertise the loopback 1 network (172.16.0.0).

Step 3

2007 Cisco Systems, Inc.

Lab Guide

55

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 4

Use the show interface loopback 1 command to verify the interface and address. Your output should look similar to the following display:
RouterA# sh int lo1 Loopback1 is up, line protocol is up Hardware is Loopback Internet address is 172.16.2.1/24 MTU 1514 bytes, BW 8000000 Kbit, DLY 5000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation LOOPBACK, loopback not set Last input 00:00:03, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 202106 packets output, 12126360 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out

Step 5

Use the show ip protocols command to verify you are advertising the network for the loopback 1 interface. Your output should look similar to the following display:
RouterA# show ip protocols Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 100 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is in effect Automatic address summarization: 172.16.0.0/16 for FastEthernet0/0, Serial0/0/0, Serial0/0/1 Summarizing with metric 128256 10.0.0.0/8 for Loopback1 Summarizing with metric 28160 Maximum path: 4 Routing for Networks: 10.0.0.0 172.16.0.0 192.168.0.0 Routing Information Sources: Gateway Distance Last Update (this router) 90 00:17:20 10.23.23.2 90 00:02:16 10.140.1.1 90 00:02:16 Distance: internal 90 external 170

Step 6

Proceed to Task 2.

56

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Activity Verification
You have completed this task when you attain these results: Created interface loopback 1 and assigned it an address Advertised the loopback 1 network via EIGRP

Task 2: Test Connectivity


In this task, you will test connectivity from your LAN (interface loopback 1) to the core router LAN (the core router loopback interface). If connectivity fails, you will troubleshoot to isolate and correct the problem.

Activity Procedure
Complete these steps:
Step 1

In addition to increasing the number of packets sent in a ping, an extended ping also gives you the ability to change the source address of a ping. On your workgroup router, establish an extended ping, using your loopback 1 interface as the source and the core router loopback (172.16.31.100) as the target. The output will be similar to the following:
RouterA# ping Protocol [ip]: Target IP address: 172.16.31.100 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: loopback 1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.31.100, timeout is 2 seconds: Packet sent with a source address of 172.16.2.1

Note

You can also change the source address of the router ping using the command ping [destination_address] source [source_address|loopback]

Was the ping successful?

2007 Cisco Systems, Inc.

Lab Guide

57

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 2

Check the routing table of your workgroup router. What did you find?

Your output will be similar to the following:


RouterA# sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 1 subnets 172.16.2.0 is directly connected, Loopback1 10.0.0.0/24 is subnetted, 6 subnets 10.23.23.0 is directly connected, Serial0/0/1 10.3.3.0 [90/40514560] via 10.23.23.2, 01:11:41, Serial0/0/1 10.2.2.0 is directly connected, FastEthernet0/0 10.1.1.0 [90/40514560] via 10.140.1.1, 01:11:39, Serial0/0/0 10.140.2.0 [90/41024000] via 10.140.1.1, 01:11:40, Serial0/0/0 [90/41024000] via 10.23.23.2, 01:11:40, Serial0/0/1 10.140.1.0 is directly connected, Serial0/0/0 192.168.1.0/24 is variably subnetted, 3 subnets, 3 masks 192.168.1.64/28 is directly connected, Loopback0 192.168.1.81/32 [110/1563] via 10.23.23.2, 00:09:27, Serial0/0/1 192.168.1.0/24 [90/40640000] via 10.23.23.2, 00:07:25, Serial0/0/1

C C D C D D C C O D
Step 3

Establish a Telnet session to the core router (10.1.1.3) and check its routing table. What did you find?

The output will be similar to the following:


CoreRouter> sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set

58

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

C D D D D C C C O D
O D Step 4

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks 172.16.31.0/24 is directly connected, Loopback0 172.16.0.0/16 is a summary, 00:10:39, Null0 10.0.0.0/24 is subnetted, 6 subnets 10.23.23.0 [90/41024000] via 10.140.1.2, 01:15:07, Serial1/0 10.3.3.0 [90/41026560] via 10.140.1.2, 01:15:07, Serial1/0 10.2.2.0 [90/40514560] via 10.140.1.2, 01:15:07, Serial1/0 10.1.1.0 is directly connected, FastEthernet0/0.1 10.140.2.0 is directly connected, Serial1/1 10.140.1.0 is directly connected, Serial1/0 192.168.1.0/24 is variably subnetted, 4 subnets, 3 masks 192.168.1.65/32 [110/1563] via 10.140.1.2, 00:12:41, Serial1/0 192.168.1.64/28 [90/40640000] via 10.140.1.2, 00:10:42, Serial1/0
192.168.1.81/32 [110/1563] via 10.140.2.2, 00:12:44, Serial1/1 192.168.1.0/24 [90/41152000] via 10.140.1.2, 00:10:42, Serial1/0

On your workgroup router, enter the debug ip eigrp command. Use the shutdown and then no shutdown command to reset your workgroup router loopback 1 interface. Analyze the debug output that displays. What did you find by analyzing the debug output?

Step 5

The output will be similar to the following:


*Mar 2 05:09:47.151: IP-EIGRP(Default-IP-Routing-Table:100): route installed for 172.16.0.0 (Summary) *Mar 2 05:09:47.167: IP-EIGRP(Default-IP-Routing-Table:100): 172.16.2.0/24 - don't advertise out Serial0/0/0 *Mar 2 05:09:47.167: IP-EIGRP(Default-IP-Routing-Table:100): 172.16.0.0/16 - do advertise out Serial0/0/0 *Mar 2 05:09:47.167: IP-EIGRP(Default-IP-Routing-Table:100): Int 172.16.0.0/16 metric 128256 - 256 128000 *Mar 2 05:09:47.167: IP-EIGRP(Default-IP-Routing-Table:100): 172.16.2.0/24 - don't advertise out Serial0/0/1 *Mar 2 05:09:47.167: IP-EIGRP(Default-IP-Routing-Table:100): 172.16.0.0/16 - do advertise out Serial0/0/1
*Mar 2 05:09:47.167: IP-EIGRP(Default-IP-Routing-Table:100): Int 172.16.0.0/16 metric 128256 - 256 128000 Step 6

Without utilizing the show run command, use the troubleshooting guidelines and commands discussed in the corresponding module to gather symptoms and isolate and correct the problems. Use the Job Aids table at the beginning of this lab activity to document the troubleshooting process. Save your running configuration to NVRAM.

Step 7

Activity Verification
You have completed this task when you attain this result: Re-established network connectivity and can successfully ping from the workgroup router loopback 1 interface to the core router loopback interface

2007 Cisco Systems, Inc.

Lab Guide

59

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 6-1: Implementing and Troubleshooting ACLs


Complete the lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure IP ACLs. After completing this activity, you will be able to meet these objectives: Create an IP extended access list to block Telnet traffic, apply it to an interface, and verify its operation Create an IP extended ACL to block TFTP requests from a workgroup Troubleshoot to isolate and resolve an ACL problem

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 6-1: Implementing and Troubleshooting ACLs


WG Router s0/0/0 Router fa0/0 Switch A B C D E F G H 10.140.1.2 10.140.2.2 10.140.3.2 10.140.4.2 10.140.5.2 10.140.6.2 10.140.7.2 10.140.8.2 10.2.2.3 10.3.3.3 10.4.4.3 10.5.5.3 10.6.6.3 10.7.7.3 10.8.8.3 10.9.9.3 10.2.2.11 10.3.3.11 10.4.4.11 10.5.5.11 10.6.6.11 10.7.7.11 10.8.8.11 10.9.9.11

SwitchH

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.012

60

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Commands
Command Description Creates an extended IP ACL

access-list accesslist-number {permit | deny} {test conditions} copy tftp://10.1.1.1/ filename running-config ip access-group accesslist-number {in | out} ping ip-address show ip access-list show ip interface interface-type interface-number telnet ip-address

Copies the configuration from a TFTP server into RAM on a Cisco Catalyst switch Enables an IP ACL on an interface Common tool used to troubleshoot the accessibility of devices Displays the contents of all IP ACLs Displays IP-specific information of an interface, including the ACLs applied on an interface Starts a terminal emulation program from a PC, router, or switch that permits you to access network devices remotely over the network

2007 Cisco Systems, Inc.

Lab Guide

61

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Job Aids
This job aid is available to help you complete the lab activities.
WG Subnets Switch Interface VLAN 1 (SwitchX) Router Fa0/0 Interface (RouterX) Router Loopback 0 Interface (RouterX) Router S0/0/0 Interface (RouterX) Core Router Serial Interface (Core Router) 10.140.1.1/24 10.140.2.1/24 10.140.3.1/24 10.140.4.1/24 10.140.5.1/24 10.140.6.1/24 10.140.7.1/24 10.140.8.1/24

10.x.x.0/24

A B C D E F G H

10.2.2.0/24 10.3.3.0/24 10.4.4.0/24 10.5.5.0/24 10.6.6.0/24 10.7.7.0/24 10.8.8.0/24 10.9.9.0/24

10.2.2.11/24 10.3.3.11/24 10.4.4.11/24 10.5.5.11/24 10.6.6.11/24 10.7.7.11/24 10.8.8.11/24 10.9.9.11/24

10.2.2.3/24 10.3.3.3/24 10.4.4.3/24 10.5.5.3/24 10.6.6.3/24 10.7.7.3/24 10.8.8.3/24 10.9.9.3/24

192.168.1.65/28 192.168.1.81/28 192.168.2.65/28 192.168.2.81/28 192.168.3.65/28 192.168.3.81/28 192.168.4.65/28 192.168.4.81/28

10.140.1.2/24 10.140.2.2/24 10.140.3.2/24 10.140.4.2/24 10.140.5.2/24 10.140.6.2/24 10.140.7.2/24 10.140.8.2/24

Task 1: Create an Extended ACL to Block Telnet Traffic into Your Workgroup
In this task, you will work with a student in another workgroup. You will configure an extended IP ACL to block incoming Telnet traffic from outside of your workgroup. You will configure the ACL, apply it to an interface, and verify the configuration by having your partner try to establish a Telnet session into your workgroup switch. If you have correctly configured the ACL, the Telnet request should fail. Next try to ping the same device, which should succeed. Workgroup Assignments: A-B, C-D, E-F, G-H.

Activity Procedure
Complete these steps on the workgroup router:
Step 1 Step 2 Step 3 Step 4

From your PC, establish a connection to the lab equipment. Select your workgroup from the Main menu. Select your workgroup router from the Pod menu. Shut down the second serial interface (S0/0/1) of your workgroup router using the shutdown command. Create an IP extended ACL to deny only Telnet traffic into your workgroup.

Step 5

62

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 6

Apply the IP extended ACL to your first serial interface. Should the extended ACL be applied as an inbound or outbound ACL?

Step 7

Enter the show ip access-list command to display the content of your IP extended ACL. Enter the show ip interface serial interface command to verify that the ACL is applied to the first serial interface. Ask your partner to establish a Telnet session into your workgroup switch, (10.x.x.11), from their workgroup router.
All attempts to use Telnet into your workgroup switch should fail.

Step 8

Step 9

Note

Step 10

Ask your partner to ping your workgroup switch (10.x.x.11) from their workgroup router.
All traffic into your workgroup devices except Telnet traffic should be successful.

Note

Step 11

Proceed to Task 2.

Activity Verification
You have completed this task when you attain this result: Created an IP extended ACL that blocks incoming Telnet traffic, but allows all other traffic from outside of your workgroup

Task 2: Edit an Extended ACL to Block TFTP Requests from Your Workgroup
In this task, you are asked to download a new supplemental configuration to your workgroup router from the TFTP server. The supplement configuration implements an ACL that restricts all further TFTP requests from your workgroup subnet. However, the supplemental configuration that you download contains configuration errors that will cause a loss of connectivity with the rest of the network. You will troubleshoot the configuration to isolate and correct the problem by editing the extended IP ACL.

Activity Procedure
Step 1

Ensure connectivity with the TFTP server. Ping the TFTP server (10.1.1.1) from your workgroup switch. Ping the TFTP server (10.1.1.1) from your workgroup router.
If either of these pings is unsuccessful, contact your instructor.

Step 2

Note

2007 Cisco Systems, Inc.

Lab Guide

63

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 3

Download the supplemental configuration from the TFTP server into the running configuration of your workgroup router. The name of the file to download is i2wg_ro-config-lab6-1.txt. Type exit from the privilege EXEC prompt and ensure your router banner reads: ************** wg_ro-config-lab6-1 ***********************

Step 4

Note

If the download was unsuccessful, contact your instructor.

Enter the show ip access-list command in order to display the contents of the IP extended ACL you just downloaded, access-list 175. Your output should look similar to the following display:
RouterA# sh ip access-lists Extended IP access list 101 10 deny tcp 10.140.2.0 0.0.0.255 any eq telnet (12 matches) 20 permit ip any any (353 matches) Extended IP access list 175 10 deny udp any any eq tftp 20 permit udp any any
Step 5

Enter the show ip interface serial interface command to verify that the ACL you just downloaded, access-list 175, is applied to the interface. Your output should look similar to the following display:
RouterA# sh ip int s0/0/0 Serial0/0/0 is up, line protocol is up Internet address is 10.140.1.2/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.10 224.0.0.5 Outgoing access list is 175 Inbound access list is 101 Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is enabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF -----Output omitted--------

64

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 6

Can you ping the TFTP server from your workgroup switch now?

Step 7

On your workgroup router, enter the show ip route command to verify a route to the TFTP server subnet, (10.1.1.0). What did you find?

Step 8

Edit access-list 175 so that it only denies TFTP requests from your workgroup but allows all other traffic. Once you have edited the ACL, test its effectiveness. From your workgroup switch, try to use TFTP to copy the configuration file i2-wg_sw-config-lab6-1.txt from the TFTP server (10.1.1.1) to your switch startup configuration.
All TFTP requests from your workgroup switch should fail with the IP extended ACL in place. You may have to wait for the TFTP to fail. The switch will retry the TFTP multiple times before displaying an error message.

Step 9

Note

Step 10

From your workgroup switch, ping the TFTP server and the loopback interface of the core router, 172.16.31.100.
All traffic other than TFTP should be successful.

Note

Step 11

Proceed to Task 3.

Activity Verification
You have completed this task when you attain these results: Copied your workgroup router configuration from the TFTP server and verified the loss of connectivity from your workgroup switch to the TFTP server Edited an extended IP ACL on your workgroup router that restricts TFTP requests from your workgroup, but allows all other traffic

Task 3: Remove the ACLs from the Serial Interface


In this task, you will clean up after the lab so that the configuration changes you made here do not negatively affect the next lab. It is important to complete this task.

Activity Procedure
Complete these steps on the workgroup router:
Step 1 Step 2 Step 3

Enter interface configuration mode for your serial interface. Remove all access groups from the serial interface. Enter global configuration mode.
Lab Guide 65

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 4 Step 5 Step 6

Remove both ACLs. Save your running configuration to NVRAM. Notify your instructor that you have completed the activity.

Activity Verification
You have completed this activity when you attain these results: Removed all access groups from the serial interface Removed both ACLs in global configuration mode

66

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 7-1: Configuring NAT and PAT


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure your workgroup router for PAT. After completing this activity, you will be able to meet these objectives: Configure inside and outside NAT interfaces and an IP ACL to permit hosts to use PAT Use show commands to verify the NAT configuration

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 7-1: Configuring NAT and PAT


WG Router s0/0/0 Router fa0/0 Switch A B C D E F G H 10.140.1.2 10.140.2.2 10.140.3.2 10.140.4.2 10.140.5.2 10.140.6.2 10.140.7.2 10.140.8.2 10.2.2.3 10.3.3.3 10.4.4.3 10.5.5.3 10.6.6.3 10.7.7.3 10.8.8.3 10.9.9.3 10.2.2.11 10.3.3.11 10.4.4.11 10.5.5.11 10.6.6.11 10.7.7.11 10.8.8.11 10.9.9.11

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.013

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

2007 Cisco Systems, Inc.

Lab Guide

67

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Commands
Command Description Debugs the NAT translation process Marks the interface as connected to the inside network Establishes dynamic source translation, specifying the access list

debug ip nat ip nat inside ip nat inside source list access-listnumber interface interface overload ip nat outside show ip nat statistics show ip nat translations

Marks the interface as connected to the outside network Displays translation statistics Displays active translations

Job Aids
This job aid is available to help you complete the lab activities.
WG Workgroup FastEthernet Subnets 10.x.x.0/24 Switch Interface VLAN 1 (SwitchX) Router Fa0/0 Interface (RouterX) Router Loopback 0 Interface (RouterX) Router S0/0/0 Interface (RouterX) Core Router Serial Interface (Core Router) 10.140.1.1/24 10.140.2.1/24 10.140.3.1/24 10.140.4.1/24 10.140.5.1/24 10.140.6.1/24 10.140.7.1/24 10.140.8.1/24

A B C D E F G H

10.2.2.0/24 10.3.3.0/24 10.4.4.0/24 10.5.5.0/24 10.6.6.0/24 10.7.7.0/24 10.8.8.0/24 10.9.9.0/24

10.2.2.11/24 10.3.3.11/24 10.4.4.11/24 10.5.5.11/24 10.6.6.11/24 10.7.7.11/24 10.8.8.11/24 10.9.9.11/24

10.2.2.3/24 10.3.3.3/24 10.4.4.3/24 10.5.5.3/24 10.6.6.3/24 10.7.7.3/24 10.8.8.3/24 10.9.9.3/24

192.168.1.65/28 192.168.1.81/28 192.168.2.65/28 192.168.2.81/28 192.168.3.65/28 192.168.3.81/28 192.168.4.65/28 192.168.4.81/28

10.140.1.2/24 10.140.2.2/24 10.140.3.2/24 10.140.4.2/24 10.140.5.2/24 10.140.6.2/24 10.140.7.2/24 10.140.8.2/24

68

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 1: Configure PAT


In this task, you will configure your router to provide a single address to the outside world for any workgroup address that needs to access the public network. First you will verify that you have connectivity from your workgroup router to the core router. Then you will configure both inside and outside NAT interfaces. Finally, you will configure an IP ACL to permit certain hosts to use PAT.

Activity Procedure
Complete these steps to configure port address translation:
Step 1 Step 2 Step 3 Step 4

From your PC, establish a connection to the lab equipment. Select your workgroup from the Main menu. Select your workgroup from the Pod menu. From your workgroup switch, verify that you can ping the core router (10.1.1.3).
If the ping is not successful, contact your instructor.

Note

Step 5

To begin your NAT configuration, configure the first Ethernet interface on your workgroup router as the inside interface. To continue the NAT configuration, configure the first serial interface of your workgroup router as the outside interface. Configure a standard IP ACL to permit any host on your workgroup FastEthernet subnet, 10.x.x.0/24, to be translated by the PAT process. Check the subnet addressing listed in the Job Aids table for this lab activity. Configure PAT using the first serial interface IP address as the inside global IP address. Enable NAT debugging. Proceed to Task 2.

Step 6

Step 7

Step 8

Step 9 Step 10

Activity Verification
You have completed this task when you attain these results: Verified that you have connectivity from your workgroup router to the core router Configured both inside and outside NAT interfaces Configured an IP ACL to permit certain hosts to use PAT

2007 Cisco Systems, Inc.

Lab Guide

69

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 2: Verify PAT Using show and debug Commands


In this task, you will verify that PAT is configured correctly.

Activity Procedure
Complete these steps to verify port address translation:
Step 1

From your workgroup switch, verify that you can ping the core router (10.1.1.3) to trigger the PAT process on your workgroup router. You should see output from the NAT debug command. From your workgroup router, enter the show ip nat translations command. Your output should look similar to the following display:
Outside local 10.1.1.3:13 Outside global 10.1.1.3:13

Step 2 Step 3

RouterA# show ip nat translations Pro Inside global Inside local icmp 10.140.1.2:13 10.2.2.11:13
Step 4

Enter the show ip nat statistics command. Your output should look similar to the following display:
RouterA# show ip nat statistics Total active translations: 1 (0 static, 1 dynamic; 1 extended) Outside interfaces: Serial0/0/0 Inside interfaces: FastEthernet0/0 Hits: 9 Misses: 1 CEF Translated packets: 10, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 2] access-list 1 interface Serial0/0/0 refcount 1 Queued Packets: 0

Step 5 Step 6

Disable all of the PAT configurations on your workgroup router. Ping the core router (10.1.1.3) from your workgroup switch to verify that your configuration is working. Save your running configuration to NVRAM. Notify your instructor that you have completed the activity.

Step 7 Step 8

Activity Verification
You have completed this activity when you attain these results: Verified that PAT is configured correctly by pinging the core router (10.1.1.3) Disabled all PAT configurations on your workgroup router

70

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 7-2: Implementing IPv6


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will allocate and configure IPv6 addresses on your workgroup routers. After completing this activity, you will be able to meet these objectives: Determine how to allocate IPv6 addresses for the assigned routers, given an IPv6 numbering scheme and a prefix Configure router interfaces for IPv6 and assign addresses Configure RIP to support IPv6 and IPv6 addresses Configure and verify a dual-stack router configuration

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 7-2: Implementing IPv6

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.014

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

2007 Cisco Systems, Inc.

Lab Guide

71

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Commands
Command Description Enables an IPv6 address on an interface and forces the router to complete the low-order 64-bit of the address by using the interface link-layer address (MAC address) Statically assigns an IPv6 address and a prefix length to the tunnel interface Enables the specified IPv6 RIP routing process on an interface. Configures an IPv6 RIP routing process and enters router configuration mode for the IPv6 RIP routing process Enables IPv6 traffic forwarding Displays IPv6 information about an interface

ipv6 address ipv6 address/prefix length eui-64

ipv6 address ipv6address/prefix-length ipv6 rip name enable ipv6 router rip name

ipv6 unicast-routing show ipv6 interface show ipv6 rip

Displays information about the current IPv6 RIP processes


Displays the IPv6 routing table

show ipv6 route

Job Aids
This job aid is available to help you complete the lab activities.
Workgroup Group# Router# IPv4 Loopback 2 Interface Address (Router X) 10.123.123.1/24 10.132.132.1/24 10.145.145.1/24 10.154.154.1/24 10.167.167.1/24 10.176.176.1/24 10.189.189.1/24 10.198.198.1/24

A B C D E F G H

1 1 2 2 3 3 4 4

1 2 3 4 5 6 7 8

Task 1: IPv6 Preparation


Task 1 is an address-planning exercise. Configuration will begin in Task 2. You will be working with a student in another workgroup. Group Assignments: A-B, C-D, E-F, G-H.
72 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Activity Procedure
Complete these steps:
Step 1

Use the information below to complete the following worksheet for each router in your group:
Group # (X) Router # (Y) Interface S0/0/1 IPv6 Address Interface Loopback 2 IPv6 Address

Your router: Your partner router:

In this lab activity, the second serial interface (S0/0/1) will use the following IPv6 address format: 2001:0410:000x:10::/64 eui-64 In which x = your group number listed in the Job Aids table for this activity For example, the IPv6 address of the second serial interface (S0/0/1) of router A would be 2001:0410:0001:10::/64 eui-64.
Note The :10 is the subnet portion of your IPv6 address. For this lab, it is important that the S0/0/1 interfaces that are in the same group have the same subnet address. The eui-64 parameter forces the router to complete the low-order 64-bits of the address (the host portion) by using the interface link-layer address (MAC address).

You will be creating a loopback 2 interface on your workgroup router in Task 2. The loopback 2 interface for each workgroup router will use the following IPv6 address format: 2001:0410:000x:y::/64 eui-64 In which x = your group number listed in the Job Aids table for this activity and y = your router number listed in the Job Aids table for this activity. For example, the IPv6 address of the loopback 2 interface of router A would be 2001:0410:0001:1::/64 eui-64.
Note The subnet portion of the IPv6 address is :y. It is important for this lab that the loopback 2 interface of each router is in a different subnet.

2007 Cisco Systems, Inc.

Lab Guide

73

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Activity Verification
You have completed this activity when you attain this result: Determined which IPv6 addresses will be assigned to all interfaces

Task 2: Configure IPv6 Addresses


You will enable IPv6 globally on your router and configure IPv6 addresses on interfaces S0/0/1 and Lo2.

Activity Procedure
Complete these steps:
Step 1

Shutdown the first serial interface (S0/0/0) of your workgroup router that connects to the core using the shutdown command. Enable the second serial interface (S0/0/1) of your workgroup router using the no shutdown command. Enable IPv6 on your workgroup router. Assign the second serial interface (S0/0/1) the IPv6 address determined in Task 1. Create a loopback 2 interface and assign it the IPv6 address determined in Task 1. Display the IPv6 interface information to verify that all of the interfaces on your workgroup router are configured with the appropriate IPv6 address. Your output should resemble the following:
RouterA# show ipv6 int Serial0/0/1 is down, line protocol is down IPv6 is enabled, link-local address is FE80::21A:6CFF:FE59:D60 [TEN] Global unicast address(es): 2001:410:1:10:21A:6CFF:FE59:D60, subnet is 2001:410:1:10::/64 [EUI/TEN] Joined group address(es): FF02::1 FF02::2 FF02::1:FF59:D60 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds Hosts use stateless autoconfig for addresses. Loopback2 is up, line protocol is up IPv6 is enabled, link-local address is FE80::21A:6CFF:FE59:D60 Global unicast address(es): 2001:410:1:1:21A:6CFF:FE59:D60, subnet is 2001:410:1:1::/64 [EUI] Joined group address(es): FF02::1

Step 2

Step 3 Step 4 Step 5 Step 6

74

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

FF02::2 FF02::1:FF59:D60 MTU is 1514 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is not supported ND reachable time is 30000 milliseconds Hosts use stateless autoconfig for addresses.
Note The status of your S0/0/1 IPv6 interface depends upon whether your partner has completed Task 2.

On each of the IPv6 interfaces, do you see an IPv6 address that you have not configured? If so, what is that address?

Activity Verification
You have completed this activity when you attain these results: Enabled IPv6 globally and configured IPv6 addresses on S0/0/1 and Lo2 interfaces Shut down the first serial interface and enabled the second serial interface of your workgroup router

Task 3: Enable RIP for IPv6


In this task, you will enable RIP for IPv6 on your workgroup router.

Activity Procedure
Step 1 Step 2

On your workgroup router, globally enable IPv6 RIP. Use the process name cisco. Enable the IPv6 RIP process on your second serial interface (S0/0/1) and loopback 2 interface. Display the IPv6 RIP information to confirm that you have enabled IPv6 RIP on your routers. The output from your routers should resemble the following:
RouterA# show ipv6 rip RIP process "cisco", port 521, multicast-group FF02::9, pid 230 Administrative distance is 120. Maximum paths is 16 Updates every 30 seconds, expire after 180 Holddown lasts 0 seconds, garbage collect after 120 Split horizon is on; poison reverse is off Default routes are not generated Periodic updates 6, trigger updates 1 Interfaces:

Step 3

2007 Cisco Systems, Inc.

Lab Guide

75

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Loopback2 Serial0/0/1 Redistribution: None


Step 4

View the IPv6 routing table on your router. Your display should resemble the following:
RouterA# show ipv6 route IPv6 Routing Table - 7 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 C 2001:410:1:1::/64 [0/0] via ::, Loopback2 L 2001:410:1:1:21A:6CFF:FE59:D60/128 [0/0] via ::, Loopback2 R 2001:410:1:2::/64 [120/2] via FE80::217:5AFF:FE2E:F570, Serial0/0/1 C 2001:410:1:10::/64 [0/0] via ::, Serial0/0/1 L 2001:410:1:10:21A:6CFF:FE59:D60/128 [0/0] via ::, Serial0/0/1 L FE80::/10 [0/0] via ::, Null0 L FF00::/8 [0/0] via ::, Null0

Note

Your IPv6 routing table should display a route to the loopback 2 interface network of your partner.

Activity Verification
You have completed this activity when you attain this result: You have learned the IPv6 network of the loopback 2 interface of your partner router.

76

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 4: Configuring and Verifying a Dual-Stack Router


In this task, you will enable IPv4 connectivity between networks currently configured for IPv6 on your workgroup router.

Activity Procedure
Step 1

On your workgroup router, configure the loopback 2 interface with the IPv4 address indicated in the Job Aids table of this lab activity. Use the show ip route command to verify EIGRP has learned the network of the loopback 2 interface of your partner.
The EIGRP network statement you configured in a previous lab (network 10.0.0.0) should advertise the IPv4 network assigned to the loopback 2 interface.

Step 2

Note

Step 3

Ping all of the IPv4 addresses of your partner workgroup router, including the loopback 2 interface. Ping all of the IPv6 addresses of your partner workgroup router, including the loopback 2 interface.
To make it easier to ping the IPv6 addresses for the remainder of this activity, obtain the IPv6 addresses of all of the routers in your workgroup and copy them into a Notepad document. You can use the show cdp neighbor detail command to display the IPv6 address of the directly connected interface of your partner router. You can also establish a Telnet session into the router of your partner and use the show ipv6 interface brief command to display the IPv6 addresses of the rest of the interfaces of your partner router. When you have documented the IPv6 addresses, simply copy the address from the Notepad file and paste it into the ping command when you wish to ping the IPv6 interface of one of your neighboring routers.

Step 4

Note

Step 5

Your output should resemble the following:


RouterA# ping 2001:410:1:2:216:9DFF:FEB0:EA48

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:410:1:2:216:9DFF:FEB0:EA48, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms

Activity Verification
You have completed this activity when you attain this result: You have IPv4 and IPv6 connectivity between routers in your group.

2007 Cisco Systems, Inc.

Lab Guide

77

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 8-1: Establishing a Frame Relay WAN


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure the workgroup router serial interface for Frame Relay encapsulation to complete a packet-switched connection to the core. After completing this activity, you will be able to meet these objectives: Configure a serial interface to use Frame Relay encapsulation Verify the Frame Relay connection using show and ping commands Configure the debug frame-relay lmi command and interpret the output Configure a router subinterface and associate it with a specific DLCI

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 8-1: Establishing a Frame Relay WAN


WG A B C D E F G H Router s0/0/0 10.140.1.2 10.140.2.2 10.140.3.2 10.140.4.2 10.140.5.2 10.140.6.2 10.140.7.2 10.140.8.2

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.015

78

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Command
Command Description Displays debug information for Frame Relay LMI signaling. Enables Frame Relay encapsulation on an interface.

debug frame relay lmi encapsulation framerelay

frame-relay interface- Specifies a DLCI identifier on a point-to-point subinterface. dlci dlci-number interface serial number.subinterfacenumber {multipoint | point-to-point} ping ip-address
Enters subinterface configuration mode and selects either a point-topoint or a multipoint connection.

Common tool used to troubleshoot the accessibility of devices. It uses ICMP echo requests and ICMP echo replies to determine whether a remote host is active. The ping command also measures the amount of time it takes to receive the echo reply. Displays LMI information. Displays Frame Relay route maps. Displays PVC traffic statistics. Displays interface information. Displays the active configuration. Displays the running configuration of the interface.

show frame-relay lmi show frame-relay map show frame-relay pvc show interfaces show running-config show running-config interface type slot/port

2007 Cisco Systems, Inc.

Lab Guide

79

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Job Aids
These job aids are available to help you complete the lab activities. The table lists the IP addresses for the serial connection.
WG Switch Interface VLAN 1 (Switch X) Router Fa0/0 Interface (Router X) Router S0/0/0 Interface (Router X) Local DLCI Identifying PVC to Core Core Router Serial Interface (Core Router) 10.140.1.1/24 10.140.2.1/24 10.140.3.1/24 10.140.4.1/24 10.140.5.1/24 10.140.6.1/24 10.140.7.1/24 10.140.8.1/24

A B C D E F G H

10.2.2.11/24 10.3.3.11/24 10.4.4.11/24 10.5.5.11/24 10.6.6.11/24 10.7.7.11/24 10.8.8.11/24 10.9.9.11/24

10.2.2.3/24 10.3.3.3/24 10.4.4.3/24 10.5.5.3/24 10.6.6.3/24 10.7.7.3/24 10.8.8.3/24 10.9.9.3/24

10.140.1.2/24 10.140.2.2/24 10.140.3.2/24 10.140.4.2/24 10.140.5.2/24 10.140.6.2/24 10.140.7.2/24 10.140.8.2/24

100 110 120 130 140 150 160 170

Task 1: Enable a Frame Relay Connection


For this task, you will configure your first serial interface to use Frame Relay encapsulation.

Activity Procedure
Step 1 Step 2 Step 3 Step 4

From your PC, establish a connection to the lab equipment. Select your workgroup from the Main menu. Select your workgroup router from the Pod menu. Enter interface configuration mode for the first serial interface on the workgroup router (S0/0/0) and disable it with the shutdown command. Enable Frame Relay on the first serial interface (S0/0/0) of your router.
The LMI type will be determined using autosensing. Inverse ARP will be used to map IP addresses to DLCIs.

Step 5

Note

Step 6 Step 7

Enable the first serial interface, (S0/0/0), using the no shutdown command. Use the show running-config command for the S0/0/0 interface. Your output should look similar to the following display:
interface Serial 0/0/0 ip address 10.140.1.2 255.255.255.0 encapsulation frame-relay no ip mroute-cache no fair-queue

Step 8

Proceed to Task 2.

80

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Activity Verification
You have completed this task when you attain this result: Configured your first serial interface to use Frame Relay encapsulation

Task 2: Verify a Frame Relay Connection


For this task, you will verify the configuration by using show commands and by executing a ping to the core router.

Activity Procedure
Complete the following steps on your workgroup router to verify the Frame Relay connection:
Step 1

Verify that your first serial interface is in the up/up state with the show interfaces serial command. Your output should look similar to the following display:
RouterA#show interfaces s0/0/0 Serial0/0/0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5 Last input 00:00:02, output 00:00:02, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38756 packets input, 5695381 bytes, 0 no buffer Received 24172 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38777 packets output, 2164927 bytes, 0 underruns 0 output errors, 0 collisions, 6069 interface resets 0 output buffer failures, 0 output buffers swapped out 510 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

Step 2

Verify the LMI type with the show frame-relay lmi command. Your output should look similar to the following display:
RouterA#show frame-relay lmi LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Sent 18 Num Status msgs Rcvd 19 Num Update Status Rcvd 0 Num Status Timeouts 0

2007 Cisco Systems, Inc.

Lab Guide

81

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 3

Verify the PVC status with the show frame-relay pvc command. Your output should look similar to the following display:
RouterA#show frame-relay pvc PVC Statistics for interface Serial0/0/0 (Frame Relay DTE) DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 input pkts 28 output pkts 10 in bytes 8398 out bytes 1198 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 10 out bcast bytes 1198 pvc create time 00:03:46, last time pvc status changed 00:03:47

Step 4

Verify that your Frame Relay map table lists a path to the core router by using the show frame-relay map command. Your output should look similar to the following display:
RouterA#show frame-relay map Serial0/0/0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic, broadcast, status defined, active

Step 5

Ping the core router serial interface directly connected to your workgroup router. Use the address provided in the Job Aids table for this lab activity. Ping the TFTP server, 10.1.1.1.
All pings should be successful.

Step 6

Note

Step 7

Proceed to Task 3.

Activity Verification
You have completed this task when you attain this result: Used show commands and successfully executed a ping to the core router to verify the frame relay configuration on your workgroup router

82

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 3: Use the debug frame-relay lmi Command to View LMI Exchanges
LMI is used to convey information between a Frame Relay edge device, such as a router, and a Frame Relay switch. It is useful to see the LMI updates passed between the router and the switch when troubleshooting. In this task, you will configure the debug frame-relay lmi command and interpret the output.

Activity Procedure
Complete the following steps on your workgroup router to view LMI exchanges:
Step 1

View the exchange of LMI status frames, including the Inverse ARP information, using the debug frame-relay lmi command. Your output should look similar to the following display:
RouterA#debug frame lmi Frame Relay LMI debugging is on Displaying all Frame Relay LMI data RouterA# 1w2d: Serial0/0/0(out): StEnq, myseq 140, yourseen 139, DTE 1w2d: datagramstart = 0xE008EC, datagramsize = 13 1w2d: FR encap = 0xFCF10309 1w2d: 00 75 01 01 01 03 02 8C 8B 1w2d: 1w2d: Serial0/0/0(in): Status, myseq 140 1w2d: RT IE 1, length 1, type 1 1w2d: KA IE 3, length 2, yourseq 140, myseq 140 1w2d: Serial0/0/0(out): StEnq, myseq 141, yourseen 140, DTE 1w2d: datagramstart = 0xE008EC, datagramsize = 13 1w2d: FR encap = 0xFCF10309 1w2d: 00 75 01 01 01 03 02 8D 8C 1w2d: 1w2d: Serial0/0/0(in): Status, myseq 141 1w2d: RT IE 1, length 1, type 1 1w2d: KA IE 3, length 2, yourseq 141, myseq 141 1w2d: Serial0/0/0(out): StEnq, myseq 142, yourseen 141, DTE 1w2d: datagramstart = 0xE008EC, datagramsize = 13 1w2d: FR encap = 0xFCF10309 1w2d: 00 75 01 01 00 03 02 8E 8D 1w2d: 1w2d: Serial0/0/0(in): Status, myseq 142 1w2d: RT IE 1, length 1, type 0 1w2d: KA IE 3, length 2, yourseq 142, myseq 142 1w2d: PVC IE 0x7 , length 0x6 , dlci 100, status 0x2 , bw 0 1w2d: Serial0/0/0(out): StEnq, myseq 143, yourseen 142, DTE 1w2d: datagramstart = 0xE008EC, datagramsize = 13 1w2d: FR encap = 0xFCF10309 1w2d: 00 75 01 01 01 03 02 8F 8E

up

up

up

up

Step 2 Step 3

Turn off all debugging. Proceed to Task 4.

Activity Verification
You have completed this task when you attain this result: Viewed the output of the debug frame-relay lmi command
2007 Cisco Systems, Inc. Lab Guide 83

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Task 4: Configure and Verify Frame Relay Subinterfaces


It is frequently necessary to use routing protocols to overcome split horizon issues. One way to resolve split horizon issues is to implement multiple logical interfaces on a single physical interface. These are called subinterfaces, and each may have its own IP address. In this task, you will configure a subinterface to be associated with a specific DLCI, Frame Relay Layer 2 addressing convention.

Activity Procedure
Step 1

Enter interface configuration mode for the first serial interface on the workgroup router (S0/0/0) and disable it with the shutdown command. On the first serial interface, remove the IP address. Enter the show run interface s0/0/0 command. Which commands were removed from the interface when the IP address was removed?

Step 2 Step 3

Step 4

Enter subinterface configuration mode for the first serial interface. The subinterface should be point-to-point and the LMI type will be determined by autosensing. On the subinterface, assign the IP address that was on the first physical serial interface, (S0/0/0). Use the address listed in the Job Aids table of this lab activity. On the subinterface, configure the local DLCI, identifying the PVC connection to the core router. The DLCI numbers are listed in the Job Aids table of this lab activity. On the subinterface, configure EIGRP authentication using the keychain of icndchain. Enable the first physical serial interface, (S0/0/0), using the no shutdown command. Verify your configuration by using the show running-config interface s0/0/0 and the show running-config interface s0/0/0.1 commands. Your output should look similar to the following display:
RouterA#show running-config interface s0/0/0 Building configuration... Current configuration: ! interface Serial0/0/0 no ip address no ip directed-broadcast encapsulation frame-relay no ip mroute-cache no fair-queue end RouterA#show running-config interface s0/0/0.1 Building configuration... Current configuration: ! interface Serial0/0/0.1 point-to-point

Step 5

Step 6

Step 7

Step 8 Step 9

84

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

ip address 10.140.12.2 255.255.255.0 no ip directed-broadcast ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain frame-relay interface-dlci 230 end
Step 10 Step 11 Step 12

Ping the TFTP server at 10.1.1.1 to verify connectivity. Save your configuration to NVRAM. Notify your instructor that you have completed the activity.

Activity Verification
You have completed this activity when you attain these results: Configured Frame Relay on a serial subinterface Completed a successful ping to the core router across the Frame Relay connection to verify connectivity

2007 Cisco Systems, Inc.

Lab Guide

85

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab 8-2: Troubleshooting Frame Relay WANs


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will use the troubleshooting guidelines discussed in the corresponding module to gather symptoms and isolate and correct problems commonly found in a Frame Relay network. After completing this activity, you will be able to meet these objectives: Discover Frame Relay network connectivity issues and follow troubleshooting guidelines to determine and fix frame relay connectivity problems

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective 8-2: Troubleshooting Frame Relay WANs


WG A B C D E F G H Router s0/0/0 10.140.1.2 10.140.2.2 10.140.3.2 10.140.4.2 10.140.5.2 10.140.6.2 10.140.7.2 10.140.8.2

2007 Cisco Systems, Inc. All rights reserved.

ICND2 v1.016

86

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Required Resources
These are the resources and equipment required to complete this activity: PC connected to an onsite lab or PC with an Internet connection to access the remote lab Terminal server connected to a console port of each lab device if using a remote lab ICND workgroup assigned by your instructor

Command List
The table describes the commands used in this activity. The commands are listed in alphabetical order so that you can easily locate the information you need. Refer to this list if you need configuration command assistance during the lab activity. Frame Relay Commands
Command Description Displays debug information for Frame Relay LMI signaling Displays LMI information Displays Frame Relay route maps Displays PVC traffic statistics Displays interface information

debug frame relay lmi show frame-relay lmi show frame-relay map show frame-relay pvc show interfaces

Job Aids
These job aids are available to help you complete the lab activities. The table lists the IP addresses for the lab.
WG Switch Interface VLAN 1 (SwitchX) A B C D E F G H 10.2.2.11/24 10.3.3.11/24 10.4.4.11/24 10.5.5.11/24 10.6.6.11/24 10.7.7.11/24 10.8.8.11/24 10.9.9.11/24 Router Fa0/0 Interface (RouterX) 10.2.2.3/24 10.3.3.3/24 10.4.4.3/24 10.5.5.3/24 10.6.6.3/24 10.7.7.3/24 10.8.8.3/24 10.9.9.3/24 Router S0/0/0 Interface (RouterX) 10.140.1.2/24 10.140.2.2/24 10.140.3.2/24 10.140.4.2/24 10.140.5.2/24 10.140.6.2/24 10.140.7.2/24 10.140.8.2/24 Local DLCI Identifying PVC to Core 100 110 120 130 140 150 160 170 Core Router Serial Interface (Core Router) 10.140.1.1/24 10.140.2.1/24 10.140.3.1/24 10.140.4.1/24 10.140.5.1/24 10.140.6.1/24 10.140.7.1/24 10.140.8.1/24

2007 Cisco Systems, Inc.

Lab Guide

87

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Use the table to document the troubleshooting process. Troubleshooting Steps


Command to Gather Symptoms Example: ping 172.16.2.2 show ip interface brief ping 172.16.2.2 show interface Fa0/1 ping 172.16.2.2 fails int Fa0/1 is administratively down still fails has incorrect ip address succeeds ----no shutdown ----ip address 192.168.1.2 Isolate the Problem Command to Correct the Problem

Task 1: Update Your Workgroup Configurations


In this task, you will download a new supplemental configuration to your workgroup router from the TFTP server. However, the supplemental configuration that you download contains configuration errors that will cause a loss of connectivity with the rest of the network. You will troubleshoot to isolate and correct the problem.

Activity Procedure
Complete these steps:
Step 1

Ensure connectivity with the TFTP server. Ping the TFTP server (10.1.1.1) from your workgroup router.
If your ping is unsuccessful, contact your instructor.

Note

Step 2

Download the supplemental configuration from the TFTP server into the running configuration of your workgroup router. The name of the file to download is i2wg_ro-config-lab8-2.txt. Type exit from the privilege EXEC prompt and ensure your router banner reads: ************** wg_ro-config-lab8-2 ***********************

Step 3

88

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Step 4

Ping the TFTP server from your workgroup router. Were you successful?

Step 5

Check the routing table of your workgroup router. Check the EIGRP neighbor relationships. What did you find?

Step 6

Check the status of your Frame Relay serial interface. What did you find?

Step 7

Without utilizing the show run command, use the troubleshooting guidelines and commands discussed in the corresponding module to gather symptoms, and then isolate and correct the problems. Use the Job Aids table on the previous page to document the troubleshooting process. Ping the TFTP server (10.1.1.1) from your workgroup router to confirm you have fixed the problem. Save your running configuration to NVRAM.

Step 8

Step 9

Activity Verification
You have completed this task when you attain these results: Re-established Frame Relay connection with your directly connected routers Populated the routing table of your workgroup router with EIGRP-learned routes from the core router Re-established network connectivity and can successfully ping the TFTP server

2007 Cisco Systems, Inc.

Lab Guide

89

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab Activity Answer Key


Lab Activity 1-1 Answer Key: Implementing a Small Network (Review Lab)
Workgroup Switch Configuration
When you complete this lab activity, your workgroup switch configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SwitchX ! enable secret 5 $1$DbHt$Zq1t4P2kmfMGUeZSRRy0g0 ! no aaa new-model ip subnet-zero ! ! ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 ! interface FastEthernet0/2 description To RouterX Fa0/0 switchport mode access switchport port-security switchport port-security mac-address xxxx.xxxx.xxxx ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 description Connected to CoreSwitchA speed 100 duplex full ! interface FastEthernet0/12
90 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.1.1.X 255.255.255.0 no ip route-cache ! ip default-gateway 10.1.1.3 ip http server ip http secure-server ! control-plane ! banner motd ^C Authorized access only. Unauthorized users disconnect.^C ! line con 0 password cisco logging synchronous login line vty 0 4 password sanjose login line vty 5 15 no login ! end

Workgroup Router Configuration


When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker
2007 Cisco Systems, Inc. Lab Guide 91

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

boot-end-marker ! enable secret 5 $1$HNdR$hOG1GhzoNoHMEgZQU21mo1 ! no aaa new-model ! ! ip cef ! ! ! ! voice-card 0 no dspfarm ! interface FastEthernet0/0 description To SwitchX Fa0/2 ip address 10.1.1.X 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 no ip address shutdown ! ! ! ip http server no ip http secure-server ! ! ! ! ! control-plane ! banner motd ^C Authorized access only. Unauthorized users disconnect.^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose login ! scheduler allocate 20000 1000 ! end

92

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab Activity 2-1 Answer Key: Configuring Expanded Switched Networks


Workgroup Switch Configuration
When you complete this lab activity, your workgroup switch configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SwitchX ! enable secret 5 $1$.9i2$TbVkDQfzCgf/CeFNEKMm9/ ! no aaa new-model vtp domain ICND vtp mode transparent ip subnet-zero ! no file verify auto ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan X0 priority 24576 spanning-tree vlan X0 priority 28672 ! vlan internal allocation policy ascending ! vlan X,X0,X0 ! interface FastEthernet0/1 ! interface FastEthernet0/2 description To RouterX Fa0/0 spanning-tree portfast switchport access vlan X switchport mode access switchport port-security switchport port-security mac-address xxxx.xxxx.xxxx ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 description port connected to CoreSwitchA switchport mode trunk speed 100 duplex full !

2007 Cisco Systems, Inc.

Lab Guide

93

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

interface FastEthernet0/12 description port connected to CoreSwitchB switchport mode trunk speed 100 duplex full ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 description Management VLAN interface ip address 10.1.1.X 255.255.255.0 no ip route-cache ! ip default-gateway 10.1.1.3 ip http server ip http secure-server ! control-plane ! banner motd ^C Authorized Access Only! ^C ! line con 0 password cisco logging synchronous login line vty 0 4 password sanjose login line vty 5 15 no login ! end

Workgroup Router Configuration


When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4
94 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$HNdR$hOG1GhzoNoHMEgZQU21mo1 ! no aaa new-model ! ! ip cef ! ! ! ! voice-card 0 no dspfarm ! interface FastEthernet0/0 description To SwitchX Fa0/2 ip address 10.X.X.12 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 no ip address shutdown ! ip route 0.0.0.0 0.0.0.0 10.X.X.3 ! ! ip http server no ip http secure-server ! ! ! ! ! control-plane ! banner motd ^C Authorized access only. Unauthorized users disconnect.^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose login ! scheduler allocate 20000 1000 !
2007 Cisco Systems, Inc. Lab Guide 95

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Lab Activity 2-2 Answer Key: Troubleshooting Switched Networks


Workgroup Switch Configuration
When you complete this lab activity, your workgroup switch configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SwitchX ! enable secret 5 $1$.9i2$TbVkDQfzCgf/CeFNEKMm9/ ! no aaa new-model vtp domain ICND vtp mode transparent ip subnet-zero ! no file verify auto ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan X0 priority 24576 spanning-tree vlan X0 priority 28672 ! vlan internal allocation policy ascending ! vlan X,X0,X0 ! interface FastEthernet0/1 ! interface FastEthernet0/2 description To RouterX Fa0/0 spanning-tree portfast switchport access vlan X switchport mode access switchport port-security switchport port-security mac-address xxxx.xxxx.xxxx ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 description port connected to CoreSwitchA switchport mode trunk speed 100 duplex full !

96

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

interface FastEthernet0/12 description port connected to CoreSwitchB switchport mode trunk shutdown speed 100 duplex full ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 description Management VLAN interface ip address 10.1.1.X 255.255.255.0 no ip route-cache ! ip default-gateway 10.1.1.3 ip http server ip http secure-server ! control-plane ! banner motd ^C

***************************************************************

wg_sw-config-lab2-2 ****************************************************************

^C ! line con 0 password cisco logging synchronous login line vty 0 4 password sanjose login
2007 Cisco Systems, Inc. Lab Guide 97

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

line vty 5 15 no login ! end

Workgroup Router Configuration


When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.12 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 no ip address shutdown ! ip route 0.0.0.0 0.0.0.0 10.X.X.3 ! ! ip http server no ip http secure-server ! control-plane ! banner motd ^C

******************************************************************** wg_ro-config-lab2-2

98

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

*******************************************************************

^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 4-1 Answer Key: Implementing OSPF


Workgroup Switch Configuration
When you complete this lab activity, your workgroup switch configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SwitchX ! enable secret 5 $1$.9i2$TbVkDQfzCgf/CeFNEKMm9/ ! no aaa new-model vtp domain ICND vtp mode transparent ip subnet-zero ! no file verify auto ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan X0 priority 24576 spanning-tree vlan X0 priority 28672 ! vlan internal allocation policy ascending ! vlan X,X0,X0 ! interface FastEthernet0/1 ! interface FastEthernet0/2 description To RouterX Fa0/0 spanning-tree portfast switchport mode access switchport port-security switchport port-security mac-address xxxx.xxxx.xxxx ! interface FastEthernet0/3 ! interface FastEthernet0/4
2007 Cisco Systems, Inc. Lab Guide 99

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 description port connected to CoreSwitchA switchport mode trunk shutdown speed 100 duplex full ! interface FastEthernet0/12 description port connected to CoreSwitchB switchport mode trunk shutdown speed 100 duplex full ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 description Management VLAN interface ip address 10.X.X.11 255.255.255.0 no ip route-cache ! ip default-gateway 10.X.X.3 ip http server ip http secure-server ! control-plane ! banner motd ^C

100

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

*****************************************************************

wg_sw-config-lab2-2 *****************************************************************

^C ! line con 0 password cisco logging synchronous login line vty 0 4 password sanjose login line vty 5 15 no login ! end

Workgroup Router Configuration


When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0
2007 Cisco Systems, Inc. Lab Guide 101

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip ospf authentication ip ospf authentication-key san-fran ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! control-plane ! banner motd ^C

******************************************************************** wg_ro-config-lab2-2 ********************************************************************

^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 4-2 Answer Key: Troubleshooting OSPF


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker
102 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip ospf authentication ip ospf authentication-key san-fran ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! control-plane ! banner motd ^C

*********************************************************************** wg_ro-config-lab4-2 ***********************************************************************

^C ! line con 0 password cisco


2007 Cisco Systems, Inc. Lab Guide 103

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 5-1 Answer Key: Implementing EIGRP


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain
104 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! router eigrp 100 network 10.0.0.0 network 192.168.X.0 auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! control-plane ! banner motd ^C

****************************************************************** wg_ro-config-lab4-2 ******************************************************************

^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 5-2 Answer Key: Troubleshooting EIGRP


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec
2007 Cisco Systems, Inc. Lab Guide 105

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 no auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0
106 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! control-plane ! banner motd ^C

*************************************************************** wg_ro-config-lab4-2 ***************************************************************

^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 6-1 Answer Key: Implementing and Troubleshooting ACLs


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm
2007 Cisco Systems, Inc. Lab Guide 107

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip access-group 101 in ip access-group 175 out ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ! ! ip http server no ip http secure-server ! access-list 101 deny tcp any any eq telnet access-list 101 permit ip any any access-list 175 deny udp any any eq tftp access-list 175 permit ip any any ! control-plane !
108 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

banner motd ^C

*************************************************************** wg_ro-config-lab6-1 **************************************************************

^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end ================

OR ==============
! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip access-group KILLTELNET in ip access-group 175 out ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ! ! ip access-list extended KILLTELNET deny tcp any any eq telnet permit ip any any !

Lab Activity 7-1 Answer Key: Configuring NAT and PAT


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker

2007 Cisco Systems, Inc.

Lab Guide

109

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip nat outside ip virtual-reassembly ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0
110 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

! ip http server no ip http secure-server ip nat inside source list 1 interface Serial0/0/0 overload ! access-list 1 permit 10.X.X.0 0.0.0.255 ! control-plane ! banner motd ^C

****************************************************************** wg_ro-config-lab6-1 *******************************************************************

^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 7-2 Answer Key: Implementing IPv6


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$HNdR$hOG1GhzoNoHMEgZQU21mo1 ! no aaa new-model ! ! ip cef ! ! ! ipv6 unicast-routing !
2007 Cisco Systems, Inc. Lab Guide 111

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.252 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface Loopback2 ip address 10.XXX.XXX.1 255.255.255.0 ipv6 address 2001:410:4:8::/64 eui-64 ipv6 rip cisco enable ! interface FastEthernet0/0 description To SwtichX Fa0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran ipv6 address 2001:410:4:10::/65 eui-64 ipv6 rip cisco enable ! router eigrp 100 network 10.0.0.0 network 192.168.X.0 auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.XX 0.0.0.0 area 0 ! ! ! ip http server no ip http secure-server ! ipv6 router rip cisco
112 Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

! control-plane ! banner motd ^C

****************************************************************** wg_ro-config-lab6-1 *******************************************************************

^C ! banner motd ^C Authorized access only. Unauthorized users disconnect.^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose login ! scheduler allocate 20000 1000 ! end

Lab Activity 8-1 Answer Key: Establishing a Frame Relay WAN


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran !

2007 Cisco Systems, Inc.

Lab Guide

113

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1 ip address 172.16.X.1 255.255.255.0 ! interface Loopback2 ip address 10.XXX.XXX.1 255.255.255.0 ipv6 address 2001:410:4:8::/64 eui-64 ipv6 rip cisco enable ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 no ip address encapsulation frame-relay ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/0.1 point-to-point ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain frame-relay interface-dlci 120 ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 no auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! access-list 1 permit 10.X.X.0 0.0.0.255 ! control-plane ! banner motd ^C

114

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

**************************************************************** wg_ro-config-lab6-1 **********************************************************

^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

Lab Activity 8-2 Answer Key: Troubleshooting Frame Relay WANs


Workgroup Router Configuration
When you complete this lab activity, your workgroup router configuration will be similar to the following, with differences that are specific to your workgroup:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterX ! boot-start-marker boot-end-marker ! enable secret 5 $1$8qBT$p6X.Rp20jVs3qobVevWSj/ ! no aaa new-model ! resource policy ! ip cef ! voice-card 0 no dspfarm ! ! key chain icndchain key 1 key-string san-fran ! interface Loopback0 ip address 192.168.X.X 255.255.255.240 ! interface Loopback1
2007 Cisco Systems, Inc. Lab Guide 115

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

ip address 172.16.X.1 255.255.255.0 ! interface Loopback2 ip address 10.XXX.XXX.1 255.255.255.0 ipv6 address 2001:410:4:8::/64 eui-64 ipv6 rip cisco enable ! interface FastEthernet0/0 description To SwitchX F0/2 ip address 10.X.X.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 bandwidth 64 no ip address encapsulation frame-relay IETF ip ospf authentication ip ospf authentication-key san-fran ! interface Serial0/0/0.1 point-to-point ip address 10.140.X.2 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain frame-relay interface-dlci 120 ! interface Serial0/0/1 bandwidth 64 ip address 10.XX.XX.X 255.255.255.0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 icndchain ip ospf authentication ip ospf authentication-key san-fran shutdown ! router eigrp 100 network 10.0.0.0 network 172.16.0.0 network 192.168.X.0 no auto-summary ! router ospf 100 log-adjacency-changes network 10.X.X.3 0.0.0.0 area 0 network 10.XX.XX.X 0.0.0.0 area 0 network 10.140.X.2 0.0.0.0 area 0 network 192.168.X.X 0.0.0.0 area 0 ! ip http server no ip http secure-server ! access-list 1 permit 20.4.4.0 0.0.0.255 ! control-plane ! banner motd ^C

**********************************************************************

116

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

wg_ro-config-lab8-2 **********************************************************************

^C ! line con 0 password cisco logging synchronous login line aux 0 line vty 0 4 password sanjose logging synchronous login ! scheduler allocate 20000 1000 ! end

2007 Cisco Systems, Inc.

Lab Guide

117

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

118

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

2007 Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.