CCNA Labs
�Cisco Icons and Symbols
DSP
Switch Router Access Server
Multilayer Switch
Digital Signal Processor
Personal Computer
File Server Cisco CallManager Server
Cisco IP Phone
Voice Gateway Router
WAN Cloud
VLAN or Cluster (Color May Vary)
PBX
PSTN Cloud
Ethernet
Fast Ethernet
Serial Line
Circuit-Switched Line
2
�Cisco Icons and Symbols
Im
po
rt
10
0: 10
Metro Network DWDM/SONET/Ethernet
�LabS2- Basic Router Configuration
172.16.X.0/24 RA RA:+1 RB:+2 RC:+3 RD:+4 RE:+5 RF:+6 Lab1, Lab2:Y=6 Lab3: Y=8 S0/0 1 S0/1 RB S0/0 F0/0 .11 2 S0/1 F0/0 .12 RC S0/0 3 S0/1 F0/0 .13 RD S0/0 4 S0/1 F0/0 .14 RE S0/0 5 S0/1 F0/0 .15 RF
F0/0 .10
10.0.Y.0/24 SW1
Lab-SW
TFTP Server
Objectives:
In this lab, students configure some basic router settings: 1. Router name. 2. Router passwords:console, vty, enable password, perform password encryption. 3. Serial interfaces, FastEthernet interfaces. 4. Interface description. 5. Login banners. 6. Host name resolution. 7. Using Router show commands. 8. Making configuration changes. 9. Backing up configuration files, IOS on TFTP servers. 10. Capture the configuration . 11. Verifying and Troubleshooting: show, telnet, ping, traceroute
4
�LabS2- Managing Cisco IOS Software
Network:10.0.Y.0/24 Lab1, Lab2:Y=6 Lab3: Y=8
RA RB RC
F0/0 .10
F0/0 .11
F0/0 .12
LAB-SW
RD
F0/0 .13 RE
F0/0 .14
F0/0 .15
RF
TFTP Server
Objectives: 1. Using the boot system command 2. Configuration Register 3. Managing configuration files using TFTP 4. Managing configuration files using copy and paste 5. Managing IOS images using TFTP 6. Download using TFTP from ROMmon 7. Password Recovery 8. Verifying and Troubleshooting: show, telnet, ping, traceroute
5
�LabS3-RIP-OSPF-EIGRP
Default route1: [Link]/24
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7
OFF1
GATE1
3
RIP ver2 174.18.X.0/24
key-id=1 key-string=green123" mode MD5 level 7 OSPF, 172.16.X.0/24
SW1
Default route2: [Link]/24
BORDER GATE2
4 5
Objectives: 1. Configuring RIP ver2, EIGRP, OSPF routing protocols 2. Propagating a default route (use one and only): 1. Default route 1 2. Default route 2 3. Default route 3 3. Redistrbute RIP, OSPF, EIGRP routes 4. Enable MD5 authentication 5. Verifying and Troubleshooting
EIGRP 88, 173.17.X.0/24
Key=2 key-string=blue123" mode MD5 OFF2
SW2 OFF3
8 9 7
GATE3
Default route3: [Link]/24
�LabS2b-RIP-EIGRP-OSPF
EIGRP 22, 122.22.X.0/24
1
OSPF authentication: key-id=1 password=red123 MD5 level 7 RIP authentication: key=2 key-string=blue123 MD5 EIGRP authentication: key=3 key-string=green123 MD5 Objectives: 1. Propagate the default route (use one and only): Default route 1 or Default route 2 or Default route 3 2. OFF router: Disable routing protocol 3. GATE1: configure and redistribute static routes to 16,17,18 subnets
Default route2: [Link]/24
3
GATE2
6 2
BR2
Default route1: [Link]/24
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7
CENTER OSPF, 133.33.X.0/24 EIGRP 55, 155.55.X.0/24
7
GATE1
13 14
RIP ver2 144.44.0/24
15
Disable routing protocol
Default route3: [Link]/24
18
17
BR3
8 12
OFF
16
GATE3
10 11
OSPF, 166.66.X.0/24
(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
7
�LabS2-OpenLab2
OSPF, 177.77.X.0/24 key-id=1 password=green123" MD5 GATE1
Default route1: [Link]/24
4
2 1
BR1
5
Default route2: [Link]/24
6
Objectives: 1. Propagate the default route (use one and only): Default route 1 or Default route 2 or Default route 3 2. Redistrbute RIP, OSPF, EIGRP routes 3. Enable MD5 authentication
EIGRP 88, 155.55.X.0/24 Key=4 Key-string=cyan123" MD5
7
BR2
8 9
GATE2
10 11
15
RIP ver2 122.22.X.0/24
14
OSPF, 133.33.X.0/24 key-id=3 password=red123" MD5
16
BR3
12
Key=2 Key-string=blue123" MD5
GATE3
13
Default route3: [Link]/24
(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7
�LabS2- RIPv2-EIGRP-OSPF
2 5
Ext LANs [Link]/16 [Link]/16
SITE1 S0/0
1 4
BR1
6
S0/1
3
S0/0
7
Default route: [Link]/24 GATE
EIGRP AS=44, 144.44.X.0/24
Ext LANs [Link]/16 [Link]/16 SITE2 F0/1
19 18
S0/1
F0/0
SW2
F0/1 SW1
F0/0
9
RIPver2, 133.33.X.0/24
S0/0
11
BR2
10
EIGRP AS=55, 155.55.X.0/24
15
OSPF 122.22.X.0/24
Ext LANs [Link]/16 [Link]/16
S0/1
14 16
BR3
12
S0/1 SITE3
17
S0/0
13
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7
(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
9
�LabS3-Switch Configuration
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 Sw1:+8 Sw2:+9 Sw3:+10
RIP ver2 172.16.X.0/24 PC11 PC12
TFTP Server1
SW1
3
GATE2 TFTP Server2
1 2
Objectives: 1. Configuring RIP routing protocol 2. Resetting the switch defaults 3. Assigning the switch host name and password 4. Assigning the switch IP address and Default gateway 5. Enabling HTTP service and port on all switchs 6. Configuring static MAC addresses 7. Configuring port security 8. Back up the IOS to a local TFTP server 9. Password recovery (reference: CCNA3_lab_6_2_8_en.pdf ) 10. Verifying and Troubleshooting: show, debug, ping, traceroute, telnet on switchs: debug ip packet, debug ip icmp, show macaddress-table, show arp, clear mac-address-table dynamic ...
GATE1
SW2 SW3
PC21
PC22
PC23
PC24
10
�LabS4-NAT-DHCP-PPP
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7
OSPF Key-id=1 Pass=student MD5 level 7 ISP1
4
SW1
5
ISP2
6
ISP3 200.0.X.0/24 CHAP 3 USER2 NAT DHCP NAT DHCP 200.0.X.0/24
CHAP 1
CHAP 2
USER1
NAT DHCP
USER3
172.16.X.0/24
Objectives: 1. Configuring OSPF routing protocol in ISP area 2. Configuring PPP-Multilink, CHAP (one-way), NAT, DHCP, ACLs 3. Verifying and Troubleshooting
11
�LabS4-NAT-DHCP-PPP-VLANs
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7
NAT CHAP USER1 1 4 CHAP 2 CHAP 5 3 172.16.X.0/24 DNS server [Link]
Lab1:Y=6 Lab2:Y=6 Lab3:Y=8
ISP1
ISP2
ISP3 10.0.Y.0/24
USER2
USER3
NAT DHCP
192.168.X.0/24
6 VLAN2 T VLAN3 7 SW1 (Server) T
Objectives: 1. Configuring OSPF routing protocol in user area 2. Configuring PPP, CHAP (bidirection), NAT, DHCP, ACLs 3. Configuring Vlans, VTP 4. Verifying and Troubleshooting: all PCs can access Internet
OSPF Key-id=1 Pass=student MD5 level 7
SW2 (Client) VTP ver2 Domain: bkacad Pass=redblue Vlan2: Technical Vlan3: Admin
SW3 (Client)
12
�Open Lab 1
DNS Server WEB Server1 ([Link]) TFTP Server Switch3 LAN3 Loopback3 WAN F0/1 Router1 S0/1 F0/0 Switch4 Router2 S0/0 F0/1 LAN5 Loopback6 Loopback7 LAN6 LAN7 WEB Server2 ([Link])
LAN4
LAN2 Loopback2 DHCP Server1 PC1 LAN1
F0/0
DHCP Server2 PC4 LAN8
Switch1
Switch2
PC2
PC3
13
�NS2 Skill Practice
100
HUB SP1
+CA +EzVPN server for mobile users
3
+DHCP server +EzVPN server for SP2
SP5
+EzVPN server for mobile users
5
ISP
SP2
+EzVPN client
2
SP4
+EzVPN server for mobile users
4
100
SP3
+DHCP client
Mobile users
3
14
�NS1- OpenLab1
Network address 1: [Link]/24 2,7: [Link]/24 3,4,5,6: X.0.0.0/24
ISP Outside User
RIP ver2 Outside Network [Link]/24 3 WEB FTP
SW-2950 F0/0 GATE1 F0/1 SW-2950 4 5 GATE2 6 F0/1 SW-2950 E0 AAA Server PIX1 T E1 E1 SW-2950 INSIDE1 1 INSIDE2 PIX2 T E2 SW-3550 TECH2 WEB FTP F0/0
DMZ1
E2 SW-3550 TECH1
E0
DMZ2
Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM Configure 802.1X on SW-2950 for Inside users. Inside users can access to DMZ, Internet. Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts. Tech networks can access into together.
15
�NS1- OpenLab2
Network address 1: [Link]/24 2,7: [Link]/24 3,4,5,6: X.0.0.0/24
ISP Outside User
RIP ver2 Outside Network [Link]/24 3 WEB FTP
SW-2950 F0/0 GATE1 F0/1 SW-2950 4 5 GATE2 6 F0/1 SW-2950 E0 AAA Server PIX1 T E1 E1 SW-2950 INSIDE1 1 INSIDE2 PIX2 T E2 SW-3550 TECH2 WEB FTP F0/0
DMZ1
E2 SW-3550 TECH1
E0
DMZ2
Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM Configure 802.1X on SW-2950 for Inside users. Inside users can access to DMZ, Internet. Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts. Tech networks can access into together.
16
�NS1- OpenLab2
Network address 1,2,3,4,12: 10.0.X.0/24 5: [Link]/24 6,7,8,9: 200.0.X.0/24 10,11: [Link]/24
F0/0 BKACAD network [Link]/24 WEB FTP GATE1 F0/1 SW-3550 E0 SW-2950 E2 5 DMZ1 E1 Outside User SITE1 SITE2 F0/1.1 F0/1.2 ENG1 F0/1.2 ENG2 F0/1.1 F0/0
10
Lab-SW
SW-2950 F0/0 GATE2 F0/1 SW-3550 SW-2950
11
9 E0
WEB
FTP
F0/0 Outside User SITE3 SITE4
E2 E1 DMZ4
SW-2950
12
SW-2950 INSIDE1 1 INSIDE2 2 AAA Server INSIDE3 3 INSIDE4 4
Basic configurations: NAT, ACL, Object-group, Vlan, Trunking, Routing Outside user can access to the devices by SSH Inside user can access to the devices by Telnet, SDM or ASDM Outside user can access to DMZ servers Eng1 and Eng2 can access into together
Enable Authentication-Proxy, Cut-through Configure FTP, HTTP Inspection Mitigate layer 2 attack
17
�LabS2- RIP version1
WEB ([Link])
2
DNS
ISP
1
TFTP
GATE
3 8
SITE3
5
7 6
PC1
Tasks: Basic Router configuration: Hostname Passwords Banner Message Descriptions Host Table disable the Name Service Logging Synchronous 200.200.X.0/24 Basic RIPv1 configuration : Enable RIP RIP Passive interfaces 172.16.X.0/24 Configure and propagate the default route Create and redistribute the static route SITE1 Configuring the Servers, PCs Backing up configuration files on the TFTP server 4 Verifying and Troubleshooting: Show SITE2 Telnet Ping Traceroute, Tracert External LAN Debug [Link]/24
18
SITE1:+1 SITE2:+2 SITE3:+3 GATE:+4 ISP:+5
�RIP version1
[Link]/16 [Link]/16 [Link]/24 [Link]/16
19
�LabS2- OpenLab1
Default Route [Link]/24
Key=3 Key-string=cyan123" MD5
EIGRP 55 155.55.X.0/24
OSPF 133.33.X.0/24
8
HaiBaTrung
9 10
RIP ver2 177.77.X.0/24
Key=2 Key-string=blue123" MD5
6 5
16
18
TayHo
1 4 3
(DR)
CauGiay
20
HoanKiem
SW1
BaDinh
17 19
Ext LANs [Link]/16 [Link]/16 password=green123" clear text
(BDR)
11 12
key-id=1 password=green123" MD5
Ext LANs [Link]/16 [Link]/16
ThanhXuan
13
HaTay
15 14
Backup Route [Link]/24 (HaTay only)
Ext LANs [Link]/24 [Link]/24
(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU } 20
�LabS4-Load Balancing
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 Lab1,2:Y=6 Lab3:Y=8 Lab4,5:Y=4 Lab6:Y=5
SW-A
Lab-SW
10.0.Y.0/24
NAT/PAT FPT F0/0
4 5
VNN
F0/0 F0/0
VIETTEL
200.0.X.0/24
PAP NAT/PAT RIP ver2
CHAP
PAP
CHAP
PAP
CHAP
F0/0 MD1
2
MD2
3
F0/0 F0/0
4
MD3
172.16.X.0/24
Vlan2 Vlan3 Tasks: SW-B Multilink: use interface Multilink T F0/0 DHCP Load Balancing: enable Process Switching GATE DHCP RIP ver2: F0/1 5 Vlan4 MD1, MD2, MD3, GATE GATE: propagate subnets 172.16.X.0/24 only Change RIP timer SW-C distribute-list command: (config-router)# distribute-list {access-list} { in | out } [ interface ] Adjust static route: (config)# ip route static adjust-time {seconds} 21
�LabS3- STP
Lab-SW
Tasks: Configuring VTP: VTP ver2 VTP domain: ccna VTP password: cisco123 SW1: server; SW2,SW3: clients Vlan10: teacher Vlan20: student Vlan30: admin Vlan99: management; 10.0.X.0/24 Configuring STP: SW1: root bridge PortFast UplinkFast BackboneFast Troubleshooting: show, debug
F0/9
SW1
F0/3
F0/1
F0/4 F0/2
T
F0/1 F0/2 F0/5 F0/5 F0/4
T
F0/3
SW3
F0/10 F0/6 F0/6
SW2 T
F0/10
22
�LabS3- OpenLab1
VTP: Ver 2 Default route: Domain: ccna [Link]/24 Password: 1234 SW1: server; SW2,SW3: client 1 VLANs: Vlan20: teacher; [Link]/24 Vlan30: student; [Link]/24 Vlan99: management; [Link]/24 OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7 RIPv2 Authentication: key=2 key-string=blue123 MD5 EIGRP Authentication: key=3 key-string=red123 MD5
GATE 2 S0/0 3 S0/1 BR F0/0 20
RIP ver2 133.33.X..0/24 OSPF 144.44.X..0/24
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 SW1:+8
13 SITE2
EIGRP,66 166.66.X..0/24
SITE1
10
SW1 (Server)
T
F0/0 S0/0 S0/1 11
T
F0/0 SITE3 S0/0 S0/1 8 5
EIGRP,55 155.55.X..0/24
SW3 (Client)
SW2 (Client)
30
SITE4 6
SW2:+9 SW3:+10
12 7
23
�LabS3- OpenLab2
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 SW1:+8 SW2:+9 SW3:+10 SITE2
40
Default route: [Link]/24
1
GATE
2 10
SITE1
4
3 T
SW1 (server)
20
5
6
30
BR1
WLAN Local IP:[Link]/24 DNS: [Link] [Link] Mode: Mixed SSID: CCNA Channel: 11 Authentication: Auto Encryption: WPA2 Access Restriction: - deny access to [Link] website - deny Telnet traffics VLANs Vlan10: technic AP Vlan20: staff Vlan30: admin RIP ver2 133.33.X.0/24 VTP ver2 domain name: BKACAD password: cisco VLANs Vlan40: teacher Vlan50: student
OSPF 155.55.X.0/24 SW3 (client)
50
SW2 (server)
OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7 RIPv2 Authentication: key=2 key-string=blue123 MD5 EIGRP Authentication: key=3 key-string=red123 MD5
BR2
9
EIGRP, AS=77 177.77.X.0/24
10
11
SITE3
12
24
�LabS3- OpenLab4
[Link] WLAN Username:cisco Local IP:[Link]/24 Password: sadikhov DNS: [Link] Default route: Lab-SW [Link] 192.168.X.0/24 Mode: Mixed SSID: CCNA GATE Channel: 11 Authentication: Auto 5 6 Encryption: WPA Access Restrictions: - deny access to [Link] website SITE1 SITE2 - deny Telnet, FTP traffics 50 10 20 40 VLANs T Vlan10: student; [Link]/24 Vlan20: teacher; [Link]/24 SW1 SW2 Vlan30: sale; [Link]/24 (client) T (client) T Vlan99: management; [Link]/24 VTP ver2 SW3 Domain name: STUDENT 30 T (server) Password: cisco123 SW1: server; SW2,SW3: client BR STP SW1: the primary root for Vlan10 3 the secondary root for Vlan20 SW2: the primary root for Vlan20 2 4 the secondary root for Vlan30 SW3: the primary root for Vlan30 BackboneFast, UplinkFast, PortFast, udld, BPDU Guard SITE3
1
NAT/PAT (Configure by Instructor)
EIGRP, AS=33
133.33.X.0/24 key=1 key-string=blue123 MD5
OSPF 144.44.X.0/24 key-id=2 password=red123 MD5
RIP ver2 155.55.X.0/24 key=3 key-string=cyan123 MD5
25
�LabS4- PAP - CHAP
Subnet address: 172.16.X.0/24 Authentication password: 0101X; X=[1,3,5,7,9]
CHAP 5 PAP S0/1 SITE4 S0/0 PAP 7 S0/1 CHAP S0/0 9 8 SITE5 PAP CHAP S0/1
10
4 3 S0/1 PAP SITE3 CHAP S0/0
S0/1 PAP SITE2 CHAP
12
S0/0
S0/0 SITE1 S0/1 CHAP SITE6
11
PAP S0/0
Objectives: 1. Configuring PPP 2. Configuring PAP, CHAP authentication: the username must match the hostname 3. Verifying and Troubleshooting: - show - debug ppp authentication - debug ppp packet - ... 4. Other: - The hostname on one router dont match the username that the other router has configured. - The passwords dont match (PAP only)
26
�LabS4- Full Mesh Frame Relay
SITE1
S0/1 S0/0 S0/0 S0/1 S0/3 S0/2 S0/0 S0/1
SITE2
SITE4
SITE3
27
�LabS4- NAT/PAT
Lab-SW SW1
10.0.Y.0/24 Y=[4,5,6,8]
F0/0 F0/0
F0/0
MD1
S0/0 1 S0/1 S0/0 2 S0/1
PAT (Interface) MD2
S0/0 3
MD3
NAT Pool: 192.168.X.10 192.168.X.20/24
192.168.X.0/24
FW2
S0/1
NAT (Dynamic)/ DHCP FW3 DHCP Pool:
Excluded-Address: 172.16.X.1 172.16.X.10 DNS server: [Link],
FW1 172.16.X.0/24
F0/0
10
F0/0
20 30
F0/0
SW2 PC1 PC2 PC3
[Link] Duration: 3days, 3hours, 30 minutes
Notes: MD1,MD2,MD3: Enable PAT with the interface FW1,FW2,FW3: Enable dynamic NAT with the pool. Configure DHCP servers. SW2: Create Vlans 10,20,30 MD1,MD2,MD3: Interface F0/0 assigned an IP address automatically
28
