Packet Tracer Labs
Jeremy's IT Packet Tracer Labs
1. Change the hostnames of the router and switch to the appropriate names (R1, SW1)
##Use the ‘hostname’ command in global configuration mode##
R1(config)#hostname R1
SW2(config)#hostname SW1
2. Configure an unencrypted enable password of ‘CCNA’ on both devices
R1/SW2(config)#enable password CCNA
3. Exit back to user EXEC mode and test the password
4. View the password in the running configuration
R1/SW2#show run
5. Ensure that the current password, and all future passwords, are encrypted
R1/SW2(config)#service password-encryption
6. View the password in the running configuration
R1/SW2#show run
enable password 7 08026F6028
7. Configure a more secure, encrypted enable password of ‘Cisco’ on both devices
R1/SW2(config)#enable secret Cisco
8. Exit back to user EXEC mode and then return to privileged EXEC mode.
Which password do you have to use?
The secret password Cisco
9. View the passwords in the running configuration.
What encryption type number is used for the encrypted ‘enable password’?
What encryption type number is used for the encrypted ‘enable secret’?
enable secret 5 $1$mERr$YlCkLMcTYWwkF1Ccndtll.
enable password 7 08026F6028
10. Save the running configuration to the startup configuration
R1/SW2#write
Both switches have an empty MAC address table, and all PCs have an empty ARP table.
1. If PC1 pings to PC3, what messages will be sent over the network,
and which devices will receive them?
PC1 will send a ARP message to all hosts on the network.
2. Send the ping and use Packet Tracer’s ‘simulation mode’ to verify your answer.
3. Use pings to generate network traffic and allow the switches to learn the MAC addresses
of all PCs on the network.
4. Use ‘show’ commands on the switches to identify the MAC address of each PC.
#sh mac address-table
1 0001.647b.3119 DYNAMIC Gig0/1
1 0004.9a6e.d870 DYNAMIC Gig0/1
1 0060.5c56.14d3 DYNAMIC Fa0/2
1 00d0.d3ad.9cab DYNAMIC Fa0/1
5. Clear the dynamic MAC addresses from the MAC address table of each switch.
#clear mac-address-table
1. Configure R1’s hostname
R1#
hostname R1
2. Use a ‘show’ command to view a list of R1’s interfaces, their IP addresses, status, etc.
show ip interface brief
3. Configure the appropriate IP addresses on R1’s interfaces, and enable the interfaces
Configure appropriate interface descriptions
int g0/0
ip address 15.255.255.254 255.0.0.0
no shutdown
int g0/1
ip address 182.98.255.254 255.255.0.0
no shutdown
int g0/2
ip address 201.191.20.254 255.255.255.0
no shutdown
4. Use a ‘show’ command to verify R1’s interfaces again.
show ip interface brief
5. View the running config to confirm the configuration changes, then save the config
show run
wr
6. Configure the IP addresses of PC1, PC2, and PC3
(Watch the video to learn how to do this in Packet Tracer)
7. Ping from PC1 to PC2 and PC3 to test connectivity
1. Configure the hostname of R1, SW1, and SW2
R1,SW1,SW2#hostname
2. Configure the appropriate IP addresses on R1, PC1, PC2, PC3, PC4
R1 – 172.16.255.254
PC1 – 172.16.0.1
PC2 – 172.16.0.2
PC3 – 172.16.0.3
PC4 – 172.16.0.4
3. Manually configure the speed and duplex on interfaces connected to other
networking devices (not end hosts)
R1#
int g0/0
speed 1000
duplex full
description ##TO SW1##
SW1#
int g0/1
speed 1000
duplex full
description ##TO R1##
int g0/2
speed 1000
duplex full
description ##TO SW1##
SW2#
int g0/1
speed 1000
duplex full
description ## TO SW1 ##
4. Configure appropriate descriptions on each interface
5. Disable interfaces which are not connected to other devices
SW1#
int range f0/3-24
shutdown
SW2#
int range f0/3-24
shutdown
All devices have NO pre-configurations:
1. Configure the PCs and routers according to the network diagram (hostnames, IP addresses, etc.)
Remember to configure the gateway on the PCs.
(You don’t have to configure the switches)
R1#
en
conf t
hostname R1
int g0/0
ip address 192.168.12.1 255.255.255.0
no shutdown
int g0/1
ip address 192.168.1.254 255.255.255.0
no shutdown
R2#
en
conf t
hostname R2
int g0/0
ip address 192.168.12.2 255.255.255.0
no shutdown
int g0/1
ip address 192.168.13.2 255.255.255.0
no shutdown
R3#
en
conf t
hostname R3
int g0/0
ip address 192.168.13.3 255.255.255.0
no shutdown
int g0/1
ip address 192.168.3.254 255.255.255.0
no shutdown
2. Configure static routes on the routers to enable PC1 to successfully ping PC2.
R1#
ip route 192.168.3.0 255.255.255.0 192.168.12.2
R2#
R2(config)#ip route 192.168.3.0 255.255.255.0 192.168.13.3
R2(config)#ip route 192.168.1.0 255.255.255.0 192.168.12.1
R3#
ip route 192.168.1.0 255.255.255.0 192.168.13.2
PC1 and PC2 are unable to ping eachother.
There is one misconfiguration on each router.
Find and fix the misconfigurations.
You have successfully completed the lab when PC1 and PC2 can ping eachother.
R1-
Has the wrong route to 192.168.3.0/24 network
#no ip route 192.168.3.0 255.255.255.0 192.168.12.3
#ip route 192.168.3.0 255.255.255.0 192.168.12.2
R2
Has the wrong interface for the 192.168.3.0/24 route
no ip route 192.168.3.0 255.255.255.0 GigabitEthernet0/0
ip route 192.168.3.0 255.255.255.0 GigabitEthernet0/1
R3
Has the wrong IP for G0/0
int g0/0
no ip address 192.168.23.3 255.255.255.0
ip address 192.168.13.3 255.255.255.0
Subnet the 192.168.5.0/24 network to provide sufficient addressing for each LAN.
(Also, the point-to-point connection between R1 and R2).
Lan1
192.168.5.128/26
Lan 2
192.168.5.0/25
Lan 3
192.168.5.192/28
Lan 4
192.168.5.208/28
PP
192.168.5.224/30
Assign the first usable address to the PC in each LAN.
PC1 192.168.5.129
PC2 192.168.5.1
PC3 192.168.5.193
PC4 192.168.5.209
Assign the last usable address to the router’s interface in each LAN.
R1 G0/0 – 192.168.5.190
G0/1 – 192.168.5.126
G0/0/0 – 192.168.5.225
R2 G0/0 – 192.168.5.206
G0/1 – 192.168.5.222
G0/0/0 – 192.168.5.226
Configure static routes on each router so that all PCs can ping eachother.
R1#
ip route 192.168.5.192 255.255.255.240 192.168.5.226
ip route 192.168.5.208 255.255.255.240 192.168.5.226
R2#
ip route 192.168.5.0 255.255.255.128 192.168.5.225
ip route 192.168.5.128 255.255.255.192 192.168.5.225
1. Configure the correct IP address/subnet mask on each PC.
Set the gateway address as the LAST USABLE address of the subnet.
PC1 10.0.0.1 255.255.255.192
PC2 10.0.0.2 255.255.255.192
Default Gateway VLAN 10 10.0.0.62 255.255.255.192
PC3 10.0.0.65 255.255.255.192
PC4 10.0.0.65 255.255.255.192
Default Gateway VLAN 10 10.0.0.126 255.255.255.192
PC3 10.0.0.130 255.255.255.192
PC4 10.0.0.129 255.255.255.192
Default Gateway VLAN 10 10.0.0.190 255.255.255.192
2. Make three connections between R1 and SW1.
Configure one interface on R1 for each VLAN.
Make sure the IP addresses are the gateway address you configured on the PCs.
R1(config)#
int g0/0
ip address 10.0.0.62 255.255.255.192
no shutdown
int g0/1
ip address 10.0.0.126 255.255.255.192
no shutdown
int g0/2
ip address 10.0.0.190 255.255.255.192
no shutdown
3. Configure SW1’s interfaces in the proper VLANs.
Remember the interfaces that connect to R1!
Name the VLANs
(Engeering, HR, Sales)
SW1(config)#
int range f3/1,f4/1,g0/1
switchport mode access
switchport access vlan 10
int range f5/1,f6/1,g1/1
switchport mode access
switchport access vlan 20
int range f7/1,f8/1,g2/1
switchport mode access
switchport access vlan 30
vlan 10
name Engineering
vlan 20
name HR
vlan 30
name Sales
4. Ping between the PCs to check connectivity.
Send a broadcast ping from a PC (ping the subnet broadcast address),
and see which PCs devices receive the broadcast
(use Packet Tracer’s ‘Simulation Mode’)
1. Configure the switch interfaces connected to PCs as access ports in the correct VLAN.
SW1(config)#
int range f0/3-4
switchport mode access
switchport access vlan 30
int range f0/1-2
switchport mode access
switchport access vlan 10
SW2(config)#
int f0/1
switchport mode access
switchport access vlan 20
int range f0/2-3
switchport mode access
switchport access vlan 10
2. Configure the connection between SW1 and SW2 as a trunk, allowing only the necessary VLANs.
Configure an unused VLAN as the native VLAN.
**Make sure all necessary VLANs exist on each switch**
SW1(config)#
int g0/1
switchport mode trunk
switchport trunk native vlan 1337
switchport trunk allowed vlan 10
switchport trunk allowed vlan 20
switchport trunk allowed vlan 30
vlan 20
SW2(config)#
int g0/1
switchport mode trunk
switchport trunk native vlan 1337
switchport trunk allowed vlan 10
switchport trunk allowed vlan 20
switchport trunk allowed vlan 30
vlan 30
3. Configure the connection between SW2 and R1 using ‘router on a stick’.
Assign the last usable address of each subnet to R1’s subinterfaces.
SW2(config)#
int g0/2
switchport mode trunk
R1(config)#
int g0/0
no shutdown
int g0/0.10
encapsulation dot1q 10
ip address 10.0.0.62 255.255.255.192
int g0/0.20
encapsulation dot1q 20
ip address 10.0.0.126 255.255.255.192
int g0/0.30
encapsulation dot1q 30
ip address 10.0.0.190 255.255.255.192
4. Test connectivity by pinging between PCs. All PCs should be able to reach each other.
All devices are preconfigured from the end of Day 17’s lab (SW2 has been replaced with a multilayer switch):
Hosts are in the correct VLANs.
SW1-SW2 are connected via trunk.
R1-SW2 are connected via ROAS.
1. Replace the ROAS configuration on R1-SW2 with a point-to-point Layer 3 connection.
Use the IP addresses given in the network diagram.
Configure a default route on SW2, with R1’s G0/0 interface as the next hop.
R1(config)#
no int g0/0.10
no int g0/0.20
no int g0/0.30
int g0/0
ip address 10.0.0.194 255.255.255.252
SW2(config)#
int g1/0/2
no switchport
ip address 10.0.0.193 255.255.255.252
default interface g1/0/2
ip routing
ip route 0.0.0.0 0.0.0.0 10.0.0.194
2. Configure SVIs on SW2, one for each VLAN.
Assign the last usable IP address of each subnet to the appropriate SVI.
SW2(config)#
int vlan 10
ip address 10.0.0.62 255.255.255.192
int vlan 20
ip address 10.0.0.126 255.255.255.192
int vlan 30
ip address 10.0.0.190 255.255.255.192
3. Test inter-VLAN connectivity by pinging between VLANs.
4. Test connectivity to the Internet by pinging 1.1.1.1
*R1 has a route to the Internet, but not to the LAN, so you’ll have to configure it
**In the video I didn’t configure the routes, but I know you can do it on your own 😉
R1(config)#
ip route 10.0.0.0 255.255.255.192 10.0.0.193
ip route 10.0.0.64 255.255.255.192 10.0.0.193
ip route 10.0.0.128 255.255.255.192 10.0.0.193
1. Configure the switchports connecting switches as trunk ports.
Disable DTP on the ports.
Confirm the administrative and operational mode of each interface.
CLI SW1>
en
sh int g0/1 sw
conf t
int g0/1
sw mode trunk
switchport nonegotiate
do sh int g0/1
CLI SW2>
en
conf t
int range g0/1 – 2
sw mode trunk
switchport nonegotiate
do sh int g0/1 sw
do sh int g0/2 sw
CLI SW3>
en
conf t
int g0/1
sw mode trunk
sw nonegotiate
2. Configure SW1 in VTP domain CCNA.
Create VLANs 10, 20, and 30 on SW1.
Have SW2 and SW3 added VLANs 10, 20, and 30?
CLI SW1>
exit
do sh vtp status
vtp domain CCNA
vlan 10
vlan 20
vlan 30
exit
do sh vtp status
Check SW2 has joined VTP domain
CLI SW2>
exit
do sh vtp status
do sh vlan brief
Check SW3
CLI SW3>
exit
do sh vtp status
do sh vlan brief
3. Configure SW2 in VTP transparent mode.
Add VLAN40 to SW2.
Is VLAN40 added to the VLAN database of SW1/SW3?
CLI SW2>
vtp mode transparent
vlan 40
exit
do sh vtp status
Check SW1
CLI SW1>
do sh vlan brief
Check SW3
CLI SW3>
do sh vlan brief
VLAN40 is not in the database of SW1/SW3
4. Configure SW3 in VTP client mode.
Try to configure VLAN50 on SW3. Is it added?
CLI SW3>
vtp mode client
vlan 50
You are not allowed to add VLAN when in client mode so you have to add it on SW1 which will advertise the new VLAN to SW3
5. Configure all switchports connected to hosts in the correct VLAN.
Manually configure them as access ports.
Is DTP still enabled on the switchports?
CLI SW3>
int f0/1
sw mode ac
sw ac vlan 10
do sh int f0/1 sw
int range f0/2 – 3
sw mode ac
sw ac vlan 30
int f0/4
sw mode ac
sw ac vlan 20
CLI SW2>
int range f0/1 – 2
sw mode ac
sw ac vlan 40
CLI SW1>
int range f0/1 -2
sw mode ac
sw ac vlan 10
int f0/3
sw mode ac
sw ac vlan 20
DTP is no longer active on the access interfaces
1. Configure the appropriate hostnames and IP addresses on each device. Enable router interfaces.
(You don’t have to configure ISPR1)
R1#(config)#
hostname R1
int g0/0
ip address 10.0.12.1 255.255.255.252
int f1/0
ip address 10.0.13.1 255.255.255.252
R2#(config)#
hostname R2
int g0/0
ip address 10.0.12.2 255.255.255.252
int f1/0
ip address 10.0.24.1 255.255.255.252
R3#(config)#
hostname R3
int f1/0
ip address 10.0.13.2 255.255.255.252
int f2/0
ip address 10.0.34.1 255.255.255.252
R3#(config)#
hostname R4
int f1/0
ip address 10.0.24.2 255.255.255.252
int f2/0
ip address 10.0.34.2 255.255.255.252
2. Configure a loopback interface on each router (1.1.1.1/32 for R1, 2.2.2.2/32 for R2, etc.)
R1(config)#
int l0
ip address 1.1.1.1
R2(config)#
int l0
ip address 2.2.2.2
R3(config)#
int l0
ip address 3.3.3.3
R4(config)#
int l0
ip address 4.4.4.4
3. Configure OSPF on each router.
Enable OSPF on each interface (including loopback interfaces).
(Do not enable OSPF on R1’s Internet link)
Configure passive interfaces where appropriate (including loopback interfaces).
R1(config)#
router ospf 1
network 10.0.12.0 0.0.0.3 area 0
network 10.0.13.0 0.0.0.3 area 0
network 1.1.1.1 0.0.0.0 area 0
passive-interface g3/0
passive-interface l0
R2(config)#
router ospf 1
network 10.0.12.0 0.0.0.3 area 0
network 10.0.24.0 0.0.0.3 area 0
network 2.2.2.2 0.0.0.0 area 0
passive-interface l0
R3(config)#
router ospf 1
network 10.0.13.0 0.0.0.3 area 0
network 10.0.34.0 0.0.0.3 area 0
network 3.3.3.3 0.0.0.0 area 0
passive-interface l0
R4(config)#
router ospf 1
network 10.0.24.0 0.0.0.3 area 0
network 10.0.34.0 0.0.0.3 area 0
network 4.4.4.4 0.0.0.0 area 0
passive-interface g0/0
passive-interface l0
4. Configure R1 as an ASBR that advertises a default route in to the OSPF domain.
R1(config)#
default-information originate
5. Check the routing tables of R2, R3, and R4. What default route(s) were added?
1. Configure the appropriate hostnames and IP addresses on each device. Enable router interfaces.
(You don’t have to configure ISPR1)
R1#(config)#
hostname R1
int g0/0
ip address 10.0.12.1 255.255.255.252
int f1/0
ip address 10.0.13.1 255.255.255.252
R2#(config)#
hostname R2
int g0/0
ip address 10.0.12.2 255.255.255.252
int f1/0
ip address 10.0.24.1 255.255.255.252
R3#(config)#
hostname R3
int f1/0
ip address 10.0.13.2 255.255.255.252
int f2/0
ip address 10.0.34.1 255.255.255.252
R3#(config)#
hostname R4
int f1/0
ip address 10.0.24.2 255.255.255.252
int f2/0
ip address 10.0.34.2 255.255.255.252
2. Configure a loopback interface on each router (1.1.1.1/32 for R1, 2.2.2.2/32 for R2, etc.)
R1(config)#
int l0
ip address 1.1.1.1 255.255.255.255
R2(config)#
int l0
ip address 2.2.2.2 255.255.255.255
R3(config)#
int l0
ip address 3.3.3.3 255.255.255.255
R4(config)#
int l0
ip address 4.4.4.4
3. Enable OSPF directly on each interface of the routers.
Configure passive interfaces as appropriate.
R1(config)#
router ospf 1
network 10.0.12.0 0.0.0.3 area 0
network 10.0.13.0 0.0.0.3 area 0
network 1.1.1.1 0.0.0.0 area 0
passive-interface g3/0
passive-interface l0
R2(config)#
router ospf 1
network 10.0.12.0 0.0.0.3 area 0
network 10.0.24.0 0.0.0.3 area 0
network 2.2.2.2 0.0.0.0 area 0
passive-interface l0
R3(config)#
router ospf 1
network 10.0.13.0 0.0.0.3 area 0
network 10.0.34.0 0.0.0.3 area 0
network 3.3.3.3 0.0.0.0 area 0
passive-interface l0
R4(config)#
router ospf 1
network 10.0.24.0 0.0.0.3 area 0
network 10.0.34.0 0.0.0.3 area 0
network 4.4.4.4 0.0.0.0 area 0
passive-interface g0/0
passive-interface l0
4. Configure the reference bandwidth on each router so a FastEthernet interface
has a cost of 100.
R1(config)#
router ospf 1
auto-cost reference-bandwith 10000
R2(config)#
router ospf 1
auto-cost reference-bandwith 10000
R3(config)#
router ospf 1
auto-cost reference-bandwith 10000
R4(config)#
router ospf 1
auto-cost reference-bandwith 10000
5. Configure R1 as an ASBR that advertises a default route in to the OSPF domain.
R1(config)#
router ospf 1
default-information originate
6. Check the routing tables of R4. What default route(s) were added?
(watch the video for a brief explanation)
7. Use Simulation mode to view the OSPF Hello messages being sent by the routers.
What fields are included in the Hello message?
The IPv4 configuration of each device is complete.
Perform the following IPv6 configurations to create an
IPv4/IPv6 ‘dual-stack’ network.
1. Enable IPv6 routing on R1.
R1(config)#
ipv6 unicast-routing
2. Configure the appropriate IPv6 addresses on R1.
R1(config)#
int g0/0
ipv6 address 2001:db8:0:1::1/64
int g0/1
ipv6 address 2001:db8:0:2::1/64
int g0/2
ipv6 address 2001:db8:0:3::1/64
3. Confirm your configurations.
What IPv6 addresses are present on each interface?
GigabitEthernet0/0 [up/up]
FE80::201:97FF:FE9A:AC01
2001:DB8:0:1::1
GigabitEthernet0/1 [up/up]
FE80::201:97FF:FE9A:AC02
2001:DB8:0:2::1
GigabitEthernet0/2 [up/up]
FE80::201:97FF:FE9A:AC03
2001:DB8:0:3::1
4. Configure the appropriate IPv6 addresses on each PC.
Configure the correct default gateway.
PC1 – 2001:db8:0:1::2/64
PC1 Default Gateway – 2001:DB8:0:1::1
PC2 – 2001:db8:0:2::2/64
PC2 Default Gateway – 2001:DB8:0:2::1
PC3 – 2001:db8:0:3::2/64
PC3 Default Gateway – 2001:DB8:0:3::1
5. Attempt to ping between the PCs (IPv4 and IPv6)
All pings successful
Interfaces are enabled and configured with IPv4.
You will configure IPv6 in the network.
1. Use EUI-64 to configure IPv6 addresses on G0/1 of R1/R2
*Before configuring the addresses, calculate the EUI-64 interface ID that will be
generated on each interface.
R1 G0/1 MAC Address 0030.f236.4502
0230:f2ff:fe36:4502
int g0/1
ipv6 address 2001:db8::/64 eui-64
R2 G0/1 MAC Address 0001.63b0.b802
0201:63ff:feb0:b802
int g0/1
ipv6 address 2001:db8:0:1:: eui-64
2. Configure the appropriate IPv6 addresses/default gateways on PC1 and PC2.
PC1 Default Gateway 2001:db8::230:f2ff:fe36:4502
PC2 Default Gateway 2001:db8:0:1:201:63ff:feb0:b802
3. Enable IPv6 on G0/0 of R1/R2 without explicitly configuring an IPv6 address.
int g0/0
ipv6 enable
4. Configure static routes on R1/R2 to enable PC1 to ping PC2.
Use the ‘ipv6 route’ command with ‘?’ to learn how to use the command.
*We will study IPv6 static routes in depth in Day 33.
R1
ipv6 route 2001:db8:0:1::/64 g0/0 fe80::201:63ff:feb0:b801
R2
ipv6 route 2001:db8::/64 g0/0 fe80::230:f2ff:fe36:4501
IPv6 addresses have been pre-configured on the routers.
The serial connections use link-local addresses only.
1. Enable IPv6 routing on each router.
ipv6 unicast-routing on all routers
2. Use SLAAC to configure IPv6 addresses on the PCs.
What IPv6 address was configured on each PC?
Set ipv6 to automatic in config for default gateway and local ipv6
ip is based on on ipv6 from router and eui-64 from local mac address
3. Configure static routes on the routers to allow PC1 and PC2 to ping each other.
The path via R2 should be used only as a backup path.
R1
ipv6 route 2001:db8:0:3::/64 g0/1 2001:db8:0:13::2
ipv6 route 2001:db8:0:3::/64 s0/0/0 200
R2
ipv6 route 2001:db8:0:3::/64 s0/0/1
ipv6 route 2001:db8:0:1::/64 s0/0/0
R3
ipv6 route 2001:db8:0:1::/64 g0/1 2001:db8:0:13::1
ipv6 route 2001:db8:0:1::/64 s0/0/0 200
Day 34
1. Configure OSPF on R1 and R2 to allow full connectivity between the PCs and servers.
R1
router ospf 1
network 172.16.2.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
network 203.0.113.0 0.0.0.3 area 0
passive-interface g0/0
passive-interface g0/1
R2
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 203.0.113.0 0.0.0.3 area 0
passive-interface g0/0
passive-interface g0/1
2. Configure standard numbered ACLS on R1 and standard named ACLs on R2
to fulfill the following network policies:
-Only PC1 and PC3 can access 192.168.1.0/24
-Hosts in 172.16.2.0/24 can’t access 192.168.2.0/24
-172.16.1.0/24 can’t access 172.16.2.0/24
-172.16.2.0/24 can’t access 172.16.1.0/24
R1
access-list 1 deny 172.16.2.0 0.0.0.255
access-list 1 permit any
access-list 1 remark ## Block SW1 to SW2##
int g0/1
ip access-group 1 out
access-list 2 deny 172.16.2.0 0.0.0.255
access-list 2 permit any
access-list 2 remark ## Block SW2 to SW1##
int g0/0
ip access-group 2 out
R2
ip access-list standard allowpc1and3
permit 172.16.1.1
permit 172.16.2.1
remark ## Allow access to only pc1 and pc3##
int g0/0
ip access-group allowpc1and3 out
ip access-list standard denysw2
deny 172.16.2.0 0.0.0.255
permit any
remark ##Deny SW2 subnet##
int g0/1
ip access-group denysw2 out
1. Configure extended ACLS to fulfill the following network policies:
-Hosts in 172.16.2.0/24 can’t communicate with PC1.
-Hosts in 172.16.1.0/24 can’t access the DNS service on SRV1.
-Hosts in 172.16.2.0/24 can’t access the HTTP or HTTPS services on SRV2.
R1#
ip access-list extended BLOCK_PC1_HTTP_HTTPS
deny ip 172.16.2.0 0.0.0.255 host 172.16.1.1
deny tcp 172.16.2.0 0.0.0.255 host 192.168.2.100 eq 443
deny tcp 172.16.2.0 0.0.0.255 host 192.168.2.100 eq 80
permit ip any any
int g0/1
ip access-group BLOCK_PC1_HTTP_HTTPS in
ip access-list extended BLOCK_DNS
deny udp 172.16.1.0 0.0.0.255 192.168.1.100 0.0.0.0 eq domain
permit ip any any
int g0/0
ip access-group BLOCKDNS in
1. Use CDP (and other commands) to identify and label the missing IP addresses
and interface IDs of the devices in the network.
ipconfig on all 3 PC’s
IP Addresses
PC1 – 192.168.1.1
R1 – g0/0 – 10.0.13.1
– g0/1 – 10.0.12.1
– g0/2 – 192.168.1.254
PC2 – 192.168.2.1
R2 – g0/0 – 10.0.12.2
– g0/1 – 192.168.2.254
– g0/2 – 10.0.23.1
PC3 – 192.168.3.1
R3 – g0/0 – 192.168.3.254
– g0/1 – 10.0.13.2
– g0/2 – 10.0.23.2
2. Disable CDP on the switch interfaces currently connected to PCs.
SW1#
int f0/10
no cdp enable
do show cdp interface f0/10
SW2#
int f0/1
no cdp enable
do show cdp interface f0/1
SW3#
int f0/24
no cdp enable
do show cdp interface f0/24
3. Disable CDP globally on each network device.
4. Enable LLDP globally on each network device, and enable Tx/Rx on the interfaces
connected to other network devices.
*Tx/Rx are currently disabled on all interfaces
SW3#
no cdp run
lldp run
int g0/1
lldp transmit
lldp receive
R3#
no cdp run
lldp run
int range g0/1-2
lldp transmit
lldp receive
SW2#
no cdp run
lldp run
int g0/2
lldp transmit
lldp receive
R2#
no cdp run
lldp run
int range g0/1-2
lldp transmit
lldp receive
SW1#
no cdp run
lldp run
int g0/1
lldp transmit
lldp receive
R1#
no cdp run
lldp run
int range g0/1-2
lldp transmit
lldp receive
ROUTING HAS BEEN PRECONFIGURED
(default route on R1, OSPF on all routers with ‘network 0.0.0.0 255.255.255.255 area 0’)
1. Configure the software clock on R1, R2, and R3 to 12:00:00 Dec 30 2020 (UTC).
R1,R2,R3#clock set 12:00:00 DEC 30 2020
2. Configure the time zone of R1, R2, and R3 to match your own.
R1/R2/R3(config)#clock timezone CHI -5
3. Configure R1 to synchronize to NTP server 1.1.1.1 over the Internet.
What stratum is 1.1.1.1? What stratum is R1?
R1(config)#ntp server 1.1.1.1
1.1.1.1 is stratum 1
R1 is stratum 2
4. Configure R1 as a stratum 8 NTP master.
Synchronize R2 and R3 to R1 with authentication.
*the ‘ntp source’ command is not available in Packet Tracer, so just use
the physical interface IP addresses of R1.
R1(config)#
ntp master
ntp authenticate
ntp authentication-key 1 md5 NTPCLOCK
ntp trusted-key 1
R2(config)#
ntp authenticate
ntp authentication-key 1 md5 NTPCLOCK
ntp trusted-key 1
ntp server 192.168.12.1 key 1
R3(config)#
ntp authenticate
ntp authentication-key 1 md5 NTPCLOCK
ntp trusted-key 1
ntp server 192.168.12.1 key 1
5. Configure NTP to update the hardware calendars of R1, R2, and R3.
*you can’t view the calendar in Packet Tracer
R1,R2,R3(config)#ntp update-calendar
1. Configure a default route to the Internet on R1.
R1(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.2
2. Configure PC1, PC2, and PC3 to use 1.1.1.1 as their DNS server.
Go into config and add 1.1.1.1 into DNS Server
3. Configure R1 to use 1.1.1.1 as its DNS server.
Configure host entries on R1 for R1, PC1, PC2, and PC3.
Ping PC1 by name from R1.
R1(config)#
ip name-server 1.1.1.1
ip host R1 192.168.0.254
ip host PC1 192.168.0.1
ip host PC2 192.168.0.2
ip host PC3 192.168.0.3
do ping PC1
4. #USE SIMULATION MODE FOR THIS STEP#
From PC1, ping youtube.com by name. Analyze the messages being sent.
It will send a query to the DNS server first to find the ip address
Commands
(config)#ip dhcp excluded-address low-address high-address
(config)#ip dhcp pool pool-name
(dhcp-config)#network ip-address {/prefix-length | subnet-mask}
(dhcp-config)#dns-server ip-address
(dhcp-config)#domain-name domain-name
(dhcp-config)#default-router ip address
(dhcp-config)#lease {days hours minutes | infinite}
#show ip dhcp binding
(config-if)#ip helper-address ip address (DHCP Relay)
(config-if)#ip address dhcp (DHCP client)
1. Configure the following DHCP pools on R2:
POOL1: 192.168.1.0/24 (reserve .1 to .10)
DNS 8.8.8.8
Domain: jeremysitlab.com
Default Gateway: R1
POOL2: 192.168.2.0/24 (reserve .1 to .10)
DNS 8.8.8.8
Domain: jeremysitlab.com
Default Gateway: R2
POOL3: 203.0.113.0/30 (reserve .1)
R2#
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 203.0.113.1
ip dhcp pool POOL1
network 192.168.1.0 /24
dns-server 8.8.8.8
domain-name jeremysitlab.com
default-router 192.168.1.1
ip dhcp pool POOL2
network 192.168.2.0 /24
dns-server 8.8.8.8
domain-name jeremysitlab.com
default-router 192.168.2.1
ip dhcp pool POOL3
network 203.0.113.0 /30
2. Configure R1’s G0/0 interface as a DHCP client.
What IP address did it configure?
int g0/0
ip address dhcp
it was offered 203.0.113.2
3. Configure R1 as a DHCP relay agent for the 192.168.1.0/24 subnet.
int g0/0
ip helper-address 192.168.1.1
4. Use the CLI of PC1 and PC2 to make them request an IP address
from their DHCP server.
ipconfig /renew
Commands
snmp-server contact
snmp-server location
snmp-server community “” ro
snmp-server community “” rw
snmp-server host ip version 2 “”
snmp-server enable traps
## SNMP functionality is VERY limited in Packet Tracer! ##
1. Configure the following SNMP communities on R1:
read-only: Cisco1
read/write: Cisco2
snmp-server community Cisco1 ro
snmp-server community Cisco2 rw
2. Use SNMP ‘Get’ messages via the MIB browser on PC1 to check the following:
-How long has R1 been running? (system uptime) 9 hours 2 minutes 21 seconds
-What is the currently configured hostname on R1? R1
-How many interfaces does R1 have? 4
-What are those interfaces? Vlan1, G0/0, G0/1,G0/2
+check what other information you can learn about R1 via SNMP Get messages.
3. Use an SNMP ‘Set’ message from PC1 to change the hostname of R1.
Choose octetstring in MIB manager
R1 username: jeremy, PW: ccna, enable PW: ccna
1. Connect to R1’s console port using PC2:
-Shut down the G0/0 interface
R1(config-if)#shutdown
-After you receive a syslog message, re-enable the interface.
R1(config-if)#no shutdown
-What is the severity level of the syslog messages?
Level 5(Notice)
-Enable timestamps for logging messages
R1(config)#sevice timestamps log datetime msec
2. Telnet from PC1 to R1’s G0/0 interface (watch the video to learn how!)
-Enable the unused G0/1 interface
-Why does no syslog message appear?
Log messages are not enabled by default for VTY lines
-Enable logging to the VTY lines for the current session.
*there is no ‘logging monitor’ command in packet tracer,
but it’s enabled by default
R1#terminal monitor
3. Enable logging to the buffer, and configure the buffer size to 8192 bytes.
R1(config)#logging buffered 8192
4. Enable logging to the syslog server SRV1 with a level of ‘debugging’.
R1(config)#logging host 192.168.1.100
logging trap debugging
#show version
#show ip ssh
(config)#ip default-gateway
(config)#line con 0
(config)#line vty 0 15
(config)#crypto key generate rsa
(config)#ip ssh version 2
(config-line)#login [local]
(config-line)#transport input [protocols | all | none]
(config-line)#exec-timeout minutes seconds
(config-line)#access-class acl in
telnet ip-address
ssh -l username ip-address
*SW2 has been newly added to the network, but has not yet been configured.
1.Connect Laptop1 to SW2’s console port to perform the following configurations:
Host name: SW2
Enable secret: ccna
Username/PW: jeremy/ccna
VLAN1 SVI: 192.168.2.253/24
Default gateway: R2
SW2#
hostname SW2
enable secret ccna
username jeremy secret ccna
int vlan 1
ip address 192.168.2.253 255.255.255.0
no shutdown
exit
ip default-gateway 192.168.2.254
2. Configure the following console line security settings on SW2:
Authentication: Local user
Exec timeout: 5 minutes
line con 0
login local
exec-timeout 5
3. Configure SW2 for remote access via SSH:
Domain name: jeremysitlab.com
RSA key size: 2048 bits
Authentication: Local user
Exec timeout: 5 minutes
Protocols: SSH only
+Limit access to PC1 ONLY
ip domain-name jeremysitlab.com
crypto key generate rsa
2048
ip ssh version 2
access-list 1 permit 192.168.1.0 0.0.0.0
line vty 0 15
login local
exec-timeout 5
transport input ssh
access-class 1 in
Commands
#show file systems
#show flash
#copy source destination
(config)#boot system filepath
(config)#ip ftp username username
(config)#ip ftp password password
1. Configure the appropriate IP addresses on each device.
Configure routing on the routers to allow full connectivity.
R1#
conf t
int g0/0
ip address 192.168.12.1 255.255.255.252
no shutdown
int g0/1
ip address 10.0.0.254 255.255.255.0
no shutdown
exit
router ospf 1
network 10.0.0.0 0.0.0.255 area 0
network 192.168.12.0 0.0.0.3 area 0
R2#
conf t
int g0/0
ip address 192.168.12.2 255.255.255.252
no shutdown
exit
router ospf 1
network 192.168.12.0 0.0.0.3 area 0
2. Use TFTP on R1 to retrieve the following file from SRV1:
c2900-universalk9-mz.SPA.155-3.M4a.bin
R1#
copy tftp flash
10.0.0.1
c2900-universalk9-mz.SPA.155-3.M4a.bin
3. Upgrade R1’s OS and then delete the old file from flash.
R1#
boot system flash c2900-universalk9-mz.SPA.155-3.M4a.bin
reload
yes
yes
sh flash
delete c2900-universalk9-mz.SPA.151-4.bin
sh flash
4. Use FTP on R2 to retrieve the following file from SRV1:
c2900-universalk9-mz.SPA.155-3.M4a.bin
(FTP username: jeremy, password: ccna)
**THE TRANSFER MAY TAKE ABOUT A MINUTE**
R1#
ip ftp username jeremy
ip ftp password ccna
copy ftp flash
10.0.0.1
c2900-universalk9-mz.SPA.155-3.M4a.bin
5. Upgrade R2’s OS and then delete the old file from flash.
R2#
boot system flash c2900-universalk9-mz.SPA.155-3.M4a.bin
reload
yes
yes
sh flash
delete c2900-universalk9-mz.SPA.151-4.bin
sh flash
Commands
(config-if)#ip nat inside
(config-if)#ip nat outside
(config)#ip nat inside source static
#show ip nat translations
#show ip nat statistics
#clear ip nat translation *
1. Attempt to ping from PC1 to 8.8.8.8. Does the ping work?
It does not work
2. Configure static NAT on R1.
> Configure the appropriate inside/outside interfaces
> Map the IP addresses of PC1, PC2, and PC3 to 100.0.0.x/24
R1#
int g0/1
ip nat inside
int g0/0
ip nat outside
ip nat inside source static 172.16.0.1 100.0.0.1
ip nat inside source static 172.16.0.2 100.0.0.2
ip nat inside source static 172.16.0.3 100.0.0.3
3. Ping 8.8.8.8 from PC1 again. Does the ping work?
Yes it does work.
4. Ping google.com from each PC, and then check the NAT translations on R1.
It has static translations for each inside local and inside global. Also has dynamic entries.
5. Clear the NAT translations on R1. Which entries remain?
Only the static translations stay while the dynamic get cleared out.
Commands
(config)#ip nat pool pool-name start-ip end-ip [prefix-length | netmask] subnet-mask | prefix-length
(config)#ip nat inside source list access-list pool pool-name
(config)#ip nat inside source list access-list pool pool-name overload
(config)#ip nat inside source list access-list interface interface overload
1. Configure dynamic NAT on R1.
> Configure the appropriate inside/outside interfaces
> Translate all traffic from 172.16.0.0/24
> Create a pool of 100.0.0.1 to 100.0.0.2 from the 100.0.0.0/24 subnet
R1#
int g0/1
ip nat inside
int g0/0
ip nat outside
exit
ip nat pool POOL1 100.0.0.1 100.0.0.2 netmask 24
access-list 1 permit 172.16.0.0 0.0.0.255
ip nat inside source list 1 pool POOL1
2. Ping google.com from PC1 and PC2. Then, ping it from PC3.
What happens to PC3’s ping?
They are not going through because there are not enough ip addresses to assign to pc3
3. Clear the NAT translations and remove the current NAT configuration.
Switch the configuration to PAT using R1’s public IP address.
R1#
clear ip nat translation *
no ip nat pool POOL1 100.0.0.1 100.0.0.2 netmask 24
ip nat inside source list 1 interface gigabitethernet 0/0 overload
4. Ping google.com from each PC. Do the pings work?
Examine the NAT translations on R1.
Yes they do work
R1(config)#do sh ip nat translation
Pro Inside global Inside local Outside local Outside global
icmp 203.0.113.1:1024 172.16.0.3:5 8.8.8.8:5 8.8.8.8:1024
icmp 203.0.113.1:1025 172.16.0.3:6 8.8.8.8:6 8.8.8.8:1025
icmp 203.0.113.1:1026 172.16.0.3:7 8.8.8.8:7 8.8.8.8:1026
icmp 203.0.113.1:1027 172.16.0.3:8 8.8.8.8:8 8.8.8.8:1027
icmp 203.0.113.1:13 172.16.0.1:13 8.8.8.8:13 8.8.8.8:13
icmp 203.0.113.1:14 172.16.0.1:14 8.8.8.8:14 8.8.8.8:14
icmp 203.0.113.1:15 172.16.0.1:15 8.8.8.8:15 8.8.8.8:15
icmp 203.0.113.1:16 172.16.0.1:16 8.8.8.8:16 8.8.8.8:16
icmp 203.0.113.1:5 172.16.0.2:5 8.8.8.8:5 8.8.8.8:5
icmp 203.0.113.1:6 172.16.0.2:6 8.8.8.8:6 8.8.8.8:6
icmp 203.0.113.1:7 172.16.0.2:7 8.8.8.8:7 8.8.8.8:7
icmp 203.0.113.1:8 172.16.0.2:8 8.8.8.8:8 8.8.8.8:8
**Telephony configurations (not relevant to the CCNA) have been pre-configured on R1**
1. Configure SW1’s interfaces in the appropriate VLANs.
SW1(config)#
int g1/0/2-3
switchport mode access
switchport access vlan 10
switchport voice vlan 20
int g1/0/1
switchport mode trunk
switchport trunk allowed vlan 10,20
2. Configure ROAS for the connection between SW1 and R1.
R1(config)#
int f0/0
no shutdown
int f0/0.10
encapsulation dot1Q 10
no shutdown
int f0/0.20
encapsulation dot1Q 20
no shutdown
3. In simulation mode, ping PC2 from PC1.
Is the traffic tagged with a VLAN ID?
No
*WATCH THE VIDEO TO LEARN HOW TO DO STEP 4*
4. In simulation mode, call PH1 from PH2. Is the traffic tagged with a VLAN ID?
Yes
1. Configure port security on the following interfaces:
#SW1 F0/1, F0/2, F0/3#
Violation mode: Shutdown
Maximum addresses: 1
Sticky learning: Disabled
Aging time: 1 hour
SW1(config)#
int range f0/1-3
switchport mode access
switchport port-security
switchport port-security aging time 60
#SW2 G0/1#
Violation mode: Restrict
Maximum addresses: 4
Sticky learning: Enabled
SW2(config)#
int g0/1
switchport mode trunk
switchport port-security maximum 4
switchport port-security violation restrict
switchport port-security mac-address sticky
2. Trigger port security violations on SW1 and SW2 (for example by
connecting another PC) and observe the actions taken by each switch.
1. Configure R1 as a DHCP server.
Exclude 192.168.1.1 – 192.168.1.9 from the pool
Default gateway: R1
R1(config)#
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp pool POOL1
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
domain-name hurtado.tech
default-router 192.168.1.1
2. Configure DHCP snooping on SW1 and SW2.
Configure the uplink interfaces as trusted ports.
SW1(config)#
ip dhcp snooping
no ip dhcp snooping information option
ip dhcp snooping vlan 1
int g0/1
ip dhcp snooping trust
SW2(config)#
ip dhcp snooping
no ip dhcp snooping information option
ip dhcp snooping vlan 1
int g0/2
ip dhcp snooping trust
3. Use IPCONFIG /RENEW on PC1 to get an IP address.
Does it work? Why or why not?
4. If it doesn’t work, make the necessary configuration change to fix it.
1. Configure R1 as a DHCP server.
Exclude 192.168.1.1 – 192.168.1.9 from the pool
Default gateway: R1
R1(config)#
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp pool POOL1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
2. Configure DHCP snooping on SW1 and SW2.
SW1(config)#
ip dhcp snooping
ip dhcp snooping vlan 1
no ip dhcp snooping information option
int range g0/2
ip dhcp snooping trust
SW2(config)#
ip dhcp snooping
ip dhcp snooping vlan 1
no ip dhcp snooping information option
int g0/1
ip dhcp snooping trust
3. Configure DAI on SW1 and SW2.
-Enable all additional validation checks
-Trust ports connected to a router or switch
SW1(config)#
ip arp inspection vlan 1
ip arp inspection validate dst-mac ip src-mac
int range g0/1-2
ip arp inspection trust
SW2(config)#
ip arp inspection vlan 1
ip arp inspection validate dst-mac ip src-mac
int g0/1
ip arp inspection trust