Ccna Lab Guide

P a g e | 1

CONTENTS

1. Basic Networks Lab. (Net-Meeting)

2. Basic Router Configurations

3. Configuration of Static Routing protocol

4. Configuration of Dynamic Routing Protocol

a. Configuration of Routing Information Protocol (RIP)

b. Configuration of Enhanced Interior Gateway Routing Protocol (EIGRP)

c. Configuration of Open Shortest Path First Protocol (OSPF)

5. Remote Accessing of Computers - Telnet

6. Configuration of Access Control List (ACL)

a. Configuration of Standard Access Control List

b. Configuration of Extended Access Control List

7. Configuration of Network Address Translation (NAT)

a. Configuration of Static Network Address Translation (S-NAT)

b. Configuration of Dynamic Network Address Translation (D-NAT)

c. Configuration of Port Address Translation (PAT)

8. Configuration of Dynamic Host Configuration Protocol (DHCP)

9. Configuration of Virtual Local Area Network (VLAN)

10. Configuration Inter-VLAN

11. Configuration of Virtual Trunking Protocol (VTP)

P a g e | 2

12. Configuration of Switch-port security.

13. Port numbers

14. Sub-N0etting Questions

15. CCNA Interview Questions.

P a g e | 3

BASIC NETWORKS LAB

NET MEETING

NETMEETING:

Net meeting is a built application in the windows OS, which is used for online presentation and

also for sharing files between two hosts (computers) with the help of internet. In other words,

NetMeeting enables real-time audio, video, and data communication over the Internet. Windows

installs NetMeeting in the \net meeting folder. NetMeeting works best with a fast Internet

connection, such as a 56 kilobytes per second (Kbps) or faster modem, or a local area network

(LAN). For best viewing results, use 800 by 600 resolution or higher. You can also use compact

mode. NetMeeting includes support for the H.323 audio and video conferencing standard and the

T.120 data conferencing standard. NetMeeting can be used to place calls to and receive calls

from products that are H.323 and T.120 compatible. With appropriate equipment and services

from third parties, NetMeeting can place a call to a telephone using an H.323 gateway.

NetMeeting also can place calls to H.323 multipoint control units (MCUs) and participate in

multipoint audio/video conferences.

NETMEETING APPLICATIONS

Placing a Call

You can place NetMeeting calls to multiple users. Microsoft maintains the Microsoft Internet

Directory, which you can use to find other NetMeeting users. To view the Microsoft Internet

Directory, click the Find Someone in a Directory button, and then in select a directory, click

Microsoft Internet Directory.

You cannot call people on the Internet that you have located on Web-based directory servers if

your Internet connection uses a proxy server that does not support NetMeeting.

Additionally, if you cannot connect to someone by using their computer name, try using their IP

address. If you have two active network connections using two separate network cards, you

might not be able to connect to a directory service.

P a g e | 4 Receiving a Call

You are ready to receive incoming calls if you are running NetMeeting and have not selected Do

Not Disturb on the Call menu. You are limited in the number of simultaneous connections you

can make, depending on your in TCP/IP registry configuration.

Program Sharing

Any person in a meeting can share a program with the other participants. When you use the

program sharing feature, other people can see the program. When you allow control, other

people can both see and use the program.

When you share a program and decide to allow someone to control it, remote users can use the

File Open and File Save dialog boxes in your program to gain access to or delete files on your

computer or network. You cannot drag an object onto a shared program or drag an object from a

shared program to the desktop.

Whiteboard

NetMeeting users can draw simultaneously on the Whiteboard. Everyone in the meeting can see

what is drawn on the Whiteboard. When one person in a meeting runs Whiteboard, it appears on

everyone's screen.

The Whiteboard does not maximize to the full size if you are using an 1152 by 864 or larger

display.

Chat

Chat enables you to type messages for other users to see. When one person in a meeting runs

Chat, a chat window appears on everyone's screen if they are using NetMeeting 3.0 or later.

NetMeeting 2.11 Chat participants may not be able to close the Chat window if they are

participating in a meeting with a NetMeeting 3.0 or later chat participant. Chat files can be saved

with the .htm file extension, and then opened in an Internet browser.

P a g e | 5 Audio

To use NetMeeting audio features, you need a sound card, speakers, and a microphone. Audio is

only supported with one other person. Sound quality can vary significantly depending on your

sound card, microphone, and connection.

If you modify your sound card device driver in any way, such as upgrading to a full-duplex

driver, you need to run the Audio Tuning Wizard again in order for NetMeeting to work

correctly.

Video

To send video with NetMeeting, you need either a video-capture card and camera, or a video

camera that connects through your computer's parallel (printer) port or USB port.

Cameras that have a video-capture card use less of your computer's processing resources than

cameras that connect through your computer's parallel port.

Video is only supported with one other person at a time.

The default setting for video over a 28.8 Kbps modem connection is Better quality. To change

this setting, click the Tools menu, click Options, click the Video tab, and then adjust the Video

quality option.

Remote Desktop Sharing

Using Remote Desktop Sharing, NetMeeting 3.0 or later can call an unattended computer (host)

running the Remote Desktop Sharing service, and then access that computer’s shared desktop.

Once you are connected, you can work in the host’s shared desktop and in any program that the

host computer has access to.

Administrators can give users the ability to access a computer via Remote Desktop Sharing

without giving them accounts with administrator privilege.

P a g e | 6 Step 1: start → Run → conf →click on ‘OK’

By default when the Microsoft Windows Operating System is installed in a place. The net

meeting application won’t be enabled and also you can’t see it anywhere in the start menu. But

you can activate/install the net meeting by following some simple steps.

The snapshot shows the first step of installation of Net-meeting. Click on Start in your desktop

task bar. Click on Run, the keyboard shortcut to get the run window is press start button and the

Letter ‘R’ in your keyboard. After getting the Run window. Enter the word as ‘conf’ and press

enter.

P a g e | 7 Step 2: Click on ‘Next’

Once after pressing Enter, you will get the net meeting like the one shown in the above snapshot.

You have to click on “Next” tab to move to further installation of net meeting.

P a g e | 8 Step 3: Enter the Firstname→Last name → e-mail address → Location and Click on ‘next’

Here comes the second window, were you have to spend some time to type some information,

before going to the further installation steps.

In the first name and Last name Tab, if it is a personal computer you can give your name or any

name of your interest, if it is a company or organization, it will be a good practice to give the

company or organization name in the place of First name and last name tab. In the third tab, you

have to enter the valid e-mail id address and it is opt ional to enter the information on location,

where you can give place where you are citied and comments of your interest.

Once after filling all the information, click on Next to continue with the next step of installation.

P a g e | 9

Step 4: Don’t check on any check box. Click on ‘Next’

The snapshot of the next window is shown above, don’t check in any box, click on next to

proceed with the further installation.

P a g e | 10 Step 5: Click on the speed of your connection and click on ‘Next’

Spend few seconds to fill the some important information, in this step, in this step you have to

select the speed of your connection. Once after checking the relevant checkbox with respect to

your connection speed. You can click on the next tab and proceed with the further step of

installation.

P a g e | 11

Step 6: Check on both the check box and click on ‘Next’

P a g e | 12

Step 7:’click on Next’

P a g e | 13

Now the Net meeting has been installed successfully.

P a g e | 14 Step 8: Enter the IP address of the host to who you want to share the share the program, chat and

transfer the files. In addition to this you can also use a feature called whiteboard, were you can

conduct the seminar /presentation to many clients.

P a g e | 15

BASIC ROUTER CONFIGURATIONS

This session will start with introducing the IOS (Inter-Network Operating system). The IOS runs

in the Cisco router and Cisco switches and it allows configuring the devices. We use the

Command Line Interface (CLI) to configure the router. You can access the Cisco IOS through

the console port of a router, from a modem into the auxiliary (or aux) port, or even through

Telnet.

This Cisco IOS software is responsible for,

a. Carrying network protocols and functions.

b. Connecting high-speed traffic between devices.

c. Adding security to control access and stop unauthorized network use.

d. Providing scalability for ease of network growth and redundancy.

e. Supplying network reliability for connecting to network resources.

Figure 2.1: A Cisco Router

ROUTER CONFIGURATION MODES

The router has 4 configuration modes:

a. User mode

b. Privileged mode

c. Global configuration mode

d. Interface configuration mode.

P a g e | 16

a. USER MODE: • User mode is otherwise called as Authentication mode.

• We can execute basic monitoring commands.

• In short, we can view the configurations with restrictions.

Example:

Router > this syntax denotes that the router is in user configuration mode.

b. PREVILAGED MODE : • Here we can get access to all other router commands.

• We can view the configurations without any restrictions.

Example:

Router# this syntax denotes that the router is in Privileged mode.

c. GLOBAL CONFIGURATION MODE: • What ever command is executed in this mode will affect the entire system.

• In this mode you can modify the name of the router; you can implement the

authentication process and so on.

Example:

Router (config) # this syntax denotes that the router is in Global Configuration

mode.

d. INTERFACE / SPECIFIC CONFIGURATION MODE: • The commands executed in this mode will affect only the particular interfaces,

Routing process or Lines only.

• In this mode you can assign the address to the particular interface, shutdown the

particular interface and so on.

Example:

Router (config-if) # this syntax denotes that the router is in particular

P a g e | 17

MOVING BETWEEN MODES

MODES SYNTAX

change from User mode to privileged

mode Router> enable

Change from privileged mode to user

mode Router> disable

Change to Global Configuration mode

from Privileged mode Router# configure terminal

Exit from any configuration mode to

privileged mode Router (config) # exit

Enter into Interface configuration mode

from Global configuration mode

Router(config)#interface <interface name>

<interface number>

Enter router configuration mode from

Global configuration Router (config) # router rip

HELP COMMANDS

COMMAND MEANING

Router# ? show all available commands

Router #c? Shows all commands starting with the letter c

Router #clock ? Shows all available commands for Clock

command

P a g e | 18

Example for Basic router configurations:

ROUTER1 BASIC INTERFACE CONFIGURATION

Router>enable

Router#configure terminal

Router(config)#hostname Router0

Router0(config)#interface fastethernet 0/0

Router0(config-if)#ip address 10.0.0.1 255.255.255.0

Router0(config-if)#no shutdown

Router0(config-if)#exit

Router0(config)#interface serial 0/1/0



Router0(config-if)#clock rate 64000


P a g e | 19 ROUTER2 BASIC INTERFACE CONFIGURATION

Router>enable


Router(config)#hostname Router1

Router1(config)#interface fastethernet 0/0




Router1(config)#interface serial 0/1/0



Router1(config-if)#clock rate 64000

Router1#(config-if)#exit

To view the interface details

For example to know the router0 interface details

Router0#show ip interface brief

Output:

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 10.0.0.1 YES manual up up

Serial0/1/0 20.0.0.1 YES manual up up

P a g e | 20

CONFIGURATION OF STATIC ROUTING PROTOCOL

ROUTING BASICS

In an internetwork the router is used to route the traffic to all the networks connected to it. In

order to accomplish this task, at minimum a router must know the following:

• The destination address.

• The neighbor routers from which it ca. learn about remote networks

• Possible routes to all remote networks.

• The best route to each remote network.

• How to maintain and verify routing information.

The router builds the routing table, which describes how to find the remote networks. If a

network is directly connected to the router then the router knows to connect to it, on the other

hand, if the network is not directly connected to the router, the router can know the remote

networks in 2 ways.

• Static routing.

• Dynamic routing.

In this session we will have a discussion about the Static routing and the later session we will be

discussing the dynamic routing.

STATIC ROUTING:

Static routing is the simple way to add the routing information to the routing table. Static routing

is done by adding the routes in each router’s table.

Syntax

The syntax used to configure the static route information for a router to possible use in its routing

table is,

Route#(config)# ip route [Destination network address] [Subnet mask] [Next hop address or

forwarding address]

P a g e | 21 DEFAULT ROUTING:

Default routing is used to send packets with a remote destination network not in the routing table

to the next-hop router. Default routing is used only on stub networks—those with only one exit

path out of the network. A default route as a static route that uses wildcards instead of network

and mask information.

Syntax: Router(config)#ip route [any network (0.0.0.0)] [any subnet mask (0.0.0.0)] [forwarding address

or interface name]

Example: Router(config)#ip route 0.0.0.0 0.0.0.0 10.1.11.1

EXAMPLE--1

Router 0

Router(config)#ip route 20.0.0.0 255.0.0.0 30.0.0.2

Router 1

Router(config)#ip route 10.0.0.0 255.0.0.0 30.0.0.1

P a g e | 22

Assignment:

For the network diagram given below, update the routing table of each router by

implementing the static routing protocol using the Cisco packet tracer simulation

software?

P a g e | 23

CONFIGURATION OF DYNAMIC ROUTING PROTOCOL

A. ROUTING INFORMATION PROTOCOL (RIP):

RIP version 1

Routing Information Protocol (RIP) is a distance-vector routing protocol. RIP sends the complete

routing table to all active interfaces every 30 seconds. RIP uses the hop count only to determine

the best route to a remote network, but it has a maximum allowable hop count of 15 by default,

meaning that 16 is deemed unreachable.

RIP works well in small networks, but it’s inefficient on large networks with slow WAN links or

on networks with a large number of routers installed.

RIP version 2

RIP version 2 is mostly the same as RIP version. Both RIPv1 and RIPv2 are distance-vector

protocols, which mean each router running RIP sends its complete routing Tables out all active

interfaces at periodic time intervals. Both RIPv1 and RIPv2 are configured as classful addressing

(but RIPv2 is considered classless because subnet information is sent with each route update),

and both have the same administrative distance (120).

RIP V1 RIP V2

Distance vector Distance vector

Maximum hop count 15 Maximum hop count 15

Classful Classless

Broadcast based Uses multicast 224.0.0.9

Not supports VLSM Supports VLSM networks

No authentication Allows MD5 authentication

P a g e | 24

Syntax: Router (config)#router rip

Router(config-router)#Version <1-2>

Router(config-router)#network <connected network id>

Once after configuring thr RIP in an router, we can check the routing table whether the routes

information is updated. This can be done by the command.

Router#show ip route

To view the RIP updates being sent and received on a router, the following command is used,

Router#debug ip rip

EXAMPLE

ROUTER 0 Router(config)#router rip

Router(config-router)#version 2

Router(config-router)#network 10.0.0.0



P a g e | 25























P a g e | 26





OUTPUT:

In ROUTER5,

Router# show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

R 10.0.0.0/8 [120/3] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/3] via 101.0.0.2, 00:00:17, Serial0/1/1

R 20.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1

R 30.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1

R 40.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1

R 50.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1

R 60.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0

R 70.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0

R 80.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/2] via 101.0.0.2, 00:00:17, Serial0/1/1

90.0.0.0/30 is subnetted, 1 subnets

P a g e | 27

C 90.0.0.0 is directly connected, Serial0/1/0

R 100.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/1] via 101.0.0.2, 00:00:17, Serial0/1/1



In ROUTER 1,

Router#debug ip rip

RIP protocol debugging is on

router0#RIP: received v2 update from 30.0.0.2 on Serial0/1/0

20.0.0.0/8 via 0.0.0.0 in 1 hops

40.0.0.0/8 via 0.0.0.0 in 2 hops

50.0.0.0/8 via 0.0.0.0 in 1 hops

70.0.0.0/8 via 0.0.0.0 in 2 hops

80.0.0.0/8 via 0.0.0.0 in 1 hops

90.0.0.0/8 via 0.0.0.0 in 3 hops

100.0.0.0/8 via 0.0.0.0 in 2 hops

101.0.0.0/8 via 0.0.0.0 in 2 hops

RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (10.0.0.1)

RIP: build update entries

20.0.0.0/8 via 0.0.0.0, metric 2, tag 0

30.0.0.0/8 via 0.0.0.0, metric 1, tag 0

40.0.0.0/8 via 0.0.0.0, metric 3, tag 0

50.0.0.0/8 via 0.0.0.0, metric 2, tag 0

60.0.0.0/8 via 0.0.0.0, metric 1, tag 0

70.0.0.0/8 via 0.0.0.0, metric 2, tag 0

80.0.0.0/8 via 0.0.0.0, metric 2, tag 0

90.0.0.0/8 via 0.0.0.0, metric 3, tag 0

100.0.0.0/8 via 0.0.0.0, metric 3, tag 0

101.0.0.0/8 via 0.0.0.0, metric 3, tag 0

P a g e | 28

RIP: sending v2 update to 224.0.0.9 via Serial0/1/0 (30.0.0.1)


10.0.0.0/8 via 0.0.0.0, metric 1, tag 0

60.0.0.0/8 via 0.0.0.0, metric 1, tag 0

70.0.0.0/8 via 0.0.0.0, metric 2, tag 0

90.0.0.0/8 via 0.0.0.0, metric 3, tag 0

RIP: sending v2 update to 224.0.0.9 via Serial0/0/0 (60.0.0.1)


10.0.0.0/8 via 0.0.0.0, metric 1, tag 0

20.0.0.0/8 via 0.0.0.0, metric 2, tag 0

30.0.0.0/8 via 0.0.0.0, metric 1, tag 0

40.0.0.0/8 via 0.0.0.0, metric 3, tag 0

50.0.0.0/8 via 0.0.0.0, metric 2, tag 0

101.0.0.0/8 via 0.0.0.0, metric 3, tag 0

• Click on a PC in any source network. (for eg. 10.0.0.2)

• Click on command prompt.

• Type ping <destination ip address>. (for eg. Ping 20.0.0.2)

PC>ping 20.0.0.2

Pinging 20.0.0.2 with 32 bytes of data:

Reply from 20.0.0.2: bytes=32 time=125ms TTL=126




Ping statistics for 20.0.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 125ms, Maximum = 141ms, Average = 129ms

P a g e | 29

Assignment :

For the below given network diagram update the routing table of each router in the network

by implanting the RIPV2 protocol using the cisco packet software simulation software?

P a g e | 30

B. ENHANCED INTERIOR GATEWAY PROTOCOL (EIGRP)

Enhanced Interior Gateway Routing Protocol (EIGRP) is a proprietary Cisco protocol that runs

on Cisco routers. It is important to understand EIGRP because it is probably one of the two most

popular routing protocols in use today. In this chapter, many features of EIGRP and it works,

with particular focus on the unique way it discovers, selects, and advertises routes will be

discussed.

The main features of EIGRP are listed here:

• Support for IP and IPv6 (and some other useless routed protocols) via

protocol-dependent modules

• Considered classless (same as RIPv2 and OSPF)

• Support for VLSM/CIDR

• Support for summaries and discontiguous networks

• Efficient neighbor discovery

• Communication via Reliable Transport Protocol (RTP)

• Best path selection via Diffusing Update Algorithm (DUAL)

By default, EIGRP can provide equal-cost load balancing of up to four links (actually, all routing

protocols do this). However, EIGRP actually load balance across up to six links (equal or

unequal)

CONFIGURATION:

EIGRP commands can be configured in two modes:

• Router configuration mode.

• Interface configuration mode.

Router configuration mode enables the protocol, determines which networks will run EIGRP,

and sets global characteristics.

P a g e | 31 Interface configuration mode allows the customization of summaries, metrics, timers, and

bandwidth.

To start an EIGRP session on a router, use the router eigrp command followed by the

Autonomous system number of your network. Then enter the network numbers connected

To the router using the network command followed by the network number.

Syntax: Router(config)#router eigrp < 1-65535>

Router(config-router)#network <network address of the connected network>

Router(config-router)#no auto-summary

By using the no auto-summary command, EIGRP will advertise all the subnets between

the two routers.

Router(config)#router eigrp <1-65535>

Router(config-router)#passive-interface <interface name> <interface number>

Doing this will prohibit the interface from sending or receiving hello packets and, as a

result, stop it from forming adjacencies. This means it won’t send or receive route

information on this interface.

P a g e | 32

Example:

ROUTER 0 Router(config)#router eigrp 1











P a g e | 33





















P a g e | 34

OUTPUT:

In ROUTER5,










D 10.0.0.0/8 [120/3] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/3] via 101.0.0.2, 00:00:17, Serial0/1/1

D 20.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1

D 30.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1

D 40.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1

D 50.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1

D 60.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0

D 70.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0

D 80.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/2] via 101.0.0.2, 00:00:17, Serial0/1/1



D 100.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/1] via 101.0.0.2, 00:00:17, Serial0/1/1



P a g e | 35




PC>ping 20.0.0.2










P a g e | 36 ASSIGNMENT:

For the below given network diagram, update all the routers in the network by implementing the

Enhanced Interior Gateway Routing Protocol (EIGRP), using the Cisco Packet tracer simulation

software?

Requirements:

1. The network 10.0.0.0 should not communicate to 40.0.0.0 and vice versa.

2. The network 10.0.0.0 can communicate to 20.0.0.0 and vice versa.

3. the network 40.0.0.0 can communicate to 20.0.0.0 and vice versa

Hint: the above simulation can be done, by implementing 2 EIGRP protocol’s in Router1 with

different autonomous value and one EIGRP in router0 and router 3.

P a g e | 37

C. OPEN SHORTEST PATH FAST (OSPF)

Open Shortest Path First (OSPF) is an open standards routing protocol that has been

implemented by a wide variety of network vendors, including Cisco. This works by using the

Dijikstra algorithm. First a shortest path tree is constructed, and then the routing table is

populated with the resulting best paths. OSPF converges quickly, although perhaps not as

quickly as EIGRP, and it supports multiple, equal-cost routes to the same destination. Like

EIGRP, it does support both IP and IPv6 routed protocols.

OSPF provides the following features:

• Consists of areas and autonomous systems

• Minimizes routing update traffic

• Allows scalability

• Supports VLSM/CIDR

• Has unlimited hop count

• Allows multivendor deployment (open standard)

OSPF is supposed to be designed in a hierarchical fashion, which basically means you can

separate the larger internetwork into smaller internetworks called areas. This is the best design

for OSPF.

CONFIGURATION: Configuring basic OSPF isn’t as simple as RIP, IGRP, and EIGRP, and it can get really complex

once you factor in the many options that are allowed within OSPF.

These two elements are the basic elements of OSPF configuration:

• Enabling OSPF.

• Configuring OSPF areas

P a g e | 38

ENABLING OSPF: The easiest and also least scalable way to configure OSPF is to use just a single area.

Doing this requires a minimum of two commands. The command used to activate the OSPF

routing process is as follows:

Router(config)#router ospf <1-65535>

A value in the range 1–65,535 identifies the OSPF process ID. It’s a unique number on this

router that groups a series of OSPF configuration commands under a specific running process.

Different OSPF routers don’t have to use the same process ID in order to communicate. It’s

purely a local value that essentially has little meaning, but it cannot start at 0. It has to start at a

minimum of 1.

CONFIGURING THE OSPF: After identifying the OSPF process, identify the interfaces to activate OSPF communications on,

as well as the area in which each resides. This will also configure the networks you’re going to

advertise to others. OSPF uses wildcards in the configuration.

Router(config)#router ospf 1

Router(config-router)#network <network id> <wild card mask> area <0-4294967295>

To view OSPF information for one or all OSPF processes running on the router,

Router#show ip ospf

To view the topological database used in ospf,

Router#show ip ospf database

To view all interfaces related to OSPF information,

Router#show ip ospf interface

To view the OSPF information regarding neighbors and adjacency states,

Router#show ip ospf neighbor

P a g e | 39

EXAMPLE:

ROUTER 0 Router(config)#router ospf 1

Router(config-router)#network 10.0.0.0 0.255.255.255 area 0










P a g e | 40





















P a g e | 41

OUTPUT:

In ROUTER5,










O 10.0.0.0/8 [120/3] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/3] via 101.0.0.2, 00:00:17, Serial0/1/1

O 20.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1

O 30.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1

O 40.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1

O 50.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1

O 60.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0

O 70.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0

O 80.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/2] via 101.0.0.2, 00:00:17, Serial0/1/1



O 100.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/1] via 101.0.0.2, 00:00:17, Serial0/1/1



P a g e | 42




PC>ping 20.0.0.2










P a g e | 43 ASSIGNMENT

For the given network diagram below, update the routing table of routers in the network, by

implementing the Open shortest Path first (OSPF) routing protocol, using the cisco packet tracer

simulation software and follow the requirements as given below,

Requirements:

1. Router 0, Router 1 and Router 2 should be in area 0

2. Router 3 and Router 4 should be in area 1.

P a g e | 44

REMOTE ACCESS OF COMPUTERS – TELNET

Telnet is a protocol used on the Local Area Networks for the purpose of bidirectional

communications using the virtual terminal connection. The telnet is often thought as a simple

facility for remote logins to a computer in the remote location via Internet. It offers the users, the

capability of running programs remotely and facilitates remote administration. telnet is a third

level protocol the function of which is to make a terminal (or process) at a using site appear to

the system or a process at a serving site as logically equivalent to a terminal "directly"

connected to the serving site.

In order to set up the router to allow Telnet access, issue the line vty command. This command

allows for the configuration of Virtual Terminal (VTY) lines for remote console access. You can

configure the router to accept one or more Telnet sessions. It is strongly suggested that you

configure password checking with the login and password line configuration commands. Telnet

may provide you with access to the the CLI (Command Line Interface) of your modem or router.

Telnet, part of the TCP/IP protocol suite, is a virtual terminal protocol that allows you to make

connections to remote devices, gather information, and run programs. After your routers and

switches are configured, you can use the Telnet program to reconfigure and/or check up on your

routers and switches without using a console cable. You run the Telnet program by typing telnet

from any command prompt (DOS or Cisco).

SYNTAX:

Router(config)#line vty <0-15 first line number> <1-15 last line number>

Router(config-line)#login

Router(config-line)#password <word>

P a g e | 45

EXAMPLE:

In this example, we will configure a network with 2 routers and we will implement telnet

protocol on both the routers to enable the remote accessing.

Cisco1:

Router>

Router>enable


Router(config)#hostname cisco1

cisco1(config)#enable password cisco

cisco1(config)#interface fastethernet0/0

cisco1(config-if)#ip addresss 10.0.0.1 255.0.0.0

cisco1(config-if)#no shutdown

cisco1(config-if)#interface serial0/1/0

cisco1(config-if)#ip address 30.0.0.1 255.255.255.252

cisco1(config-if)#clock rate 64000

cisco1(config-if)#no shutdown

cisco1(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.2

cisco1(config)#line vty 0 4

cisco1(config-line)#login

P a g e | 46 % Login disabled on line 66, until 'password' is set

% Login disabled on line 67, until 'password' is set




cisco1(config-line)#password cisco

Cisco1:

Router>

Router>enable


Router(config)#hostname cisco2

Cisco2(config)#enable password cisco

Cisco2(config)#interface fastethernet0/0

Cisco2(config-if)#ip address 20.0.0.1 255.0.0.0

Cisco2(config-if)#no shutdown

Cisco2(config-if)#interface serial0/1/0

Cisco2(config-if)#ip address 30.0.0.2 255.255.255.252

Cisco2(config-if)#clock rate 64000

Cisco2(config-if)#no shutdown

Cisco2(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.1

cisco1(config)#line vty 0 4

cisco1(config-line)#login






cisco1(config-line)#password cisco

P a g e | 47

OUTPUT:

PC>telnet 10.0.0.1

Trying 10.0.0.1 ...

User Access Verification

Password: cisco

cisco1>enable

Password: cisco

cisco1#show ip interface brief



FastEthernet0/1 unassigned YES manual administratively down down


Vlan1 unassigned YES manual administratively down down

cisco1#show ip route







P a g e | 48 P - periodic downloaded static route

Gateway of last resort is 30.0.0.2 to network 0.0.0.0

C 10.0.0.0/8 is directly connected, FastEthernet0/0



S* 0.0.0.0/0 [1/0] via 30.0.0.2

cisco1#enable

cisco1#telnet 30.0.0.2

Trying 30.0.0.2 ...

User Access Verification

Password: cisco

cisco2>enable

Password: cisco

cisco2#show ip interface brief



FastEthernet0/1 unassigned YES manual administratively down down


P a g e | 49 Vlan1 unassigned YES manual administratively down down

cisco2#show ip route








Gateway of last resort is 30.0.0.1 to network 0.0.0.0

C 20.0.0.0/8 is directly connected, FastEthernet0/0



S* 0.0.0.0/0 [1/0] via 30.0.0.1

cisco2#exit

[Connection to 30.0.0.2 closed by foreign host]

cisco1#exit

[Connection to 10.0.0.1 closed by foreign host]

PC>

P a g e | 50

CONFIGURATION OF ACCESS CONTROL LIST (ACL)

Creating access lists is like programming a series of if-then statements—if a given condition is

met, then a given action is taken. If the specific condition isn’t met, nothing happens, and the

next statement is evaluated. Applying an access list causes the router to analyze every packet

crossing that interface in the specified direction and take the appropriate action. There are two

types of access list,

a. Standard access list

b. Dynamic access list

A. CONFIGURATION OF STANDARD ACCESS CONTROL LIST

These use only the source IP address in an IP packet as the condition test. All decisions are made

based on the source IP address. This means standard access lists basically permit or deny an

entire suite of protocols. They don’t distinguish between any of the many types of IP traffic such

as WWW, Telnet, UDP, and so on.

Standard IP access lists filter network traffic by examining the source IP address in a packet.

Standard IP access list are created by using the access-list numbers 1–99 or 1300–1999

(expanded range) or any word. Access-list types are generally differentiated using a number.

Based on the number used when the access list is created, the router knows which type of syntax

to expect as the list is entered. By using numbers 1–99 or 1300–1999, he router creates a

standard IP access list, so the router will expect syntax specifying only the source IP address in

the test lines.

CONFIGURATION:

1. Access-List: Configures a single access-list statement into a router’s memory for use

in a complete access list that will be applied to an interface.

2. IP Access-group: Places an access list on a device’s physical interface

3. <ID- number>: Identifies an access list by number as a standard or extended list.

Also allows the creation and separation of multiple access lists.

P a g e | 51

4. Permit or Deny: Specifies the effect of the access-list statement as allowing or

blocking the traffic specified.

5. Hostname or IP address: Specifies the hostname or device’s IP address that will be

acted upon in the access-list statement.

6. Host: Specifies a single specific host for the statement

7. Any: Specifies that regardless of the host or device IP, it will match the statement.

SYNTAX:

Router(config)#ip access-list standard <1-99/word>

Router(config-std-nacl)#permit <address yto match / any source host /a single host

address >

Router(config-std-nacl)#deny <address yto match / any source host /a single host

address >

Router(config-std-nacl)#exit

Router(config)#interface fastEthernet <interface number>

Router(config-if)#ip access-group <1-99 / word> < in>

Router(config-if)#exit

Router(config)#interface serial <interface number>

Router(config-if)#ip access-group <1-99 / word> < out>

P a g e | 52

EXAMPLE:

In our example, we are going to specify the rules as, a host with IP 10.0.0.2 should not

communicate with the remote network 20.0.0.0. whereas another host with IP 10.0.0.3 can

communicate with 20.0.0.2 and 20.0.0.3

In Router 0,

Router(config)#ip access-list standard 1

Router(config-std-nacl)#deny 10.0.0.2

Router(config-std-nacl)#deny any


Router(config)#interface fastEthernet 0/0

Router(config-if)#ip access-group 1 in


Router(config)#interface serial 0/1/0

P a g e | 53

Router(config-if)#ip access-group 1 out

Router(config)# ip route 0.0.0.0 0.0.0.0 30.0.0.2

In ROUTER 1,


OUTPUT:

To view the output, In PC with 10.0.0.2, click on the command prompt and do the

following,

PC>ping 20.0.0.2


Request timed out.

Request timed out.

Request timed out.

Request timed out.



PC>ping 20.0.0.3


Request timed out.

Request timed out.

Request timed out.

Request timed out.


P a g e | 54


In PC with IP 10.0.0.3, do the following,

PC>ping 20.0.0.2










PC>ping 20.0.0.3


Request timed out.








If the output are displayed in the screen, you have finished learning how to configure the

standard access-list. In the next section, we will discuss about the dynamic access list.


Using the Cisco packet tracer simulation software, for the below given network diagram

configure the routing rules by implementing the Standard Access Control List with reference to

the below given requirement

Requirements are,

1. deny the host 10.0.0.3 to communicate with the network 40.0.0.0.0

2. deny the host 20.0.0.2 to communicate with the network 10.0.0.0

.

P a g e | 56

B. CONFIGURATION OF EXTENDED ACCESS CONTROL LIST:

With a standard IP access list, we can’t allow users to get to one network service and not another.

Said another way, when decisions are to be based on both source and destination addresses, a

standard access list won’t allow to do that since it makes decisions based on Source address

only.

But an extended access list is not like that. That’s because extended access lists allow to specify

source and destination addresses as well as the protocol and port number that identify the upper-

layer protocol or application. By using extended access lists, one can effectively allow users

access to a physical LAN and stop them from accessing specific hosts—or even specific services

on those hosts.

SYNTAX: Router(config)#ip access-list extended <100-199/word>

Router(config-std-nacl)#deny <icmp / ip / tcp / udp> <source address / any source host /

a single source host> <wild card bits> <destination address / any destination host / a

single destination host> <wild card bits>

Router(config-std-nacl)#permit <icmp / ip / tcp / udp> <source address / any source host

/ a single source host> <wild card bits> <destination address / any destination host / a

single destination host> <wild card bits>


Router(config)#interface fastEthernet <interface number>

Router(config-if)#ip access-group <1-99 / word> < out>



Router(config-if)#ip access-group <1-99 / word> < in>

P a g e | 57

EXAMPLE:

In this example, we are going to fix the rule has, the host with IP 10.0.0.2 should not

communicate with 20.0.0.2. whereas, the host 10.0.0.2 can communicate with the host 10.0.0.3

and 20.0.0.2.

In Router 1,

Router(config)#ip access-list extended 100

Router(config-std-nacl)# deny ip host 10.0.0.2 host 20.0.0.2

Router(config-std-nacl)#permit ip any any



Router(config-if)#ip access-group 1 out



P a g e | 58

Router(config-if)#ip access-group 1 in


In ROUTER 0,


OUTPUT: To view the output, In PC with 10.0.0.2, click on the command prompt and do the

following,

PC>ping 20.0.0.2


Request timed out.

Request timed out.

Request timed out.

Request timed out.



PC>ping 20.0.0.3






P a g e | 59 Ping statistics for 20.0.0.3:




If the output are displayed in the screen, you have finished learning how to configure the

extended access-list.

ASSIGNMENT:

Using the Cisco packet tracer simulation software, for the below given network diagram

configure the routing rules by implementing the Extended Access Control List with reference to

the below given requirement

Requirements are,

1. deny the host 10.0.0.3 to communicate with the network 20.0.0.2 and 40.0.0.4

2. deny the host 20.0.0.2 to communicate with the network 10.0.0.2 and 40.0.0.2

3. deny the host 10.0.0.4 access of TCP application from 20.0.0.2

.

P a g e | 60

CONFIGURATION OF NETWORK ADDRESS TRANSLATION (NAT)

The original intention for NAT was to slow the depletion of available IP address space by

allowing many private IP addresses to be represented by some smaller number of public IP

addresses.NAT is typically used in the border router. Here are some situations when it’s best to

have NAT on your side:

• You need to connect to the Internet, and your hosts don’t have globally unique IP

addresses.

• You change to a new ISP that requires you to renumber your network.

• You need to merge two intranets with duplicate addresses.

Advantages:

a. Conserves legally registered addresses.

b. Reduces address overlap occurrence

c. Increases flexibility when connecting to Internet.

d. Eliminates address renumbering as network changes.

Disadvantages:

a. Translation introduces switching path delays.

b. Loss of end-to-end IP traceability.

c. Certain applications will not function with NAT enabled.

There are 3 different types of network address translation,

a. Static Network Address Translation (S-NAT).

b. Dynamic Network Address Translation (D-NAT).

c. Port Address Translation (PAT).

P a g e | 61

A. CONFIGURATION OF STATIC NETWORK ADDRESS

TRANSLATION (S-NAT)

This type of NAT is designed to allow one-to-one mapping between local and global addresses.

The static version requires one real Internet IP address for every host on your network.

CONFIGURATION:

1. Inside Local: Name of inside source address before translation.

2. Outside Local: Name of destination host before translation.

3. Inside global: Name of inside host after translation.

4. Outside global: Name of outside destination host after translation.

5. ip nat inside source static inside_local inside_global: Statically maps a host with a

private IP address to a global Internet address.

6. ip nat inside: Sets the interface as an inside interface.

7. ip nat outside: Sets the interface as an outside interface.

SYNTAX:

Router(config)# ip nat <inside/pool> source static <inside Local IP address/TCP/UDP>

<inside Global Address>

Router(config)# interface fastethernet 0/0

Router(config)#ip nat inside

Router(config)# interface serial 0/1/0

Router(config)#ip nat outside

P a g e | 62

Example:

Router(config)#ip nat inside source static 10.0.0.2 192.168.0.2






Router(config-if)#ip nat inside

Router(config-if)#interface serial0/1/0

Router(config-if)#ip nat outside

OUTPUT:

To view the output, click on any PC in 20.0.0.0, say for example and ping the system 10.0.0.2

and 10.0.0.3, check whether the following output is displayed.

PC>ping 10.0.0.2





P a g e | 63 Reply from 192.168.0.2: bytes=32 time=141ms TTL=126





PC>ping 10.0.0.3











For the below given network diagram, the client’s needs to mask the hosts ip address by

implementing the static address translation, do the simulation using the cisco packet tracer

simulation software based on the below given requirement.

1. Host with the ip address 10.0.0.2 should be translated as 192.168.0.2






P a g e | 65

B. CONFIGURATION OF DYNAMIC NETWORK ADDRESS

TRANSLATION (D-NAT)

This version gives the ability to map an unregistered IP address to a registered IP address from

out of a pool of registered IP addresses. In dynamic NAT there is no need to statically configure

your router to map an inside to an outside address as using static NAT, but you need to have

enough real, bona fide IP addresses for everyone who is going to be sending packets to and

receiving them from the Internet.

CONFIGURATION: 1. ip nat pool pool_name starting_ address ending_address mask: Creates a pool of inside

global addresses for the inside local hosts to use

2. ip nat inside source list list_number pool pool_name: Sets the inside local hosts that

match the access-list number to use the pool of addresses configured by the ip nat pool

command.

3. access-list list_number permit network inverse_mask: Creates an access list that permits

the inside local hosts to use the global pool of addresses.

SYNTAX: Router(config)# ip nat inside source list <1-199 / word> pool <word>

Router(config)# ip nat pool <word> <starting address> <ending address> netmask

<network mask>

Router(config)#ip access-list <standard/extended> <1-99/100-199/word>

Router(config-std-nacl)#permit any


Router(config)# interface fastethernet <interface number>





P a g e | 66

EXAMPLE:

In Router 0,

Router(config)#ip nat inside source list 1 pool cisco

Router(config)#ip nat pool cisco 192.168.0.1 192.168.0.20 netmask 255.255.255.0








P a g e | 67

OUTPUT:



PC>ping 10.0.0.2


Request timed out.








PC>PING 10.0.0.3


Request timed out.









For the below given network diagram, the client’s needs to mask the hosts ip address by

implementing the dynamic address translation, do the simulation using the cisco packet tracer

simulation software based on the below given requirement.

1. Host in the 10.0.0.0 network should be translated as 192.168.0.0 network



P a g e | 69

C. CONFIGURATION OF PORT ADDRESS TRANSLATION (PAT)

Port Address Translation (PAT) is the most popular type of NAT configuration. Overloading

really is a form of dynamic NAT that maps multiple unregistered IP addresses to a single

registered IP address—many-to-one—by using different ports. By using PAT (NAT Overload),

you get to have thousands of users connect to the Internet using only one real global IP address.

NAT Overload is the real reason we haven’t run out of valid IP address on the Internet.

PAT (Overloading) Configuration

1. ip nat pool pool_name starting_ address ending_address mask: Creates a pool of inside

global addresses for the inside local hosts to use.

2. ip nat inside source list list_number pool pool_name overload: Sets the inside local hosts

that match the access-list number to use the pool of addresses configured by the ip nat

pool command. The Overload command configures PAT.

3. Show ip nat translation: Shows the basic translation table. This is probably one of the

most important NAT command for verification.

4. debug ip nat Shows the sending address, the translation, and the destination address on

each debug line.

5. show ip nat statistics:Shows a summary of your configuration, your active translations,

and the inside and outside interfaces that are being used.

Syntax: Router(config)# ip nat inside source list <1-199 / word> pool <word> overload

Router(config)# ip nat pool <word> <starting address> <starting address> netmask

<network mask>

Router(config)#ip access-list <standard/extended> <1-99/100-199/word>



Router(config)# interface fastethernet <interface number>



P a g e | 70



Example:

In ROUTER 0,

Router(config)#ip nat inside source list 1 pool cisco overload

Router(config)#ip nat pool cisco 192.168.0.1 192.168.0.1 netmask 255.255.255.0








P a g e | 71

OUTPUT:



PC>ping 10.0.0.2










PC>ping 10.0.0.3


Request timed out.








P a g e | 72 To view the NAT translation, In Router0,

Router#show ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 192.168.0.1:21 10.0.0.3:21 20.0.0.2:21 20.0.0.2:21

icmp 192.168.0.1:22 10.0.0.3:22 20.0.0.2:22 20.0.0.2:22

icmp 192.168.0.1:23 10.0.0.3:23 20.0.0.2:23 20.0.0.2:23

icmp 192.168.0.1:24 10.0.0.3:24 20.0.0.2:24 20.0.0.2:24

To view the NAT packets sent and received

Router#debug ip nat

IP NAT debugging is on

Router#

NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [8]

NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [9]

NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [10]

NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [11]

NAT: expiring 192.168.0.1 (10.0.0.3) icmp 25 (25)




To view the NAT statistics,

Router#show ip nat statistics

Total translations: 0 (0 static, 0 dynamic, 0 extended)

Outside Interfaces: Serial0/1/0

Inside Interfaces: FastEthernet0/0

Hits: 0 Misses: 39

Expired translations: 15

Dynamic mappings:

-- Inside Source

access-list 1 pool cisco refCount 0

pool cisco: netmask 255.255.255.0

P a g e | 73 start 192.168.0.1 end 192.168.0.1

type generic, total addresses 1 , allocated 0 (0%), misses 0

ASSIGNMENT:

For the below given network diagram, the client requests for an address translation for the

network, the client is having only 3 public IP, so he wants the design to be implemented with

Port address translation, below given are the private IP provided by the ISP to client,

1. 192.168.0.8 for 10.0.0.0 network

2. 172.50.1.20 for 20.0.0.0 network

3. 223.20.0.15 for 40.0.0.0 network

Show the simulation result using cisco packet tracer.

P a g e | 74

CONFIGURATION OF DYNAMIC HOST CONFIGURATION

PROTOCOL (DHCP)

Dynamic Host Configuration Protocol (DHCP) serves as a basic foundation of network

infrastructure. In all but the smallest networks, DHCP provides hosts with an Internet Protocol

(IP) configuration needed to communicate with other computers on the network. This

configuration includes, at a minimum—an IP address and subnet mask. DHCP allows you to

automatically assign IP addresses, subnet masks, and other configuration information to client

computers on the local network. When a DHCP server is available, computers that are

configured to obtain an IP address automatically request and receive their IP configuration from

that DHCP server upon booting.

With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain

IP addresses and related configuration parameters each time they start and join your network.

DHCP servers provide this configuration in the form of an address lease offer to requesting

clients. One main advantage of using DHCP is that DHCP servers greatly reduce the time

required to configure and reconfigure computers on your network. DHCP simplifies

administration not only by supplying clients with IP addresses, but also (optionally) with the

addresses of the default gateway, DNS servers, WINS servers, and other servers useful to the

client. Another advantage of DHCP is that by assigning IP addresses automatically, it allows you

to avoid configuration errors resulting from entering IP address information manually at every

host.

CONFIGURATIONS

When defining the IP address range of a scope, you should use the consecutive addresses

that make up the subnet for which you are enabling the DHCP service. However, you should also

be sure to exclude from this defined range any addresses of statically configured computers

already existing on your network. To exclude predefined addresses, you can simply choose to

limit the scope range so that it does not include any statically assigned addresses. Alternatively,

you can configure a scope that makes up the entire subnet and then immediately define exclusion

ranges.

P a g e | 75

SYNTAX:

Router(config)#ip dhcp pool <word>

Router(dhcp-config)#default-router <ip address>

Router(dhcp-config)#dns-server <ip address>

Router(dhcp-config)#network <network address> <subnet mask>

Router(dhcp-config)#exit

Router(config)#ip dhcp excluded-address <Low ip address> <High ip address>

EXAMPLE:

In ROUTER0,

Router(config)#ip dhcp pool cisco

Router(dhcp-config)#default-router 10.0.0.1

Router(dhcp-config)#dns-server 10.0.0.2

Router(dhcp-config)#network 10.0.0.0 255.0.0.0

Router(dhcp-config)#exit

Router(config)#ip dhcp excluded-address 10.0.0.1 10.0.0.10

P a g e | 76

OUTPUT: To view the output, and, then

Click on the PC0

P a g e | 77 click on the ‘IP configuration’

Click on the DHCP.


For the below given network diagram, assign IP address for all the hosts dynamically by

implementing Dynamic Host Configuration Protocol (DHCP), using Cisco Packet Tracer. In the

simulation addition to DHCP also implement the RIPV2 protocol in the entire router to update

the routing table.

P a g e | 79

CONFIGURATION OF VIRTUAL LOCAL AREA NETWORK (VLAN)

As a logical grouping of users by function, VLANs can be considered independent from their

physical or geographic locations. VLANs increase the number of broadcast domains while

decreasing their size Network adds, moves, and changes are achieved with ease by just

configuring a port into the appropriate VLAN.

BASIC VLAN CONFIGURATION

SYNTAX:

Switch(config)#hostname <word>

Switch(config)#vlan <2-1001>

Switch(config-vlan)#name <word>

Switch(config-vlan)#exit

Switch A(configure)#interface fastethernet <interface number>

Switch A(config-if)#switchport mode access

Switch A(config-if)# switchport access vlan <id:2-1001>

Switch A(config-if)#exit

Switch a(config)#interface fast ethetnet <interface number>

Switch A(config-if)# switchport mode access

Switch A(config-if)# switchport access vlan <id:2-1001>


EXAMPLE:

P a g e | 80

VLAN CREATION

Switch>

Switch#configure terminal

Switch(config)#hostname SWITCHA

SWITCHA(config)#vlan 2

SWITCHA(config-vlan)#name acc

SWITCHA(config-vlan)#exit

SWITCHA(config)#vlan 3

SWITCHA(config-vlan)#name sales

P a g e | 81

HOW TO VEIW THE VLAN DETAILS IN SWITCH

SWITCH#SHOW VLAN BRIEF

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/22, Fa0/23, Fa0/24

3 VLAN0003 active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN ID ASSIGNING TO SWITCH PORT

SwitchA >enable

Switch A# configure terminal

Switch A(configure)#interface fastethernet 0/1

Switch A(config-if)#switchport mode access

Switch A(config-if)# switchport access vlan 2


Switch a(config)#interface fast ethetnet 0/2

Switch A(config-if)# switchport mode access

Switch A(config-if)# switchport access vlan 3.


P a g e | 82

HOW TO CHECK THE VLAN CREATION & VLAN ID ASSIGNING TO

SWITCH PORT

Switch #show vlan brief


---- -------------------------------- --------- -------------------------------


Fa0/7, Fa0/8, Fa0/9, Fa0/10

Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24

2 ACC active Fa0/1

3 sales active Fa0/2


1003 token-ring-de active



P a g e | 83 ASSIGNMENT

For the below given network diagram configure two VLAN’s viz., ECE and CSC, ECE departmet

should not communicate with the CSC department and vice versa. Show the simulation results

using Cisco packet tracer simulation software.

Hint: the ports connecting to the switch should be in TRUNK mode for VLAN Configuration.

P a g e | 84

CONFIGURATION INTER-VLAN

By default, only hosts that are members of the same VLAN can communicate. To change this

And allow inter-VLAN communication to be possible, you need a router or a layer-3 switch. To

support ISL or 802.1Q routing on a Fast Ethernet interface, the router’s interface is divided into

logical interfaces—one for each VLAN. These are called sub interfaces. Anyway, from a Fast

Ethernet or Gigabit interface, you can set the interface to trunk with the encapsulation command.

CONFIGURATION

SYNTAX:

Switch1(config)#vlan <2-1001>

Switch1(config-vlan)#name <WORD>

Switch1(config)#vlan <2-1001>

Switch1(config-vlan)#name <WORD>

Switch1(config)#interface fastethernet <interface number>

Switch1(config-if)#switchport access vlan <2-1001>

Router1(config)#interface fastEthernet <sub-interface number>

Router1(config-subif)#encapsulation dot1Q <2-1001>

Router1(config-subif)#ip address <sub-interface ip address> <subnet mask>

P a g e | 85

EXAMPLE:

Step 1:

Create VLAN 2 and VLAN 3 on switch1

Switch1#config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch1(config)#vlan 2

Switch1(config-vlan)#name IT

Switch1(config-vlan)#^Z

%SYS-5-CONFIG_I: Configured from console by console

Switch1#configure Terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch1(config)#vlan 3

Switch1(config-vlan)#name HR

Switch1(config-vlan)#^Z

Step 2:

Assign vlan to respective user connected port

Switch1(config)#interface fa0/10

Switch1(config-if)#switchport access vlan 2


Switch1(config-if)#switchport access vlan 3

Switch1(config-if)#^Z

Switch1#show vlan brief

P a g e | 86


---- -------------------------------- --------- -------------------------------


Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24, Gig1/1, Gig1/2

2 IT active Fa0/10

3 HR active Fa0/9





Step 3:

Configure the port as trunk in switch1,which is connected to the router1


Switch1(config-if)#switchport mode trunk

Step 4:

Configure subinterface configuration in router fastethernet port,which is connected to the

swich1

Router1#configure terminal

Router1(config)#interface fastEthernet 0/0

Router1(config-if)#no ip address


Router1(config)#interface fastEthernet 0/0.1

Router1(config-subif)#encapsulation dot1Q 2

Router1(config-subif)#ip address 192.168.0.1 255.255.255.128

Router1(config)#interface fastEthernet 0/0.2

Router1(config-subif)#encapsulation dot1Q 3

P a g e | 87

Router1(config-subif)#ip address 192.168.0.129 255.255.255.128

Step 5:

Verify the communication between vlan 2 and vlan 3,using ping command.

ASSIGNMENT

For the below given network diagram, implement the Inter-VLAN such that the hosts connected

to the each switch belongs to individual vlan, ensure that you have to configure three VLAN’s

and all the three should communicate to each other.

P a g e | 88

CONFIGURATION OF VIRTUAL TRUNKING PROTOCOL (VTP)

All Cisco switches are configured to be VTP servers by default. To configure VTP, first you

Have to configure the domain name you want to use. And of course, once you configure the

VTP information on a switch, you need to verify it. When you create the VTP domain, you have

a bunch of options, including setting the domain name, password, operating mode, and pruning

capabilities of the switch. Use the vtp global configuration mode command to set all this

information. The VTP modes are,

1. VTP Server Mode

2. VTP Client Mode

3. VTP Transparent Mode

CONFIGURATION:

1. vtp mode server: Configures a switch to be a VTP server. In Server mode, the VLAN

database is allowed to be modified. VLANs can be added, deleted, modified or changed.

Server is the default vtp mode for a Cisco switch. Changing the server option to client or

transparent would configure the switch to that mode.

2. vtp domain: Configures the VTP domain name for a group of switches in the layer-2

switch fabric.

3. vtp password: Configures a password to be used by the switches in a VTP domain. The

password serves two purposes. It allows updates to be authenticated, ensuring the update

came from the correct server. With that authentication, it then adds a step in preventing

an incorrect server from joining the domain and wiping out the VLAN database.

4. Show vtp: status displays all the configured options for VTP on the current switch. This is

one of the most useful commands when troubleshooting VTP, because it allows the

domain name, revision number, and other settings to easily be verified.

P a g e | 89

SYNTAX:

Switch>enable

Switch#configure terminal

Switch (config) #vtp mode <server/client/transparent>

Switch (config) #vtp domain <word>

EXAMPLE:

Configure vtp between three switches:

Switch (config) #vtp domain cisco

Step 1.

Switches has to connect by cross over cable.

Step 2.

The link between switches should be a trunk link.

Step 3.

Take one switch as vtp server and other two switches as vtp client

Step 4.

Configure vtp domain name as cisco in vtp server mode switch

Step 5.

Configure vlan database on vtp server mode switch

Step 6.

Verify the vlan database has replicated to all clients switches.

P a g e | 90

CODING:

VTP Server switch>enable

VTP Server switch#configure terminal

VTP Server switch(config)#interface fa0/6

VTP Server switch(config-if)#switchport mode trunk

VTP Client switch1>enable

VTP Client switch1#configure terminal

VTP Client switch1(config)#interface fa0/11

VTP Client switch1(config-if)#switchport mode trunk









VTP Server switch(config )#vtp mode server



VTP Client switch1(config )vtp mode client



VTP Client switch2(config )vtp mode client

P a g e | 91



VTP Server switch(config-if)#vtp domain cisco



VTP Server switch(config)#vlan 2

VTP Server switch(config-vlan)#name IT


VTP Server switch(config-vlan)#name HR


VTP Server switch(config-vlan)#name FINANCE

Verify VLAN database on all VTP Client mode switches

VTP Client switch1#show vlan brief



---- -------------------------------- --------- -------------------------------


Fa0/5, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/11, Fa0/12, Fa0/13

Fa0/14, Fa0/15, Fa0/16, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23, Fa0/24, Gig1/1

Gig1/2

2 IT active

3 HR active

P a g e | 92

4 FINANCE active







---- -------------------------------- --------- -------------------------------


Fa0/5, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/11, Fa0/12, Fa0/13

Fa0/14, Fa0/15, Fa0/16, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23, Fa0/24, Gig1/1

Gig1/2

2 IT active

3 HR active

4 FINANCE active





P a g e | 93

CONFIGURATION OF SWITCH-PORT SECURITY

To stop someone from simply plugging a host into one of your switch ports—or worse, adding a

hub, switch, or access point into the Ethernet jack in their office, we use the security on each

switch port. By Default, MAC addresses will just dynamically appear in your MAC

forward/filter database. You can stop them in their tracks by using port security.

CONFIGURATION:

1. switch port port-security :Configures access control of a switch port

2. Aging: Configures a timer for dynamically learned addresses to decay out of the

cache.

3. Mac-address: Configures a statically assigned secure hardware address for a given

ports table.

4. Maximum: Configures a max number of secure addresses for a given port.

5. Violation: Configures an action should a violation on the port occur. There are three

violation modes: protect, restrict, and shutdown.

SYNTAX:

Switch #configure terminal

Switch(config)#interface fast Ethernet <interface number>

Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-secrity

Switch(config-if)# switchport port-secrity maximum <number>

Switch(config-if)# switchport port-secrity mac-address <mac-id>

Switch(config-if)# switchport port-secrity violation shutdown

P a g e | 94

EXAMPLE:

For example network admin want to secure the interface f0/1

Switch>

Switch #configure terminal

Switch(config)#interface fast Ethernet 0/1

Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-secrity

Switch(config-if)# switchport port-secrity maximum 1

Switch(config-if)# switchport port-secrity mac-address 1110:a230:0000..

Switch(config-if)# switchport port-secrity violation shutdown

P a g e | 95

OUTPUT:

Switch#show port-security interface fastEthernet 0/1

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address:Vlan : 00D0.5848.A443:1

Security Violation Count : 0


For the below given network diagram, implement the security on all the ports of the switch

connected to the hosts and verify the working of the switchport security. Do the simulation with

the Cisco packet tracer.

P a g e | 97

PORT NUMBERS The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and

the Dynamic and/or Private Ports.

The Well Known Ports are those from 0 through 1023.Well Known ports SHOULD NOT be

used without IANA registration.

The Registered Ports are those from 1024 through 49151. Registered ports SHOULD NOT be

used without IANA registration.

The Dynamic and/or Private Ports are those from 49152 through 65535. A value of 0 in the port

numbers registry below indicates that no port has been allocated.

WELL KNOWN PORT NUMBERS The Well Known Ports are assigned by the IANA and on most systems can only be used by

system (or root) processes or by programs executed by privileged users.

Ports are used in the TCP to name the ends of logical connections which carry long term

conversations. For the purpose of providing services to unknown callers, a service contact port

is defined. This list specifies the port used by the server process as its contact port. The contact

port is sometimes called the "well-known port".

To the extent possible, these same port assignments are used with the UDP.

The range for well-known ports managed by the IANA is 0-1023.

REGISTERED PORT NUMBERS The Registered Ports are listed by the IANA and on most systems can be used by ordinary user

processes or programs executed by ordinary users.

Ports are used in the TCP to name the ends of logical connections which carry long term

conversations. For the purpose of providing services to unknown callers, a service contact port

is defined. This list specifies the port used by the server process as its contact port.

P a g e | 98 The IANA registers uses of these ports as a convenience to the community.

The Registered Ports are in the range 1024-49151.

DYNAMIC AND/OR PRIVATE PORTS

The Dynamic and/or Private Ports are those from 49152 through 65535.

COMMON WELL KNOWN PORTS TO REMEMBER

PORT NUMBER PROTOCOL UDP/TCP

7 ECHO TCP

13 DAY-TIME UDP/TCP

19 CHARACTER GENERATOR UDP/TCP

20 FTP-DATA (File Transfer Protocol) TCP

21 FTP-CONTROL TCP

23 TELNET (Terminal Network) TCP

25 SMTP (Simple Mail Transfer Protocol) TCP

37 TIME UDP/TCP

67 BOOTP-SERVER UDP

68 BOOTP-CLIENT UDP

69 TFTP (Trivial File Transfer Protocol) UDP

70 GOPHER TCP

79 FINGER TCP

80 HTTP (Hyper Text Transfer Protocol) TCP

109 POP-2 (Post Office Protocol, version 2) TCP

110 POP-3 (Post Office Protocol, version 3) TCP

111 RPC UDP/TCP

161 SNMP (Simple Network Management Protocol) UDP

162 SNMP-TRAP UDP

179 BGP (Border Gateway Protocol) TCP

520 RIP (Routing Information Protocol) UDP

P a g e | 99

SUBNETTING QUESTIONS

1. How many subnets and hosts per subnet can you get from the network 10.0.0.0/20?

4096 subnets and 4094 hosts

2. What is the first valid host on the subnetwork that the node 172.24.66.63/23 belongs to?

172.24.66.1



4. What is the last valid host on the subnetwork 172.18.132.0 255.255.252.0?

172.18.135.254

5. How many subnets and hosts per subnet can you get from the network 172.23.0.0

255.255.252.0?



172.20.110.254

7. Which subnet does host 172.16.138.131 255.255.255.128 belong to?

172.16.138.128

P a g e | 100

8. What is the broadcast address of the network 172.24.109.0 255.255.255.128?

172.24.109.127

9. What valid host range is the IP address 10.214.175.187 255.255.240.0 a part of?

10.214.160.1 through to 10.214.175.254


10.255.80.0

11. What valid host range is the IP address 192.168.155.26/28 a part of?

192.168.155.17 through to 192.168.155.30

12. What is the last valid host on the subnetwork 172.24.244.96/28?

172.24.244.110


172.24.83.30

14. What is the first valid host on the subnetwork that the node 192.168.34.200/26 belongs

to?

192.168.34.193


172.27.136.0

P a g e | 101

16. What is the broadcast address of the network 192.168.32.192/27?

192.168.32.223


172.23.9.17 through to 172.23.9.30

18. What is the first valid host on the subnetwork that the node 172.18.54.231 255.255.254.0

belongs to?

172.18.54.1

19. What is the first valid host on the subnetwork that the node 172.22.99.49/21 belongs to?

172.22.96.1


172.19.37.255


255.255.254.0?



172.17.216.0

P a g e | 102

23. What valid host range is the IP address 172.17.227.85 255.255.252.0 a part of?

172.17.224.1 through to 172.17.227.254


10.7.48.0


belongs to?

172.21.38.1


255.255.248.0?



172.22.111.255


192.168.175.64


192.168.108.126


belongs to?

172.27.234.1

P a g e | 103


192.168.229.0


10.45.48.1 through to 10.45.63.254


192.168.156.254

34. What is the first valid host on the subnetwork that the node 192.168.122.138

255.255.255.240 belongs to?

192.168.122.129


172.23.66.62


192.168.45.255


172.29.96.1 through to 172.29.111.254


172.30.231.126

P a g e | 104

39. You are designing a subnet mask for the 172.16.0.0 network. You want 3200 subnets

with up to 8 hosts on each subnet. What subnet mask should you use?

255.255.255.240


255.255.255.224?



192.168.137.190

42. What is the first valid host on the subnetwork that the node 172.17.175.222

255.255.254.0 belongs to?

172.17.174.1


10.36.111.255


172.22.199.193 through to 172.22.199.254


255.255.255.224?


P a g e | 105




belongs to?

172.22.108.1


192.168.93.206


255.255.254.0?



172.19.120.1 through to 172.19.127.254


172.16.32.1 through to 172.16.47.254



P a g e | 106

CCNA QUESTIONS

1. Is EIGRP a distance vector or a link state routing protocol?

EIGRP is a Hybrid routing protocol, it have features of both distance vector and link state

routing protocol.

2. What is the maximum configured bandwidth EIGRP will use on a link? Can this

percentage be changed?

By default, EIGRP uses no more than 50% of the link's bandwidth, based on the bandwidth

configured on the router's interface. This percentage to be changed with the command ip

bandwidth-percent eigrp.

3. How do EIGRP and IGRP differ in the way they calculate the composite metric?

EIGRP and IGRP use the same formula to calculate their composite metrics, but EIGRP scales

the metric by a factor of 256.

4. In the context of EIGRP, what does the term reliable delivery mean? Which two

methods ensure reliable delivery of EIGRP packets?

Reliable delivery means EIGRP packets are guaranteed to be delivered, and they are delivered

in order. RTP uses a reliable multicast, in which received packets are acknowledged, to

guarantee delivery; sequence numbers are used to ensure that they are delivered in order.

5. Which mechanism ensures that a router is accepting the most recent route entry?

Sequence numbers ensure that a router is receiving the most recent route entry.

6. What is the multicast IP address used by EIGRP?

EIGRP uses the multicast address 224.0.0.10.

P a g e | 107 7. At what interval, by default, are EIGRP Hello packets sent?

The default EIGRP Hello interval is 5 seconds, except on some slow-speed (T1 and below)

interfaces, where the default is 60 seconds.

8. What is the default hold time?

The EIGRP default hold time is three times the Hello interval.

9. What is the difference between the neighbor table and the topology table?

The neighbor table stores information about EIGRP-speaking neighbors; the topology table

lists all known routes that have feasible successors.

10. What is the feasibility condition?

The feasibility condition is the rule by which feasible successors are chosen for a destination.

The feasibility condition is satisfied if a neighbor's advertised distance to a destination is lower

than the receiving router's feasible distance to the destination. In other words, a router's

neighbor meets the feasibility condition if the neighbor is metrically closer to the destination

than the router. Another way to describe this is that the neighbor is "downstream" relative to the

destination

11. What information must be stored in the route table?

At a minimum, each entry of the routing table must include a destination address and the

address of a next-hop router or an indication that the destination address is directly connected.

12. What does it mean when a route table says that an address is variably subnetted?

Variably subnetted means that the router knows of more than one subnet mask for subnets of the

same major IP address.

P a g e | 108 13. What are discontiguous subnets?

Discontiguous subnets are two or more subnets of a major IP network address that are

separated by a different major IP address.

14. What command is used to examine the route table in a Cisco router?

Show ip route is used to examine the routing table of a Cisco router.

15. What are the two bracketed numbers associated with the non-directly connected

routes in the route table?

The first bracketed number is the administrative distance of the routing protocol by which the

route was learned. The second number is the metric of the route.

16. When static routes are configured to reference an exit interface instead of a next-

hop address, in what way will the route table be different?

When a static route is configured to reference an exit interface instead of a next-hop address, the

destination address will be entered into the routing table as directly connected.

17. What is a summary route? In the context of static routing, how are summary routes

useful?

A summary route is a single route entry that points to multiple subnets or major IP addresses. In

the context of static routes, summary routes can reduce the number of static routes that must be

configured.

18. What is an administrative distance?

An administrative distance is a rating of preference for a routing protocol or a static route. Every

routing protocol and every static route has an administrative distance associated with it. When a

P a g e | 109 router learns of a destination via more than one routing protocol or static route, it will use the

route with the lowest administrative distance.

19. What is a floating static route?

A floating static route is an alternative route to a destination. The administrative distance is set

high enough that the floating static route is used only if a more-preferred route becomes

unavailable.

20. What is the difference between equal-cost and unequal-cost load sharing?

Equal-cost load sharing distributes traffic equally among multiple paths with equal metrics.

Unequal-cost load sharing distributes packets among multiple paths with different metrics. The

traffic will be distributed inversely proportional to the cost of the routes.

21. Which command in OSPF shows the network LSA information?

The command show ip ospf [process-id area-id] database network displays the network link-

state information.

22. What command would you use to create a totally stubby area?

The command area area-id stub no-summary will create a totally stubby area. This is a

subcommand to the router ospf process-id command. It is necessary only on the ABR, but all

the other routers in the area must be configured as stub routers.

23. What is a virtual link, and what command would you use to create it?

A virtual link is a link that creates a tunnel through an area to the backbone (Area 0). This

allows an area that cannot connect directly to the backbone to do so virtually. The command to

create the link is area area-id virtual-link router-id. Note that the area-id that is supplied is that

of the transit area, and the router-id is that of the router at the other end of the link. The

command needs to be configured at both ends of the tunnel.

P a g e | 110 24. Where would you issue the command to summarize IP subnets? State the command

that is used.

Summarization is done at area boundaries. The command to start summarization is the area

range command, with the syntax area area-id range address mask. To summarize external

routes, use the summary-address command on the ASBRs.

25. How would you summarize external routes before injecting them into the OSPF

domain?

The command summary-address address mask is the command that you would use.

26. When is a virtual link used?

A virtual link is used when an area is not directly attached to the backbone area (Area 0). This

may be due to poor design and a lack of understanding about the operation of OSPF, or it may

be due to a link failure. The most common cause of an area separating from the backbone is link

failure, which can also cause the backbone to be segmented. The virtual link is used in these

instances to join the two backbone areas together. Segmented backbone areas might also be the

result of two companies merging.

27. Give the command for defining the cost of a default route propagated into an area.

The command to define the cost of a default route propagated into another area is area area-id

default-cost cost.

28. Give an example of when it would be appropriate to define a default cost.

It is appropriate to define a default cost for the default route when a stub area has more than one

ABR. This command allows the ABR or exit point for the area to be determined by the network

administrator. If this link or the ABR fails, the other ABR will become the exit point for the

area.

P a g e | 111 29. On which router is the area default cost defined?

The default cost for the default route is defined on the ABR. The ABR will then automatically

generate and advertise the route cost along with the default route.

30. Give the command to configure a stub area and state on which router it is

configured.

The command syntax to configure a stub area is area area-id stub. This command is configured

on the ABR connecting to the area and on all the routers within the area. Once the configuration

is completed, the Hellos are generated with the E bit set to 0. All routers in the area will only

form adjacencies with other routers that have the E bit set.

31. What is the purpose of the area range command, and why is it configured on the

ABR?

The area range command is configured on an ABR because it dictates the networks that will be

advertised out of the area. It is used to consolidate and summarize the routes at an area

boundary.

32. Give the commands to configure a router to place subnets 144.111.248.0 through to

144.111.255.0 in Area 1 and to put all other interfaces into Area 0.

The commands are as follows:

network 144.111.248.0 0.0.7.255 area 1

network 0.0.0.0 255.255.255.255 area 0

33. Give the syntax to summarize the subnets 144.111.248.0 to 144.111.254.255 into

another autonomous system.

The syntax is as follows:

summary-address 144.111.248.0 255.255.248.0

P a g e | 112 34. Explain briefly the difference between the area range command and the summary-

address command.

The area range command is used to summarize networks between areas and is configured on

the ABR. The summary-address command is used to summarize networks between autonomous

systems and is configured on the ASBR.

35. Explain the following syntax and what it will achieve: area 1 stub no-summary.

The command area 1 stub no-summary creates a totally stubby area. The number after the word

area indicates the area that is being defined as a totally stubby area. This is necessary because

the router might be an ABR with connections to many areas. Once this command is issued, it

prevents summarized and external routes from being propagated by the ABR into the area. To

reach the networks and hosts outside the area, routers must use the default route advertised by

the ABR into the area.

36. Why would you configure the routing process to log adjacency changes as opposed

to turning on debug for the same trigger?

The reason to configure the router process to log adjacency changes to syslog as opposed to

running debug is an issue of resources. It takes fewer router and administrator resources to

report on a change of state as it happens than to have the debugger running constantly. The

debug process has the highest priority and thus everything waits for it.

37. Give some of the common reasons that neighbors fail to form an adjacency.

Many OSPF problems stem from adjacency problems that propagate throughout the network.

Many problems are often traced back to neighbor discrepancies.

If a router configured for OSPF routing is not seeing an OSPF neighbor on an attached network,

do the following:

- Make sure that both routers are configured with the same IP mask, MTU, Interface Hello

timer, OSPF Hello interval, and OSPF dead interval.

P a g e | 113 - Make sure that both neighbors are part of the same area and area type.

- Use the debug and show commands to trace the problem.

38. When configuring a virtual link, which routers are configured?

The configuration is between the ABRs, where one of the ABRs resides in Area 0 and the other

in the area that is disconnected from the backbone. Both of the ABRs are also members of the

transit area. Having created the virtual link, both ABRs are now members of Area 0, the

disconnected area, and the transit area.

39. What does the command area 1 default-cost 15 achieve?

The command area 1 default-cost 15 will assign a cost of 15 to the default route that is to be

propagated into the stub area. This command is configured on the ABR attached to the stub

area.

40. Explain what is placed in the parameters area-id and router-id for the command

area area-id virtual-link router-id.

The parameter area-id is the area ID of the transit area. So if the ABR in Area 0 is creating a

virtual link with the ABR in Area 3 through Area 2, the area ID stated in the command is Area

2. The router ID is the router ID of the router with whom the link is to be formed and a neighbor

relationship and adjacency established.

41. What port does RIP use?

RIP uses UDP port 520.

42. What metric does RIP use? How is the metric used to indicate an unreachable

network?

RIP uses a hop count metric. An unreachable network is indicated by setting the hop count to

16, which RIP interprets as an infinite distance.

P a g e | 114 43. What is the update period for RIP?

RIP sends periodic updates every 30 seconds minus a small random variable to prevent the

updates of neighboring routers from becoming synchronized.

44. How many updates must be missed before a route entry will be marked as

unreachable?

A route entry is marked as unreachable if six updates are missed.

45. What is the purpose of the garbage collection timer?

The garbage collection timer, or flush timer, is set when a route is declared unreachable. When

the timer expires, the route is flushed from the route table. This process allows an unreachable

route to remain in the routing table long enough for neighbors to be notified of its status

46. What is a VLAN? When is it used?

Answer: A VLAN is a group of devices on the same broadcast domain, such as a logical subnet

or segment. VLANs can span switch ports, switches within a switch block, or closets and

buildings. VLANs group users and devices into common workgroups across geographical areas.

VLANs help provide segmentation, security, and problem isolation.

47. When a VLAN is configured on a Catalyst switch port, in how much of the campus

network will the VLAN number be unique and significant?

Answer: The VLAN number will be significant in the local switch. If trunking is enabled, the

VLAN number will be significant across the entire trunking domain. In other words, the VLAN

will be transported to every switch that has a trunk link supporting that VLAN.

P a g e | 115 48. Name two types of VLANs in terms of spanning areas of the campus network.

Answer: Local VLAN

End-to-end VLAN

49. Generally, what must be configured (both switch and end-user device) for a port-

based VLAN?

Answer: The switch port

50. What is the default VLAN on all ports of a Catalyst switch?

Answer: VLAN 1

51. What is a trunk link?

Answer: A trunk link is a connection between two switches that transports traffic from multiple

VLANs. Each frame is identified with its source VLAN during its trip across the trunk link.

52. What methods of Ethernet VLAN frame identification can be used on a Catalyst

switch trunk?

Answer: 802.1Q

ISL

53. What is the difference between the two trunking methods? How many bytes are

added to trunked frames for VLAN identification in each method?

Answer: ISL uses encapsulation and adds a 26-byte header and a 4-byte trailer. 802.1Q adds a

4-byte tag field within existing frames, without encapsulation.

P a g e | 116 54. What is the purpose of the Dynamic Trunking Protocol (DTP)?

Answer: DTP allows negotiation of a common trunking method between endpoints of a trunk

link.

55. What commands are needed to configure a Catalyst switch trunk port Gigabit 3/1

to transport only VLANs 100, 200 through 205, and 300 using IEEE 802.1Q? (Assume that

trunking is enabled and active on the port already. Also assume that the interface gigabit

3/1 command already has been entered.)

Answer: switchport trunk allowed vlan 100, 200-205, 300

56. Two neighboring switch trunk ports are set to the auto mode with ISL trunking

encapsulation mode. What will the resulting trunk mode become?

Answer: Trunking will not be established. Both switches are in the passive auto state and are

waiting to be asked to start the trunking mode. The link will remain an access link on both

switches.

57. Complete the following command to configure the switch port to use DTP to actively

ask the other end to become a trunk:

switchport mode _________________

Answer: switch port mode dynamic desirable

58. Which command can set the native VLAN of a trunk port to VLAN 100 after the

interface has been selected?

Answer: switch port trunk native vlan 100

59. What command can configure a trunk port to stop sending and receiving DTP

packets completely?

Answer: switch port no negotiate

P a g e | 117 60. What command can be used on a Catalyst switch to verify exactly what VLANs will

be transported over trunk link giga bit ethernet 4/4?

Answer: show interface gigabitethernet 4/4 switch port

or

show interface giga bit ethernet 4/4 switchport trunk

61. Suppose that a switch port is configured with the following commands. A PC with a

nontrunking NIC card then is connected to that port. What, if any, traffic will the PC

successfully send and receive?

interface fastethernet 0/12

switch port trunk encapsulation dot1q

switch port trunk native vlan 10

switchport trunk allowed vlan 1-1005

switchport mode trunk

Answer: The PC expects only a single network connection, using a single VLAN. In other

words, the PC can't participate in any form of trunking. Only untagged or unencapsulated

frames will be understood. Recall that an 802.1Q trunk's native VLAN is the only VLAN that

has untagged frames. Therefore, the PC will be capable of exchanging frames only on VLAN

10, the native VLAN.

62. What is an OSPF neighbor?

From the perspective of an OSPF router, a neighbor is another OSPF router that is attached to

one of the first router's directly connected links.

63. What is an OSPF adjacency?

An OSPF adjacency is a conceptual link to a neighbor over which LSAs can be sent.

P a g e | 118 64. What is an LSA? How does an LSA differ from an OSPF Update packet?

A router originates a link state advertisement to describe one or more destinations. An OSPF

Update packet transports LSAs from one neighbor to another. Although LSAs are flooded

throughout an area or OSPF domain, Update packets never leave a data link.

65. What is a link state database? What is link state database synchronization?

The link state database is where a router stores all the OSPF LSAs it knows of, including its

own. Database synchronization is the process of ensuring that all routers within an area have

identical link state databases.

66. What is the default HelloInterval?

The default OSPF HelloInterval is 10 seconds.

67. What is the default RouterDeadInterval?

The default RouterDeadInterval is four times the HelloInterval.

68. What is a Router ID? How is a Router ID determined?

A Router ID is an address by which an OSPF router identifies itself. It is either the numerically

highest IP address of all the router's loopback interfaces, or if no loopback interfaces are

configured, it is the numerically highest IP address of all the router's LAN interfaces.

69. What is an area?

An area is an OSPF sub-domain, within which all routers have an identical link state database.

P a g e | 119 70. What is the significance of area 0?

Area 0 is the backbone area. All other areas must send their inter-area traffic through the

backbone.

71. What is MaxAge?

MaxAge, 1 hour, is the age at which an LSA is considered to be obsolete.

Ccna Lab Guide

Documents

Transcript of Ccna Lab Guide