cscbank.info · web viewthe 200-120 composite ccna v2 exam is a 1-½ hour test with 50–60...
TRANSCRIPT
LAB MANUALCISCO NETWORKING
CNET-448, LEVEL 10
Prepared by: Sikandar Shah,
Lecturer, DEPARTMENT OF CNET, COLLEGE OF CS&IS, JAZAN UNIVERSITY, GIZAN, KSA
0
The 200-120 composite CCNA v2 exam is a 1-½ hour test with 50–60 questions.
The 200-125 CCNA exam is the composite exam associated with the CCNA
Routing and Switching certification. Candidates can prepare for this exam by
taking the Interconnecting Cisco Networking Devicesversion 2.0 course. This
exam tests a candidate's knowledge and skills required to install, operate, and
troubleshoot a small to medium-size enterprise branch network. The exam
includes topics on LAN switching technologies, IP routing technologies, IP
services (FHRP, eBGP, GRE, SNMP v2 and v3), troubleshooting, and WAN
technologies.
www.cisco.com/go/ ccna
1
Table of Contents
LAB.No. NAME OF EXERCISE P. NO.
LAB-01 Switched Network Configuration 3
LAB-02 SNMP Server and NetFlow 7
LAB-03 Routing Configuration with EIGRP 10
LAB-04 Routing Configuration with EIGRP with IPv6 14
LAB-05 HSRP over Single Area OSPF 20
LAB-06 Multi-Area OSPF Configuration 23
LAB-07 Multi-Area OSPFv3 Configuration 27
LAB-08 Point-to-Point GRE VPN Tunnel 31
LAB-09 EBGP Configuration 35
LAB-10 PPP authentication configuration 38
MINI PROJECTS SAMPLES 43
2
LAB 1: Switched Network Configuration
Lab Objectives;
1. Configure VTP and VLANs2. Configure Access and Trunk Links3. Configure Rapid STP (RSTP)4. Configure EtherChannel between switches5. Configure Portfast and BPDU Guard for PCs
Device Interface IP Address Subnet Mask D. Gateway
SW2 VLAN 1 172.16.10.1 255.255.255.0
PC1 Fa0/5 172.16.10.10 255.255.255.0 172.16.10.1
PC2 Fa0/10 172.16.10.20 255.255.255.0 172.16.10.1
PC3 Fa0/15 172.16.10.30 255.255.255.0 172.16.10.1
3
//Configure hostname and VTP on S1
Switch>enable Switch#
configure terminal
Switch(config)#hostname SW1
SW1(config)#vtp mode clientSW1(config)#vtp domain CISCOSW1(config)#vtp password class//Enable RSTP On S1SW1(config)#spanning-tree mode rapid-pvst//Disable all ports SW1(config)#interface range fa0/1-24 SW1(config-if-range)#shutdown!! Configure Trunking on S1Configure S1 Fa0/1 and Fa0/2 for trunking, use VLAN 1 as the native VLAN. SW1(config)#interface range fa 0/1, gi0/1-2SW1(config-if-rang)#switchport mode trunk SW1(config-if-range)#switchport trunk native vlan 1SW1(config-if-range)#no shutdownSW1(config-if-range)#exitConfigure and verify EtherChannel between S1 and S3SW1(config)#interface port-channel 1
SW1(config-if)#exit
SW1(config)#interface range gi 0/1-2
SW1(config-if-range)#channel-protocol pagp
SW1(config-if-range)# channel-group 1 mode desirable
SW1(config-if-range)#exit
!!Configure hostname, VTP Server on S2
Switch>enable Switch# configure terminal Switch(config)#hostname SW2SW2(config)#vtp mode serverSW2(config)#vtp domain CISCOSW2(config)#vtp password classSW2(config)#vlan 10SW2(config-vlan)# name ADMIN
4
SW2(config-vlan)# exitSW2(config)#vlan 20SW2(config-vlan)# name STDSW2(config-vlan)#exit!!Enable RSTP On S2SW2(config)#spanning-tree mode rapid-pvst!!Configure S2 Fa0/1 and fa0/2 for trunking.SW2(config)#interface range fa0/1-24SW2(config-if-range)#shutdownSW2(config)#interface range fa 0/1-2SW2(config-if)#switchport mode trunk SW2(config-if)#switchport trunk native vlan 1SW2(config-if-range)#no shutdownSW2(config-if-range)#exit!!Configure the management interface address on S2. SW2(config)#interface vlan1SW2(config-if)#ip address 172.16.10.1255.255.255.0SW2(config-if)#no shutdown SW2(config-if)#exit
!!Configure S2 Access Ports and configure portfast for PC1, PC2 and PC3
SW2(config)#interface range fa 0/5, fa 0/10, fa 0/15SW2(config-if)#switchport mode accessSW2(config-if)#spanning-tree portfastSW2(config-if)#spanning-tree bpduguard enableSW2(config-if)#no shutdown
Configure hostname on and VTP client on S3Switch>enableSwitch# configure terminalSwitch(config)#hostname SW3
SW3(config)#vtp mode clientSW3(config)#vtp domain CISCOSW3(config)#vtp password class
Enable RSTP On S3SW3(config)#spanning-tree mode rapid-pvst
Configure S3 Fa0/2, gi 0/1 and gi0/2 for trunking SW3(config)#interface range fa0/1-24SW3(config-if-range)#shutdownSW3(config-if-range)#exit
5
SW3(config)#interface rang fa 0/2, gi0/1-2SW3(config-if)#switchport mode trunk SW3(config-if)#switchport trunk native vlan 1SW3(config-if)#no shutdownConfigure and verify EtherChannel between S1 and S3
SW3(config)#interface port-channel 1
SW3(config-if)#exit
SW3(config)#interface range gi 0/1-2
SW3(config-if-range)#channel-protocol pagp
SW3(config-if-range)# channel-group 1 mode desirable
SW3(config-if-range)#exit
Verifying STP and finding Root bridgeon the network
SW1#show vlan brief
SW1#sh cdp neighbors
SW1#show interfaces fastEthernet 0/1 switchport
SW1#show interfaces fastEthernet 0/5 switchport
SW1#show spanning-tree
SW1#show spanning-tree vlan 1
SW1#show spanning-tree summary
SW1#show etherchannel port-channel
SW1#show etherchannel summary
Answer the following questions based on the output.
1. What is the bridge ID priority for switches S1, S2, and S3 on VLAN 1?
a. SW1/SW2/SW3 ____________________________
2. Which switch is the root for the VLAN 1 spanning tree? ________________
3. What is the bridge priority of SW1/SW2/SW3? ____________________
4. Which STP version is used on each switch? ____________________
LAB 2: SNMPv3&Netflow Configuration
6
In this lab, you explore the interactions between an SNMP agent and an SNMP
manager. You can use SNMP agents on Cisco routers and will run an SNMP
manager on a PC. An SNMP manager and an SNMP agent communicate using,
the SNMP protocol.
Cisco Packet Tracer MIB Browser
A MIB Browser is a tool that allows you to pull out data from SNMP enabled devices such as routers, switches, and servers. In addition to pulling out data, a MIB Browser may also perform the following functions.
Retrieve and display MIB data in a human readable form Set MIB variables, create, modify or delete conceptual table rows Basic alarm ( trap ) management View the text file in a graphical manner usually featuring a MIB tree
Device Interface IP address Subnet Mask Gateway
R1Gi 0/1 192.168.10.1 255.255.255.0Gi 0/0 200.100.10.1 255.255.255.252
R2 Gi 0/0 200.100.10.2 255.255.255.252
PC1 NIC 192.168.10.10 255.255.255.0 192.168.10.1
Router Configuration as SNMP agent and PC1 as SNMP Manager Router>enable Router# configure terminal Router(config)#hostname R1
///Assign the IP address on R1 R1(config)# interface Gig0/1 R1(config-if)# ip address 192.168.10.1 255.255.255.0 R1(config-if)# no
7
shutdown R1(config-if)#ip flow ingress R1(config-if)# ip flow egress
R1(config)# interface Gig0/0 R1(config-if)# ip address 200.100.10.1 255.255.255.252 R1(config-if)# no shutdown
///Assign the IP address on R1
R2(config)# interface Gig0/0 R2(config-if)# ip address 200.100.10.2 255.255.255.252 R2(config-if)# no shutdownSNMP Configuration on Router R1
//Defines the community string with either read-only or read-write access.
R1(config)# snmp-server community student ro
R1(config)# snmp-server community admin rw
SNMP VERIFICATION
R1# show snmp
Testing SNMP from a PC
The SNMP has been configured on R1 router. Now try to test it from the PC1 using MIB Browser. Click on PC1 and click Desktop tab, then open MIB Browser.
b
Now on the MIB browser page expend MIB tree to system and select each value then hit the GO button to display the exact information on Router1.
8
NetFlow Commands
Configure NetFlow data capture on gigabit interface. Capture data from ingress and egress packets. Identify the IP address and the UDP port of the NetFlowcollector to which the router should export NetFlow data.
R1(config)# interface Gig0/1 R1(config-if)#ip flow ingress R1(config-if)# ip flow egress R1(config)# ip flow-export
destination 192.168.10.1 9996 R1(config)# ip flow-export source gi0/1 /// Giga/fastethernet interface no. R1(config)# ip flow-export version 9
R1# show ip flow interfaceR1# show ip flow export // Only on Real devices
R1#show ip cache flow
cmd>ping 192.168.1.1 repeat 500
LAB 3: Routing configuration using EIGRP
9
Device Interface IP Address Subnet Mask D. Gateway
R1
S0/0/0 10.1.1.1 255.255.255.252 DCE
S0/0/1 10.1.2.1 255.255.255.252 DCE
gi0/0 192.168.10.1 255.255.255.0
gi0/1 192.168.20.1 255.255.255.0
R2
gi0/0 192.168.30.1 255.255.255.0
gi0/1 192.168.40.1 255.255.255.0
S0/0/0 10.1.1.2 255.255.255.252
S0/0/1 10.1.2.2 255.255.255.252
LAB1 Nic 192.168.10.10 255.255.255.0 192.168.10.1
LAB2 Nic 192.168.20.10 255.255.255.0 192.168.20.1
ADM1 Nic 192.168.30.10 255.255.255.0 192.168.30.1
ADM2 Nic 192.168.40.10 255.255.255.0 192.168.40.1
Configuration on router R1
10
Router>enable
Router#configure terminal
R1 (config)# hostname R1
R1 (config)# interface gi0/0
R1 (config-if)# ip address 192.168.10.1 255.255.255.0
R1 (config-if)# no shutdown
R1 (config-if)# exit
R1 (config)# interface gi0/1
R1 (config-if)# ip address 192.168.20.1 255.255.255.0
R1 (config-if)# no shutdown
R1 (config-if)# exit
R1 (config)# interface serial 0/0/0
R1 (config-if)# ip address 10.1.1.1 255.255.255.252
R1 (config-if)# clock rate 64000 (DCE Interface)
R1 (config-if)# no shutdown
R1(config-if)# exit
R1 (config)# interface serial 0/0/1
R1 (config-if)# ip address 10.1.2.1 255.255.255.252
R1 (config-if)# clock rate 64000 (DCE Interface)
R1 (config-if)# no shutdown
R1(config-if)# exit
Configuration on router R2
Router>enable
Router#configure terminal
Router (config)# hostname R2
R2 (config)# interface gi0/0
R2 (config-if)# ip address 192.168.30.1 255.255.255.0
R2 (config-if)# no shutdown
R2 (config-if)# exit
11
R2 (config)# interface gi0/1
R2 (config-if)# ip address 192.168.40.1 255.255.255.0
R2 (config-if)# no shutdown
R2 (config-if)# exit
R2 (config)# interface serial 0/0/0
R2 (config-if)# ip address 10.1.1.2 255.255.255.252
R2 (config-if)# no shutdown
R2(config-if)# exit
R2 (config)# interface serial 0/0/1
R2 (config-if)# ip address 10.1.2.2 255.255.255.252
R2 (config-if)# no shutdown
R2(config-if)# exit
Routing Configuration for Router R1:
Enter a process ID of 10 for the autonomous-system parameter.
R1(config)#router eigrp 10
R1(config-router)#network 10.0.0.0
R1(config-router)#network 192.168.10.0
R1(config-router)#network 192.168.20.0
R1(config-router)#end
Routing Configuration for Router R2:
R2(config)#router eigrp 10
R2(config-router)#
R2(config-router)#network 10.0.0.0
R2(config-router)# network 192.168.30.0
R2(config-router)# network 192.168.40.0
R2(config-router)#end
R1#show ip route
12
R1#show ip route eigrp
R1#show ip eigrp topology
R1#show ip eigrp neighbors
R1#show ip protocols
LAB 4: Routing configuration using EIGRP with IPv6
13
Background / Scenario
14
EIGRP for IPv6 has the same overall operation and features as EIGRP for IPv4. However,
there are a few major differences between them:
EIGRP for IPv6 is configured directly on the router interfaces.
With EIGRP for IPv6, a router ID is required on each router or the routing process does
not start.
The EIGRP for IPv6 routing process uses a shutdown feature.
In this lab, you will configure the network with EIGRP routing for IPv6. You will also assign
router IDs,configure passive interfaces, verify the network is fully converged, and display
routing information using CLI show commands.
Step 1: Enable IPv6 routidng on all routers with ipv6 unicast-routing command.
Step 2: Assign a router ID to each router.
a. To begin the EIGRP for IPv6 routing configuration process, issue the ipv6 router
eigrp 1 command, where 1 is the AS number.
b. EIGRP for IPv6 requires a 32-bit address for the router ID. Use the router-id command to
configure the router ID in the router configuration mode.
Step 3: Enable EIGRP for IPv6 routing on each router.
Issue the no shutdown command to enable EIGRP forIPv6 routing on all routers.
Step 4: Configure EIGRP for IPv6 using AS 1 on the Serial and Gigabit Ethernet
interfaces on the routers.
Router R1 commands:R1#configure terminal
R1(config)# interface gi0/0
R1(config-if)#ipv6 address FE80::1 Link local
R1(config-if)#ipv6 address 2001:DB8:ACAD:A::1/64
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#interface serial0/0/0
R1(config-if)#ipv6 address FE80::1 Link local
R1(config-if)#ipv6 address 2001:DB8:ACAD:12::1/64
R1(config-if)#clock rate 128000
R1(config-if)#exit
R1(config)#interface serial0/0/115
R1(config-if)#ipv6 address FE80::1 Link local
R1(config-if)#ipv6 address 2001:DB8:ACAD:13::1/64
R1(config-if)#exit
R1(config)# ipv6 unicast-routing
R1(config)# ipv6 router eigrp 1
R1(config-rtr)#eigrp router-id 1.1.1.1
R1(config-rtr)# no shutdown
R1(config)# interface g0/0
R1(config-if)# ipv6 eigrp 1
R1(config-if)# interface s0/0/0
R1(config-if)# ipv6 eigrp 1
R1(config-if)# interface s0/0/1
R1(config-if)# ipv6 eigrp 1
R1(config)# ipv6 router eigrp 1
R1(config-rtr)# passive-interface g0/0
Router R2 commands:R2#configure terminal
R2(config)# interface gi0/0
R2(config-if)#ipv6 address FE80::2 Link local
R2(config-if)#ipv6 address 2001:DB8:ACAD:B::1/64
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#interface serial0/0/0
R2(config-if)#ipv6 address FE80::2 Link local R2(config-
if)#ipv6 address 2001:DB8:ACAD:12::3/64
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial0/0/1
R2(config-if)#ipv6 address FE80::2 Link local
16
R2(config-if)#ipv6 address 2001:DB8:ACAD:23::3/64
R2(config-if)#clock rate 128000
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)# ipv6 unicast-routing
R2(config)# ipv6 router eigrp 1
R2(config-rtr)#eigrp router-id 2.2.2.2
R2(config-rtr)# no shutdown
R2(config)# interface g0/0
R2(config-if)# ipv6 eigrp 1
R2(config-if)# interface s0/0/0
R2(config-if)# ipv6 eigrp 1
R2(config-if)# interface s0/0/1
R2(config-if)# ipv6 eigrp 1
R2(config)#ipv6 router eigrp 1
R2(config-rtr)# passive-interface g0/0
Router R3 commands:R3#configure terminal
R3(config)# interface gi0/0
R3(config-if)#ipv6 address FE80::3 Link local
R3(config-if)# ipv6 address 2001:DB8:ACAD:C::1/64
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface serial0/0/0
R3(config-if)#ipv6 address FE80::3 Link local
R3(config-if)#ipv6 address 2001:DB8:ACAD:13::3/64
R3(config-if)#clock rate 128000
R3(config-if)#no shutdown
R3(config-if)#exit17
R3(config)#interface serial0/0/1
R3(config-if)#ipv6 address FE80::3 Link local
R3(config-if)#ipv6 address 2001:DB8:ACAD:23::3/64
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)# ipv6 unicast-routing
R3(config)# ipv6 router eigrp 1
R3(config-rtr)#eigrprouter-id 3.3.3.3
R3(config-rtr)# no shutdown
R3(config-rtr)# exit
R3(config)# interface g0/0
R3(config-if)# ipv6 eigrp 1
R3(config-if)# interface s0/0/0
R3(config-if)# ipv6 eigrp 1
R3(config-if)# interface s0/0/1
R3(config-if)# ipv6 eigrp 1
R3(config)#ipv6 router eigrp 1
R3(config-rtr)# passive-interface default
Part 2: Verify EIGRP for IPv6 Routing
18
On R1, issue the show ipv6 eigrp neighbors command to verify that the
adjacency has been established with its neighboring routers. The link-local
addresses of the neighboring routers are displayed in the adjacency table.
R1# show ipv6 eigrp neighbors
Use the show ipv6 route eigrp command to display IPv6 specific EIGRP routes on all
the routers.
R1# show ipv6 route eigrp
Examine the EIGRP topology.
R1# show ipv6 eigrp topology
Issue the show ipv6 protocols command to verify the configured parameter.
R1# show ipv6 protocols
LAB 5: HSRP Configuration
19
Device Interface IP address Subnet Mask Gateway
R1S0/0/0 10.1.1.1 255.255.255.252 DCEG0/1 192.168.10.1 255.255.255.0
R2S0/0/0 10.1.1.2 255.255.255.252
S0/0/1 10.1.1.5 255.255.255.252 DCE
R3S0/0/1 10.1.1.6 255.255.255.252
G0/1 192.168.10.3 255.255.255.0
PC-A NIC 192.168.10.10 255.255.255.0 192.168.10.254
PC-C NIC 192.168.10.30 255.255.255.0 192.168.10.254
Note: Assign IP addresses to devices according the abovetable, follow these steps on R2 and R3
R1 (config)# interface serial 0/0/0
R1 (config-if)# ip address 10.1.1.1 255.255.255.252
R1 (config-if)# clock rate 128000 (DCE Interface)
R1 (config-if)# no shutdown
R1(config-if)# exit
R1 (config)#interface gi0/1
20
R1 (config-if)# ip address 192.168.10.1 255.255.255.0
R1 (config-if)# no shutdown
R1(config-if)# exit
Configure routing on all routers
!!R1 Routing configuration
R1(config)# router ospf 1
R1(config-router)# network 10.1.1.0 0.0.0.3 area 0 R1(config-
router)# network 192.168.10.0 0.0.0.255 area 0 R1(config-
router)# default-information originate
!!R2 Routing configuration
R2(config)# router ospf 1
R2(config-router)# network 10.1.1.0 0.0.0.3 area 0
R2(config-router)# network 10.1.1.4 0.0.0.3 area 0
R2(config-router)# default-information originate
!!R3 routing configuration
R3(config)# router ospf 1
R3(config-router)# network 10.1.1.4 0.0.0.3 area 0
R3(config-router)# network 192.168.10.0 0.0.0.255 area 0
R3(config-router)# default-information originate
Check connectivity between PC-A and PC-C and With R2
!!Configure HSRP on R1
R1(config)# interface g0/1
R1(config-if)# standby 1 ip 192.168.10.254
R1(config-if)# standby 1 priority 105
R1(config-if)# standby 1 preempt
!!Configure HSRP on R3.
R3(config)# interface g0/1
R3(config-if)# standby 1 ip 192.168.1.254
21
Verification CommandsR1# show standbyR3# show standbyR1# show standby briefR1# show standby brief
LAB 6: Routing configuration using Multi-Area OSPF
22
Device Interface IP Address Subnet Mask D. Gateway
R1
Fa0/0 172.16.1.17 255.255.255.240
S0/0/0 192.168.10.1 255.255.255.252 DCE
S0/0/1 192.168.10.5 255.255.255.252
R2
Fa0/0 10.10.10.1 255.255.255.0
S0/0/0 192.168.10.2 255.255.255.252
S0/0/1 192.168.10.9 255.255.255.252 DCE
R3
Fa0/0 172.16.1.33 255.255.255.248
S0/0/1 192.168.10.10 255.255.255.252
S0/0/0 192.168.10.6 255.255.255.252 DCE
PC1 Nic 172.16.1.30 255.255.255.240 172.16.1.17
PC2 Nic 10.10.10.254 255.255.255.0 10.10.10.1
PC3 Nic 172.16.1.38 255.255.255.248 172.16.1.33
Configuration on router R1Router>enable
23
Router#configure terminalR1 (config)# hostname R1R1 (config)# interface fa0/0R1 (config-if)# ip address 172.16.1.17 255.255.255.240R1 (config-if)# no shutdownR1 (config-if)# exitR1 (config)# interface serial 0/0/0R1 (config-if)# ip address 192.168.10.1 255.255.255.252R1 (config-if)# clock rate 64000 (Only DCE Interface)R1 (config-if)# no shutdownR1(config-if)# exitR1 (config)# interface serial 0/0/1R1 (config-if)# ip address 192.168.10.5 255.255.255.252R1 (config-if)# no shutdownR1(config-if)# exit
Configuration on router R2Router>enableRouter#configure terminalRouter (config)# hostname R2R2 (config)# interface fa0/0R2 (config-if)# ip address 10.10.10.1 255.255.255.0R2 (config-if)# no shutdownR2 (config-if)# exitR2 (config)# interface serial 0/0/0R2 (config-if)# ip address 192.168.10.2 255.255.255.252R2 (config-if)# no shutdownR2(config-if)# exitR2 (config)# interface serial 0/0/1R2 (config-if)# ip address 192.168.10.9 255.255.255.252R2 (config-if)# clock rate 64000 (Only DCE Interface)R2 (config-if)# no shutdownR2(config-if)# exit
Configuration on router R3Router>enable
24
Router#configure terminalRouter (config)# hostname R3R3 (config)# interface fa0/0R3 (config-if)# ip address 172.16.1.33 255.255.255.248R3 (config-if)# no shutdownR3 (config-if)# exitR3 (config)# interface serial 0/0/0R3 (config-if)# ip address 192.168.10.6 255.255.255.252R3 (config-if)# clock rate 64000 (DCE Interface)R3 (config-if)# no shutdownR3(config-if)# exitR3 (config)# interface serial 0/0/1R3 (config-if)# ip address 192.168.10.10 255.255.255.252R3 (config-if)# no shutdownR3(config-if)# exit
Routing Configuration for Router R1://Enable OSPF on the R1 router.//Enter a process ID of 1 for the process-ID parameter.R1(config)#router ospf 1R1(config-router)#//Use an area ID of 0 for the OSPF area-id parameter. R1(config-router)#network 172.16.1.16 0.0.0.15 area 10R1(config-router)# network 192.168.10.0 0.0.0.3 area 0R1(config-router)# network 192.168.10.40.0.0.3 area 0R1(config-router)#default-information originateR1(config-router)#endR1#copy run startConfigure OSPF on the R2R2(config)#router ospf 1R2(config-router)#R2(config-router)#network 10.10.10.0 0.0.0.255 area 20R2(config-router)#network 192.168.10.0 0.0.0.3 area 0R2(config-router)#network 192.168.10.8 0.0.0.3 area 0R2(config-router)#default-information originateR2(config-router)#endR2#copy run start
Configure OSPF on the R325
R3(config)#router ospf 1R3(config-router)#network 172.16.1.320.0.0.7 area 30R3(config-router)#network 192.168.10.4 0.0.0.3 area 0R3(config-router)#network 192.168.10.8 0.0.0.3 area 0R3(config-router)#default-information originateR3(config-router)#endR3#copy run start
Answer the following Questions:
Use show ip protocols and show ip ospf to answer following questions,
What is the router ID for R1? ____________________
What is the router ID for R2? ____________________
What is the router ID for R3? ____________________
To configure loopback interface on all routers, use these commands.
R1(config)#interface loopback 0
R1(config-if)#ip address 10.1.1.1 255.255.255.255
R2(config)#interface loopback 0
R2(config-if)#ip address 10.2.2.2 255.255.255.255
R3(config)#interface loopback 0
R3(config-if)#ip address 10.3.3.3 255.255.255.255
Answer following questions again after configuring Loopback interfaces.What is the router ID for R1? ____________________What is the router ID for R2? ____________________What is the router ID for R3? ____________________R1#show ip ospf neighbourR1#show ip route
LAB 7: Routing configuration using Multi-Area OSPFv3
26
Objectives
27
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure Multiarea OSPFv3 Routing
Part 3: Verification and Troubleshooting
Background / Scenario
In this lab, you will implement OSPFv3 routing for multiple areas and configure
inter-area route summarizations on the Area Border Routers (ABRs). This lab
uses loopback interfaces to simulate networks in multiple OSPFv3 areas.
Part 1:Router R1 Configuration
//Enable IPV6 Addressing on all interfaces R1(config-if)#ipv6 enable //Enable IPV6 uni-cast RoutingR1(config)# ipv6 unicast-routing
a. On R1, issue the ipv6 router ospf command to start an OSPFv3 process. R1(config)# ipv6 router ospf 1 Note: The OSPF process ID is only locally significantb. Assign the OSPFv3 router ID 1.1.1.1 to R1. R1(config-rtr)# router-id 1.1.1.1// Issue the ipv6 ospf 1 area area-id command for each interface on R1 that is to participate in OSPFv3routing. R1(config)# interface lo0 R1(config-if)# ipv6 ospf 1 area 1R1(config-if)# ipv6 ospf network point-to-pointR1(config-if)# interface lo1R1(config-if)# ipv6 ospf 1 area 1R1(config-if)# ipv6 ospf network point-to-pointR1(config-if)# interface lo2R1(config-if)# ipv6 ospf 1 area 1R1(config-if)# ipv6 ospf network point-to-pointR1(config-if)# interface lo3R1(config-if)# ipv6 ospf 1 area 1R1(config-if)# ipv6 ospf network point-to-pointR1(config-if)# interface s0/0/0R1(config-if)# ipv6 ospf 1 area 0
Router R2 Configuration
28
//Enable IPV6 Addressing on all interfaces R2(config-if)#ipv6 enable//Enable IPV6 unic-cast RoutingR2(config)# ipv6 unicast-routing
R2(config)# ipv6 router ospf 1 !!!Assign a router ID of 2.2.2.2 to R2 R2(config-rtr)# router-id 2.2.2.2 R2(config)# interface lo8R2(config-if)# ipv6 ospf 1 area 0R2(config-if)# ipv6 ospf network point-to-pointR2(config-if)# interface s0/0/0R2(config-if)# ipv6 ospf 1 area 0R2(config-if)# interface s0/0/1R2(config-if)# ipv6 ospf 1 area 0Router R3 Configuration//Enable IPV6 Addressing on all interfaces R3(config-if)#ipv6 enable//Enable IPV6 unic-cast RoutingR3(config)# ipv6 unicast-routing
R3(config)# ipv6 router ospf 1 !!!Assign a router ID of 3.3.3.3 to R3 R3(config-rtr)# router-id 2.2.2.2 !!!The loopback interfaces are assigned to area 2 and the serial interface is assigned to area 0. R3(config)# interface lo4R3(config-if)# ipv6 ospf 1 area 2R3(config-if)# ipv6 ospf network point-to-pointR3(config-if)# interface lo5R3(config-if)# ipv6 ospf 1 area 2R3(config-if)# ipv6 ospf network point-to-pointR3(config-if)# interface lo6R3(config-if)# ipv6 ospf 1 area 2R3(config-if)# ipv6 ospf network point-to-pointR3(config-if)# interface lo7R3(config-if)# ipv6 ospf 1 area 2R3(config-if)# ipv6 ospf network point-to-pointR3(config-if)# interface s0/0/1R3(config-if)# ipv6 ospf 1 area 0Part 3: Verification and Troubleshooting
29
1. Issue the show ipv6 ospf command to verify the router IDs on all routers.R2# show ipv6 ospf
2. Use the show ipv6 protocols command to verify multiarea OSPFv3 status.R1# show ipv6 protocols
3. Use the show ipv6 ospf interface brief command to view OSPFv3 enabled interfaces.R2# show ipv6 ospf interface brief
4. Use the show ipv6 ospf command to verify configurations.R3# show ipv6 ospf
5. Issue the show ipv6 ospf neighbor command on all routers to verify that each router is listing the correct routers as neighbors. R1# show ipv6 ospf neighbour
6. Issue the show ipv6 route ospf command on all routers to verify that each router has learned routes to all networks in the Addressing Table. R1# show ipv6 route ospf
7. Issue the show ipv6 ospf database command on all routers. R1# show ipv6 ospf database
LAB 08: Point-to-Point GRE VPN Tunnel
30
Device Interface
IP Address Subnet Mask D. Gateway
R1
S0/0/0 192.168.12.1 255.255.255.0 DCE
Lo0 172.16.1.1 255.255.255.0
Tunnel 0 172.16.13.1 255.255.255.0 S0/0/1
R2
S0/0/0 192.168.12.2 255.255.255.0
S0/0/1 192.168.23.2 255.255.255.0 DCE
R3
Lo0 172.16.3.1 255.255.255.0
S0/0/1 192.168.23.3 255.255.255.0
Tunnel 0 172.16.13.3 255.255.255.0 S0/0/0
Tunnelling is a concept where we put ‘packets into packets’ so that they can be
transported over certain networks. We also call this encapsulation.
31
GRE stands for Generic Routing Encapsulation, and it is the simplest type of
tunnel we can configure. A tunnel will allow R1 and R3 to have a virtual private
network (VPN) with each other and route between them built on GRE
encapsulation.
R1 Configuration R1(config)# interface loopback 0 R1(config-if)# ip address 172.16.1.1 255.255.255.0 R1(config-if)# exitR1(config-if)# interface serial 0/0/0 R1(config-if)# ip address 192.168.12.1 255.255.255.0 R1(config-if)# clockrate 64000 R1(config-if)# no shutdown R1(config-if)# exit!!! Configure EIGRP AS 1 on R1R1(config)# router eigrp 1R1(config-router)# no auto-summary R1(config-router)# network 192.168.12.0
R2 Configuration R2(config)# interface serial 0/0/0R2(config-if)# ip address 192.168.12.2 255.255.255.0R2(config-if)# no shutdown R3(config-if)#exit R2(config-if)# interface serial 0/0/1 R2(config-if)# ip address 192.168.23.2 255.255.255.0R2(config-if)# clockrate 64000R2(config-if)# no shutdown !!! Configure EIGRP AS 1 on R2R2(config)# router eigrp 1R2(config-router)# no auto-summary R2(config-router)# network 192.168.12.0R2(config-router)# network 192.168.23.0
R3 Configuration R3(config)# interface loopback 0R3(config-if)# ip address 172.16.3.1 255.255.255.0
32
R3(config-if)#exit R3(config-if)# interface serial 0/0/1R3(config-if)# ip address 192.168.23.3 255.255.255.0R3(config-if)# no shutdownR3(config-if)#exit!!! Configure EIGRP AS 1 on R3R3(config)# router eigrp 1R3(config-router)# no auto-summary R3(config-router)# network 192.168.23.0!!! Use the following command on all routers to verify the EIGRP routing.R1# show ip route
Configure a GRE Tunnel
R1(config)# int tunnel0R1(config-if)# tunnel source serial0/0/0R1(config-if)# tunnel destination 192.168.23.3 R1(config-if)# ip address 172.16.13.1 255.255.255.0
R3(config)# int tunnel0R3(config-if)# tunnel source serial0/0/1R3(config-if)# tunnel destination 192.168.12.1R3(config-if)# ip address 172.16.13.3 255.255.255.0
Verify the connectionR1# ping 172.16.13.3
Configure EIGRP AS 2 to route the entire 172.16.0.0 major network over the tunnel but
disable automatic summarization.
R1routing Configuration
R1(config)# router eigrp 2R1(config-router)# no auto-summaryR1(config-router)# network 172.16.0.0
R3routing Configuration
R3(config)# router eigrp 2 R3(config-router)# no auto-summary
33
R3(config-router)# network 172.16.0.0
Verify the difference between AS1 and AS2 EIGRP neighbors
R1# show ip eigrp neighbors 2
R1# show ip eigrp neighbors 1
R1# show ip route
LAB 09: EBGP configuration
34
Device Interface IP Address Subnet Mask D. Gateway
ISP1
S0/0/0 10.0.0.1 255.255.255.252 DCE
Lo0 12.0.1.1 255.255.255.0
SanJose
S0/0/0 10.0.0.2 255.255.255.252
S0/0/1 172.16.0.2 255.255.255.252 DCE
Lo0 192.168.0.1 255.255.255.0
Lo1 192.168.1.1 255.255.255.0
ISP2
Lo0 172.16.1.1 255.255.255.0
S0/0/1 172.16.0.1 255.255.255.252
ISP1 Configuration Router>enableRouter#configure terminalRouter (config)# hostname ISP1ISP1(config)# interface loopback 0 ISP1(config-if)# ip address 12.0.1.1 255.255.255.0 ISP1(config-if)# exitISP1(config-if)# interface serial 0/0/0
35
ISP1(config-if)# ip address 10.0.0.1 255.255.255.252ISP1(config-if)# clockrate 128000 ISP1(config-if)# no shutdown ISP1(config-if)# exit
SanJose Configuration sanjose(config)# interface serial 0/0/0sanjose(config-if)# ip address 10.0.0.2 255.255.255.252sanjose(config-if)# no shutdown sanjose(config-if)#exit sanjose(config-if)# interface serial 0/0/1 sanjose(config-if)# ip address 72.16.0.2 255.255.255.252sanjose(config-if)# clockrate 128000sanjose(config-if)# no shutdown sanjose(config)# interface loopback 0 sanjose(config-if)# ip address 192.168.0.1 255.255.255.0 sanjose(config-if)# exitsanjose(config)# interface loopback 1sanjose(config-if)# ip address 192.168.1.1 255.255.255.0 sanjose(config-if)# exit
ISP2 Configuration ISP2(config)# interface loopback 0ISP2(config-if)# ip address 172.16.1.1 255.255.255.0ISP2(config-if)#exit ISP2(config-if)#exitISP2(config-if)# interface serial 0/0/1 ISP2(config-if)# ip address 72.16.0.2 255.255.255.252ISP2(config-if)# clockrate 128000ISP2(config-if)# no shutdown
Enable BGP on ISP1
36
ISP1(config)#router bgp 200 ISP1(config-router)#neighbor 10.0.0.2 remote-as 100 ISP1(config-router)#network 12.0.1.0 mask 255.255.255.0
Enable BGP on ISP2
ISP2(config)#router bgp 300 ISP2(config-router)#neighbor 172.16.0.2 remote-as 100 ISP2(config-router)#network 172.16.1.0 mask 255.255.255.0
Enable BGP on SanJoseSanJose(config)#router bgp 100 SanJose(config-router)#neighbor 10.0.0.1 remote-as 200 SanJose(config-router)#neighbor 172.16.0.1 remote-as 300 SanJose(config-router)#network 192.168.0.0 SanJose(config-router)#network 192.168.1.0
BGP VerificationSanJose# show ip routeSanJose# show ip route bgpSanJose#show ip bgpSanJose #show ip bgp neighborsSanJose #show ip bgp summary
LAB 10: PPP Security configuration
37
Device Interface IP Address Subnet Mask D. Gateway
R1
S0/0/0 10.1.1.1 255.255.255.252 DCE
Fa0/0 192.168.10.1 255.255.255.0
R2
S0/0/0 10.1.1.2 255.255.255.252
S0/0/1 10.2.2.1 255.255.255.252 DCE
Fa0/0 192.168.20.1 255.255.255.0
R3
Fa0/0 192.168.30.1 255.255.255.250
S0/0/1 10.2.2.2 255.255.255.252
PC1 Nic 192.168.10.10 255.255.255.0 192.168.10.1
PC2 Nic 192.168.20.10 255.255.255.0 192.168.20.1
PC3 Nic 192.168.30.10 255.255.255.0 192.168.30.1
R1 Configuration
38
Router>
Router>en
Router#configure t
Router(config)#hostname R1
R1(config)#interface serial 0/0/0
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.10.1 255.255.255.252
R1(config-if)#no shutdown
R1(config-if)#exit
R2 ConfigurationRouter>enRouter#configure tRouter(config)#hostname R2R2(config)#interface fa0/0R2(config-if)#ip address 192.168.20.1 255.255.255.0R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface serial 0/0/0R2(config-if)#ip address 10.1.1.2 255.255.255.252R2(config-if)#no shutdown R2(config-if)#exitR2(config)#interface serial 0/0/1R2(config-if)#ip address 10.2.2.1 255.255.255.252R2(config-if)#clock rate 64000R2(config-if)#no shutdownR2(config-if)#exitR2(config)#
R3 configuration
39
Router>en
Router#config t
Router(config)#hostname R3
R3(config)#interface serial 0/0/1
R3(config-if)#ip address 10.2.2.2 255.255.255.252
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface fa0/0
R3(config-if)#ip address 192.168.30.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#
Routing Configuration for Router R1:
R1(config)#router ospf 1
R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
R1(config-router)#network 192.168.10.0 0.0.0.255 area 0
R1(config-router)#passive-interface FastEthernet0/0
R1(config-router)#end
Routing Configuration for Router R2:
R2(config)#router ospf 1
R2(config-router)#network 10.1.1.0 0.0.0.3 area 0
R2(config-router)#network 10.2.2.0 0.0.0.3 area 0
R2(config-router)#network 192.168.20.0 0.0.0.255 area 0
R2(config-router)#passive-interfacev FastEthernet0/0
R2(config-router)#end
Routing Configuration for Router R3:
R3(config)#router ospf 140
R3(config-router)#network 10.2.2.0 0.0.0.3 area 0
R3(config-router)#network 192.168.30.0 0.0.0.255 area 0
R3(config-router)#passive-interface FastEthernet0/0
R3(config-router)#end
Configure R1 to use PPP encapsulation with R2.
R1(config)#interface serial0/0/0 R1(config-if)#encapsulation ppp
Configure R2to use PPP encapsulation with R1 and R3.
R2(config)#interface serial0/0/0 R2(config-if)#encapsulation ppp
R2(config)#interface serial0/0/1 R2(config-if)#encapsulation ppp
Configure R3 to use PPP encapsulation with R2.
R3(config)#interface serial0/0/1 R3(config-if)#encapsulation ppp
Configure PPP CHAP authentication on the serial link between R2 and R3.
In PAP authentication, the password is not encrypted. CHAP encrypts the password.
R1 ConfigurationR1(config)#username R2 password cisco R1(config)#int s0/0/0R1(config-if)#ppp authentication chapR1(config-if)#exit
R2 ConfigurationR2(config)#username R1 password cisco
41
R2(config)#int s0/0/0R2(config-if)#ppp authentication chapR2(config-if)#exit R2(config)#username R3 password cisco R2(config)#int s0/0/1R2(config-if)#ppp authentication chapR2(config-if)#exit
R3 Configuration
R3(config)#username R2 password cisco R3(config)#int s0/0/1 R3(config-if)#ppp authentication chapR3(config-if)#exit
MINI PROJECT 1
42
Mini Project 2:
Network Migration Technologies
ScenarioConfigure EIGRP for full connectivity between all IPv4 subnets. Then you will
create a manual IPv6 tunnel and run OSPFv3 over it.
Configure a Manual IPv6 TunnelA tunnel is a logical interface that acts as a logical connection between two
endpoints. It is similar to a loopback interface in that there is no corresponding
physical interface, but it is different in that there is more than one router
involved. An IPv6 manual tunnel is a type of tunnel that has hard-coded source
and destination addresses, with an IPv6 address on the tunnel itself.
Mini Project 2:
43
Multi Area OSPF Configuration with TFTP and DHCP Servers
Requirements:
1. Verify connectivity within Devices and to the TFTP/DHCP server2.
Mini Project 3:
44
SNMP CONFIGURATION ON ROUTERS
Mini Project 4:45
Secure Remote Office configuration (VPN Configuration)
The “Site-to-Site and Extranet VPN Business Scenarios” links the corporate headquarters to a remote office using connections across the Internet.
The “Site-to-Site and Extranet VPN Business Scenarios” builds on the VPN scenario by linking the same corporate headquarters to a business partner using connections across the Internet; however, the business partner is given limited access to the headquarters network—the business partner can access only the headquarters public server.
The remote access VPN business scenario, “Remote Access VPN Business Scenarios” provides a remote user access to the corporate headquarters network through a secure IPSec, PPTP, or L2TP tunnel that is initiated by the remote user running VPN client software on a PC. In this scenario, the user can access the corporate network remotely.
AssumptionsFor Network Design make the following assumptions:
You are configuring a service provider transparent VPN, whereby the tunnel endpoints are outside of the service provider network (on the headquarters and remote site routers).
You are configuring your VPN based on IP, a routing mechanism, cryptography, and tunneling technologies, such as IPSec and GRE.
46