Ccna Lab Updated

Cisco Certified Network Associate
Lab Manual
Student Name:
Faculty Name:
Batch:
Branch:
www.netrich.co.in 1
Serial No. Description of Practical Page No.
Lab 1 Cisco Router Initial Configuration (IOS Commands) 5
Lab 2 WAN Interface Configuration 20
Lab 3 Static Routing 24
Lab 4 RIP 30
Lab 5 EIGRP
Lab 6 OSPF
Lab 7 Standard Access Control List
Lab 8 Extended Access Control List
Lab 9 CDP, Backup & Password Recovery
Lab 10 VLAN, Trunking & VTP
Lab 11 Inter-VLAN Routing
Lab 12 Switch Port Security & Verify Spanning Tree Protocol
Lab 13 Network Address Translation (NAT)
www.netrich.co.in 2
Lab – 1
Cisco Router Initial Configuration
Connect the Console cable from the Console port of the Router to the COM port of the PC and setup the Hyper-
terminal.
Follow these steps to configure Hyper Terminal.

Click “Start”
www.netrich.co.in 3
Click on “Programs”
Click on “Accessories” then select “Communications” then select “Hyperterminal”
www.netrich.co.in 4
Hyperterminal will open a dialog box, give a name (user defined)
Select a “COM” port,
www.netrich.co.in 5
Click on “Restore Defaults”
Default Values are:

Bits Per Second : 9600
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: none
www.netrich.co.in 6
Once HyperTerminal is ready, now turn on the Router.
After the Router boots-up completely, (on a new Cisco Router) it displays the following question:
--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:
If you choose “Yes”, IOS will prompt Questions to gather the information to configure the Router, it is
recommended to choose “no”, since we can configure the Router using IOS commands.
www.netrich.co.in 7
Telnet
Once the router is configured through Console, later it can be configured using Telnet. Telnet is a
remote Command Line Interface (CLI) administration tool, available by default on Windows and Linux
systems.
Click on “Start” and click on “Run”
In the “Run” window, type “Telnet <IP of Default Gateway>”
www.netrich.co.in 8
To Configure Cisco Router, we use IOS Commands. There are different IOS modes
depending on the configuration: the following are the IOS modes
1. User Mode:
This is the first mode user interacts with the IOS.

Router>
Router is the default hostname and can be changed, ‘>’ symbol implies “User Mode”, it is a restricted
mode. Supports few basic commands
2. Privilege Mode
To switch from ‘User mode’ to ‘privilege mode’, the following command needs to be given:
Router> enable
On a new Router, you will see the following prompt:
Router#
The ‘#’ symbol represents Privilege Mode, all Show, Copy, Debug and other commands can be used.
3. Global Configuration Mode
This is the most important mode, all the Router configurations start from this mode.
To switch to “Configuration Mode”, use the following command in Privilege mode:
Router# Configure terminal
Router(config)#
From this mode you can start the Router configuration like changing the Router host name, enable
passwords, Routing protocols, Access Lists, enabling Telnet etc.,
4. Interface Configuration Mode
This mode is used to change configuration of a specific interface:

Router(config)# interface <type> <no>
Router(config-if)#
Types of interface are “Ethernet” or “FastEthernet” or “Serial”.

<no> is 0, 1, 2 and so on (interface number start from 0).
For Modular Routers the format of port numbers is <module/port> Ex: 0/0 or 0/1 or 1/0 etc.
www.netrich.co.in 9
5. Line Configuration Mode
This mode is used to change Telnet, Console & Auxiliary configuration.
Note: Following passwords should be used in lab: keygroups, cisco, or ccna
a. Telnet
To enable Telnet configure the following:
Router(config)# line vty 0 4

Router(config-line)# password <pwd>
Router(config-line)# login
Vty is virtual terminal, it enables 5 simultaneous Telnet sessions.
<pwd> is a user defined password
b. Console port
By default there is no authentication for Console access, to setup password for console:
Router(config)# line console 0
c. Auxiliary port
To enable authentication for remote administration.

Router(config)# line aux 0
Configuring Enable passwords

By default there is no Privilege password, hence it is recommended to enable it. There are two types of
passwords:
Enable password – this password is clear text (visible in the configuration)
Router(config)# enable password <pwd>
Enable secret – this password is encrypted (visible in encrypted form)
Router(config)# enable secret <pwd>
If both passwords are configured, enable secret gets priority.
To exit from any mode to the previous mode use “exit” command
To exit from any mode to privilege mode use “end” command
To exit from any mode to privilege mode use “ctrl + z” command
www.netrich.co.in 10
To view the configuration, use the following “show” commands: all “show” commands can be used only from
the ‘privilege mode’.
Router# show running-config

Displays the current configuration from RAM.
Router# show startup-config

Displays the configuration from NVRAM.
Other important “show” commands:

Router# show version
Router# show flash
Saving the configuration on the Router:

Router# copy running-config startup-config
Once the new Cisco Router is configured using the Console, we can access Router via Telnet (Vty)
The Router can be configured via Console or Telnet, both give same results. In large networks it is recommended
to use Telnet for easier Administration.
How to connect to the Router using Telnet?

Start Run Telnet 192.168.1.1 OK
Where 192.168.1.1 is IP address of the Router (default gateway)
Using IOS context sensitive help (?)
The ? provides context sensitive help, it provides the command syntax or the commands
supported in the various IOS modes.
Example 1:
Router> ?
Exec commands:
<1-99> Session number to resume

access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
--More--
Example 2:
Router(config)# interface ?
Async Async interface
BVI Bridge-Group Virtual Interface
Dialer Dialer interface
Ethernet IEEE 802.3
Group-Async Async Group interface
Loopback Loopback interface
Multilink Multilink-group interface
Null Null interface
Serial Serial
Tunnel Tunnel interface
Similarly the context sensitive help can be used in all IOS modes and commands.
Command line editing:
• Ctrl + a -> to beginning of the command
• Ctrl + e -> to end of the command
• Esc + b -> back by one word
• Esc + f -> forward by one word
• Tab -> for command completion
Initial Configuration - Example
User mode:
Router >
Router > enable
Privilage Mode:
Router #
Show commands:
Router # show running-config
Router # show startup-config
Router # show version
Router # show flash
Moving to Global configuration mode:

Router # configure terminal
Router(config) #
Assigning Hostname to Router

Router(config) # hostname Hyderabad
Assigning IP address to Ethernet interface:

Hyderabad (config) # interface Ethernet 0
Hyderabad (config-if) # ip address 192.168.1.1 255.255.255.0 <check the IP of your Default Gateway>
Hyderabad (config-if) # no shutdown
Hyderabad (config-if) # exit
Assigning Telnet password:

Hyderabad (config) # line vty 0 4
Hyderabad (config-line) # password cisco
Hyderabad (config-line) # login
Hyderabad (config-line) #exit
Assigning console password:

Hyderabad (config) # line con 0
Hyderabad (config-line) # password ccna
Hyderabad (config-line) # exit
Assigning Auxiliary password:
Hyderabad (config) # line aux 0
Hyderabad (config-line) # password cisco
Hyderabad (config-line) # exit
Assigning enable password:

Hyderabad (config) # enable password cisco
Hyderabad (config) # enable secret cisco
Hyderabad (config) # exit
Checking the Changes in running-config

Hyderabad # show running-config
Hyderabad # show startup-config
Commands to save the configuration:

Hyderabad # copy running-config startup-config
( OR )
Hyderabad # write memory
( OR )
Hyderabad # wr
Checking the startup-config:

Hyderabad # show startup-config
Show commands output verification:
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.0(9), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 24-Jan-00 22:33 by bettyl
Image text-base: 0x80008088, data-base: 0x805FF878
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Router uptime is 46 minutes

System restarted by reload
System image file is "flash:c2600-i-mz_120-9.bin"
cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory.
Processor board ID JAD041806FJ (1957657516)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Router#show flash
System flash directory:

File Length Name/status
1 3420472 c2600-i-mz_120-9.bin
[3420536 bytes used, 4968072 available, 8388608 total]
8192K bytes of processor board System flash (Read/Write)
Hyderabad#show running-config
Building configuration...
Current configuration:
!
version 12.0
no service password-encryption
!
hostname Hyderabad
!
no logging console
enable secret 5 $1$lQzR$veVuUBtwlXP2T0pUUTuvC0
enable password cisco
!
memory-size iomem 15
ip subnet-zero
no ip domain-lookup
!
interface Ethernet0/0
ip address 10.0.0.1 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
!
interface Serial0/0
no ip address
shutdown
!
interface Serial0/1
no ip address
shutdown
!
ip classless
!
!
line con 0
password ccna
login
line aux 0
password cisco
login
line vty 0 4
password key123
login
!
end
Check if you have completed the following labs:
1. Establish Telnet session to the Router
2. Configure hostname to router.
3. Configuring Ethernet interface of the Router
4. Password protection to the Telnet session
5. Password protection to the Console session
6. Password protection to the Auxiliary session
7. Setting up privilege mode Password.
8. Display the contents of Running-Configuration
9. Display the contents of Startup-configuration
10. Saving the Configuration
Important Note
Please don’t forget to fill in the Lab Completion Report after the lab and take the signature of the lab coordinator as Course completion
certificate will not be issued otherwise.
Lab – 2
WAN Interface Configuration
The first step to establish the WAN connection is to configure the Serial (WAN) interface.
By default the serial interface on the Router does not have IP address, encapsulation is HDLC and the interface
is in Shutdown state.
Check for DTE or DCE interface, so that the clock rate can be configured on the DCE interface.
Router# show controllers serial <no>
The following are the commands to assign IP, encapsulation & enable the serial port:
Router(config)# interface serial <no>
Router(config-if)# ip address <ip> <mask>
Router(config-if)# encapsulation <ppp> or <hdlc>
Router(config-if)# clockrate <bandwidth>
Router(config-if)# no shutdown
To verify the status of the serial interface after configuration use the following command:
Router# show interface serial <no>

From the output, the first line indicates the status of the serial interface, there are 4 different states:
1. Serial 0/0 is up , line protocol is up
(Connectivity and configuration is fine)
2. Serial 0/0 is administratively down, line protocol is down
(No Shutdown has to be given on the local router serial interface)
3. Serial 0/0 is up, line protocol is down
(Encapsulation mismatch or clock rate has not been given on DCE interface)
4. Serial 0/0 is down, line protocol is down
(Problem with the link or ‘no shutdown’ has not been given on the remote router)
WAN INTERFACE CONFIGURATION - Example:
172.16.0.1/16 172.17.0.1/16
S0 S0
HYD S1
172.16.0.2/16 CHE S1
BAN
E0 172.17.0.2/16
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24
ON HYD:
ON CHE:
HYD # configure terminal ON BAN:
CHE# configure terminal HYD (config) # interface serial 1
CHE(config)# interface serial 0 HYD(config-if)#ip address 172.16.0.2 BAN# configure terminal
CHE(config-if)# ip address 172.16.0.1 255.255.0.0 BAN(config)#interface serial 1
255.255.0.0 HYD(config-if)#no shutdown BAN(config-if)#ip address 172.17.0.2
CHE(config-if)# no shutdown HYD(config-if)#clock rate 64000 255.255.0.0
CHE(config-if)# encapsulation hdlc HYD(config-if)#encapsulation hdlc BAN(config-if)#no shutdown
CHE(config-if)# exit HYD(config-if)#^z BAN(config-if)#encapsulation hdlc
CHE(config)# exit HYD# configure terminal BAN(config-if)#^Z
HYD(config) #interface serial 0
HYD(config-if)#ip address 172.17.0.1
255.255.0.0
Fill the Blanks before Starting your configuration
HYD(config-if)#no shutdown
HYD(config-if)#encapsulation hdlc
HYD(config-if)#clock rate 64000 19
HYD(config-if)#^Z
Router Name:_________________
ROUTER # configure terminal

ROUTER (config) # interface serial _____
ROUTER (config-if) # ip address ___________________ ___________________
ROUTER (config-if) # no shutdown
ROUTER (config-if) # clock rate 64000 <to be configured if your serial interface is DCE>
ROUTER (config-if) # encapsulation hdlc
ROUTER (config-if) # exit
ROUTER (config) # interface serial _____
ROUTER (config-if) # ip address ___________________ ___________________
ROUTER (config-if) # clock rate 64000 <to be configured if your serial interface is DCE>
20
WAN configuration output verification:
hyderabad#show interface serial 0/1

Serial1/0 is up, line protocol is up
Hardware is M4T
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
CRC checking enabled
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
4 packets output, 96 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
www.keygroups.in 21
Lab-3
Configure Static Routing
To configure static routing use the following syntax:
Router# configure terminal

Router(config)# ip route <Dest N/W ID> <Dest subnet mask> {<Next hop ip address> or
<Exit Interface type><No.>}
Dest N/W ID: destination network ID of the remote network

Dest subnet mask: subnet mask of the remote network
Next hop ip address: next router interface ip address
Exit interface type & Number: outgoing interface type and number to be used to forward packet to the
destination network
View the routing table for verification of static route
Router# show ip route
www.keygroups.in 22
STATIC ROUTING - Example
Configure Static Route to allow LAN of Chennai to communicate with LAN of Hyderabad and vice-versa:
172.16.0.1/16
S0
HYD S1
172.16.0.2/16 CHE
E0 BAN
E0
192.168.1.1/24 10.0.0.1/8
LAN - 192.168.1.0/24 LAN – 10.0.0.0/8
ON CHE : ON HYD :
CHE # configure terminal HYD # configure terminal

CHE(config) # ip routing HYD(config) # ip routing
CHE(config) # ip route 10.0.0.0 255.0.0.0 S0 HYD(config) # ip route 192.168.1.0 255.255.255.0 172.16.0.1
Show commands: Debug commands:

ROUTER # show ip route ROUTER # debug ip routing
ROUTER # debug ip packet
26
STATIC ROUTING - Example
Configure Static Route to allow LAN of Chennai & Bangalore to communicate with Hyderabad and vice-versa:
172.16.0.1/16 172.17.0.1/16
S0 S0
HYD S1
172.16.0.2/16 CHE S1
BAN
E0 172.17.0.2/16
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24
26
ON CHE : ON HYD : ON BAN:
CHE # configure terminal HYD # configure terminal BAN # configure terminal

CHE(config) # ip routing HYD(config) # ip routing BAN(config) # ip routing
CHE(config) # ip route 10.0.0.0 255.0.0.0 172.16.0.2 HYD(config) # ip route 192.168.1.0 255.255.255.0 BAN(config) # ip route 10.0.0.0 255.0.0.0 S1
CHE(config) # ip route 192.168.2.0 255.255.255.0 172.16.0.1 BAN(config) # ip route 192.168.1.0 255.255.255.0 S1
172.16.0.2 HYD(config) # ip route 192.168.2.0 255.255.255.0 BAN(config) # ip route 172.16.0.0 255.255.0.0 S1
CHE(config) # ip route 172.17.0.0 255.255.0.0 172.17.0.2
172.16.0.2
Show commands:
Fill the Blanks before Starting your
configuration
ROUTER # show ip route
Router Name:_________________
ROUTER # configure terminal
ROUTER(config) #
ROUTER(config) # ip routing
ROUTER(config) # ip route _________________ ___________________ _________
26
Hyderabad# show ip route
Default gateway is not set
Host Gateway Last Use Total Uses Interface

ICMP redirect cache is empty
The above output implies that IP Routing process is disabled. To enable IP Routing use the following command
in Global Configuration Mode:
Router(Config)# ip routing
Hyderabad#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 172.16.0.0/16 is directly connected, Serial0/1

C 10.0.0.0/8 is directly connected, Ethernet0/1
S 192.168.1.0/24 [1/0] via 172.16.0.1
S 192.168.2.0/24 [1/0] via 172.17.0.2
“C" represents that the IP Network was learnt through the local Routers Interface.
“S” represents that the IP Network was learnt through the Static route.
www.keygroups.in 30
Default Routing - Example
172.16.0.1
S0
CHE
E0
192.168.1.1
ON CHE :
CHE # configure terminal

CHE(config) # ip routing
CHE(config) # ip route 0.0.0.0 0.0.0.0 serial 0
Show commands:
ROUTER # show ip route
Router Name:_________________
ROUTER(config) # ip route 0.0.0.0 0.0.0.0 _____ ____
www.keygroups.in 30
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP

S* 0.0.0.0/0 is directly connected, Serial0/1
“S*” represents Static Default route
Check if you have completed the following labs
1. Assign the IP address and make the serial interface
administratively up.
2. Understanding the importance of extended ping command.
3. Understanding the importance of debug IP packet command.
4. Understanding the IP Routing table.
5. Configure Static route using the next hop address.
6. Configure Static route using the exit interface.
7. Configure a Static Default route.
www.keygroups.in 30
Lab-4
Configure RIP Routing Protocol
To configure RIP on the router, go to the configuration mode
Enable Rip by giving the following command

Router(config)# router rip
Ones you are in the router configuration mode advertise your directly connected networks by using the
network command
Router(config-router)# network <network ID>
To verify the output:

To verify the RIP updates sent and received, use the following command :
Router# debug ip rip
To see the output on the telnet session:

Router# terminal monitor
To verify which dynamic routing protocols are configured and their properties give the following command
Router#show ip protocols
Configure RIP version 2
To configure RIP version 2, give the following command

Router(config)# router rip
Router(config-router)# version 2
Router(config-router)# network <Network ID>
www.keygroups.in 30
RIP - Example:
172.16.0.1/16 172.17.0.1/16
S0 S0
HYD S1
172.16.0.2/16 CHE S1
BAN
E0 172.17.0.2/16
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24
ON CHE: ON HYD : ON BAN:

CHE# configure terminal HYD # config terminal BAN # config terminal
CHE(config)#ip routing HYD(config) # ip routing BAN(config) # ip routing
CHE(config)#router rip HYD(config) # router rip BAN(config) # router rip
CHE(config-router)# network 192.168.1.0 HYD(config-router) # network 10.0.0.0 0 BAN(config-router) # network 192.168.2.0
CHE(config-router) # network 172.16.0.0 HYD(config-router) # network 172.16.0.0 BAN(config-router) # network 172.17.0.0
CHE(config-router) #^z HYD(config-router) # network 172.17.0.0 BAN(config-router) # ^z
CHE# HYD(config-router) # ^z BAN#
HYD#
HYD # show ip route HYD # debug ip rip

HYD # show ip protocol HYD# terminal monitor 21
HYD# undebug all (to turnoff debugging)
Fill the Blanks before Starting your configuration
Router Name:_________________ ROUTER(config) # ip routing

ROUTER # configure terminal ROUTER(config) # router rip
ROUTER (config) # interface serial 0 ROUTER(config-router) # network ________________
ROUTER (config-if) # ip address ____________ ___________ ROUTER(config-router) # network ________________
ROUTER (config-if) # no shutdown ROUTER(config-router) # network________________
ROUTER (config-if) # clock rate 64000 ROUTER(config-router) # ^z
ROUTER (config-if) # encapsulation hdlc ROUTER#
ROUTER (config) # interface serial 1
ROUTER (config-if) # ip address ____________ ___________
ROUTER (config-if) # clock rate 64000
ROUTER(config) #
22
RIP output verification:
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

R 192.168.1.0/24 [120/1] via 172.16.0.1, 00:00:04, Serial0/1
R 192.168.2.0/24 [120/1] via 172.17.0.2, 00:00:16, Serial0/0
“R” represents RIP learnt Route, “120“ is the Administrative distance and “1” is the metric (Hop
count), IP network was learnt through RIP.
1. Enabling RIP Protocol process on the respective networks
2. Understanding the RIP protocol routes in the routing table
3. Understanding the RIP updates using debug IP RIP command
4. Check the Administrative Distance usage with RIP and Static
www.keygroups.in 23
Lab -5
Configure EIGRP Routing protocol
To configure EIGRP routing protocol
Use the following command in configuration mode.

Router(config)#router eigrp <autonomous system no>
The Autonomous system number is between 1 – 65535
To Advertised directly connected network use following command.

Router(config-router)# network <network ID>
To see the output use following command
To see the directly connected neighbors of EIGRP give the command

Router# show ip eigrp neighbors
To see the topology table of EIGRP give the command

Router# show ip eigrp topology
To see the routing table the command is

www.keygroups.in 24
EIGRP – Example:
172.16.0.1/16 172.17.0.1/16
S0 S0
HYD S1
172.16.0.2/16 CHE S1
BAN
E0 172.17.0.2/16
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24
ON CHE: ON HYD: ON BAN:

CHE(config) # router eigrp 10 HYD(config) # router eigrp 10 BAN(config) # router eigrp 10
CHE(config-router)# network 192.168.1.0 HYD(config-router)#network 10.0.0.0 BAN(config-router)#network 192.168.2.0
CHE(config-router)# network 172.16.0.0 HYD(config-router)#network 172.16.0.0 BAN(config-router)#network 172.17.0.0
CHE(config-router)# exit HYD(config-router)#network 172.17.0.0 BAN(config-router)#exit
CHE(config) # exit HYD(config-router)#exit BAN(config)#exit
HYD(config) # exit
Show commands: Show commands:
HYD # show ip route HYD # show ip eigrp topology

HYD # show ip protocols HYD # show ip eigrp neighbor
HYD # show ip eigrp
25 neighbor detail
Fill the Blanks before Starting the configuration
Router Name:_________________
ROUTER(config) #
ROUTER # configure terminal ROUTER(config) # ip routing
ROUTER (config) # interface serial 0 ROUTER(config) # router eigrp _______
ROUTER (config-if) # ip address ___________ ____________ ROUTER(config-router) # network ________________
ROUTER (config-if) # no shutdown ROUTER(config-router) # network ________________
ROUTER (config-if) # clock rate 64000 ROUTER(config-router) # network________________
ROUTER (config-if) # encapsulation hdlc ROUTER(config-router) # ^z
ROUTER (config-if) # exit ROUTER#
ROUTER (config-if) # ip address ___________ ____________
26
EIGRP output verification
hyderabad#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

C 10.0.0.0/8 is directly connected, Loopback0
D 192.168.1.0/24 [90/2195456] via 172.16.0.1, 00:00:06, Serial0/1
D 192.168.2.0/24 [90/2195456] via 172.17.0.2, 00:00:06, Serial0/0
hyderabad#show ip eigrp topology

IP-EIGRP Topology Table for AS(10)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status
P 10.0.0.0/8, 1 successors, FD is 281600

via Connected, Ethernet0/0
via 172.16.0.1 (2195456/281600), Serial0/1
via 172.17.0.2 (2195456/281600), Serial0/0
via Connected, Serial0/1
via Connected, Serial0/0
hyderabad#show ip eigrp neighbors

IP-EIGRP neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.17.0.2 Se0/0 11 00:05:15 207 1242 0 9
0 172.16.0.1 Se0/1 10 00:09:41 202 1212 0 10
www.keygroups.in 27
1. Configuration of EIGRP
2. Verify Neighbor table
3. Verify topology table (FD/AD)
4. Verify the routing table
www.keygroups.in 28
Lab - 6
Configure OSPF Routing protocol
To configure OSPF routing protocol
Use the following command in configuration mode.
Router(config)#router ospf <process id>
To advertise directly connected network command is

Router(config-router)# network <network ID> <wildcard mask> area <area no>
To see the output use following commands
To see the directly connected neighbors and DR/BDR of OSPF give the command
Router#show ip ospf neighbour
To see the database table of ospf give the command

Router#show ip ospf database
To see the routing table give the following command

Router#show ip route
www.keygroups.in 29
OSPF – Example:
AREA 0
172.16.0.1/16 172.17.0.1/16
S0 S0
HYD S1
172.16.0.2/16 CHE
CHE S1 BAN
E0 172.17.0.2/16 BAN
E0 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24

CHE(config) # router ospf 5 HYD(config) # router ospf 3 BAN(config) # router ospf 3
CHE(config-router)#network 192.168.1.0 0.0.0.255 area 0 HYD(config-router)# network 10.0.0.0 0.255.255.255 area 0 BAN(config-router)#network 192.168.2.0 0.0.0.255 area 0
CHE(config-router)#network 172.16.0.0 0.0.255.255 area 0 HYD(config-router)# network 172.16.0.0 0.0.255.255 area 0 BAN(config-router)#network 172.17.0.0 0.0.255.255 area 0
CHE(config-router) #^z HYD(config-router)# network 172.17.0.0 0.0.255.255 area 0 BAN(config-router)#^z
CHE# HYD(config-router)# ^z BAN#
HYD #
Router # show ip route Router # debug ip ospf adj

Router # show ip ospf database Router # debug ip ospf packet
Router # show ip ospf neighbors Router # debug ip ospf event
30
Fill in the Blanks before starting the configuration
Router Name:_________________
ROUTER(config) #
ROUTER # configure terminal ROUTER(config) # router OSPF ____
ROUTER (config) # interface serial 0 ROUTER(config-router) # network _________ _______ area _____
ROUTER (config-if) # ip address ______________ _________ ROUTER(config-router) # network _________ _______ area _____
ROUTER (config-if) # no shutdown ROUTER(config-router) # network _________ _______ area _____
ROUTER (config-if) # clock rate 64000 ROUTER(config-router) # ^z
ROUTER (config-if) # encapsulation hdlc ROUTER#
ROUTER (config-if) # ip address ______________ _________
31
www.keygroups 31
OSPF output verification:
www.keygroups 31
www.keygroups 31
www.keygroups 31
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
O 192.168.1.0/24 [110/74] via 172.16.0.1, 00:00:23, Serial0/1
www.keygroups 31
O 192.168.2.0/24 [110/74] via 172.17.0.2, 00:00:23, Serial0/0
www.keygroups 31
www.keygroups 31
hyderabad#show ip ospf neighbor
www.keygroups 31
www.keygroups 31
Neighbor ID Pri State Dead Time Address Interface
www.keygroups 31
192.168.1.1 0 FULL/ - 00:00:31 172.16.0.1 Serial0/1
www.keygroups 31
192.168.2.1 0 FULL/ - 00:00:34 172.17.0.2 Serial0/0
www.keygroups 31
www.keygroups 31
www.keygroups 31
hyderabad#show ip ospf database
www.keygroups 31
www.keygroups 31
OSPF Router with ID (172.17.0.1) (Process ID 3)
www.keygroups 31
www.keygroups 31
Router Link States (Area 0)
www.keygroups 31
www.keygroups 31
Link ID ADV Router Age Seq# Checksum Link count
www.keygroups 31
172.17.0.1 172.17.0.1 67 0x80000003 0x0023DE 5
www.keygroups 31
192.168.1.1 192.168.1.1 88 0x80000002 0x007456 3
www.keygroups 31
192.168.2.1 192.168.2.1 68 0x80000002 0x00BD07 3
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
1. Configuration of OSPF
www.keygroups 31
2. Automatic selection of router-id
www.keygroups 31
3. Debugging and understanding the functioning of hello packet
www.keygroups 31
4. Debugging and understanding the adjacency formation
www.keygroups 31
5. Verification of OSPF database
www.keygroups 31
6. Verification of OSPF Neighbor table
www.keygroups 31
7. Election of DR/BDR
www.keygroups 31
www.keygroups 31
www.keygroups 31
Lab - 7
www.keygroups 31
ACCESS CONTROL LIST:
www.keygroups 31
www.keygroups 31
There are two types of Access Control Lists
www.keygroups 31
www.keygroups 31
Syntax for configuring Standard ACL is as Follows
www.keygroups 31
Router(config)# access-list <No> permit/deny <source ip> <source wildcard mask>
www.keygroups 31
www.keygroups 31
www.keygroups 31
To implement ACL in Interface
www.keygroups 31
www.keygroups 31
Router(config-if)# ip access-group <no> in/out
www.keygroups 31
www.keygroups 31
www.keygroups 31
To verify the output
www.keygroups 31
Router# show ip access-list
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
Syntax for configuring Extended ACL is as Follows
www.keygroups 31
Router(config)# access-list <No> permit/deny <protocol> <source ip> <source wildcard mask>
www.keygroups 31
<destination ip> <destination wildcard mask> [operator] [port No.]
www.keygroups 31
www.keygroups 31
www.keygroups 31
To implement ACL in Interface
www.keygroups 31
www.keygroups 31
Router(config-if)# ip access-group <no> in/out
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
www.keygroups 31
Router# show ip access-list
www.keygroups 31
www.keygroups 31
www.keygroups 31
STANDARD ACCESS-LIST - Example:
172.16.0.1/16 172.17.0.1/16
S0 S0
HYD S1
172.16.0.2/16 CHE S1
BAN
E0 E0 172.17.0.2/16
E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24

SCENARIO 1: SCENARIO 2: SCENARIO 3:
Only 192.168.2.0 should communicate with 192.168.1.0
Configuration of an access-list on HYD that administrative Configuration of an standard access-list on Bangalore Ethernet
access through Telnet is possible only from 10.0.0.10 0 in the outbound direction denying 10.0.0.10
CHE # configure terminal
CHE (config) # access-list 1 permit 192.168.2.0 0.0.0.255 HYD # configure terminal BAN (config) # access-list 1 deny 10.0.0.10 0.0.0.0
CHE (config) # int e0 HYD (config) # access-list 1 permit 10.0.0.10 0.0.0.0 BAN (config)#access-list 1 permit any
CHE (config-if) # ip access-group 1 out HYD (config) # line vty 0 4 BAN (config)#interface Ethernet 0
CHE (config-if) # exit HYD (config-line) # access-class 1 in BAN (config-if) # ip access-group 1 out
CHE (config) # exit HYD (config-line) # exit BAN (config-if) # exit
HYD (config) # exit BAN (config) # exit
CHE # show ip access-list
Note: Use the command prompt of a PC try to ping the filtered
ip address
EXTENDED ACCESS-LIST - Example:
172.16.0.1/16 172.17.0.1/16
S0 S0
HYD S1
172.16.0.2/16 CHE S1
BAN
E0 E0 172.17.0.2/16 E0
192.168.1.1/24 10.0.0.1/8
192.168.2.1/24
LAN - 192.168.1.0/24 LAN – 10.0.0.0/8 LAN - 192.168.2.0/24
SCENARIO :2 SCENARIO :1 SCENARIO :3
Condition: Condition: Condition:

deny PING (Echo) from Bang LAN to Chen LAN Allow only FTP service from Bang LAN Deny HTTP from Chen LAN to Bang LAN.
permit all other services. Permit all other services from any network.
On HYD: On BAN:
On CHE:
HYD#configure terminal BAN#configure terminal
CHE#configure terminal HYD (config)# access-list 101 permit tcp 192.168.2.0 BAN (config)#access-list 111 deny tcp 192.168.1.0
CHE (config)#access-list 110 deny icmp 192.168.2.0 0.0.0.255 10.0.0.0 0.255.255.255 eq ftp 0.0.0.255 192.168.2.0 0.0.0.255 eq 80
0.0.0.255 192.168.1.0 0.0.0.255 echo HYD (config)#interface ethernet 0 BAN (config)#access-list 111 permit ip any any
CHE (config)#access-list 110 permit ip any any HYD (config-if)#ip access-group 101 out BAN (config)#interface serial 1
CHE (config)#interface serial 0 HYD (config-if)#exit BAN (config-if)#ip access-group 111 in
CHE (config-if)#ip access-group 110 in HYD (config)# BAN (config-if)^z
CHE (config-if)^z
CHE # show ip access-list HYD # show ip access-list BAN # show ip access-list
33
Access Control Verification:
Hyderabad#show ip access-list
Standard IP access list 1
permit 10.0.0.10
Hyderabad#show ip access-list
Extended IP access list 101
permit tcp 192.168.2.0 0.0.0.255 host 10.0.0.10 eq ftp
1. Configure any routing protocol (e.g. RIP) & check the

communication
2. Configure Standard access-list on CHE Ethernet 0 in the out

bound direction, permitting only 192.168.2.0
3. Configure an access-list on HYD that administrative access

through Telnet is possible only from 10.0.0Configure an access-
list on BAN Ethernet 0 in the outbound direction, denying
10.0.0.10 host only
4. Configuration an access-list on CHE serial 0 in the inbound

direction, deny ping request from 192.168.2.0 to 192.168.1.0 and
permitting any other services.
5. Configuration of an extended access-list on HYD Ethernet 0 in the

outbound direction permitting only FTP service from the network
192.168.2.0 to 10.0.0.10
6. Configuration of an extended access-list on BAN serial 1 in

inbound direction denying HTTP from 192.168.1.0 to 192.168.2.0
and permitting other traffic from any network to 192.168.2.0
network.
www.keygroups.in 34
LAB 9:
CDP Cisco Discovery Protocol
CDP is enabled by default on all Cisco devices. It is used for troubleshooting connectivity between Cisco devices.
To check the output of Cisco discovery protocol(cdp) give the following command.
This command will show the timer of cdp hello and the holddown interval
Router#show cdp
This command will show the brief information of the directly connected Cisco devices
Like hostname, interface to which it is connected, the model of the device etc
Router#show cdp neighbour
This command will show detail information of the directly connected Cisco devices
Like- Ip address Ios version, platform of the remote device etc
Router#show cdp neighbour detail
LAB 9.a
IOS Backup
For taking the backup of the IOS and the configuration file backup like the Running configuration and the
startup configuration
First install the TFTP server software in any of the PC in the network and at the time of the backup the software
should be running on the PC where it is installed.
Login to the router
Go to the privilege mode
To take the backup of the statup configuration give the command

Router#copy startup-config tftp
To take the backup of the IOS give the command

Router#copy flash tftp
To see where the files have been backed up go to the tftp server the files are stored in the directory ie
C:\Program Files\Cisco Systems\Cisco TFTP Server
www.keygroups.in 35
LAB - 10
Password Recovery
The following steps required to reset the password of Cisco Router.

The procedure for Fixed & Modular Router is slightly different.
Step1:
Connect the console port of Router to com port of pc.
Step2:
Configure the hyper terminal software for console communication (see steps as shown in Initial configuration)
Step3:
Power on the router (if already power on restart it by power button).
Step4:
Press “Ctrl + Break” within 60 sec after power on.
Step5:
Router will enter Rom monitor mode.
ROMMON 1>
or
>
Step6:
For fixed router, use the following commands:
>o/r 0x2142
>i
For modular router, use the following ROM MON commands:

ROMMON 1>confreg 0x2142
ROMMON 2>reset
Configure Register Value 0x2142 will skip executing the startup configuration from nvram during
bootup.
www.keygroups.in 36
Step7:
After the router boots up,
Would you like to enter the initial configuration dialog? [yes/no]: no
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]? <Just Press Enter Key>
Old configuration file which has the password is enabled:

Since we are already in the privilege mode, we can setup a new privilege password.
Hyderabad#
Hyderabad#configure terminal
Hyderabad(config)#enable secret ccna
Hyderabad(config)#line vty 0 4
Hyderabad(config-line)#password ccna
Hyderabad(config-line)#line console 0
Hyderabad(config-line)#password ccna
Hyderabad(config-line)#exit
Reset the configuration register back to the default:
Hyderabad(config)#config-register 0x2102
Enable the Ethernet interface:

Hyderabad(config)#interface ethernet 0/0
Hyderabad(config-if)#no shutdown
Hyderabad(config-if)#^Z
Save the new password in NVRAM and restart the router:

Hyderabad#copy running-config startup-config
Hyderabad#reload
www.keygroups.in 37
Lab 11
VLAN’S AND TRUNKING
To Create a VLAN on a Switch
VLAN Creation:
Switch(config)# vlan <VLAN No.>
Switch(config-vlan)# name <name>
Assigning VLAN membership to the ports:

Switch(config) # interface <type> <No.>
Switch(config-if) # switchport mode access
Switch(config-if) # switchport access vlan <VLAN No.>
Switch(config-if) # exit
To configure a trunk link on interface

TRUNKING:
Switch(config-if) # switchport mode trunk
Switch(config-if) # switchport trunk allowed vlan all
VLAN Trunking Protocol:

To configure VTP on Switch
Switch(config) # vtp domain <name>
Switch(config) # vtp mode server / client / transparent
Switch(config) # vtp password <password>
Switch(config) # vtp pruning
www.keygroups.in 38
Lab - 11
VLAN
ON 192.168.20.50 ON 192.168.20.51
VLAN CREATION: VLAN CREATION:
2950(config) # vlan 10 2950(config) # vlan 10
2950(config-vlan) # name sales 2950(config-vlan) # name sales
2950(config) # vlan 20 2950(config) # vlan 20
2950(config-vlan) # name mkt 2950(config-vlan) # name mkt
Assigning membership to ports: Assigning membership to ports:
2950(config) # interface fa0/2 2950(config) # interface fa0/14

2950(config-if) # switchport mode access 2950(config-if) # switchport mode access
2950(config-if) # switchport access vlan 10 2950(config-if) # switchport access vlan 10
2950(config-if) # exit 2950(config-if) # exit
2950(config)# interface fa0/4 2950(config)# interface fa0/17
2950(config-if) # switchport mode access 2950(config-if) # switchport mode access
2950(config-if)# switchport access vlan 20 2950(config-if)# switchport access vlan 20
TRUNKING: TRUNKING:
2950 # config terminal 2950 # config terminal

2950(config) # interface fa0/24 2950(config) # interface fa0/24
2950(config-if) # switchport mode trunk 2950(config-if) # switchport mode trunk
2950(config-if) # switchport trunk 2950(config-if) # switchport trunk
allowed vlan all allowed vlan all
2950(config-if) # ^Z 2950(config-if) # ^Z
Verify and troubleshooting: Verify and troubleshooting:
2950 #show mac-address-table 2950 #show mac-address-table

2950 #show vlan 2950 #show vlan
2950 #show interface status 2950 #show interface status
2950 #show interface trunk 2950 #show interface trunk
www.keygroups.in 39
VLAN output verification
SWITCH-50#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 000d.28f0.63c0 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 0002.169c.0ba1 DYNAMIC Fa0/1
1 0002.b945.ea80 DYNAMIC Fa0/2
1 000c.8577.2058 DYNAMIC Fa0/24
1 0010.7b0b.a2c0 DYNAMIC Fa0/23
1 0013.20b7.07cc DYNAMIC Fa0/8
1 0013.20b7.08a5 DYNAMIC Fa0/9
1 0013.20b7.1d15 DYNAMIC Fa0/15
1 0013.20b7.1d53 DYNAMIC Fa0/5
1 0013.20b7.1d8c DYNAMIC Fa0/24
1 0013.8ff9.9ad1 DYNAMIC Fa0/24
1 0050.50d0.971a DYNAMIC Fa0/23
20 0013.20b7.08e6 DYNAMIC Fa0/6
Total Mac Addresses for this criterion: 16
SWITCH-50#show vlan
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
10 sales active Fa0/2
20 mkt active Fa0/4
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
www.keygroups.in 40
SWITCH-50#show interface trunk
Port Mode Encapsulation Status Native vlan

Fa0/24 on 802.1q trunking 1
Port Vlans allowed on trunk

Fa0/24 1-4094
Port Vlans allowed and active in management domain

Fa0/24 1,10,20
Port Vlans in spanning tree forwarding state and not pruned

Fa0/24 1,10,20
SWITCH-50#show interface status
Port Name Status Vlan Duplex Speed Type

Fa0/1 connected 1 a-half a-10 10/100BaseTX
Fa0/2 connected 10 a-half a-10 10/100BaseTX
Fa0/3 notconnect 1 auto auto 10/100BaseTX
Fa0/4 connect 20 auto auto 10/100BaseTX
Fa0/5 connected 1 a-full a-100 10/100BaseTX
Fa0/24 connected trunk a-full a-100 10/100BaseTX
SWITCH-50#
www.keygroups.in 41
VTP – Example:
Server
Client
ON 192.168.20.50 Note: verify vlan before and after

configuration
VTP Configuration:
ON 192.168.20.51
2950 # config terminal
2950(config) # vtp domain keygroup VTP Configuration:
2950(config) # vtp mode server
2950 # config terminal
2950(config) # vtp pruning
2950(config) # vtp domain keygroup
2950(config) # vtp password ccna
2950(config) # vtp mode client
VLAN CREATION: 2950(config) # vtp password ccna
2950 # config terminal Verify and troubleshooting:

2950(config) # vlan 101
2950(config-vlan) # name accounts 2950 #sow vlan
2950(config-vlan) #exit 2950 #show vtp status
2950(config) # vlan 102
2950(config-vlan) # name programmer
2950(config-vlan) # ^z
Verify and troubleshooting:

2950 #sow vlan
2950 #show vtp status
www.keygroups.in 42
VTP output verification:
SWITCH-50#show vtp status

VTP Version :2
Configuration Revision : 10
Maximum VLANs supported locally : 64
Number of existing VLANs :7
VTP Operating Mode : Server
VTP Domain Name : keygroups
VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x6B 0xBE 0x07 0xC5 0xCD 0xFC 0xC8 0xEE
Configuration last modified by 192.168.20.50 at 3-1-93 08:28:15
Local updater ID is 192.168.20.50 on interface Vl1 (lowest numbered VLAN interface found)
SWITCH-50#
www.keygroups.in 43
Lab – 12
Inter-VLAN Routing
To Create a VLAN on a Switch
VLAN CREATION:
Switch(config)# vlan <VLAN No.>
Switch(config-vlan)# name <name>
To Assign a interface to VLAN

ASSIGNING MEMBERSHIP TO THE PORTS:
Switch(config-if) # switchport access vlan <VLAN No.>
To configure a trunk link on interface connected to router

TRUNKING:
Switch(config-if) # switchport mode trunk
Switch(config-if) # switchport trunk allowed vlan all
To configure interval VLAN routing on A Router
To configure interface on a router

Default configuration on Ethernet of a Router:
Router(config) # interface <type> <No.>
Router (config-if) # no shutdown
Router (config-if) # no ip address
Router (config-if) # exit
To configure sub interface on a router

Configuration on sub interface of a Router:
Router(config) # interface <type> <no.no>
Router (config-if) # encapsulation dot1q <vlan no> [native]
Router (config-if) # no ip address
Router (config-if) # exit
www.keygroups.in 44
Inter-VLAN – Example:
E0.1 E0.2
192.168.1.1 192.16
VLAN 10 VLAN 2
Configuration on Switch: Configuration on Router
switch# configure terminal router# configure terminal

switch(config)#vlan 10 router(config)# interface ethernet 0
switch(config-vlan)# name Sales router(config-if)# no ip address
switch(config-vlan)# exit
Trunk Port
router(config-if)# no shutdown
switch(config)# vlan 20 router(config-if)# exit
switch(config-vlan)# name Marketing router(config)# interface ethernet 0.1
switch(config-vlan)# exit router(config-if)# encapsulation dot1q 10
switch(config)# interface range fa0/1 - 2 router(config-if)# ip address 192.168.1.1
switch(config-if-range)# switchport mode access 255.255.255.0
switch(config-if-range)# switchport access vlan 10 router(config-if)# exit
switch(config-if-range)# exit router(config)# interface ethernet 0.2
switch(config)# interface range fa0/5 - 6 router(config-if)# encapsulation dot1q 20
switch(config-if-range)# switchport mode access router(config-if)# ip address 192.168.2.1
switch(config-if-range)# switchport access vlan 20 255.255.255.0
switch(config-if-range)# exit router(config-if)# exit
switch(config)# interface fa0/10 router(config)# no ip routing
switch(config-if)# switchport mode trunk router(config)# ip routing
switch(config-if)# switchport trunk allowed vlan all router(config)#exit
switch(config-if)# ^z router# show ip route
switch# show vlan router# show running-config
switch# show interface trunk
www.keygroups.in 45
Inter-Vlan output verification:
On Switch:
SWITCH-50#show vlan
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/7, Fa0/8,
Fa0/9, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
10 sales active Fa0/1, Fa0/2
20 Marketing active Fa0/5, Fa0/6
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
SWITCH-50#show interface trunk
Port Mode Encapsulation Status Native vlan

Port Vlans allowed on trunk

Fa0/2 1-4094
Fa0/24 1-4094
On Router:
Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
C 192.168.1.0/24 is directly connected, Ethernet0.1

C 192.168.2.0/24 is directly connected, Ethernet0.2
www.keygroups.in 46
1. Verification of MAC address table
2. Creation of VLAN
3. Assigning the hosts to a VLAN
4. Configure Trunking between switches
5. Created Sub-interfaces on Router
6. Changed sub-interface encapsulation to dot1q
7. Inter-VLAN communication through an external router.
8. Understanding the concepts of VTP modes
• Server mode
• Client mode
• Transparent mode
www.keygroups.in 47
Lab 13 - Port Security
To configure port security on a switch interface
Port Security:
Switch(config-if) # Switchport port-security
Switch(config-if) # Switchport port-security maximum <No. of MAC address>
Switch(config-if) # Switchport port-security mac-address <MAC ADDRESS/ sticky>
Switch(config-if) # Switchport port-security violation <shutdown/protect/restrict>
Switch
Switch(config)#Interface fa0/1
Switch(config-if)#Switchport port-security
Switch(config-if)#Switchport port-security maximum 1
Switch(config-if)#Switcport port-security mac-address 0013.20B7.1D8C
Switch(config-if)#Switchport port-security violation shutdown
Switch(config-if)#^Z
Switch# show port-security

Switch# show interface status
www.keygroups.in 48
Lab – 14
NAT Configuration
To implement NAT in Interface

Router(config-if)#ip NAT inside/outside
Syntax for configuring NAT is as Follows

Router(config)#ip nat inside source <IP / ACL no.> <IP / pool name / <int type no>> [overload]
Syntax for configuring NAT Pool is as Follows

Router(config)#ip nat pool name <starting ip> <ending ip> [subnet mask]

Router#show ip nat translation
www.keygroups.in 49
NAT Configuration – Example:
192.168.5
S S0
200.1.0.18/29
192.168.4 192.168.6
S1
B J
200.2.0.18/29
S1
202.4.0.
200.3.0.
18/29 192.168.7
192.168.3
G S0
D
202.3.0.
S1
S1 200.4.0.
202.2.0.
192.168.2 192.168.8
B S0 L
202.1.0.
192.168.1
C
Configuration of PAT Configuration of Static NAT
CHE# configure terminal CHE# configure terminal
CHE(config)# interface s0 CHE(config)# interface s0
CHE(config-if)#ip address 202.1.0.18 CHE(config-if)#ip address 202.1.0.18
255.255.255.248 255.255.255.248
CHE(config-if)#no shutdown CHE(config-if)#no shutdown
CHE(config-if)#encapsulation ppp CHE(config-if)#encapsulation ppp
CHE(config-if)#ip nat outside CHE(config-if)#ip nat outside
CHE(config-if)#exit CHE(config-if)#exit
CHE(config)#interface Ethernet 0 CHE(config)#interface Ethernet 0
CHE(config-if)#ip nat inside CHE(config-if)#ip nat inside
CHE(config-if)#exit CHE(config-if)#exit
CHE(config)#access-list 10 permit 192.168.1.0 CHE(config)#ip nat inside source static
0.0.0.255 192.168.1.10 202.1.0.19
CHE(config)#ip nat inside source list 10 interface
serial 0 overload
Show Commands
CHE# show ip nat translation
www.keygroups.in 50
CHE# debug ip nat
NAT output verification:
CHE#show ip nat translation
Pro Inside global Inside local Outside local Outside global
--- 202.1.0.19 192.168.1.10 --- ---
CHE#sh ip nat translations

Pro Inside global Inside local Outside local Outside global
tcp 202.1.0.18 :4965 192.168.1.10:4965 82.204.219.231:21 82.204.219.231:21
tcp 202.1.0.18 :4973 192.168.1.10:4973 64.12.171.246:25 64.12.171.246:25
tcp 202.1.0.18 :4974 192.168.1.10:4974 82.204.219.231:21 82.204.219.231:21
tcp 202.1.0.18 :53955 192.168.1.10:53955 64.4.52.182:80 64.4.52.182:80
tcp 202.1.0.18 :53958 192.168.1.10:53958 207.46.208.105:80 207.46.208.105:80
tcp 202.1.0.18 :53961 192.168.1.10:53961 207.46.208.105:80 207.46.208.105:80
Check the following if you have completed the lab
1. Configure and verify Static Nat
2. Configure and verify Port Address Translation
3. Check the Nat table
4. Configure and verify PAT
5. Debugging of NAT
www.keygroups.in 51

Ccna Lab Updated

Uploaded by

Copyright:

Available Formats

Ccna Lab Updated

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ccna Lab Updated

Uploaded by

Copyright:

Available Formats

Cisco Certified Network Associate

Lab 1 Cisco Router Initial Configuration (IOS Commands) 5

Lab 2 WAN Interface Configuration 20

Lab 3 Static Routing 24

Lab 7 Standard Access Control List

Lab 8 Extended Access Control List

Lab 9 CDP, Backup & Password Recovery

Lab 10 VLAN, Trunking & VTP

Lab 11 Inter-VLAN Routing

Lab 12 Switch Port Security & Verify Spanning Tree Protocol

Lab 13 Network Address Translation (NAT)

Follow these steps to configure Hyper Terminal.

Click on “Accessories” then select “Communications” then select “Hyperterminal”

Select a “COM” port,

Default Values are:

--- System Configuration Dialog ---

Click on “Start” and click on “Run”

In the “Run” window, type “Telnet <IP of Default Gateway>”

This is the first mode user interacts with the IOS.

3. Global Configuration Mode

4. Interface Configuration Mode

This mode is used to change configuration of a specific interface:

Types of interface are “Ethernet” or “FastEthernet” or “Serial”.

This mode is used to change Telnet, Console & Auxiliary configuration.

Note: Following passwords should be used in lab: keygroups, cisco, or ccna

To enable Telnet configure the following:

Router(config)# line vty 0 4

To enable authentication for remote administration.

Configuring Enable passwords

Router# show running-config

Router# show startup-config

Other important “show” commands:

Router# show flash

Saving the configuration on the Router:

How to connect to the Router using Telnet?

<1-99> Session number to resume

Moving to Global configuration mode:

Assigning Hostname to Router

Assigning IP address to Ethernet interface:

Assigning Telnet password:

Assigning console password:

Assigning enable password:

Checking the Changes in running-config

Commands to save the configuration:

Checking the startup-config:

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 46 minutes

Configuration register is 0x2102

System flash directory:

1. Establish Telnet session to the Router

2. Configure hostname to router.

3. Configuring Ethernet interface of the Router

4. Password protection to the Telnet session

5. Password protection to the Console session

6. Password protection to the Auxiliary session

7. Setting up privilege mode Password.

8. Display the contents of Running-Configuration

9. Display the contents of Startup-configuration

10. Saving the Configuration

Router# show controllers serial <no>