Scribd Logo
Upload

Welcome to Scribd!

  • Cnet

    Uploaded by

    Dewarn Easley
    129 views188 pages
    exam

    Original Title

    cnet

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    exam

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    129 views188 pages

    Cnet

    Uploaded by

    Dewarn Easley
    exam

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 188

    Lab 4.

    5: Using Shortcut Commands and Tab Completion in Gathering Basic Router Information
    In this lab you will learn about shortcut commands and the tab completion function. You will use these concepts and commands used to gather basic information about a Cisco router. Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. On the Network Visualizer screen, double-click on 2811 Router A. This will bring up a console screen. 2. Press enter and the Router> prompt will appear. You are now in the user mode. 3. Change to the privileged mode. Router> Router>en

    Shortcut Commands
    Most Cisco IOS commands do not have to be completely spelled out. To facilitate being able to more quickly enter commands, you only have to enter part of a command, plus, each word in a command can be abbreviated. For example the command enable can the

    shortened to en. Another example is the command show running-configurations. You can abbreviate that and just type in sh run. A final example is when you have the command show interfaces. You only need to type in sh int. The router or switch knows what you mean and correctly interprets and carries out that command. You do need to type in enough letters for each word in a command for the router or switch to correctly understand and interpret what you are trying to do. If you do not, you will receive feedback that one or more of your words are ambiguous. The reason for that is that letters in one or more of the words in your command can be used to spell out different words. In that case the device does not know what you want to do, there are too many possibilities. For example, type the following: Router>#s ver Router>A#s v % Ambiguous command: "show v" The 2811 A router recognized "s" to mean "show" but it did not recognize "v". Enter the following command: Router>#s v? vc-group version vlan-range vlan-switch vlans voice voip vpdn vrrp vsp vtemplate vtp In this case "v" could be the first letter in 12 different words. Try this: 2811A#s ve? version Now you only have one word, so, the command s ve will work, along with sh ver, show ver, etc. 4. The command show version will provide basic configuration for the system hardware as well as the software version, the names and sources of configuration files, and the boot images. Router#sh ver [press the tab key] Router#sh version Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport

    Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Fri 17-Nov-06 12:02 by prod_rel_team ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) Router uptime is 4 weeks, 6 days, 18 hours, 29 minutes System returned to ROM by power-on System image file is "flash:c2800nm-advipservicesk9-mz.124-12.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory. Processor board ID FTX1048A54G 2 FastEthernet interfaces 4 Serial(sync/async) interfaces DRAM configuration is 64 bits wide with parity enabled. 239K bytes of non-volatile configuration memory. 62720K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102 Router# The version number can be found on the first line of ouput ... Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1).

    Tab Completion Function


    Most of the time you will use shortcut commands to configure devices because they are quick and convenient. However, for any reason you want to enter all the words in a command, there is an alternative to manually entering every character. You can use the Tab Completion function to spell out any word. Just type part of the word and then press your tab key. It will complete the word. As shown in the earlier command in this lab you can type

    "sh ver" and press the tab key. The word "version" will be spelled out. The show version command gives you how long the router has been running, how it was restarted, the IOS filename running, the model hardware and processor versions, and the amount of DRAM. Also, the configuration register value is listed last.The above router has 32 megs of RAM and 8 megs of Flash. 5. You can view the router files by typing the command show running-config or show startupconfig from privileged mode. The sh run command, which is the shortcut for show running-config, tells us that we are viewing the current configuration. Router#sh run Building configuration... Current configuration : 874 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router [cut] 6. The sh start command, which is the shortcut for the show startup-config command, shows us the configuration that will be used the next time the router is reloaded and also shows us the amount of NVRAM used to store the startup-config file. Router#sh start Building configuration... Current configuration : 874 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router [cut] 7. You can delete the startup-config file by using the command erase startup-config. Once you perform this command, you will receive an error if you try to view the startup-config file. Router#erase startup-config Erasing the nvram file system will remove all configuration files! Continue? [confirm] (press enter) [OK] Erase of nvram: complete Router#

    00:13:30: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of ... [cut] 8. Verify that you have erased the startup configuration. Router#sh start startup-config is not present Router#

    Lab 4.6: Setting Passwords


    There are five passwords used to secure Cisco routers. The first two passwords discussed in this lab are used to set your enable password, which is used to secure privileged mode. This will prompt a user for a password when the enable command is used. The other three are used to configure a password when user mode is accessed either through the console port, the auxiliary port, or Telnet. Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. On the Network Visualizer screen, double-click on 2811 Router A. This will bring up a console screen. 2. Press enter and the Router> prompt will appear. You are now in the user mode. 3. Change to the privileged mode.

    Router> Router>enable 4. Set the two enable passwords on your router. You set the enable passwords from global configuration mode. Router(config)#enable ? last-resort Define enable action if no TACACS servers respond password secret Assign the privileged level password Assign the privileged level secret

    use-tacacs Use TACACS to check enable passwords The enable secret and enable password commands are the only enable passwords that are supported in our program at this time Router(config)#enable secret todd Router(config)#enable password cisco Since the enable secret supercedes the enable password, don t bother to use the enable password since it will never be used if the enable secret is set. 5. Set your user mode passwords by using the line command. Router(config)#line ? <0-70> First Line number aux tty vty x/y Auxiliary line Terminal controller Virtual terminal Slot/Port for Modems console Primary terminal line

    Aux is used to set the user-mode password for the auxiliary port. This is typically used for configuring a modem on the router but can be used as a console as well. Console is used to set a console user-mode password Vty is used to set a Telnet password on the router. If the password is not set, then Telnet cannot be used by default. This program does not support the tty and x/y modem line commands To configure the user mode passwords, you configure the line you want and use either the login or no login command to tell the router to prompt for authentication. 6. Set the auxiliary password on your router. To configure the auxiliary password, go to global configuration mode and type line aux?. Notice that you only get a choice of 0because there is only 0 one port. Router#config t

    Enter configuration commands, one per line. End with CTRL/Z. Router(config)#line aux ? <0-0> First Line number Router(config)#line aux 0 Router(config-line)#login % Login disabled on line 65, until 'password' is set Router(config-line)#password todd Router(config-line)#login It is important to remember the login command, or the auxiliary port won t prompt for authentication. However, in the newer IOS that we are now running, the login command cannot be set until you set a password. The reason they added this feature is because if you set the login command and not a password, you are locked out from that line. 7. Set your console password on your router. To set the console password, use the line console 0 command. However, notice that when we tried to type line console 0 ? from the aux line configuration, we got an error. You can still type line console 0 and it will accept it; however, the help screens do not work from that prompt. Type to get back one level if you want to use the help option. exit Router(config-line)#line console ? % Unrecognized command Router(config-line)#exit Router(config)#line console ? <0-0> First Line number Router(config)#line console 0 Router(config-line)#login % Login disabled on line 0, until 'password' is set Router(config-line)#password todd1 Router(config-line)#login Since there is only one console port, we can only choose line console 0. The new login feature works on the console line too. 8. Set the optional console port commands on your router. There are a few other important commands to know for the console port. The exec-timeout 0 0 command sets the timeout for the console EXEC session to zero, or to never time out. To have fun with your friends at work, set it to 0 1, which makes the console time out in 1 second! The way to fix that is to continually press the down arrow key while changing the timeout time with your free hand. Logging synchronous is a nice command, and I think it should be a default command, but it is not. What this command provides is to stop console messages from popping up and disrupting input you are trying to type. This command makes reading your input messages much easier. Here is an example of how to configure both commands:

    Router(config)#line con 0 Router(config-line)#exec-timeout ? <0-35791> Timeout in minutes Router(config-line)#exec-timeout 0 ? <0-2147483> Timeout in seconds <cr> Router(config-line)#exec-timeout 0 0 Router(config-line)#logging synchronous 9. Set your Telnet password on your router. To set the user-mode password for Telnet access into the router, use the line vty command. Router(config)#line vty 0 ? <1-4> Last Line number <cr> Router(config)#line vty 0 1180 Router(config-line)#password todd2 Notice we did not use the login command with this line configuration. The login command is set by default on the VTY lines, which stops anyone telneting into the router until you set a password. If you try to telnet into a router that does not have a VTY password set, you will receive an error stating that the connection is refused because the password is not set. You can tell the router to allow Telnet connections without a password by using the no login command. By setting this next command, you will not be prompted for password when telneting into the router. This is not recommended, but this is how you would do that: Router(config-line)#line vty 0 4 Router(config-line)#no login Router(config-line)#ctrl+z Router# After your routers are configured with an IP address, you can use the Telnet program to configure and check your routers. You can use the Telnet program by typing telnet from any command prompt (DOS or Cisco)

    Lab 4.7: Encrypting Your Passwords


    Only the enable secret password is encrypted by default. You need to manually configure the user mode and enable passwords. Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. On the Network Visualizer screen, double-click on 2811 Router A. This will bring up a console screen. 2. Press enter and the Router> prompt will appear. You are now in the user mode. Change to the privileged mode. Router> Router>enable 3. Notice that you can see all the passwords except the enable secret when performing a show running-config command on a router. Router#sh run Building configuration... Current configuration : 874 bytes ! version 12.4 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 $1$F/gZ$mNTwylb4ZJ4J1WW97nUJG. enable password cisco

    ! [output cut] line con 0 password todd1 logging synchronous login line aux 0 password todd login line vty 0 4 password todd2 login line vty 5 15 password todd2 login ! ! end Router# The line ... enable secret 5 $1$F/gZ$mNTwylb4ZJ4J1WW97nUJG shows an encrypted enable password. 4. To manually encrypt your passwords, use the service password-encryption command. Here is an example of how to perform manual password encryption. Router#config t Enter configuration commands, one per line. End with CTRL/Z. Router(config)#service password-encryption Router(config)#exit 5. The show running-config command, you can see the enable password and the line passwords are all encrypted. If you don t type show running-config, it does not encrypt the passwords. We call this a ll feature . Router#show running-config [cut] hostname Router !

    enable secret 5 $1$F/gZ$mNTwylb4ZJ4J1WW97nUJG. enable password 7 05080F1C2243 ! [cut] ! line con 0 password 7 111D16011343 logging synchronous login line aux 0 password 7 044F04020B login line vty 0 4 password 7 051F090B251E login line vty 5 15 password 7 105A061D0145 login ! 6. Since the service password-encryption is a router process, you do not want to keep this running in the background. Once you perform a show running-config and see the encrypted passwords, turn off the process. After entering the command no service password-encryption, your passwords will still be encrypted until they are reset. Router#config t Router(config)#no service password-encryption Router(config)#ctrl+z

    Lab 4.8: Saving Your Configurations


    If you have made changes to a device you will want to permanently save the configurations. Your running configuration is only in memory and if something happend, for example, you lost power to a device, you would lose all unsaved entries. That is why you want to save your running configurations (DRAM) to the permanently stored startup configurations (NVRAM). You can manually save the file from DRAM to NVRAM by using the copy running-config startup-config command. You can also use the shortcut copy run start. Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. Save the configuration on 2811 Router A. Router#copy run start Destination filename [startup-config]?enter Building configuration... This will now place the file you created into NVRAM, which will be used the next time the router is booted up. 2. You can view this file with the show startup config command. Router#show start

    Lab 4.9: Setting Router Banners


    You can set a banner on a Cisco router so that when either a user logs into the router or an administrator telnets into the router, for example, a banner will give them information you want them to have. Another reason for having a banner is to add a security notice to users dialing into your internetwork. Network Layout: Load the network layout you have been working with for labs in section 4.

    The command to use is from global configuration mode and shown below: Router(config)#banner ? LINE exec incoming login motd slip-ppp c banner-text c, where 'c' is a delimiting character Set EXEC process creation banner Set incoming terminal line banner Set login banner Set Message of the Day banner Set Message for SLIP/PPP

    prompt-timeout Set Message for login authentication timeout Please Note: CCENT Network Visualizer 6.0 only supports the MOTD banner 1. On the Network Visualizer screen, double-click on 2811 Router A. This will bring up a console screen. 2. The Message of the Day is the most used and gives a message to every person dialing in or connecting to the router, via Telnet, auxiliary port, or console port. Router(config)#banner motd ? LINE c banner-text c, where 'c' is a delimiting character Router(config)#banner motd # Enter TEXT message. End with the character '#'. If you are not authorized to be in RouterSim.com network, then you must disconnect immediately. # Router(config)#ctrl+z Router#

    00:25:12: %SYS-5-CONFIG_I: Configured from console by console Router#exit Router con0 is now available Press RETURN to get started. If you are not authorized to be in RouterSim.com network, then you must disconnect immediately. Router> Please Note: For information on the other available banners, please see the Sybex CCNA Study Guide, 6th Edition.

    Lab 4.10: Configuring Interfaces for the 2621 Router


    Interface configuration is one of the most important configurations of the router. Without interfaces, the router is useless. Interface configurations must be exact to be able to communicate with other devices. Interface configuration will be presented for three different devices (in labs 4.10 - 4.12) so that you can see differences among the interfaces: 2621 Router 2811 Router 3560 Switch Network Layout: Load the network layout you have been working with for labs in section 4.

    Interfaces correspond to the physical ports available on a device. In this instance the 2621 router has two serial ports and two Fast Ethernet ports: s0/0

    s0/1 fa0/0 fa0/1 As you read through the following steps you will notice a correspondence between interface and port names. This means you have to use the same names or shortcut commands as the names of the ports.

    Lab Steps
    1. On the Network Visualizer screen, double-click on 2621 Router A. This will bring up a console screen. 2. Press enter and the Router> prompt will appear. You are now in the user mode. 3. Change to the privileged mode. Router> Router>enable 4. Change to the global configuration mode. Router#config Configuring from terminal, memory, or network [terminal]?enter Enter configuration commands, one per line. End with CTRL/Z. Router(config)# 5. Type interface ? to see all the interfaces available on the router. Router(config)#interface ? Async BRI BVI CTunnel Dialer Async interface ISDN Basic Rate Interface Bridge-Group Virtual Interface CTunnel interface Dialer interface

    FastEthernet Group-Async Lex Loopback MFR Multilink Null Tunnel Vif

    FastEthernet IEEE 802.3 Async Group interface Lex interface Loopback interface Multilink Frame Relay bundle interface Multilink-group interface Null interface Tunnel interface PGM Multicast Host interface

    Virtual-Template Virtual Template interface Virtual-TokenRing Virtual TokenRing range interface range command The output will vary depending on the type of router device you are connected to. 6. Type the command interface serial ?. To configure the 2621 router interfaces, the configuration would be interface type slot/port. The output below shows a 2621 router with 2 serial interfaces, which are labeled 0/0 and 0/1. The first option is the slot and the second option is the port. Each 2621 has two slots that can be filled with physical interfaces. The routers we use in this program only has interfaces in slot 0. Router(config)#interface serial ? <0-1> Serial interface number Router(config)#int serial 0 % Incomplete command. Router(config)#int serial 0? / Router(config)#int serial 0/? <0-1> Serial interface number 7. At this point you must choose the interface you want to configure. Once you do that, you will be in interface configuration for that interface. The command to choose serial port 1, for example, would be: Router(config)#interface serial 0/1 Router(config-if)#exit 8. The 2621 router also has two FastEthernet 10/100BaseT ports. For example, the FastEthernet interface configuration is shown below: Router(config)#interface fastethernet ? <0-1> FastEthernet interface number Router(config)#int fastethernet 0 % Incomplete command.

    Router(config)#int fastethernet 0? / Router(config)#int fastethernet 0/? <0-1> FastEthernet interface number Notice that you cannot type int fastethernet 0/. You must type the full command, which is type slot/port, or int fastethernet 0/0. You can type the shortcut int fa 0/0 as well. 9. At this point you must choose the interface you want to configure. Once you do that, you will be in interface configuration for that interface. The command to choose Fast Ethernet port 1, for example, would be: Router(config)#int fasthernet 0/1 Router(config-if)#exit Router(config)#>ctrl+z

    Lab 4.11: Configuring Interfaces for the 2811 Router


    Interface configuration is one of the most important configurations of the router. Without interfaces, the router is useless. Interface configurations must be exact to be able to communicate with other devices. Interface configuration will be presented for three different devices (in labs 4.10 - 4.12) so that you can see differences among the interfaces: 2621 Router 2811 Router 3560 Switch Network Layout: Load the network layout you have been working with for labs in section 4.

    Interfaces correspond to the physical ports available on a device. In this instance the 2811 router has four serial ports and two Fast Ethernet ports: s0/0/0 s0/0/1 s0/1/0 s0/1/1 fe0/0 fe0/1 As you read through the following steps you will notice a correspondence between interface and port names. This means you have to use the same names or shortcut commands as the names of the ports.

    Lab Steps
    1. On the Network Visualizer screen, double-click on 2811 Router A. This will bring up a console screen. 2. Press enter and the Router> prompt will appear. You are now in the user mode. 3. Change to the privileged mode. Router> Router>enable 4. Change to the global configuration mode. Router#config Configuring from terminal, memory, or network [terminal]?enter Enter configuration commands, one per line. End with CTRL/Z. Router(config)# 5. Type interface ? to see all the interfaces available on the router. Router(config)#interface ? Async Async interface BVI Bridge-Group Virtual Interface CDMA-Ix CDMA Ix interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Group-Async Async Group interface Lex Lex interface Loopback Loopback interface MFR Multilink Frame Relay bundle interface Multilink Multilink-group interface Null Null interface Port-channel Ethernet Channel of interfaces Serial Serial Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual-PPP Virtual PPP interface Virtual-Template Virtual Template interface Virtual-TokenRing Virtual TokenRing XTagATM Extended Tag ATM interface range interface range command The output will vary depending on the type of router device you are connected to. 6. Type the command interface serial ?. To configure the 2811 router interfaces, the configuration would be interface type router/slot/port. The output below shows a 2811 router with 2 serial interfaces, which are labeled 0/0/0 and 0/0/1. The first option is the router, the second option is the slot, and the third option is the port. Each 2811 has two slots that can be filled with physical interfaces. Router(config)#interface serial ?

    <0-2> Serial interface number Router(config)#int serial 0 % Incomplete command. Router(config)#int serial 0? / Router(config)#int serial 0/? <0-1> Serial interface number Router(config)#int serial 0/0? . / : <0-19> Router(config)#int serial 0/0/ <0-1> Serial interface number 7. At this point you must choose the interface you want to configure. Once you do that, you will be in interface configuration for that interface. The command to choose serial port 1, for example, would be: Router(config)#interface serial 0/0/1 Router(config-if)#exit 8. The 2811 router also has two FastEthernet 10/100BaseT ports. For example, the FastEthernet interface configuration is shown below: Router(config)#interface fastethernet ? <0-2> FastEthernet interface number Router(config)#int fastethernet 0 % Incomplete command. Router(config)#int fastethernet 0? / Router(config)#int fastethernet 0/? <0-1> FastEthernet interface number Notice that you cannot type int fastethernet 0/. You must type the full command, which is type slot/port, or int fastethernet 0/0. You can type the shortcut int fa 0/0 as well. 9. At this point you must choose the interface you want to configure. Once you do that, you will be in interface configuration for that interface. The command to choose Fast Ethernet port 1, for example, would be: Router(config)#int fastethernet 0/1 Router(config-if)#exit Router(config)#>ctrl+z

    Lab 4.12: Configuring Interfaces for the 3560 Switch


    Interface configuration is one of the most important configurations of the switch. Without interfaces, the switch is useless. Interface configurations must be exact to be able to communicate with other devices. Interface configuration will be presented for three different devices (in labs 4.10 - 4.12) so that you can see differences among the interfaces: 2621 Router 2811 Router 3560 Switch Network Layout: Load the network layout you have been working with for labs in section 4.

    Interfaces correspond to the physical ports available on a device. In this instance the 3560 switch has eight fast ethernet ports. As you read through the following steps you will notice a correspondence between interface and port names. This means you have to use the same names or shortcut commands as the names of the ports.

    Lab Steps
    1. On the Network Visualizer screen, double-click on 3560 Switch A. This will bring up a console screen. 2. Press enter and the Switch> prompt will appear. You are now in the user mode. 3. Change to the privileged mode. Switch> Switch>enable 4. Change to the global configuration mode. Switch#config Configuring from terminal, memory, or network [terminal]?enter Enter configuration commands, one per line. End with CTRL/Z. Switch(config)# 5. Type interface ? to see all the interfaces available on the router. Switch(config)#interface ? Async Async interface BVI Bridge-Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z Group-Async Async Group interface Lex Lex interface Loopback Loopback interface Null Null interface Port-channel Ethernet Channel of interfaces Portgroup Portgroup interface Pos-channel POS Channel of interfaces Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual-Template Virtual Template interface Virtual-TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Channel range interface range command The output will vary depending on the type of router device you are connected to. 6. The 3560 switch has eight Fast Ethernet 10/100BaseT ports. For example, the Fast Ethernet interface configuration is shown below: Switchconfig)#interface fastethernet ?

    <0-0> FastEthernet interface number Switch(config)#int fastethernet 0 % Incomplete command. Switch(config)#int fastethernet 0? / Switch(config)#int fastethernet 0/? <1-8> FastEthernet interface number Notice that you cannot type int fastethernet 0/. You must type the full command, which is type slot/port, or int fastethernet 0/0. You can type the shortcut int fa 0/0 as well. 7. At this point you must choose the interface you want to configure. Once you do that, you will be in interface configuration for that interface. The command to choose fasthethernet port 1, for example, would be: Switch(config)#int fasthernet 0/1 Switch(config-if)#exit Switch(config)#>ctrl+z

    Lab 4.13: Bringing Up an Interface


    By default, interfaces are shut down and turned off. That means that packets cannot travel through the device to another connected device. You can turn an interface on with the no shutdown command. You can turn off or shut down an interface with the shutdown command. You can check the status of an interface by using the show interface command. If an interface is shut down, it will display administratively down when using the show interface command, and the show running-config command will also show the interface as shut down. Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. On the Network Visualizer screen, double-click on 2621 Router A. This will bring up a console screen. 2. Press enter and the Router> prompt will appear. You are now in the user mode. 3. Change to the privileged mode. Router> Router>enable 4. Type show interface fastethernet 0 and see that it is administratively down. Router#sh int fa0/0 FastEthernet0/0 is administratively down, line protocol is up [output cut] 5. Bring up the interface Fastethernet 0/0 with the no shutdown command. Router#config t Enter configuration commands, one per line. End with CTRL/Z. Router(config)#int fa0/0 Router(config-if)#no shutdown Router(config-if)#ctrl+z 00:57:08: %LINK-3-UPDOWN: Interface Fastethernet 0/0, changed state to up 00:57:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Fastethernet 0/0, changed state to up Router#sh int fa0/0

    Fastethernet 0/0 is up, line protocol is up 6. Configure the router to enable all interfaces by issuing the no shutdown command on all interfaces.

    Interface and Connection States


    There are four possible states that you can have in examining if interfaces are turned on and devices properly connected. FastEthernet Interface FastEthernet0/0 is administratively down, line protocol is down - There are a couple possibilities with this current state.

    The two devices are not connected and each f0/0 interface on both routers are explicitly shutdown. The two devices are connected and each f0/0 interface on both routers are explicitly shutdown. FastEthernet0/0 is up, line protocol is down - If the two devices are connected this output means that one interface is turned up and the other interface f0/0 is shut down. Router(config)#int f0/0 Router(config-if)#no shut 23:03:18 %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up 23:03:18 %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

    FastEthernet0/0 is up, line protocol is up - this means that the routers are connected and the interfaces are turned on for both routers with the no shut command.

    Serial Interface Serial0/0 is administratively down, line protocol is down - There are a couple possibilities with this current state.

    The two devices are not connected and each s0/0 interface on both routers are explicitly shutdown. The two devices are connected and each s0/0 interface on both routers are explicitly shutdown. Serial0/0 is down, line protocol is down - If the two devices are connected this output means that one interface is turned up and the other interface s0/0 is shut down. Router(config)#int s0/0 Router(config-if)#no shut 23:03:18 %LINK-3-UPDOWN: Interface Serial0/0, changed state to up 23:03:18 %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

    Serial0/0 is up, line protocol is up - this means that the routers are connected and the interfaces are turned on for both routers with the no shut command.

    Lab 4.14: Configuring an IP Address on an Interface


    You don t have to use IP on your routers; however, IP is typically used on all routers and it certainly is used in this program. To configure IP addresses on an interface, use the ip address command from interface configuration mode. Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. Configure the Fast Ethernet 0/0 interface on router 2621 A with the IP address of 172.16.10.2/24. Router#config t Router(config)#int fa0/0 Router(config-if)#ip address 172.16.10.2 255.255.255.0 Router(config-if)#no shut Notice that in order to enable an interface, we use the no shut command. Remember to look at the command show interface fa0/0, for example, which will show you if it administratively shut down or not. Show running-config will also show you if the interface is shut down. IP address - unique identification number for a device that is located on a network. An IP address is equivalent to the address of your home. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 172.16.10.6 could be an IP address. 2. If you want to add a second subnet address to an interface, then you must use the secondary command. subnet address - is a range of logical addresses within the address space of an organization. This allows you to take one network and turn it into many more, smaller networks. This allows for less network traffic on each network and faster and more efficient networks. See the section Subnetting Basics in the Sybex CCNA Study Guide, 6th edition. If you type another IP address and press enter, it will replace the existing IP address and mask. To add a secondary IP address, use the secondary command. Router(config-if)#ip address 172.16.20.2 255.255.255.0 secondary

    Router(config-if)#ctrl+z 3. You can verify both addresses are configured on the interface with the show running-config command (sh run for short). Router#sh run Building configuration... Current configuration: [output cut] ! interface Fastethernet 0/0 ip address 172.16.20.2 255.255.255.0 secondary ip address 172.16.10.2 255.255.255.0

    Lab 4.15: Serial Interface Commands


    To configure a serial interface, there are a couple of specifics that need to be discussed. serial interface - you have a connection between two devices where data is sent between the two, one bit at a time. This occurs in only one direction at a time.

    Typically, when in production, the interface will be attached to a CSU/DSU type of device that provides clocking for the line. However, if you have a back-to-back configuration used in a lab environment, for example, one end must provide clocking. This would be the DCE end of the cable. Cisco routers, by default, are all DTE devices, and you must tell an interface to provide clocking if it is to act as a DCE device. If you don t completely understand this right now, don t worry, you will. Just run through the commands below for now and I promise it will become clear to you later. CSU/DSU - a telecommunication device used to connect a carrier circuit to a router. The carrier circuit can be a DS1 or DS3, T1 or T3. The CSU/DSU converts the DS1 signal in to signal that the local network can understand. The CSU/DSU also converts the signal from

    the local network in to a DS1 signal so it can be carried back across the DS1 circuit. Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. Double-click on router 2621 A to bring up the console. Go to the priviledged mode. 2. You can configure a DCE serial interface with the clock rate command. Configure an interface that has a DCE connection. Router#config t Enter configuration commands, one per line. End with CTRL/Z. Router(config)#int s0/0 Router(config-if)#clock rate ? Speed (bits per second) 1200 2400 4800 9600 19200 38400 56000 64000 72000

    125000 148000 250000 500000 800000 1000000 1300000 2000000 4000000 <300-4000000> Choose clockrate from list above Router(config-if)#clock rate 64000 Router(config-if)#int s0/1 Router(config-if)#clock rate 64000 It does not hurt anything to try and put a clock rate on an interface. Notice that the clock rate command is in bits per second. Please Note: If you are not on an interface that is set to DCE than you will receive an error when trying this command. finding DCE - DCE (data communications equipment) is the side of the connection that provides the clocking. Unless it is a 2811 router, you would enter the clock rate on the DCE side of a connection between routers. If you cannot remember what side of your connection is DCE, you can use the show controllers command. Here is an example: 2811#show controllers s0/1/1 Interface Serial0/1/1 Hardware is GT96K DCE V.35, clock rate 2000000 idb at 0x454E69C8, driver data structure at 0x454EE0EC wic_info 0x454EE6E8 Physical Port 0, SCC Num 0 [output cut] The DCE connection is associated with s0/1/1 and a clockrate of 2000000 3. The next command you need to understand is the bandwidth command. Every Cisco router ships with a default serial link bandwidth of a T1, or 1.544Mbps. However, understand that this has nothing to do with how data is transferred over a link. The bandwidth of a serial link is used by routing protocols such as IGRP, EIGRP, and OSPF to calculate the best cost to a remote network. If you are using RIP routing, then the bandwidth setting of a serial link is irrelevant. Router(config-if)#bandwidth ?

    <1-10000000> Bandwidth in kilobits Router(config-if)#bandwidth 64 4. Notice that unlike the clock rate command, the bandwidth command is configured in kilobits.

    Lab 4.16: Setting the Router Hostnames


    You can uniquely identify a device by giving it a hostname; you use the hostname command. This is only locally significant for the administrator, which means it has no bearing on how the router performs name lookups on the internetwork. Please Note: On a router the default hostname is Router and Switch on switches. This stays in effect until you intentionally change the hostname. Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. Set the hostname of router 2621 A. Router(config-if)#ctrl+z Router#config t Enter configuration commands, one per line. End with CTRL/Z. Router(config)#hostname 2621A 2621A(config)# 2. Notice that when you press enter the command takes effect immediately.

    Lab 4.17: Setting Interface Descriptions


    Setting descriptions on an interface is helpful to the administrator and, like the hostname, only locally significant. For example, this is a helpful command because it can be used to keep track of circuit numbers. Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. On router 2621 A, set the description of the interface Fast Ethernet 0/0 to Sales LAN and the serial 0/0 interface to WAN to Miami with a circuit number of 6fdda4321. 2621A(config)#int fa0/0 2621A(config-if)#description Sales LAN 2621A(config-if)#int s0/0 2621A(config-if)#desc Wan to Miami circuit:6fdda4321 2. You can view the description of an interface either with the show running-config command or the show interface command. 2621A#sh run [output cut] interface FastEthernet0/0 description Sales LAN ip address 172.16.20.2 255.255.255.0 secondary ip address 172.16.10.2 255.255.255.0 no ip directed-broadcast

    ! interface Serial0/0 description Wan to Miami circuit:6fdda4321 no ip address no ip directed-broadcast shutdown 2621A#sh int fa0/0 FastEthernet 0/0 is up, line protocol is up Hardware is AmdFE, address is 00b0.6483.2120 (bia 00b0.6483.2120) Description: Sales LAN [cut] 2621A#sh int s0/0 Serial 0/0 is administratively down, line protocol is down Hardware is HD64570 Description: Wan to Miami circuit:6fdda4321 [cut] 2621A#

    Lab 4.18: Verifying Your Configuration


    Once you take a look at the running-config, and it appears that everything is in order, you can verify your configuration with utilities, like Ping and Telnet. troubleshooting tip - if you have a local host, to remote host connection issue ... Use the ping command to ping your PCs local ip address Use the ping command to ping your PCs default gateway Ping the ip address of the machine or webpage you are trying to reach Traceroute the ip address of the machine or webpage you are trying to reach Depending on which of the above tasks fail is where you should begin your search for the connection issue. Always make sure to check if your subnets and mask are correct from end to end.

    Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. Go to router 2621 A. 2. You can ping with different protocols, and you can see this by typing ping ? at the router user mode or privileged mode prompt, but not configuration mode. ping - a diagnostic program that sees if a specific IP address is accessible. Packets are sent to the specified location and if they return correctly, communications was successful. This is used to verify connection to a remote host. Ping works at layer 3 of the OSI model. 2621A#ping ? WORD clns ip tag <cr> Ping destination address or hostname CLNS echo IP echo Tag encapsulated IP echo

    CCENT Network Visualizer 6.0 only supports IP ping at this time. 3. You can also use the traceroute program to find the path a packet takes as it traverses an internetwork. Traceroute can also be used with multiple protocols. traceroute - a TCP/IP utility that allows a user to determine if two computers are communicating successfully with each other. This network tool is used to determine the route taken by packets across an IP network. The time and location of the route taken to reach its destination computer is displayed. Traceroute works at layer 3 of the OSI model.

    2621A#traceroute ? WORD clns ip vines <cr> CCENT Network Visualizer 6.0 only supports IP with the trace command. 4. Telnet can be used to test IP connectivity and to gain access into remote routers. Once you gain access into the remote router you can interact with the device as though you are physically in front of it. From the router prompt, you do not need to type the telnet command. If you just type a hostname or IP address, it will assume you want to telnet. The following example shows how to use telnet from a router prompt. However, you need to have a configured a working network and destination host for telnet to be successful. We use telnet more in other labs. ll 2621A#telnet ? WORD IP address or hostname of a remote system <cr> 5. Another way to verify your configuration is by typing show interface commands. The first command is show interface?, which shows us all the available configured or physical interfaces for a device. The only interfaces that are not logical are FastEthernet and Serial. 2621A#sh int ? FastEthernet FastEthernet IEEE 802.3 Loopback Loopback interface Null Null interface Serial Serial accounting Show interface accounting crb Show interface routing/bridging info fair-queue Show interface Weighted Fair Queueing (WFQ) info irb Show interface routing/bridging info mac-accounting Show interface MAC accounting info precedence Show interface precedence accounting info random-detect Show interface Weighted Random Early Detection (WRED) info rate-limit Show interface rate-limit info type Show vlan types | Output modifiers <cr> 6. You can be specific with the command and use show interface FastEthernet 0/0, or serial 0/0. 2621A#sh int fa0/0 FastEthernet0/0 is up, line protocol is up Hardware is AmdFE, address is 00b0.af40.3e18 (bia 00b0.af40.3e18) Trace route to destination address or hostname ISO CLNS Trace IP Trace Vines Trace (Banyan) appletalk AppleTalk Trace

    oldvines Vines Trace (Cisco)

    Description: Sales Lan Internet address is 172.16.10.2/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliablility 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full -duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:50, output 00:00:04, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 0 packets/sec 588 packets input, 74628 bytes Received 588 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast 0 input packets with dribble condition detected 231 packets output, 53712 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out --More-[output cut] 7. Use the show controllers command to display information about the physical interface itself. It will also give you the type of serial cable plugged into a serial port. Typically this will only be a DTE cable, which then plugs into a type of Data Service Unit (DSU). 2621A#sh controllers s 0/0 Interface Serial0/0 Hardware is PowerQUICC MPC860 DCE V.35, clock rate 64000 idb at 0x813CA7B4, driver data structure at 0x813D1CE8 [output cut] 8. Clear all configurations. You will want to clear the configurations for any router that you have entered information, up to this point. This will allow you to configure the devices according to the suggested labs without any extraneous information. 2621A#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [con firm]enter [OK] Erase of nvram: complete 2621A#

    01:58:09: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram 2621A#reload System configuration has been modified. Save? [yes/no]: no Proceed with reload? [confirm] enter Would you like to enter the initial configuration dialog? [yes/no]: n

    Lab 4.19: do Command


    The do command allows you ping other devices and view configurations while in the global configuration mode. Before IOS version 12.3, you could not use the do command. You had to be in user or privileged mode in order to ping other devices or view configurations. However, beginning with IOS version 12.3 you can use the do command in the configuration mode to accomplish this. With IOS version 12.2 you can also use the do command if you have the IOS Special Edition (SE). The do command is convenient because you do not have to exit the current configuration mode and perform the command in the privileged mode. With CCENT Network Visualizer 6.0 there are three devices that will allow you to use the do command in global configuration mode: 2811 router 2960 switch 3560 switch Network Layout: Load the network layout you have been working with for labs in section 4.

    Lab Steps
    1. On the Network Visualizer screen, double-click on 2811 Router A. This will bring up a console screen. 2. Press enter and the Router> prompt will appear. You are now in the user mode. 3. Change to the privileged mode. Router> Router>enable 4. Change to the global configuration mode. Perform the do show run command and the do show int s /0/0/0 comamnd. Router# Router#config t Router(config)#do show run Building configuration... Current configuration : 3401 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! [output cut] Router(config)#do show int s 0/0/0 Serial0/0/0 is administratively down, line protocol is down Hardware is GT96K Serial MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliablility 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10) Last input 00:00:02, output 00:00:06, output hang never Last clearing of "show interface" counters 02:41:59 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1645 packets input, 100265 bytes, 0 no buffer Received 1139 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

    1662 packets output, 105842 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 2 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up 5. On the Network Visualizer screen, double-click on 3560 Switch A. This will bring up a console screen. 6. Press enter and the Switch> prompt will appear. You are now in the user mode. 7. Change to the privileged mode. Switch> Switch>enable 8. Change to the global configuration mode. Perform the do show run command. Switch# Switchconfig t 3560A(config)#do show run Building configuration... Current configuration : 898 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! no aaa new-model system mtu routing 1500 ip subnet-zero ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 [output cut]

    Introduction to IP Routing
    This section will discuss the IP routing process. This is an important subject to understand as it pertains to all routers and configurations that use IP. IP routing is the process of moving packets from one network to another network and delivering the packets to hosts. This section will give you the background on how to configure and verify IP routing with Cisco routers. Suggested Reading: Please read chapter 4 (on SDM) and chapter 6 in the Sybex CCNA Study Guide, Sixth Edition, before performing the following labs. The following labs are covered in this section: 5.1: Configuring the SDM for the 2811 Router 5.2: Connecting to the SDM using the 2811 Router 5.3: Configuring an Interface with SDM 5.4: Configuring DHCP with SDM 5.5: Configuring Other Items with SDM 5.6: Verifying Configurations with SDM 5.7: Configuring the Routers 5.8: Verifying the Configurations 5.9: Configuring Static Routing 5.10: Verifying Static Routing 5.11: Configuring and Verifying Hosts 5.12: Configuring Default Routing 5.13: Verifying Default Routing 5.14: Configuring RIP Routing 5.15: Verifying RIP Routing 5.16: Configuring RIPv2 5.17: Verifying RIPv2 5.18: Configuring IGRP 5.19: Verifying IGRP The following commands are used in this section: Command Meaning

    debug ip igrp events Provides a summary of the IGRP routing information running on the network debug ip igrp transactions debug ip rip Shows message requests from neighbor routers asking for an update and the broadcasts sent from your router towards that neighbor router Sends console messages displaying information about RIP packets being sent

    and received on a router interface ip classless Global configuration command used to tell a router to forward packets to a default route when the destination network is not in the routing table Creates static and default routes on a router Tells the routing protocol what network to advertise Disable auto summarization Removes a static or default route Turns on IP EIGRP routing on a router Turns on IP IGRP routing on a router Turns on IP RIP routing on a router Shows the routing protocols and timers associated with each routing protocol configured on a router Displays the IP routing table Shows the routed protocols and network addresses configured on each interface Enables rip version 2

    ip route network no autosummarization no ip route router eigrp as router igrp as router RIP show ip protocols

    show ip route show protocols version 2

    Lab 5.1: Configuring the SDM for the 2811 Router


    Cisco SDM is a Web-based device-management tool for routers. The SDM is a graphical user interface that allows you to quickly configure the 2811 router. After the initial setup, no interaction with the command line interface (CLI) is required. Please Note: Before you can use SDM, you must first manually configure router 2811 A with the CLI. In this lab we will configure router 2811 A. Then, there are two more steps that must be finished before you can launch the SDM: Configure Host A because that is where we will launching SDM

    Set up https services on the router so you can configure the 2811A router via a secure web browser Network Layout: Load SDM Layout.rsm before going through the following lab. 1. On the Network Visualizer screen, click on the File menu and then click Open. 2. When the dialog box appears, make sure you are in the Networks folder. 3. Click on the file SDM Layout.rsm and click OK.

    Lab Steps
    1. Double-click 2811 Router A. After the console screen comes up set the hostname and IP addresses of each interface. Router>enable Router#config t Router(config)#hostname 2811A 2811A(config-line)#interface fastethernet 0/0 2811A(config-if)#ip address 172.16.10.1 255.255.255.0 2811A(config-if)#no shutdown Router(config-if)#interface fastethernet0/1 2811A(config-if)#ip address 172.16.20.1 255.255.255.0 2811A(config-if)#no shutdown 2811A(config)#exit 2811A#copy run start Destination filename [startup-config]? [enter] Building configuration... [OK] 2811A#

    2. Close the console screen. 3. Right-click on Host A. 4. Click on the Configs button.

    5. On Host A configure: IP Address Subnet Mask Default Gateway

    IP Address: 172.16.10.5 Subnet Mask: 255.255.255.0 Default Gateway: 172.16.10.1 6. Click the OK button and then the Close button. 7. Bring up the console screen for router 2811 A by double clicking on the router. Verify you can reach Host A. 2811A#ping 172.16.10.5 If all is well, you should get the following output from the router! Sending 5, 100-byte ICMP Echos to 172.16.10.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms 2811A# 8. Configure HTTPS on the router 2811 A and verify your configurations. 2811A(config-if)#exit 2811A(config)#ip http server 2811A(config)#ip http secure-server % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] 2811A(config)#ip http authentication local 2811A(config)#username cisco privilege 15 password 0 cisco 2811A(config)#line console 0 2811A(config-line)#login local

    2811A(config-line)#line vty 0 1180 2811A(config-line)#privilege level 15 2811A(config-line)#login local 2811A(config-line)#transport input telnet 2811A(config-line)#transport input telnet ssh 2811A(config-line)#exit 2811A(config)#do show run Note: Before IOS version 12.3, you could not use the do command. You had to be in user or privileged mode in order to ping other devices or view configurations. However, beginning with IOS version 12.3 you can use the do command in the configuration mode to accomplish this. You should now be able to launch the SDM. Rename and Save Your File: Make sure you save the actual network layout file that you have been working with. You might want to save it to another file name than SDM Layout.rsm. This allows you to start over with a non-configured network if you wish. 1. There are two ways you can save a network layout. The first way is by clicking on the Diskette button on the button bar, at the top of the Network Visualizer screen. You can also click File on the menu and choose Save from the drop down menu.

    2. A dialog box will appear. At the bottom you will see the file name SDM Layout.rsm. Rename the file. For example, you could name it My SDM Layout.rsm.

    3. 4.

    Click the Save button. At this point your network layout has been saved to a new name. You then have the option of reloading SDM Layout.rsm which is non-configured.

    Lab 5.2: Connecting to the SDM using the 2811 Router


    Now that we have configured router 2811 A with HTTPS, we can launch SDM via Host A.

    Network Layout: Load SDM Layout.rsm or whatever you named the file when you saved your work.

    Lab Steps
    1. Put your cusor over Host A and click your right mouse button.

    2. Click the Web Browser button. 3. When the web browser appears, enter the URL https://172.16.10.1 and press enter. 4. Select Yes when the Security Alert Dialog appears. Please Note: The following screen may be different, depending on the web browser that you use.

    5. When the username and password dialog appears, enter the username and password that you created, in lab 5.1, Step 8.

    Username: cisco Password: cisco 6. The SDM Launch screen will appear.

    Please Note: Do not close this window, it will shut down the SDM. Just minimize the window until you shut down SDM. 7. When the Warning Security Dialog appears, check the Always trust content from publisher option and then select Yes.

    8. When the username and password dialog appears again, enter the username and password that you created, in lab 5.1, Step 8. Username: cisco Password: cisco 9. When the Change Default User Name and Password dialog screen appears, change your username and password.

    Please Note: You will not see the following screen after your initial launch of the SDM.

    You will be prompted to enter the new username and password that you just created. The SDM will load the configuration from router 2811A and you should now be connected to the router via the SDM application.

    10. When you are finished with the SDM, close the SDM application, SDM launch page, and the Web browser.

    Lab 5.3: Configuring an Interface with SDM


    In this lab you will learn how to configure an IP address on a router interface of 2811 A, using the SDM. Please Note: You must manually configure the interface of the 2811 A router before using the SDM to modify it. See Lab 5.1 on how to configure router 2811 A. If the SDM is not running, refer to lab 5.2 on how to load it.

    Network Layout: Load SDM Layout.rsm or whatever you named the file when you saved your work.

    Now that you have the SDM application up and running, you will see the main SDM window.

    Lab Steps
    1. Click on the Configure button (upper left corner of the screen) and a configuration window is displayed.

    2. Then click on the Interface and Connections button.

    3. Click the Edit Interface/Connection tab, and the Edit Interface connection tab is displayed. 4. Double click on the line that displays FastEthernet0/1

    . . . and the Interface Feature Edit Dialog screen appears:

    5. With the Interface Feature Edit dialog open, you can enter a new IP Address and subnet mask in the appropriate fields. 6. Click the OK button to change the IP Address and subnet mask or click the Cancel button to exit. When a new configuration is sent to the router a Command Delivery Status dialog appears. Please Note: When a new configuration is sent to the router a Command deliver window appears.

    7. Save your configuration by clicking the Save button at the top of the screen.

    You will see the following dialog box. Click the Yes button to continue.

    Lab 5.4: Configuring a DHCP Pool with SDM


    This lab will have you use the SDM to configure a DHCP Pool on your 2811 A router. Please Note: You must manually configure the interface of the 2811 A router before using the SDM to modify it. See Lab 5.1 on how to configure router 2811 A. If the SDM is not running, refer to lab 5.2 on how to load it. Network Layout: Load SDM Layout.rsm or whatever you named the file when you saved your work.

    Lab Steps
    1. Click on the Additional Tasks button located on the sidebar menu at the bottom left of the screen. If the Additional Task button is not visible, scroll the side bar menu down until it appears. The Additional Task window will appear

    2. Expand the DHCP tree item by clicking the plus sign next to DHCP.

    3. Click on DHCP Pools and the DHCP Pools window will appear.

    4. Click the Add button and the DHCP Pool Dialog screen will appear.

    5. Configure your DHCP pool and then select the OK button.

    Please Note: When a new configuration is sent to the router a Command Delivery Status window appears.

    6. Save your configuration by clicking the Save button.

    Lab 5.5: Configuring Other Items with SDM


    This lab will have you use the SDM to configure the hostname, the banner (message of the day), the IP domain-name, and the enable secret password. Please Note: You must manually configure the interface of the 2811 A router before using the SDM to modify it. See Lab 5.1 on how to configure router 2811 A. If the SDM is not running, refer to lab 5.2 on how to load it. Network Layout: Load SDM Layout.rsm or whatever you named the file when you saved your work.

    Lab Steps
    1. Click on the Router Properties tree item and the Device Properties screen will appear.

    2. Click the Edit button on the upper right side of the screen and the Device Properties dialog screen will appear.

    3. Enter a hostname, an IP domain-name, and the message of the day banner.

    4. With the Device Properties dialog still open, click on the Secret Password tab and configure your new password and then click OK.

    Please Note:When a new configuration is sent to the router a Command Delivery Status dialog appears.

    5. Save your configuration by clicking the Save button.

    Lab 5.6: Verify Your Configurations with SDM


    This lab will have you verify your new router configurations.

    Please Note: You must manually configure the interface of the 2811 A router before using the SDM to modify it. See Lab 5.1 on how to configure router 2811 A. If the SDM is not running, refer to lab 5.2 on how to load it. Network Layout: Load SDM Layout.rsm or whatever you named the file when you saved your work.

    Lab Steps
    1. From your current SDM window, click on the Home button located at the top of the screen. You should see the following screen:

    2. Click on the View Running Config button on the middle right area of the screen. The Show Running

    Configuration screen will appear.

    3. Scroll through the running configuration so you can view your configurations.

    4. Click the Close button when you are finished. 5. Close the SDM application. 6.

    Lab 5.7: Configuring the Routers


    In this lab you will interact with routers, starting with 2621 A and working through 2811 A, and then finishing with router 2621 B. After the configurations are complete, we will then build the routing tables. Suggested Reading: Please read chapter 6 in the Sybex CCNA Study Guide, Sixth Edition, before performing the following labs. Network Layout: Load Standard Layout.rsm before going through the following lab. 1. On the Network Visualizer screen, click on the File menu and then click Open. 2. When the dialog box appears, make sure you are in the Networks folder. 3. Click on the file Standard Layout.rsm and click OK.

    Lab Steps
    1. Double-click 2621 Router A. After the console screen comes up set the Hostname Passwords Interface descriptions Banners IP addresses of each interface Router>enable Router#config t Router(config)#hostname 2621A 2621A(config)#enable secret todd 2621A(config)#line console 0 2621A(config-line)#password todd 2621A(config-line)#login 2621A(config-line)#line aux 0 2621A(config-line)#password todd 2621A(config-line)#login 2621A(config-line)#line vty 0 4 2621A(config-line)#password todd 2621A(config-line)#login 2621A(config-line)#interface fastethernet 0/0 2621A(config-if)#ip address 172.16.40.1 255.255.255.0 2621A(config-if)#description connection to LAN 40 2621A(config-if)#no shutdown 2621A(config-if)#interface serial 0/0

    2621A(config-if)#ip address 172.16.20.2 255.255.255.0 2621A(config-if)#description connection to 2811A 2621A(config-if)#no shutdown 2621A(config-if)#exit 2621A(config)#banner motd # This is the router 2621A # 2621A(config)#exit 2621A#copy run start Destination filename [startup-config]? [enter] Building configuration... [OK] 2621A# 2. Double-click 2811 Router A. After the console screen comes up set the Hostname Passwords Interface descriptions Banners IP addresses of each interface Router>enable Router#config t Router(config)#hostname 2811A 2811A(config)#enable secret todd 2811A(config)#line console 0 2811A(config-line)#password todd 2811A(config-line)#login 2811A(config-line)#line aux 0 2811A(config-line)#password todd 2811A(config-line)#login 2811A(config-line)#line vty 0 1180 2811A(config-line)#password todd 2811A(config-line)#login 2811A(config-line)#interface fastethernet 0/0

    2811A(config-if)#ip address 172.16.10.1 255.255.255.0 2811A(config-if)#description connection to LAN 10 2811A(config-if)#no shutdown 2811A(config-if)#interface serial 0/1/1 2811A(config-if)#ip address 172.16.20.1 255.255.255.0 2811A(config-if)#description connection to 2621A 2811A(config-if)#no shutdown 2811A(config-if)#interface serial 0/0/1 2811A(config-if)#ip address 172.16.30.1 255.255.255.0 2811A(config-if)#description connection to 2621B 2811A(config-if)#no shutdown 2811A(config-if)#exit 2811A(config)#banner motd # This is the router 2811A # 2811A(config)#exit 2811A#copy run start Destination filename [startup-config]? [enter] Building configuration... [OK] 2811A#

    clock rate - it is important to understand clocking on and interface. On a real connection, clocking issues will typically cause data loss and or packet errors. You will also see framing slips on a carrier circuit when there is a clocking issue. You do not have to set a clock rate if the DCE side of your connection is a 2811 router. The clock rate for the serial interface is set by default to 2000000. However, on the 2621 router you still need to explicity set the clock rate. In our lab the DCE side of the connection is interface serial 0/1/1 and serial 0/0/1.

    finding DCE - DCE (data communications equipment) is the side of the connection that provides the clocking. Unless it is a 2811 router, you would enter the clock rate on the DCE side of a connection between routers. If you cannot remember what side of your connection is DCE, you can use the show controllers command. Here is an example:

    2811#show controllers s0/1/1 Interface Serial0/1/1 Hardware is GT96K DCE V.35, clock rate 2000000 idb at 0x454E69C8, driver data structure at 0x454EE0EC wic_info 0x454EE6E8 Physical Port 0, SCC Num 0 [output cut] The DCE connection is associated with s0/1/1 and a clockrate of 2000000 3. Double-click 2621 Router B. After the console screen comes up set the Hostname Passwords Interface descriptions Banners IP addresses of each interface Router>enable Router#config t Router(config)#hostname 2621B 2621B(config)#enable secret todd 2621B(config)#line console 0 2621B(config-line)#password todd 2621B(config-line)#login 2621B(config-line)#line aux 0 2621B(config-line)#password todd 2621B(config-line)#login 2621B(config-line)#line vty 0 4 2621B(config-line)#password todd 2621B(config-line)#login 2621B(config-line)#interface fastethernet 0/1 2621B(config-if)#ip address 172.16.50.1 255.255.255.0 2621B(config-if)#description connection to LAN 50 2621B(config-if)#no shutdown 2621Bconfig-if)#interface serial 0/0 2621B(config-if)#ip address 172.16.30.2 255.255.255.0

    2621B(config-if)#description connection to 2811A 2621B(config-if)#no shutdown 2621B(config-if)#exit 2621B(config)#banner motd # This is the router 2621B # 2621B(config)#exit 2621B#copy run start Destination filename [startup-config]? [enter] Building configuration... [OK] 2621B# Rename and Save Your File: Make sure you save the actual network layout file that you have been working with. You might want to save it to another file name than Standard Layout.rsm. This allows you to start over with a non-configured network if you wish. 1. There are two ways you can save a network layout. The first way is by clicking on the Diskette button on the button bar, at the top of the Network Visualizer screen. You can also click File on the menu and choose Save from the drop down menu.

    2. A dialog box will appear. At the bottom you will see the file name Standard Layout.rsm. Rename the file. In the following example it is renamed My Standard Layout.rsm.

    3. 4.

    Click the Save button. At this point your network layout has been saved to a new name. You then have the option of reloading Standard Layout.rsm which is non-configured.

    Lab 5.8: Verifying the Configurations


    Understanding how to configure routers is very important. But just as important as the understanding of configuring routers is the process of verifying your configurations. This lab will provide you with the commands to verify your routers configurations. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work.

    Lab Steps
    1. Starting at the 2621 A router and finishing at the 2621 B router, run the following two commands: 2621A#show running-config Building configuration... Current configuration : 625 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 2621A ! enable secret 5 $1$u76B$IOFVJ7VxfVXYVpGDrFTcI0 ! ip subnet-zero ! ! ! ! ! interface FastEthernet0/0 description connection to LAN 40 [output cut]

    2621A#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR, P - periodic downloaded static route T - traffic engineered route Gateway of last resort is not set C C 172.16.0.0/24 is subnetted, 2 subnets 172.16.40.0 is directly connected, FastEthernet0/0 172.16.20.0 is directly connected, Serial0/0

    2621A#

    show ip route - is used to see the routing table on your router. It is important to notice that only the directly connected networks are showing in the routing tables being displayed. This means the routers can only route to directly connected networks. In order to send packets to another network not in the current routing table, we must configure the router with static or dynamic routing so that the router knows how to get to the remote network. Notice that the running-config shows the complete configuration your router is running. 2. Run through the verification commands on the other routers. 2811A#show running-config 2811A#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR, P - periodic downloaded static route T - traffic engineered route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 3 subnets C 172.16.30.0 is directly connected, Serial0/0/1 C 172.16.20.0 is directly connected, Serial0/1/1 C 172.16.10.0 is directly connected, FastEthernet0/0 2811A# 2621B#show running-config 2621B#show ip route

    Practice Scenario: IP Addressing Scheme and IP Services Configure DHCP


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, IP Addressing Scheme and IP Services, and Configure DHCP.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The senior network administrator at Green Product Inc has asked you, the junior network administrator to configure a DHCP address pool.

    Task:
    Configure a DHCP address pool on the InterVlan-RTR router

    The DHCP pool name is Fabrication_Network The DHCP pool network is 192.168.10.0/24 Exclude the first 50 addresses from the pool The default router is 192.168.10.1 The domain name is Green_Products_Inc.com The DNS server is 192.168.10.50 The DHCP lease time is 80 hours

    Lab 5.9: Configuring Static Routing


    This lab will have you build the routing tables by hand, which means you will create static routing tables on each router. This will allow you to route throughout the entire network. At this point you can only route to directly connected networks of each router. Remember that the routing will not work until all static routes are configured in all routers. static route - is a manually hard coded routing statement that creates a route in the routing table of a router. The static route specifies how the router will get to a certain network by using a certain path. Static routing refers to the manual method used to set up routing. This method has the advantage of being simple to create and predictable in its functionality. It is easy to manage in small networks but in larger ones it is difficult to set up and manage all possible static routes. Static routes are not dynamically responsive to topology changes in a network.

    Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work.

    Lab Steps
    1. From the 2621 A router, use the ip route command to configure static routing. The 2621 A router is connected to networks 172.16.20.0 and 172.16.40.0 and a static route must be configured for EVERY network that is not directly connected. The next hop gateway is always 172.16.20.1 (router 2811 A). 2621A#config t 2621A(config)#ip route 172.16.10.0 255.255.255.0 172.16.20.1 2621A(config)#ip route 172.16.30.0 255.255.255.0 172.16.20.1 2621A(config)#ip route 172.16.50.0 255.255.255.0 172.16.20.1 2621A(config)#exit 2621A#copy run start

    anatomy of a command:ip route 172.16.10.0 255.255.255.0 172.16.20.1 ip route - tells the system we are entering a static route 172.16.10.0 - this is the destination ip network address, where we want to send packets 255.255.255.0 - the mask of the destination ip network 172.16.20.1 - the IP address of the next hop used to reach the destination address 2. From the 2621 B router, use the ip route command to configure static routing. The 2621 B router is connected to networks 172.16.30.0 and 172.16.50.0 and a static route must be configured for EVERY network that is not directly connected. The next hop gateway is always 172.16.30.1 (router 2811 A). 2621B#config t 2621B(config)#ip route 172.16.10.0 255.255.255.0 172.16.30.1 2621B(config)#ip route 172.16.20.0 255.255.255.0 172.16.30.1 2621B(config)#ip route 172.16.40.0 255.255.255.0 172.16.30.1

    2621B(config)#exit 2621B#copy run start 3. From the 2811 A router, use the ip route command to configure static routing. The 2811 A router is connected to networks 172.16.10.0, 172.16.20.0 and 172.16.30.0 and a static route must be configured for EVERY network that is not directly connected. The next hop gateway will be either to the 2621 A router or the 2621 B router. 2811A#config t 2811A(config)#ip route 172.16.40.0 255.255.255.0 172.16.20.2 2811A(config)#ip route 172.16.50.0 255.255.255.0 172.16.30.2 2811A(config)#exit 2811A#copy run start

    directly connected routes - In the preceding set of ip route commands for router 2811 A, routes are not established for networks 20 and 30. The 2811 A router knows about these networks (routes) because they are directly connected to the router. Therefore you do not have to enter ip route commands for these two networks; only for networks that are not directly connected to the 2811 A router, such as networks 40 and 50. Save Your File: Make sure you save the network layout file that you have been working with.

    Lab 5.10: Verifying Static Routing


    It is important to be able to verify your configurations. The best command to use is show ip route. However, if a route is not in your routing table, make sure it is correctly configured in the runningconfig. If you see a routing entry in the running-config but it is not in the routing table, check the entry for a typo. If it is correct, then make sure the link to that network is up. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work.

    Lab Steps
    1. From the 2621 A router, use the show ip route command to verify your routing table. 2621A#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR, P - periodic downloaded static route T - traffic engineered route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 5 subnets S 172.16.30.0 [1/0] via 172.16.20.1 C 172.16.40.0 is directly connected, FastEthernet0/0 S 172.16.50.0 [1/0] via 172.16.20.1 C 172.16.20.0 is directly connected, Serial0/0 S 172.16.10.0 [1/0] via 172.16.20.1 2621A#

    Anatomy of a Routing Table

    Output

    Description

    Metric /24 means a class C network The 5 subnetted Class C networks are: 172.16.50.0 172.16.40.0 172.16.30.0 172.16.20.0 172.16.10.0 S means the route is a static route and was manually added using the ip route command [1/0] is the administrative distance (1) and routing metric (0)

    class B network 172.16.0.0 is subnetted into 5 class C 172.16.0.0/24 is subnetted, 5 subnets networks.

    S 172.16.30.0 [1/0] via 172.16.20.1 C 172.16.40.0 is directly connected, FastEthernet0/0

    any packets destined for network 172.16.30.0 are forwarded to the next hop router with the ip address of 172.16.20.1

    any packets destined for C means the route is directly connected to the local network 172.16.40.0 are routers FastEthernet0/0 interface The route is forwarded to the ip address automatically added to the local routing table when assigned to the FastEthernet0/0

    interface any packets destined for network 172.16.50.0 are forwarded to the next hop router with the ip address of 172.16.20.1 any packets destined for network 172.16.20.0 are forwarded to ip address assigned to the Serial0/0 interface any packets destined for network 172.16.10.0 are forwarded to the next hop router with the ip address of 172.16.20.1

    F0/0 is assigned an ip address, has a physical cable connection, and is turned up for service. S means the route is a static route and was manually added using the "ip route command [1/0] is the administrative distance (1) and routing metric (0) C means the route is directly connected to the local router's Serial0/0 interface The route is automatically added to the local routing table when S0/0 is assigned an ip address, has a physical cable connection, and is turned up for service. S means the route is a static route and was manually added using the ip route command [1/0] is the administrative distance (1) and routing metric (0)

    S 172.16.50.0 [1/0] via 172.16.20.1

    C 172.16.20.0 is directly connected, Serial0/0

    S 172.16.10.0 [1/0] via 172.16.20.1

    2. From the 2621 B router, use the show ip route command to verify your routing table. 2621B#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR, P - periodic downloaded static route T - traffic engineered route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 5 subnets C 172.16.30.0 is directly connected, Serial0/0 S 172.16.40.0 [1/0] via 172.16.30.1 C 172.16.50.0 is directly connected, FastEthernet0/0 S 172.16.20.0 [1/0] via 172.16.30.1 S 172.16.10.0 [1/0] via 172.16.30.1 2621B# 3. From the 2811 A router, use the show ip route command to verify your routing table. We will purposely go into the global configuration mode in order to use the do command. 2811A#config t 2811A(config#)do show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR, P - periodic downloaded static route T - traffic engineered route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 5 subnets C 172.16.30.0 is directly connected, Serial0/0/1 S 172.16.40.0 [1/0] via 172.16.20.2 S 172.16.50.0 [1/0] via 172.16.30.2 C 172.16.20.0 is directly connected, Serial0/1/1 C 172.16.10.0 is directly connected, FastEthernet0/0 2811A# 4. Once you verify the routing tables in all routers, use the ping command to verify IP connectivity between routers. 2621A#ping 172.16.50.1 2621A#ping 172.16.30.2 2621B#ping 172.16.40.1 2621B#ping 172.16.20.2

    Practice Scenario: Basic Cisco Router Operations Configure Static or Default Routes
    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, Basic Cisco Router Operations, and Configure Static or Default Routes - 1.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The senior network administrator at Smoke-Alarm Inc would like you to setup static routing on all network routers.

    Task:
    Configure static routing on the R&D_R1 router Configure static routing on the MARKETING_R1 router Configure static routing on the Plant-1 router

    Practice Scenario: Basic Cisco Router Operations Configure Static or Default Routes
    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, Basic Cisco Router Operations, and Configure Static or Default Routes - 2 .

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The senior network administrator at Widget Inc would like you to setup default routing.

    Task:
    Configure default routing on the R&D_R1 router Configure default routing on the Plant-1 router

    Lab 5.11: Configuring and Verifying the Hosts


    We will now configure all the hosts in the network and then verify the configurations. Network Layout: Load the network layout you have been working with for labs in section 5.

    Lab Steps
    1. Right-click on Host A.

    2. Click on the Configs button.

    3. On Host A configure: IP address Subnet Mask Default Gateway

    IP address - unique identification number for a device that is located on a network. An IP address is equivalent to the address of your home. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 172.16.10.6 could be an IP address.

    subnet mask - when you split up an IP network it is used to determine what section or subnet the ip address of networked device belongs to. An IP address has two parts, the network address and the host address. Let's examine IP address 172.16.10.6. Assuming this is part of a Class B network, the first two numbers (172.16) represent the Class B network address, and the second two numbers (10.6) identify a particular host on this network.

    default gateway - ip address configured on a networked device that allows that device to communicate outside of its own subnet. A default gateway is usually a layer 3 device like a router. When a network device wants to get to the Internet, it uses a default gateway. A default gateway ip address is equivalent to the on ramp of a highway.

    IP Address: 172.16.10.5 Subnet Mask: 255.255.255.0

    Default Gateway: 172.16.10.1 4. Click the OK button and then the Close button. 5. On Host B configure: IP address Subnet Mask Default Gateway

    IP Address: 172.16.10.6 Subnet Mask: 255.255.255.0 Default Gateway: 172.16.10.1 6. Click the OK button and then the Close button. 7. On Host C configure: IP address Subnet Mask Default Gateway

    IP Address: 172.16.10.7 Subnet Mask: 255.255.255.0 Default Gateway: 172.16.10.1 8. Click the OK button and then the Close button. 9. On Host D configure: IP address

    Subnet Mask Default Gateway

    IP Address: 172.16.10.8 Subnet Mask: 255.255.255.0 Default Gateway: 172.16.10.1 10. Click the OK button and then the Close button. 11. On Host E configure: IP address Subnet Mask Default Gateway

    IP Address: 172.16.40.3 Subnet Mask: 255.255.255.0 Default Gateway: 172.16.40.1 12. Click the OK button and then the Close button. 13. On Host F configure: IP address Subnet Mask Default Gateway

    IP Address: 172.16.50.3 Subnet Mask: 255.255.255.0 Default Gateway: 172.16.50.1 14. Click the OK button and then the Close button. 15. From each host, ping all other hosts. Here is an example where we ping all others hosts from Host. Double-click Host D on the network.

    C:\>ping 172.16.10.5 C:\>ping 172.16.10.6 C:\>ping 172.16.10.7 C:\>ping 172.16.40.3 C:\>ping 172.16.50.3 Save Your File: Make sure you save the network layout file that you have been working with.

    Lab 5.12: Configuring Default Routing


    Static routing is great in small networks, and is even better when you are trying to learn IP routing since you really have to understand how the network works to make static routing perform correctly. Configuring default routing on a router is not like setting the default gateway on a host. Remember that a router is the default gateway and you cannot set a default gateway on a router. However, you can set what is called a Gateway of Last Resort.

    Gateway of Last Resort - if a packet is destined for a network that is not listed in the routing table, the router will forward the packet to the default route. You can only configure default routing on a router that is connected to a stub network, which means that there is not another router on the connected networks. In other words, there is only one way in and out. Routers 2621 A and 2621 B are stub routers to the LANs because they are the only way in and out of the LAN. Router 2811 A cannot use default routing because it is connected to multiple routes.

    To configure default routing, use the ip route command, but instead of using the network and subnet mask, you use all zero (0 which mean all networks all masks. You must also use the ip classless s), command when using default routing. This tells the router to not drop packets, but instead to forward them to the default route address. Instead of typing all the commands by hand, you can use your up-arrow key to get the command you want to remove. Then press ctrll+a to move your cursor to the beggining of the line, then type no and press enter. This is just an easier way to remove the static routes. Network Layout: Load the network layout you have been working with for labs in section 5.

    Lab Steps
    1. Before configuring routers 2621 A and B with default routing, you must remove the static routes we created in lab 5.8. Use the no ip route command.

    2621A#config t 2621A(config)#no ip route 172.16.10.0 255.255.255.0 172.16.20.1 2621A(config)#no ip route 172.16.30.0 255.255.255.0 172.16.20.1 2621A(config)#no ip route 172.16.50.0 255.255.255.0 172.16.20.1 2621A(config)#exit 2621A#copy run start

    Anatomy of a command: no ip route 172.16.10.0 255.255.255.0 172.16.20.1 no ip route - tells the system we are removing a static route 172.16.10.0 - this is the destination ip network address, where we want to send packets 255.255.255.0 - the mask of the destination ip network 172.16.20.1 - the IP address of the next hop used to reach the destination address 2. Remove the static routes from the 2621 B router. 2621B#config t 2621B(config)#no ip route 172.16.10.0 255.255.255.0 172.16.30.1 2621B(config)#no ip route 172.16.20.0 255.255.255.0 172.16.30.1 2621B(config)#no ip route 172.16.40.0 255.255.255.0 172.16.30.1 2621B(config)#exit 2621B#copy run start 3. Verify the 2621A and B routers only have the directly connected networks in the routing table. 2621A#show ip route [output cut] Gateway of last resort is not set C C 172.16.0.0/24 is subnetted, 2 subnets 172.16.40.0 is directly connected, FastEthernet0/0 172.16.20.0 is directly connected, Serial0/0

    2621B#show ip route [output cut] Gateway of last resort is not set C C 172.16.0.0/24 is subnetted, 2 subnets 172.16.30.0 is directly connected, Serial0/0 172.16.50.0 is directly connected, FastEthernet0/0

    4. From the 2621 A router, add the default route to router 2811 A. The default route command will tell the router to send all packets destined for any network not in the routing table to the router 2811 A, which will then route the packet. 2621A#config t 2621A(config)#ip route 0.0.0.0 0.0.0.0 172.16.20.1 2621A(config)#ip classless 2621A(config)#exit

    Anatomy of a command: [default] ip route 0.0.0.0 0.0.0.0 172.16.20.1 ip route - tells the system we are removing a static route 0.0.0.0 - this is a destination ip network address prefix that is not in the local routing table 0.0.0.0 - this is a destination ip network mask prefix that is not in the local routing table 172.16.20.1 - the IP address of the next hop router where packets destined for networks that have no local routing table entry will be forwarded 5. From the 2621 B router, add the default route to router 2811 A. The default route command will tell the router to send all packets destined for any network not in the routing table to the router 2811 A, which will then route the packet. 2621B#config t 2621B(config)#ip route 0.0.0.0 0.0.0.0 172.16.30.1 2621B(config)#ip classless 2621B(config)#exit Save Your File: Make sure you save the network layout file that you have been working with.

    Lab 5.13: Verifying Default Routing


    To verify the configurations of the default route, use the show ip route and ping commands. Network Layout: Load the network layout you have been working with for labs in section 5.

    1. Verify that the network is working by using the show ip route command on router 2611 A to verify the routing tables. 2621A#show ip route [output cut] Gateway of last resort is 172.16.20.1 to network 0.0.0.0 172.16.0.0/24 is subnetted, 2 subnets C 172.16.40.0 is directly connected, FastEthernet0/0 C 172.16.20.0 is directly connected, Serial0/0 S* 0.0.0.0 [1/0] via 172.16.20.1 2621B#show ip route [output cut] Gateway of last resort is 172.16.30.1 to network 0.0.0.0 172.16.0.0/24 is subnetted, 2 subnets C 172.16.30.0 is directly connected, Serial0/0 C 172.16.50.0 is directly connected, FastEthernet0/0 S* 0.0.0.0 [1/0] via 172.16.30.1 Please Note: The Gateway of Last Resort has now been set because a default route was configured for each router. In router 2621 B, for example, it is denoted by the routing table entry S* 0.0.0.0 [1/0] via 172.16.30.1. 2. Verify your network is working. Ping each host from Host D. Double-click Host D on the network.

    C:\>ping 172.16.10.5 C:\>ping 172.16.10.6 C:\>ping 172.16.10.7 C:\>ping 172.16.40.3 C:\>ping 172.16.50.3 Save Your File: Make sure you save the network layout file that you have been working with.

    Lab 5.14: Configuring RIP Routing


    Configuring the routers with static and default routing is interesting to say the least. However, it is not very often that you would use just static and default routing in a network these days. This lab will configure Routing Information Protocol (RIP), one of the first dynamic routing protocols created. It is easy and works pretty well in small to medium size networks. dynamic routing - the process of routers in an intranet or internet advertising route information automatically between each other. There is typically a common dynamic routing protocol configured on each router. RIP Version 1 and 2, OSPF, EIGRP, and BGP are some examples of dynamic routing protocols. When all routers have received routing updates and have updated routing tables, the network is said to have converged. Convergence means that all routers in the internetwork have the same routing information. At this point, a routed protocol, IP for example, can send user data throughout the internetwork. Suggested Reading: Please read about RIP in chapter 6 of the Sybex CCNA Study Guide, Sixth Edition. Network Layout: Load the network layout you have been working with for labs in section 5.

    Lab Steps
    To configure RIP routing, you first have to remove the static and default routes configured on the routers. If not, you will have connectivity throughout the network and will not know if you have correctly set up RIP. Removing static and default routes will help you clearly determine when and if you have set up RIP throughout the network. Then use the router rip command to configure RIP. Then tell the routers which networks are advertised with RIP. 1. From the 2621 A router, delete the default route and then verify the routing table with the show ip route command. Only the directly connected networks should be in the routing table. 2621A#config t 2621A(config)#no ip route 0.0.0.0 0.0.0.0 172.16.20.1 2621A(config)#exit 2621A#show ip route [output cut] Gateway of last resort is not set C C 172.16.0.0/24 is subnetted, 2 subnets 172.16.40.0 is directly connected, FastEthernet0/0 172.16.20.0 is directly connected, Serial0/0

    2. From the 2621 B router, delete the default route and then verify the routing table with the show ip route command. Only the directly connected networks should be in the routing table. 2621B#config t 2621B(config)#no ip route 0.0.0.0 0.0.0.0 172.16.30.1 2621B(config)#exit 2621B#show ip route [output cut] Gateway of last resort is not set C 172.16.0.0/24 is subnetted, 2 subnets 172.16.30.0 is directly connected, Serial0/0

    172.16.50.0 is directly connected, FastEthernet0/0

    3. From router 2811 A, delete the static routes and then verify the routing table with the show ip route command. Only the directly connected networks should be in the routing table. 2811A#config t 2811A(config)#no ip route 172.16.40.0 255.255.255.0 172.16.20.2 2811A(config)#no ip route 172.16.50.0 255.255.255.0 172.16.30.2 2811A(config)#do show ip route [output cut] Gateway of last resort is not set C C C 172.16.0.0/24 is subnetted, 3 subnets 172.16.30.0 is directly connected, Serial0/0/1 172.16.20.0 is directly connected, Serial0/1/1 172.16.10.0 is directly connected, FastEthernet0/0

    Deleting the static and default routes was the hardest part of configuring RIP routing! Now, configure each router with RIP. 4. From the 2621 A router, configure RIP routing and tell RIP the network you want to advertise. RIP Stands for routing information protocol Sends routing-update messages at regular intervals (usually every 30 seconds) and when the network topology changes. Uses a single metric called a hop, which measures the distance between the source and destination. Is limited to a hop count of 15. It has a maximum hop count. This means a network cannot be more than 15 hops from the source to the destination. Otherwise the destination is deemed as unreachable. Has a timeout timer is used so that on a period basis (usually every 30 seconds) for each known route. If the timer times out this usually means that path is no longer available. Therefore that route is removed from routing tables. Does not support VLSM

    router rip command - turns on RIP routing.

    network command - should be entered for each of the networks that the router is connected to and is a part of the RIP network. In our network we have only one network, network 172.16.0.0.

    2621A#config t 2621A(config)#router rip 2621A(config-router)#network 172.16.0.0 2621A(config-router)#ctrl+z Thatall there is to it! Dynamic routing is easy on small networks. The important thing to notice here is s that the network address is a classful address, which means you use the classful boundary. classful routing - routing protocols (i.e., RIPv1 and IGRP) where subnet masks (routing masks) are not sent in the periodic routing updates. For example, we use 172.16.0.0 class B network address and subnet that network with 24 bits of subnetting. This means the third octet is used for subnets and the fourth octet is the host addresses for each subnet. RIP is a classful routing protocol, which means that you do not type in any subnet addresses, only the class B address. When using a classful network protocol like RIP, make sure that all networked devices have the same subnet mask. Suggested Reading: Please read about classful routing protocols in chapter 6 of the Sybex CCNA Study Guide, Sixth Edition. 5. From the 2621 B router, configure RIP routing and tell RIP the network you want to advertise. 2621B#config t 2621B(config)#router rip 2621B(config-router)#network 172.16.0.0 2621B(config-router)#ctrl+z 6. From the 2811 A router, configure RIP routing and tell RIP the network you want to advertise. 2811A#config t 2811A(config)#router rip 2811A(config-router)#network 172.16.0.0 2811A(config-router)#ctrl+z Save Your File: Make sure you save the network layout file that you have been working with.

    Lab 5.15: Verifying RIP Routing


    Configuring RIP is pretty easy, especially in small networks. It is important to be able to verify RIP on Cisco routers. This lab will provide you with the commands to verify RIP.

    Network Layout: Load the network layout you have been working with for labs in section 5.

    Lab Steps
    1. From the 2621 A router, use the show ip route command to verify the routing table. 2621A#show ip route 172.16.0.0/24 is subnetted, 4 subnets R C C R R 172.16.30.0 [120/1] via 172.16.20.1, 00:00:13, Serial0/0 172.16.40.0 is directly connected, FastEthernet0/0 172.16.20.0 is directly connected, Serial0/0 172.16.10.0 [120/1] via 172.16.20.1, 00:00:13, Serial0/0 172.16.50.0 [120/1] via 172.16.20.1, 00:00:13, Serial0/0

    Notice the R, which means it is a RIP found route. The C is a directly connected network. You should see two directly connected routes and three RIP routes. 2. From the 2621 B router, use the show ip route command to verify the routing table. 2621B#show ip route C R C R R 172.16.0.0/24 is subnetted, 5 subnets 172.16.30.0 is directly connected, Serial0/0 172.16.40.0 [120/2] via 172.16.30.1, 00:00:21, Serial0/0 172.16.50.0 is directly connected, FastEthernet0/0 172.16.20.0 [120/1] via 172.16.30.1, 00:00:21, Serial0/0 172.16.10.0 [120/1] via 172.16.30.1, 00:00:21, Serial0/0

    3. From the 2811 A router, use the show ip route command to verify the routing table. 2811A#show ip route C R R C C 172.16.0.0/24 is subnetted, 5 subnets 172.16.30.0 is directly connected, Serial0/0/1 172.16.40.0 [120/1] via 172.16.20.2, 00:00:27, Serial0/1/1 172.16.50.0 [120/1] via 172.16.30.2, 00:00:27, Serial0/0/1 172.16.20.0 is directly connected, Serial0/1/1 172.16.10.0 is directly connected, FastEthernet0/0

    4. From the 2621 B router, use the debug ip rip command to see RIP updates being sent and received on the router. 2621B#debug ip rip RIP protocol debugging is on 2621B# then after a few seconds .... *Oct *Oct *Oct *Oct *Oct *Oct *Oct *Oct *Oct *Oct *Oct 13 17:19:25.906: RIP: received v1 update from 172.16.30.1 on Serial0/0 13 17:19:25.906: 172.16.40.0 in 2 hops 13 17:19:25.906: 172.16.20.0 in 2 hops 13 17:19:25.906: RIP: received v1 update from 172.16.30.1 on Serial0/0 13 17:19:25.906: 172.16.40.0 in 3 hops 13 17:19:25.906: 172.16.20.0 in 3 hops 13 17:19:25.906: RIP: received v1 update from 172.16.30.1 on Serial0/0 13 17:19:25.906: 172.16.40.0 in 4 hops 13 17:19:25.906: 172.16.20.0 in 4 hops 13 17:19:25.906: RIP: received v1 update from 172.16.30.1 on Serial0/0 13 17:19:25.906: 172.16.40.0 in 5 hops

    [output cut] 5. To turn off debugging, use the no debug ip rip command, or the undebug all command. 2621B#undebug all 6. To see detailed information about currently configured protocols on a router, use the show ip protocols command. 2621B#show ip protocols Routing Protocol is "rip" Sending updates every 30 seconds, next due in 27 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Triggered RIP Key-chain Serial0/0 1 12 FastEthernet0/0 1 1 2 Automatic network summarization is in effect Maximum path: 4 Routing for networks: 172.16.0.0 Routing information sources: Gateway Distance Last Update 172.16.30.1 120 00:00:03 Distance: <default is 120>

    2621B# Notice the timers. RIP is sent out every 30 seconds by default. The administrative distance for RIP is 120 by default. administrative distance - is a measure of the trustworthiness of the source of the routing information. It is reported as a number between 0 and 255. The smaller the number, the more reliable the protocol. If you have, for example, two protocols IGRP and RIP configured on a router, the IGRP routes will be preferred over the RIP routes. This is because you have an administrative distance of 120 for RIP and 100 for IGRP.

    Source Connected interface Static route Enhanced Interior Gateway Routing Protocol (EIGRP) summary route External Border Gateway Protocol (BGP) Internal EIGRP IGRP OSPF Intermediate System-to-Intermediate System (IS-IS) Routing Information Protocol (RIP) Exterior Gateway Protocol (EGP) On Demand Routing (ODR) External EIGRP Internal BGP Unknown

    Default Distance Value 0 1 5 20 90 100 110 115 120 140 160 170 200 255

    7. Another really good command is the show protocols command, which shows you the routed protocol configuration of each interface. 2621B#show protocols Global values: Internet protocol routing is enabled Serial0/1 is administratively down, line protocol is down Serial0/0 is up, line protocol is up Internet address is 172.16.30.2/24 FastEthernet0/1 is administratively down, line protocol is down FastEthernet0/0 is up, line protocol is up Internet address is 172.16.50.1/24 8. From the 2811 A router, use the show protocols command. 2811A#show protocols Global values: Internet protocol routing is enabled Serial0/0/0 is administratively down, line protocol is down Serial0/0/1 is up, line protocol is up Internet address is 172.16.30.1/24 Serial0/1/0 is administratively down, line protocol is down Serial0/1/1 is up, line protocol is up Internet address is 172.16.20.1/24 FastEthernet0/0 is up, line protocol is up Internet address is 172.16.10.1/24

    Lab 5.16: Configuring RIPv2


    This lab will have you configure RIPv2. RIPv2 - RIP does not carry subnet information. To overcome this, RIPv2 was created in 1994 to address some deficiencies in RIP. RIPv2 can carry subnet information. RIPv2 sends routing updates via multicast address 224.0.0.9. It also provides support for variable length subnet masks (VLSM) and discontiguous networking. RIPv2 is not automatically turned on with the router rip command. You must also specify it and use the version 2 command.

    VLSM (Variable Length Subnet Mask) - the network ip address 192.168.10.0/24 can be used to create subnets that have different subnet masks. You can create subnets 192.168.10.36/30 and 192.168.10.80/29 out of the 192.168.10.0/24 network ip address. You can use the 192.168.10.36/30 networks on your WAN links and 192.168.10.80/29 on one of your LAN segments. It is useful to use VLSM when you have different numbers of networked devices at each of your branch offices. VLSM helps ip administrators use their ip

    address resources more efficiently.

    discontiguous networking - when a major network like 192.168.10.0 is separated by a different major network like 10.0.0.0. Example: The 192.168.10.0/24 network can be subnetted into two or more networks. The networks 192.168.10.36/30 and 192.168.10.80/29 are configured on different routers. The routers are using the 10.0.0.0 network to connect to each other, thus one major network being separated by another major network. Network Layout: Load the network layout you have been working with for labs in section 5.

    Lab Steps
    1. From the 2621 A router, configure RIP routing to use version 2. 2621A#config t 2621A(config)#router rip 2621A(config-router)#version 2 2621A(config-router)#ctrl+z Thatall there is to it! Since we have already added our directly connected networks under router rip in s our last lab, we now just have to tell it to run version 2. 2. From the 2621 B router, configure RIP routing to use version 2. 2621B#config t 2621B(config)#router rip 2621B(config-router)#version 2 2621B(config-router)#ctrl+z 3. From the 2811 A router, configure RIP routing to user version 2. 2811A#config t 2811Aconfig)#router rip

    2811A(config-router)#version 2 2811A(config-router)#ctrl+z

    Lab 5.17: Verifying the RIPv2 Configurations


    Now, understand that we did not save bandwidth or CPU cycles on our routers by turning on version 2. The only new feature that is now provided is VLSM support. Network Layout: Load the network layout you have been working with for labs in section 5.

    Lab Steps
    1. From the 2621 A router, use the show ip route command to verify the routing table. 2621A#show ip route 172.16.0.0/24 is subnetted, 4 subnets R C C R R 172.16.30.0 [120/1] via 172.16.20.1, 00:00:13, Serial0/0 172.16.40.0 is directly connected, FastEthernet0/0 172.16.20.0 is directly connected, Serial0/0 172.16.10.0 [120/1] via 172.16.20.1, 00:00:13, Serial0/0 172.16.50.0 [120/1] via 172.16.20.1, 00:00:13, Serial0/0

    Notice the R, which means it is a RIP found route. The C is a directly connected network. The routing tables will look the same as version 1 unless you have VLSM networks configured. 2. From the 2621 B router, use the show ip route command to verify the routing table. 2621B#show ip route C R C R R 172.16.0.0/24 is subnetted, 5 subnets 172.16.30.0 is directly connected, Serial0/0 172.16.40.0 [120/2] via 172.16.30.1, 00:00:09, Serial0/0 172.16.50.0 is directly connected, FastEthernet0/0 172.16.20.0 [120/1] via 172.16.30.1, 00:00:09, Serial0/0 172.16.10.0 [120/1] via 172.16.30.1, 00:00:09, Serial0/0

    3. From the 2811 A router, use the show ip route command to verify the routing table. 2811A#show ip route 172.16.0.0/24 is subnetted, 5 subnets C 172.16.30.0 is directly connected, Serial0/0/1 R 172.16.40.0 [120/1] via 172.16.20.2, 00:00:09, Serial0/1/1 R 172.16.50.0 [120/1] via 172.16.30.2, 00:00:09, Serial0/0/1 C 172.16.20.0 is directly connected, Serial0/1/1 C 172.16.10.0 is directly connected, FastEthernet0/0 4. From the 2621A router, use the debug ip rip command to see RIP updates being sent and received on the router. 2621A#debug ip rip 5. To turn off debugging, use the no debug ip rip command, or the undebug all command. 2621A#undebug all 6. To see the routing protocol timers, use the show ip protocols command. 2621A#show ip protocols Notice the timers. RIP is sent out every 30 seconds by default. The administrative distance is 120 by default. Both RIPv1 and RIPv2 use the same timers. 7. Another really good command is the show protocols command, which shows you the routed protocol configuration of each interface. 2621A#show protocols Routing Protocol is "rip" Sending updates every 30 seconds, next due in 27 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: rip Default version control: send version 1, version 2 Interface Send Recv Triggered RIP Key-chain Serial0/0 1 12 FastEthernet0/0 1 1 2 Automatic network summarization is in effect Maximum path: 4 Routing for networks: 172.16.0.0 Routing information sources: Gateway Distance Last Update 172.16.30.1 120 00:00:03 Distance: <default is 120> 2621B#

    Practice Scenario: Basic Cisco Router Operations Configure RIP Version 2


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, Basic Cisco Router Operations, and Configure RIP V2 .

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    CAMALOT Research Company has a simple inter-network. The senior network administrator has asked you, the junior network administrator to configure the RIP V2 routing protocol so that the simple inter-network can communicates.

    Task:
    Configure RIP V2 on all routers. Network Addresses KING_ARTHUR 192.168.100.0/24 192.168.200.0/24 192.168.80.0/24 192.168.100.0/24 192.168.90.0/24 192.168.200.0/24 192.168.70.0/24

    PHOENIX

    MERLIN

    Lab 6: Introduction to Managing a Cisco Internetwork


    In this section, you will learn how to manage Cisco routers in an internetwork. The Internetworking Operating System (IOS) and configuration files reside in different locations in a Cisco device, and it is important to understand where these files are located and how they work. Host E is running a TFTP server daemon and will be used in this section to both back up and restore the Cisco IOS and configuration of the 2621 A router. Suggested Reading: Please read chapter 5 in the Sybex CCNA Study Guide, Sixth Edition, before performing the following labs. The following labs are covered: Lab 6.1: Password Recovery Techniques Lab 6.2: Backing up a Cisco IOS to a TFTP server Lab 6.3: Upgrading or restoring a Cisco IOS from a TFTP server Lab 6.4: Backing up a Cisco router configuration using a TFTP server Lab 6.5: Restoring a Cisco router configuration from a TFTP server Lab 6.6: Using the Cisco Discovery Protocol to gather information about neighbor devices Lab 6.7: Using Telnet Lab 6.8: Using Secure Shell in Place of Telnet Lab 6.9: Verifying Secure Shell in Place of Telnet Lab 6.10: Create a hosts table on a router and resolve host names to IP addresses The commands covered in this chapter are as follows: Command cdp enable cdp holdtime cdp run cdp timer config-register (confreg) copy flash tftp copy run start copy run tftp copy tftp flash copy tftp run ctrl+shift+6, then X (keyboard combination) Description Turns on CDP on an individual interface Changes the holdtime of CDP packets Turns on CDP on a router Changes the CDP update timer Tells the router how to boot and to change the configuration register setting Copies a file from flash memory to a tftp host Copies the running-config file to the startup-config file Copies the running-config file to a tftp host Copies a file from a tftp host to flash memory Copies a configuration from a tftp host to the running-config file Used to take you back to the originating router when you telnet to numerous routers

    disconnect erase startup-config exit ip host no cdp enable no cdp run no ip host o/r 0x2142 show cdp show cdp entry * show cdp neighbor show cdp neighbor detail show cdp traffic show flash show hosts show run show sessions show start show version

    Disconnects a connection to a remote router from the originating router Deletes the contents of NVRAM on a router Disconnects a connection to a remote router via Telnet Creates a host table on a router Turns off CDP on an individual interface Turns off CDP completely on a router Removes a hostname from a host table Changes a router to boot without using the contents of NVRAM Displays the CDP timer and holdtime frequencies Same as show cdp neighbor detail, but does not work on a 1900 switch Shows the directly connected neighbor and the details about them Shows the IP address and IOS version and type, and includes all of the information from the show cdp neighbor command. Shows the CDP packets sent and received on a device and any errors Views the files in flash memory Shows the contents of the host table Displays the running-config file Shows your connections via Telnet to remote devices Displays the startup-config file Displays the IOS type and version as well as the configuration register

    Lab 6.1: Password Recovery Techniques


    All Cisco routers have a 16-bit software register, which is written into NVRAM. By default, the configuration register is set to load the Cisco IOS from flash memory and to look for and load the startup-config file from NVRAM. By changing the configuration register, you can perform password recovery on a Cisco router. If you are locked out of a router because you forgot the password, you can change the configuration register to help you recover. Bit 6 in the configuration register is used to tell the router whether or not to use the contents of NVRAM to load a router configuration. The default configuration register value for bit 6 is 0x2102 (the 0 is bit 6), which means that bit 6 is off. With the default setting, the router will look for and load a router configuration stored in NVRAM (startup-config). To recover a password, you need to turn on bit 6, which will tell the router to ignore the NVRAM contents. The configuration register value to turn on bit 6 is 0x2142. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work while working in section 5.

    Lab Steps
    1. You can see the current value of the configuration register by using the show version command (sh version or show ver for short), as in the following example on the 2621 A router: 2621A#show version Cisco Internetwork Operating System Software IOS (tm) C2621 Software (C2621-BIN-M), Version 12.2(13)T1, RELEASE SOFTWARE (fc1) [output cut] Configuration register is 0x2102 The last information given from this command is the value of the configuration register. In this example, the value is 0x2102, which is the default setting. 2. You can change the configuration register by using the config-register command. For example, the following commands tell the router to boot from ROM monitor mode and then to verify the current configuration register value: 2621A(config)#config-register 0x0101 2621A(config)#ctrl+z 2621A#sh ver [output cut] Configuration register is 0x2102 (will be 0x0101 at next reload) Notice that the show version command shows the current configuration register value, as well as what it will be when the router reboots. Any change to the configuration register will not take effect until the router is reloaded. Suggested Reading: Please see chapter 5 in the Sybex CCNA Study Guide, Sixth Edition, for a complete listing of configuration-register commands. 3. From the 2621 A router, type reload at the privileged mode prompt. 2621A#copy running-config startup-config 2621A#reload

    4. When the router is rebooting, press and hold ctrl+break on the keyboard, until it takes you into rom monitor mode. System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. TAC:Home:SW:IOS:Specials for info PC = 0xfff0a530, Vector = 0x500, SP = 0x680127b0 C2621 platform with 32768 Kbytes of main memory PC = 0xfff0a530, Vector = 0x500, SP = 0x80004374 monitor: command "boot" aborted due to user interrupt rommon 1 > 5. To change the bit value on a Cisco 2621 series router, simply enter the confreg (meaning config register) command at the >rommon 1> prompt: rommon 1 >confreg 0x2142 You must reset or power cycle for new config to take effect. 6. At this point, reset the router. rommon 1 >reset 7. When the router reloads, say no to entering setup mode. 8. Enter privledged mode and then type copy startup-config running-config. 9. Change your passwords and then save your configuration with the copy run start command. 10. Change your configuration register back to 0x2102. rommon 1 > confreg 0x2102

    Viewing Passwords on Net Configs screen If you want to take a peak at all the passwords set for the currently loaded network, you can view these on the Net Configs screen. 1. Click Tools on the main menu of the Network Visualizer screen. Then click the Net Configs submenu selection. Or, right mouse click on the Network Visualizer screen and choose Net Configs from the pop-up menu. From the main menu From the pop-up window

    The following information will appear on the Net Configs screen, displaying passwords for every network device.

    Lab 6.2: Backing Up the Cisco IOS


    Before you upgrade or restore a Cisco IOS, you should copy the existing file to a tftp host as a backup in case the new image does not work. You can use any tftp host to perform this function. By default, the flash memory in a router is used to store the Cisco IOS. The following sections describe how to check the amount of flash memory, copy the Cisco IOS from flash memory to a tftp host, and then copy the IOS from a tftp host to flash memory. flash memory - is computer memory that can hold information even when the device is powered down. Information can be be written to and stored in this memory. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work while working in section 5.

    Lab Steps
    1. Before you attempt to upgrade the Cisco IOS on your router with a new IOS file, you should verify that your flash memory has enough room to hold the new image. You can verify the amount of flash memory and the file or files being stored in flash memory by using the show flash command (sh fla for short): 2621A#show flash System flash directory: File Length Name/status 1 6973004 c2621-bin-mz.122-13.T1.bin [6973068 bytes used, 1415540 available, 8388608 total] 8192K bytes of processor board System flash (Read/Write) 2. The last line in the router output shows that the flash is 8192K or 8MB, which is plenty of room for a new file that we want to use that is 6MB in size. Once you verify that the flash memory can hold the IOS you want to copy into flash memory, you can continue with your backup operation. 3. The key to success in this backup routine is to make sure you have good connectivity to the tftp host. You can check this by pinging the device from the router console prompt, as in the following example: 2621A#ping 172.16.40.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.60.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms 4. After you ping the tftp host to make sure that IP is working, you can use the copy flash tftp command to copy the IOS to the tftp host, as shown below. Notice that after you enter the command, the name of the file in flash memory is displayed. This makes it easy for you. 2621A#copy flash tftp Source filename []? c2621-bin-mz.122-13.T1.bin

    Address or name of remote host []? 172.16.40.3 Destination filename [c2621-bin-mz.122-13.T1.bin]?(press enter) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [output cut] 6973004 bytes copied in 57.704 secs (120841 bytes/sec) 2621A# 5. In this example, the content of flash memory was copied successfully to the tftp host. The address of the remote host is the IP address of the tftp host. The source filename is the file in flash memory. This was a pretty simple process as long as your router can talk to the tftp host.

    Lab 6.3: Restoring or Upgrading the Cisco Router IOS


    You may need to restore the Cisco IOS to flash memory to replace an original file that has been damaged or to upgrade the IOS. You can download the file from a tftp host to flash memory by using the copy tftp flash command. This command requires the IP address of the tftp host and the name of the file you want to download to flash memory. Please Note: No real files are used in this lab. This is just an exercise to show how it is done.

    Lab Steps
    1. Type copy tftp flash command from the 2621A privileged mode prompt. You will see a message informing you that the router must reboot and run a ROM-based IOS image to perform this operation: 2621A#copy tftp flash Address or name of remote host []? 172.16.40.3 Source filename []? c2621-bin-mz.122-13.T1.bin Destination filename [c2621-bin-mz.122-13.T1.bin]? (press enter) %Warning:There is a file already existing with this name Do you want to over write? [confirm] (press enter) Accessing tftp://172.16.40.3/c2621-bin-mz.122-13.T1.bin... Erase flash: before copying? [confirm] (press enter) Erasing the flash filesystem will remove all files! Continue? [confirm] (press enter) Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Erase of flash: complete Loading c2621-bin-mz.122-13.T1.bin from 1.1.1.1 (via FastEthernet0/0): !!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [output cut] 2. After you tell the router where the file is and the filename, it asks you to confirm that you understand the contents of flash memory will be erased as shown in the output above. You are prompted twice, just to make sure that you really want to proceed with erasing flash memory.

    3. The row of e characters shows the contents of flash memory being erased. Each exclamation point (!) means that one UDP segment has been successfully transferred.

    Lab 6.4: Backing Up the Cisco Configuration


    Any changes that you make to the router configuration are stored in the running-config file. If you do not perform a copy run start command after you make a change to running-config, that change will be gone if the router reboots or gets powered down. You may want to make another backup of the configuration information as an extra precaution in case the router or switch completely dies or for documentation. The following lab describes how to copy the configuration of a router to a tftp host. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work while working in section 5.

    Lab Steps
    1. To copy the routerconfiguration from a router to a tftp host, you can use either the copy runnings config tftp or copy starting-config tftp command. Either command will back up the router configuration that is currently running in DRAM or that is stored in NVRAM. 2. To verify the configuration in DRAM, use the show running-config command (sh run for short), as follows: 2621A#sh run Building configuration... Current configuration: ! version 12.2 [output cut] The current configuration information indicates that the router is now running version 12.2 of the IOS. 3. Next, you should check the configuration stored in NVRAM. To see this, use the show startupconfig command (sh start for short), as follows: 2621A#sh start

    Using 781 out of 32762 bytes ! version 12.2 [output cut] The second line shows how much room your backup configuration is using. In this example, NVRAM is 32KB and only 781 bytes of it are used. Notice that the version of configuration in NVRAM is 12.2 If you are not sure that the files are the same, and the running-config file is what you want to use, then use the copy running-config startup-config to make sure both files are the same. By copying runningconfig to NVRAM as a backup, as shown below, you are assured that your running-config will always be reloaded if the router gets rebooted. 2621A#copy run start Destination filename [startup-config]?(press enter) Building configuration... [OK] 4. Now when you enter the show starting-config command, the version shows the latest configuration. 2621A#show startup-config Using 781 out of 32762 bytes ! version 12.2 5. Once the file is copied to NVRAM, you can make a second backup to a tftp host by using the copy running-config tftp command (copy run tftp for short), as follows: 2621A#copy run tftp Address or name of remote host []? 172.16.40.3 Destination filename [2621A-confg]? enter !! 487 bytes copied in 12.236 secs (40 bytes/sec) 2621A# 6. Notice that this took only two exclamation points (!), which are two UDP acknowledgments. If you have a hostname configured, the command will automatically use the hostname plus the extension confg as the name of the file.

    Lab 6.5: Restoring the Cisco Router Configuration from a TFTP Server
    If you have changed your routerrunning-config and want to restore the configuration to the version in s startup-config, the easiest way to do this is to use the copy startup-config running-config command (copy start run for short). You can also use the older Cisco command, config mem, to restore a

    configuration. Of course, this will work only if you first copied running-config into NVRAM before making any changes. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work while working in section 5.

    Lab Steps
    1. If you copied the routerconfiguration to a tftp host as a second backup, you can restore the s configuration using the copy tftp running-config command (copy tftp run for short) or the copy tftp startup-config command (copy tftp start for short), as shown below. 2621A#copy tftp run Address or name of remote host []? 172.16.40.3 Source filename []? 2621A-confg Destination filename [running-config]?(press enter) Accessing tftp://172.16.40.3/2621A-confg... Loading 2621A-confg from 172.16.40.3 (via Fastethernet 0/0): !! [OK - 487/4096 bytes] 487 bytes copied in 5.400 secs (97 bytes/sec) 2621A# 00:38:31: %SYS-5-CONFIG: Configured from tftp://172.16.40.3/2621A-confg 2621A# 2. 3. After you copy your configuration from a tftp host to your router, you must then enable your interfaces as they are automatically shut down.

    Lab 6.6: Using the Cisco Discovery Protocol to Gather Information about Neighbor Devices
    Cisco Discovery Protocol (CDP) is a proprietary protocol designed by Cisco to help administrators collect information about both locally attached and remote devices. You can gather hardware information, as well as protocol information about neighbor devices. This information is useful for troubleshooting and documenting the network. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work while working in section 5.

    Lab Steps
    Please Note: The 2621 A router and router 2621 B need to be configured in order for output to appear when you go through this lab. 1. First gather CDP information on your router by getting CDP Timers and Holdtime Information. Use the show cdp command (sh cdp for short) which shows information about two CDP global parameters that can be configured on Cisco devices. The output on a router looks like this: 2811A#sh cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled 2811A# CDP timer is how often CDP packets are transmitted to all active interfaces. CDP holdtime is the amount of time that the device will hold packets received from neighbor devices. Both the Cisco routers and the Cisco switches use the same parameters. 2. Use the global commands cdp holdtime and cdp timer to configure the CDP holdtime and timer on a router. 2811A#config t

    Enter configuration commands, one per line. End with CTRL/Z. 2811A(config)#cdp ? advertise-v2 CDP sends version-2 advertisements holdtime Specify the holdtime (in sec) to be sent in packets log Log messages generated by CDP run Enable CDP source-interface Insert the interface's IP in all CDP packets timer Specify rate (in sec) at which CDP packets are sent> 2811A(config)#cdp timer 90 2811A(config)#cdp holdtime 240 2811A(config)#ctrl+z 3. You can turn off CDP completely on the router with the no cdp run command from global configuration mode of a router. Enable CDP with the cdp run command. 2811A(config)#no cdp run 2811 (config)#cdp run 2811A(config)#ctrl+z 4. To turn off or on CDP on a router interface, use the no cdp enable and cdp enable commands. Enable CDP on the interface with the cdp enable command. 2811A(config)#interface fastethernet 0/0 2811A(config-if)#no cdp enable 2811A(config-if)#cdp enable 2811A(config)#ctrl+z 5. The show cdp neighbor command (sh cdp nei for short) shows information about directly connected devices. It is important to remember that CDP packets are not passed through a Cisco switch, and you only see what is directly attached. On a router connected to a switch, you will not see the other devices connected to the switch. The following output shows the show cdp neighbor command used on the 2811 A router. 2811A#sh cdp nei Device ID 2621B 2621A 2811A# The following table summarizes the information displayed by the show cdp neighbor command for each device. Field Device ID Local Description The hostname of the device directly connected. The port or interface on which you are receiving the CDP packet. Local Intrfce Ser 0/0 Ser 0/0 Holdtme Capability Platform Port ID 170 R 2621 Ser 0/0/1 170 R 2621 Ser 0/1/1

    Interface Holdtime The amount of time the router will hold the information before discarding it if no more CDP packets are received. The neighborcapability, such as router, switch, or repeater. The capability codes are listed at s the top of the command output. The type of Cisco device. In the above output, a 2811 router , two 2621 routers, a 3550 switch, and a 3560 switch are attached. The neighbor deviceport or interface on which the CDP packets are broadcasted out. s

    Capability

    Platform

    Port ID

    6. Another command that provides neighbor information is the show cdp neighbor detail command (show cdp nei de for short), which also can be run on the router or switch. This command shows detailed information about each device connected to the device, as in the router output below. 2811A#sh cdp neighbor detail ------------------------Device ID: 2621B Entry address(es): IP Address: 172.16.30.2 Platform: cisco 2621, Capabilities: Router Interface: Serial0/0, Port ID (outgoing port): Serial0/0/1 Holdtime : 146 sec Version : Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-BIN-M), Version 12.2(13)T1, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by Cisco Systems, Inc. Compiled Sat 04-Jan-03 05:58 by ccai advertisement version: 2 ------------------------Device ID: 2621A Entry address(es): IP Address: 172.16.20.2 Platform: cisco 2621, Capabilities: Router Interface: Serial0/0, Port ID (outgoing port): Serial0/1/1 Holdtime : 146 sec Version : Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-BIN-M), Version 12.2(13)T1, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by Cisco Systems, Inc. Compiled Sat 04-Jan-03 05:58 by ccai advertisement version: 2 -------------------------

    2811A# The output above shows the hostname and IP address of the directly connected devices. In addition to the same information displayed by the show cdp neighbor command, the show cdp neighbor detail command also shows the IOS version of the neighbor device. 7. The show cdp entry * command displays the same information as the show cdp neighbor details command. The following is an example of the router output of the show cdp entry * command. 2811A#sh cdp entry * ------------------------Device ID: 2621B Entry address(es): IP Address: 172.16.30.2 Platform: cisco 2621, Capabilities: Router Interface: Serial0/0, Port ID (outgoing port): Serial0/0/1 Holdtime : 146 sec Version : Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-BIN-M), Version 12.2(13)T1, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by Cisco Systems, Inc. Compiled Sat 04-Jan-03 05:58 by ccai advertisement version: 2 ------------------------Device ID: 2621A Entry address(es): IP Address: 172.16.20.2 Platform: cisco 2621, Capabilities: Router Interface: Serial0/0, Port ID (outgoing port): Serial0/1/1 Holdtime : 146 sec Version : Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-BIN-M), Version 12.2(13)T1, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by Cisco Systems, Inc. Compiled Sat 04-Jan-03 05:58 by ccai advertisement version: 2 ------------------------2811A# 8. The show cdp traffic command displays information about interface traffic, including the number of CDP packets sent and received and the errors with CDP. The following output shows the show cdp traffic command used on a router. 2811A#sh cdp traffic CDP counters : Total packets output: 14556, Input: 7366 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0

    CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 14556, Input: 7366 2811A#

    Lab 6.7: Using Telnet


    telnet - is a virtual terminal protocol that is part of the TCP/IP protocol suite. Telnet allows you to make connections to remote devices and gather information and run programs. To start a Telnet session, logging into a another device requires a valid username and password on the destination hardware. After your routers and switches are configured, you can use the Telnet program to configure and check your routers and switches instead of needing to use a console cable. You use the Telnet program by typing telnet from any command prompt (DOS or Cisco). VTY passwords must be set on the routers for this to work. You cannot use CDP to gather information about routers and switches that are not directly connected to your device. However, you can use the Telnet application to connect to your neighbor devices and then run CDP on those remote devices to gather CDP information about remote devices. In this lab we will telnet from router 2621 B into router 2621 A and switch 3550 A. In a prior lab we have configured router 2621 A but now we need to configure switch 3550 A at the start of this lab. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work while working in section 5. You need a configured network in order to complete this lab.

    Lab Steps
    1. Double-click switch 3550 A in order to bring up the console screen. 2. Perform the following commands: Switch>en Switch#config t Enter configuration commands, one per line. End with CNTL/Z Switch(config)# 3. To set the IP configuration on a 3550 switch, use the ip address command. However, this is set under the VLAN1 interface, not at global configuration mode like on a 1900 switch. Remember that by default all interfaces are members of VLAN1, which is why the VLAN1 interface is configured by default. Let's also set the hostname so that we can more clearly identify this device when we telnet into in subsquent steps. Switch(config)#hostname 3550A 3550A(config)#interface vlan 1 3550A(config-if)#ip address 172.16.10.17 255.255.255.0 4. The default gateway should also be set using the ip default-gateway command. However, unlike the IP address, this is completed at global configuration mode. 3550A(config-if)#exit 3550A(config)#ip default-gateway 172.16.10.1 5. We need to set up a VTY password for the 3550 A switch. 3550A(config)#line vty 0 15 3550A(config-line)#password todd 3550A(config-line)#ctrl+z 6. Switch to the 2621 A router via the console menu.

    7. For this lab, remove the telnet and enable passwords from the 2621 A router. 2621A>enable 2621A#config t Enter configuration commands, one per line. End with CTRL/Z.

    2621A(config)#no enable secret 2621A(config)#no enable password 2621A(config)#line vty 0 4 2621A(config-line)#no password 2621A(config-line)#ctrl+z 2621A# 8. You can issue the telnet command from any router prompt, as in the following example from 2621 B to 2621 A: 2621B#telnet 172.16.20.2 Trying 172.16.10.2 ... Open Password required, but none set [Connection to 172.16.20.2 closed by foreign host] 2621B# Remember that the VTY ports on a router are configured as login, which means that you must either set the VTY passwords or use the no login command. 9. On a Cisco router, you do not need to use the telnet command. If you just type in an IP address from a command prompt, the router will assume you want to telnet to the device, as shown below: 2621B#172.16.20.2 Trying 172.16.10.2 ... Open Password required, but none set [Connection to 172.16.20.2 closed by foreign host] 2621B# 10. Ittime to set VTY passwords on the router I want to telnet into. Here is an example of what I did: s 2621A#config t Enter configuration commands, one per line. End with CTRL/Z. 2621A(config)#line vty 0 4 2621A(config-line)#password todd 2621A(config-line)#ctrl+z 2621A# 11. Now, lettry connecting to the router again (from the 2621 B router console). s 2621B#172.16.20.2 Trying 172.16.20.2 ... Open User Access Verification Password: 2621A>

    12. Remember that the VTY password is the user mode password, not the enable password. Watch what happens when I try to go into privileged mode after telneting into router 2621 A: 2621A>en % No password set 2621A> This is a good security feature. You don t want anyone just telneting onto your device and then being able to just type the enable command to get into privileged mode. You must set your enable password or enable secret password to use telnet to configure remote devices. 13. Now, exit out of the 2621 A router. 2621A>exit [Connection to 172.16.20.2 closed by foreign host] 2621B# 14. If you telnet to a router or switch, you can end the connection by typing exit at any time. However, what if you want to keep your connection to a remote device but still come back to your original router console? To keep the connection, you can press the Ctrl+Shift+6 key combination, release it, and then press X. Herean example of connecting to multiple devices from the 2621 B router console: s 2621B#telnet 172.16.20.2 Trying 172.16.20.2 ... Open User Access Verification Password: 2621A> [press ctrl+shift+6 then x] 2621B# In the example above, I telneted to the 2621 A router, then typed the password to enter user mode. I then pressed Ctrl+Shift+6, then x (this doesn t show on the screen output). Notice the command prompt is now back at the 2621 B router. 15. You can also telnet into a switch. In the following example, we telnet to switch 3550 A. 2621B#telnet 172.16.10.17 Trying 172.16.10.17 ... Open User Access Verification Password: 3550A> 16. At this point, press Ctrl+Shift+6, then X, which will take you back to the 2621 B router console. 2621B# 17. To see the connections made from your router to a remote device, use the show sessions command, as shown below. 2621B#show sessions Conn Host Address Byte Idle Conn Name

    1 172.16.20.2 * 2 172.16.10.17 2621B#

    172.16.20.2 172.16.10.17

    0 0

    0 172.16.20.2 0 172.16.10.17

    18. Notice the asterisk (*) next to connection 2. This means that session 2 was the last session. You can return to your last session by pressing enter twice. You can also return to any session by typing the number of the connection and pressing enter twice. Here is an example: 2621B#1 [Resuming connection 1 to 172.16.20.2 ... ] [press enter] 2621A> Please Note: When changing windows from Router to Router do not close the window with the x or the telnet information will be lost. 19. You can list all active consoles and VTY ports in use on your router with the show users command. Type show users from the 2621 A router, which the 2621 B router had telneted into. 2621A>show users Line User 0 con 0 * 2 vty 0 Interface 2621A> In the commandoutput, the con represents the local console. In this example, the console is connected s to two remote IP addresses, or devices. This output shows that the console is active and that VTY port 0 is being used. The asterisk represents the current terminal session user. 20. You can end Telnet sessions a few different ways. Typing exit or disconnect is probably the easiest and quickest. To end a session from a remote device, use the exit command, as shown below. 2621A#exit [Connection to 172.16.20.2 closed by foreign host] 2621B# 21. To end a session from a local device, use the disconnect command, as shown below. 2621B#show sessions Conn Host Address Byte Idle Conn Name * 2 172.16.10.17 172.16.10.17 0 0 172.16.10.17 2621B#disconnect 2 Closing connection to 172.16.10.17 [confirm] [enter] 2621B# In this example, we used the session number 2 because that was the connection to the switch 3550 A that we wanted to end. As explained earlier, you can use the show sessions command to see the connection number. Save Your File: Make sure you save the network layout file that you have been working with. User Host(s) idle idle Mode Idle Location 00:00:00 00:25:12 172.16.30.2 Idle Peer Address

    Lab 6.10: Create a Hosts Table on a Router and Resolve Host Names to IP Addresses
    You can use a hostname to connect to a remote device rather than use an IP address. The device that you are using to make the connection from must be able to translate the hostname to an IP address. This lab will show you how to create a hosts table on your router to resolve host names to IP addresses. Network Layout: Work with the saved network that you used to configure devices in lab 6.7. You need a configured network in order to complete this lab.

    Lab Steps
    1. A host table provides name resolution only on the router on which it was built. The command to build a host table on a router is: ip host name ip_address 2. Here is an example of configuring a host table on the 2621 B router with two entries to resolve the names for the 2621 A router and the 3550 A switch: 2621B#config t Enter configuration commands, one per line. End with CTRL/Z. 2621B(config)#ip host ? WORD Name of host

    2621B(config)#ip host 2621A ? <0-65535> Default telnet port number A.B.C.D Host IP address additional Append addresses 2621B(config)#ip host 2621A 172.16.20.2 ? A.B.C.D Host IP address (maximum of 8) <cr> 2621B(config)#ip host 2621A 172.16.20.2 2621B(config)#ip host 3550A 172.16.10.17 2621B(config)#ctrl+z 3. To see the host table, use the show hosts command, as shown below . 2621B#sh hosts Default domain is not set Name/address lookup uses domain service Name servers are 255.255.255.255 Host 2621A 3550A 2621B# In the router output above, you can see the two hostnames and their associated IP addresses. The perm in the Flags column means the entry is manually configured. If it said temp, it would be an entry resolved by DNS. 4. To verify that the host table resolves names, try typing the hostnames at a router prompt. Remember that if you don t specify the command, the router assumes you want to telnet. Use the hostnames we just created to telnet into the remote devices and then press Ctrl+Shift+6, then X to return to the main console of the 2621B router. 2621B#2621A Trying 2621A (172.16.20.2)... Open User Access Verification Password: 2621A>(control+shift+6,then x) 2621B# 2621B#3550A Trying 3550A (172.16.40.2)... Open User Access Verification Password: Flags Age Type Address(es) (perm, OK) 0 IP 172.16.20.2 (perm, OK) 0 IP 172.16.10.17

    3550A# 5. Notice in the entries in the show session output below that the hostname now shows up instead of the IP address because the IP addresses has been resolved. 3550A#sh sess Conn Host 1 2621A * 2 3550A Address 172.16.20.2 172.16.10.17 Byte Idle Conn Name 0 0 0 2621A 0 3550A

    6. You can remove a hostname from the table by using the no ip host command, as in the following example: 3550A>(control+shift+6,then x) 2621B# 2621B#config t Enter configuration commands, one per line. End with CTRL/Z. 2621B(config)#no ip host 2621A 7. Now remove the other hostname from the table by using the no ip host command. 2621B(config)#no ip host 3550A

    Chapter 8: Introduction to Configuring the Catalyst Switch


    The following labs will teach you how to connect to the Catalyst 2950 switch and configure LAN switching. Suggested Reading: Please read chapter 8 in the Sybex CCNA Study Guide, Sixth Edition, before performing the following labs. The labs covered in this section include: 8.12: Setting Passwords on the 2950 Switch 8.14: Setting the Hostname on the 2960 Switch 8.16: Configuring the IP address information on a 2960 Switch 8.18: Configuring 2960 Switch Interfaces 8.19: Verifying the 2950 and 2960 Switch IP Connectivity 8.20: Saving and Erasing the 2950 and 2960 Switch Configuration

    Lab 8.12: Setting Passwords on the 2960 Switch


    This lab will have you work with a 2960 switch, enter global configuration mode and then set the

    passwords. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work while working in section 5.

    Lab Steps
    1. Double-click switch 2960 A to open the console screen OR Use the console menu to bring up the console for the 2960 A switch.

    2. Press enter to connect to the console. Switch> 3. Enter the enable mode by using the enable command and then enter global configuration mode by using the config t command. Switch>enable Switch#config t Enter configuration commands, one per line. End with CTRL/Z Switch(config)# 4. Once you are in global configuration mode, you can set the user mode and enable mode passwords by using the enable password and enable secret command. The switches output below shows the configuration of both the user mode and enable mode passwords. Switch(config)#enable password todd

    Switch(config)#enable secret cisco Switch(config) Please Note: if you set your enable secret, the enable password is superceded and not used, just like in a router. 5. In addition to the enable password and enable secret, the 2960 switch allows you to set a console and telnet password as well using the line commands, just like in a router. Switch(config)#line console 0 Switch(config-line)#password console Switch(config-line)#login 6. Remember that just like in a router, you cannot get help for a line command from within line configuration mode. Type exit to go back one step. Switch(config-line)#exit Switch(config)#line vty 0 15 Switch(config-line)#password telnet Switch(config-line)#login Switch(config-line)#ctrl+z Switch# 7. You can use show running-config (show run for short) to see the current configuration on the switch. Switch#show run Building configuration... Current configuration : 918 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! enable secret 5 $1$u76B$IOFVJ7VxfVXYVpGDrFTcI0 enable password todd ! no aaa new-model system mtu routing 1500 no ip subnet-zero [output cut] Notice the enable mode password is not encrypted by default, but the enable secret is. This is the same password configuration technique that you will find on a router.

    Save Your File: Make sure you save the network layout file that you have been working with.

    Lab 8.14: Setting the Hostname on a 2960 Switch


    The hostnames on a switch, as well as on a router, are only locally significant. This means that it doesn t have any function on the network or used for name resolution whatsoever. However, it is helpful to set a hostname on a switch so that you can identify the switch when connecting to it. A good rule of thumb is to name the switch after the location it is serving. Network Layout: Work with the saved network that you used to configure devices in lab 8.12.

    Lab Steps
    1. The 2960 switch command to set the hostname is exactly like any router: you use the hostname command. From global configuration mode, type the command hostname hostname. Switch>enable Enter password: **** Switch#config t Enter configuration commands, one per line. End with CTRL/Z Switch(config)#hostname 2960A 2960A(config)#exit 2960A# Any changes you make in this mode take effect immediately.

    Lab 8.16: Configuring IP Address Information on a 2960 Switch


    You do not have to set any IP configuration on the switch to make it work. You can just plug in devices and they should start working, just like they would on a hub. The reason you would set the IP address information on the switch is so you can either manage the switch via Telnet or other management software, or you wanted to configure the switch with different VLANs and other network functions.

    VLANs are discussed later labs. Network Layout: Work with the saved network that you used to configure devices in lab 8.14.

    Lab Steps
    1. To set the IP configuration on a 2960 switch, use the ip address command. However, this is set under the VLAN1 interface, not at global configuration mode like on a 1900 switch. Remember that by default all interfaces are members of VLAN1, which is why the VLAN1 interface is configured by default. 2960A#config t Enter configuration commands, one per line. End with CTRL/Z 2960A(config)#interface vlan1 2960A(config-if)#ip address 172.16.50.2 255.255.255.0 2960A(config-if)#exit 2960A(config)# 2. The default gateway should also be set using the ip default-gateway command. However, unlike the IP address, this is completed at global configuration mode. 2960A(config)#ip default-gateway 172.16.50.1 2960A(config)#exit 2960A# To change the IP address and default-gateway on the switch, you can either type in new addresses or remove the IP information with the no ip address and no ip default-gateway commands, at the appropriate configuration prompt.

    Lab 8.18: Configuring 2960 Switch Interfaces


    It is important to understand how to access switch ports. The 2960 switch uses the type slot/port command, just like a 2621 router and just like the 2960 switch. For example, Fastethernet 0/3 is 10/100BaseT port 3. The 2960 switch type slot/port command can be used with either the interface command or the show command. The interface command allows you to set interface specific configurations. The 2960 switch has only one slot: zero (0), just like the 1900.

    Network Layout: Work with the saved network that you used to configure devices in lab 8.16.

    Lab Steps
    1. To configure an interface on a 2960 switch, go to global configuration mode and use the interface command as shown. Since the 2960 switch is not modular, there is only one slot, which is 0, although it lists 0-2 for some odd reason. However, you can only type in as the slot in this program. Any other 0 slot number will give you an error. The next output gives us a slash (/) to separate the slot/port configuration. 2960A#config t 2960A(config)#interface fastethernet ? <0-2> FastEthernet interface number 2960A(config)#interface fastethernet 0? / 2960A(config)#interface fastethernet 0/? <0-12> FastEthernet interface number 2. After the 0/configuration command, the above output shows the amount of ports you can configure. The output below shows the completed command. 2960A(config)#interface fastethernet 0/1 2960A(config-if)# 3. Once you are in interface configuration, the prompt changes to (config-if). You can switch between interface configurations by using the int fa 0/# command at any time from global configuration mode. There are a couple of interface commands that you can configure on the switch. The commands we are interested in are the duplex command and the port fast command. 2960A(config)#int fa0/1 2960A(config-if)#duplex ? auto Enable AUTO duplex configuration full Force full duplex operation half Force half-duplex operation 2960A(config-if)#

    4. Since the switch ports are set to by default, you can change each of the switch ports to always auto be in full-duplex mode for better performance. This is recommended. 2960A(config-if)#duplex full Duplex will not be set until speed is set to non-auto value 2960A(config-if)#speed 100 5. Notice in the above command that to run full duplex, you must set the speed to 100Mbps. Both the speed and the duplex are set to auto-detect by default, which basically means work by default is not . It recommended that you set the speed and duplex of every port. 6. In addition to the duplex commands that can be configured on the switch ports, you also can turn on what is called portfast. This enables a switch port to come up quickly and not to wait the typical 50 seconds for spannign-tree to go through its gotta make sure there are no loops! I cycle. However, if you turn portfast on, then you better be sure you do not create a physical loop on the switch network or it will bring your network down. You are basically telling the switch to not check for loops using these ports. Here is how you would enable portfast on a switch port. 2960A(config-if)#spanning-tree ? bpdufilter bpduguard cost guard link-type portfast stack-port vlan Don't send or receive BPDUs on this interface Don't accept BPDUs on this interface Change an interface's spanning tree port path cost Change an interface's spanning tree guard mode Specify a link type for spanning tree protocol use Enable an interface to move directly to forwarding on link up Enable stack port VLAN Switch Spanning Tree

    port-priority Change an interface's spanning tree port priority

    7. The command above shows the available options for the spanning-tree command. We want to use the portfast command. 2960A(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode. 2960A(config-if)# 8. Notice the message the switch provides when enabling portfast. Although it seems like the command didn t take effect, as long as the port is in access mode (discussed in a minute), the port will now be in portfast mode.

    9. After you make any changes you want to the interfaces, you can view the different interfaces with the show interface command. The switch output below shows the command used to view a 10/100BaseT interface on the 2960 switch. 2960A(config-if)#ctrl+z 2960A#sh int f0/1 FastEthernet0/1 is down line protocol is down (notconnect) Hardware is FastEthernet, address is 00b0.9eb1.bcd0 (bia 00b0.9eb1.bcd0) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:02, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 1097702 packets input, 71821315 bytes, 0 no buffer Received 488076 broadcasts, 0 runts, 0 giants, 0 throttles 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 3752639 multicast, 0 pause input 0 input packets with dribble condition detected 1590235 packets output, 290473092 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out 10. In addition to the show interface command, you can use the show running-config command to see the interface configuration as well. [output cut] ! interface FastEthernet0/1 duplex full speed 100 spanning-tree portfast ! interface FastEthernet0/2 [output cut]

    11. You can administratively set a name for each interface on the 2960 switch. Like the hostname, the descriptions are only locally significant. For the 2960 series switch, use the description command. You can use spaces with the description command, but you can use underlines if you need to. To set the descriptions, you need to be in interface configuration mode. From interface configuration mode, use the description command to describe each interface. 2960A#config t Enter configuration commands, one per line. End with CTRL/Z 2960A(config)#int fa 0/1 2960A(config-if)#description Sales VLAN 2960A(config-if)#int fa 0/8 2960A(config-if)#description trunk to Building 8 2960A(config-if)# In the configuration example above, we set the description on both port 1 and 12. 12. Once you have configured the descriptions you want on each interface, you can then view the descriptions with either the show interface command, or show running-config command. View the configuration of the Fast Ethernet interface 0/1 by using the show interface fastethernet 0/1 command. 2960A#sh int fa 0/1 FastEthernet0/1 is down line protocol is down (notconnect) Hardware is FastEthernet, address is 00b0.9eb1.bcd0 (bia 00b0.9eb1.bcd0) Description: Sales VLAN MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 100Mb/s, media type is 10/100BaseTX (output cut) 13. Use the show running-config command to view the interface configurations as well. 2960A#sh run [output cut] ! interface FastEthernet0/1 description "Sales VLAN" duplex full speed 100 spanning-tree portfast ! [output cut] Notice in the above switch output that the sh int fa0/1 command and the show run command both show the description command set on an interface.

    Lab 8.19: Verifying the 2960 Switch IP Connectivity


    It is important to test the switch IP configuration. You can use the ping program, and you can telnet into the 2960 switch. However, you cannot telnet from the 2960 switch or use traceroute. Network Layout: Work with the saved network that you used to configure devices in lab 8.18. 1. In the following example, ping Host F on the network from the 2960 A switch.

    2960A#ping 172.16.50.3 Sending 5, 100-byte ICMP Echos to 172.16.50.3, time out is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max 0/2/10/ ms

    Lab 8.20: Saving and Erasing the 2960 Switch Configuration


    The switch configuration is stored in NVRAM, just as any router and placed in RAM when the switch boots. The file in RAM is called the running-config and the file in NVRAM is called the startup-config. You can view the startup-config, also called the backup configuration, with the show startup-config command. 1. To save the switch configuration, you type copy running-config startup-config, or copy run start, just like on a router. 2960A#copy run start Destination filename [startup-config]?press enter Building configuration... [OK] 2960A# 2. To delete the contents of NVRAM on a 2960 switch, use the erase startup-config command as shown. However, you still need to reload the switch to erase the running-config. 2960A#erase startup-config

    Erasing the nvram filesystem will remove all files! Continue? [confirm] press enter [OK] Erase of nvram: complete 2960A#sh start %% Non-volatile configuration memory is not present 2960A#

    Lab 11.5: NAT/PAT Final Configuration Exercise


    In this lab, you will configure two routers and a host so that the inside network can communicate with the outside network using Port Address Translation. You will not use the network layout used previously. You have six public IP address assigned to your company: 198.18.194.73 -78. There are 30 hosts that need to access the Internet simultaneously. Hosts range on the inside network is 192.168.35.65- 94 Inside global addresses is 198.18.194.73-78/29 Inside local addresses is 192.168.35.65-94/27 Suggested Reading: Please read chapter 11 in the Sybex CCNA Study Guide, Sixth Edition, before performing the following labs. Network Layout: Load Nat-Pat Final Layout.rsm before going through the following lab. 1. On the Network Visualizer screen, click on the File menu and then click Open. 2. When the dialog box appears, make sure you are in the Networks folder. 3. Click on the file Nat-Pat Final Layout and click OK.

    Lab Steps
    1. Double-click router 2811 B to open the console screen. 2. Configure router 2811 B. Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname 2811B 2811B(config)#int f0/0 2811B(config-if)#ip address 192.168.35.94 255.255.255.224 2811B(config-if)#no shut 2811B(config-if)#int s0/0/0 2811B(config-if)#ip address 192.0.2.157 255.255.255.252 2811B(config-if)#clock rate 1000000 2811B(config-if)#no shut 2811B(config-if)#ctrl+z 2811B#copy run start Destination filename [startup-config]? [enter] Building configuration... [OK] 2811B# 3. Configure router 2811 A with IP addresses and default routing. Router>en Router#config t Router(config)#hostname 2811A 2811A(config)#int s0/0/1 2811A(config-if)#ip address 192.0.2.158 255.255.255.252

    2811A(config-if)#no shut 2811A(config-if)#exit 2811A(config)#ip route 0.0.0.0 0.0.0.0 192.0.2.157 4. Configure your host with the IP address 192.168.35.65/27. Dont forget to set your default-gateway. 5. Create an inside source list that will allow the inside hosts to access the NAT pool and allow the use of PAT. 2811B#config t 2811B(config)#ip nat inside source list 10 pool 2811B overload 6. Next, create an access-list for ip range 192.168.35.65-94/27. 2811B(config)#access-list 10 permit 192.168.35.64 0.0.0.31 7. Verify your access-list. 2811B(config)#do show run Building configuration... ! Current configuration : 960 bytes ! access-list 10 permit 192.168.35.64 0.0.0.31 [output cut] 2811B(config)#do show access-lists Standard IP access list 10 10 permit 192.168.35.64, wildcard bits 0.0.0.31 2811B(config)# 8. Create the pool with the six available global hosts IP addresses. 2811B(config)#ip nat pool 2811B 198.18.194.73 198.18.194.78 netmask 255.255.255.248 9. Configure the interfaces for use with NAT. 2811B(config)#interface f0/0 2811B(config-if)#ip nat inside 2811B(config-if)#int s0/0/0 2811B(config-if)#ip nat outside 2811B(config-if)#exit 2811B(config)#exit 2811B#copy run start Destination filename [startup-config]? [enter] Building configuration... [OK] 2811B# 10. Change the console screen to Host A and then ping router 2811 A. C:\ping 192.0.2.158 11. Change to router 2811 B and verify your NAT/PAT configuration by enabling debug ip nat. 2811B#debug ip nat

    IP NAT debugging is on Dec 3 16:48:09.484: NAT*: s=192.168.35.65->198.18.194.73, d=192.0.2.158 [1] Dec 3 16:48:09.500: NAT*: s=192.0.2.158->198.18.194.73, d=192.168.35.65 [1] 2811B# 12. Verify your NAT table with the following command: 2811B#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 198.18.194.74:1 192.168.35.65:1 192.0.2.158:1 192.0.2.158:1 2811B# 13. Delete the NAT/PAT configuration on your routers. 14. Reconfigure the router with the following IP addresses on the 2811 B router (try to configure this without looking at the answers for the NAT/PAT configuration we just finished): Interface f0/0: 192.168.76.94/27 Interface s0/0: 192.0.2.165/30 Inside global: 198.18.149.113-118/29 Inside local: 102.168.76.65-94/27 15. Verify your NAT configuration.

    Practice Scenario: NAT and ACLs Configure NAT


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab

    The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, NAT and ACLs, and Configure NAT.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The senior network administrator at Gadget research company needs you to setup NAT. Make sure that all internal users can get to the internet.You have a company of 20 people that need continuous access to the internet. EIGRP has been configured on both internal routers.

    Task:
    Using subnet 40.0.0.16/28 configure Dynamic NAT/PAT on NAT-Router-1 On NAT-Router-1 configure a NAT pool named GADGET-NAT-POOL On NAT-Router-1 configure an access list for NAT On NAT-Router-1 configure a default route for NAT On the GADET-1 router configure a default route for NAT On the ISP-UUCOM configure static routing for network 40.0.0.16/28

    Practice Scenario: NAT and ACLs Troubleshoot NAT


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ...

    You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, NAT and ACLs, and Troubleshoot NAT.

    Scenario:
    The senior network administrator at the Round Table company utilizes NAT in her network. NAT was working yesterday but after readdressing the internal network NAT no longer works.

    Task:
    You have been asked to resolve the issue.

    Lab 14: Introduction to Cisco Wide Area Network Support


    The Cisco IOS WAN can support many different WAN protocols that can help you extend your LANs to other LANs at remote sites. Connecting company sites together so information can be exchanged is imperative in this economy. However, it would take a truckload of money to put in your own cable or dedicated connections to network all of your companyremote locations. Service providers allow you s to lease or share connections that the service provider already has installed, which can save money and time. Although this chapter does not cover every type of Cisco WAN support, it does cover the HDLC, PPP, and Frame Relay. The labs covered in this section are as follows: Lab 14.1: Configuring PPP Encapsulation Lab 14.2: Verifying PPP Encapsulation Lab 14.3: Configuring PPP Authentication with CHAP Lab 14.4: Verifying PPP with Authentication Lab 14.5: Understanding Frame Relay Configuration

    Lab 14.6: Configuring Frame Relay Switching Lab 14.7: Configuring Frame Relay with Subinterfaces Lab 14.8: Verifying Frame Relay The commands covered in this chapter are as follows: Command encapsulation ppp encapsulation hdlc Meaning Changes the encapsulation on a serial link to PPP Restores the default encapsulation of HDLC on a serial link

    encapsulation frame-relay Changes the encapsulation to frame-relay on a serial link username name password Creates usernames and passwords used for authentication on a Cisco router password ppp authentication chap Tells PPP to use Chap authentication

    frame-relay interface-dlci Configures the PVC address on a serial interface or subinterface frame-relay lmi-type Configures the LMI type on a serial link

    iInterface s0.16 point-to- Creates a point-to-point subinterface on a serial link that can be used with point frame-relay encapsulation frame-relay Sets the encapsulation type to the Internet Engineering Task Force (IETF). ietf Used to connect Cisco routers to off-brand routers. show frame-relay lmi show frame-relay pvc show frame-relay map Sets the LMI type on a serial interface Shows the configured PVCand DLCI numbers configured on a router s Shows the static and dynamic Network layer to PVC mappings

    Practice Scenario: WAN Links Configure Basic WAN Connection


    Try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with, a scenario, and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, WAN Links, and Configure Basic WAN Connection.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The local real-estate company NEW-MAX has a simple WAN. Configure both, the OHIO_HQ and OHIO_SALES_OFFICE routers using Ciscos default WAN protocol.

    Task:
    Configure HDLC as the WAN protocol for both routers On the OHIO_HQ router configure Serial 0/0/0 with an IP address of 1.1.1.1/30 On the OHIO_HQ router configure Serial 0/0/0 with a description of Conn-to OHIO_SALES_OFFICE On the OHIO_SALES_OFFICE router configure Serial 0/0/0 with an IP address of 1.1.1.2/30 On the OHIO_SALES_OFFICE router configure Serial 0/0/0 with a description of Conn-to OHIO_H

    Lab 14.1: Configuring PPP Encapsulation


    The High-Level Data-Link Control protocol (HDLC) is a point-to-point protocol used on leased lines. No authentication can be used with HDLC and is the default encapsulation used by Cisco routers over synchronous serial links. CiscoHDLC is proprietary won s it t communicate with any other vendor s HDLC implementation. If you wanted to either offer authentication on a serial link or to connect from a Cisco router to another vendor router, then we need to configure PPP on the serial interfaces. PPP (Point-to-Point Protocol) - is a data-link protocol that can be used over asynchronous serial (dial-up) media and uses the LCP (Link Control Protocol) to build and maintain data-link connections. The basic purpose of PPP is to transport layer-3 packets across a data link layer point-to-point link. This lab will have you configure PPP on all four serial networks, and replace HDLC as the encapsulation method on our serial links. Suggested Reading: Please read chapter 14 in the Sybex CCNA Study Guide, Sixth Edition, before performing the following labs. Network Layout: Load Standard Layout.rsm or whatever you named the file when you saved your work in earlier labs.

    Lab Steps
    1. Connect to the 2811 B router and change the encapsulation on the serial links from HDLC to PPP. 2811A>enable

    2811A#config t 2811A(config)#interface serial 0/0/1 2811A(config-if)#encapsulation ppp 2811A(config-if)#interface serial 0/1/1 2811A(config-if)#encapsulation ppp 2811A(config-if)#ctrl+z 2811A# 2. Connect to the 2621 B router and change the encapsulation on the serial links from HDLC to PPP. 2621B>enable 2621B#config t 2621B(config)#interface serial 0/0 2621B(config-if)#encapsulation ppp 2621B(config-if)#ctrl+z 2621B# 3. Connect to the 2621 A router and change the encapsulation on the serial link from HDLC to PPP. 2621A>enable 2621A#config t 2621A(config)#interface serial 0/0 2621A(config-if)#encapsulation ppp 2621A(config-if)#ctrl+z 2621A# That is all there is to it. This part is easy. Save Your File: Make sure you save the network layout file that you have been working with.

    Lab 14.2: Verifying PPP Encapsulation


    Once you have replaced HDLC as the serial encapsulation method, then you need to verify your network is still working properly. The first command to use is the show ip route command to make sure all your IP routes are still present. Network Layout: Work with the saved network that you used to configure devices in lab 14.1.

    Lab Steps
    1. From the 2621 A router, use the show ip route command to verify the network is still running. 2621A#show ip route [output cut] 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks O 172.16.30.0/24 [110/74] via 172.16.20.1, 22:22:18, Serial0/0 C 172.16.20.1/32 is directly connected, Serial0/0 C 172.16.40.0/24 is directly connected, FastEthernet0/0 O 172.16.50.0/24 [110/74] via 172.16.20.1, 22:22:18, Serial0/0 C 172.16.20.0/24 is directly connected, Serial0/0 O 172.16.10.0/24 [110/74] via 172.16.20.1, 22:22:18, Serial0/0 2621A# 2. From the 2621 B router, use the show ip route command to verify the network is still running. 2621B#show ip route [output cut] 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks C 172.16.30.1/32 is directly connected, Serial0/0 C 172.16.30.0/24 is directly connected, Serial0/0 O 172.16.40.0/24 [110/74] via 172.16.30.1, 22:22:18, Serial0/0 C 172.16.50.0/24 is directly connected, FastEthernet0/0 O 172.16.20.0/24 [110/74] via 172.16.30.1, 22:22:18, Serial0/0 O 172.16.10.0/24 [110/74] via 172.16.30.1, 22:22:18, Serial0/0 2621B# 3. From the 2811 A router, use the show ip route command to verify the network is still running. 2811A#show ip route [output cut] C C 172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks 172.16.30.2/32 is directly connected, Serial0/0/1 172.16.30.0/24 is directly connected, Serial0/0/1

    O 172.16.40.0/24 [110/74] via 172.16.20.2, 22:22:18, Serial0/1/1 C 172.16.20.2/32 is directly connected, Serial0/1/1 O 172.16.50.0/24 [110/74] via 172.16.30.2, 22:22:18, Serial0/0/1 C 172.16.20.0/24 is directly connected, Serial0/1/1 C 172.16.10.0/24 is directly connected, FastEthernet0/0 2811A# 4. From the 2811 A router, use the show interface command to see the serial link encapsulation. 2811A#show interface s0/0/1 Serial0/0/1 is up, line protocol is up Hardware is GT96K Serial Description: connection to 2621B Internet address is 172.16.30.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliablility 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set [output cut] 2811A#show interface s0/1/1 Serial0/1/1 is up, line protocol is up Hardware is GT96K Serial Description: connection to 2621A Internet address is 172.16.20.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliablility 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set

    Lab 14.3: Configuring PPP Authentication with CHAP


    Now that the network should be up and working with PPP, you can use PPP authentication to stop unwanted users from connected to your network. Although, this is typically used with dial-up, it still can be used with serial interfaces. This lab will have you configure PPP authentication on all routers serial interfaces using the CHAP protocol. Challenge Authentication Protocol (CHAP) - is used at the initial startup of a link and at period checkups on the link to make sure the router is still communicating with the same host. After PPP finishes its initial phase, the local router sends a challenge request to the remote device. The remote device sends a value calculated using a one-way hash function called MD5. The local router checks this hash value to make sure it matches. If the values don t match, the link is immediately terminated. To configure PPP authentication, first set the hostname of the router if it is not already set (this is not an option!). Then set the username and password for the remote router connecting to your router. For

    example, if you are connected to the 2621 A router and want to configure authentication, you would set the hostname and then create a username that consists of the router you are going to connect to, in this example, router 2811 A. This is shown below: Router#config t Enter configuration commands, one per line. End with CTRL/Z. Router(config)#hostname 2621A 2621A(config)#username 2811A password cisco When using the hostname command, remember that the username is the hostname of the remote router connecting to your router. It is case-sensitive. Also, the password on both routers must be the same. It is a plain-text password and can be seen with a show run command. You must have a username and password configured for each remote system you are going to connect to. The remote routers must also be configured with usernames and passwords. After you set the hostname, usernames, and passwords, choose the authentication as shown in the following example: 2621A#config t Enter configuration commands, one per line. End with CTRL/Z. 2621A(config)#interface serial 0/0 2621A(config-if)#ppp authentication chap 2621A(config-if)#ctrl+z 2621A# Network Layout: Work with the saved network that you used to configure devices in lab 14.2.

    Lab Steps
    1. Open a console to the 2621 A router and create a username of router 2811 A and with a password of cisco. Then configure the serial interface 0/0 to use ppp authentication of chap.

    2621A#config t 2621A(config)#username 2811A password cisco 2621A(config)#interface serial 0/0 2621A(config-if)#ppp authentication chap 2621A(config-if)#ctrl+z 2621A# 2. Open a console to router 2621 B and create a username of router 2811 Aand with a password of cisco. Then configure the serial interface 0/0 to use ppp authentication of chap. 2621B#config t 2621B(config)#username 2811A password cisco 2621B(config)#interface serial 0/0 2621B(config-if)#ppp authentication chap 2621B(config-if)#ctrl+z 2621B# 3. Open a console to the 2811 A router and create a username of router 2621 A and 2621 B and with a password of cisco. Then configure the serial interfaces 0/0/1 and 0/1/1 to use ppp authentication of chap. 2811A#config t 2811A(config)#username 2621A password cisco 2811A(config)#username 2621B password cisco 2811A(config)#interface serial 0/0/1 2811A(config-if)#ppp authentication chap 2811A(config)#interface serial 0/1/1 2811A(config-if)#ppp authentication chap 2811A(config-if)#ctrl+z Save Your File: Make sure you save the network layout file that you have been working with.

    Lab 14.4: Verifying PPP with Authentication


    Once you have configured PPP with authentication as the serial encapsulation method, then you need to verify your network is still working properly. The first command to use is the show ip route command to make sure all your IP routes are still present. The next command to use is the show interface command. Network Layout: Work with the saved network that you used to configure devices in lab 14.3.

    Lab Steps
    1. From router 2621 A router, use the show ip route command to verify the network is still running. 2621A#show ip route [output cut] 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks O 172.16.30.0/24 [110/74] via 172.16.20.1, 22:22:18, Serial0/0 C 172.16.20.1/32 is directly connected, Serial0/0 C 172.16.40.0/24 is directly connected, FastEthernet0/0 O 172.16.50.0/24 [110/74] via 172.16.20.1, 22:22:18, Serial0/0 C 172.16.20.0/24 is directly connected, Serial0/0 O 172.16.10.0/24 [110/74] via 172.16.20.1, 22:22:18, Serial0/0 2621A# 2. From router 2621 B router, use the show ip route command to verify the network is still running. 2621B#show ip route [output cut] 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks C 172.16.30.1/32 is directly connected, Serial0/0 C 172.16.30.0/24 is directly connected, Serial0/0 O 172.16.40.0/24 [110/74] via 172.16.30.1, 22:22:18, Serial0/0 C 172.16.50.0/24 is directly connected, FastEthernet0/0 O 172.16.20.0/24 [110/74] via 172.16.30.1, 22:22:18, Serial0/0 O 172.16.10.0/24 [110/74] via 172.16.30.1, 22:22:18, Serial0/0 2621B# 3. From router 2811A, use the show ip route command to verify the network is still running. 2811A#show ip route [output cut] C C 172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks 172.16.30.2/32 is directly connected, Serial0/0/1 172.16.30.0/24 is directly connected, Serial0/0/1

    O 172.16.40.0/24 [110/74] via 172.16.20.2, 22:22:18, Serial0/1/1 C 172.16.20.2/32 is directly connected, Serial0/1/1 O 172.16.50.0/24 [110/74] via 172.16.30.2, 22:22:18, Serial0/0/1 C 172.16.20.0/24 is directly connected, Serial0/1/1 C 172.16.10.0/24 is directly connected, FastEthernet0/0 2811A# 4. From the 2811 A router, use the show interface command to see the serial link encapsulation. 2811A#show interface s0/0/1 Serial0/0/1 is up, line protocol is up Hardware is GT96K Serial Description: connection to 2621B Internet address is 172.16.30.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliablility 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10) Last input 00:00:02, output 00:00:06, output hang never Last clearing of "show interface" counters 02:41:59 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1645 packets input, 100265 bytes, 0 no buffer Received 1139 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1662 packets output, 105842 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 2 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up 2811A# 2811A#show interface s0/1/1 Serial0/1/1 is up, line protocol is up Hardware is GT96K Serial Description: connection to 2621A Internet address is 172.16.20.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliablility 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10) Last input 00:00:02, output 00:00:06, output hang never

    Last clearing of "show interface" counters 02:41:59 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1645 packets input, 100265 bytes, 0 no buffer Received 1139 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1662 packets output, 105842 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 2 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

    Practice Scenario: WAN Links Configure PPP


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interact with, a scenario, and the task(s) at hand. When you have finished with this scenario ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this scenario The expected configuration

    Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, WAN Links, and Configure PPP.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The local car dealership OHIO_SUV has a simple WAN. Configure both, the R1 and R2 routers using the Point-to-Point Protocol (PPP)

    Task:
    Configure PPP as the WAN protocol on both routers Configure PPP CHAP authentication on both routers On router R1, configure a host name of OHIO_HQ. On router R1, configure IP address 1.1.1.1/30 on Serial 0/0/0 On router R1, configure a user name of OHIO_SALES_OFFICE On router R1, configure a user name password of passthetoken On router R2, configure a host name of OHIO_SALES_OFFICE On router R2, configure IP address 1.1.1.2/30 on Serial 0/1 On router R2, configure a username of OHIO_HQ On router R2, configure a username password of passthetoken

    Lab 14.5: Understanding Frame Relay Configuration


    Frame Relay - provides a communications interface between DTE (data terminal equipment) and DCE (data circuit-terminating equipment, such as packet switches) devices. DTE consists of terminals, PCs, routers, and bridges customer-owned end-node and internetworking devices. DCE consists of carrier-owned

    internetworking devices. Frame Relay sends packets at the data link layer (layer 2) of the OSI model rather than at the network layer (layer 3). A frame can incorporate packets from different protocols. Frame Relay Uses Virtual Circuits Frame Relay provides connection-oriented, Data Link layer communication via virtual circuits. These virtual circuits are logical connections created between two DTEacross a packet-switched network, s which is identified by a DLCI, or Data Link Connection Identifier. Also, Frame Relay uses both PVCs (Permanent Virtual Circuits) and SVC(Switched Virtual Circuits s which is a form of dialup), although most Frame Relay networks use only PVCs. This virtual circuit provides the complete path to the destination network prior to the sending of the first frame. Configuring Frame Relay Encapsulation When configuring Frame Relay on Cisco routers, you need to specify it as an encapsulation on serial interfaces. There are only two encapsulation types: Cisco and IETF (Internet Engineering Task Force). The following router output shows the two different encapsulation methods when choosing Frame Relay on your Cisco router: 2621A#config t 2621A(config)#interface s0/0 2621A(config-if)#encapsulation frame-relay ? ietf Use RFC1490 encapsulation <cr> The default encapsulation is Cisco unless you manually type in IETF, and Cisco is the type used when connecting two Cisco devices. Youopt for the IETF-type encapsulation if you needed to connect a d Cisco device to a non-Cisco device with Frame Relay. Frame Relay DLCI Frame Relay virtual circuits (PVCs) are identified by Data Link Connection Identifiers (DLCIs). A Frame Relay service provider, such as the telephone company, typically assigns DLCI values, which are used by Frame Relay to distinguish between different virtual circuits on the network. Because many virtual circuits can be terminated on one multipoint Frame Relay interface, many DLCIs are often affiliated with it. For the IP devices at each end of a virtual circuit to communicate, their IP addresses need to be mapped to DLCIs. This mapping can function as a multipoint device that can identify to the Frame Relay one network the appropriate destination virtual circuit for each packet that is sent over the single physical interface. The mappings can be done dynamically through IARP (Inverse ARP) or manually through the fame relay map command. DLCI numbers, used to identify a PVC, are typically assigned by the provider and start at 16. Configuring a DLCI number to be applied to an interface is shown below: 2621A(config-if)#frame-relay interface-dlci ? <16-1007> Define a DLCI as part of the current subinterface 2621A(config-if)#frame-relay interface-dlci 16

    Frame Relay LMI The Local Management Interface (LMI) was developed in 1990 by Cisco Systems, StrataCom, Northern Telecom, and Digital Equipment Corporation and became known as the Gang-of-Four LMI or Cisco LMI. This gang took the basic Frame Relay protocol from the CCIT and added extensions onto the protocol features that allow internetworking devices to communicate easily with a Frame Relay network. The LMI is a signaling standard between a CPE device (router) and a frame switch. The LMI is responsible for managing and maintaining status between these devices. If you not going to use the auto-sense feature of LMI, you need to check with your Frame Relay re ll provider to find out which type to use instead. The default type is Cisco, but you may need to change to ANSI or Q.933A. The three different LMI types are depicted in the router output below. 2621A(config-if)#frame-relay lmi-type ? cisco ansi q933a 2621A(config-if)#frame-relay lmi-type ansi You can have multiple virtual circuits on a single serial interface and yet treat each as a separate interface. These are known as subinterfaces. Think of a subinterface as a hardware interface defined by the IOS software. An advantage gained through using subinterfaces is the ability to assign different Network layer characteristics to each subinterface and virtual circuit, such as IP routing on one virtual circuit and IPX on another. Subinterfaces with Frame Relay You define subinterfaces with the int s0.subinterface number command as shown below. You first set the encapsulation on the serial interface, and then you can define the subinterfaces. 2621A(config-int)#encapsulation frame-relay 2621A(config-int)#exit 2621A(config)#int s0/0.? <0-4294967295> Serial interface number 2621A(config)#int s0/0.16 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link 2621A(config)#int s0/0.16 point-to-point 2621A(config-subif)# You can define an almost limitless number of subinterfaces on a given physical interface (keeping router memory in mind). In the above example, we chose to use subinterface 16 because that represents the DLCI number assigned to that interface. However, you can choose any number between 0 and 4,292,967,295.

    Lab 14.6: Configuring Frame Relay Switching


    Now that you should have a background on how to configure basic Frame Relay on a Cisco router, this lab will have you configure router 2811 A as a Frame relay switch. Then you will configure routers 2621 A and 2621 B as remote Frame Relay connections. To perform this lab, you need to delete the configurations on router 2811 A first since the Frame Relay switching configuration is completely different then what we have now. Network Layout: Work with the saved network that you used to configure devices in lab 14.4.

    Lab Steps
    1. From the 2811 A router, type erase start then reload. 2811A#erase start Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [press enter] [OK] Erase of nvram: complete *Oct 27 19:30:52.640: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram 2811A# 2811A#reload System configuration has been modified. Save? [yes/no]: n Proceed with reload? [confirm] (press enter) *Nov 15 16:11:07.406: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1) Copyright (c) 2005 by cisco Systems, Inc. Initializing memory for ECC c2811 processor with 262144 Kbytes of main memory Main memory is configured to 64 bit mode with ECC enabled Readonly ROMMON initialized

    program load complete, entry point: 0x8000f000, size: 0xc940 program load complete, entry point: 0x8000f000, size: 0xc940 program load complete, entry point: 0x8000f000, size: 0x228d9f8 Self decompressing the image : ################################################# ######################################################################### [OK] Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ TYPE 0003E7 0X003DA000 C2811 Mainboard 0X00263F50 Onboard VPN 0X000021B8 Onboard USB 0X002C29F0 public buffer pools 0X00211000 public particle pools TOTAL: 0X00B13AF8 If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Rounded IOMEM up to: 12Mb. Using 4 percent iomem. [12Mb/256Mb] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Fri 17-Nov-06 12:02 by prod_rel_team Image text-base: 0x40093160, data-base: 0x42B00000 This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at:

    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 2811 (revision 49.46) with 249856K/12288K bytes of memory. Processor board ID FTX0952C3EG 2 FastEthernet interfaces 4 Serial(sync/async) interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity enabled. 239K bytes of non-volatile configuration memory. 125440K bytes of ATA CompactFlash (Read/Write) --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: (press n) 2. Open a console for 2811 A and configure the hostname. Router>enable Router#config t Router(config)#hostname 2811A 2811A(config-line)#exit 2811A(config)# Once your router is clear, you can now make them a frame relay switch with the frame-relay switching command. However, that is the easy part. You need to map every DLCI on the switch. Of course the router only has two connections, so it is not too time consuming, but if you had dozens of PVC this could take a while. s, 2811 A serial 0/0/1 DLCI 16 serial 0/1/1 DLCI 17 3. On the frame relay switch, use the frame relay route command to map each and every DLCI. Here is an example: 2811A(config)#interface serial 0/0/1 2811A(config-if)#frame-relay route 17 interface serial 0/1/1 16 2811A(config-if)#exit 2811A(config)# This command tells the switch that if it receives a frame on serial 0/0/1 with a PVC of 16, then send it out serial 0/1/1 using a PVC of 17. Again, in our network, this configuration will only be two routes so itnot a big deal. s 4. On the 2811 A router configure the Frame Switching. No IP addresses are assigned to the routes interfaces. Remember, this is a Data Link layer function only, so IP is irrelevant to this configuration. 2811A(config)#frame-relay switching 2811A(config)#interface serial 0/0/1

    2811A(config)#encapsulation frame-relay 2811A(config-if)#no shut 2811A(config-if)#frame intf-type dce 2811A(config-if)#frame-relay route 17 interface serial 0/1/1 16 2811A(config-if)#interface serial 0/1/1 2811A(config)#encapsulation frame-relay 2811A(config-if)#no shut 2811A(config-if)#frame intf-type dce 2811A(config-if)#frame-relay route 16 interface serial 0/0/1 17 2811A(config-if)#ctrl+z 2811A# 5. Save you configurations. 2811A#copy run start 6. Now that the frame-relay switching router is configured, you need to configure the remote routers. Save Your File: Make sure you save the network layout file that you have been working with.

    Lab 14.7: Configuring Frame Relay with Subinterfaces


    This lab will have you bring up the console for routers 2621 A and 2621 B and configure them for frame relay configuration using subinterfaces. Since the Frame-Relay switches are not using IP addressing, connecting from routers 2621 A to 2621 B, for example, will use one subnet and appear like a direct connection. Use subnet 172.16.100.0. Network Layout: Work with the saved network that you used to configure devices in lab 14.6.

    Lab Steps
    1. Open a console on the 2621 A router and configure the serial 0/0 interface with a Frame Relay subinterface. To perform this, you must remove the IP address from the serial interface. 2621A#config t 2621A(config)#interface serial 0/0 2621A(config-if)#no ip address 2621A(config-if)#no shut 2621A(config-if)#encapsulation frame-relay 2621A(config-if)#interface serial 0/0.16 point-to-point 2621A(config-subif)#ip address 172.16.100.1 255.255.255.0 2621A(config-subif)#frame-relay interface-dlci 16 2621A(config-subif)#ctrl+z 2621A# 2. Open a console on the 2621 B router and configure the serial 0/0 interface with a Frame Relay subinterface. 2621B#config t 2621B(config)#interface serial 0/0 2621B(config-if)#no ip address 2621B(config-if)#no shut 2621B(config-if)#encapsulation frame-relay 2621B(config-if)#interface serial 0/0.17 point-to-point 2621B(config-subif)#ip address 172.16.100.2 255.255.255.0 2621B(config-subif)#frame-relay interface-dlci 17 2621B(config-subif)#ctrl+z 2621B# 3. Verify the Frame-Relay connection is up and running. Ping from the 2621 A router to the 2621 B router. 2621A#ping 172.16.100.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.100.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms 2621A#

    Lab 14.8: Verifying Frame Relay


    There are several ways to check the status of your interfaces and PVCs once you have Frame Relay encapsulation set up and running. You can use the show frame-relay command with a question mark (?) to get the command options: 2621A#sho frame ? ip lapf lmi map pvc route rtp svc traffic vofr show frame relay IP statistics show frame relay lapf status/statistics show frame relay lmi statistics Frame-Relay map table show frame relay pvc statistics show frame relay route show frame relay RTP statistics show frame relay SVC stuff Frame-Relay protocol statistics show frame relay VoFR statistics

    qos-autosense show frame relay qos-autosense information

    Network Layout: Work with the saved network that you used to configure devices in lab 14.7.

    Lab Steps
    1. Change to the console for router 2621 A. 2. The show frame-relay lmi command will give you the LMI traffic statistics exchanged between the local router and the Frame Relay switch. 2621A#sh frame lmi LMI Statistics for interface Serial0/0 (Frame Relay DTE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0

    Invalid Report Request 0 Num Status Enq. Rcvd 1748 Num Update Status Sent 0 2621A#

    Invalid Keep IE Len 0 Num Status msgs Sent 1748 Num St Enq. Timeouts 0

    The router output from the show frame-relay lmi command shows you LMI errors as well as the LMI type. 3. The show frame pvc will list all configured PVCs and DLCI numbers. It provides the status of each PVC connection and traffic statistics. It will also give you the number of BECN and FECN packets received on the router. 2621A#sho frame pvc PVC Statistics for interface Serial0/0 (Frame Relay DTE) DLCI = 16 , DLCI USAGE = LOCAL , PVC STATUS = ACTIVE , INTERFACE = Serial0/0.16 input pkts 11290 output pkts 11277 in bytes 898590 out bytes 899156 dropped pkts 2 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 11264 out bcast bytes 898468 pvc create time 13:25:57, last time pvc status changed 13:25:39 2621A# 4. You can also use the show interface command to check for LMI traffic. The show interface command displays information about the encapsulation as well as layer-2 and layer-3 information. The LMI DLCI is used to define the type of LMI being used. If it is 1023, it is the default LMI type of Cisco. If the LMI DLCI is zero, then it is the ANSI LMI type. 2621A#sho int s0/0 Serial0/0 is up, line protocol is up Hardware is PowerQUICC Serial Description: connection to 2811A MTU 1500 bytes, BW 1544 Kbit, DLY 20000 0. reliablility 255/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY, loopback not set Keepalive set (10) FR SVC disabled, LAPF state down LMI enq sent 41, LMI stat recvd 22, LMI upd recvd 0, DTE LMI down LMI enq recvd 4, LMI stat sent 0, LMI upd sent 0 LMI DLCI 0 LMI type is ANSI frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0 [output cut] 2621A# The show interface command displays line, protocol, DLCI and LMI information. 5. The show frame map command will show you the Network layer-to-DLCI mappings. 2621A#show frame map

    Serial0/0 (up):ip dlci 16(0x66,0x1860), broadcast status defined, active Serial0/0.16 (up): point-to-point dlci, dlci 16(0x66,0x1860), broadcast status defined, active 2621A#

    Practice Scenario: WAN Links Configure Frame Relay


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, WAN Links, and Configure Frame Relay.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    XYZ Widget Company has a simple WAN. The senior network administrator has asked you, the junior network administrator to configure both, the RENO and the Washington routers.

    Task:
    Configure Frame Relay as the WAN protocol On the RENO router, use a lmi type of cisco On the RENO router, use DLCI 17 On the RENO router, use sub interface S0/0/0.17 On the RENO router, use IP address 10.189.25.5/30 On the Washington router, use a lmi type of cisco On the Washington router, use DLCI 16 On the Washington router, use sub interface S0/1.16 On the Washington router, use IP address 10.189.25.6/3

    Practice Scenario: IP Addressing Scheme and IP Services Configure DHCP


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a

    red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, IP Addressing Scheme and IP Services, and Configure DHCP.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The senior network administrator at Green Product Inc has asked you, the junior network administrator to configure a DHCP address pool.

    Task:
    Configure a DHCP address pool on the InterVlan-RTR router The DHCP pool name is Fabrication_Network The DHCP pool network is 192.168.10.0/24 Exclude the first 50 addresses from the pool The default router is 192.168.10.1 The domain name is Green_Products_Inc.com The DNS server is 192.168.10.50 The DHCP lease time is 80 hours

    Practice Scenario: Basic Cisco Router Operations Configure Static or Default Routes
    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand.

    When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, Basic Cisco Router Operations, and Configure Static or Default Routes - 1.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The senior network administrator at Smoke-Alarm Inc would like you to setup static routing on all network routers.

    Task:
    Configure static routing on the R&D_R1 router Configure static routing on the MARKETING_R1 router Configure static routing on the Plant-1 router

    Practice Scenario: Basic Cisco Router Operations Configure Static or Default Routes
    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, Basic Cisco Router Operations, and Configure Static or Default Routes - 2 .

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The senior network administrator at Widget Inc would like you to setup default routing.

    Task:
    Configure default routing on the R&D_R1 router Configure default routing on the Plant-1 router

    Practice Scenario: Basic Cisco Router Operations Configure RIP Version 2


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, Basic Cisco Router Operations, and Configure RIP V2 .

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    CAMALOT Research Company has a simple inter-network. The senior network administrator has asked you, the junior network administrator to configure the RIP V2 routing protocol so that the simple inter-network can communicates.

    Task:
    Configure RIP V2 on all routers. Network Addresses KING_ARTHUR 192.168.100.0/24 192.168.200.0/24 192.168.80.0/24 192.168.100.0/24 192.168.90.0/24 192.168.200.0/24 192.168.70.0/24

    PHOENIX

    MERLIN

    Practice Scenario: NAT and ACLs Configure NAT


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, NAT and ACLs, and Configure NAT.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The senior network administrator at Gadget research company needs you to setup NAT. Make sure that all internal users can get to the internet.You have a company of 20 people that need continuous access to the internet. EIGRP has been configured on both internal routers.

    Task:
    Using subnet 40.0.0.16/28 configure Dynamic NAT/PAT on NAT-Router-1 On NAT-Router-1 configure a NAT pool named GADGET-NAT-POOL On NAT-Router-1 configure an access list for NAT On NAT-Router-1 configure a default route for NAT On the GADET-1 router configure a default route for NAT On the ISP-UUCOM configure static routing for network 40.0.0.16/28

    Practice Scenario: NAT and ACLs Troubleshoot NAT


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, NAT and ACLs, and Troubleshoot NAT.

    Scenario:
    The senior network administrator at the Round Table company utilizes NAT in her network. NAT was working yesterday but after readdressing the internal network NAT no longer works.

    Task:
    You have been asked to resolve the issue.

    Practice Scenario: WAN Links Configure Basic WAN Connection


    Try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with, a scenario, and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, WAN Links, and Configure Basic WAN Connection.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The local real-estate company NEW-MAX has a simple WAN. Configure both, the OHIO_HQ and OHIO_SALES_OFFICE routers using Ciscos default WAN protocol.

    Task:
    Configure HDLC as the WAN protocol for both routers On the OHIO_HQ router configure Serial 0/0/0 with an IP address of 1.1.1.1/30 On the OHIO_HQ router configure Serial 0/0/0 with a description of Conn-to OHIO_SALES_OFFICE On the OHIO_SALES_OFFICE router configure Serial 0/0/0 with an IP address of 1.1.1.2/30 On the OHIO_SALES_OFFICE router configure Serial 0/0/0 with a description of Conn-to OHIO_H

    Practice Scenario: WAN Links Configure PPP


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interact with, a scenario, and the task(s) at hand. When you have finished with this scenario ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this scenario The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, WAN Links, and Configure PPP.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    The local car dealership OHIO_SUV has a simple WAN. Configure both, the R1 and R2 routers using the Point-to-Point Protocol (PPP)

    Task:
    Configure PPP as the WAN protocol on both routers Configure PPP CHAP authentication on both routers On router R1, configure a host name of OHIO_HQ. On router R1, configure IP address 1.1.1.1/30 on Serial 0/0/0 On router R1, configure a user name of OHIO_SALES_OFFICE On router R1, configure a user name password of passthetoken On router R2, configure a host name of OHIO_SALES_OFFICE On router R2, configure IP address 1.1.1.2/30 on Serial 0/1 On router R2, configure a username of OHIO_HQ On router R2, configure a username password of passthetoken

    Practice Scenario: WAN Links Configure Frame Relay


    Now that you have learned about some concepts and completed some hands-on work, try your problem-solving and troubleshooting skills with the following task. To complete your task you will need a network to interfact with a scenario and the task(s) at hand. When you have finished with this lab ... You can check your work by clicking the Grade Me button in the upper right hand corner of the Network Visualizer screen.

    You will see a report that will display: The name of the command entered for this lab The expected configuration Your configuration The result for each command. You will see a green check mark (meaning that you got it correct) or a red X A score of the number of correct answers out of the total possible

    Network Layout:
    On the Network Visualizer screen, click on the Labs menu then choose Practice Scenarios, WAN Links, and Configure Frame Relay.

    Turn On Hostnames:
    In some of the practice labs we refer to the hostname of a device. Therefore, we need to make sure that Hostnames is turned on for this lab. On the Network Visualizer screen click View and then click Hostnames so that it has a checkmark next to it.

    Scenario:
    XYZ Widget Company has a simple WAN. The senior network administrator has asked you, the junior network administrator to configure both, the RENO and the Washington routers.

    Task:
    Configure Frame Relay as the WAN protocol On the RENO router, use a lmi type of cisco On the RENO router, use DLCI 17 On the RENO router, use sub interface S0/0/0.17 On the RENO router, use IP address 10.189.25.5/30 On the Washington router, use a lmi type of cisco

    On the Washington router, use DLCI 16 On the Washington router, use sub interface S0/1.16 On the Washington router, use IP address 10.189.25.6/3

    You might also like