This pack is a take-home study to complement the day schools that are part of T216 Cisco networking. All of the material can be repeated in many settings, applied in a professional context or practised using Packet Tracer or the NetLab+ system if you are taking the ALE. 1 Command reference 2 2 Router configuration 5 2.1 Basic router configuration 5 3 Redistribution, NAT, DHCP and VLANs 10 3.1 Redistribution from a static route to a dynamic routing protocol 10 3.2 Adding NAT and DHCP 12 3.3 To check DHCP 14 3.4 To check NAT 17 3.5 Adding VLANs 17 4 Open Shortest Path First (OSPF) and Access Control Lists (ACLs) 21 4.1 OSPF configuration 21 4.2 ACL configuration 23 5 Answers to questions 25 T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 2 1 Command reference Table 1 gives a list of some of the most important commands, in no particular order, and the results they generate. Table 1 List of commands Command Result enable enter Privilege mode configure terminal does what it says on the label copy running-config startup- config copies RAM to Flash for a restart erase startup-config erases Flash reload restarts router (warm) show interfaces lists all interfaces show ip route displays RIP and IGRP discovered routers show CDP neighbors (detail) displays discovered and associated Cisco devices not necessarily using a routing protocol ping can send echoes to routers and hosts (can vary packet size and number of hits) telnet Connects remotely to another router interface? selects the interface to configure ip address x.x.x.x s.s.s.s issues an interface with IP address x and subnet mask s shutdown terminates the operation of an interface no <command> reverses the operation of a command ip host X y.y.y.y z.z.z.z creates a host table entry X with associated addresses y and z etc. router <RIP/EIGRP(network number)/OSPF (process-id)> sets the routing protocol network x.x.x.x (w.w.w.w area x) declares the adjacent networks clock rate 56000 must be applied to the DCE on a serial link enable secret class sets Privilege mode password hostname X sets the hostname to X line con 0 sets the console exec mode password x have a guess line vty 0 4 sets the telnet password login enables remote access ? help! show interface e0/s0/s1 can show specifics for a given interface T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 3 show ip interface e0/s0/s1 can show IP specifics for a given interface show sessions/users shows who is connected to your router via console or telnet end/exit terminates session or configuration show version displays IOS version and memory details show arp lists Ethernet MAC addresses learnt from an adjoined network show clock time as always show flash shows non-volatile memory size show protocol IP settings along with other protocols show ip protocol IP and routing settings show history lists commands traceroute x.x.x.x shows hops from router to address x clear counters resets the interface counters for packets banner motd enables a message to be displayed at log-in description like a remark to be placed on an interface ip http server enables web-based interface on router config-register selects the boot source clear arp clears the current ARP table ip route x.x.x.x s.s.s.s x.x.x.x creates a static entry in the routing table ip route x.x.x.x s.s.s.s exit- interface redistribute static passes static route information across the routed protocol default-information originate passes default route information across the routed protocol router ospf process-id (global configuration command) configures an OSPF routing process; the no form terminates an OSPF routing process network address wildcard- mask area area-id (router configuration command) defines the interfaces on which OSPF runs and the area ID for those interfaces ip ospf priority number (interface configuration command) sets the router priority, which helps to determine the designated router for this network; the no form returns to the default value show ip ospf interface [type number] (EXEC command) displays OSPF-related interface information ip ospf authentication-key password (interface configuration command) assigns a password to be used by neighbouring routers that are using OSPFs simple password T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 4 authentication; the no form removes a previously assigned OSPF password area area-number authentication [message- digest] (router configuration command) configures area parameters such as authentication and summarisation ip ospf message-digest-key key-id md5 key (interface configuration command) enables OSPF Message Digest 5 (MD5) authentication; the no form removes an old MD5 key ip ospf hello-interval seconds (interface configuration command) specifies the interval between hello packets that the Cisco IOS software sends on the interface ip ospf dead-interval seconds (interface configuration command) specifies how long hello packets must not have been seen before its neighbours declare the router down default-information originate (router configuration command) generates a default route into OSPF; the no form disables this feature show ip ospf (EXEC command) displays general information about OSPF routing processes show ip ospf neighbor detail (EXEC command) displays OSPF-neighbour information on a per-interface basis debug ip ospf adj (privileged EXEC command) displays all OSPF adjacency events debug ip ospf events (privileged EXEC command) displays all OSPF events
T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 5 2 Router configuration 2.1 Basic router configuration
Before you start any exercise you will need to repeat this task from Day School 1. In teams this can be accomplished in 20 minutes. Figure 1 shows the correct interface identities for a 2600-series router. If you have a 2500-series router, the interfaces should read e0, s0 and s1; if you have a 2800-series router the interface identities are Gi0/0, s0/0/0, and so on. Later in the day you will also be using the switches shown in this diagram. For the time being, please concentrate on R1, R2 and R3 shown in Figure 2. Tip: when you get the system started, there is a command show ip interfaces brief which will always list all interfaces and all identifiers. Also, many routers have the interface id printed on the side, in small type. If you are working on a NetLab system for the ALE, all this will already have been done for you.
Figure 1
T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 6
Figure 2 The console port (shown in Figure 3) is a direct serial connection between your computer and the router. This will enable you to configure the device. The computer will need a DB9 adapter, and the connection is accomplished with a rollover cable.
Figure 3
Tip: you can complete the two labs for Day School 2 see sections 3 and 4 in whichever order you like. You may find that copying the relevant commands into a text-editor file (e.g. Notepad) for continued reuse will speed up the reconfiguration process after each exercise. If you are completing the alternative learning experience (ALE), Netlab+ has a copy- and-paste clipboard feature that enables you to insert commands from your own computer in a similar manner.
To access the router from the personal computer you will need to use a terminal emulator. Tera Term is a popular application that is easily found on the internet. Alternatively, you can use HyperTerminal, which is installed by default on all Windows versions. T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 7 You will need to create a connection. You can use the com1 port which is usual or any other port available on your computer. Figure 4 shows you how to create a connection.
Figure 4 Cable up the routers, connect them to the computers and start them (using the switch at the back). The purpose of this practical exercise will be to configure this three-router network with three LANs and three WANs, IP addresses and subnets. Figure 5 shows the final configuration.
Figure 5 T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 8 Table 2 gives the command configuration sequence. Table 2 Command configuration sequence Router Command Purpose (student to complete) All Enable All configure terminal R1 hostname cornwall R2 hostname somerset R3 hostname devon All interface s0 (or s0/0 or s0/0/0) [remember you need to check]
Only DCE! end clock rate 56000 All read plan seen in Fig. 5 ip address x.x.x.x s.s.s.s Hint: x.x.x.x is the ip address; s.s.s.s is the subnet mask, /24 is 255.255.255.0
All no shutdown All interface s1 (or s0/1 or s0/0/1)
Only DCE! clock rate 56000 All read plan ip address x.x.x.x s.s.s.s All no shutdown All interface e0 (or fa0/0 or Gi0/0)
All ip address x.x.x.x s.s.s.s All no shutdown All interface e1 (or fa0/1 or Gi0/1)
All ip address x.x.x.x s.s.s.s All no keepalive Note: that there must be nothing connected to this port for this command to be valid device connected. All no shutdown All end All copy run start Tip: you could also try ... wr T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 9 To test All show ip interface brief All ping x.x.x.x (must be adjacent router IP address)
Do not progress until adjacent routers can ping each other, they will not be able to ping afar yet. Notes:
T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 10 3 Redistribution, NAT, DHCP and VLANs 3.1 Redistribution from a static route to a dynamic routing protocol Many networks will have a combination of static and dynamic routing taking place; this is commonplace when you have a stub (out on a limb) system connected to the main network infrastructure. Tip: before commencing, you will need to ensure that the system is back to the basic configuration found in section 2. Netlab+ tip: if you are using Netlab+, you may wish to use a basic router pod or the MAP system. Note that he serial link between R1 and R3 is not being used; you may need to shut down these interfaces. In addition for the MAP system, ports fa0/5 and 6 on S1 need to be in shut mode and interface gi0/1 on s1 needs no keep alive command to enable pings to it. If you are at a day school, ignore the Netlab+ advice. This exercise is an adaptation of the standard structure used in T216, and assumes the core structure is already configured (Figure 6).
Figure 6 T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 11 Table 3 shows the necessary command sequence for redistribution from static to dynamic routing. Table 3 Command sequence for redistribution from static to dynamic routing Router Command Purpose (student to complete) All configure terminal Cornwall router eigrp 123 network 1.0.0.0 network 192.168.1.0 network 192.168.2.0 Somerset router eigrp 123 redistribute static Network 1.0.0.0 Network 10.0.0.0 ip route 172.16.0.0 255.255.255.0 2.0.0.2 Devon ip route 0.0.0.0 0.0.0.0 Serial1 (or s0/1 or s0/0/1)
Compare routing tables by using the show ip route command. Try pinging from Devon to a LAN on Cornwall. Also try pinging from the 10.1.1.0 LAN on Somerset to Devon and Cornwall. Why can you not ping from Somerset or Cornwall to the 172.17.0.0 network on Devon? What do you need to do to rectify this?
Netlab+ tip: if you are using Netlab+ you will need to configure and use PCs A, B and C. If you are at a day school, ignore the Netlab+ advice. T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 12 3.2 Adding NAT and DHCP Before you commence, refer back to Figure 1: PCA and PCC will need to be connected to the E0 (or Fa0/0) connections on Cornwall (R1) and Devon (R3). If you are using Netlab+ this will be available by default, using one of the virtual machines. Now refer to Table 4, which has the NAT and DHCP commands for Cornwall and Devon; there is nothing to configure on Somerset. Table 4 Clearing the configuration Router Command Purpose Cornwall configure terminal access-list 1 permit 192.168.1.0 0.0.0.255 ACLs are used for traffic control as well as creating decision-based rules ip nat inside source list 1 interface fastethernet0/0 overload Or E0 or Gi0/0 interface fastethernet 0/0 Or E0 or Gi0/0 ip nat inside interface serial0/0 Or s0 or s0/0/0 ip nat outside Exit service dhcp Optional depending on router being used ip dhcp pool cornwallpool network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.2 domain-name cornwall.open.ac.uk This will not work in the real world Exit ip dhcp excluded-address 192.168.1.1 192.168.1.10
End copy run start Devon configure terminal access-list 1 permit 172.17.0.0 0.0.0.255 ACLs are used for traffic control as well as creating decision-based rules T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 13 ip nat inside source list 1 interface fastethernet0/0 overload Or E0 or Gi0/0 interface fastethernet 0/0 Or E0 or Gi0/0 ip nat inside interface serial0/1 Or s1 or s0/0/1 ip nat outside exit service dhcp Optional depending on router being used ip dhcp pool devonpool network 172.17.0.0 255.255.255.0 default-router 172.17.0.1 dns-server 172.17.0.2 domain-name devon.open.ac.uk This will not work in the real world exit ip dhcp excluded-address 172.17.0.1 172.17.0.10
end copy run start
T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 14 3.3 To check DHCP Make sure that your computer has DHCP (obtain an IP address automatically) set (see Figure 7). Depending on your version of operating system, this option may appear in different parts of the system, if you go via control panel/network settings (or a similarly named area) you will eventually drill down to the IPv4 settings for your network card. Netlab+ tip: if you are using Netlab+, you will need to configure and use PCs A, B and C. If you are at a day school, ignore the Netlab+ advice. If you are getting spurious information, apply the shutdown command to Fa0/18 on S2.
Figure 7 Start the command prompt (Figure 8). This may also be available via the start menu or other ways. T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 15
Figure 8 T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 16 Run ipconfig to check that the DHCP address has been obtained (see Figure 9 though in this example a different network is in use).
Figure 9 Run ipconfig /release to remove an automatic addressing (Figure 10).
Figure 10 Run ipconfig /renew to receive a new DHCP licensed address (Figure 11 is representative).
Figure 11 T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 17 3.4 To check NAT You must ping the nearside interface on an afar router from the host on the LAN; from the computer on the Cornwall LAN you must ping 1.0.0.2 -t (note that the -t means continuous no timeout). On each router, issue the clear ip nat translation * command and the show ip nat translations commands.
3.5 Adding VLANs Continuing from the previous steps, add two individual switches to E1 (Fa0/1) on Cornwall and E1 (Fa0/1) on Devon. As shown in Figure 12, E5 is port 5 or Fa0/5. Remember this is the base network, which is the MAP (multi-access pod) on Netlab+ so the switches should already be available.
Figure 12
Table 5 shows a sequence of commands for S1 and S3, enabling three VLANs. T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 18 Table 5 VLAN configuration Router Command Purpose S1 enable del vlan.dat configure terminal hostname cornwall_LAN vlan 10 name core exit vlan 20 name Camborne exit vlan 30 name StIves exit vlan 40 name Penzance exit interface range fa0/1 - 5 no shutdown switchport mode access switchport access vlan 10 exit interface range fa0/6 - 10 no shutdown switchport mode access switchport access vlan 20 exit interface range fa0/11 - 15 no shutdown T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 19 switchport mode access switchport access vlan 30 exit interface range fa0/16 - 20 no shutdown switchport mode access switchport access vlan 40 exit S3 enable del vlan.dat configure terminal hostname devon_LAN vlan 10 name core exit vlan 20 name Exeter exit vlan 30 name Barnstaple exit vlan 40 name Torquay exit interface range fa0/1 - 5 no shutdown switchport mode access switchport access vlan 10 exit interface range fa0/6 - 10 T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 20 no shutdown switchport mode access switchport access vlan 20 exit interface range fa0/11 - 15 no shutdown switchport mode access Netlab+ tip: if you are using Netlab+ you will notice CDP native vlan mismatch warnings. Ignore these unless you have shut down ports from S1 to S2 and S3, as well as S2 to S1 and S3.
switchport access vlan 30 exit interface range fa0/16 - 20 no shutdown switchport mode access switchport access vlan 40 exit
On each switch, issue a show vlan command. How has the switch been reorganised? When you have completed this lab you must complete the commands shown in Table 6, on all devices. Table 6 Clearing the configuration Router Command Purpose (student to complete) All erase start All reload
Tip: did you read the tip at the end of section 2?
T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 21 4 Open Shortest Path First (OSPF) and Access Control Lists (ACLs) 4.1 OSPF configuration
OSPF is a multi-area protocol, which can be configured to ensure that it listens for updates on a range of possible interface addresses. This means that it uses the wildcard mask, synonymous with ACLs, to add simple decision-making to routing. Before commencing you will need to ensure that the system is back to the basic configuration found in section 2. This exercise is an adaptation of the standard structure used in T216, and assumes that the core structure is already configured. Figure 13 shows the set-up required, and Table 6 shows the necessary command sequence.
Figure 13 Table 6 OSPF command sequence Router Command Purpose (student to complete) All show run Check your running configuration All show ip interface brief Check your interfaces are up All configure terminal All router ospf 1 Note: this is the process id, not the area Cornwall network 1.0.0.0 0.0.0.255 area 0 network 3.0.0.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 0 Somerset network 1.0.0.0 0.0.0.255 area 0 network 2.0.0.0 0.0.0.255 area 0 T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 22 network 10.1.1.0 0.0.0.255 area 0 network 10.2.2.0 0.0.0.255 area 0 Devon network 3.0.0.0 0.0.0.255 area 0 network 2.0.0.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0 network 172.17.0.0 0.0.0.255 area 0 All End All Copy run start All Show ip route All Show ip ospf All Show ip ospf neighbors If session time permits: Cornwall Interface s0, s0/0 or s0/0/0 ip ospf priority 33 Interface s1, s0/1, or s0/0/1 ip ospf priority 33 Somerset Interface s0 ip ospf priority 66 Interface s1, s0/1, or s0/0/1 ip ospf priority 66 Devon Interface s0, s0/0 or s0/0/0 ip ospf priority 99 Interface s1, s0/1, or s0/0/1 ip ospf priority 99 All End All Copy run start All Clear ip ospf process This must be done simultaneously on all routers. All Show ip ospf neigbors
Like most complex routing protocols, OSPF timers and router priorities can be adapted. Using a loopback interface, how would you add another entry to the OSPF routing tables? You may need to complete a little research on how this command works. Netlab+ tip: if you are using Netlab+, you will need to shut down ports fa0/5 and 6 on S1 and fa0/5 and 18 on S3. T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 23 4.2 ACL configuration In this exercise you should reuse the base configuration from the OSPF exercise (see Figure 13). Any suggested additions you may have made should not affect this exercise. Table 8 shows the syntax of the ACL commands you will use in this exercise. ACLs are complex, powerful and subtle commands. For the range of commands available, refer to the Cisco material. Table 8 ACL command syntax Command Result access-list 101 deny tcp/udp/icmp x.x.x.x w.w.w.w y.y.y.y w.w.w.w eq port (or echo) Blocks specific class of traffic x is the source address w is wildcard y is the destination address access-list 101 permit ip any any Allows any other traffic ip access-group 101 in/out Applies access list to inbound/outbound traffic
The rules will be as follows: stop a LAN on Somerset from reaching (pinging) a LAN on Cornwall stop a LAN on Cornwall from reaching (pinging) a LAN on Devon stop a LAN on Devon from reaching (pinging) a LAN on Somerset allow all other traffic. Table 9 shows the command sequence for extended ACLs. Table 9 Command sequence for extended ACLs Router Command All configure terminal Cornwall access-list 101 deny icmp 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255 echo Devon access-list 101 deny icmp 192.168.2.0 0.0.0.255 172.16.0.0 0.0.0.255 echo Somerset access-list 101 deny icmp 172.17.0.0 0.0.0.255 10.2.2.0 0.0.0.255 echo All access-list 101 permit ip any any All interface s0 (or s0/0) ip access-group 101 in interface s1 (or s0/1) ip access-group 101 in All Complete an extended ping from your router to the banned LAN
Note: check the syntax of the ACL command if you are using Packet Tracer. T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 24
To test the ACLs you must use an extended ping similar to the example in Table 10. This tests whether the ACLs on Cornwall are responding to traffic from Somerset. Table 10 Extended ping Router Command (note that there may be some variations) Somerset ping <hit enter>
Protocol [ip]: <hit enter> Target IP address: 192.168.1.1 Repeat count [5]:10 Datagram size [100]: <hit enter> Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.1.1.1 Then press [n] for all other options
Somerset ping <hit enter>
Protocol [ip]: <hit enter> Target IP address: 192.168.2.1 Repeat count [5]:10 Datagram size [100]: <hit enter> Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.1.1.1 Then press [n] for all other options
Which of the above works, and which does not? A working ping has an exclamation mark !; one that has no reply has a full stop .. Change the addresses to prove/disprove the ACLs working on Somerset and Devon. When you have completed this lab you must complete the commands shown in Table 11, on all devices. Table 11 Clearing the configuration Router Command Purpose (student to complete) All erase start All reload Tip: did you read the tip at the end of section 3?
T216 Cisco networking (CCNA) Day School 2: Practical Resource Pack for CCNA v5 | 25 5 Answers to questions Do resist reading this section until you have completed or at least attempted the day school or ALE. 3.1 Redistribution: Why can you not ping from Somerset or Cornwall to the 172.17.0.0 network on Devon? What do you need to do to rectify this? o You need to add the missing network in Somerset. There are many ways to accomplish this. The simplest would be to add the missing network: ip route 172.17.0.0 255.255.255.0 2.0.0.2 o But a more subtle method would be to create an aggregate entry, by changing the subnet mask: ip route 172.16.0.0 255.255.240.0 2.0.0.2 o This would include networks 172.16.0.0 through to 172.31.0.0 (all private class B networks) reducing the need to update the router with static routes for each new private system.
3.5 Adding VLANs: On each switch, issue a show vlan command. How has the switch been organised? o Your ports should now be arranged next to each of the VLANs. Some ports will remain unassigned and should be collected in VLAN1.
4.1 OSPF configuration: Using a loopback interface, how could you add another entry to the OSPF routing tables? o Adding a loopback interface is not dissimilar to adding a normal real interface. Loopbacks are used as IDs on routers and often help create large routing tables when there is a limit on the number of physical interfaces available. o Looking at Table 12, you could apply this to Somerset.
Table 12 Adding a loopback Router Command Notes Somerset configure terminal interface loopback 1 Creates the loopback interface ip address 99.99.99.99 255.255.255.0 no shutdown This should not be needed router ospf 1 network 99.99.99.0 0.0.0.255 area 0 Cornwall show ip route 4.2 ACL configuration: Which of the above works, and which does not? o The ping will work for the network allowed, and not work for the network that is blocked. Confirm this with the ACL command being used on the Devon router.