Professional Documents
Culture Documents
Switching: Introduction
to Networks
Instructor Lab Manual
Lab - Initializing
L
g and Re
eloading
g a Routter and Switch
S
(Instructo
or
V
Version)
Instructor No
ote: Red font color or Grayy highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
O
Objectives
Part 1: Se
et Up Device
es in the Netw
work as Show
wn in the To
opology
Part 2: Initialize the Router
R
and Reload
Part 3: Initialize the Switch
S
and Reload
B
Backgroun
nd / Scenarrio
Before sta
arting a CCNA
A hands-on la
ab that makess use of either a Cisco routter or switch, ensure that the
t
devices in
n use have be
een erased an
nd have no sttartup configu
urations prese
ent. Otherwise
e, the results of your
lab may be
b unpredictab
ble. This lab provides
p
a de
etail procedure
e for initializin
ng and reload
ding a Cisco ro
outer and
a Cisco sw
witch.
Note: The
e routers used
d with CCNA hands-on lab
bs are Cisco 1941
1
Integrate
ed Services Routers
R
(ISRss) with
Cisco IOS
S Release 15..2(4)M3 (univversalk9 image). The switches used are Cisco Catalyyst 2960s with
h Cisco
IOS Relea
ase 15.0(2) (lanbasek9 ima
age). Other ro
outers, switch
hes, and Ciscco IOS version
ns can be use
ed.
Depending on the mod
del and Cisco IOS version, the comman
nds available and
a output prroduced migh
ht vary
from whatt is shown in the
t labs.
R
Required
R
Resources
1 Rou
uter (Cisco 19
941 with Cisco
o IOS softwarre, Release 15.2(4)M3 universal image or comparab
ble)
1 Switch (Cisco 29
960 with Cisco
o IOS Release 15.0(2) lanb
basek9 image
e or compara
able)
2 PCss (Windows 7,
7 Vista, or XP
P with termina
al emulation program,
p
such
h as Tera Term)
Conso
ole cables to configure the
e Cisco IOS devices via the
e console porrts
P 1:
Part
S Up De
Set
evices in the Netw
work as Shown in the
t Topo
ology
S
Step
1: Ca
able the netw
work as sho
own in the topology.
t
Attach console cables to the devices shown in th
he topology diiagram.
Page 1 of 4
Part 2:
Note: You may receive a prompt to save the running configuration prior to reloading the router. Respond
by typing no and press Enter.
System configuration has been modified. Save? [yes/no]: no
Part 3:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
Step 2: Determine if there have been any virtual local-area networks (VLANs) created.
Use the show flash command to determine if any VLANs have been created on the switch.
Switch# show flash
Directory of flash:/
2
3
4
5
6
-rwx
-rwx
-rwx
-rwx
-rwx
1919
1632
13336
11607161
616
Mar
Mar
Mar
Mar
Mar
1
1
1
1
1
1993
1993
1993
1993
1993
00:06:33
00:06:33
00:06:33
02:37:06
00:07:13
+00:00
+00:00
+00:00
+00:00
+00:00
private-config.text
config.text
multiple-fs
c2960-lanbasek9-mz.150-2.SE.bin
vlan.dat
You will be prompted to verify the file name. At this point, you can change the file name or just press
Enter if you have entered the name correctly.
b. When you are prompted to delete this file, press Enter to confirm the deletion. (Pressing any other key will
abort the deletion.)
Delete flash:/vlan.dat? [confirm]
Switch#
Note: You may receive a prompt to save the running configuration prior to reloading the switch. Type no
and press Enter.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
Reflection
1. Why is it necessary to erase the startup configuration before reloading the router?
_______________________________________________________________________________________
The startup configuration file is loaded into memory and becomes the running-config after the router reloads.
Erasing this file allows the router to return to its basic configuration after a reload.
2. You find a couple configurations issues after saving the running configuration to the startup configuration, so
you make the necessary changes to fix those issues. If you were to reload the device now, what configuration
would be restored to the device after the reload?
_______________________________________________________________________________________
The configuration at the time of the last save is restored to the device after a reload. Any changes made to
the running configuration after the last save would be lost.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
Objectives
Part 1: Install the IPv6 Protocol on a Windows XP PC
Background / Scenario
The Internet Protocol Version 6 (IPv6) is not enabled by default in Windows XP. Windows XP includes IPv6
implementation, but the IPv6 protocol must be installed. XP does not provide a way to configure IPv6 static
addresses from the Graphical User Interface (GUI), so all IPv6 static address assignments must be done
using the Network Shell (netsh) utility.
In this lab, you will install the IPv6 protocol on a Windows XP PC. You will then assign a static IPv6 address
to the LAN interface.
Required Resources
1 Windows XP PC
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 5
Installing the IPv6 Protocol and Assigning Host Addresses with Windows XP
b. At the prompt, enter a question mark (?) and press Enter to provide the list of available parameters.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 5
Installing the IPv6 Protocol and Assigning Host Addresses with Windows XP
c.
Type interface ? and press Enter to provide the list of interface commands.
Note: You can use the question mark (?) at any level in the netsh utility to list the available options. The
up arrow can be used to scroll through previous netsh commands. The netsh utility also allows you to
abbreviate commands, as long as the abbreviation is unique.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 5
Installing the IPv6 Protocol and Assigning Host Addresses with Windows XP
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 5
Installing the IPv6 Protocol and Assigning Host Addresses with Windows XP
Reflection
1. How would you renew your LAN interface address information from the netsh utility?
Hint: Use the question mark (?) for help in obtaining the parameter sequence.
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers may vary, but from the command prompt you would issue the netsh interface ipv6 renew
command.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 5
Objectives
Networks are made of many different components
In this activity, you will visualize how you are connected, through the Internet, to those places, people, or
businesses with whom (or which) you interact on a daily basis. After reflection and sketching your homes or
schools topology, you can draw conclusions about the Internet that you may not have thought of prior to this
activity.
Background / Scenario
Draw and label a map of the Internet as you interpret it now. Include your home or school/university location
and its respective cabling, equipment, devices, etc. Some items you may want to include:
Devices or equipment
Media (cabling)
Upon completion, save your work in a hard-copy format, it will be used for future reference at the end of this
chapter. If it is an electronic document, save it to a server location provided by your instructor. Be prepared to
share and explain your work in class.
For an example to get you started, please visit: http://www.kk.org/internet-mapping
Instructor Note: This Modeling Activity is not intended to be a graded assignment. Its purpose is to help
students to reflect on their perceptions of how a network is set up for personal use. Discussion should be
facilitated by the instructor as a result of this activity. Facilitation of the discussion should include student-tostudent discussions of each others work.
Required Resources
Internet access
Paper and pencils or pens (if students are creating a hard copy)
Reflection
1. After reviewing your classmates drawings, were there computer devices that you could have included on your
diagram? If so, which ones and why?
_______________________________________________________________________________________
Answers will vary.
2. After reviewing your classmates drawings, how were some of the model designs the same or different?
What modifications would you make to your drawing after reviewing the other drawings?
_______________________________________________________________________________________
Answers will vary.
3. In what way could icons on a network drawing provide a streamlined thought process and facilitate your
learning? Explain your answer.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
D
Draw
Your Concept of the Internet
________
___________
____________
___________
___________
____________
____________
___________
________
Students should note that having a set of represe
entative iconss will assist th
hem in learnin
ng how to draw
w/design
network re
epresentation
n. It consolida
ates informatio
on, and is eassily understoo
od by others who
w understa
and what
the icons represent. It is a form of shorthand for people
p
in the same industrry.
Initial Netw
work Diagra
ams and Network
N
Co
omponents
s will vary
y. A very basic netw
work
d
design
representatio
on from the
e website is
s depicted
d below (this diagram
m is for Insttructor
r
reference.)
)
Page 2 of 2
Objectives
Part 1: Use Collaboration Tools
Background / Scenario
Network collaboration tools give people the opportunity to work together efficiently and productively without
the constraints of location or time zone. Collaborative tool types include document sharing, web meetings,
and wikis.
In Part 1, you will identify collaboration tools that you currently use. You will also research some popular
collaborative tools used today. In Part 2, you will work with Google Drive. In Part 3, you will investigate
Conferencing and Web meeting tools and, in Part 4, you will work with wikis.
Instructor Note: This lab may be assigned as homework.
Required Resources
Device with Internet access
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 17
b. On the Google Accounts web page, if you already have a Google account, you can sign in now;
otherwise, click SIGN UP.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 17
On the Create a new Google Account web page, fill out the form to the right. The name you enter in the
Choose your username field becomes the account name. It is not necessary to supply your mobile
phone or current email address. You must agree to the Google Terms of Service and Privacy Policy
before clicking Next step.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 17
b. Click the CREATE button to display a drop-down menu that allows you to select the type of document to
create. Choose Document.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 17
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 17
Here on the Sharing settings web page, in the Add people text field, you can enter Google email names,
email addresses, or groups with whom to share this document.
d. As soon as you start entering information into the Add people box, the box provides more options. The
Can edit drop-down menu allows you to choose the document privileges (Can edit, Can comment, Can
view) for the people you add. You can also specify how to notify these people of this document (Send a
copy to myself or Paste the item itself into the email). Click Share & save.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 17
All users with share privileges can view this document at the same time. Users with edit privileges can
edit this document while others view it.
g. If the document is being viewed by someone while you are in it, you can see who they are by clicking the
other viewer(s) drop-down menu (in the upper-right corner of the document).
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 17
Any web browser can be used to view or edit pages or create new content.
Edit and auto links are available to edit a page and automatically link pages. Text formatting is similar to
creating an email.
Access control can be set by the topic creator, defining who is permitted to edit content.
In this part of the lab, you will use the Google account that you created in Part 2 and create a wiki page in
Google Sites.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 17
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 17
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 17
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 17
c.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 17
b. Click Save after you make your changes. This takes you out of page edit mode.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 17
b. In the Name your page field, enter a page name. In the example below, the name Routers is used as the
topic for this page.
c.
Click the Web Page drop-down menu and select Announcements. Google uses this term to indicate a
wiki page.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 17
e. Your new wiki page, called Routers, displays and has a New post menu option that allows information to
be added to the page. (Notice that the left sidebar has a new link to allow your site visitors access to this
page.)
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 17
c.
As soon as you start entering information into the Add people box, the box provides more options. The
Can edit drop-down menu allows you to choose the document privileges (Can edit, Can comment, Can
view) for the people you add. You can also specify how to notify these people of this document (Send a
copy to myself or Paste the item itself into the email). Click Share & save.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 17
Wikipedia http://www.wikipedia.org/
Reflection
1. Can you think of other collaboration tools used in the business world today?
_______________________________________________________________________________________
Answers will vary.
2. What collaboration tools do you see as useful to a network administrator?
_______________________________________________________________________________________
Answers will vary.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 17
Objectives
Part 1: Survey Your Understanding of Convergence
Part 2: Research ISPs Offering Converged Services
Part 3: Research Local ISPs Offering Converged Services
Part 4: Select Best Local ISP Converged Service
Part 5: Research Local Company or Public Institution Using Convergence Technologies
Background / Scenario
Convergence in the context of networking is a term used to describe the process of combining voice, video,
and data communications over a common network infrastructure. Converged networks have existed for some
time, but were only feasible in large enterprise organizations because of the network infrastructure
requirements and complex management required to make them work seamlessly. Technology advances have
made convergence readily available to large, medium, and small businesses, as well as for the home
consumer.
In Part 1, you will describe your current understanding of convergence and any experience you have with it.
In Part 2, you will research which providers have this service, regardless of geographical location, using the
predefined form included in the lab.
In Part 3, you will research which local ISPs in your area offer converged services for end-user consumers,
using the predefined form included in the lab.
In Part 4, you will select the ISP you like best for home use and list the reasons why.
In Part 5, you will find a local company or public institution using convergence technologies in their business,
using the predefined form included in the lab.
Required Resources
Device with Internet access
Step 1: Describe convergence as you understand it and give examples of its use in the home.
Write a definition of convergence and list some examples.
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 4
Comcast
AT&T
AT&T U-verse
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
Product Name of
Converged Service
Download Speed
Comcast
$89.99
Varies 10 to 16 Mbps
$99.99
10 Mbps
AT&T
U-Verse
$59.00
3Mbps Download
Industry
Convergence Technologies
Information Technology
Woodward, Inc.
Aerospace
Reflection
1. What are some of the advantages of using convergence technologies?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
Objectives
Part 1: Test Network Connectivity Using Ping
Part 2: Trace a Route to a Remote Server Using Windows Tracert
Part 3: Trace a Route to a Remote Server Using Web-Based and Software Tools
Part 4: Compare Traceroute Results
Background
Route tracing computer software is a utility that lists the networks data has to traverse from the user's
originating end device to a distant destination network.
This network tool is typically executed at the command line as:
tracert <destination network name or end device address>
(Microsoft Windows systems)
or
traceroute <destination network name or end device address>
(Unix and similar systems)
Route tracing utilities allow a user to determine the path or routes as well as the delay across an IP network.
Several tools exist to perform this function.
The traceroute (or tracert) tool is often used for network troubleshooting. By showing a list of routers
traversed, it allows the user to identify the path taken to reach a particular destination on the network or
across internetworks. Each router represents a point where one network connects to another network and
through which the data packet was forwarded. The number of routers is known as the number of "hops" the
data traveled from source to destination.
The displayed list can help identify data flow problems when trying to access a service such as a website. It
can also be useful when performing tasks such as downloading data. If there are multiple websites (mirrors)
available for the same data file, one can trace each mirror to get a good idea of which mirror would be the
fastest to use.
Two trace routes between the same source and destination conducted some time apart may produce different
results. This is due to the "meshed" nature of the interconnected networks that comprise the Internet and the
Internet Protocols ability to select different pathways over which to send packets.
Command-line-based route tracing tools are usually embedded with the operating system of the end device.
Other tools, such as VisualRoute, are proprietary programs that provide extra information. VisualRoute
uses available online information to graphically display the route.
This lab assumes the installation of VisualRoute. If the computer you are using does not have VisualRoute
installed, you can download the program using the following link:
http://www.visualroute.com/download.html
If you have any trouble downloading or installing VisualRoute, ask your instructor for assistance. Ensure that
you download the Lite Edition.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 14
Scenario
Using an Internet connection, you will use three route tracing utilities to examine the Internet pathway to
destination networks. This activity should be performed on a computer that has Internet access and access to
the command line. First, you will use the Windows embedded tracert utility. Second, you will use a web-based
traceroute tool (http://www.subnetonline.com/pages/network-tools/online-traceroute.php). Finally, you will use
the VisualRoute traceroute program.
Instructor Note: Many schools do not have access to the command prompt. Traceroutes are included in
Appendix A for your use. Depending on the situation, this lab can be assigned in the classroom, as homework
or can be performed by the instructor as a walk-through demonstration.
Free software programs like VisualRoute can quickly go out of date. If VisualRoute Lite Edition is no longer
available when you are using this lab, type into your favorite search engine, download visual traceroute tool.
Some institutions disable ICMP echo replies used by both ping and traceroute utilities. Before students begin
this activity, make sure there are no local restrictions related to ICMP datagrams. This activity assumes that
ICMP datagrams are not restricted by any local security policy.
Required Resources
1 PC (Windows 7, Vista, or XP with Internet access)
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 14
d. The first output line displays the Fully Qualified Domain Name (FQDN) e144.dscb.akamaiedge.net. This
is followed by the IP address 23.1.48.170. Cisco hosts the same web content on different servers
throughout the world (known as mirrors). Therefore, depending upon where you are geographically, the
FQDN and the IP address will be different.
e. From this portion of the output:
Four pings were sent and a reply was received from each ping. Because each ping was responded to,
there was 0% packet loss. On average, it took 54 ms (54 milliseconds) for the packets to cross the
network. A millisecond is 1/1,000th of a second.
Instructor Note: If the first ICMP packet times out, this could be a result of the PC resolving the
destination address. This should not occur if you repeat the ping as the address is now cached.
Streaming video and online games are two applications that suffer when there is packet loss, or a slow
network connection. A more accurate determination of an Internet connection speed can be determined
by sending 100 pings, instead of the default 4. Here is how to do that:
f.
Now ping Regional Internet Registry (RIR) websites located in different parts of the world:
For Africa:
C:\> ping www.afrinic.net
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 14
For Australia:
C:\> ping www.apnic.net
For Europe:
C:\> ping www.ripe.net
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 14
All these pings were run from a computer located in the U.S. What happens to the average ping time in
milliseconds when data is traveling within the same continent (North America) as compared to data from
North America traveling to different continents?
____________________________________________________________________________________
Answer varies based on location. In the data above, the average ping time in milliseconds dramatically
increases.
What is interesting about the pings that were sent to the European website?
____________________________________________________________________________________
At the time that these pings were sent, the site was unreachable.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 14
Run tracert for each destination website and save the output in sequentially numbered files.
C:\> tracert www.afrinic.net
C:\> tracert www.lacnic.net
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 14
In the example output shown above, the tracert packets travel from the source PC to the local router
default gateway (hop 1: 192.168.1.1) to the ISPs Point of Presence (POP) router (hop 2: 10.18.20.1).
Every ISP has numerous POP routers. These POP routers are at the edge of the ISPs network and are
the means by which customers connect to the Internet. The packets travel along the Verizon network for
two hops and then jump to a router that belongs to alter.net. This could mean that the packets have
traveled to another ISP. This is significant because sometimes there is packet loss in the transition
between ISPs, or sometimes one ISP is slower than another. How could we determine if alter.net is
another ISP or the same ISP?
e. There is an Internet tool known as whois. The whois tool allows us to determine who owns a domain
name. A web-based whois tool is found at http://whois.domaintools.com/. This domain is also owned by
Verizon according to the web-based whois tool.
To summarize, Internet traffic starts at a home PC and travels through the home router (hop 1). It then
connects to the ISP and travels through its network (hops 2-7) until it arrives at the remote server (hop 8).
This is a relatively unusual example in which there is only one ISP involved from start to finish. It is typical
to have two or more ISP involved as displayed in the following examples.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 14
What happens at hop 7? Is level3.net the same ISP as hops 2-6, or a different ISP? Use the whois tool to
answer this question.
____________________________________________________________________________________
The Internet traffic goes from being on alter.net to level3.net. The whois tool reveals that this is a
separate company/separate ISP.
What happens in hop 10 to the amount of time it takes for a packet to travel between Washington D.C.
and Paris, as compared with the earlier hops 1-9?
____________________________________________________________________________________
In hops 1-9 most packets traverse their link in 50 ms or less. On the Washington D.C. to Paris link, the
time increases to 132 ms.
What happens in hop 18? Do a whois lookup on 168.209.201.74 using the whois tool. Who owns this
network?
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 14
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 14
pera.subnetonline.com (141.138.203.105)
gw-v130.xl-is.net (141.138.203.1)
rt-eu01-v2.xl-is.net (79.170.92.19)
akamai.telecity4.nl-ix.net (193.239.116.226)
www.afrinic.com:
TracePath Output:
1:
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
pera.subnetonline.com (141.138.203.105)
0.175ms pmtu 1500
gw-v130.xl-is.net (141.138.203.1)
0.920ms
rt-eu01-v2.xl-is.net (79.170.92.19)
0.556ms
xl-internetservices.nikhef.openpeering.nl (217.170.0.225) 10.679ms
r22.amstnl02.nl.bb.gin.ntt.net (195.69.144.36)
asymm 5
4.412ms
ae-5.r23.londen03.uk.bb.gin.ntt.net (129.250.5.197)
49.349ms
ae-2.r02.londen03.uk.bb.gin.ntt.net (129.250.5.41)
asymm 7
8.842ms
dimensiondata-0.r02.londen03.uk.bb.gin.ntt.net (83.231.235.222) 18.080ms
168.209.201.74 (168.209.201.74)
196.375ms
csw4-pkl-gi1-1.ip.isnet.net (196.26.0.101)
asymm 10 186.855ms
196.37.155.180 (196.37.155.180)
185.661ms
fa1-0-1.ar02.jnb.afrinic.net (196.216.3.132)
197.912ms
How is the traceroute different when going to www.cisco.com from the command prompt (see Part 1)
rather than from the online website? (Your results may vary depending upon where you are located
geographically, and which ISP is providing connectivity to your school.)
____________________________________________________________________________________
____________________________________________________________________________________
The tracert from the command prompt in Part 1 ended up at a server in Cambridge, Massachusetts. The
traceroute from the website in the Netherlands went to a mirror server in the Netherlands. The domain
cisco.com is hosted on many websites or mirrors throughout the world. This is done so that access time
to the site will be fast from anywhere in the world.
Compare the tracert from Part 1 that goes to Africa with the tracert that goes to Africa from the web
interface. What difference do you notice?
____________________________________________________________________________________
____________________________________________________________________________________
The route across Europe is on a different ISP. Make the point with students that there is not a single
backbone to the Internet. Rather there are many backbones to the Internet. They all connect at Peering
Points. Performance on the network on one ISP could be very different than performance on the network
with a different ISP.
Some of the traceroutes have the abbreviation asymm in them. Any guesses as to what this means?
What is its significance?
____________________________________________________________________________________
____________________________________________________________________________________
This is an abbreviation for asymmetric. It means that the test packet took one path to reach the
destination, and a different path to return by. Imagine someone driving from their home to New York City.
On the way to New York City, they noticed that the highway was congested and traffic was slow. They
might decide to come home by a different or asymmetric path.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 14
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 14
Step 2: List the path to www.cisco.com using the web-based tool on subnetonline.com.
141.138.203.105 > 141.138.203.1 > 79.170.92.19 > 19.239.116.226
Reflection
Having now viewed traceroute through three different tools (tracert, web interface, and VisualRoute), are
there any insights that using VisualRoute provided that the other two tools did not?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary. One possible insight is that VisualRoute highlights graphically the amount of time it takes to
travel between hops on the internet. By highlighting in yellow and red slower times, it becomes more obvious
that there are network issues along these links.
Appendix A
C:\> tracert www.cisco.com
Tracing route to e144.dscb.akamaiedge.net [23.1.144.170]
over a maximum of 30 hops:
1
<1 ms
<1
2
38 ms
38
3
37 ms
37
[130.81.196.190]
4
43 ms
43
[130.81.22.46]
5
43 ms
43
6
45 ms
45
7
46 ms
48
8
45 ms
45
[23.1.144.170]
ms
ms
ms
<1 ms
37 ms
37 ms
dslrouter.westell.com [192.168.1.1]
10.18.20.1
G3-0-9-2204.ALBYNY-LCR-02.verizon-gni.net
ms
42 ms
so-5-1-1-0.NY325-BB-RTR2.verizon-gni.net
ms
ms
ms
ms
65
45
46
45
0.so-4-0-2.XT2.NYC4.ALTER.NET [152.63.1.57]
0.so-3-2-0.XL4.EWR6.ALTER.NET [152.63.17.109]
TenGigE0-5-0-0.GW8.EWR6.ALTER.NET [152.63.21.14]
a23-1-144-170.deploy.akamaitechnologies.com
ms
ms
ms
ms
Trace complete.
C:\> tracert www.afrinic.net
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 14
ms
ms
ms
<1 ms
37 ms
39 ms
dslrouter.westell.com [192.168.1.1]
10.18.20.1
G4-0-0-2204.ALBYNY-LCR-02.verizon-gni.net
ms
43 ms
so-5-1-1-0.NY325-BB-RTR2.verizon-gni.net
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
42
43
47
43
51
132
140
152
146
150
150
156
160
341
332
331
318
332
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
0.so-4-0-0.XT2.NYC4.ALTER.NET [152.63.9.249]
0.ae4.BR3.NYC4.ALTER.NET [152.63.16.185]
te-7-3-0.edge2.NewYork2.level3.net [4.68.111.137]
vlan51.ebr1.NewYork2.Level3.net [4.69.138.222]
ae-3-3.ebr2.Washington1.Level3.net [4.69.132.89]
ae-42-42.ebr2.Paris1.Level3.net [4.69.137.53]
ae-46-46.ebr1.Frankfurt1.Level3.net [4.69.143.137]
ae-91-91.csw4.Frankfurt1.Level3.net [4.69.140.14]
ae-92-92.ebr2.Frankfurt1.Level3.net [4.69.140.29]
ae-23-23.ebr2.London1.Level3.net [4.69.148.193]
ae-58-223.csw2.London1.Level3.net [4.69.153.138]
ae-227-3603.edge3.London1.Level3.net [4.69.166.154]
195.50.124.34
168.209.201.74
csw4-pkl-gi1-1.ip.isnet.net [196.26.0.101]
196.37.155.180
fa1-0-1.ar02.jnb.afrinic.net [196.216.3.132]
196.216.2.136
Trace complete.
C:\> tracert www.lacnic.net
Tracing route to lacnic.net [200.3.14.10]
over a maximum of 30 hops:
1
<1 ms
<1
2
38 ms
37
3
37 ms
38
[130.81.196.190]
4
43 ms
42
[130.81.22.46]
5
46 ms
75
6
43 ms
43
7
178 ms
182
8
172 ms
180
9
177 ms
ms
ms
ms
<1 ms
37 ms
40 ms
dslrouter.westell.com [192.168.1.1]
10.18.20.1
G3-0-9-2204.ALBYNY-LCR-02.verizon-gni.net
ms
43 ms
so-5-1-1-0.NY325-BB-RTR2.verizon-gni.net
ms
ms
ms
ms
172 ms
46
43
178
182
ms
ms
ms
ms
0.ae2.BR3.NYC4.ALTER.NET [152.63.16.49]
204.255.168.194
ge-1-1-0.100.gw1.gc.registro.br [159.63.48.38]
xe-5-0-1-0.core1.gc.registro.br [200.160.0.174]
181 ms
xe-4-0-0-0.core2.nu.registro.br [200.160.0.164]
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 14
173
184
180
182
ms
ms
ms
ms
180
183
179
180
ms
ms
ms
ms
176
180
180
180
ms
ms
ms
ms
ae0-0.ar3.nu.registro.br [200.160.0.249]
gw02.lacnic.registro.br [200.160.0.213]
200.3.12.36
www.lacnic.net [200.3.14.10]
Trace complete.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 14
Objectives
Part 1: Research Job Opportunities
Background / Scenario
Jobs in Information Technology (IT) and computer networking continue to grow. Most employers require some
form of industry standard certification, degree, or other qualifications from their potential employees,
especially those with limited experience. The Cisco CCNA certification is a known and established entry level
networking certification that is respected in the industry. There are additional levels and kinds of Cisco
certifications that one can attain, and each certification may enhance employment opportunities as well as
salary range.
In this lab, you will do some targeted job searching on the web, to find what types of IT and computer
networking jobs are available; what kinds of skills and certifications you will need; and the salary ranges
associated with the various job titles.
Required Resources
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 6
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 6
c.
Now focus your search by adding terms to the keywords field box. Try terms like Cisco CCNA, CCNP,
CCNA Security, CCNA Voice, etc.
d. Now try refining your search by adding in different geographical locations. Did you find jobs in the
locations you entered?
____________________________________________________________________________________
Answers will vary.
e. Try searching a different website. Go to http://salary.com and click the Job Search menu bar button.
Note: For salary listings outside of the US, use the following link to search for your country:
http://www.payscale.com/rccountries.aspx
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 6
f.
Now add a search term like Information Technology to the job title field box and click Submit.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 6
h. Spend some time searching for jobs and looking through the search results. Take note of what skills are
required for different job titles and the range of starting salaries.
Did you find any jobs that you previously did not know existed? If so, what were they?
____________________________________________________________________________________
____________________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 6
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 6
Objectives
Identify the common components of a network.
Students will illustrate how concepts from Chapter 1 are applied to show how network devices connect to
and throughout the Internet. After reflecting on their home or small-business topology, students will
become familiar with using the device icons and knowledge needed to visualize network connectivity
through the remaining network courses.
Background / Scenario
In this activity, you will use the knowledge you have acquired throughout Chapter 1, and the modeling activity
document that you prepared at the beginning of this chapter. You may also refer to the other activities
completed in this chapter, including Packet Tracer activities.
Draw a map of the Internet as you see it now. Use the icons presented in the chapter for media, end devices,
and intermediary devices.
In your revised drawing, you may wish to include some of the following:
WANs
LANs
Cloud computing
Save your drawing in hard-copy format. If it is an electronic document, save it to a server location provided by
your instructor. Be prepared to share and explain your revised work in class.
Instructor Note: This Modeling Activity may be selected as a graded assignment, because its purpose is to
validate the learning gained in Chapter 1 about:
WANs
LANs
Cloud computing
Required Resources
Reflection
1. After completing Chapter 1, are you more aware of the devices, cabling, and physical components of a smallto-medium size network? Explain your answer.
_______________________________________________________________________________________
(Answers will vary per student but this reflection question will generate some good class discussion and
foster community between students and the Instructor)
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
Instructor Note: This is a representative model that might be built as a result of this activity.
Devices/Equipment
Media (cabling)
Social Media Links
Sources & Destinations
Local Area Networks
Wide Area Networks
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
Objectives
Describe the command structure of Cisco IOS software
Students will recognize that text commands that are used in command line interfaces are intentionally
chosen from spoken language. Text commands are often abbreviated, or otherwise simplified in their
syntax, to keep the resulting command set concise. They may be grouped into context modes that
simplify their usage. Configuring a device using written commands is similar to giving out short orders
verbally. The commands are executed by the operating system and the actual process is performed by
the device.
Background / Scenario
Imagine that you are employed as an engineer for a car manufacturing company. The company is currently
working on a new car model. This model will have selected functions which can be controlled by the driver
giving specific voice commands.
You must design the set of commands used by this voice-activated control system.
The functions of the car that can be controlled by voice commands are:
Lights
Wipers
Radio
Telephone set
Air conditioning
Ignition
Your task is to devise a simple set of spoken commands that will be used to control these systems and
identify how they are going to be executed.
Instructor Note: This Modeling Activity is not intended to be a graded assignment. Its purpose is to help
students reflect on their perceptions of how a network is set up using voice commands (much like the IOS
command structure). Facilitation of the discussion should include student-to-student discussions of each
others work.
Required Resources
Reflection
1. How can devising a set of voice commands assist in operating a vehicle? How could these same commands
be used on a computer or network operating system?
_______________________________________________________________________________________
Some suggested answers for discussion include:
Discuss that the options for putting together a set of spoken words will constitute the command set. An
obvious choice is using simple English words as the command set. Other choices include words in
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
Talk about the students choice to make the command set direct, without hierarchy, or whether they
grouped commands according to their function. Highlight that, for example, a help command without any
further context would not be usable because it does not indicate what exactly the user needs help to.
There are two ways of providing a context to a command:
Ask students if they explicitly expressed the context with each command (for example, radio volume
up/radio volume down; phone volume up/phone volume down) which is the direct, flat approach. Or did
they introduce modes; groupings of commands that refer to a particular context and once positioned in
that context, did not have to be reemphasized., For example, after placing the instruction in the radio
mode, the commands volume up and volume down are unambiguous.
Discuss the advantages of both approaches. For a small set of commands, the direct approach is more
suitable. For a larger set of commands which may possibly grow into extensive, multi-word sentences,
using modes helps to keep the command set organized and limits the length of individual commands, and
is preferred.
How did students decide how the voice command recognition would be started so that the car did not
mistakenly interpret a casual conversation of passengers as commands? Possibilities include saying a
specific, otherwise unused word, or pressing a button on the steering wheel. Also, discuss how students
handled a system that should prompt the user to enter the voice commands, and how the user would be
informed that the spoken command was not properly understood or valid.
How did the students handle access to more safety-critical commands such as lights and ignition?)How
were these commands protected or isolated so that no inadvertent manipulation could occur?
Possibilities include saying a specific, otherwise unused word, or pressing a button on the steering wheel.
Ask students to discuss which part of the software running on the cars built-in computer would be
processing the voice commands and what software would be actually executing the commands. The
software that performs speech recognition and translates voice commands into a form the computer can
understand is the command interface used to interact with the car. However, the commands need to be
processed by the central operating software of the car that controls all its functions and orchestrates all its
systems. As an example, saying engine on involves processing the voice command in the command
interface, and then the operating system processes this command by activating the starter motor for a
certain period of time, enabling the flow of the fuel, etc., coordinating multiple systems of a car to make it
work.
Different systems of the car which can be controlled by voice commands relate to different components of
routers and switches that can be configured.
The choice of short English words or phrases as the command set relates to the general style of IOS CLI.
The mode-oriented organization of the voice command set relates to the mode-oriented IOS CLI.
Starting the voice recognition process relates to starting a CLI EXEC session by pressing Enter. Also, the
voice prompts by the car relate to the prompts on the command line.
Potentially disruptive commands, such as lights off or engine on relates to potentially disruptive IOS
commands (reload, erase flash: or delete startup-config).
The voice interface and the cars operating system relate to the IOS EXEC (the command interpreter) and
the IOS itself.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
L
Lab - Es
stablishing a Co
onsole Session
S
w
with Terra Term (Instrucctor
V
Version)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
O
Objectives
Part 1: Ac
ccess a Cisc
co Switch thrrough the Se
erial Console
e Port
Connect to a Cisco
o switch using
g a serial cons
sole cable.
Estab
blish a console
e session using a terminal emulator, su
uch as Tera T
Term.
Use show
s
commands to display
y device settings.
Config
gure the clock
k on the switc
ch.
Part 3: (O
Optional) Acc
cess a Cisco
o Router Usin
ng a Mini-US B Console C
Cable
Note: Use
ers on Netlab or other remote access eq
quipment sho
ould complete
e only Part 2.
Instructo
or Note: Both rollover and mini-USB
m
con
nsole cables a
are no longerr shipped auto
omatically witth the
newer ISR
R G2 routers, such as Cisc
co 1941, Cisc
co 2901, or Ciisco 2911. Th
hese console cables can be
purchased
d through Cis
sco Systems, Inc. or other third party ve
endors.
B
Backgroun
nd / Scenarrio
Various models
m
of Cisc
co routers and
d switches are used in netw
tworks of all tyypes. These d
devices are m
managed
using a lo
ocal console connection
c
or a remote con
nnection. Nea
arly all Cisco d
devices have a serial conssole port
to which you
y can conne
ect. Some ne
ewer models, such as the 1
1941 Integrate
ed Services R
Router (ISR) G
G2 used
in this lab, also have a USB console
e port.
In this lab
b, you will learrn how to access a Cisco device
d
via a d
direct local co nnection to th
he console po
ort, using
a terminal emulation prrogram, Tera Term. You will
w also learn how to config
gure the seria
al port settingss for the
Tera Term
m console con
nnection. Afte
er you have es
stablished a cconsole connection with th
he Cisco devicce, you
can displa
ay or configurre device settings. You will only display settings and configure the
e clock with th
his lab.
Note: The
e routers used
d with CCNA hands-on lab
bs are Cisco 1
1941 ISRs witth Cisco IOS Release 15.2
2(4)M3
(universallk9 image). The switches used
u
are Cisc
co Catalyst 29
960s with Ciscco IOS Relea
ase 15.0(2) (la
anbasek9
image). Other
O
routers, switches, and
d Cisco IOS versions
v
can be used. Dep
pending on the model and Cisco
IOS versio
on, the comm
mands availab
ble and outputt produced m ight vary from
m what is show
wn in the labss. Refer
to the Rou
uter Interface Summary Ta
able at the end of the lab fo
or the correctt interface ide
entifiers.
Note: Make sure that the switch and
d router have been erased
d and have no
o startup conffiguration. If yyou are
unsure, co
ontact your in
nstructor.
Instructo
or Note: Referr to the Instructor Lab Man
nual for the prrocedures to iinitialize and reload device
es.
P
Page 1 of 12
Required Resources
1 Router (Cisco 1941 with Cisco IOS software, release 15.2(4)M3 universal image or comparable)
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
Rollover (DB-9 to RJ-45) console cable to configure the switch or router via the RJ-45 console port
Mini-USB cable to configure the router via the USB console port
Instructor Note: If the program is not installed on the PC, Tera Term can be downloaded from the following
link by selecting Tera Term:
http://logmett.com/index.php?/download/free-downloads.html
Instructor Note: For a Microsoft Windows-based PC connecting to a Cisco IOS device with a USB cable, a
USB driver must be installed prior to use. The driver can be found on www.cisco.com with the related Cisco
IOS device. The USB driver can be downloaded from the following link:
http://www.cisco.com/cisco/software/release.html?mdfid=282774238&flowid=714&softwareid=282855122
&release=3.1&relind=AVAILABLE&rellifecycle=&reltype=latest
Instructor Note: You must have a valid Cisco Connection Online (CCO) account to download the USB driver
file.
Step 1: Connect a Cisco switch and computer using a rollover console cable.
a. Connect the rollover console cable to the RJ-45 console port of the switch.
b. Connect the other cable end to the serial COM port on the computer.
Note: Serial COM ports are no longer available on most computers today. A USB-to-DB9 adapter can be
used with the rollover console cable for console connection between the computer and a Cisco device.
These USB-to-DB9 adapters can be purchased at any computer electronics store.
Note: If using a USB-to-DB9 adapter to connect to the COM port, you may be required to install a driver
for the adapter provided by the manufacturer on your computer. To determine the COM port used by the
adapter, please see Part 3 Step 4. The correct COM port number is required to connect to the Cisco IOS
device using a terminal emulator in Step 2.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 12
L
Lab - Establis
shing a Cons
sole Session
n with Tera Term
T
c.
Powe
er up the Cisco
o switch and computer if th
hese devices are not alrea
ady on.
S
Step 2: Con
nfigure Tera
a Term to es
stablish a console
c
ses
ssion with th
he switch.
Tera Term
m is a termina
al emulation program.
p
This program allo
ows you to access the term
minal output of the
switch. It also
a
allows yo
ou to configurre the switch.
a. Start Tera
T
Term by
y clicking the Windows Sta
art button loccated in the ta
ask bar. Locatte Tera Term
m under
All Prrograms.
Note: If the program is not insta
alled on the sy
ystem, Tera T
Term can be d
downloaded ffrom the follow
wing link
by selecting Tera Term:
T
http:///logmett.com//index.php?/download/free
e-downloads.h
html
b. In the
e New Connec
ction dialog box, click the Serial
S
radio b
button. Verify that the corre
ect COM port is
selectted and click OK to continu
ue.
P
Page 3 of 12
L
Lab - Establis
shing a Cons
sole Session
n with Tera Term
T
c.
d. When
n you can see
e the terminal output, you are
a ready to cconfigure a Ciisco switch. T
The following console
example displays the
t terminal output
o
of the switch
s
while itt is loading.
P
Part 2: Display
D
an
nd Config
gure Basic Device
e Settings
s
In this sec
ction, you are introduced to
o the user and
d privileged e
executive mod
des. You will determine the
e
Internetwo
ork Operating
g System (IOS
S) version, dis
splay the clocck settings, an
nd configure tthe clock on tthe
switch.
P
Page 4 of 12
b. The clock setting is changed in the privileged EXEC mode. Enter the privileged EXEC mode by typing
enable at the user EXEC mode prompt.
Switch> enable
c.
Configure the clock setting. The question mark (?) provides help and allows you to determine the
expected input for configuring the current time, date, and year. Press Enter to complete the clock
configuration.
Switch# clock set ?
hh:mm:ss
Current Time
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 12
L
Lab - Establis
shing a Cons
sole Session
n with Tera Term
T
Switc
ch# clock set 15:08:
:00 Oct 26
6 ?
<19
993-2035>
Year
Y
Switc
ch# clock set 15:08:
:00 Oct 26
6 2012
Switc
ch#
*Oct 26 15:08:00
0.000: %SYS
S-6-CLOCKUPD
DATE: Syste
em clock has
s been updated from 00
0:31:43
UTC Mon
M
Mar 1 19
993 to 15:0
08:00 UTC Fr
ri Oct 26 2 012, config
gured from console by
conso
ole.
P
Part 3: (O
Optional)) Access a Cisco Router
R
Using a Mini-USB C
Console C
Cable
If you are using a Cisco
o 1941 routerr or other Cisc
co IOS device
es with a mini-USB consolle port, you ca
an access
e console porrt using a mini-USB cable connected
c
to the USB portt on your com
mputer.
the device
Note: The
e mini-USB co
onsole cable is the same ty
ype of mini-U
USB cables th at are used w
with other elecctronics
devices, such
s
as USB hard drives, USB
U
printers, or USB hubss. These mini-USB cables can be purch
hased
through Cisco
C
Systems
s, Inc. or othe
er third-party vendors.
v
Plea
ase verify thatt you are usin
ng a mini-USB
B cable,
not a micrro-USB cable, to connect to
t the mini-US
SB console po
ort on a Cisco
o IOS device..
Note: You
u must use either the USB port or the RJ-45
R
port, an d not both sim
multaneously. When the U
USB port
is used, it takes priority
y over the RJ--45 console port
p used in P
Part 1.
P
Page 6 of 12
L
Lab - Establis
shing a Cons
sole Session
n with Tera Term
T
S
Step 1: Set up the phy
ysical conne
ection with a mini-USB
B cable.
a. Connect the mini-U
USB cable to the mini-USB
B console port
rt of the routerr.
b. Connect the other cable end to a USB port on
o the computter.
c.
Powe
er up the Cisco
o router and computer,
c
if these devicess are not alrea
ady on.
S
Step 2: Verrify that the USB conso
ole is ready.
If you are using a Micro
osoft Window
ws-based PC and
a the USB console port LED indicato
or (labeled EN
N) does
not turn green, please install the Cis
sco USB cons
sole driver.
For a Microsoft Window
ws-based PC connecting to a Cisco IOS
S device with a USB cable
e, a USB drive
er must
be installe
ed prior to use
e. The driver can be found on www.ciscco.com with th
he related Cissco IOS devicce. The
USB drive
er can be dow
wnloaded from
m the following
g link:
http://www
w.cisco.com/c
cisco/software
e/release.htm
ml?mdfid=2827
774238&flowid=714&softw
wareid=28285
55122&rel
ease=3.1&
&relind=AVAIILABLE&relliffecycle=&relty
ype=latest
Note: You
u must have a valid Cisco Connection Online
O
(CCO) account to download this file.
Note: This
s link is relate
ed to the Cisc
co 1941 router; however, th
he USB conso
ole driver is n
not Cisco IOS
S devicemodel spe
ecific. This US
SB console driver only worrks with Cisco
o routers and switches. Th
he computer rrequires a
reboot after finishing th
he installation of the USB driver.
d
Note: Afte
er the files are
e extracted, th
he folder conttains instructiions for installation and rem
moval and ne
ecessary
drivers forr different ope
erating system
ms and architectures. Plea
ase choose th
he appropriate
e version for yyour
system.
P
Page 7 of 12
L
Lab - Establis
shing a Cons
sole Session
n with Tera Term
T
When the
e LED indicato
or for the USB
B console porrt has turned g
green, the US
SB console po
ort is ready fo
or access.
S
Step 3: (Op
ptional) Ena
able the COM
M port for the Window
ws 7 PC.
If you are using a Micro
osoft Window
ws 7 PC, you may
m need to p
perform the fo
ollowing steps to enable th
he COM
port:
a. Click the Windows
s Start icon to
o access the Control Pane
el.
b. Open the Device Manager.
M
c.
P
Page 8 of 12
L
Lab - Establis
shing a Cons
sole Session
n with Tera Term
T
d. To res
solve the issu
ue, right-click the Cisco Virtual Comm Port00 icon a
and choose U
Update Drive
er
Softw
ware.
e. Choose Browse my
m computerr for driver so
oftware.
f.
P
Page 9 of 12
L
Lab - Establis
shing a Cons
sole Session
n with Tera Term
T
g. Choose the Cisco Serial driverr and click Next.
d
driver is installed successfully. Ta
ake note of th
he port numbe
er assigned a
at the top of th
he
h. The device
windo
ow. In this sam
mple, COM 6 is used for co
ommunication
n with the rou
uter. Click Clo
ose.
Pa
age 10 of 12
L
Lab - Establis
shing a Cons
sole Session
n with Tera Term
T
S
Step 4: (Op
ptional) Dete
ermine the COM port number.
n
a. If you need to dete
ermine the CO
OM port numb
ber, open the Control Pan
nel and selectt the Device M
Manager.
Searc
ch for the Porrts (COM & LPT)
L
heading, expand it, an
nd determine the COM porrt number currrently in
use. In this example, Cisco Serrial (COM 6) was
w selected for connectio
on to the router because a Cisco
USB console
c
drive
er is in use. If you use a rollover console
e cable, or an adapter from
m a different
manufacturer, the naming conve
ention reflects
s this informa
ation.
Pa
age 11 of 12
Reflection
1. How do you prevent unauthorized personnel from accessing your Cisco device through the console port?
____________________________________________________________________________________
____________________________________________________________________________________
Physically secure the device and use password protection
2. What are the advantages and disadvantages of using the serial console connection as compared to the USB
console connection to a Cisco router or switch?
____________________________________________________________________________________
____________________________________________________________________________________
It depends on the port availability on the PC and the router or switch. If the PC has a serial port and a DB9-toRJ45 cable is available, it is generally easier to connect to the router or switch using the serial console port. If
the PC does not have a serial port, a third party USB-to-Serial adapter can be used. Cisco switches do not
have mini-USB console ports, so connecting via USB is not an option. If connecting frequently to a Cisco
router that has a Mini USB console port, this can be the most effective method once the Cisco drivers are
installed, because nearly all newer PCs have USB ports.
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 12
L
Lab - Bu
uilding a Simple
e Networrk (Instru
uctor Verrsion)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
A
Addressing
g Table
Device
D
Interface
IP Address
A
Subnet Mas
sk
Defau
ult Gateway
S1
VLAN 1
N/A
N
N/A
N/A
S2
VLAN 1
N/A
N
N/A
N/A
PC
C-A
NIC
192.16
68.1.10
2
255.255.255.0
0
N/A
PC
C-B
NIC
192.16
68.1.11
2
255.255.255.0
0
N/A
O
Objectives
Part 1: Se
et Up the Nettwork Topolo
ogy (Etherne
et only)
Cable
e a physical la
ab topology.
Part 2: Co
onfigure PC Hosts
Verify
y that PCs can
n communica
ate using the ping
p
utility.
Part 3: Co
onfigure and
d Verify Basic
c Switch Setttings
Config
gure each sw
witch with hosttname, local passwords,
p
a
and login bann
ner.
Displa
ay the running
g switch confiiguration.
Displa
ay the IOS ve
ersion for the running switc
ch.
Displa
ay the status of the interfac
ces.
P
Page 1 of 18
Background / Scenario
Networks are constructed of three major components: hosts, switches, and routers. In this lab, you will build a
simple network with two hosts and two switches. You will also configure basic settings including hostname,
local passwords, and login banner. Use show commands to display the running configuration, IOS version,
and interface status. Use the copy command to save device configurations.
You will apply IP addressing for this lab to the PCs to enable communication between these two devices. Use
the ping utility to verify connectivity.
Note: The switches used are Cisco Catalyst 2960s with Cisco IOS Release 15.0(2) (lanbasek9 image). Other
switches and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the
commands available and output produced might vary from what is shown in the labs.
Note: Make sure that the switches have been erased and have no startup configurations. Refer to Appendix A
for the procedure to initialize and reload a switch.
Required Resources
2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
2 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)
Console cables to configure the Cisco IOS devices via the console ports
Instructor Note: The Ethernet ports on the 2960 switches are autosensing and will accept either a straightthrough or a cross-over cable for all connections. If the switches used in the topology are other than the 2960
model, then it is likely that a cross-over cable will be needed to connect the two switches.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 18
L
Lab - Building a Simple Network
N
P
Part 2: Configure
C
e PC Hostts
S
Step 1: Co
onfigure static IP addre
ess informa
ation on the PCs.
a. Click the Windows
s Start icon and
a then selec
ct Control Pa
anel.
b. In the
e Network and
d Internet section, click the
e View netwo
ork status and tasks link.
Note: If the Contro
ol Panel displa
ays a list of ic
cons, click the
e drop-down o
option next to the View by: and
chang
ge this option to display by
y Category.
P
Page 3 of 18
L
Lab - Building a Simple Network
N
c.
In the
e left pane of the
t Network and
a Sharing Center
C
window
w, click the C
Change adaptter settings llink.
d. The Network
N
Conn
nections windo
ow displays the available iinterfaces on the PC. Righ
ht-click the Lo
ocal Area
Conn
nection interfa
ace and selec
ct Properties
s.
P
Page 4 of 18
L
Lab - Building a Simple Network
N
e. Selec
ct the Internett Protocol Ve
ersion 4 (TCP
P/IPv4) option
n and then click Propertie
es.
P
Page 5 of 18
L
Lab - Building a Simple Network
N
f.
S
Step 2: Verify PC setttings and co
onnectivity..
Use the command prom
mpt (cmd.exe
e) window to verify the PC
C settings and connectivity..
a. From PC-A, click th
he Windows Start icon, ty
ype cmd in th
he Search pro
ograms and files box, and then
press Enter.
P
Page 6 of 18
L
Lab - Building a Simple Network
N
b. The cmd.exe
c
windo
ow is where you
y can enterr commands d
directly to the
e PC and view
w the results o
of those
comm
mands. Verify your PC settiings by using the ipconfig
g /all comman
nd. This comm
mand displayss the PC
hostname and the IPv4 address
s information.
c.
P
Page 7 of 18
Switch(config)#
The prompt changed to reflect global configuration mode.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 18
S1#
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 18
Step 10: Display the IOS version and other useful switch information.
Use the show version command to display the IOS version that the switch is running, along with other useful
information. Again, you will need to use the spacebar to advance through the displayed information.
S1# show version
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sat 28-Jul-12 00:29 by prod_rel_team
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(53r)SEY3, RELEASE SOFTWARE
(fc1)
S1 uptime is 1 hour, 38 minutes
System returned to ROM by power-on
System image file is "flash:/c2960-lanbasek9-mz.150-2.SE.bin"
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 18
SW Version
---------15.0(2)SE
SW Image
---------C2960-LANBASEK9-M
Step 11: Display the status of the connected interfaces on the switch.
To check the status of the connected interfaces, use the show ip interface brief command. Press the
spacebar to advance to the end of the list.
S1# show ip interface brief
Interface
Vlan1
FastEthernet0/1
FastEthernet0/2
FastEthernet0/3
IP-Address
unassigned
unassigned
unassigned
unassigned
OK?
YES
YES
YES
YES
Method
unset
unset
unset
unset
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Status
up
up
down
down
Protocol
up
up
down
down
Page 11 of 18
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
down
down
up
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
up
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
Step 13: Record the interface status for the following interfaces.
S1
Interface
Status
S2
Protocol
Status
Protocol
F0/1
Up
Up
Up
Up
F0/6
Up
Up
Down
Down
F0/18
Down
Down
Up
Up
VLAN 1
Up
Up
Up
Up
Why are some FastEthernet ports on the switches are up and others are down?
_______________________________________________________________________________________
_______________________________________________________________________________________
The FastEthernet ports are up when cables are connected to the ports unless they were manually shutdown
by the administrators. Otherwise, the ports would be down.
Reflection
What could prevent a ping from being sent between the PCs?
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 18
Step 2: Determine if there have been any virtual local-area networks (VLANs) created.
Use the show flash command to determine if any VLANs have been created on the switch.
Switch# show flash
Directory of flash:/
2
3
4
5
6
-rwx
-rwx
-rwx
-rwx
-rwx
1919
1632
13336
11607161
616
Mar
Mar
Mar
Mar
Mar
1
1
1
1
1
1993
1993
1993
1993
1993
00:06:33
00:06:33
00:06:33
02:37:06
00:07:13
+00:00
+00:00
+00:00
+00:00
+00:00
private-config.text
config.text
multiple-fs
c2960-lanbasek9-mz.150-2.SE.bin
vlan.dat
You will be prompted to verify the file name. At this point, you can change the file name or just press
Enter if you have entered the name correctly.
b. When you are prompted to delete this file, press Enter to confirm the deletion. (Pressing any other key will
abort the deletion.)
Delete flash:/vlan.dat? [confirm]
Switch#
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 18
Note: You may receive a prompt to save the running configuration prior to reloading the switch. Type no
and press Enter.
System configuration has been modified. Save? [yes/no]: no
Device Configs
Switch S1 (complete)
S1#sh run
Building configuration...
Current configuration : 1514 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 18
FastEthernet0/1
FastEthernet0/2
FastEthernet0/3
FastEthernet0/4
FastEthernet0/5
FastEthernet0/6
FastEthernet0/7
FastEthernet0/8
FastEthernet0/9
FastEthernet0/10
FastEthernet0/11
FastEthernet0/12
FastEthernet0/13
FastEthernet0/14
FastEthernet0/15
FastEthernet0/16
FastEthernet0/17
FastEthernet0/18
FastEthernet0/19
FastEthernet0/20
FastEthernet0/21
FastEthernet0/22
FastEthernet0/23
FastEthernet0/24
GigabitEthernet0/1
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 18
Switch S2 (complete)
S2#sh run
Building configuration...
*Mar 1 03:20:01.648: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1514 bytes
!
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S2
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
no ip domain-lookup
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 18
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 18
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 18 of 18
L
Lab - Co
onfigurin
ng a Switch Man
nageme
ent Addrress (Insstructor
V
Version)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
A
Addressing
g Table
Device
D
Interface
IP Address
A
Subnet Mas
sk
Defau
ult Gateway
S1
VLAN 1
192.16
68.1.2
2
255.255.255.0
0
N/A
PC
C-A
NIC
192.16
68.1.10
2
255.255.255.0
0
N/A
O
Objectives
Part 1: Co
onfigure a Basic Network
k Device
Cable
e the network as shown in the topology.
Config
gure basic sw
witch settings including hos
stname, mana
agement address, and Telnet access.
Config
gure an IP ad
ddress on the PC.
Part 2: Ve
erify and Tes
st Network Connectivity
C
Displa
ay device con
nfiguration.
Test end-to-end
e
co
onnectivity witth ping.
Test remote
r
manag
gement capability with Telnet.
B
Backgroun
nd / Scenarrio
Cisco switches have a special interfface, known as
a a switch vi rtual interface
e (SVI). The S
SVI can be co
onfigured
with an IP
P address, com
mmonly referrred to as the managementt address tha
at is used for rremote accesss to the
switch to display
d
or con
nfigure setting
gs.
In this lab
b, you will build a simple ne
etwork using Ethernet
E
LAN
N cabling and access a Cissco switch using the
console and
a remote ac
ccess method
ds. You will co
onfigure basicc switch settin
ngs and IP ad
ddressing, and
d
demonstra
ate the use of a managem
ment IP addres
ss for remote switch mana
agement. The topology con
nsists of
one switch and one ho
ost using only Ethernet and
d console portts.
Note: The
e switches used are Cisco Catalyst 2960s with Cisco
o IOS Release
e 15.0(2) (lan
nbasek9 imag
ge). Other
switches and
a Cisco IOS
S versions ca
an be used. Depending
D
on the model an
nd Cisco IOS version, the available
command
ds and output produced might vary from
m what is show
wn in the labss.
Note: Make sure that the switch has
s been erased
d and has no startup configuration. If yo
ou are unsure
e, contact
your instru
uctor.
P
Page 1 of 10
Required Resources
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
Console cables to configure the Cisco IOS devices via the console ports
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 10
Enter global configuration mode to set the SVI IP address to allow remote switch management.
S1# config t
S1#(config)# interface vlan 1
S1(config-if)# ip address 192.168.1.2 255.255.255.0
S1(config-if)# no shut
S1(config-if)# exit
S1(config)#
j.
Restrict console port access. The default configuration is to allow all console connections with no
password needed.
S1(config)# line
S1(config-line)#
S1(config-line)#
S1(config-line)#
S1(config)#
k.
con 0
password cisco
login
exit
Configure the virtual terminal (VTY) line for the switch to allow Telnet access. If you do not configure a
VTY password, you will not be able to Telnet to the switch.
S1(config)# line vty 0 4
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# end
S1#
*Mar 1 00:06:11.590: %SYS-5-CONFIG_I: Configured from console by console
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 10
b. Verify the status of your SVI management interface. Your VLAN 1 interface should be up/up and have an
IP address assigned. Notice that switch port F0/6 is also up because PC-A is connected to it. Because all
switch ports are initially in VLAN 1, by default, you can communicate with the switch using the IP address
you configured for VLAN 1.
S1# show ip interface brief
Interface
Vlan1
FastEthernet0/1
FastEthernet0/2
FastEthernet0/3
FastEthernet0/4
FastEthernet0/5
FastEthernet0/6
IP-Address
192.168.1.2
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
OK?
YES
YES
YES
YES
YES
YES
YES
Method
manual
unset
unset
unset
unset
unset
unset
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Status
up
down
down
down
down
down
up
Protocol
up
down
down
down
down
down
up
Page 5 of 10
L
Lab - Configu
uring a Switc
ch Managem
ment Address
s
FastE
Ethernet0/7
FastE
Ethernet0/8
FastE
Ethernet0/9
FastE
Ethernet0/10
0
FastE
Ethernet0/11
1
FastE
Ethernet0/12
2
FastE
Ethernet0/13
3
FastE
Ethernet0/14
4
FastE
Ethernet0/15
5
FastE
Ethernet0/16
6
FastE
Ethernet0/17
7
FastE
Ethernet0/18
8
FastE
Ethernet0/19
9
FastE
Ethernet0/20
0
FastE
Ethernet0/21
1
FastE
Ethernet0/22
2
FastE
Ethernet0/23
3
FastE
Ethernet0/24
4
Gigab
bitEthernet0
0/1
Gigab
bitEthernet0
0/2
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
una
assigned
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
unse
et
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
et
unse
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
S
Step 2: Tes
st end-to-en
nd connectiv
vity.
Open a co
ommand prom
mpt window (c
cmd.exe) on PC-A by clickking the Wind
dows Start iccon and enter cmd into
the Searc
ch for progra
ams and files
s field. Verify the
t IP addresss of PC-A byy using the ipc
config /all co
ommand.
This comm
mand displays the PC hostname and th
he IPv4 addre
ess informatio
on. Ping PC-A
As own addre
ess and
the manag
gement addre
ess of S1.
a. Ping your
y
own PC--A address firrst.
C:\Us
sers\NetAc
cad> ping 192.168.1.
1
10
Your output should
d be similar to
o the following
g screen:
P
Page 6 of 10
L
Lab - Configu
uring a Switc
ch Managem
ment Address
s
b. Ping the
t SVI mana
agement addrress of S1.
C:\Us
sers\NetAc
cad> ping 192.168.1.
1
2
Your output should
d be similar to
o the following
g screen. If pi ng results are
e not successsful, troublesh
hoot the
basic device config
gurations. You
u should chec
ck both the ph
hysical cablin
ng and IP add
dressing, if ne
ecessary.
S
Step 3: Tes
st and verify
y remote ma
anagement of S1.
You will now use Telne
et to remotely
y access the switch
s
S1 usin
ng the SVI ma
anagement address. In this lab,
PC-A and
d S1 reside sid
de by side. In
n a production
n network, the
e switch could
d be in a wirin
ng closet on th
he top
floor while
e your manag
gement PC is located on th
he ground floo
or. Telnet is n
not a secure p
protocol. However, you
will use it in this lab to test remote access.
a
All info
ormation sen t by Telnet, in
ncluding passswords and
command
ds, is sent acrross the sessiion in plain te
ext. In subseq uent labs, yo u will use Seccure Shell (SS
SH) to
remotely access
a
netwo
ork devices.
Note: Win
ndows 7 does
s not natively support Telne
et. The admin
nistrator mustt enable this p
protocol. To in
nstall the
Telnet clie
ent, open a co
ommand prom
mpt window and
a type pkgm
mgr /iu:T
TelnetClien
nt.
C:\Us
sers\NetAc
cad> pkgmgr
r /iu:Tel
lnetClient
a. With the
t command
d prompt wind
dow still open on PC-A, isssue a Telnet ccommand to cconnect to S1 via the
SVI management
m
address.
a
The password is cisco.
C:\Us
sers\NetAc
cad> telnet
t 192.168.1.2
Your output should
d be similar to
o the following
g screen:
P
Page 7 of 10
L
Lab - Configu
uring a Switc
ch Managem
ment Address
s
S
Step 4: Sav
ve the configuration file.
a. From your Telnet session,
s
issue
e the copy ru
un start comm
mand at the p
prompt.
c
run start
s
S1# copy
Desti
ination fi
ilename [st
tartup-con
nfig]? [Ent
ter]
Build
ding confi
iguration ..
.
S1#
d to the Wind
he Telnet ses
ssion by typing
g quit. You will
w be returned
dows 7 comm
mand prompt.
b. Exit th
R
Reflection
Why mustt you use a co
onsole conne
ection to initiallly configure tthe switch? W
Why not conne
ect to the swittch via
Telnet or SSH?
________
___________
____________
___________
___________
____________
____________
___________
________
No IP add
dressing parameters are co
onfigured yet.. A switch firsst placed into service has n
no networking
g
configured
d.
D
Device Con
nfigs
S
Switch S1(Complete))
S
S1#show run
n
B
Building co
onfigurati
ion...
!
C
Current con
nfiguratio
on : 1508 bytes
b
!
v
version 15.
.0
P
Page 8 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 10
Objectives
Configure initial settings on a network device using the Cisco IOS software.
Students will use and reinforce their knowledge of Cisco IOS CLI by explaining it to other students They
will look for different ways to explain the meaning of individual commands. Students will find the optimal
grouping of commands to be used when configuring a device in order to minimize the necessary count of
mode changes when configuring.
Background / Scenario
(Students will work in pairs. Packet Tracer is required to be used with this activity.)
Assume that a new colleague has asked you for an orientation to the Cisco IOS CLI. This colleague has
never worked with Cisco devices before.
You explain the basic CLI commands and structure, because you want your colleague to understand that the
CLI is a simple, yet powerful, command language that can be easily understood and navigated.
Use Packet Tracer and one of the activities available in this chapter as a simple network model (for example,
Lab Activity 2.3.3.5 LAB Configuring a Switch Management Address). Focus on these areas:
While the commands are technical, do they resemble any statements from plain English?
How is the set of commands organized into subgroups or modes? How does an administrator know
which mode he or she is currently using?
What are the individual commands to configure the basic settings of a Cisco device? How would you
explain this command in laymens terms? Use parallels to real life whenever appropriate.
Suggest how to group different commands together according to their modes so that a minimum number of
moves between modes will be needed.
Instructor notes: This Modeling Activity may be used as a graded assignment. However, its purpose is to
help students reflect on the knowledge acquired from Chapter 2, focusing on how the Cisco IOS is used
directly to configure intermediary devices. Instructor facilitation of the discussion should encourage student-tostudent discussions of each others work.
Required Resources
Packet Tracer
Reflection
1. After completing Chapter 2, do you feel as though you have a concrete understanding of what the Cisco IOS
does and how it operates? What were some of the difficulties you encountered when explaining the basic CLI
commands and structure to your colleague? If you were the new colleague, what would be some of the
difficulties that you would have learning the basic CLI commands and structure?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
2. Answer the following questions, and discuss your answers with the entire class:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 4
Tutor me!
a) While the commands are technical, do they resemble any statements from plain English?
b) How is the set of commands organized into subgroups or modes? How does an administrator know
which mode he or she is currently using?
c) What are the individual commands to configure the basic settings of a Cisco device? How would you
explain this command in laymens terms? Use parallels to real life whenever appropriate.
d) With the help of your colleague, try to suggest how to group different commands together according
to their modes so that a minimum number of moves between modes will be needed.
(Answers will vary (represented below are Chapter 2 content-based variations):
a) While the commands are technical, do they resemble any statements from plain English?
Absolutely. Keywords like enable, password, banner, address, shutdown are ordinary words whose
meaning in CLI is appropriately adapted but still carrying a strong relevancy to their common usage.
b) How is the set of commands organized into subgroups, or modes? How does an administrator know
which mode is he/she using currently?
First, the level of access to CLI can either be a user (user EXEC) level, or an administrator level
(privileged EXEC). From the administrator level, the configuration mode can be accessed that is
internally divided into global configuration mode, line configuration mode, interface configuration
mode and other modes as necessary. The administrator is informed about the current mode in the
prompt where the > symbol represents user access level, # represents administrator access level,
and optional keywords in parentheses designate the configuration mode and possible submodes.
c) What are the individual commands to access and configure the basic settings of a Cisco device? How
would you explain these commands in layman terms? Use parallels to real life whenever appropriate.
enable become empowered to complete control over a device
configure terminal Start the configuration editor, accepting changes from the terminal
hostname Assign a name to a device
service password-encryption Causes the device to obscure all entered passwords in the
configuration so that they cannot be eavesdropped
line con 0 Enter the configuration of the line, or the socket, labeled with CONSOLE 0 on the
device and used to manage the device
line vty 0 4 Enter the configuration of 5 virtual sockets that allow managing the device remotely,
through the network
password Set up a password to be used when accessing the device
login Protect the access using a login procedure requiring a password defined used the password
command
exit Leave the current mode and exit to the higher placed mode.
enable secret The secret phrase which protects the usage of the enable command
banner The message displayed to a user that tries to access the device
interface Vlan 1 enter the configuration mode of the interface called Vlan1
description Assign a textual comment to an interface to help the administrator know what is the
purpose and location of the interface
ip address Assign a numerical IP address to an interface
no shutdown Removes the shutdown command and thereby making an interface active
end Exit the configuration editor
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
Tutor me!
Moving through the configuration and making changes to the device settings is like navigating in a
maze. Each configuration mode is like a chamber in a maze. Even if you know the map of the maze,
you may still move through the maze in a disorganized way, possibly never finding a way out.
Similarly, even if you know the meaning of individual commands and the modes in which they are
located, the way you move through these modes when configuring a device depends mostly on you.
d) With the help of your colleague, try to suggest how to group different commands together according
to their modes so that a minimum number of moves between modes is needed.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
Tutor me!
service password-encryption
line vty 0 4
password 5ecr3tP4ssw0rd
exit
banner login ^
Access to this device permitted only to authorized personnel!
^
line con 0
login
exit
interface Vlan 1
ip address 192.0.2.11 255.255.255.0
exit
line vty 0 4
login
exit
enable secret V3ry5ecr3tP4ssw0rd
interface Vlan 1
no shutdown
end
(Note that while both configurations lead to the same resulting set of settings, the second configuration is
slightly larger (because of repetitive entering individual modes again and again) and is very difficult to follow
because the flow of commands is practically random and does not follow their logical sequence and modal
commonality Instructor)
Commands
Modes
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
Objectives
Explain the role of protocols and standards organizations in facilitating interoperability in network
communications.
Students will determine ways to communicate when standards are not present or agreed upon. They will
also resolve a communication issue by establishing standards for communication.
Background / Scenario
You have just purchased a new automobile for your personal use. After driving the car for a week or so, you
find that it is not working correctly.
After discussing the problem with several of your peers, you decide to take it to an automotive repair facility
that they recommended highly. It is the only repair facility located in close proximity to you.
When you arrive at the repair facility, you find that all of the mechanics speak another language. You are
having difficulty explaining the automobiles performance problems, but the repairs really need to be done.
You are not sure you can drive it back home to research other options.
You must find a way to work with the repair facility to ensure your automobile is fixed correctly.
How will you communicate with the mechanics in this firm? Design a communications model to ensure that
the car is properly repaired.
Instructor Note: This Modeling Activity is not intended to be a graded assignment. Its purpose is to
encourage students to reflect on their perceptions of how a communications system facilitates the transfer of
data from source to destination (personally and in corporate practice). Discussion should be initiated as a
result of this activity.
Reflection
1. What steps did you identify as important to communicating your repair request? Justify your answer.
_______________________________________________________________________________________
To resolve this issue, some steps might include:
Establishing a language for communication (could be voice, written, or kinesthetic/physical).
Very carefully (in small steps), explaining the problem experienced with the automobile (again, voice,
written/pictures, or kinesthetic/physical representations).
Asking the mechanic to confirm his/her understanding of the problem.
Waiting for the repair to be done.
Driving the automobile to ensure repairs were successful.
Closing the meeting by paying for the repairs and thanking the mechanic.
Dividing the message into small steps to facilitate understanding of the problem to be solved a little at a
time (Transfer protocol).
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
Checking to see if the message has been delivered and correctly understood to the mechanic who will be
performing the repairs. (Internet protocol)
Delivery of automobile and wait time for repairs (Network Access protocol)
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
Objectives
Part 1: Research Networking Standards Organizations
Gather information about the major networking standards organizations by going on a web surfing
treasure hunt.
Reflect on how the various networking standards organizations enhance our experience of the Internet
and computer networking.
Background / Scenario
Using web search engines like Google, research the non-profit organizations that are responsible for
establishing international standards for the Internet and the development of Internet technologies.
Required Resources
Device with Internet access
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 4
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
L
Lab - Re
esearchiing RFC
Cs (Instru
uctor Verrsion)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
O
Objectives
Part 1: RF
FC Editor
Navig
gate to the RF
FC Editor.
Searc
ch for RFCs using
u
keyword
ds.
Find RFCs
R
by statu
us.
Searc
ch for humoro
ous RFCs.
Part 2: Pu
ublishing RF
FCs
B
Backgroun
nd / Scenarrio
Request for
f Comments
s (RFCs) were created by Steve Crocke
er to help reco
ord notes on developmentt of
Advanced
d Research Projects Agenc
cy Network (A
ARPANET) in
n 1969 and evventually evolved into an official
collection of memorand
dum that desc
cribes topics that are main
nly related to tthe Internet a
and the TCP/IP
protocol suite.
s
Today th
he RFCs are managed by the IETF. Th ere are curre
ently over 6,00
00 RFCs, and
d the
complete list is availab
ble at http://ww
ww.ietf.org/do
ownload/rfc-in
ndex.txt.
In this lab
b, you will learrn how an RFC is publishe
ed today by IE
ETF. Additiona
ally, you will a
also identify a few wellknown RF
FCs that are used
u
in your network.
n
You can also find a few non-te
echnical RFCss that can pro
ovide
informatio
on or engineering humor.
R
Required Resources
R
Device with Internet ac
ccess
P
Part 1: RFC
R
Edito
or
RFCs started as a colle
ection of mem
morandum on the developm
ment of the firrst Internet (A
ARPANET). In
n this
collection, only a few RFCs
R
are considered as Internet standa
ards. Most of tthe RFCs desscribe experim
mental
protocols.. Some of the RFCs are on
nly informational. The main
n purpose of R
RFCs is to stiimulate comm
ment and
discussion
n.
S
Step 1: Na
avigate to th
he RFC Edittor.
All the published RFCs
s are available
e for access at
a http://www..rfc-editor.org
g. The RFC Editor is an RF
FC
repository
y maintained by
b the IETF.
At the top
p banner of this page, you can
c click any of the links, a
and these linkks direct you tto the differen
nt
searches,, databases, and
a informatio
on. A link to IETF HOME iss also include
ed within this blue banner.
After an RFC
R
is located
d, you have access
a
to the full text of the
e document.
Page 1 of 6
L
Lab - Researching RFCs
S
Step 2: Search for RF
FCs using keywords.
a. Open a browser an
nd navigate to
o http://www.rrfc-editor.org.. On the RFC Editor Home
epage, you ca
an search
and re
etrieve RFCs and other infformation rela
ated to the Intternet.
Page 2 of 6
L
Lab - Researching RFCs
b. In the
e Finding and
d Retrieving RFCs, etc. pane, these lin
nks can help yyou search fo
or RFCs using
g different
metho
ods. The Search for an RF
FC and its meta-data
m
linkk displays a lisst of RFCs aft
fter inputting yyour
searc
ch parameters
s, such as num
mber, author, title, or keyw
word. The worrd, pop, is used in the follo
owing
example.
Page 3 of 6
L
Lab - Researching RFCs
S
Step 3: Fin
nd RFCs by status.
To find a list of RFCs that are eitherr Internet Stan
ndards (STD)) or by their sttatus, perform
m the following tasks:
a. Navig
gate back to th
he RFC Edito
or Homepage.
b. Click the Official In
nternet Proto
ocol Standarrd RFCs link in the left column. You will find a list of official
standard RFCs folllowed by othe
er RFC status
s lists. Each R
RFC link leadss to the full R
RFC text.
S
Step 4: Search for humorous RF
FCs.
Engineering humor can
n also be foun
nd in the RFC
Cs, such as R
RFC 1300 (Re
emembrancess of Things Pa
ast). An
earch engine can be used to find inform
mation on RFC
Cs.
Internet se
a. Searc
ch the Interne
et for enginee
ering humor rffc to see mo re examples of whimsical RFCs. What did you
find?
_____
___________
___________
____________
___________
___________
____________
____________
________
Answ
wers will vary but
b can includ
de: Wiki entrie
es, referencess to the IETFs tradition of releasing hum
morous
RFCs
s on April Foo
ols day and otther specific humorous
h
RF
FCs.
b. Searc
ch for RFC 27
795. What is the
t subject of this RFC? __
___________
___________
____________
_______
The In
nfinite Monke
ey Protocol Su
uite (IMPS).
What company doe
es the authorr of this RFC work
w
for? ___
___________
____________
___________
________
Monk
keySeeDoo, In
nc.
Page 4 of 6
L
Lab - Researching RFCs
P
Part 2: Publishing
P
g RFCs
The late Dr.
D Jonathan Postel mainta
ained and managed the arcchiving of RF
FCs for 28 yea
ars (RFC 246
68).
Today, RF
FCs are a collection of doc
cuments published and ma
anaged by IET
TF. IETF is a large, open,
internation
nal communitty of network designers, op
perators, vend
dors, and ressearchers rela
ated to the Intternet and
the Internet protocol su
uite.
Anyone ca
an submit a proposal
p
to the RFC Editorr for possible publication. T
The proposal is initially pub
blished as
an Interne
et-Draft (I-D). After review by the community and if it is approved b
ditor, it will en
nter the
by an RFC Ed
same pub
blishing proce
ess as IETF su
ubmission. Fo
or more detai ls regarding independent ssubmission, ssee
http://www
w.rfc-editor.orrg/indsubs.htm
ml.
For propo
osals that may
y become Inte
ernet Standarrd or Best Currrent Practice
e and some E
Experimental o
or
Informatio
onal RFCs, these submissiions are publiished as Interrnet-Drafts. T
The Internet-D
Drafts are mad
de
available for informal re
eview and comments. The
e Internet-Dra fts have no fo
ormal status, and they are subject
e or removal at
a any time. They
T
can be fo
ound at http:///www.rfc-edittor.org/.
to change
a. Navig
gate to http://w
www.rfc-editor.org.
b. Click I-D SEARCH
H at the top of the Homepag
ge, and then click SEARC
CH. This will d
display a list o
of the
curren
nt Internet-Drrafts.
Page 5 of 6
Reflection
1. Why are RFCs important for Internet standards and history?
_______________________________________________________________________________________
Because published RFCs are never modified, they provide a written record of the evolution of the Internet
standards and practices. See RFC 2026, The Internet Standards Process, Revision 3 for more information
regarding RFCs and the RFC process.
2. What are the advantages of RFCs as a collaborative effort?
_______________________________________________________________________________________
Any individual may contribute to the development of the Internet. The information in the RFCs is not owned
exclusively by any company; therefore, equipment from different company is more likely to work together.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 6
L
Lab - Us
sing Wireshark to
t View Network
k Traffic
c (Instrucctor Verssion)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
O
Objectives
Part 1: (O
Optional) Dow
wnload and Install
I
Wireshark
Part 2: Ca
apture and Analyze
A
Loca
al ICMP Data in Wiresharrk
Part 3: Ca
apture and Analyze
A
Remote ICMP Da
ata in Wiresh
hark
Expla
ain why MAC addresses for remote hostts are differen
nt than the MA
AC addressess of local hossts.
B
Backgroun
nd / Scenarrio
Wireshark
k is a software
e protocol ana
alyzer, or "pa
acket sniffer" a
application, used for netwo
ork troublesho
ooting,
As data strea
analysis, software
s
and protocol deve
elopment, and education. A
ams travel back and forth o
over the
network, the
t sniffer "ca
aptures" each protocol data
a unit (PDU) a
and can deco
ode and analyyze its conten
nt
according
g to the appropriate RFC or other speciffications.
Wireshark
k is a useful to
ool for anyone
e working with networks a nd can be used with most labs in the CCNA
ading and insstalling
courses fo
or data analys
sis and troublleshooting. Th
his lab provid
des instruction
ns for downloa
Wireshark
k, although it may already be installed. In
I this lab, yo
ou will use Wirreshark to capture ICMP d
data
packet IP addresses and Ethernet frrame MAC ad
ddresses.
P
Page 1 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
R
Required Resources
R
Additional PC(s) on
n a local-area
a network (LA
AN) will be use
ed to reply to ping requestts.
Instructo
or Note: This lab
l assumes that the stude
ent is using a PC with Inte
ernet access a
and can ping other
PCs on th
he local area network.
n
If us
sing academy
y PCs, then th
he instructor m
may wish to p
pre-install Wire
eshark on
the PCs and
a advise the
e students to read through Part 1 and p
perform Parts 2 and 3 of the lab. Wiresh
hark
installation procedure and
a screensh
hots may chan
nge dependin
ng on Wiresha
ark version. T
This lab is usin
ng
Wireshark
k v1.8.3 for Windows
W
7 (64
4-bit).
Using a packet sniffer such
s
as Wireshark may be
e considered a breach of th
he security po
olicy of the scchool. It is
recommended that perrmission is ob
btained before
e running Wire
eshark for this lab. If using
g a packet sniiffer such
as Wiresh
hark is an issu
ue, the instruc
ctor may wish
h to assign the
e lab as home
ework or perfform a walk-th
hrough
demonstra
ation.
P
Part 1: (O
Optional)) Download and In
nstall Wirreshark
Wireshark
k has become
e the industry standard pac
cket-sniffer prrogram used by network engineers. Thiis open
source so
oftware is available for man
ny different op
perating syste
ems, including
g Windows, M
Mac, and Linu
ux. In Part
1 of this la
ab, you will do
ownload and install the Wireshark softw
ware program on your PC.
Note: If Wireshark
W
is already installe
ed on your PC
C, you can skkip Part 1 and
d go directly to
o Part 2. If Wiireshark
is not installed on your PC, check with
w your instru
uctor about yo
our academys software do
ownload policcy.
S
Step 1: Do
ownload Wirreshark.
a. Wires
shark can be downloaded
d
from
f
www.wirreshark.org.
b. Click Download Wireshark.
W
P
Page 2 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
c.
S
Step 2: Ins
stall Wireshark.
a. The downloaded
d
file is named Wireshark-wi
W
in64-x.x.x.ex
xe, where x re
epresents the
e version num
mber.
Double-click the file
e to start the installation prrocess.
ond to any se
ecurity messa
ages that may
y display on yo
our screen. Iff you already have a copy of
b. Respo
Wires
shark on your PC, you will be prompted to uninstall th
he old version
n before insta
alling the new version.
It is re
ecommended that you rem
move the old version
v
of Wirreshark prior tto installing another versio
on. Click
Yes to
o uninstall the
e previous version of Wires
shark.
P
Page 3 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
c.
nue advancin
ng through the
e installation process.
p
Clickk I Agree whe
en the Licensse Agreementt window
d. Contin
displa
ays.
P
Page 4 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
e. Keep the default se
ettings on the
e Choose Com
mponents win
ndow and clicck Next.
f.
P
Page 5 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
g. You can
c change th
he installation location of Wireshark,
W
butt unless you h
have limited d
disk space, it is
recom
mmended thatt you keep the
e default loca
ation.
h. To ca
apture live nettwork data, WinPcap
W
must be installed o
on your PC. If WinPcap is already insta
alled on
nstalled versiion of WinPca
your PC,
P the Install check box will
w be unchec
cked. If your in
ap is older tha
an the
versio
on that comes
s with Wiresha
ark, it is recom
mmend that yyou allow the newer versio
on to be installled by
clickin
ng the Install WinPcap x.x
x.x (version number)
n
checck box.
i.
Finish
h the WinPcap
p Setup Wiza
ard if installing
g WinPcap.
P
Page 6 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
j.
Wires
shark starts in
nstalling its file
es and a sepa
arate window displays with
h the status off the installatiion. Click
Next when the insttallation is complete.
k.
P
Page 7 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
P
Part 2: Capture
C
and
a Analy
yze Local ICMP Da
ata in Wirreshark
In Part 2 of
o this lab, you will ping another PC on the
t LAN and capture ICMP
P requests an
nd replies in
Wireshark
k. You will als
so look inside the frames captured for sp
pecific inform
mation. This an
nalysis should
d help to
clarify how
w packet head
ders are used
d to transport data to their destination.
S
Step 1: Re
etrieve your PCs interfface addresses.
d its network interface card
For this la
ab, you will ne
eed to retrieve
e your PCs IP
P address and
d (NIC) physiical
address, also
a
called the MAC addre
ess.
a. Open a command window, type
e ipconfig /all, and then prress Enter.
b. Note your
y
PC interrfaces IP add
dress and MA
AC (physical) a
address.
c.
S
Step 2: Sta
art Wireshark and begiin capturing
g data.
a. On yo
our PC, click the
t Windows Start button to see Wiresh
hark listed ass one of the prrograms on th
he pop-up
menu. Double-click
k Wireshark.
P
Page 8 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
b. After Wireshark
W
sta
arts, click Inte
erface List.
u are unsure w
which interfacce to check, cclick the Deta
ails
Note: If multiple intterfaces are listed and you
n, and then click the 802.3 (Ethernet) ta
ab. Verify tha
at the MAC ad
ddress matche
es what you n
noted in
button
Step 1b. Close the
e Interface De
etails window after verifying
g the correct iinterface.
P
Page 9 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
d. After you
y have che
ecked the corrrect interface, click Start to
o start the data capture.
Inform
mation will sta
art scrolling do
own the top section in Wire
eshark. The d
data lines will appear in diff
fferent
colors
s based on prrotocol.
e. This information ca
an scroll by ve
ery quickly de
epending on w
what commun
nication is takking place bettween
P and the LA
AN. We can apply
a
a filter to
t make it eassier to view an
nd work with the data that is being
your PC
captured by Wiresh
hark. For this lab, we are only
o
interested
d in displayin
ng ICMP (ping
g) PDUs. Type
e icmp in
the Filter box at the
e top of Wires
shark and pre
ess Enter or cclick on the Ap
pply button to
o view only IC
CMP
(ping)) PDUs.
Pa
age 10 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
f.
This filter
f
causes all
a data in the top window to
o disappear, but you are sstill capturing the traffic on the
interfa
ace. Bring up the command prompt window that you opened earliier and ping th
he IP addresss that you
receiv
ved from yourr team membe
er. Notice tha
at you start se
eeing data appear in the to
op window of
Wires
shark again.
Pa
age 11 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
S
Step 3: Examine the captured
c
da
ata.
In Step 3, examine the
e data that wa
as generated by
b the ping re
equests of you
ur team mem
mbers PC. Wireshark
data is dis
splayed in three sections: 1)
1 The top se
ection displayss the list of PD
DU frames ca
aptured with a
summary of the IP pac
cket informatio
on listed, 2) th
he middle secction lists PDU
U information
n for the frame
e selected
in the top part of the sc
creen and sep
parates a cap
ptured PDU fra
ame by its prrotocol layers,, and 3) the b
bottom
section displays the raw
w data of eac
ch layer. The raw data is d isplayed in bo
oth hexadecim
mal and decim
mal form.
P request PDU
U frames in th
he top section
n of Wiresharrk. Notice thatt the Source ccolumn
a. Click the first ICMP
a
and the
t Destinatio
on contains th
he IP addresss of the teamm
mates PC you pinged.
has your PCs IP address,
Pa
age 12 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
b. With this
t
PDU fram
me still selecte
ed in the top section,
s
navig
gate to the miiddle section. Click the plus sign to
the left of the Ethernet II row to view the Des
stination and S
Source MAC addresses.
P
Part 3: Capture
C
and
a Analy
yze Remo
ote ICMP Data in W
Wireshark
k
In Part 3, you will ping remote hosts
s (hosts not on the LAN) an
nd examine th
he generated
d data from those
pings. You will then determine whatt is different about
a
this data
a from the data examined in Part 2.
S
Step 1: Sta
art capturing data on in
nterface.
a. Click the Interface
e List icon to bring up the list PC interfa
aces again.
Pa
age 13 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
b. Make sure the che
eck box next to
o the LAN intterface is checcked, and the
en click Start.
c.
d. With the
t capture active, ping the
e following three website U
URLs:
1) www.yahoo.co
w
om
2) www.cisco.com
w
m
3) www.google.co
w
om
Pa
age 14 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
S
Step 2: Examining and analyzing
g the data frrom the rem
mote hosts.
a. Revie
ew the capture
ed data in Wireshark, exam
mine the IP an
nd MAC addrresses of the three location
ns that
you pinged. List the destination IP and MAC addresses fo
or all three loccations in the space provid
ded.
1st Location:
IP: _____.____
__._____.____
__ MAC: ___
__:____:____:____:____:_
____
nd
IP: _____.____
__._____.____
__ MAC: ___
__:____:____:____:____:_
____
rd
IP: _____.____
__._____.____
__ MAC: ___
__:____:____:____:____:_
____
ocation:
2 Lo
3 Lo
ocation:
IP add
dresses: 72.3
30.38.140, 192.133.219.25
5, 74.125.129 .99 (these IP addresses m
may vary)
MAC address: This
s will be the same
s
for all th
hree locationss. It is the phyysical addresss of the routerrs
default-gateway LA
AN interface.
Pa
age 15 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
b. What is significant about this infformation?
_____
___________
___________
____________
___________
___________
____________
____________
________
The MAC
M
addresse
es for all three
e locations arre the same.
c.
How does
d
this information differr from the loca
al ping inform
mation you recceived in Partt 2?
_____
___________
___________
____________
___________
___________
____________
____________
________
_____
___________
___________
____________
___________
___________
____________
____________
________
A ping
g to a local ho
ost returns the
e MAC addre
ess of the PC s NIC. A ping
g to a remote host returns the MAC
addre
ess of the defa
ault gateways
s LAN interface.
R
Reflection
Why does
s Wireshark show the actual MAC addre
ess of the loccal hosts, but not the actua
al MAC addresss for the
remote ho
osts?
________
___________
____________
___________
___________
____________
____________
___________
________
________
___________
____________
___________
___________
____________
____________
___________
________
MAC addresses for rem
mote hosts arre not known on the local n
network, so th
he MAC addre
ess of the deffaultgateway is used. After the packet re
eaches the de
efault-gatewayy router, the llayer 2 inform
mation is stripp
ped from
the packe
et and a new Layer
L
2 heade
er is attached
d with the desstination MAC
C address of the next hop rrouter.
A
Appendix A:
A Allowing
g ICMP Tra
affic Throu
ugh a Firew
wall
If the mem
mbers of yourr team are una
able to ping your
y
PC, the ffirewall may b
be blocking th
hose requestss. This
appendix describes ho
ow to create a rule in the firrewall to allow
w ping requessts. It also desscribes how to disable
the new IC
CMP rule afte
er you have co
ompleted the lab.
S
Step 1: Cre
eate a new inbound rule allowing ICMP traffi c through tthe firewall.
a. From the Control Panel,
P
click the System an
nd Security o
option.
Pa
age 16 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
b. From the System and
a Security window,
w
click Windows Fiirewall.
c.
In the
e left pane of the
t Windows Firewall wind
dow, click Adv
vanced settings.
Pa
age 17 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
e. This launches the New Inbound
d Rule wizard. On the Rule
e Type screen
n, click the Cu
ustom radio b
button
c
Next
and click
f.
In the
e left pane, click the Protoc
col and Ports
s option and u
using the Pro
otocol type dro
op-down men
nu, select
ICMP
Pv4, and then click Next.
Pa
age 18 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
g. In the
e left pane, click the Name option and in
n the Name fie
eld, type Allo
ow ICMP Req
quests. Click Finish.
This new
n
rule shou
uld allow yourr team membe
ers to receive
e ping replies from your PC
C.
S
Step 2: Dis
sabling or deleting
d
the new ICMP rule.
After the lab is complette, you may want
w
to disable or even dellete the new rrule you creatted in Step 1.. Using
the Disab
ble Rule optio
on allows you to enable the
e rule again a
at a later date. Deleting the
e rule permanently
deletes it from the list of
o Inbound Ru
ules.
a. On the Advanced Security
S
window, in the leftt pane, click IInbound Rule
es and then locate the rule
e you
create
ed in Step 1.
Pa
age 19 of 20
L
Lab - Using Wireshark
W
to View Netwo
ork Traffic
b. To dis
sable the rule
e, click the Dis
sable Rule op
ption. When yyou choose th
his option, you will see thiss option
chang
ge to Enable Rule. You ca
an toggle back
k and forth be
etween Disab
ble Rule and E
Enable Rule; the
status
s of the rule also
a
shows in the Enabled column of the
e Inbound Rules list.
c.
To pe
ermanently de
elete the ICMP
P rule, click Delete.
D
If you choose this o
option, you must re-create the rule
again to allow ICMP replies.
Pa
age 20 of 20
Objectives
Explain the role of protocols and standards organizations in facilitating interoperability in network
communications.
Students will demonstrate how network communications can be compared to everyday activities using
established procedures and standards.
Background / Scenario
You have just completed the Chapter 3 content regarding network protocols and standards.
Assuming you resolved the beginning of this chapters modeling activity, how would you compare the
following steps taken to design a communications system to the networking models used for
communications?
Steps to Communicate
Possible Answers
Associated
TCP/IP Model Layer
Instructor Note: This Modeling Activity may be used as a graded assignment. It should demonstrate how
network protocols and standards facilitate the transfer of data from source to destination, in both personal and
in corporate practice. Facilitation of the discussion should include student-to-student discussions to show
how students perceptions have been changed.
Required Resources
Blank Steps to Communicate table (above) for students to record their answers based upon their
Chapter 3 content knowledge.
Reflection
1. How does your network model in developing an automotive repair communications plan compare to a
network communications interoperability plan?
_______________________________________________________________________________________
Students tables might look like this (with variations)
Steps to Communicate
Establishing a language to communicate
Possible Answers
Voice/Language (English,
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Associated
TCP/IP Model Layer
Application Layer
Page 1 of 2
Guaranteed to work!
Spanish, French, etc.)
Written pictures
Kinesthetic/physical
Dividing the message into small steps, delivered
a little at a time, to facilitate understanding of the
problem
Transport Layer
Internet Layer
(Segments)
(Packets)
Dividing the message into small steps, delivered a little at a time, to facilitate understanding of the
problem to be solved (Transport protocol).
Checking to see if the message has been delivered correctly to the mechanic who will be performing the
repairs. (Internet protocol)
Delivery of automobile and wait time for repairs (Network Access protocol)
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
Objectives
Describe the purpose and function of the data link layer in preparing communication for transmission
on specific media.
Students will discuss how communication within a single data-link layer domain can be performed
immediately by addressing the intended node directly. They will also consider the increasing difficulty
of communication if multiple nodes in a single domain need to communicate.
Background /Scenario
You and your colleague are attending a networking conference. There are many lectures and
presentations held during this event, and because they overlap, each of you can attend only a limited set
of sessions. Therefore, you decide to split up, each of you attending a separate set of presentations, and
after the event ends, you share the slides and the knowledge each of you gained during the event.
Answer the following questions:
How would you personally organize a conference where multiple sessions are held at the same
time? Would you put all of them into a single conference room, or would you use multiple rooms?
Explain your answer.
Assume that the conference room is properly fitted with audiovisual equipment to display largesize video and amplify the speakers voice. If a person wanted to attend a specific session, does
it matter which seat will the person takes, or is it sufficient for the person to sit anywhere as long
as it is in appropriate conference room?
What are the potential consequences or benefits if the speech from one conference room
somehow leaked into another?
If questions or inquiries arise during a presentation, should an attendee simply shout out his/her
question, or should there be some process of assuring that attendees are given an opportunity to
ask questions that everyone can hear? What would happen without this process?
Can a session run out of time without going through the entire intended content if an interesting
topic elicits a larger discussion where many attendees have questions? If you did not want this to
happen, what would be the best way to ensure that it does not occur?
Imagine that the session is in a panel format, which allows more free discussion of attendees with
the panelists and among themselves. If a person wants to address another person within the
same room, can he/she do it directly? If so, how is this possible? How would a panelist invite
another person to join who is not presently in the room?
What benefit, if any, was achieved by the isolation of multiple sessions into separate conference
rooms if, after the event, people could meet and share the information?
Instructor note: This Modeling Activity is not intended to be a graded assignment. Its purpose is to
encourage students to reflect on their perceptions of how a network is prepared to use specific media in
data transmission for personal and corporate practice. Facilitation of the discussion should be initiated as
a result of this activity
Required Resources
Recording capabilities (paper, tablet, etc.) for reflective comments to be shared with the class.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 4
Reflection
1. How would you personally organize a conference where multiple sessions are held at the same time?
Would you put all of them into a single conference room, or would you use multiple rooms? What would
be the reason? Explain your answer.
____________________________________________________________________________________
If multiple independent sessions are being held, it is necessary to put them into separate rooms.
Otherwise, the speakers would overlap, making it very hard, if not impossible, to understand what the
presenters are saying. Keeping separate sessions in separate rooms is not done for the purpose of
security (although there can be private sessions only for invited guests with restrictions on who can join
and what can be shared after the session) but rather for the purpose of keeping the communication
separated for better clarity and efficiency.
Our networks are separated into multiple data-link layer domains (broadcast domains) for the purpose of
containing the communication of similar properties workgroups, applications, floors, security
requirements, etc. This is similar to separating all sessions into multiple conference rooms according to
their topics.
2. Assume that the conference room is properly fitted with audiovisual equipment to display large-size video
and amplify the speakers voice. If a person wanted to attend a specific session, does it matter which seat
will the person takes, or is it sufficient for the person to sit anywhere as long as it is in appropriate
conference room?
____________________________________________________________________________________
It is sufficient to visit the proper conference room. A particular seat is not important as long as from each
seat, an attendee can hear and listen without obstructions.
The relative independence on the particular seat is similar to the relative independence of a node within a
network from its particular host address. For the purpose of communication within a single network, it is
sufficient that the nodes are in the same data-link layer domain and have unique addresses but it is not
important what exact addresses these are. Two nodes in a common data-link layer domain can talk to
each other and hear each other immediately.
3. What are the potential consequences or benefits if the speech from one conference room somehow
leaked into another?
____________________________________________________________________________________
It would definitely be at least annoying and distracting, if not directly damaging to the flow of the session.
In real networks, there are situations where two data-link layer domains originally intended to be separate
become joined (incorrect wiring, misconfiguration, bug) and leak information from one to another. This
is not a correct situation. Even if nodes from two different data-link layer domains are to communicate
together, their connection must be done in a controlled way using routers that interconnect separate datalink layer domains similar to a person attending a single session and then, afterwards, sharing the
knowledge with (i.e. routing the knowledge to) another person who did not attend.
4. If questions or inquiries arise during a presentation, should an attendee simply shout out his/her question,
or should there be some process of assuring that attendees are given an opportunity to ask questions
that everyone can hear? What would happen without this process?
____________________________________________________________________________________
Questions, comments, inquiries etc. from the audience should be given in a controlled manner.
Otherwise, two or more people will be talking at the same time, causing their neighbors to not understand
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
Objectives
Part 1: Identify Network Devices
Background / Scenario
As a member of the networking support staff, you must be able to identify different networking equipment.
You must also understand the function of equipment in the appropriate part of the network. In this lab, you will
have access to network devices and media. You will identify the type and characteristics of the network
equipment and media.
Instructor Note: This is an open-ended lab. Devices and cabling to be identified will be dependent on what
the academy and instructor have available (either standalone or in racks). Although real equipment is
preferable, the instructor can supplement real devices with good quality photos of devices, if desired.
Instructor Note: Instructors are encouraged to contact the local telephone company (telco) and cable
operators for cabling examples. A tour of the academy data center (with approval of the IT director) can be a
valuable experience for the students. The instructor can coordinate with the IT or Networking department to
tag various devices in a real environment for identification.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 3
ID
Manufacturer
Cisco
Model
1941
Type
Router
Functionality
Router
Physical Characteristics
2 GigabitEthernet Ports
2 EHWIC slots
2 CompactFlash slots
1 ISM slot
2 Console ports: USB, RJ-45
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 3
ID
Network Media
UTP
Type
Copper
Reflection
After you have identified the network equipment, where would you find more information about the
equipment?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
RFC, equipment manufacturer website or literature
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 3
Topology
Addressing Table
Device
Interface
IP Address
Subnet Mask
Default Gateway
PC-A
NIC
192.168.10.1
255.255.255.0
N/A
PC-B
NIC
192.168.10.2
255.255.255.0
N/A
Objectives
Part 1: Analyze Ethernet Cabling Standards and Pinouts
Analyze diagrams and tables for the TIA/EIA 568-A standard Ethernet cable.
Analyze diagrams and tables for the TIA/EIA 568-B standard Ethernet cable.
Part 2: Build an Ethernet Crossover Cable
Build and terminate a TIA/EIA 568-A cable end.
Build and terminate a TIA/EIA 568-B cable end.
Part 3: Test an Ethernet Crossover Cable
Test an Ethernet crossover cable with a cable tester.
Connect two PCs together using an Ethernet crossover cable.
Background / Scenario
In this lab, you will build and terminate an Ethernet crossover cable and test it by connecting two PCs
together and pinging between them. You will first analyze the Telecommunications Industry
Association/Electronic Industries Association (TIA/EIA) 568-A and 568-B standards and how they apply to
Ethernet cables. You will then construct an Ethernet crossover cable and test it. Finally, you will use the cable
you just constructed to connect two PCs together and test it by pinging between them.
Note: With autosensing capabilities available on many devices, such as the Cisco 1941 Integrated Services
Router (ISR) switch, you may see straight-through cables connecting like devices.
Instructor Note: This lab can be quite challenging for some students. Many RJ-45 connectors may be used
before a successful cable is built. If resources are limited, you may wish to have two students build one cable
instead of having each student construct one individually.
Required Resources
One length of cable, either Category 5 or 5e. Cable length should be 0.6 to 0.9m (2 to 3 ft.)
2 RJ-45 connectors
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 6
Step 1: Analyze diagrams and tables for the TIA/EIA 568-A standard Ethernet cable.
The following table and diagrams display the color scheme and pinouts, as well as the function of the four
pairs of wires used for the 568-A standard.
Note: In LAN installations using 100Base-T (100 Mb/s), only two pairs out of the four are used.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 6
Pin Number
Pair Number
Wire Color
10Base-T Signal
100Base-TX Signal
1000Base-T Signal
White/Green
Transmit
BI_DA+
Green
Transmit
BI_DA-
White/Orange
Receive
BI_DB+
Blue
Not Used
BI_DC+
White/Blue
Not Used
BI_DC-
Orange
Receive
BI_DB-
White/Brown
Not Used
BI_DD+
Brown
Not Used
BI_DD-
The following diagrams display how the wire color and pinouts align with an RJ-45 jack for the 568-A
standard.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 6
Step 2: Analyze diagrams and tables for the TIA/EIA 568-B standard Ethernet cable.
The following table and diagram display the color scheme and pinouts for the 568-B standard.
568-B 10/100/1000-BaseTX Ethernet
Pin Number
Pair Number
Wire Color
10Base-T Signal
100Base-TX Signal
White/Orange
Transmit
BI_DA+
Orange
Transmit
BI_DA-
White/Green
Receive
BI_DB+
Blue
Not Used
BI_DC+
White/Blue
Not Used
BI_DC-
Green
Receive
BI_DB-
White/Brown
Not Used
BI_DD+
Brown
Not Used
BI_DD-
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
1000Base-T Signal
Page 4 of 6
Hold the four pairs of twisted cables tightly where the jacket was cut away. Reorganize the cable pairs
into the order of the 568-A wiring standard. Refer to the diagrams, if necessary. Take as much care as
possible to maintain the twists in the cable; this provides noise cancellation.
d. Flatten, straighten, and line up the wires using your thumb and forefinger.
e. Ensure that the cable wires are still in the correct order for the 568-A standard. Using your wire cutters,
trim the four pairs in a straight line to within 1.25 to 1.9 cm (1/2 to 3/4 in.).
f.
Place an RJ-45 connector on the end of your cable, with the prong on the underside pointing downward.
Firmly insert the wires into the RJ-45 connector. All wires should be seen at the end of the connector in
their proper positions. If the wires are not extending to the end of the connector, take the cable out,
rearrange the wires as necessary, and reinsert the wires back into the RJ-45 connector.
g. If everything is correct, insert the RJ-45 connector with cable into the crimper. Crimp down hard enough
to force the contacts on the RJ-45 connector through the insulation on the wires, thus completing the
conducting path. See the following diagram for an example.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 6
Step 2: Connect two PCs together via NICs using your Ethernet crossover cable.
a. Working with a lab partner, set your PC to one of the IP addresses shown in the Addressing Table (see
page 1). For example, if your PC is PC-A, your IP address should be set to 192.168.10.1 with a 24-bit
subnet mask. You partners IP address should be 192.168.10.2. The default gateway address can be left
empty.
b. Using the crossover cable you made, connect the two PCs together via their NICs.
c.
Note: The Windows firewall may have to be temporarily disabled for pings to be successful. If the firewall is
disabled, make sure you re-enable it at the conclusion of this lab.
d. Repeat the process and ping from PC-B to PC-A.
Assuming IP addressing and firewall are not issues, your pings should be successful if the cables were
properly made.
Reflection
1. Which part of making cables did you find the most difficult?
_______________________________________________________________________________________
Answers will vary. Inserting the cables in the proper order into the RJ-45 connector is usually the hardest part.
2. Why do you have to learn how to make a cable if you can easily buy pre-made cables?
_______________________________________________________________________________________
A cable may go bad in a production environment. It may be too time consuming or costly to replace and it is
often simpler to merely re-cable each end if necessary.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 6
O
Objectives
Part 1: Identify and Work
W
with PC NICs
Part 2: Identify and Use the Syste
em Tray Netw
work Icons
B
Backgroun
nd / Scenarrio
This lab re
equires you to
o determine the availabilityy and status of
o the networkk interface cards (NICs) on
n the PC
that you use.
u
Windows
s provides a number
n
of wayys to view and
d work with your
y
NICs.
In this lab
b, you will access the NIC information off your PC and
d change the status of thesse cards.
R
Required
R
Resources
P
Part
1: Id
dentify an
nd Work with PC NICs
N
In Part 1, you will identtify the NIC tyypes in the PC
C that you are
e using. You will
w explore diifferent ways to extract
informatio
on about these
e NICs and how to activate
e and deactivvate them.
Note: Thiss lab was perrformed using
g a PC running on the Wind
dows 7 opera
ating system. You should be
b able to
perform th
he lab with on
ne of the othe
er Windows op
perating syste
ems listed; ho
owever, menu
u selections and
a
screens may
m vary.
S
Step
1: Use the Netwo
ork and Sha
aring Cente
er.
a. Open the Network
k and Sharing
g Center by clicking
c
the Windows
W
Startt button > Co
ontrol Panel > View
netwo
ork status an
nd tasks under Network and Internet he
eading in the Category Vie
ew.
b. In the
e left pane, click the Chang
ge adapter se
ettings link.
c.
The Network
N
Conn
nections window displays, which
w
provide
es the list of NICs
N
available
e on this PC. Look for
your Local
L
Area Co
onnection and
d Wireless Ne
etwork Conne
ection adapters in this wind
dow.
P
Page
1 of 12
c.
The Wireless Network Connection Status window displays where you can view information about your
wireless connection.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 12
What is the Service Set Identifier (SSID) for the wireless router of your connection?
__________________________ rrplace (in above example)
What is the speed of your wireless connection?
__________________________ 144.0 Mb/s (in above example)
d. Click Details to display the Network Connection Details window.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 12
Notice that the information displayed here is the same information that was displayed in the Network
Connection Details window in Step d.
g. Close the command window and the Network Connection Details windows. This should bring you back to
the Wireless Network Connection Status window. Click Wireless Properties.
h. In the Wireless Network Properties window, click the Security tab.
i.
The type of security the connected wireless router has implemented displays. Click the Show characters
check box to display the actual Network security key, instead of the hidden characters, and then click OK.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 12
j.
Close the Wireless Network Properties and the Network Connection Status windows. Select and rightclick the Wireless Network Connection option > Connect/Disconnect. A pop-up window should appear
at the bottom right corner of your desktop that displays your current connections, along with a list of
SSIDs that are in range of the wireless NIC of your PC. If a scrollbar appears on the right side of this
window, you can use it to display additional SSIDs.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 12
k.
To join one of the other wireless network SSIDs listed, click the SSID that you want to join, and then click
Connect.
l.
If you have selected a secure SSID, you are prompted to enter the Security key for the SSID. Type the
security key for that SSID and click OK. You can click the Hide characters check box to prevent people
from seeing what you type in the Security key field.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 12
b. The Local Area Connection Status window will open. This window displays information about your wired
connection to the LAN.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 12
Click Details to view the address information for your LAN connection.
c.
Open a command window prompt and type ipconfig /all. Find your Local Area Connection information
and compare this with the information displayed in the Network Connection Details window.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 12
b. Click the Open Network and Sharing Center link. Note: This is a shortcut way to bring up this window.
c.
In the left pane, click the Change adapter settings link to display the Network Connections window.
d. Select and right-click the Wireless Network Connection, and then click Disable to disable your wireless
NIC.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 12
e. Examine your system tray. The Wireless Network Connection icon should be replaced by the Wired
Network icon, which indicates that you are using your wired NIC for network connectivity.
Note: If both NICs are active, the Wireless Network icon is the one that is displayed.
b. Click the Open Network and Sharing Center link > Change adapter settings and Enable your
Wireless Network Connection. The Wireless Network icon should replace the Wired Network icon in
your system tray.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 12
c.
You can click this icon to return to the Network and Sharing Center window (examine the network
diagram at the top).
You can click the red X to have the PC troubleshoot the problem with the network connection.
Troubleshooting attempts to resolve the network issue for you.
d. If troubleshooting did not enable one of your NICs, then you should do this manually to restore the
network connectivity of your PC.
Note: If a network adapter is enabled and the NIC is unable to establish network connectivity, then the
Network Problem icon appears in the system tray.
If this icon appears, you can troubleshoot this issue just like you did in Step 3c.
Reflection
Why would you activate more than one NIC on a PC?
_______________________________________________________________________________________
Answers may vary. Multiple NICs can be used if more than one path is needed for the PC. One example of
this would be if the PC is being used as a Proxy Server.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 12
Objectives
Connect devices using wired and wireless media.
Students will map their network cabling/technology type ideas to a physical topology. Because this
chapter focuses on the network access layer, students should be able to prepare a basic physical model.
No logical (IP addressing) schemes are required for this activity.
Physical Topology
Background /Scenario
Note: This activity is best completed in groups of 2-3 students.
Your small business is moving to a new location! Your building is brand new and you must come up with
a physical topology so that network port installation can begin.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 3
Linked In!
Your instructor will provide you with a blueprint created for this activity. The area on the blueprint,
indicated by Number 1, is the reception area and the area numbered RR is the restroom area.
All rooms are within Category 6 UTP specifications (100 meters), so you have no concerns about hardwiring the building to code. Each room in the diagram must have at least one network connection
available for users/intermediary devices.
With your teammate(s), indicate on the drawing:
Where would you locate your network main distribution facility, while keeping security in mind?
How many intermediary devices you would use and where would you place them?
What kind of cabling you would use (UTP, STP, wireless, fiber optics, etc.) and where would the
ports be placed?
What types of end devices you would use (wired, wireless, laptops, desktops, tablets, etc.)?
Do not go into excessive detail on your design. Just use the content from the chapter to be able to justify
your decisions to the class.
Instructor notes: This Modeling Activity is not intended to be a graded assignment. Its purpose is to
encourage students to reflect on their comprehension of the data link layer from a physical perspective
wired and wireless connectivity. A facilitated discussion should be initiated as a result of this activity.
Required Resources
Reflection
1. Where would you locate your network main distribution facility, while keeping security in mind?
____________________________________________________________________________
Room 11 is the smallest room and would serve well as the main distribution facility or network center. It is
situated away from plumbing, which could interfere with copper quality. It is also located away from most
of the other offices/rooms for security purposes and has only one entry door.
2. How many intermediary devices you would use and where would you place them?
One or two switches could be placed in Room 11 for scalability and access to other end devices. One
router for connectivity to the ISP could be placed in Room 11, as well. One or two wireless ISRs could be
placed in the diagram, possibly in Room 7 or 12 for wireless access throughout the physical space.
____________________________________________________________________________
3. What kind of cabling you would use (UTP, STP, wireless, fiber optics, etc.) and where would the ports be
placed?
____________________________________________________________________________
Each room would incorporate at least one UTP jack for intermediary device connectivity or singular user
access. The central network room (main distribution facility) would need more than one network port as it
serves internal (LAN) connections and external (WAN) connections for the WAN, fiber optics would
probably be run for ISP connectivity.
4. What types of end devices you would use (wired, wireless, laptops, desktops, tablets, etc.)?
____________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 3
Linked In!
Using the answers stated above, it would be feasible to use a combination of wired, wireless laptops,
desktops, servers, tablets, etc. Security and scalability are considered in this model.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 3
Objectives
Describe the impact of ARP requests on network and host performance.
Students will discuss the ways that local addressing (source and destination) is critical to data communication
identification when using messaging, conferencing, emailing, and even gaming.
Background /Scenario
Note: This activity can be completed individually in class or outside of class.
Much of our network communication takes the form of email, messaging (text or instant), video contact, social
media postings.
For this activity, choose one of the following types of network communications that you use:
Emailing
Online gaming
Now that you have selected a network communication type, record your answers to the following questions:
Is there a procedure you must follow to register others and yourself so that you form a
communications account? Why do you think that a procedure is needed?
How do you initiate contact with the person or people with whom you wish to communicate?
How do you ensure that your conversations are received only by those with whom you wish to
communicate? Be prepared to discuss your answers in class.
Instructor notes: This Modeling Activity is not intended to be a graded assignment. Its purpose is to
encourage students to reflect on their perceptions of source and destination host identification as
compared to social media. Students answers should generate discussion about how we are identified as
we communicate through these types of networks.
Required Resources
Recording capabilities (paper, tablet, etc.) for reflective comments to be shared with the class.
Reflection
1. Is there a procedure you must follow to register others and yourself so that you form a communications
account? Why do you think that a procedure is needed?
____________________________________________________________________________________
In each of these services, you are bringing the person you want to communicate with directly into your
network. You are doing this in order to have a direct contact with your correspondents and be able to
communicate together directly, without requiring any intermediary person to relay messages between you
and your friends in your network. In essence, by registering yourself and your correspondents into your
contact list, you are building your own (social) communication network.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 3
3. How do you ensure that your conversations are received only by those with whom you wish to
communicate?
____________________________________________________________________________________
The primary prerequisite is that the message is unambiguously addressed to a single intended recipient
only. This is exactly the purpose of using a contact list that associates individual persons with their unique
user identifiers. Otherwise, if we did not know the user identifier of the recipient, we would either have to
send the message to everyone, effectively broadcasting it, or we would not be able to send the message
at all. In IP networks, this goal is performed by the resolution of the recipient (or next-hop) IP address into
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 3
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 3
L
Lab Viewing Network
N
Device MAC Ad
ddresse
es (Instru
uctor Verrsion)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
A
Addressing
g Table
Device
Interface
IP Ad
ddress
Subnet Mas
sk
Default Gateway
R1
G0/1
G
192.168
8.1.1
25
55.255.255.0
0
N/A
S1
VLAN
V
1
N/A
N /A
N/A
PC
C-A
NIC
N
192.168
8.1.3
25
55.255.255.0
0
192.168.1.1
O
Objectives
Part 1: Se
et Up the Top
pology and Initialize Dev
vices
Set up
p equipment to
t match the network topology.
Part 2: Co
onfigure Dev
vices and Ve
erify Connecttivity
Config
gure basic infformation on R1.
Verify
y network connectivity.
Analy
yze MAC addrress for PC-A
A.
Analy
yze MAC addrresses for rou
uter R1.
Displa
ay the MAC address
a
table on switch S1.
B
Backgroun
nd / Scenarrio
Every dev
vice on an Eth
hernet LAN is
s identified by a Layer-2 MA
AC address. T
This address is burned intto the
NIC. This lab will explo
ore and analyz
ze the compo
onents that m ake up a MAC
C address, an
nd how you ccan find
this inform
mation on variious networking devices, such
s
as a routter, switch, an
nd PC.
You will cable the equipment as sho
own in the top
pology. You w
will then config
gure the route
er and PC to match the
addressin
ng table. You will verify you
ur configuratio
ons by testing
g for network connectivity.
After the devices
d
have been configu
ured and netw
work connectivvity has been
n verified, you
u will use vario
ous
command
ds to retrieve information frrom the devices to answer questions ab
bout your netw
work equipme
ent.
P
Page 1 of 10
Required Resources
1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
Console cables to configure the Cisco IOS devices via the console ports
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 10
L
Lab Viewing Network Device
D
MAC Addresses
A
S
Step 2: Co
onfigure the
e router.
a. Conso
ole into the ro
outer and ente
er global conffiguration mod
de.
b. Assign a hostname
e to the router based on the Addressing
g Table.
c.
Disab
ble DNS looku
up.
d. Config
gure and ena
able the G0/1 interface on the
t router.
S
Step 3: Verify network
k connectiv
vity.
a. Ping the
t default ga
ateway addres
ss of R1 from
m PC-A.
Were the pings suc
ccessful?
_____
___________
___________
____________
___________
___________
____________
____________
________
The pings
p
should be
b successful.
P
Part 3: Display,
D
Describe,
D
and Ana
alyze Ethe
ernet MA
AC Addres
sses
Every dev
vice on an Eth
hernet LAN ha
as a Media Access
A
Contro
ol (MAC) addrress that is bu
urned into the
e Network
Interface Card
C
(NIC). Ethernet
E
MAC
C addresses are
a 48-bits lon
ng. They are d
displayed using six sets off
hexadecim
mal digits usu
ually separate
ed by dashes, colons, or pe
eriods. The fo
ollowing exam
mple shows th
he same
MAC address using the
e three differe
ent notation methods:
m
00-05-9A-3C-78
8-00
78:00
00:05:9A:3C:
0
0005.9A3C
C.7800
Note: MA
AC addresses are also calle
ed physical ad
ddresses, ha rdware addre
esses, or Ethe
ernet hardwarre
addresses
s.
In Part 3, you will issue
e commands to display the
e MAC addressses on a PC
C, router, and switch, and yyou will
analyze th
he properties of each one.
S
Step 1: An
nalyze the MAC
M
address for the PC
C-A NIC.
Before yo
ou analyze the
e MAC addres
ss on PC-A, look at an exa
ample from a different PC NIC. You can
n issue
the ipcon
nfig /all comm
mand to view the
t MAC address of your N
NICs. An example screen output is show
wn
below. Wh
hen using the
e ipconfig /all command, notice
n
that MA
AC addressess are referred
d to as physiccal
addresses
s. Reading the MAC addre
ess from left to
o right, the firrst six hex dig
gits refer to the vendor
(manufactturer) of this device.
d
These
e first six hex digits (3 byte
es) are also kn
nown as the o
organizationa
ally unique
identifier (OUI).
(
This 3--byte code is assigned to the vendor byy the IEEE org
ganization. To
o find the
manufactu
urer, you can use a tool su
uch as www.m
macvendorloo
okup.com or g
go to the IEEE
E web site to find the
registered
d OUI vendor codes. The IEEE web site
e address for OUI informattion is
http://stan
ndards.ieee.org/develop/re
egauth/oui/pub
blic.html. The
e last six digitss are the NIC serial numbe
er
assigned by the manuffacturer.
a. Using
g the output frrom the ipcon
nfig /all comm
mand, answerr the following
g questions.
P
Page 3 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 10
Address
192.168.1.1
192.168.1.3
Age (min)
0
Hardware Addr
30f7.0da3.1821
c80a.a9fa.de0d
Type
ARPA
ARPA
Interface
GigabitEthernet0/1
GigabitEthernet0/1
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 10
Did the switch display the MAC address of PC-A? If you answered yes, what port was it on?
____________________________________________________________________________________
Answers will vary for the MAC address. In example above the MAC address would be c80a.a9fa.de0d.
Port should be F0/6.
Did the switch display the MAC address of R1? If you answered yes, what port was it on?
____________________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 10
Reflection
1. Can you have broadcasts at the Layer 2 level? If so, what would the MAC address be?
_______________________________________________________________________________________
You can and often do have broadcasts at Layer 2. ARP will use broadcasts to find MAC address information.
The broadcast address is FF.FF.FF.FF.FF.FF.
2. Why would you need to know the MAC address of a device?
_______________________________________________________________________________________
There could be a variety of reasons. In a large network, it may be easier to pinpoint location and identity of a
device by MAC address rather than IP address. The MAC OUI will list the manufacturer, which may help
narrow down the search. Security measures can be applied at Layer 2 so knowledge of allowable MAC
addresses is needed.
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Config
Router R1
R1#sh run
Building configuration...
Current configuration : 1176 bytes
version 15.2
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 10
L
Lab Us
sing Wirreshark to Exam
mine Eth
hernet Frames (Instructo
or
V
Version)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
O
Objectives
Part 1: Ex
xamine the Header
H
Fields
s in an Etherrnet II Frame
e
Part 2: Us
se Wireshark
k to Capture and Analyze
e Ethernet Frrames
B
Backgroun
nd / Scenarrio
When upp
per layer proto
ocols commu
unicate with ea
ach other, da
ata flows down
n the Open S
Systems
Interconne
ection (OSI) layers and is encapsulated
d into a Layerr 2 frame. The
e frame comp
position is dep
pendent
on the me
edia access ty
ype. For exam
mple, if the up
pper layer pro
otocols are TC
CP and IP and
d the media a
access is
Ethernet, then the Laye
er 2 frame en
ncapsulation will
w be Ethern et II. This is ttypical for a LA
AN environment.
When learning about Layer
L
2 conce
epts, it is helpfful to analyze
e frame heade
er information
n. In the first p
part of this
lab, you will
w review the fields contain
ned in an Ethernet II frame
e. In Part 2, yo
ou will use W
Wireshark to ca
apture
and analy
yze Ethernet II frame heade
er fields for lo
ocal and remo
ote traffic.
Instructo
or Note: This lab
l assumes that the stude
ent is using a PC with Inte
ernet access. It also assum
mes that
Wireshark
k has been prre-installed on
n the PC. The
e screenshotss in this lab w
were taken from
m Wireshark v1.8.3 for
Windows 7 (64bit).
R
Required Resources
R
P
Part 1: Examine
E
the
t Header Fields in an Eth
hernet II F
Frame
In Part 1, you will exam
mine the head
der fields and content in an
n Ethernet II F
Frame. A Wire
eshark capturre will be
used to ex
xamine the co
ontents in tho
ose fields.
Page 1 of 7
L
Lab Using Wireshark
W
to
o Examine Etthernet Fram
mes
S
Step 1: Re
eview the Etthernet II he
eader field descriptions
d
s and lengtths.
Preamblle
Des
stination
Ad
ddress
Source
Address
Fram
me
Typ
pe
Data
FCS
8 Bytes
s
6 Bytes
6 Bytes
2 Byt
ytes
46
6 1500 Byte
es
4B
Bytes
S
Step 2: Examine the network
n
con
nfiguration of the PC.
This PC host
h
IP addres
ss is 10.20.16
64.22 and the
e default gatew
way has an IP
P address of 10.20.164.17
7.
S
Step 3: Examine Ethe
ernet frames
s in a Wires
shark captu re.
The Wires
shark capture
e below shows
s the packets
s generated b y a ping being issued from
m a PC host to
o its
default ga
ateway. A filte
er has been applied to Wire
eshark to view
w the ARP an
nd ICMP proto
ocols only. Th
he
session begins with an
n ARP query for
f the MAC address
a
of the
e gateway rou
uter, followed by four ping requests
and replie
es.
S
Step 4: Examine the Ethernet
E
II header
h
conttents of an A
ARP reques
st.
The follow
wing table takes the first fra
ame in the Wireshark capt ure and displays the data in the Ethernet II
header fie
elds.
Page 2 of 7
Field
Value
Description
Preamble
Destination Address
Broadcast
(ff:ff:ff:ff:ff:ff)
Source Address
Dell_24:2a:60
(5c:26:0a:24:2a:60)
Frame Type
0x0806
Data
ARP
FCS
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 7
L
Lab Using Wireshark
W
to
o Examine Etthernet Fram
mes
The first 3 octets of the
e MAC addres
ss indicate the
e OUI.
What is th
he Sources NIC
N serial num
mber? ______
___________
____________
________ 24:2
2a:60
P
Part 2: Use
U Wires
shark to Capture
C
and
a
Analy
yze Etherrnet Fram
mes
In Part 2, you will use Wireshark
W
to capture local and remote E
Ethernet fram
mes. You will tthen examine
e the
informatio
on that is conttained in the frame
f
headerr fields.
S
Step 1: De
etermine the
e IP address
s of the defa
ault gatewa
ay on your P
PC.
Open a co
ommand prom
mpt window and
a issue the ipconfig com
mmand.
What is th
he IP Address
s of the PC De
efault Gatewa
ay? ________
___________
_______ Answ
wers will varyy
S
Step 2: Sta
art capturing traffic on your PCs NIC.
a. Open Wireshark.
b. On the Wireshark Network
N
Anallyzer toolbar, click the Inte
erface List ico
on.
c.
Page 4 of 7
L
Lab Using Wireshark
W
to
o Examine Etthernet Fram
mes
S
Step 3: Filtter Wiresha
ark to displa
ay only ICM
MP traffic.
You can use
u the filter in Wireshark to
t block visibility of unwantted traffic. The filter does n
not block the capture
of unwantted data; it on
nly filters whatt to display on
n the screen. For now, onlyy ICMP trafficc is to be disp
played.
In the Wirreshark Filterr box, type icm
mp. The box should turn g
green if you tyyped the filter correctly. If th
he box is
green, clic
ck Apply to apply
a
the filterr.
S
Step 4: Fro
om the com
mmand prom
mpt window
w, ping the d
default gate
eway of your PC.
From the command window, ping th
he default gate
eway using th
he IP addresss that you reccorded in Step
p 1.
S
Step 5: Sto
op capturing traffic on the NIC.
Click the Stop
S
Capture
e icon to stop
p capturing tra
affic.
S
Step 6: Examine the first
f
Echo (p
ping) request in Wiresh
hark.
The Wires
shark main window is divid
ded into three
e sections: the
e Packet List pane (top), th
he Packet Dettails pane
(middle), and
a the Pack
ket Bytes pane
e (bottom). If you selected the correct in
nterface for packet capturing in
Step 3, Wireshark
W
shou
uld display the ICMP inform
mation in the Packet List p
pane of Wiresshark, similar to the
following example.
e
a. In the
e Packet List pane
p
(top sec
ction), click the
e first frame l isted. You sh
hould see Ech
ho (ping) req
quest
underr the Info hea
ading. This should highlightt the line blue
e.
Page 5 of 7
L
Lab Using Wireshark
W
to
o Examine Etthernet Fram
mes
b. Exam
mine the first line in the Pac
cket Details pa
ane (middle ssection). This line displays the length off the
frame
e; 74 bytes in this example.
c.
The second
s
line in the Packet Details
D
pane shows
s
that it iss an Ethernett II frame. The
e source and
destin
nation MAC addresses are
e also displaye
ed.
What is the MAC address
a
of the
e PCs NIC? ___________
_
____________
____ 5c:26:0a
a:24:2a:60 in e
example
What is the defaultt gateways MAC
M
address?
? __________
___________
___ 30:f7:0d:7
7a:ec:84 in exxample
d. You can
c click the plus
p
(+) sign at
a the beginning of the seccond line to ob
btain more infformation abo
out the
Ethernet II frame. Notice
N
that the plus sign ch
hanges to a m
minus (-) sign.
What type of frame
e is displayed? _________
___________
____________
___ 0x0800 o
or an IPv4 frame type.
e. The la
ast two lines displayed
d
in the middle sec
ction provide information a
about the data
a field of the fframe.
Notice
e that the data contains the
e source and destination IP
Pv4 address information.
What is the source
e IP address? __________
____________
____________
___ 10.20.164.22 in the exxample
What is the destina
ation IP addre
ess? _______
___________
___________
____ 10.20.16
64.17 in the exxample
f.
You can
c click any line
l
in the mid
ddle section to
o highlight tha
at part of the frame (hex and ASCII) in the
Packe
et Bytes pane
e (bottom secttion). Click the Internet Co
ontrol Messa
age Protocoll line in the middle
sectio
on and examin
ne what is hig
ghlighted in th
he Packet Byttes pane.
S
Step 7: Re
estart packe
et capture in
n Wireshark
k.
Click the Start
S
Capture
e icon to startt a new Wires
shark capture
e. You will recceive a popup
p window askiing if you
would like
e to save the previous
p
capttured packets
s to a file befo
ore starting a new capture. Click Contin
nue
without Saving.
S
Page 6 of 7
L
Lab Using Wireshark
W
to
o Examine Etthernet Fram
mes
S
Step 8: In the
t command prompt window, ping www.cis
sco.com.
S
Step 9: Sto
op capturing packets.
S
Step 10: Examine the new
n
data in the packet list pane o
of Wireshark
k.
In the firstt echo (ping) request frame
e, what are th
he source and
d destination MAC addressses?
Source: ___________
_
____________
___________
__ This shoul d be the MAC
C address of tthe PC.
Destination: ________
___________
___________
___ This shou
uld be the MA
AC address off the Default G
Gateway.
What are the source an
nd destination
n IP addresse
es contained in the data fie
eld of the fram
me?
Source: ___________
_
____________
___________
__ This is stilll the IP addre
ess of the PC..
Destination: ________
___________
___________
___ This is the
e address of tthe server at www.cisco.co
om.
Compare these addres
sses to the ad
ddresses you received in S
Step 7. The on
nly address th
hat changed iis the
destinatio
on IP address. Why has the
e destination IP address ch
hanged, while
e the destinattion MAC add
dress
remained the same?
________
___________
____________
___________
___________
____________
____________
___________
________
________
___________
____________
___________
___________
____________
____________
___________
________
________
___________
____________
___________
___________
____________
____________
___________
________
________
___________
____________
___________
___________
____________
____________
___________
________
Layer 2 frrames never leave the LAN
N. When a pin
ng is issued to
o a remote ho
ost, the sourcce will use the
e Default
Gateways
s MAC address for the fram
me destinatio
on. The Defau
ult Gateway re
eceives the packet, strips tthe Layer
2 frame in
nformation fro
om the packett and then cre
eates a new frrame header with the nextt hops MAC a
address.
This proce
ess continues
s from router to router untill the packet re
eaches its de
estination IP a
address.
R
Reflection
Wireshark
k does not dis
splay the prea
amble field of a frame head
der. What doe
es the preamble contain?
________
___________
____________
___________
___________
____________
____________
___________
________
________
___________
____________
___________
___________
____________
____________
___________
________
The pream
mble field con
ntains seven octets
o
of alterrnating 1010 ssequences, a
and one octet that signals tthe
beginning
g of the frame, 10101011.
Page 7 of 7
Lab Ob
L
bserving
g ARP with
w the Window
ws CLI, IOS CLI, and
W
Wiresha
ark (Instrructor Ve
ersion)
Instructor No
ote: Red font color or Grayy highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
A
Addressing
g Table
Device
Interface
IP Ad
ddress
Subnet Mas
sk
Default Gateway
R1
G0/1
G
192.168
8.1.1
25
55.255.255.0
N/A
S1
VLAN
V
1
192.168
8.1.11
25
55.255.255.0
192.168.1.1
S2
2
VLAN
V
1
192.168
8.1.12
25
55.255.255.0
192.168.1.1
PC
C-A
NIC
N
192.168
8.1.3
25
55.255.255.0
192.168.1.1
PC
C-B
NIC
N
192.168
8.1.2
25
55.255.255.0
192.168.1.1
O
Objectives
Part 1: Bu
uild and Con
nfigure the Network
Part 2: Us
se the Windo
ows ARP Command
Part 3: Us
se the IOS Show ARP Co
ommand
Part 4: Us
se Wireshark
k to Examine
e ARP Excha
anges
P
Page
1 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
Background / Scenario
The Address Resolution Protocol (ARP) is used by TCP/IP to map a Layer 3 IP address to a Layer 2 MAC
address. When a frame is placed on the network, it must have a destination MAC address. To dynamically
discover the MAC address for the destination device, an ARP request is broadcast on the LAN. The device
that contains the destination IP address responds, and the MAC address is recorded in the ARP cache. Every
device on the LAN keeps its own ARP cache, or small area in RAM that holds ARP results. An ARP cache
timer removes ARP entries that have not been used for a certain period of time.
ARP is an excellent example of performance tradeoff. With no cache, ARP must continually request address
translations each time a frame is placed on the network. This adds latency to the communication and could
congest the LAN. Conversely, unlimited hold times could cause errors with devices that leave the network or
change the Layer 3 address.
A network administrator should be aware of ARP, but may not interact with the protocol on a regular basis.
ARP is a protocol that enables network devices to communicate with the TCP/IP protocol. Without ARP, there
is no efficient method to build the datagram Layer 2 destination address. Also, ARP is a potential security risk.
ARP spoofing, or ARP poisoning, is a technique used by an attacker to inject the wrong MAC address
association in a network. An attacker forges the MAC address of a device, and frames are sent to the wrong
destination. Manually configuring static ARP associations is one way to prevent ARP spoofing. Finally, an
authorized MAC address list may be configured on Cisco devices to restrict network access to only approved
devices.
In this lab, you will use the ARP commands in both Windows and Cisco routers to display the ARP table. You
will also clear the ARP cache and add static ARP entries.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Instructor Note: Some of the ARP commands in Windows Vista or later operating systems will require
administrator privileges.
Required Resources
1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
2 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term and Wireshark
installed)
Console cables to configure the Cisco IOS devices via the console ports
Note: The Fast Ethernet interfaces on Cisco 2960 switches are autosensing and an Ethernet straight-through
cable may be used between switches S1 and S2. If using another Cisco switch model, it may be necessary to
use an Ethernet crossover cable.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
-g
-v
inet_addr
-N if_addr
-d
-s
eth_addr
if_addr
Example:
> arp -s 157.55.85.212
> arp -a
00-aa-00-62-c6-09
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
b. Examine the output.
What command would be used to display all entries in the ARP cache?
____________________________________________________________________________________
arp a
What command would be used to delete all ARP cache entries (flush ARP cache)?
____________________________________________________________________________________
arp d *
What command would be used to delete the ARP cache entry for 192.168.1.11?
____________________________________________________________________________________
arp d 192.168.1.11
c.
Type
dynamic
static
static
static
static
Note: The ARP table is empty if you use Windows XP (as displayed below).
C:\Documents and Settings\User1> arp -a
No ARP Entries Found.
d. Ping from PC-A to PC-B to dynamically add entries in the ARP cache.
C:\Documents and Settings\User1> ping 192.168.1.2
Interface: 192.168.1.3 --- 0xb
Internet Address
Physical Address
192.168.1.2
00-50-56-be-f6-db
Type
dynamic
What is the physical address for the host with IP address of 192.168.1.2?
____________________________________________________________________________________
00-50-56-be-f6-db
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
c.
Type
dynamic
dynamic
dynamic
dynamic
static
static
static
static
As an administrator, access the command prompt. Click the Start icon, and in the Search programs and
file box, type cmd. When the cmd icon appears, right-click the icon and select Run as administrator.
Click Yes to allow this program to make changes.
Note: For Windows XP users, it is not necessary to have administrator privileges to modify ARP cache
entries.
d. In the Administrator command prompt window, type arp d *. This command deletes all the ARP cache
entries. Verify that all the ARP cache entries are deleted by typing arp a at the command prompt.
C:\windows\system32> arp d *
C:\windows\system32> arp a
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
No ARP Entries Found.
e. Wait a few minutes. The Neighbor Discovery protocol starts to populate the ARP cache again.
C:\Users\User1> arp a
Interface: 192.168.1.3 --- 0xb
Internet Address
Physical Address
192.168.1.255
ff-ff-ff-ff-ff-ff
Type
static
From PC-A, ping PC-B (192.168.1.2) and the switches (192.168.1.11 and 192.168.1.12) to add the ARP
entries. Verify that the ARP entries have been added to the cache.
C:\Users\User1> arp a
Interface: 192.168.1.3 --- 0xb
Internet Address
Physical Address
192.168.1.2
00-50-56-be-f6-db
192.168.1.11
0c-d9-96-e8-8a-40
192.168.1.12
0c-d9-96-d2-40-40
192.168.1.255
ff-ff-ff-ff-ff-ff
Type
dynamic
dynamic
dynamic
static
Type arp a to verify that the ARP entry for S2 has been removed from the ARP cache.
C:\Users\User1> arp a
Interface: 192.168.1.3 --- 0xb
Internet Address
Physical Address
192.168.1.2
00-50-56-be-f6-db
192.168.1.11
0c-d9-96-e8-8a-40
192.168.1.255
ff-ff-ff-ff-ff-ff
j.
Type
dynamic
dynamic
static
You can add a specific ARP cache entry by typing arp s inet_addr mac_addr. The IP address and
MAC address for S2 will be used in this example. Use the MAC address recorded in step g.
C:\windows\system32> arp s 192.168.1.12 0c-d9-96-d2-40-40
k.
Verify that the ARP entry for S2 has been added to the cache.
Address
192.168.1.1
Age (min)
-
Hardware Addr
d48c.b5ce.a0c1
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Type
ARPA
Interface
GigabitEthernet0/1
Page 6 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
Internet
Internet
192.168.1.2
192.168.1.3
0
0
0050.56be.f6db
0050.56be.768c
ARPA
ARPA
GigabitEthernet0/1
GigabitEthernet0/1
R1#
Notice there is no Age (-) for the first entry, router interface G0/1 (the LAN default gateway). The Age is
the number of minutes (min) that the entry has been in ARP cache and is incremented for the other
entries. The Neighbor Discovery protocol populates the PC-A and PC-B IP and MAC address ARP
entries.
b. Verify that an ARP entry for switch S1 has been added to the ARP table of R1.
R1# show ip arp
Protocol
Internet
Internet
Internet
Internet
R1#
Address
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.11
Age (min)
6
6
0
Hardware Addr
d48c.b5ce.a0c1
0050.56be.f6db
0050.56be.768c
0cd9.96e8.8a40
Type
ARPA
ARPA
ARPA
ARPA
Interface
GigabitEthernet0/1
GigabitEthernet0/1
GigabitEthernet0/1
GigabitEthernet0/1
Hardware Addr
d48c.b5ce.a0c1
0050.56be.f6db
0050.56be.768c
0cd9.96e8.8a40
Type
ARPA
ARPA
ARPA
ARPA
Interface
Vlan1
Vlan1
Vlan1
Vlan1
Address
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.11
Age (min)
46
8
8
-
b. Verify that the ARP entry for switch S2 has been added to ARP table of S1.
S1# show ip arp
Protocol
Address
Age (min)
Hardware Addr
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Type
Interface
Page 7 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
Internet
Internet
Internet
Internet
Internet
S1#
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.11
192.168.1.12
5
11
11
2
d48c.b5ce.a0c1
0050.56be.f6db
0050.56be.768c
0cd9.96e8.8a40
0cd9.96d2.4040
ARPA
ARPA
ARPA
ARPA
ARPA
Vlan1
Vlan1
Vlan1
Vlan1
Vlan1
d. Send a ping to the default gateway, using the ping 192.168.1.1 command.
e. Stop the Wireshark capture after pinging to the default gateway is finished.
f.
Examine the Wireshark captures for the ARP exchanges in the packet details pane.
What was the first ARP packet? ___________________________ ARP request
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
Fill in the following table with information about your first captured ARP packet.
Field
Value
Sender IP address
192.168.1.3
00:00:00:00:00:00
Target IP address
192.168.1.1
Fill in the following table with information about your second captured ARP packet.
Field
Value
Sender IP address
192.168.1.1
Target IP address
192.168.1.3
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
c.
Ping switch S2 (192.168.1.12). The ping should be successful after the first echo request.
Note: If all the pings were successful, S1 should be reloaded to observe network latency with ARP.
C:\Users\User1> ping 192.168.1.12
Request timed out.
Reply from 192.168.1.12: bytes=32 time=2ms TTL=255
Reply from 192.168.1.12: bytes=32 time=2ms TTL=255
Reply from 192.168.1.12: bytes=32 time=2ms TTL=255
Ping statistics for 192.168.1.12:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms
d. Stop the Wireshark capture after the pinging is finished. Use the Wireshark filter to display only ARP and
ICMP outputs. In Wireshark, type arp or icmp in the Filter: entry area.
e. Examine the Wireshark capture. In this example, frame 10 is the first ICMP request sent by PC-A to S1.
Because there is no ARP entry for S1, an ARP request was sent to the management IP address of S1
asking for the MAC address. During the ARP exchanges, the echo request did not receive a reply before
the request was timed out. (frames 8 12)
After the ARP entry for S1 was added to the ARP cache, the last three ICMP exchanges were successful,
as displayed in frames 26, 27 and 30 33.
As displayed in the Wireshark capture, ARP is an excellent example of performance tradeoff. With no
cache, ARP must continually request address translations each time a frame is placed on the network.
This adds latency to the communication and could congest the LAN.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
Reflection
1. How and when are static ARP entries removed?
_______________________________________________________________________________________
They are deleted manually.
2. Why do you want to add static ARP entries in the cache?
_______________________________________________________________________________________
A static ARP entry can mitigate ARP spoofing or poisoning in the network.
3. If ARP requests can cause network latency, why is it a bad idea to have unlimited hold times for ARP entries?
_______________________________________________________________________________________
Unlimited hold times could cause errors with devices that leave the network or change the Layer 3 address.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router R1
R1#show run
Building configuration...
Current configuration : 1165 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
memory-size iomem 15
!
!
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
!
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end
Switch S1
S1#show run
Building configuration...
Current configuration : 1305 bytes
!
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
!
!
!
!
!
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.11 255.255.255.0
!
ip http server
ip http secure-server
!
!
!
line con 0
line vty 5 15
!
end
Switch S2
S2#show run
Building configuration...
Current configuration : 1313 bytes
!
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S2
!
boot-start-marker
boot-end-marker
!
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
no aaa new-model
system mtu routing 1500
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 18
Lab Observing ARP with the Windows CLI, IOS CLI and Wireshark
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.12 255.255.255.0
!
ip http server
ip http secure-server
!
!
line con 0
line vty 5 15
!
end
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 18 of 18
L
Lab - Us
sing IOS
S CLI witth Switch MAC A
Address
s Tables
s (Instrucctor
V
Version)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
A
Addressing
g Table
Device
Interface
IP Ad
ddress
Subnet Mas
sk
Default Gateway
R1
G0/1
G
192.168
8.1.1
25
55.255.255.0
0
N/A
S1
VLAN
V
1
192.168
8.1.11
25
55.255.255.0
0
192.168.1.1
S2
2
VLAN
V
1
192.168
8.1.12
25
55.255.255.0
0
192.168.1.1
PC
C-A
NIC
N
192.168
8.1.3
25
55.255.255.0
0
192.168.1.1
PC
C-B
NIC
N
192.168
8.1.2
25
55.255.255.0
0
192.168.1.1
O
Objectives
Part 1: Bu
uild and Con
nfigure the Network
Cable
e the network according to the topology diagram.
Config
gure the netw
work devices according
a
to the
t Addressin
ng Table.
Part 2: Ex
xamine the Switch
S
MAC Address
A
Tab
ble
Use show
s
commands to observ
ve the proces
ss of building tthe switch MA
AC address ta
able.
P
Page 1 of 15
Background / Scenario
The purpose of a Layer 2 LAN switch is to deliver Ethernet frames to host devices on the local network. The
switch records host MAC addresses that are visible on the network, and maps those MAC addresses to its
own Ethernet switch ports. This process is called building the MAC address table. When a switch receives a
frame from a PC, it examines the frames source and destination MAC addresses. The source MAC address
is recorded and mapped to the switch port from which it arrived. Then the destination MAC address is looked
up in the MAC address table. If the destination MAC address is a known address, then the frame is forwarded
out of the corresponding switch port of the MAC address. If the MAC address is unknown, then the frame is
broadcast out of all switch ports, except the one from which it came. It is important to observe and understand
the function of a switch and how it delivers data on the network. The way a switch operates has implications
for network administrators whose job it is to ensure secure and consistent network communication.
Switches are used to interconnect and deliver information to computers on local area networks. Switches
deliver Ethernet frames to host devices identified by network interface card MAC addresses.
In Part 1, you will build a multi-switch and router topology with a trunk linking the two switches. In Part 2, you
will ping various devices and observe how the two switches build their MAC address tables.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Instructor Note: The Wireshark program will need to be downloaded and installed on PC-B prior to the start
of the lab. Wireshark can be downloaded from http://www.wireshark.org/.
Required Resources
1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
2 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)
Console cables to configure the Cisco IOS devices via the console ports
Note: The Fast Ethernet interfaces on Cisco 2960 switches are autosensing and an Ethernet straight-through
cable may be used between switches S1 and S2. If using another model Cisco switch, it may be necessary to
use an Ethernet crossover cable.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 15
c.
Console into switch S1 and S2 and type the show interface F0/1 command on each switch. On the
second line of command output, what is the hardware addresses (or burned-in address [bia])?
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 15
Mac Address
----------0100.0ccc.cccc
0100.0ccc.cccd
0180.c200.0000
0180.c200.0001
0180.c200.0002
0180.c200.0003
0180.c200.0004
Type
-------STATIC
STATIC
STATIC
STATIC
STATIC
STATIC
STATIC
Ports
----CPU
CPU
CPU
CPU
CPU
CPU
CPU
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 15
What MAC addresses are recorded in the table? To which switch ports are they mapped and to which
devices do they belong? Ignore MAC addresses that are mapped to the CPU.
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
There may be multiple MAC addresses recorded in the MAC address table, especially MAC addresses
learned through S1s F0/1 switch port. In the example output above, the S1 F0/1 MAC address and PC-A
MAC address are mapped to S2 F0/1.
If you had not previously recorded MAC addresses of network devices in Step 1, how could you tell which
devices the MAC addresses belong to, using only the output from the show mac address-table
command? Does it work in all scenarios?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
The output of the show mac address-table command shows the port that the MAC address was learned
on. In most cases this would identify which network device the MAC address belongs to, except in the
case of multiple MAC addresses associated to the same port. This happens when switches are
connected to other switches and record all of the MAC addresses for devices connected to the other
switch.
Step 3: Clear the S2 MAC address table and display the MAC address table again.
a. In privileged EXEC mode, type the clear mac address-table dynamic command and press Enter.
S2# clear mac address-table dynamic
b. Quickly type the show mac address-table command again. Does the MAC address table have any
addresses in it for VLAN 1? Are there other MAC addresses listed?
___________________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 15
Wait 10 seconds, type the show mac address-table command, and press Enter. Are there new
addresses in the MAC address table? __________________ Answers will vary. There may be.
Step 4: From PC-B, ping the devices on the network and observe the switch MAC address
table.
a. From PC-B, open a command prompt and type arp -a. Not including multicast or broadcast addresses,
how many device IP-to-MAC address pairs have been learned by ARP?
____________________________________________________________________________________
Answers will vary. The ARP cache may have no entries in it, or it may have the gateway IP address to
MAC address mapping.
C:\Users\PC-B> arp -a
Interface: 192.168.1.2 --- 0xb
Internet Address
Physical Address
192.168.1.1
30-f7-0d-a3-17-c1
C:\Users\PC-B>
Type
dynamic
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 15
From a console connection to S2, enter the show mac address-table command. Has the switch added
additional MAC addresses to the MAC address table? If so, which addresses and devices?
____________________________________________________________________________________
____________________________________________________________________________________
There may only be one additional MAC address mapping added to the table, most likely the MAC address
of PC-A.
S2# show mac address-table
Mac Address Table
------------------------------------------Vlan
Mac Address
Type
Ports
------------------------All
0100.0ccc.cccc
STATIC
CPU
All
0100.0ccc.cccd
STATIC
CPU
All
0180.c200.0000
STATIC
CPU
All
0180.c200.0001
STATIC
CPU
All
0180.c200.0002
STATIC
CPU
All
0180.c200.0003
STATIC
CPU
All
0180.c200.0004
STATIC
CPU
All
0180.c200.0005
STATIC
CPU
All
0180.c200.0006
STATIC
CPU
All
0180.c200.0007
STATIC
CPU
All
0180.c200.0008
STATIC
CPU
All
0180.c200.0009
STATIC
CPU
All
0180.c200.000a
STATIC
CPU
All
0180.c200.000b
STATIC
CPU
All
0180.c200.000c
STATIC
CPU
All
0180.c200.000d
STATIC
CPU
All
0180.c200.000e
STATIC
CPU
All
0180.c200.000f
STATIC
CPU
All
0180.c200.0010
STATIC
CPU
All
ffff.ffff.ffff
STATIC
CPU
1
0021.700c.050c
DYNAMIC
Fa0/18
1
0cd9.96d2.3d81
DYNAMIC
Fa0/1
1
0cd9.96d2.3dc0
DYNAMIC
Fa0/1
1
1cc1.de91.c35d
DYNAMIC
Fa0/1
1
30f7.0da3.17c1
DYNAMIC
Fa0/1
Total Mac Addresses for this criterion: 25
S2#
From PC-B, open a command prompt and retype arp -a. Does the PC-B ARP cache have additional
entries for all network devices that were sent pings?
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 15
Type
dynamic
dynamic
dynamic
dynamic
Reflection
On Ethernet networks, data is delivered to devices by their MAC addresses. For this to happen, switches and
PCs dynamically build ARP caches and MAC address tables. With only a few computers on the network this
process seems fairly easy. What might be some of the challenges on larger networks?
_______________________________________________________________________________________
ARP broadcasts could cause broadcast storms. Because ARP and switch MAC tables do not authenticate or
validate the IP addresses to MAC addresses it would be easy to spoof a device on the network.
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router R1
R1#show running-config
Building configuration...
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 15
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 15
Switch S1
S1#show running-config
Building configuration...
Current configuration : 1355 bytes
!
version 12.2
no service pad
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 15
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 15
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 15
Switch S2
S2#show running-config
Building configuration...
Current configuration : 1355 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S2
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
!
!
no aaa new-model
system mtu routing 1500
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 15
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 15
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 15
Objectives
Explain basic switching concepts.
Students will indicate their knowledge of Ethernet technology by successfully comparing legacy to
current standards. They will also speculate on potential future Ethernet technology standards.
Students will explain why MAC addresses and framing formats have stayed basically the same, in
order to assist data transmission, during Ethernets evolution.
Background /Scenario
Note: This activity is best completed in groups of 2-3 students.
Please view the video, The History of Ethernet, located at the following link:
http://www.netevents.tv/video/bob-metcalfe-the-history-of-ethernet
Topics discussed in the video include not only where we have come from in Ethernet development, but
where we are going with Ethernet technology in the future!
After viewing the video and comparing its contents to Chapter 10, go to the web and search for
information about Ethernet:
How has Ethernet stayed the same over the past 25 years or so? What changes are being made
to make it more useful/applicable to todays data transmission methods?
Collect three pictures of old, current and possible future Ethernet physical media and devices. Focus your
search on switches if possible. Share these pictures with the class and discuss:
How have Ethernet physical media and intermediary devices stayed the same?
How do you think the Ethernet will change in the future? What factors could influence these
changes?
Instructor notes: This Modeling Activity is not intended to be a graded assignment. Its purpose is to
encourage students to reflect on their perceptions of how Ethernet has developed to todays standards,
including its use in LANs and WANs for the transmission of frames. Facilitation of the discussion should
include student-to-student discussions of each others work.
Required Resources
Hard or soft-copy media for recording answers to questions and for in-class sharing.
Reflection
1. How was Ethernet used when it was first developed?
____________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
Reality
Identify elements of the model that map to IT-related content:
Ethernet is a technology-based idea with cabling, speed; methods of signaling are all involved in
deciding which method of Ethernet to use in a network.
Switches use Ethernet technology and at both the LAN and WAN sides of a network.
Even though Ethernet is legacy in its inception, it is still fully current in application on todays
networks, especially in framing formats with slight modifications.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
Objectives
Explain how network devices use routing tables to direct packets to a destination network.
Students will visualize how a hop-by-hop routing paradigm with correct path selection at each hop results
in a successful delivery of packets. They will recognize that each router on the path must have correct
knowledge about the destination network, and the path towards that network, in order to deliver packets
over the shortest path.
Background /Scenario
During the upcoming weekend, you decide to visit a schoolmate who is currently at home sick. You know
his street address but you have never been to his town before.
Instead of looking up the address on the map, you decide to take it easy and to simply ask town residents
for directions after you arrive by train.
The citizens you ask for directions are very helpful. However, they all have an interesting habit. Instead of
explaining the entire route to your destination, they all tell you, Take this road and as soon as you arrive
at the nearest crossroad, ask somebody there again.
Somewhat bemused at this apparent oddity, you follow these instructions and finally arrive, crossroad by
crossroad, and road by road, at your friends house.
Answer the following questions:
1. Would it have made a significant difference if you were told about the whole route or a larger part
of the route instead of just being directed to the nearest crossroad?
2. Would it have been more helpful to ask about the specific street address or just about the street
name? What would happen if the person you asked for directions did not know where the
destination street was or directed you through an incorrect road?
3. Assuming that on your way back home, you again choose to ask residents for directions. Would it
be guaranteed that you would be directed via the same route you took to get to your friends
home? Explain your answer.
4. Is it necessary to explain where you depart from when asking directions to an intended
destination?
Instructor Note: This Modeling Activity is not intended to be a graded assignment. Its purpose is to
encourage students to reflect on their perceptions of how a network uses pathways to send and receive
data communications. Facilitation of the discussion should be initiated as a result of this activity.
Reflection
1. Would it have made a significant difference if you were told about the whole route or a larger part of the
route instead of just being directed to the nearest crossroad?
____________________________________________________________________________________
It would not really make a difference. The key fact to remember here is that to reach any part of the route
behind the nearest crossroad, we must first reach that crossroad. If residents at each crossroad can be
assumed to know their town well, it is not really helpful to ask about what is beyond the first crossroad as
we must still reach it, and on each crossroad, we will be directed appropriately. Please make the
students aware, however, that congestion can also affect whether an route is better than another to use..
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
Irrelevancy of house number when asking for the path to the destination street Corresponds to routers
knowing about networks, not about individual hosts
Asking about the path to destination at each crossroad Corresponds to path selection performed on
each router
Relevancy of only the destination when asking for a path Corresponds to destination-based routing
Different possible paths to and from the friend Correspond to independent routing to and from a
destination
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
L
Lab - Vie
ewing Host
H
Rou
uting Tables (Insstructor V
Version)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
O
Objectives
Part 1: Ac
ccess the Ho
ost Routing Table
T
Part 2: Ex
xamine IPv4 Host Routin
ng Table Entrries
Part 3: Ex
xamine IPv6 Host Routin
ng Table Entrries
B
Backgroun
nd / Scenarrio
To access
s a resource on
o a network,, your host will determine tthe route to th
he destination
n host using itts routing
table. The
e host routing table is similar to that of a router, but iss specific to th
he local host and much lesss
complex. For a packet to reach a loc
cal destinatio
on, the local h ost routing ta
able is require
ed. To reach a remote
destinatio
on, both the lo
ocal host routing table and the router rou
uting table are
e required. Th
he netstat rr and
route prin
nt commands
s provide insig
ght into how your
y
local hosst routes packkets to the de
estination.
In this lab
b, you will disp
play and exam
mine the inforrmation in the host routing table of your PC using the
e netstat
r and route print com
mmands. You will determin
ne how packe ts will be routted by your P
PC depending on the
destinatio
on address.
Note: This
s lab cannot be
b completed
d using Netlab
b. This lab asssumes that yo
ou have Interrnet access.
R
Required Resources
R
P
Part 1: Access
A
th
he Host Routing
R
Table
S
Step 1: Re
ecord your PC
P informattion.
On your PC,
P open a co
ommand prom
mpt window and type the ip
pconfig /all ccommand to d
display the folllowing
informatio
on and record it:
IPv4 Add
dress
MAC Add
dress
Default Gateway
G
S
Step 2: Dis
splay the ro
outing tables.
In a comm
mand prompt window type the netstat r
(or route p rint) comman
nd to display the host routiing table.
Page 1 of 6
L
Lab - Viewing
g Host Routing Tables
S
Step 3: Examine the Interface Lis
st.
The first section,
s
Interfa
ace List, disp
plays the Media Access Co
ontrol (MAC) a
addresses an
nd assigned in
nterface
number of every netwo
ork-capable in
nterface on the host.
Page 2 of 6
L
Lab - Viewing
g Host Routing Tables
The first column
c
is the interface num
mber. The sec
cond column is the list of M
MAC addresse
es associated
d with the
network-c
capable interfa
aces on the hosts.
h
These interfaces
i
can
n include Ethe
ernet, Wi-Fi, a
and Bluetooth
h
adapters. The third column shows th
he manufactu
urer and a desscription of th
he interface.
In this exa
ample, the firs
st line display
ys the wireless
s interface tha
at is connecte
ed to the loca
al network.
Note: If yo
ou have a PC
C with an Ethe
ernet interface
e and a Wirel ess adapter e
enabled, both
h interfaces w
would be
listed in th
he Interface List.
L
What is th
he MAC addre
ess of the inte
erface connec
cted to your lo
ocal network?
? How does th
he MAC addrress
compare to
t the recorde
ed MAC address in Step 1?
________
___________
____________
___________
___________
____________
____________
___________
________
Answers will
w vary. The MAC addres
ss in this exam
mple is 90:4C
C:E5:BE:15:63
3 The MAC ad
ddress should
d be the
same as recorded
r
in Step 1 using ip
pconfig /all.
The secon
nd line is loop
pback interfac
ce. The loopback interface is automatica
ally assigned an IP addresss of
127.0.0.1 when the Tra
ansmission Control
C
Protocol/Internet Prrotocol (TCP/IIP) is running
g on a host.
The last fo
our lines represent transitio
on technology
y that allows communicatio
on in a mixed
d environmentt and
includes IPv4 and IPv6
6.
P
Part 2: Examine
E
IPv4
I
Host Routing
g Table E
Entries
In Part 2, you will exam
mine the IPv4 host routing table. This ta ble is in the ssecond sectio
on as a result of the
netstat rr output. It listts all the know
wn IPv4 route
es, including d
direct connecctions, local ne
etwork, and lo
ocal
default routes.
The outpu
ut is divided in
n five columns
s: Network De
estination, Ne
etmask, Gate
eway, Interfacce, and Metricc.
The Network
N
Destination column lists the rea
achable netwo
ork. The Netw
work Destinattion is used w
with
Netmask to match the destinatio
on IP address
s.
The Netmask
N
lists the subnet mask
m
that the host
h
uses to d
determine the
e network and
d host portions of the
IP add
dress.
The Gateway
G
colum
mn lists the address
a
that th
he host uses to send the p
packets to a re
emote network
destin
nation. If a destination is directly connec
cted, the gate
eway is listed as On-link in the output.
The In
nterface colum
mn lists the IP
P address tha
at is configure
ed on the loca
al network ada
aptor. This is used to
forward a packet on
o the network
k.
The Metric
M
column lists the costt of using a ro
oute. It is used
d to calculate
e the best routte to a destina
ation. A
preferrred route has
s a lower mettric number th
han other routtes listed.
Page 3 of 6
The local default route 0.0.0.0 is used when the packet does not match other specified addresses in the
routing table. The packet will be sent to the gateway from the PC for further processing. In this example,
the packet will be sent to 192.168.1.1 from 192.168.1.11.
The loopback addresses, 127.0.0.0 127.255.255.255, are related to direct connection and provide
services to the local host.
The addresses for the subnet, 192.168.1.0 192.168.1.255, are all related to the host and the local
network. If the final destination of the packet is in the local network, the packet will exit 192.168.1.11
interface.
-
The local route address 192.168.1.0 represents all devices on the 192.168.1.0/24 network.
The network broadcast address 192.168.1.255 is used to send messages to all the hosts on the local
network.
The special multicast class D addresses 224.0.0.0 are reserved for use through either the loopback
interface (127.0.0.1) or the host (192.168.1.11).
The local broadcast address 255.255.255.255 can be used through either the loopback interface
(127.0.0.1) or host (192.168.1.11).
Based on the contents of the IPv4 routing table, if the PC wanted to send a packet to 192.168.1.15, what
would it do and where would it send the packet?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
The PC would consult the IPv4 Route Table and match the destination IP address with the 192.168.1.0
Network Destination entry to reveal that the host is on the same network (On-link). The PC would then send
the packet toward the final destination using its local interface (192.168.1.11).
If the PC wanted to send a packet to a remote host located at 172.16.20.23, what would it do and where
would it send the packet?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
The PC would consult the IPv4 Route Table and find that there is no exact match for the destination IP
address. It would then choose the local default route (network 0.0.0.0, netmask 0.0.0.0) to reveal that it
should forward the packet to the 192.168.1.1 gateway address (address of a gateway device such as a router
interface on the local network). The PC would then forward the packet to the gateway using its local interface
(192.168.1.11). The gateway device will then determine the next path for the packet to take in order to reach
the final destination address of 172.16.20.23.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 6
L
Lab - Viewing
g Host Routing Tables
The outpu
ut of the IPv6 Route Table differs in colu
umn headingss and format because the IPv6 addressses are
128 bits versus
v
only 32
2 bits for IPv4
4 addresses. The
T IPv6 Rou
ute Table secction displays four columnss:
The Metric
M
column lists the costt of each route
e to a destina
ation. The low
wer cost is the
e preferred route, and
the metric
m
is used to
t select betw
ween multiple routes with t he same preffix.
The Network
N
Destination column lists the add
dress prefix fo
or the route.
The Gateway
G
lists the next-hop IPv6 address
s to reach the
e destination. On-link is listted as the nexxt-hop
addre
ess if it is direc
ctly connected to the host.
In this exa
ample, the figure displays the
t IPv6 Route Table secttion generated
d by the nets
stat r comm
mand to
reveal the
e following network destina
ations:
::/0: This
T
is the IPv
v6 equivalent of the local de
efault route. T
The Gatewayy column provvides the link-local
addre
ess of the defa
ault router.
::1/12
28: This is equ
uivalent to the
e IPv4 loopba
ack address a
and provides sservices to the local host.
fe80::/64: This is th
he local link network route address and represents a
all computers on the local-link IPv6
netwo
ork.
fe80::1863:3bca:3ff57:fef4/128: This
T
is the link-local IPv6 a
address of the
e local compu
uter.
Page 5 of 6
Reflection
1. How is the number of bits for the network indicated for IPv4. How is it done for IPv6?
______________________________________________________________________________________
IPv4 uses a 32-bit dotted decimal subnet mask in the form of a.b.c.d. IPv6 uses a slash number.
2. Why is there both IPv4 and IPv6 information in the host routing tables?
______________________________________________________________________________________
Modern day PCs run both protocols and ISPs frequently assign both IPV4 and IPv6 addresses to support
access to servers on the Internet that are running either protocol.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 6
Topology
Objectives
Part 1: Examine Router External Characteristics
Management ports
LAN interfaces
WAN interfaces
USB ports
Background / Scenario
In this lab, you will examine the outside of the router to become familiar with its characteristics and
components, such as its power switch, management ports, LAN and WAN interfaces, indicator lights, network
expansion slots, memory expansion slots, and USB ports.
You will also identify the internal components and characteristics of the IOS by consoling into the router and
issuing various commands, such as show version and show interfaces, from the CLI.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). Other routers and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs.
Note: Make sure that the routers have been erased and have no startup configurations. If you are unsure,
contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Instructor Note: Depending on equipment availability, the instructor may wish to use the lab as a guided
lecture/demonstration to point out the router characteristics and discuss them with the class.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 10
Required Resources
1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
Console cables to configure the Cisco IOS devices via the console ports
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 10
a. Circle and label the routers power switch. Is the power switch on your router in the same area as the
router depicted in the image?
____________________________________________________________________________________
Answers may vary depending on the academys lab routers. Students should draw a line around the
on/off switch in the image
b. Circle and label the management ports. What are the built-in management ports? Are the management
ports the same on your router? If not, how are they different?
____________________________________________________________________________________
Answers may vary depending on the academys lab routers. Students should draw a circle around the
console port, auxiliary port, and mini USB console port in the image.
c.
Circle and label the routers LAN interfaces. How many LAN interfaces does the router in the image have
and what is the interface technology type? Are the LAN interfaces the same on your router? If not, how
are they different?
____________________________________________________________________________________
Answers may vary depending on the academys lab routers. Students should draw a circle around the
Gigabit Ethernet 0/0 and 0/1 interfaces in the image.
d. Circle and label the routers WAN interfaces. How many WAN interfaces does the router in the image
have and what is the interface technology type? Are the WAN interfaces the same on your router? If not,
how are they different?
____________________________________________________________________________________
Answers may vary depending on the academys lab routers. Students should draw a circle around the
Serial 0 and Serial 1 interfaces in the image.
e. The Cisco 1941 ISR is a modular platform and comes with module expansion slots for varied network
connectivity requirements. Circle and label the module slots. How many module slots are there? How
many are used? What type of module expansion slots are they? Are the module slots the same on your
router? If not, how are they different?
____________________________________________________________________________________
Answers may vary depending on the academys lab routers. The image depicts a Cisco 1941 ISR with
two module expansion slots for Enhanced High-Speed WAN interface cards, EHWIC 0 and EHWIC 1.
EHWIC 0 is occupied by a Smart Serial WAN interface card. EHWIC1 will accept a double wide
expansion card. The EHWIC slot replaces the high-speed WAN interface card (HWIC) slot and can
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 10
The Cisco 1941 router comes with CompactFlash memory slots for high speed storage. Circle and label
the CompactFlash memory slots. How many memory slots are there? How many are used? How much
memory can they hold? Are the memory slots the same on your router? If not, how are they different?
____________________________________________________________________________________
Answers may vary depending on the academys lab routers. The image depicts a Cisco 1941 ISR with
two CompactFlash memory slots, CF0 and CF1. CF0 is occupied by a 256 MB CompactFlash memory
card used to store the Cisco IOS system image file.
g. The Cisco 1941 router comes with USB 2.0 ports. The built-in USB ports support eToken devices and
USB flash memory. The USB eToken device feature provides device authentication and secure
configuration of Cisco routers. The USB flash feature provides optional secondary storage capability and
an additional boot device. Circle and label the USB ports. How many USB ports are there? Are there USB
ports on your router?
____________________________________________________________________________________
Answers may vary depending on the academys lab routers. The image depicts a Cisco 1941 ISR with
two USB 2.0 ports.
h. The Cisco 1941 router also comes with a mini-B USB console port. Circle and label the mini-B USB
console port.
____________________________________________________________________________________
Answers may vary depending on the academys lab routers. The image depicts a Cisco 1941 ISR with a
mini USB console port next to the regular console port.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 10
a. In the top image above, examine the indicator lights on the front panel of the router? The lights are
labeled SYS, ACT, and POE. What do the labels refer to? What do the lights in the image indicate about
the status of the router? These labels would be readable if they were not lit.
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
The SYS, ACT, and POE lights refer to: system status, network activity, and power over Ethernet. The
lights in the image show that the routers system is successfully powered on, that there is network activity,
and that Power over Ethernet is not activated.
b. In the backplane image above, examine the indicator lights on the router. There are three visible activity
lights, one for each of the connected interfaces and management ports. Examine the interface lights on
your router. How are the lights labeled, and what is their meaning?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
The lights in the image show that the serial and Gigabit Ethernet interfaces are active and that the
Console management port is enabled and active. The Gigabit Ethernet interfaces have two lights each,
one labeled S for sending and the other labeled L for link. The console port and mini USB console port
have an EN label for enabled. The serial interfaces each have a light labeled Conn for connected.
c.
Aside from the management ports and network interfaces, what other indicator lights are on the
backplane of the router and what might their purpose be?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
The backplane of the router also show CF0 and CF1 lights for the CompactFlash memory slots as well as
an ISM/WLAN light which would indicate the presence of either a Cisco Internal Services Module or
wireless LAN card.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 10
securityk9
None
Permanent
None
securityk9
None
c.
Based on the output of the show version command, answer the following questions about the router. If
you are examining a different model router, include the information about it here.
1) What is the version of the Cisco IOS and what is the system image filename?
________________________________________________________________________________
IOS version 15.2(4)M3, c1900-universalk9-mz.SPA.152-4.M3.bin
2) What is the Bootstrap program version in ROM BIOS?
________________________________________________________________________________
System Bootstrap version 15.0(1r)M15
3) How long has the router been running without a restart (also known as its uptime)?
________________________________________________________________________________
1 day, 14 hours, 46 minutes
4) How much dynamic random-access memory (DRAM) memory does the router have?
________________________________________________________________________________
487424K/36864K = 512MB total
5) What is the routers processor board ID number?
________________________________________________________________________________
The processor board ID number is FGL16082318
6) What network interfaces does the router have?
________________________________________________________________________________
2 Gigabit Ethernet interfaces and 2 Serial interfaces
7) How much CompactFlash memory for IOS storage is there?
________________________________________________________________________________
250880K of CompactFlash memory
8) How much nonvolatile random-access memory (NVRAM) memory for configuration file storage is
there?
________________________________________________________________________________
255K of NVRAM
9) What is the setting of the configuration register?
________________________________________________________________________________
0x2102
Step 2: Use the show interface command to examine the network interfaces.
a. Use the show interface gigabitEthernet 0/0 command to see the status of the Gigabit Ethernet 0/0
interface.
Note: After typing part of the command, for example, show interface g, you can use the Tab key on your
keyboard to complete the gigabitEthernet command parameter.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 10
b. Given the output of the show interface gigabitEthernet 0/0 command depicted above, or using the
output from your router, answer the following questions:
What is the hardware type and MAC address of the Gigabit Ethernet interface?
____________________________________________________________________________________
The hardware type is CN Gigabit Ethernet and the burned in address (bia) or MAC address is
442b.031a.b9a0
What is the interface media type? Is the interface up or down?
____________________________________________________________________________________
According to the output the interface media type is RJ45 and the Gigabit Ethernet interface is
administratively down and the line protocol is down.
c.
Use the show interfaces serial 0/0/0 command to view the status of the Serial 0/0/0 interface.
Router# show interface serial 0/0/0
Serial0/0/0 is administratively down, line protocol is down
Hardware is WIC MBRD Serial
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 10
d. Given the output command depicted above, answer the following questions:
What is the frame encapsulation type?
___________________________________________________________________________________
According to the output above, the frame encapsulation type is HDLC.
What is the hardware type? Is the interface up or down?
___________________________________________________________________________________
The hardware type is WIC MBRD Serial and the interface is administratively down and line protocol down.
Reflection
1. Why might you need to use an EHWIC expansion slot?
_______________________________________________________________________________________
Answers will vary. You may need to have a WAN connection to your ISP over a WAN interface technology
that does not come with the router by default.
2. Why might you need to upgrade the Flash memory?
_______________________________________________________________________________________
Answers will vary. You may want to store an additional IOS image file or upgrade to a larger IOS image.
3. What is the purpose of the mini-USB port?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
The purpose of the mini USB port is to give you the ability to console into the router if you do not have a COM
serial port on your laptop or computer.
4. What is the purpose of the ISM/WLAN indicator light on the backplane of the router? What does it refer to?
_______________________________________________________________________________________
_______________________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 10
Topology
Addressing Table
Device
R1
Interface
IP Address
Subnet Mask
Default Gateway
G0/0
192.168.0.1
255.255.255.0
N/A
G0/1
192.168.1.1
255.255.255.0
N/A
S1
VLAN 1
N/A
N/A
N/A
PC-A
NIC
192.168.1.3
255.255.255.0
192.168.1.1
PC-B
NIC
192.168.0.3
255.255.255.0
192.168.0.1
Objectives
Part 1: Set Up the Topology and Initialize Devices
Set up equipment to match the network topology.
Initialize and restart the router and switch.
Part 2: Configure Devices and Verify Connectivity
Assign static IP information to the PC interfaces.
Configure the router.
Verify network connectivity.
Part 3: Display Device Information
Retrieve hardware and software information from the network devices.
Interpret the output from the routing table.
Display interface information on the router.
Display a summary list of the interfaces on the router and switch.
Background / Scenario
This is a comprehensive lab to review previously covered IOS commands. In this lab, you will cable the
equipment as shown in the topology diagram. You will then configure the devices to match the addressing
table. After the configurations have been saved, you will verify your configurations by testing for network
connectivity.
After the devices have been configured and network connectivity has been verified, you will use IOS
commands to retrieve information from the devices to answer questions about your network equipment.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 17
Required Resources
1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
2 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)
Console cables to configure the Cisco IOS devices via the console ports
Ethernet cables as shown in the topology
Note: The Gigabit Ethernet interfaces on Cisco 1941 routers are autosensing and an Ethernet straightthrough cable may be used between the router and PC-B. If using another model Cisco router, it may be
necessary to use an Ethernet crossover cable.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 17
d. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as
though they were host names.
e. Assign class as the privileged EXEC encrypted password.
f.
Create a banner that warns anyone accessing the device that unauthorized access is prohibited.
j.
k.
Configure an interface description for each interface indicating which device is connected to it.
l.
Step 1: Retrieve hardware and software information from the network devices.
a. Use the show version command to answer the following questions about the router.
R1# show version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 26-Jul-12 19:34 by prod_rel_team
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 17
License Info:
License UDI:
------------------------------------------------Device#
PID
SN
------------------------------------------------*0
CISCO1941/K9
FTX1636848Z
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 17
What is the name of the IOS image that the router is running?
____________________________________________________________________________________
Image version may vary, but answers should be something like c1900-universalk9-mz.SPA.152-4.M3.bin.
How much DRAM memory does the router have?
____________________________________________________________________________________
____________________________________________________________________________________
Answers may vary, but the default DRAM memory configuration on a 1941 router is 512MB or 524,288K
bytes. The total can be calculated by adding the two DRAM numbers together from the output of the show
version command: Cisco CISCO1941/K9 (revision 1.0) with 446464K/77824K bytes of memory.
How much NVRAM memory does the router have?
____________________________________________________________________________________
Answers may vary, but the output from the show version on 1941 router is: 255K bytes of non-volatile
configuration memory.
How much Flash memory does the router have?
____________________________________________________________________________________
Answers may vary, but the default output from the show version command on the 1941 router is 250880K
bytes of ATA System CompactFlash 0 (Read/Write).
b. Use the show version command to answer the following questions about the switch.
Switch# show version
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sat 28-Jul-12 00:29 by prod_rel_team
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(53r)SEY3, RELEASE SOFTWARE
(fc1)
S1 uptime is 1 hour, 2 minutes
System returned to ROM by power-on
System image file is "flash:/c2960-lanbasek9-mz.150-2.SE.bin"
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 17
SW Version
---------15.0(2)SE
SW Image
---------C2960-LANBASEK9-M
What is the name of the IOS image that the switch is running?
____________________________________________________________________________________
Image version may vary, but answers should be something like c2960-lanbasek9-mz.150-2.SE.bin.
How much dynamic random access memory (DRAM) does the switch have?
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 17
C
L
C
L
192.168.0.0/24 is
192.168.0.0/24
192.168.0.1/32
192.168.1.0/24 is
192.168.1.0/24
192.168.1.1/32
What code is used in the routing table to indicate a directly connected network? _____
The C designates a directly connected subnet. An L designates a local interface. Both answers are correct.
How many route entries are coded with a C code in the routing table? _________ 2
What interface types are associated to the C coded routes?
_______________________________________________________________________________________
Answers may vary depending of router type, but on the 1941 the correct answer is G0/0 and G0/1.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 17
Step 4: Display a summary list of the interfaces on the router and switch.
There are several commands that can be used to verify an interface configuration. One of the most useful of
these is the show ip interface brief command. The command output displays a summary list of the
interfaces on the device and provides immediate feedback to the status of each interface.
a. Enter the show ip interface brief command on the router.
R1# show ip interface brief
Interface
IP-Address
Embedded-Service-Engine0/0 unassigned
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 17
192.168.0.1
192.168.1.1
unassigned
unassigned
YES
YES
YES
YES
manual
manual
unset
unset
up
up
up
up
administratively down down
administratively down down
IP-Address
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
OK?
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
Method
manual
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
Status
up
down
down
down
down
up
up
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
Protocol
up
down
down
down
down
up
up
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
Reflection
1. If the G0/1 interface showed administratively down, what interface configuration command would you use to
turn the interface up?
_______________________________________________________________________________________
R1(config-if)# no shut
2. What would happen if you had incorrectly configured interface G0/1 on the router with an IP address of
192.168.1.2?
_______________________________________________________________________________________
_______________________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 17
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the router type and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
b. Configure the IP address, subnet mask, and default gateway settings on PC-B.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 17
c.
Router(config)#
c.
d. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as
though they were host names.
R1(config)# no ip domain-lookup
e. Assign class as the privileged EXEC encrypted password.
R1(config)# enable secret class
f.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 17
vty 0 4
password cisco
login
exit
Create a banner that warns anyone accessing the device that unauthorized access is prohibited.
R1(config)# banner motd #
Enter TEXT message. End with the character '#'.
Unauthorized access prohibited!
#
R1(config)#
j.
R1#
k.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 17
R1#
l.
R1#
Note: Use the question mark (?) to help determine the correct sequence of the parameters needed to
execute this command.
m. Ping PC-B from a command prompt window on PC-A.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 17
Note: You may receive a prompt to save the running configuration prior to reloading the router. Respond
by typing no and press Enter.
System configuration has been modified. Save? [yes/no]: no
Step 2: Determine if there have been any virtual local-area networks (VLANs) created.
Use the show flash command to determine if any VLANs have been created on the switch.
Switch# show flash
Directory of flash:/
2
3
4
5
6
-rwx
-rwx
-rwx
-rwx
-rwx
1919
1632
13336
11607161
616
Mar
Mar
Mar
Mar
Mar
1
1
1
1
1
1993
1993
1993
1993
1993
00:06:33
00:06:33
00:06:33
02:37:06
00:07:13
+00:00
+00:00
+00:00
+00:00
+00:00
private-config.text
config.text
multiple-fs
c2960-lanbasek9-mz.150-2.SE.bin
vlan.dat
You will be prompted to verify the file name. At this point, you can change the file name or just press
Enter if you have entered the name correctly.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 17
Note: You may receive a prompt to save the running configuration prior to reloading the switch. Type no
and press Enter.
System configuration has been modified. Save? [yes/no]: no
Device Configs
Router R1
R1#show run
Building configuration...
Current configuration : 1360 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 17
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 17
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 17
Objectives
Explain how network devices use routing tables to direct packets to a destination network.
Given a scenario, students will determine whether high-reliability messaging should be used. They will
focus on whether the final message was complete, correct and delivered in a timely manner.
Background /Scenario
Note: It is suggested that students work in pairs; however, if preferred, students can complete this
activity individually.
Your instructor will provide you with output generated by a routers show ip route command. Use Packet
Tracer to build a topology model using this routing information.
At a minimum, the following should be used in your topology model:
1 Cisco Series 1941 Router with one HWIC-4ESW switching port modular card and IOS version 15.1 or
higher
Required Resources
Routing Table 1 students can use the table to assist each other as they read the information provided
and then construct the model using Packet Tracer.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 3
Reflection
1. What was the hardest part of designing this network model? Explain your answer.
____________________________________________________________________________
Answers will vary within groups some students may mention source or destination identifiers or some
may mention the actual IP addresses being cited in the routing table the important concept here is that
students can comfortably identify where information is coming from on the final routing table as depicted.
Topologies will vary by group some students will place their switch off of the Gig0/1 port, etc.
Optional: As an advanced modeling activity, students can create a simple one-router network with four
Gigabit interfaces connected to end devices, configure the router and LANs with passwords, IP
addresses, banners, etc., and then produce a routing table to support the network information.
Possible topology built by the students could look like this:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 3
A routing table can assist with identifying the physical topology of the network.
A routing table identifies to the reader which ports are operating and on which networks they are
operating
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 3
Objectives
Explain how transport layer protocols and services support communications across data networks.
Students will determine whether high or low data communication delivery methods should be utilized in
situational context.
Background / Scenario
Note: This activity works best with medium-sized groups of 6 to 8 students per group.
This chapter helps you understand how transport layer protocols and services support network data
communications.
The instructor will whisper a complex message to the first student in a group. An example of the message
might be Our final exam will be given next Tuesday, February 5th, at 2 p.m. in Room 1151.
That student whispers the message to the next student in the group. Each group follows this process until
all members of each group have heard the whispered message. Here are the rules you are to follow:
The message must keep moving from one person to the other with no skipping of participants.
The instructor should ask a student to keep time of the full message activity from first participant to last
participant stating the messages. The first or last person would mostly likely be the best one to keep this
time.
The last student will say aloud exactly what he or she heard.
The instructor will then restate the original message so that the group can compare it to the message that
was delivered by the last student in the group.
Instructor Note: You should have a different complex message for each group of students. Initiate discussion
about what happened in the activity. Focus on these five questions:
1.
2.
3.
How long did it take for the message to get to the last student?
4.
If you were depending on this message to drive your personal/business calendar, studying
schedule, etc., would the contents of this message need to be fully correct when you received
them?
Would the length of time taken to deliver the message be important to the sender and recipient?
5.
Instructor Note: This is an in-class Modeling Activity (MA). It is not intended to be a graded assignment. Its
purposed is to initiate student discussion about their perception of how data is transferred from source to
destination, both personally and in corporate practice. This MA introduces students to TCP/UDP, transport
layer content.
Required Resources
Timer for the student who is keeping a record of the conversations duration.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
We Need to Talk
Reflection
1. Would the contents of this message need to be fully correct when you received them if you were
depending on this message to drive your personal/business calendar, studying schedule, etc.?
_____________________________________________________________________________________
2. Would the length of time taken to deliver the message be an important factor to the sender and recipient?
_____________________________________________________________________________________
In the discussion initiated as a result of this activity, students should mention:
The importance of messages being delivered fully from sender to recipient (TCP vs. UDP - was the
message method correct to use in this situation?)
The importance of details within the message being correct from sender to recipient (Guaranteed vs.
Non-guaranteed delivery - was the message correct as delivered to the last person?)
The importance of timing of a message to the details of the message and to the date/time
needed to take action on the message (Segment establishment and delivery vs. full message delivery did it take very long for the message to get to the last student?)
Protocols can establish a method of sending and receiving information over a network (TCP/UDP
protocols).
Quality of delivery of data over a network may be affected by which protocol is used during a network
conversation (Best Effort Delivery).
Timing issues and factors for delivery of data over a communications system are affected by how much
data is sent at one time and by the type of transported data (Segment establishment and delivery both
TCP and UDP).
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
L
Lab - Us
sing Wireshark to
t Obse
erve the TCP 3-W
Way Han
ndshake
e
((Instructo
or Versio
on)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
O
Objectives
Part 1: Prrepare Wires
shark to Captture Packets
s
Selec
ct an appropriate NIC interfface to capturre packets.
Part 2: Ca
apture, Loca
ate, and Exam
mine Packets
s
Captu
ure a web ses
ssion to www..google.com.
Locatte appropriate
e packets for a web session.
Exam
mine informatio
on within packets, including IP addresse
es, TCP port numbers, and TCP contro
ol flags.
B
Backgroun
nd / Scenarrio
In this lab
b, you will use Wireshark to
o capture and examine pacckets generatted between tthe PC browsser using
the HyperrText Transfer Protocol (HT
TTP) and a web
w server, su
uch as www.g
google.com. W
When an appllication,
such as HTTP
H
or File Transfer
T
Proto
ocol (FTP) firs
st starts on a host, TCP usses the three--way handsha
ake to
establish a reliable TCP session bettween the two
o hosts. For e
example, whe
en a PC uses a web browsser to surf
the Internet, a three-wa
ay handshake
e is initiated and
a a session
n is establishe
ed between th
he PC host an
nd web
server. A PC can have multiple, sim
multaneous, ac
ctive TCP sesssions with va
arious web sittes.
Note: This
s lab cannot be
b completed
d using Netlab
b. This lab asssumes that yo
ou have Interrnet access.
Instructo
or Note: Using
g a packet sniffer such as Wireshark
W
ma
ay be conside
ered a breach
h of the securrity policy
of the sch
hool. It is reco
ommended tha
at permission
n is obtained b
before running Wireshark ffor this lab. If using a
packet sniffer such as Wireshark is an issue, the instructor ma
ay wish to asssign the lab a
as homework or
perform a walk-through
h demonstratiion.
R
Required Resources
R
1 PC (Win
ndows 7, Vista, or XP with a command prompt accesss, Internet acccess, and W
Wireshark insta
alled)
P
Part 1: Prepare
P
Wireshark
W
k to Captu
ure Packe
ets
In Part 1, you start the Wireshark prrogram and se
elect the app ropriate interfface to begin capturing packets.
S
Step 1: Re
etrieve the PC
P interface
e addresses
s.
For this la
ab, you need to
t retrieve your PCs IP ad
ddress and itss network inte
erface card (N
NIC) physical address,
also called
d the MAC ad
ddress.
Page 1 of 7
L
Lab - Using Wireshark
W
to Observe the
e TCP 3-Way
y Handshake
e
a. Open a command prompt windo
ow, type ipco
onfig /all and then press E
Enter.
S
Step 2: Sta
art Wireshark and select the appro
opriate inte
erface.
a. Click the Windows Start button and on the pop-up menu, double-click Wireshark.
b. After Wireshark
W
sta
arts, click Inte
erface List.
c.
In the
e Wireshark: Capture Inte
erfaces windo
ow, click the ccheck the boxx next to the interface conn
nected to
your LAN.
L
Page 2 of 7
L
Lab - Using Wireshark
W
to Observe the
e TCP 3-Way
y Handshake
e
P
Part 2: Capture,
C
Locate,
L
and Exam
mine Pack
kets
S
Step 1: Click the Startt button to start
s
the da
ata capture.
a. Go to www.google.com. Minimiz
ze the Google
e window, and
d return to W
Wireshark. Stop the data ca
apture.
You should
s
see ca
aptured traffic similar to tha
at shown belo
ow in step b.
Note: Your instructtor may provide you with a different web
nter the webssite name or a
address
bsite. If so, en
here:
_____
___________
___________
____________
___________
___________
____________
____________
________
b. The capture
c
windo
ow is now active. Locate the Source, De
estination, and Protocol columns.
S
Step 2: Locate approp
priate packe
ets for the web
w sessio n.
If the com
mputer was rec
cently started
d and there ha
as been no acctivity in acce
essing the Inte
ernet, you can
n see the
entire process in the ca
aptured outpu
ut, including th
he Address R
Resolution Pro
otocol (ARP), Domain Nam
me
System (D
DNS), and the
e TCP three-w
way handshake. The captu
ure screen in Part 2, Step 1 shows all th
he
packets th
he computer must
m
get to www.google.co
w
om. In this ca
ase, the PC allready had an
n ARP entry ffor the
default ga
ateway; thereffore, it started
d with the DNS query to re solve www.go
oogle.com.
Page 3 of 7
L
Lab - Using Wireshark
W
to Observe the
e TCP 3-Way
y Handshake
e
a. Frame
e 11 shows th
he DNS query
y from the PC
C to the DNS sserver, attem
mpting to resollve the domain name,
www.google.com to
t the IP addrress of the we
eb server. The
e PC must ha
ave the IP add
dress before it can
send the first packet to the web server.
What is the IP address of the DNS server tha
at the computter queried? _
___________
__________
192.168.1.1
b. Frame
e 12 is the res
sponse from the DNS serv
ver with the IP
P address of w
www.google.ccom.
c.
Find the
t appropriatte packet for the start of yo
our three-wayy handshake. In this examp
ple, frame 15
5 is the
start of
o the TCP three-way hand
dshake.
What is the IP address of the Google web se
erver? ______
___________
___________
_________
74.12
25.225.209 in this example
S
Step 3: Examine inforrmation with
hin packets
s including IP addresse
es, TCP porrt numbers,, and
CP control fllags.
TC
a. In ourr example, fra
ame 15 is the start of the th
hree-way han
ndshake betw
ween the PC a
and the Google web
server. In the pack
ket list pane (ttop section off the main win
ndow), select the frame. Th
his highlights the line
ecoded inform
mation from th
hat packet in the two lowerr panes. Exam
mine the TCP
P
and displays the de
inform
mation in the packet
p
details
s pane (middle
e section of th
he main wind
dow).
b. Click the + icon to the left of the
e Transmission Control Pro
otocol in the p
packet detailss pane to expa
and the
view of
o the TCP infformation.
c.
Page 4 of 7
L
Lab - Using Wireshark
W
to Observe the
e TCP 3-Way
y Handshake
e
Page 5 of 7
L
Lab - Using Wireshark
W
to Observe the
e TCP 3-Way
y Handshake
e
What are the value
es of the sourrce and destin
nation ports? ___________
___________
___________
________
Sourc
ce Port is now
w 80 and Desttination Port is now 49523
Which
h flags are se
et? _________
___________
___________
___________
____________
___________
________
The Acknowledgem
A
ment flag (AC
CK) and Syn flag (SYN)
What are the relative sequence and acknowledgement nu
umbers set to?
_____
___________
___________
____________
___________
___________
____________
____________
________
Relatiive sequence
e number is 0 and relative acknowledge
a
ment numberr is 1
e. Finally
y, examine th
he third packe
et of the three
e-way handsh ake in the exxample. Clicking frame 17 iin the top
windo
ow displays th
he following in
nformation in this example::
Exam
mine the third and
a final pack
ket of the han
ndshake.
Which
h flag (or flags
s) is set? ___
____________
___________
___________
___________
____________
_______
Ackno
owledgementt flag (ACK)
The re
elative seque
ence and ackn
nowledgemen
nt numbers arre set to 1 as a starting point. The TCP
e computer a
conne
ection is now established, and
a communication betwe
een the source
and the web sserver can
begin.
f.
R
Reflection
1
1. There are
e hundreds of filters availab
ble in Wiresha
ark. A large n
network could have numero
ous filters and
d many
different ty
ypes of traffic
c. Which three
e filters in the list might be the most use
eful to a netwo
ork administra
ator?
________
___________
____________
___________
___________
____________
____________
___________
________
Answers will
w vary but could
c
include TCP, specific
c IP Addresse
es (source an
nd/or destinatiion) and proto
ocols
such as HTTP.
H
2
2. What othe
er ways could
d Wireshark be used in a production
p
nettwork?
________
___________
____________
___________
___________
____________
____________
___________
________
Page 6 of 7
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 7
L
Lab - Us
sing Wireshark to
t Exam
mine a UD
DP DNS
S Capturre (Instru
uctor
V
Version)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
O
Objectives
Part 1: Re
ecord a PCs
s IP Configurration Inform
mation
Part 2: Us
se Wireshark
k to Capture DNS Queries and Respo
onses
Part 3: An
nalyze Captu
ured DNS or UDP Packets
B
Backgroun
nd / Scenarrio
If you hav
ve ever used the
t Internet, you
y have used the Domain
n Name Syste
em (DNS). DN
NS is a distrib
buted
network of
o servers thatt translates us
ser-friendly do
omain namess like www.go
oogle.com to a
an IP addresss. When
you type a website UR
RL into your brrowser, your PC
P performs a DNS queryy to the DNS sservers IP ad
ddress.
Your PCs
s DNS server query and th
he DNS serve
ers response make use of the User Dattagram Protoccol (UDP)
as the transport layer protocol.
p
UDP
P is connectio
onless and do es not require
e a session setup as does TCP.
DNS querries and respo
onses are verry small and do
d not require
e the overhea
ad of TCP.
In this lab
b, you will com
mmunicate witth a DNS serv
ver by sendin
ng a DNS que
ery using the U
UDP transporrt
protocol. You
Y will use Wireshark
W
to examine
e
the DNS query a nd response exchanges w
with the name server.
Note: This
s lab cannot be
b completed
d using Netlab
b. This lab asssumes that yo
ou have Interrnet access.
Instructo
or Note: Using
g a packet sniffer such as Wireshark
W
ma
ay be conside
ered a breach
h of the securrity policy
of the sch
hool. It is reco
ommended tha
at permission
n is obtained b
before running Wireshark ffor this lab. If using a
packet sniffer such as Wireshark is an issue, the instructor ma
ay wish to asssign the lab a
as homework or
perform a walk-through
h demonstratiion.
R
Required Resources
R
1 PC (Win
ndows 7, Vista, or XP with a command prompt accesss, Internet acccess, and W
Wireshark insta
alled)
P
Part 1: Record
R
a PCs IP Configura
C
ation Info
ormation
In Part 1, you will use the
t ipconfig /all
/ command
d on your loca
al PC to find a
and record the
e MAC and IP
P
addresses
s of your PCs
s network inte
erface card (N
NIC), the IP a ddress of the
e specified default gatewayy, and the
DNS serv
ver IP address
s specified forr the PC. Rec
cord this infor mation in the table provide
ed. The inform
mation will
be used in
n the following
g parts of this
s lab with pac
cket analysis.
Page 1 of 6
IP address
MAC address
After selecting the desired interface, click Start to capture the packets.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 6
L
Lab - Using Wireshark
W
to Examine a UDP
U
DNS Ca
apture
b. In the
e packet list pa
ane (top section) of the ma
ain window, lo
ocate the paccket that includes standard
d query
and A
A www.google.com. See frame
f
4 as an
n example.
S
Step 2: Examine UDP
P segment using
u
DNS query.
q
Examine UDP by using
g a DNS querry for www.go
oogle.com as captured by W
Wireshark. In
n this example
e,
Wireshark
k capture fram
me 4 in the pa
acket list pane
e is selected ffor analysis. T
The protocolss in this queryy are
displayed in the packett details pane
e (middle secttion) of the ma
ain window. T
The protocol e
entries are highlighted
in gray.
Page 3 of 6
L
Lab - Using Wireshark
W
to Examine a UDP
U
DNS Ca
apture
c.
In the
e Internet Prottocol Version 4 line, the IP packet Wiresshark capture
e indicates tha
at the source IP
addre
ess of this DNS query is 19
92.168.1.11, and
a the destin
nation IP address is 192.16
68.1.1. In thiss
example, the destination addres
ss is the default gateway. T
The router is the default ga
ateway in thiss network.
Can you
y pair up the IP and MAC
C addresses for
f the source
e and destina
ation devices?
?
Device
IP Address
M
MAC Address
s
Loca
al PC
Answers will
w vary. 192.1
168.1.11
A
Answers will vvary. 90:4c:e5
5:be:15:63
Defa
ault Gateway
Answers will
w vary. 192.1
168.1.1
A
Answers will vvary. 30:46:9a
a:99:c5:72
The IP
P packet and header enca
apsulates the UDP segmen
nt. The UDP ssegment conttains the DNS
S query
as the
e data.
d. A UDP header only
y has four fiellds: source po
ort, destinatio
on port, length
h, and checkssum. Each fie
eld in UDP
heade
er is only 16 bits
b as depicte
ed below.
Expan
nd the User Datagram
D
Pro
otocol in the packet details pane by clickking the plus ((+) sign. Noticce that
there are only four fields. The so
ource port number in this e
example is 52
2110. The sou
urce port wass
rando
omly generate
ed by the loca
al PC using po
ort numbers t hat are not re
eserved. The destination p
port is 53.
Port 53
5 is a well-kn
nown port res
served for use
e with DNS. D
DNS servers listen on port 53 for DNS q
queries
from clients.
c
In this
s example, the
e length of this UDP segm
ment is 40 byte
es. Out of 40 bytes, 8 byte
es are used ass header.
The other
o
32 bytes
s are used by DNS query data.
d
The 32 b
bytes of DNS
S query data iss highlighted in the
follow
wing illustration in the packe
et bytes pane
e (lower sectio
on) of the Wirreshark main window.
Page 4 of 6
L
Lab - Using Wireshark
W
to Examine a UDP
U
DNS Ca
apture
The checksum
c
is used
u
to determ
mine the integ
grity of the pa
acket after it h
has traversed the Internet.
The UDP
U
header has
h low overhead because
e UDP does n ot have fieldss that are asssociated with tthree-way
hands
shake in TCP
P. Any data tra
ansfer reliability issues tha
at occur must be handled b
by the applica
ation
layer.
shark results in the table be
elow:
Recorrd your Wires
Frame Size
e
Source MA
AC address
Destination
n MAC addre
ess
Source IP address
Destination
n IP address
s
Source Port
Destination
n Port
Is the source IP ad
ddress the sam
me as the loc
cal PCs IP ad
ddress record
ded in Part 1? __________
____ Yes
Is the destination IP address the
e same as the
e default gate
eway noted in
n Part 1? ____
__________
Yes iff the default gateway
g
is als
so performing DNS; otherw
wise, the answ
wer is no.
S
Step 3: Examine UDP
P using DNS
S response.
In this ste
ep, you will ex
xamine the DN
NS response packet and vverify that DNS
S response p
packet also usses UDP.
a. In this
s example, fra
ame 5 is the corresponding
c
g DNS respon
nse packet. N
Notice the num
mber of bytess on the
wire is
s 290 bytes. It
I is a larger packet
p
as com
mpared to the DNS query p
packet.
b. In the
e Ethernet II frrame for the DNS
D
response
e, from what device is the source MAC address and what
device
e is the destin
nation MAC address?
a
The source
s
MAC address
a
is the
e default gatew
way and the d
destination M
MAC address iis the local ho
ost.
Page 5 of 6
L
Lab - Using Wireshark
W
to Examine a UDP
U
DNS Ca
apture
c.
Notice
e the source and
a destinatio
on IP address
ses in the IP p
packet. Whatt is the destina
ation IP addre
ess?
What is the source
e IP address?
Destin
nation IP address: ______
____________
_______Sourrce IP addresss: _________
___________
______
Answ
wer will vary. In
n this example: destination
n: 192.168.1.1
11, source 19
92.168.1.1
What happened to the roles of source
s
and de
estination for the local hosst and default gateway?
_____
___________
___________
____________
___________
___________
____________
____________
________
The lo
ocal host and the default gateway have reversed the
eir roles in DN
NS query and response pacckets.
d. In the
e UDP segment, the role off the port num
mbers has also
o reversed. T
The destinatio
on port numbe
er is
52110
0. Port numbe
er 52110 is th
he same port that
t
was gene
erated by the
e local PC whe
en the DNS q
query was
sent to
t the DNS se
erver. Your loc
cal PC listens
s for a DNS re
esponse on th
his port.
The source
s
port nu
umber is 53. The
T DNS serv
ver listens forr a DNS queryy on port 53 a
and then send
ds a DNS
respo
onse with a so
ource port num
mber of 53 ba
ack to originattor of the DNS
S query.
When
n the DNS res
sponse is exp
panded, notice
e the resolved
d IP addresse
es for www.go
oogle.com in the
Answ
wers section.
R
Reflection
What are the benefits of
o using UDP instead of TC
CP as a transsport protocol for DNS?
________
___________
____________
___________
___________
____________
____________
___________
________
UDP as a transport pro
otocol provide
es quick session establishm
ment, quick re
esponse, min
nimal overhea
ad, no
need for retries,
r
segme
ent reassemb
bly and acknowledgement o
of received packets.
Page 6 of 6
L
Lab - Us
sing Wireshark to
t Exam
mine FTP
P and TF
FTP Cap
ptures
((Instructo
or Versio
on)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology Part 1 (FT
TP)
Part 1 willl highlight a TCP
T
capture of
o an FTP ses
ssion. This top
pology consissts of a PC wiith Internet acccess.
T
Topology Part 2 (TF
FTP)
Part 2 willl highlight a UDP
U
capture of
o a TFTP ses
ssion. The PC
C must have b
both an Etherrnet connectio
on and a
console connection to Switch S1.
A
Addressing
g Table (Pa
art 2)
Device
Interface
IP Ad
ddress
S
Subnet Mask
k
Defaultt Gateway
S1
VLAN
V
1
192.168
8.1.1
25
55.255.255.0
0
N/A
PC
C-A
NIC
N
192.168
8.1.3
25
55.255.255.0
0
192.168
8.1.1
O
Objectives
Part 1: Identify TCP Header
H
Fields
s and Operattion Using a Wireshark F
FTP Session Capture
H
Fields
s and Operattion Using a Wireshark T
TFTP Session Capture
Part 2: Identify UDP Header
B
Backgroun
nd / Scenarrio
The two protocols
p
in th
he TCP/IP tran
nsport layer are
a the TCP, d
defined in RF
FC 761, and U
UDP, defined in RFC
768. Both protocols support upper-la
ayer protocol communicat ion. For exam
mple, TCP is u
used to provid
de
transport layer supportt for the Hype
erText Transfe
er Protocol (H
HTTP) and FT
TP protocols, among otherss. UDP
provides transport
t
laye
er support for the Domain Name
N
System
m (DNS) and T
TFTP among others.
Note: Und
derstanding th
he parts of the TCP and UDP headers a
and operation
n are a critica
al skill for netw
work
engineers
s.
P
Page 1 of 14
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
1 PC (Windows 7, Vista, or XP with Wireshark and a TFTP server, such as tftpd32 installed)
Console cable to configure the Cisco IOS devices via the console port
Part 1: Identify TCP Header Fields and Operation Using a Wireshark FTP
Session Capture
In Part 1, you use Wireshark to capture an FTP session and inspect TCP header fields.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
c.
S
Step 3: Sto
op the Wireshark captu
ure.
S
Step 4: Vie
ew the Wire
eshark Main
n Window.
Wireshark
k captured ma
any packets during
d
the FTP session to fftp.cdc.gov. T
To limit the am
mount of data
a for
analysis, type
t
tcp and ip.addr == 198.246.112.5
54 in the Filte
er: entry area
a and click Ap
pply. The IP a
address,
198.246.1
112.54, is the address for ftp.cdc.gov.
f
P
Page 3 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
S
Step 5: An
nalyze the TCP fields.
After the TCP
T
filter has
s been applied
d, the first thrree frames in the packet lisst pane (top ssection) displa
ays the
transport layer protoco
ol TCP creatin
ng a reliable session. The ssequence of [[SYN], [SYN, ACK], and [A
ACK]
illustrates the three-wa
ay handshake
e.
d
a session to control datagram de
elivery, verify datagram arrrival, and man
nage
TCP is routinely used during
ge between the FTP clientt and FTP serrver, a new T
TCP session iss started.
window siize. For each data exchang
At the con
nclusion of the
e data transfe
er, the TCP se
ession is clossed. Finally, w
when the FTP
P session is fin
nished,
TCP perfo
orms an orderly shutdown and termination.
In Wireshark, detailed TCP informattion is availab
ble in the packket details pa
ane (middle se
ection). Highlight the
first TCP datagram
d
from
m the host co
omputer, and expand the T
TCP record. T
The expanded
d TCP datagra
am
appears similar
s
to the packet
p
detail pane shown below.
The image
e above is a TCP
T
datagram
m diagram. An
A explanation
n of each field
d is provided ffor reference:
P
Page 4 of 14
The TCP source port number belongs to the TCP session host that opened a connection. The value is
normally a random value above 1,023.
The TCP destination port number is used to identify the upper layer protocol or application on the
remote site. The values in the range 01,023 represent the well-known ports and are associated with
popular services and applications (as described in RFC 1700, such as Telnet, FTP, HTTP, and so on).
The combination of the source IP address, source port, destination IP address, and destination port
uniquely identifies the session to both sender and receiver.
Note: In the Wireshark capture below, the destination port is 21, which is FTP. FTP servers listen on port 21
for FTP client connections.
The Sequence number specifies the number of the last octet in a segment.
The Acknowledgment number specifies the next octet expected by the receiver.
The Code bits have a special meaning in session management and in the treatment of segments.
Among interesting values are:
-
SYN Synchronize, only set when a new TCP session is negotiated during the TCP three-way
handshake.
The Window size is the value of the sliding window; determines how many octets can be sent before
waiting for an acknowledgement.
The Urgent pointer is only used with an Urgent (URG) flag when the sender needs to send urgent data
to the receiver.
The Options has only one option currently, and it is defined as the maximum TCP segment size (optional
value).
Using the Wireshark capture of the first TCP session startup (SYN bit set to 1), fill in information about the
TCP header:
From the PC to CDC server (only the SYN bit is set to 1):
Source IP Address:
192.168.1.17*
Destination IP Address:
198.246.112.54
49243*
21
Sequence number:
0 (relative)
Acknowledgement number:
Header length:
32 bytes
Window size:
8192
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
198.246.1 12.54
Desttination IP address:
192.168.1 .17*
21
49243*
Sequ
uence numbe
er:
0 (relative))
Ackn
nowledgemen
nt number:
Header length:
32 bytes
Wind
dow size:
64240
P
Page 6 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
192.168.1 .17*
Desttination IP address:
198.246.1 12.54
49243*
21
Sequ
uence numbe
er:
Ackn
nowledgemen
nt number:
Head
der length:
20
Wind
dow size:
8192*
P
Page 7 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
When the
e FTP session
n has finished, the FTP clie
ent sends a co
ommand to q
quit. The FTP
P server
acknowled
dges the FTP
P termination with
w a Respo
onse: 221 Goo
odbye. At thiss time, the FT
TP server TCP
P session
sends a TCP
T
datagram
m to the FTP client,
c
announ
ncing the term
mination of the
e TCP sessio
on. The FTP cclient TCP
session acknowledges receipt of the
e termination datagram, th
hen sends its own TCP sesssion terminattion.
When the
e originator of the TCP term
mination, FTP server, receiives a duplica
ate terminatio
on, an ACK da
atagram
is sent to acknowledge
e the termination and the TCP
T
session iss closed. Thiss sequence iss visible in the
e diagram
and captu
ure below.
By applyin
ng an ftp filter, the entire sequence
s
of th
he FTP trafficc can be exam
mined in Wire
eshark. Notice
e the
sequence
e of the events
s during this FTP
F
session. The usernam
me anonymou
us was used tto retrieve the
e Readme
file. After the file transffer completed, the user end
ded the FTP ssession.
P
Page 8 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
P
Part 2: Id
dentify UDP Header Fields
s and Ope
eration Us
sing a W
Wireshark TFTP
Session
S
Capture
C
In Part 2, you use Wire
eshark to captture a TFTP session
s
and i nspect UDP h
header fields.
S
Step 1: Set up this ph
hysical topo
ology and prepare for T
TFTP capture.
a. Estab
blish a console
e and Etherne
et connection
n between PC
C-A and Switcch S1.
P
Page 9 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
b. If not already done
e, manually co
onfigure the IP
P address on the PC to 19
92.168.1.3. It is not require
ed to set
efault gateway.
the de
c.
Config
gure the switc
ch. Assign an
n IP address of
o 192.168.1.1
1 to VLAN 1. Verify connectivity with the
e PC by
pingin
ng 192.168.1.3. Troublesho
oot as necess
sary.
Switc
ch> enable
e
Switc
ch# conf t
Enter
r configur
ration comm
mands, one
e per line.
. End wit
th CNTL/Z.
Switc
ch(config)# host S1
S1(co
onfig)# in
nterface vl
lan 1
S1(co
onfig-if)#
# ip addres
ss 192.168
8.1.1 255.2
255.255.0
S1(co
onfig-if)#
# no shut
*Mar 1 00:37:
:50.166: %L
LINK-3-UPD
DOWN: Inter
rface Vlan
n1, changed
d state to
o up
*Mar 1 00:37:
:50.175: %L
LINEPROTO-5-UPDOWN: Line prot
tocol on In
nterface V
Vlan1,
chang
ged state to up
S1(co
onfig-if)#
# end
S1# ping
p
192.1
168.1.3
Type escape se
equence to abort.
Sendi
ing 5, 100
0-byte ICMP
P Echos to
o 192.168.1
1.3, timeo
out is 2 se
econds:
!!!!!
!
Succe
ess rate is
i 100 perc
cent (5/5), round-tr
rip min/av
vg/max = 1/
/203/1007 ms
Pa
age 10 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
S
Step 2: Pre
epare the TFTP server on the PC.
a. If it do
oes not alread
dy exist, creatte a folder on
n the PC deskktop called TF
FTP. The filess from the switch will
be copied to this lo
ocation.
b. Start tftpd32
t
on the PC.
c.
Notice
e that in Curre
ent Directory,, it lists the us
ser and the Se
erver (PC-A) interface as tthe IP addresss of
192.168.1.3.
d. Test the
t ability to copy
c
a file using TFTP from
m the switch tto the PC. Tro
oubleshoot ass necessary.
S1# copy
c
start
t tftp
Addre
ess or nam
me of remot
te host []? 192.168.
.1.3
Desti
ination fi
ilename [s1
1-confg]?
!!
1638 bytes cop
pied in 0.0
026 secs (63000
(
byte
es/sec)
If you see that the file has copie
ed (as in the above
a
output)), then you are
e ready to go
o on to the nexxt step. If
not, th
hen troublesh
hoot. If you ge
et the %Error
r opening t
tftp (Perm
mission den
nied) error, first
check
k to make sure your firewall is not blocking TFTP, an d that you are
e copying to a location where your
usern
name has ade
equate permis
ssion, such as
s the desktop
p.
S
Step 3: Ca
apture a TFT
TP session in Wiresharrk
a. Open Wireshark. From
F
the Editt menu, choos
se Preferenc
ces and click tthe (+) sign to
o expand Pro
otocols.
Scrolll down and se
elect UDP. Click the Valida
ate the UDP checksum iff possible ch
heck box and click
Apply
y. Then click OK.
Pa
age 11 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
Instru
uctor Note: This
T
is a change from previious versionss of this lab be
ecause the technology hass
chang
ged. Search fo
or checksum
m offloading in
n Wireshark.
b. Start a Wireshark capture.
c
c.
art tftp co
ommand on th
he switch.
Run the copy sta
t Wireshark
k capture.
d. Stop the
e. Set th
he filter to tftp
p. Your outputt should look similar to the
e output show
wn above. Thiss TFTP transffer is
used to analyze tra
ansport layer UDP operatio
ons.
Instru
uctor Note: Iff students point out UDP acknowledgem
a
ments, explain
n that the UDP header doe
es not
contain an acknow
wledgement fie
eld. Instead, it is the respo
onsibility of the
e upper-layerr protocol, in tthis case
TFTP
P, to manage data
d
transfer and receipt in
nformation. T his will be sho
own during th
he UDP datag
gram
examination.
In Wirreshark, detailed UDP info
ormation is available in the Wireshark pa
acket details pane. Highlig
ght the
first UDP
U
datagram
m from the hos
st computer, and move the
e mouse poin
nter to the paccket details pa
ane. It
may be
b necessary to adjust the packet detaills pane and e
expand the UD
DP record byy clicking the p
protocol
expan
nd box. The expanded
e
UDP datagram should
s
look si milar to the d
diagram below
w.
Pa
age 12 of 14
L
Lab - Using Wireshark
W
to Examine FT
TP and TFTP Captures
Using
g the Wireshark capture of the first UDP
P datagram, filll in informatio
on about the UDP header. The
check
ksum value is a hexadecim
mal (base 16) value, denote
ed by the precceding 0x cod
de:
Sourrce IP Addres
ss:
192.168
8.1.1
Desttination IP Ad
ddress:
192.168
8.1.3
62513*
69
UDP
P Message Le
ength:
25 byte
es*
UDP
P Checksum:
0x482cc [correct]*
192.16
68.1.3
Desttination IP Ad
ddress:
192.16
68.1.1
58565**
62513**
UDP
P Message Le
ength:
12 byte
es*
UDP
P Checksum:
Pa
age 13 of 14
Reflection
This lab provided the opportunity to analyze TCP and UDP protocol operations from captured FTP and TFTP
sessions. How does TCP manage communication differently than UDP?
_______________________________________________________________________________________
_______________________________________________________________________________________
TCP manages communication much differently than UDP because reliability and guaranteed delivery requires
additional control over the communication channel. UDP has less overhead and control, and the upper-layer
protocol must provide some type of acknowledgement control. Both protocols, however, transport data
between clients and servers using Application Layer protocols and are appropriate for the upper-layer
protocol each supports.
Challenge
Because neither FTP nor TFTP are secure protocols, all transferred data is sent in clear text. This includes
any user IDs, passwords, or clear-text file contents. Analyzing the upper-layer FTP session will quickly identify
the user ID, password, and configuration file passwords. Upper-layer TFTP data examination is a bit more
complicated, but the data field can be examined and the configuration user ID and password information
extracted.
Cleanup
Unless directed otherwise by your instructor:
1) Remove the files that were copied to your PC.
2) Erase the configurations on switch S1.
3) Remove the manual IP address from the PC and restore Internet connectivity.
Device Configs
Switch S1
S1#show run
Building configuration...
!
hostname S1
!
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
!
end
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 14
Objectives
Explain how transport layer protocols and services support communications across data networks.
Given a scenario, students will determine whether high-reliability messaging should be used. They will
focus on whether the final message was complete, correct and delivered in a timely manner.
Background /Scenario
(Note: It is important that the students have completed the Introductory MA for this chapter. This
activity works best in medium-sized groups of 6 to 8 students.)
The instructor will whisper a complex message to the first student in a group. An example of the message
might be We are expecting a blizzard tomorrow. It should be arriving in the morning and school will be
delayed 2 two hours so bring your homework.
That student whispers the message to the next student in the group. Each group follows this process until
all members of each group have heard the whispered message. Here are the rules you are to follow:
Here are the rules you are to follow:
You can whisper the message in short parts to your neighbor AND you can repeat the
message parts after verifying your neighbor heard the correct message.
Small parts of the message may be checked and repeated again (clockwise OR counterclockwise to ensure accuracy of the message parts) by whispering. A student will be
assigned to time the entire activity.
When the message has reached the end of the group, the last student will say aloud what
she or he heard. Small parts of the message may be repeated (i.e., re-sent), and the process
can be restarted to ensure that ALL parts of the message are fully delivered and correct.
The Instructor will restate the original message to check for quality delivery.
Instructor Note: Please initiate discussion about what happened in the Activity. Focus on these three
questions:
1. Was the message complete when it reached the last student?
2. Was the message correct as delivered to the last person?
3. Did it take very long for the message to get to the last student?
If you were depending on this message to drive your personal/business calendar, studying schedule, etc.,
would the contents of this message need to be clear and correct when you received them?
Would the length of time taken to deliver the message be important to the sender and recipient?
Compare the Introductory MA of this chapter to the Review MA (this activity). What differences do you
notice about the delivery of the message?
Please remind students that TCP and UDP protocols ensure that:
Network communications with different levels of importance are sent and received according to their
levels of importance.
The type of data will affect whether TCP or UDP will be used as the method of delivery.
The time in which the message must be delivered will affect whether TCP or UDP will be used as the
method of delivery.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
Reflection
1. Would the contents of this message need to be clear and correct when you received them, if you were
depending on this message to drive your personal/business calendar, studying schedule, etc.,?
____________________________________________________________________________
The importance of full messages being delivered fully from sender to recipient TCP guarantees full
delivery.
2. Would the length of time taken to deliver the message be an important factor to the sender and recipient?
____________________________________________________________________________
The importance of timing to the details of the message and to the date/time needed to take action on
the message is important to all facets of data transmission windowing and sliding windows takes care of
this in TCP UDP does not.
3. Compare the Introductory MA of this chapter to this activity. What differences do you notice about the
delivery of the message?
____________________________________________________________________________________
Representative (discussion) answers may look like the following suggestions:
The message took a lot longer to get from the initiator to the last recipient.
More (if not all) of the message arrived and the content was probably better (if not completely
accurate)
Ensuring quality of delivery of data over a network is affected by the type of transport used. TCP
will check for checksum errors and will acknowledge and synchronize each segment. In contrast,
UDP has no error correction.
Selecting TCP or UDP based on a time-factor for delivery of data over a communications system.
Windows are set and adjusted in TCP if congestion is found on the network; whereas, UDP keeps
transmitting.
While unreliable, UDP has its value: the message in first activity was delivered much faster than
in the second. If the message was simpler (such as a message consisting of a single digit, for
example), the first transport method (UDP) could prove itself much better than the second (TCP).
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
T
The Inte
ernet of Everyth
E
ing (IoE) (Instrucctor Verssion)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
O
Objectives
Explain how
h
network devices use
e routing tables to direct packets to a destination
n network.
IPv6 is importtant to help manage
m
the da
ata traffic iden
ntification, wh ich will be needed in the fu
uture. Many
a
addresses will assist in this
s endeavor, and
a IPv6 helps
s to alleviate this need.
B
Backgroun
nd /Scenario
Today
y, more than 99% of our world
w
remains unconnected
d. Tomorrow, we will be co
onnected to almost
every
ything. 37 billio
on devices wiill be connectted to the Inte
ernet by 2020. From trees tto water to ca
ars, the
organ
nic and the dig
gital will work together for a more intellig
gent and connected world. This tomorrrow of
netwo
orking is know
wn as The Intternet of Everrything or Io
oE.
If trafffic, transporta
ation, network
king and spac
ce exploration
n depend on d
digital informa
ation sharing, how will
that in
nformation be
e identified fro
om its source to its destinattion?
In this
s activity, you will begin to think about not only what w
will be identiffied in the IoE
E world, but ho
ow
every
ything will be addressed
a
in the same world!
Activitty directions for
f class or individual stude
ents:
1. Read the blog/news
b
sou
urce, Interne
et of Everythin
ng: Fueling an
n Amazing Fu
uture
#Tomorrow
wStartsHere authored by John Chambe
ers regarding
g the Internet of Everything
g (IoE).
This blog is located at http://blogs.cis
h
sco.com/newss/internet-of-e
everything-2.
2. Then view the video, C
Cisco Comme
ercial: Tomorro
ow Starts Here located ha
alfway down tthe page.
3. Next, navig
gate to the IoE main page located at htttp://www.ciscco.com/web/to
omorrow-starttshere/index
x.html.Then cllick on a category that inte
erests you from
m within the g
graphic collag
ge.
4. Next, watc
ch the video or
o read throug
gh the blog or .pdf that belo
ongs to your IIoE category of
interest.
5. Write 5 comments or qu
uestions abou
ut what you sa
aw or read. B
Be prepared tto share with the class.
Instru
uctor note: This
T
is an individual or an in-class
i
Mode
eling Activity ((MA). It is no
ot intended to be a
grade
ed assignment. Its purpose
e is to encourrage student rreflection abo
out their perce
eption of netw
works and
how they will be identified in the
e future. IPv6 is necessary to support th
he Internet of Everything.
R
Required Resources
R
Intern
net connectivitty for researc
ch on the cisco
o.com site. H
Headphones m
may also be u
useful if stude
ents are
individ
dually comple
eting this activ
vity within a group setting.
R
Reflection
1. Why
W do you think there is a need to addrress trees? W
Windmills? Ca
ars? Refrigera
ators? Why w
will just
ab
bout anything
g be able to use an IP addrress?
__
___________
___________
____________
____________
___________
___________
____________
____
The re
esearch for th
he scenario will
w be varied. Some conce
epts worth me
entioning or d
discussing incclude:
Page 1 of 2
To support the new IoE concepts/implementation and growing number of devices that connect to
the internet, an exponential amount of addresses will be needed. Might need to briefly discuss
HOW trees can be connected to the Internet (i.e., different kinds of sensors which transmit data
see http://www.ericsson.com/article/connected_tree_2045546582_c )
Knowing how to use IPv6 addressing will be important to network administrators, ISPs/TSPs, and
the general public as we move to more and more network types/classifications of networks.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
L
Lab Us
sing the
e Window
ws Calculator w
with Netw
work Ad
ddresses
s
((Instructo
or Versio
on)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
O
Objectives
Part 1: Ac
ccess the Windows Calc
culator
Part 2: Co
onvert betwe
een Numberiing Systems
Part 3: Co
onvert Host IPv4 Addresses and Sub
bnet Masks in
nto Binary
g Powers of 2
Part 4: De
etermine the
e Number of Hosts in a Network Using
Part 5: Co
onvert MAC Addresses and
a IPv6 Add
dresses to B inary
B
Backgroun
nd / Scenarrio
Network technicians us
se binary, dec
cimal, and he
exadecimal nu
umbers when working with
h computers a
and
networking devices. Microsoft provid
des a built-in Calculator ap
pplication as p
part of the op
perating system. The
Windows 7 version of Calculator
C
inc
cludes a Standard view tha
at can be used to perform basic arithme
etic tasks
such as addition,
a
subtrract, multiplica
ation, and div
vision. The Ca
alculator application also h
has advanced
programm
ming, scientific
c, and statistic
cal capabilitie
es.
In this lab
b, you will use the Windows
s 7 Calculatorr application P
Programmer view to conve
ert between th
he binary,
decimal, and
a hexadecimal number systems.
s
You
u will also use
e the Scientificc view powerss function to d
determine
the numbe
er of hosts that can be add
dressed base
ed on the num
mber of host b
bits available.
R
Required Resources
R
Page 1 of 7
Step 1: Click the Windows Start button and select All Programs.
Step 2: Click the Accessories folder and select Calculator.
Step 3: After Calculator opens, click the View menu.
What are the four available modes?
_______________________________________________________________________________________
Standard, Scientific, Programmer, and Statistics
Note: The Programmer and Scientific modes are used in this lab.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 7
L
Lab Using the
t Windows
s Calculator with Networrk Addresses
s
The only
o
digits use
ed in binary (b
base 2) are 0 and 1.
c.
g. As yo
ou were switch
hing between the numberin
ng systems, yyou may have
e noticed the binary numbe
er 1111 is
displa
ayed during th
he conversion
n. This assists
s you in relatin
ng the binaryy digits to othe
er numbering system
values. Each set of 4 bits repres
sents a hexad
decimal chara
acter or poten
ntially multiple
e decimal cha
aracters.
Page 3 of 7
i.
Decimal
Binary
Hexadecimal
86
0101 0110
56
175
1010 1111
AF
204
1100 1100
CC
19
0001 0011
13
77
0100 1101
4D
42
0010 1010
2A
56
0011 1000
38
147
1001 0011
93
228
1110 0100
E4
As you record the values in the table above, do you see a pattern between the binary and hexadecimal
numbers?
____________________________________________________________________________________
____________________________________________________________________________________
Every hexadecimal digit can be converted into four binary numbers separately. For example, hex 0A is
1010 in binary.
Part 3: Convert Host IPv4 Addresses and Subnet Masks into Binary
Internet Protocol version 4 (IPv4) addresses and subnet masks are represented in a dotted decimal format
(four octets), such as 192.168.1.10 and 255.255.255.0, respectively. This makes these addresses more
readable to humans. Each of the decimal octets in the address or a mask can be converted to 8 binary bits.
An octet is always 8 binary bits. If all 4 octets were converted to binary, how many bits would there be?
________________________ 32
a. Use the Windows Calculator application to convert the IP address 192.168.1.10 into binary and record the
binary numbers in the following table:
Decimal
Binary
192
1100 0000
168
1010 1000
0000 0001
10
0000 1010
b. Subnet masks, such as 255.255.255.0, are also represented in a dotted decimal format. A subnet mask
will always consist of four 8-bit octets, each represented as a decimal number. Using the Windows
Calculator, convert the 8 possible decimal subnet mask octet values to binary numbers and record the
binary numbers in the following table:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 7
c.
Decimal
Binary
0000 0000
128
1000 0000
192
1100 0000
224
1110 0000
240
1111 0000
248
1111 1000
252
1111 1100
254
1111 1110
255
1111 1111
With the combination of IPv4 address and the subnet mask, the network portion can be determined and
the number of hosts available in a given IPv4 subnet can also be calculated. The process is examined in
Part 4.
192.168.1.10
11000000.10101000.00000001.00001010
255.255.248.0
11111111.11111111.11111000.00000000
Because the first 21 bits in the subnet mask are consecutive numeral ones, the corresponding first 21 bits
in the IP address in binary is 110000001010100000000; these represent the network portion of the
address. The remaining 11 bits are 00100001010 and represent the host portion of the address.
What is the decimal and binary network number for this address?
____________________________________________________________________________________
Decimal: 192.168.0.0 Binary: 11000000.10101000.00000000.00000000
What is the decimal and binary host portion for this address?
____________________________________________________________________________________
Decimal: 1.10 Binary: 00000000.00000000.00000001.00001010
Because the network number and the broadcast address use two addresses out of the subnet, the
formula to determine the number of hosts available in an IPv4 subnet is the number 2 to the power of the
number of host bits available, minus 2:
Number of available hosts = 2 (number of host bits) 2
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 7
d. Input 11. Click =, or press Enter on the keyboard for the answer.
e. Subtract 2 from the answer by using the calculator if desired.
f.
In this example, there are 2046 hosts are available on this network (211-2).
g. If given the number of host bits, determine the number of hosts available and record the number in the
following table.
Number of Available Host Bits
30
14
16382
24
16777214
10
1022
h. For a given subnet mask, determine the number of hosts available and record the answer in the following
table.
Subnet Mask
Number of
Available
Host Bits
Number of
Available
Hosts
255.255.255.0
11111111.11111111.11111111.00000000
254
255.255.240.0
11111111.11111111.11110000.00000000
12
4094
255.255.255.128
11111111.11111111.11111111.10000000
126
255.255.255.252
11111111.11111111.11111111.11111100
255.255.0.0
11111111.11111111.00000000.00000000
16
65534
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 7
Convert the MAC address into binary digits using the Windows Calculator application.
____________________________________________________________________________________
Answers will vary. For example: CC (11001100), 12 (0001 0010), DE (1101 1110) 4A (0100 1010), BD
(1011 1101), 88 (1000 1000)
Binary
2001
0DB8
ACAD
0001
0000
0000
0000
0001
Reflection
1. Can you perform all the conversions without the assistance of the calculator? What can you do to make it
happen?
_______________________________________________________________________________________
Lots of practice. For example, a binary game found on Cisco Learning Network at
https://learningnetwork.cisco.com/ can help with conversion between binary and decimal numbering systems.
2. For most IPv6 addresses, the network portion of the address is usually 64 bits. How many hosts are available
on a subnet where the first 64 bits represent the network? Hint: All host addresses are available in the subnet
for hosts.
_______________________________________________________________________________________
There are 64 bits left for host addresses which is over 18.4 trillion (264 - 2) hosts available in a 64-bit (/64)
subnet.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 7
L
Lab Co
onvertin
ng IPv4 Address
A
ses to B
Binary (In
nstructorr Version
n)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
O
Objectives
Part 1: Co
onvert IPv4 Addresses
A
frrom Dotted Decimal
D
to B
Binary
Part 2: Us
se Bitwise ANDing
A
Opera
ation to Dete
ermine Netwo
ork Address
ses
Part 3: Ap
pply Network
k Address Calculations
B
Backgroun
nd / Scenarrio
Every IPv
v4 address is comprised off two parts: a network porti on and a hosst portion. The
e network porrtion of an
address is
s the same fo
or all devices that
t
reside in the same ne twork. The ho
ost portion ide
entifies a specific host
within a given network.. The subnet mask is used
d to determine
e the networkk portion of an
n IP address. Devices
on the sam
me network can
c communic
cate directly; devices on diifferent netwo
orks require a
an intermediarry Layer 3
device, su
uch as a route
er, to commun
nicate.
To unders
stand the ope
eration of deviices on a netw
work, we nee d to look at a
addresses the
e way devicess doin
binary nottation. To do this, we mustt convert the dotted
d
decima
al form of an IP address and its subnet mask to
binary nottation. After th
his has been done, we can
n use the bitw
wise ANDing o
operation to d
determine the network
address.
This lab provides
p
instru
uctions on how
w to determin
ne the networrk and host po
ortion of IP ad
ddresses by cconverting
addresses
s and subnet masks from dotted
d
decima
al to binary, a
and then using
g the bitwise ANDing operration.
You will th
hen apply this
s information to identify add
dresses in the
e network.
P
Part 1: Convert
C
IP
Pv4 Addrresses fro
om Dotte
ed Decima
al to Bina
ary
In Part 1, you will conv
vert decimal numbers to the
eir binary equ
uivalent. Afterr you have ma
astered this a
activity,
you will co
onvert IPv4 addresses and
d subnet masks from dotte
ed decimal to their binary fo
orm.
S
Step 1: Co
onvert decim
mal numberrs to their binary equiv
valent.
Fill in the following tablle by converting the decimal number to an 8-bit binary number. The first number has
been com
mpleted for your reference. Recall that th
he eight binarry bit values in
n an octet are
e based on th
he powers
of 2, and from
f
left to rig
ght are 128, 64,
6 32, 16, 8, 4, 2, and 1.
Dec
cimal
B
Binary
192
110
000000
168
101
101000
10
1
000
001010
255
111
111111
000
000010
S
Step 2: Co
onvert the IP
Pv4 address
ses to their binary equ
uivalent.
An IPv4 address
a
can be
b converted using
u
the sam
me technique you used abo
ove. Fill in the
e table below with the
binary equ
uivalent of the
e addresses provided.
p
To make your an
nswers easierr to read, sep
parate the bina
ary octets
with a perriod.
Page 1 of 4
Decimal
Binary
192.168.10.10
11000000.10101000.00001010.00001010
209.165.200.229
11010001.10100101.11001000.11100101
172.16.18.183
10101100.00010000.00010010.10110111
10.86.252.17
00001010.01010110.11111100.00010001
255.255.255.128
11111111.11111111.11111111.10000000
255.255.192.0
11111111.11111111.11000000.00000000
Step 1: Determine the number of bits to use to calculate the network address.
Description
Decimal
Binary
IP Address
192.168.10.131
11000000.10101000.00001010.10000011
Subnet Mask
255.255.255.192
11111111.11111111.11111111.11000000
Network Address
192.168.10.128
11000000.10101000.00001010.10000000
How do you determine what bits to use to calculate the network address?
____________________________________________________________________________________
The bits that are set to 1 in the binary subnet mask are used to calculate the network address.
In the example above, how many bits are used to calculate the network address?
______________ 26 bits
Decimal
Binary
IP Address
172.16.145.29
10101100.00010000.10010001.00011101
Subnet Mask
255.255.0.0
11111111.11111111.00000000.00000000
Network Address
172.16.0.0
10101100.00010000.00000000.00000000
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
Description
c.
Decimal
Binary
IP Address
192.168.10.10
11000000.10101000.00001010.00001010
Subnet Mask
255.255.255.0
11111111.11111111.11111111.00000000
Network Address
192.168.10.0
11000000.10101000.00001010.00000000
Decimal
Binary
IP Address
192.168.68.210
11000000.10101000.01000100.11010010
Subnet Mask
255.255.255.128
11111111.11111111.11111111.10000000
Network Address
192.168.68.128
11000000.10101000.01000100.10000000
Decimal
Binary
IP Address
172.16.188.15
10101100.00010000.10111100.00001111
Subnet Mask
255.255.240.0
11111111.11111111.11110000.00000000
Network Address
172.16.176.0
10101100.00010000.10110000.00000000
Decimal
Binary
IP Address
10.172.2.8
00001010.10101100.00000010.00001000
Subnet Mask
255.224.0.0
11111111.11100000.00000000.00000000
Network Address
10.160.0.0
00001010.10100000.00000000.00000000
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
Reflection
Why is the subnet mask important in determining the network address?
_______________________________________________________________________________________
_______________________________________________________________________________________
The subnet mask provides the number of bits to use for the network portion of an address. The network
address cannot be determined without it.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
L
Lab Ide
entifying
g IPv4 Addresse
A
es (Instru
uctor Ve
ersion)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
O
Objectives
Part 1: Identify IPv4 Addresses
A
ortion of an IP
P address.
Identify the networrk and host po
A
Part 2: Cllassify IPv4 Addresses
Identify whether an
n address is public
p
or priva
ate.
B
Backgroun
nd / Scenarrio
Addressin
ng is an imporrtant function of network la
ayer protocolss because it e
enables data ccommunicatio
on
between hosts
h
on the same
s
network
k, or on differe
ent networks.. In this lab, yyou will examiine the structu
ure of
Internet Protocol
P
versio
on 4 (IPv4) ad
ddresses. You
u will identify the various tyypes of IPv4 a
addresses an
nd the
componen
nts that help comprise
c
the address, suc
ch as networkk portion, hostt portion, and subnet maskk. Types
of address
ses covered include
i
public
c, private, unic
cast, and mu lticast.
Instructo
or Note: This activity
a
can be done individ
dually in classs or assigned
d as homeworrk. The lab ca
an also be
done in class with stud
dents working in pairs. If the lab is done in class, it sh
hould be follow
wed up by disscussion
with corre
ect answers. All
A public IP addresses use
ed in this lab a
are owned byy Cisco.
R
Required Resources
R
Devic
ce with Interne
et access
P
Part 1: Id
dentify IP
Pv4 Addre
esses
In Part 1, you will be giiven several examples
e
of IPv4 addresse
es and will co
omplete tabless with approp
priate
informatio
on.
S
Step 1: An
nalyze the ta
able shown below and identify the
e network p
portion and host portio
on of the
giv
ven IPv4 addresses.
The first tw
wo rows show
w examples of
o how the tab
ble should be completed.
Key for
f table:
N = all 8 bits for an
n octet are in the
t network portion
p
of the address
work portion of
o the address
s
n = a bit in the netw
H = all 8 bits for an
n octet are in the
t host portion of the add
dress
h = a bit in the host portion of th
he address
Page 1 of 4
Network/Host
N,n = Network
IP Address/Prefix
H,h = Host
Subnet Mask
Network Address
192.168.10.10/24
N.N.N.H
255.255.255.0
192.168.10.0
10.101.99.17/23
N.N.nnnnnnnh.H
255.255.254.0
10.101.98.0
209.165.200.227/27
N.N.N.nnnhhhhh
255.255.255.224
209.165.200.224
172.31.45.252/24
N.N.N.H
255.255.255.0
172.31.45.0
10.1.8.200/26
N.N.N.nnhhhhhh
255.255.255.192
10.1.8.192
172.16.117.77/20
N.N.nnnnhhhh.H
255.255.240.0
172.16.112.0
10.1.1.101/25
N.N.N.nhhhhhhh
255.255.255.128
10.1.1.0
209.165.202.140/27
N.N.N.nnnhhhhh
255.255.255.224
209.165.202.128
192.168.28.45/28
N.N.N.nnnnhhhh
255.255.255.240
192.168.28.32
Step 2: Analyze the table below and list the range of host and broadcast addresses given a
network/prefix mask pair.
The first row shows an example of how the table should be completed.
IP Address/Prefix
Last Host
Address
Broadcast
Address
192.168.10.10/24
192.168.10.1
192.168.10.254
192.168.10.255
10.101.99.17/23
10.101.98.1
10.101.99.254
10.101.99.255
209.165.200.227/27
209.165.200.225
209.165.200.254
209.165.200.255
172.31.45.252/24
172.31.45.1
172.31.45.254
172.31.45.255
10.1.8.200/26
10.1.8.193
10.1.8.254
10.1.8.255
172.16.117.77/20
172.16.112.1
172.16.127.254
172.16.127.255
10.1.1.101/25
10.1.1.1
10.1.1.126
10.1.1.127
209.165.202.140/27
209.165.202.129
209.165.202.158
209.165.202.159
192.168.28.45/28
192.168.28.33
192.168.28.46
192.168.28.47
Step 1: Analyze the table shown below and identify the type of address (network, host,
multicast, or broadcast address).
The first row shows an example of how the table should be completed.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
IP Address
Subnet Mask
Address Type
10.1.1.1
255.255.255.252
host
192.168.33.63
255.255.255.192
broadcast
239.192.1.100
255.252.0.0
multicast
172.25.12.52
255.255.255.0
host
10.255.0.0
255.0.0.0
host
172.16.128.48
255.255.255.240
network
209.165.202.159
255.255.255.224
broadcast
172.16.0.255
255.255.0.0
224.10.1.11
255.255.255.0
host
multicast
Step 2: Analyze the table shown below and identify the address as public or private.
IP Address/Prefix
Public or Private
209.165.201.30/27
Public
192.168.255.253/24
Private
10.100.11.103/16
Private
172.30.1.100/28
Private
192.31.7.11/24
Public
172.20.18.150/22
Private
128.107.10.1/16
Public
192.135.250.10/24
Public
64.104.0.11/16
Public
Step 3: Analyze the table shown below and identify whether the address/prefix pair is a valid
host address.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
IP Address/Prefix
Reason
127.1.0.10/24
No
Loopback
172.16.255.0/16
Yes
Host address
241.19.10.100/24
No
Reserved
192.168.0.254/24
Yes
Host address
192.31.7.255/24
No
Broadcast
64.102.255.255/14
Yes
Host address
224.0.0.5/16
No
Multicast
10.0.255.255/8
Yes
Host address
198.133.219.8/24
Yes
Host address
Reflection
Why should we continue to study and learn about IPv4 addressing if the available IPv4 address space is
depleted?
_______________________________________________________________________________________
_______________________________________________________________________________________
Many organizations will continue to use the private IPv4 address space for their internal networking needs.
The public IPv4 addresses will be used for many years to come.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
L
Lab Identifying IPv6 Address
A
ses (Instrructor Ve
ersion)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
O
Objectives
Part 1: Identify the Different Types of IPv6 Addresses
ew the differen
nt types of IPv
v6 addresses
s.
Revie
Match
h the IPv6 add
dress with the
e correct type
e.
Part 2: Ex
xamine a Host IPv6 Netw
work Interface
e and Addres
ss
Check
k PC IPv6 network address settings.
Study
y and review the
t rules for IP
Pv6 address abbreviation.
Practiice compress
sing and deco
ompressing IP
Pv6 addressess.
B
Backgroun
nd / Scenarrio
With the depletion
d
of th
he Internet Prrotocol version 4 (IPv4) nettwork address space and tthe adoption and
transition to IPv6, netw
working profes
ssionals mustt understand h
how both IPv4
4 and IPv6 ne
etworks functtion.
Many dev
vices and app
plications alrea
ady support IPv6. This inc ludes extensiive Cisco devvice Internetw
work
Operating
g System (IOS
S) support and workstation
n/server opera
ating system support, such
h as that foun
nd in
Windows and Linux.
This lab fo
ocuses on IPv
v6 addresses
s and the com
mponents of th
he address. In
n Part 1, you will identify th
he IPv6
address ty
ypes, and in Part
P 2, you will view the IPv6 settings o n a PC. In Pa
art 3, you will practice IPv6
6 address
abbreviatiion, and in Pa
art 4, you will identify the parts of the IPvv6 network prefix with a fo
ocus on globa
al unicast
addresses
s.
Instructo
or Note: This lab
l has four sections
s
that can
c be split u
up into two pa
arts (Part 1/2 a
and Part 3/4).. It can be
performed
d in multiple sessions,
s
or assigned
a
as homework.
R
Required Resources
R
1 PC (Windows 7 or
o Vista with Internet
I
acces
ss)
P
Page 1 of 10
Chapter 7 Lab D
Note: The IPv6 protocol is enabled in Windows 7 and Vista by default. The Windows XP operating system
does not enable IPv6 by default and is not recommended for use with this lab. This lab uses Windows 7 PC
hosts.
Instructor Note: For instructions on how to enable IPv6 and configure host addresses with Windows XP,
refer to the Instructor Lab Manual.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 10
Chapter 7 Lab D
0000 to 00FF
2000 to 3FFF
FE80 to FEBF
FC00 to FCFF
FF00 to FFFF
Multicast address
There are other IPv6 address types that are either not yet widely implemented, or have already become
deprecated, and are no longer supported. For instance, an anycast address is new to IPv6 and can be
used by routers to facilitate load sharing and provide alternate path flexibility if a router becomes
unavailable. Only routers should respond to an anycast address. Alternatively, site-local addresses
have been deprecated and replaced by unique-local addresses. Site-local addresses were identified by
the numbers FEC0 in the initial hextet.
In IPv6 networks, there are no network (wire) addresses or broadcast addresses as there are in IPv4
networks.
Answer
Answer Choices
2001:0DB8:1:ACAD::FE55:6789:B210
1. ____
a. Loopback address
::1
2. ____
FC00:22:A:2::CD4:23E4:76FA
3. ____
c. Link-local address
2033:DB8:1:1:22:A33D:259A:21FE
4. ____
d. Unique-local address
FE80::3201:CC01:65B1
5. ____
e. Multicast address
FF00::
6. ____
FF00::DB7:4322:A231:67C
7. ____
FF02::2
8. ____
Answers: 1. B, 2. A, 3. D, 4. B, 5. C, 6. E, 7. E, 8. E
Part 2:
In Part 2, you will check the IPv6 network settings of your PC to identify your network interface IPv6 address.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 10
C
CCNA: Netwo
ork Basics
Chapte
er 7 Lab D
Step 1: Check
C
your PC IPv6 ne
etwork address setting s.
a. Verify
y that the IPv6
6 protocol is in
nstalled and active
a
on you r PC-A (checck your Local Area Connecction
settings).
b. Click the Windows Start button and then Control Panel a
and change V
View by: Cate
egory to View
w by:
Small icons.
c.
f.
Selec
ct the item Inte
ernet Protoc
col Version 6 (TCP/IPv6) a
and click Pro
operties. You should see th
he IPv6
settings for your ne
etwork interfa
ace. Your IPv6
6 properties w
window is like
ely set to Obta
ain an IPv6 a
address
autom
matically. This does not mean
m
that IPv6
6 relies on the
e Dynamic Ho
ost Configura
ation Protocol (DHCP).
Instea
ad of using DH
HCP, IPv6 loo
oks to the loc
cal router for I Pv6 network information a
and then auto
oconfig
gures its own IPv6 address
ses. To manually configure
e IPv6, you m
must provide th
he IPv6 addre
ess, the
subne
et prefix lengtth, and the de
efault gateway
y.
Note: The local rou
uter can referr host requestts for IPv6 info
formation, esp
pecially Doma
ain Name Sysstem
(DNS) information,, to a DHCPv6
6 server on th
he network.
P
Page 4 of 10
C
CCNA: Netwo
ork Basics
Chapte
er 7 Lab D
g. After you
y have verified that IPv6
6 is installed and
a active on your PC, you
u should checck your IPv6 a
address
inform
mation. To do this, click the
e Start button, type cmd in
n the Search p
programs and
d files form bo
ox, and
press Enter. This opens
o
a Windows comman
nd prompt win
ndow.
h. Type ipconfig /all and press En
nter. Your outtput should lo
ook similar to this:
C:\Us
sers\user>
> ipconfig /all
ows IP Confi
iguration
Windo
put omitted>
>
<outp
less LAN ada
apter Wirel
less Network
k Connectio
on:
Wirel
Co
onnection-sp
pecific DNS
S Suffix
De
escription . . . . . . . . . .
Ph
hysical Addr
ress. . . . . . . .
DH
HCP Enabled.
. . . . . . . . . .
Au
utoconfigura
ation Enabl
led . . .
Li
ink-local IP
Pv6 Address
s . . . .
IP
Pv4 Address.
. . . . . . . . . .
Su
ubnet Mask . . . . . . . . . .
Le
ease Obtaine
ed. . . . . . . . .
Le
ease Expires
s . . . . . . . . .
De
efault Gatew
way . . . . . . . .
DH
HCP Server . . . . . . . . . .
DH
HCPv6 IAID . . . . . . . . . .
DH
HCPv6 Client
t DUID. . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
:
:
:
:
:
:
:
:
:
:
:
:
:
:
R) Advanced
d-N 6200 AGN
N
Intel(R) Centrino(R
02-37-10 -41-FB-48
Yes
Yes
d4f:4f4d:323
37:95e2%14(Preferred)
fe80::8d
192.168. 2.106(Prefe
erred)
255.255. 255.0
, 2013 9:47:36 AM
Sunday, January 06,
, 2013 9:47:38 AM
Monday, January 07,
192.168. 2.1
192.168. 2.1
33555432 0
84-B1-1C-C1-DE-91-C3-5
5D
00-01-00 -01-14-57-8
P
Page 5 of 10
Chapter 7 Lab D
8.8.4.4
<output omitted>
i.
You can see from the output that the client PC has an IPv6 link-local address with a randomly generated
interface ID. What does it indicate about the network regarding IPv6 global unicast address, IPv6 uniquelocal address, or IPv6 gateway address?
____________________________________________________________________________________
____________________________________________________________________________________
It indicates that there is no IPv6 enabled gateway router providing global address, local address, or
subnet information on the network.
j.
What kind of IPv6 addresses did you find when using ipconfig /all?
____________________________________________________________________________________
____________________________________________________________________________________
Answers will vary, but most likely they will be link-local addresses also.
Step 1: Study and review the rules for IPv6 address abbreviation.
Rule 1: In an IPv6 address, a string of four zeros (0s) in a hextet can be abbreviated as a single zero.
2001:0404:0001:1000:0000:0000:0EF0:BC00
2001:0404:0001:1000:0:0:0EF0:BC00 (abbreviated with single zeros)
Rule 2: In an IPv6 address, the leading zeros in each hextet can be omitted, trailing zeros cannot be omitted.
2001:0404:0001:1000:0000:0000:0EF0:BC00
2001:404:1:1000:0:0:EF0:BC00 (abbreviated with leading zeros omitted)
Rule 3: In an IPv6 address, a single continuous string of four or more zeros can be abbreviated as a double
colon (::). The double colon abbreviation can only be used one time in an IP address.
2001:0404:0001:1000:0000:0000:0EF0:BC00
2001:404:1:1000::EF0:BC00 (abbreviated with leading zeroes omitted and continuous zeros
replaced with a double colon)
The image below illustrates these rules of IPv6 address abbreviation:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 10
C
CCNA: Netwo
ork Basics
Chapte
er 7 Lab D
Step 2: Practice
P
com
mpressing and
a
decomp
pressing IP
Pv6 address
ses.
Using the rules of IPv6
6 address abb
breviation, eith
her compresss or decompre
ess the follow
wing addresse
es:
1) 20
002:0EC0:0200:0001:0000
0:04EB:44CE
E:08A2
__
___________
___________
____________
____________
___________
___________
____________
________
20
002:EC0:200:1::4EB:44CE
E:8A2
2) FE80:0000:000
00:0001:0000
0:60BB:008E:7402
__
___________
___________
____________
____________
___________
___________
____________
________
FE80::1:0:60BB:8E:7402
3) FE80::7042:B3
3D7:3DEC:84
4B8
__
___________
___________
____________
____________
___________
___________
____________
________
FE80:0000:000
00:0000:7042
2:B3D7:3DEC
C:84B8
4) FF00::
__
___________
___________
____________
____________
___________
___________
____________
________
FF00:0000:000
00:0000:0000
0:0000:0000:0
0000
5) 20
001:0030:000
01:ACAD:000
00:330E:10C2
2:32BF
__
___________
___________
____________
____________
___________
___________
____________
________
20
001:30:1:ACA
AD::330E:10C
C2:32BF
P
Part 4: Id
dentify th
he Hierarc
chy of the
e IPv6 Gllobal Unicast Add
dress Netw
work
Prefix
P
In Part 4, you will study
y and review the characterristics of the I Pv6 network prefix to iden
ntify the hierarrchical
network components
c
of
o the IPv6 network prefix.
P
Page 7 of 10
Chapter 7 Lab D
xxxx:xxxx:xxxx:xxxx:0000:0000:0000:0001
Most global unicast (routable) addresses use a 64-bit network prefix and a 64-bit host address. However, the
network portion of an IPv6 address is not restricted to 64 bits in length and its length is identified at the end of
the address by slash notation, followed by a decimal number indicating its length. If the network prefix is /64,
then the network portion of the IPv6 address is 64 bits long from left to right. The host portion, or interface ID,
which is the last 64 bits, is the remaining length of the IPv6 address. In some cases, as with a loopback
address, the network prefix can be /128, or one hundred and twenty eight bits long. In this case, there are no
bits left over for the interface identifier, and therefore, the network is restricted to a single host. Here are some
examples of IPv6 addresses with different network prefix lengths:
Global unicast address:
2001:DB8:0001:ACAD:0000:0000:0000:0001/64
Loopback address:
::1/128
Multicast address:
FF00::/8
Link-local address
From left to right, the network portion of an IPv6 global unicast address has a hierarchical structure that will
give the following information:
1) IANA Global Routing Number (the first three binary bits are fixed as 001)
200::/12
2) Regional Internet Registry (RIR) Prefix (bits /12 to /23)
2001:0D::/23 (the hexadecimal D character is 1101 in binary. Bits 21 to 23 are 110, and the last
bit is part of the ISP Prefix)
3) Internet service provider (ISP) Prefix (the bits up to /32)
2001:0DB8::/32
4) Site Prefix or Site Level Aggregator (SLA) which is assigned to the customer by the ISP (the bits up to
/48)
2001:0DB8:0001::/48
5) Subnet Prefix (assigned by the customer; the bits up to /64)
2001:0DB8:0001:ACAD::/64
6) Interface ID (the host is identified by the last 64 bits in the address)
2001:DB8:0001:ACAD:8D4F:4F4D:3237:95E2/64
The image below shows that the IPv6 address can be grouped into four basic parts:
1) Global Routing Prefix /32
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 10
C
CCNA: Netwo
ork Basics
Chapte
er 7 Lab D
Step 2: Practice
P
derriving netwo
ork prefix in
nformation from an IPv
v6 address.
Given the
e following add
dress, answe
er the following
g questions:
2000:1111:aaaa:0:50a
a5:8a35:a5bb
b:66e1/64
a. What is the interfac
ce ID?
_____
___________
___________
____________
___________
___________
____________
____________
________
50a5:8a35:a5bb:66
6e1
b. What is the subnett number?
_____
___________
___________
____________
___________
___________
____________
____________
________
0
c.
umber?
d. What is the ISP nu
_____
___________
___________
____________
___________
___________
____________
____________
________
11
e. What is the ISP nu
umber in binarry?
_____
___________
___________
____________
___________
___________
____________
____________
________
0001 0001
f.
P
Page 9 of 10
Chapter 7 Lab D
____________________________________________________________________________________
0000 0001 0001
h. What is the IANA global number?
____________________________________________________________________________________
2
i.
Reflection
1. How do you think you must support IPv6 in the future?
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary.
2. Do you think IPv4 networks continue on, or will everyone eventually switch over to IPv6? How long do you
think it will take?
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 10
Topology
Addressing Table
Device
R1
Interface
IPv6 Address
Prefix
Length
Default Gateway
G0/0
2001:DB8:ACAD:A::1
64
N/A
G0/1
2001:DB8:ACAD:1::1
64
N/A
S1
VLAN 1
2001:DB8:ACAD:1::B
64
N/A
PC-A
NIC
2001:DB8:ACAD:1::3
64
FE80::1
PC-B
NIC
2001:DB8:ACAD:A::3
64
FE80::1
Objectives
Part 1: Set Up Topology and Configure Basic Router and Switch Settings
Part 2: Configure IPv6 Addresses Manually
Part 3: Verify End-to-End Connectivity
Background / Scenario
Knowledge of the Internet Protocol version 6 (IPv6) multicast groups can be helpful when assigning IPv6
addresses manually. Understanding how the all-router multicast group is assigned and how to control address
assignments for the Solicited Nodes multicast group can prevent IPv6 routing issues and help ensure best
practices are implemented.
In this lab, you will configure hosts and device interfaces with IPv6 addresses and explore how the all-router
multicast group is assigned to a router. You will use show commands to view IPv6 unicast and multicast
addresses. You will also verify end-to-end connectivity using the ping and traceroute commands.
Note: The routers used with CCNA hands-on labs are Cisco 1941 ISRs with Cisco IOS Release 15.2(4)M3
(universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco IOS Release 15.0(2) (lanbasek9
image). Other routers, switches and Cisco IOS versions can be used. Depending on the model and Cisco IOS
version, the commands available and output produced might vary from what is shown in the labs. Refer to the
Router Interface Summary table at the end of the lab for the correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 20
Required Resources
1 Router (Cisco 1941 with Cisco IOS software, Release 15.2(4)M3 universal image or comparable)
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
Console cables to configure the Cisco IOS devices via the console ports
Note: The Gigabit Ethernet interfaces on Cisco 1941 routers are autosensing and an Ethernet straightthrough cable may be used between the router and PC-B. If using another model Cisco router, it may be
necessary to use an Ethernet crossover cable.
Note: The IPv6 protocol is enabled in Windows 7 and Vista by default. The Windows XP operating system
does not enable IPv6 by default and is not recommended for use with this lab. This lab uses Windows 7 PC
hosts.
Instructor Note: For instructions on how to enable IPv6 and configure host addresses with Windows XP refer
to the Instructor Lab Manual.
Part 1: Set Up Topology and Configure Basic Router and Switch Settings
Step 1: Cable the network as shown in the topology.
Step 2: Initialize and reload the router and switch.
Step 3: Verify that the PC interfaces are configured to use the IPv6 protocol.
Verify that the IPv6 protocol is active on both PCs by ensuring that the Internet Protocol Version 6
(TCP/IPv6) check box is selected in the Local Area Connection Properties window.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 20
Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as
though they were hostnames.
Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as
though they were hostnames.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 20
R1#
c.
Issue the show ipv6 interface g0/0 command. Notice that the interface is listing two Solicited Nodes
multicast groups, because the IPv6 link-local (FE80) Interface ID was not manually configured to match
the IPv6 unicast Interface ID.
Note: The link-local address displayed is based on EUI-64 addressing, which automatically uses the
interface Media Access Control (MAC) address to create a 128-bit IPv6 link-local address.
R1# show ipv6 interface g0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::D68C:B5FF:FECE:A0C0
No Virtual link-local address(es):
Global unicast address(es):
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 20
R1#
d. To get the link-local address to match the unicast address on the interface, manually enter the link-local
addresses on each of the Ethernet interfaces on R1.
R1# config t
Enter configuration commands, one per line.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 20
R1#
What multicast groups have been assigned to interface G0/0?
____________________________________________________________________________________
The all-nodes multicast group (FF02::1) and the Solicited Nodes multicast group (FF02::1:FF00:1).
Has an IPv6 unicast address been assigned to the network interface card (NIC) on PC-B? _________ No
b. Enable IPv6 routing on R1 using the IPv6 unicast-routing command.
R1 # configure terminal
R1(config)# ipv6 unicast-routing
R1(config)# exit
R1#
*Dec 17 18:29:07.415: %SYS-5-CONFIG_I: Configured from console by console
c.
Use the show ipv6 interface g0/0 command to see what multicast groups are assigned to interface
G0/0. Notice that the all-router multicast group (FF02::2) now appears in the group list for interface G0/0.
Note: This will allow the PCs to obtain their IP address and default gateway information automatically
using Stateless Address Autoconfiguration (SLAAC).
R1# show ipv6 interface g0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 20
R1#
d. Now that R1 is part of the all-router multicast group, re-issue the ipconfig command on PC-B. Examine
the IPv6 address information.
Why did PC-B receive the Global Routing Prefix and Subnet ID that you configured on R1?
____________________________________________________________________________________
____________________________________________________________________________________
R1 G0/0 is now part of the All-router multicast group, FF02::2. This allows it to send Router Advertisement
(RA) messages with the Global Network Address and Subnet ID information to all nodes on the LAN.
Notice that it also sent the link-local address, FE80::1, as the Default Gateway. The PCs will receive their
IP address and default gateway via SLAAC.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 20
b. Verify that the IPv6 addresses are properly assigned to the management interface using the show ipv6
interface vlan1 command.
S1# show ipv6 interface vlan1
Vlan1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::B
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:ACAD:1::B, subnet is 2001:DB8:ACAD:1::/64
Joined group address(es):
FF02::1
FF02::1:FF00:B
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Output features: Check hwidb
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds
S1#
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 20
b. Click the Use the following IPv6 address radio button. Refer to the Addressing Table and enter the IPv6
address, Subnet prefix length, and Default gateway information. Click OK.
c.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 20
Note: You can also test connectivity by using the global unicast address, instead of the link-local address.
b. Ping the S1 management interface from PC-A.
c.
Use the tracert command on PC-A to verify that you have end-to-end connectivity to PC-B.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 20
Note: If end-to-end connectivity is not established, troubleshoot your IPv6 address assignments to verify
that you entered the addresses correctly on all devices.
Reflection
1. Why can the same link-local address, FE80::1, be assigned to both Ethernet interfaces on R1?
_______________________________________________________________________________________
_______________________________________________________________________________________
Link-local packets never leave the local network, so the same link-local address can be used on an interface
associated to a different local network.
2. What is the Subnet ID of the IPv6 unicast address 2001:db8:acad::aaaa:1234/64?
_______________________________________________________________________________________
th
0 (zero) or 0000 (zeros). The 4 hextet is the Subnet ID of an IPv6 address with a prefix of /64. In the
th
example the 4 hextet contains all zeros and the IPv6 Omitting All 0 Segment rule is using the double colon to
depict the Subnet ID and the first two hextets of the Interface ID.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 20
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router R1 (After part 1 of this lab)
R1#sh run
Building configuration...
Current configuration : 1443 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
memory-size iomem 15
!
no ip domain lookup
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 20
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 20
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 20
FastEthernet0/3
FastEthernet0/4
FastEthernet0/5
FastEthernet0/6
FastEthernet0/7
FastEthernet0/8
FastEthernet0/9
FastEthernet0/10
FastEthernet0/11
FastEthernet0/12
FastEthernet0/13
FastEthernet0/14
FastEthernet0/15
FastEthernet0/16
FastEthernet0/17
FastEthernet0/18
FastEthernet0/19
FastEthernet0/20
FastEthernet0/21
FastEthernet0/22
FastEthernet0/23
FastEthernet0/24
GigabitEthernet0/1
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 20
Router R1 (Final)
R1#show run
Building configuration...
Current configuration : 1577 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
memory-size iomem 15
!
no ip domain lookup
ip cef
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 20
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 20
Switch S1 (Final)
S1#sh run
Building configuration...
Current configuration : 1733 bytes
!
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 18 of 20
FastEthernet0/1
FastEthernet0/2
FastEthernet0/3
FastEthernet0/4
FastEthernet0/5
FastEthernet0/6
FastEthernet0/7
FastEthernet0/8
FastEthernet0/9
FastEthernet0/10
FastEthernet0/11
FastEthernet0/12
FastEthernet0/13
FastEthernet0/14
FastEthernet0/15
FastEthernet0/16
FastEthernet0/17
FastEthernet0/18
FastEthernet0/19
FastEthernet0/20
FastEthernet0/21
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 19 of 20
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 20 of 20
L
Lab Te
esting Network
N
Connec
ctivity wiith Ping and Tra
aceroute
e
((Instructo
or Versio
on)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
P
Page 1 of 27
Addressing Table
Device
LOCAL
Interface
IP Address
Subnet Mask
Default Gateway
G0/1
192.168.1.1
255.255.255.0
N/A
S0/0/0 (DCE)
10.1.1.1
255.255.255.252
N/A
S0/0/0
10.1.1.2
255.255.255.252
N/A
S0/0/1 (DCE)
10.2.2.2
255.255.255.252
N/A
G0/1
192.168.3.1
255.255.255.0
N/A
S0/0/1
10.2.2.1
255.255.255.252
N/A
S1
VLAN 1
192.168.1.11
255.255.255.0
192.168.1.1
S3
VLAN 1
192.168.3.11
255.255.255.0
192.168.3.1
PC-A
NIC
192.168.1.3
255.255.255.0
192.168.1.1
PC-C
NIC
192.168.3.3
255.255.255.0
192.168.3.1
ISP
REMOTE
Objectives
Part 1: Build and Configure the Network
Part 3: Use Tracert and Traceroute Commands for Basic Network Testing
Background / Scenario
Ping and traceroute are two tools that are indispensable when testing TCP/IP network connectivity. Ping is a
network administration utility used to test the reachability of a device on an IP network. This utility also
measures the round-trip time for messages sent from the originating host to a destination computer. The ping
utility is available on Windows, Unix-like operating systems (OS), and the Cisco Internetwork Operating
System (IOS).
The traceroute utility is a network diagnostic tool for displaying the route and measuring the transit delays of
packets travelling an IP network. The tracert utility is available on Windows, and a similar utility, traceroute, is
available on Unix-like OS and Cisco IOS.
In this lab, the ping and traceroute commands are examined and command options are explored to modify
the command behavior. Cisco devices and PCs are used in this lab for command exploration. Cisco routers
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 27
Required Resources
3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
2 PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)
Console cables to configure the Cisco IOS devices via the console ports
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 27
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 27
Step 1: Test network connectivity from the LOCAL network using PC-A.
All the pings from PC-A to other devices in the topology should be successful. If they are not, check the
topology and the cabling, as well as the configuration of the Cisco devices and the PCs.
a. Ping from PC-A to its default gateway (LOCALs GigabitEthernet 0/1 interface).
C:\Users\User1> ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 27
TTL
192.168.1.1 (LOCAL)
255
192.168.1.11 (S1)
0*
255
10.1.1.1 (LOCAL)
255
10.1.1.2 (ISP)
20
254
10.2.2.2 (ISP)
20
254
10.2.2.1 (REMOTE)
40
253
192.168.3.1 (REMOTE)
40
253
192.168.3.11 (S3)
40*
252
192.168.3.3 (PC-C)
40
125
*Instructor Note: The average round trip time was increased if the message Request timed out was
displayed during the first ICMP request. The delay was caused by ARP, and this resulted in packet loss.
Notice the average round trip time to 192.168.3.3 (PC-C). The time increased because the ICMP
requests were processed by three routers before PC-A received the reply from PC-C.
C:\Users\User1> ping 192.168.3.3
Pinging 192.168.3.3 with 32 bytes of data:
Reply from 192.168.3.3: bytes=32 time=41ms
Reply from 192.168.3.3: bytes=32 time=41ms
Reply from 192.168.3.3: bytes=32 time=40ms
Reply from 192.168.3.3: bytes=32 time=41ms
TTL=125
TTL=125
TTL=125
TTL=125
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 27
-a
-n
-l
-f
-i
-v
-r
-s
-j
-k
-w
-R
-S
-4
-6
count
size
TTL
TOS
count
count
host-list
host-list
timeout
srcaddr
To illustrate the results when a host is unreachable, disconnect the cable between the REMOTE router
and the S3 switch, or shut down the GigabitEthernet 0/1 interface on the REMOTE router.
Reply from 192.168.3.3: bytes=32 time=41ms TTL=125
Reply from 192.168.1.3: Destination host unreachable.
Reply from 192.168.1.3: Destination host unreachable.
While the network is functioning correctly, the ping command can determine whether the destination
responded and how long it took to receive a reply from the destination. If a network connectivity problem
exists, the ping command displays an error message.
c.
Reconnect the Ethernet cable or enable the GigabitEthernet interface on the REMOTE router (using the
no shutdown command) before moving onto the next step. After about 30 seconds, the ping should be
successful again.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.3.3: bytes=32 time=41ms TTL=125
Reply from 192.168.3.3: bytes=32 time=40ms TTL=125
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 27
Step 3: Test network connectivity from the LOCAL network using Cisco devices.
The ping command is also available on Cisco devices. In this step, the ping command is examined using the
LOCAL router and the S1 switch.
a. Ping PC-C on the REMOTE network using the IP address of 192.168.3.3 from the LOCAL router.
LOCAL# ping 192.168.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/68 ms
The exclamation point (!) indicates that the ping was successful from the LOCAL router to PC-C. The
round trip takes an average of 64 ms with no packet loss, as indicated by a 100% success rate.
b. Because a local host table was configured on the LOCAL router, you can ping PC-C on the REMOTE
network using the hostname configured from the LOCAL router.
LOCAL# ping PC-C
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/63/64 ms
c.
There are more options available for the ping command. At the CLI, type ping and press Enter. Input
192.168.3.3 or PC-C for the Target IP address. Press Enter to accept the default value for other options.
LOCAL# ping
Protocol [ip]:
Target IP address: PC-C
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/63/64 ms
d. You can use an extended ping to observe when there is a network issue. Start the ping command to
192.168.3.3 with a repeat a count of 500. Then, disconnect the cable between the REMOTE router and
the S3 switch or shut down the GigabitEthernet 0/1 interface on the REMOTE router.
Reconnect the Ethernet cable or enable the GigabitEthernet interface on the REMOTE router after the
exclamation points (!) have replaced by the letter U and periods (.). After about 30 seconds, the ping
should be successful again. Press Ctrl+Shift+6 to stop the ping command if desired.
LOCAL# ping
Protocol [ip]:
Target IP address: 192.168.3.3
Repeat count [5]: 500
Datagram size [100]:
Timeout in seconds [2]:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 27
The letter U in the results indicates that a destination is unreachable. An error protocol data unit (PDU)
was received by the LOCAL router. Each period (.) in the output indicates that the ping timed out while
waiting for a reply from PC-C. In this example, 5% of the packets were lost during the simulated network
outage.
Note: You can also use the following command for the same results:
LOCAL# ping 192.168.3.3 repeat 500
or
LOCAL# ping PC-C repeat 500
e. You can also test network connectivity with a switch. In this example, the S1 switch pings the S3 switch
on the REMOTE network.
S1# ping 192.168.3.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 67/67/68 ms
The ping command is extremely useful when troubleshooting network connectivity. However, ping cannot
indicate the location of problem when a ping is not successful. The tracert (or traceroute) command can
display network latency and path information.
Part 3: Use Tracert and Traceroute Commands for Basic Network Testing
The commands for tracing routes can be found on PCs and network devices. For a Windows-based PC, the
tracert command uses ICMP messages to trace the path to the final destination. The traceroute command
utilizes the User Datagram Protocol (UDP) datagrams for tracing routes to the final destination for Cisco
devices and other Unix-like PCs.
In Part 3, you will examine the traceroute commands and determine the path that a packet travels to its final
destination. You will use the tracert command from the Windows PCs and the traceroute command from the
Cisco devices. You will also examine the options that are available for fine tuning the traceroute results.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 27
1
2
3
4
<1
24
48
59
ms
ms
ms
ms
<1
24
48
59
ms
ms
ms
ms
<1
24
48
59
ms
ms
ms
ms
192.168.1.1
10.1.1.2
10.2.2.1
PC-C [192.168.3.3]
Trace complete.
The tracert results indicates the path from PC-A to PC-C is from PC-A to LOCAL to ISP to REMOTE to
PC-C. The path to PC-C traveled through three router hops to the final destination of PC-C.
b. Use the -d option. Notice that the IP address of 192.168.3.3 is not resolved as PC-C.
C:\Users\User1> tracert d 192.168.3.3
Tracing route to 192.168.3.3 over a maximum of 30 hops:
1
2
3
4
<1
24
48
59
ms
ms
ms
ms
<1
24
48
59
ms
ms
ms
ms
<1
24
48
59
ms
ms
ms
ms
192.168.1.1
10.1.1.2
10.2.2.1
192.168.3.3
Trace complete.
Step 3: Use the traceroute command from the LOCAL router to PC-C.
a. At the command prompt, type traceroute 192.168.3.3 or traceroute PC-C on the LOCAL router. The
hostnames are resolved because a local IP host table was configured on the LOCAL router.
LOCAL# traceroute 192.168.3.3
Type escape sequence to abort.
Tracing the route to PC-C (192.168.3.3)
VRF info: (vrf in name/id, vrf out name/id)
1 ISP (10.1.1.2) 16 msec 16 msec 16 msec
2 REMOTE (10.2.2.1) 28 msec 32 msec 28 msec
3 PC-C (192.168.3.3) 32 msec 28 msec 32 msec
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 27
The traceroute command has additional options. You can use the ? or just press Enter after typing
traceroute at the prompt to explore these options.
The following link provides more information regarding the ping and traceroute commands for a Cisco
device:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 27
Step 4: From the LOCAL network, use ping and tracert or traceroute commands to
troubleshoot and correct the problem on the REMOTE network.
a. Use the ping and tracert commands from PC-A.
You can use the tracert command to determine end-to-end network connectivity. This tracert result
indicates that PC-A can reach its default gateway of 192.168.1.1, but PC-A does not have network
connectivity with PC-C.
C:\Users\User1> tracert 192.168.3.3
Tracing route to 192.168.3.3 over a maximum of 30 hops
1
<1 ms
<1 ms
<1 ms 192.168.1.1
2 192.168.1.1 reports: Destination host unreachable.
Trace complete.
One way to locate the network issue is to ping each hop in the network to PC-C. First determine if PC-A
can reach the ISP router Serial 0/0/1 interface with an IP address of 10.2.2.2.
C:\Users\Utraser1> ping 10.2.2.2
Pinging 10.2.2.2 with 32 bytes of data:
Reply from 10.2.2.2: bytes=32 time=41ms
Reply from 10.2.2.2: bytes=32 time=41ms
Reply from 10.2.2.2: bytes=32 time=41ms
Reply from 10.2.2.2: bytes=32 time=41ms
TTL=254
TTL=254
TTL=254
TTL=254
The ping was successful to the ISP router. The next hop in the network is the REMOTE router. Ping the
REMOTE router Serial 0/0/1 interface with an IP address of 10.2.2.1.
C:\Users\User1> ping 10.2.2.1
Pinging 10.2.2.1 with 32 bytes of data:
Reply from 10.2.2.1: bytes=32 time=41ms
Reply from 10.2.2.1: bytes=32 time=41ms
Reply from 10.2.2.1: bytes=32 time=41ms
Reply from 10.2.2.1: bytes=32 time=41ms
TTL=253
TTL=253
TTL=253
TTL=253
PC-A can reach the REMOTE router. Based on the successful ping results from PC-A to the REMOTE
router, the network connectivity issue is with 192.168.3.0/24 network. Ping the default gateway to PC-C,
which is the GigabitEthernet 0/1 interface of the REMOTE router.
C:\Users\User1> ping 192.168.3.1
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 27
PC-A cannot reach the GigabitEthernet 0/1 interface of the REMOTE router, as displayed by the results
from the ping command.
The S3 switch can also be pinged from PC-A to verify the location of the networking connectivity issue by
typing ping 192.168.3.11 at the command prompt. Because PC-A cannot reach GigabitEthernet 0/1 of
the REMOTE router, PC-A probably cannot ping the S3 switch successfully, as indicated by the results
below.
C:\Users\User1> ping 192.168.3.11
Pinging 192.168.3.11 with 32 bytes of data:
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Ping statistics for 192.168.3.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
The tracert and ping results conclude that PC-A can reach the LOCAL, ISP, and REMOTE routers, but
not PC-C or the S3 switch, nor the default gateway for PC-C.
b. Use the show commands to examine the running configurations for the the REMOTE router.
REMOTE# show ip interface brief
Interface
Embedded-Service-Engine0/0
GigabitEthernet0/0
GigabitEthernet0/1
Serial0/0/0
Serial0/0/1
IP-Address
unassigned
unassigned
192.168.8.1
unassigned
10.2.2.1
OK?
YES
YES
YES
YES
YES
Method
unset
unset
manual
unset
manual
Status
Protocol
administratively down down
administratively down down
up
up
administratively down down
up
up
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 27
The outputs of the show run and show ip interface brief commands indicate that the GigabitEthernet
0/1 interface is up/up, but was configured with an incorrect IP address.
c.
TTL=125
TTL=125
TTL=125
TTL=125
<1
24
48
59
ms
ms
ms
ms
<1
24
48
59
ms
ms
ms
ms
<1
24
48
59
ms
ms
ms
ms
192.168.1.1
10.1.1.2
10.2.2.1
PC-C [192.168.3.3]
Trace complete.
Note: This can also be accomplished using ping and traceroute commands from the CLI on the the
LOCAL router and the S1 switch after verifying that there are no network connectivity issues on the
192.168.1.0/24 network.
Reflection
1. What could prevent ping or traceroute responses from reaching the originating device beside network
connectivity issues?
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 27
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 27
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router LOCAL
LOCAL# show running-config
Building configuration...
Current configuration : 1462 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LOCAL
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
memory-size iomem 15
!
!
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 27
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 27
ROUTER ISP
ISP# show running-config
Building configuration...
Current configuration : 1265 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 18 of 27
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 19 of 27
Router REMOTE
REMOTE# show running-config
Building configuration...
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 20 of 27
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 21 of 27
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 22 of 27
Switch S1
S1# show running-config
Building configuration...
Current configuration : 1565 bytes
!
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 23 of 27
FastEthernet0/1
FastEthernet0/2
FastEthernet0/3
FastEthernet0/4
FastEthernet0/5
FastEthernet0/6
FastEthernet0/7
FastEthernet0/8
FastEthernet0/9
FastEthernet0/10
FastEthernet0/11
FastEthernet0/12
FastEthernet0/13
FastEthernet0/14
FastEthernet0/15
FastEthernet0/16
FastEthernet0/17
FastEthernet0/18
FastEthernet0/19
FastEthernet0/20
FastEthernet0/21
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 24 of 27
Switch S3
S3# show running-config
Building configuration...
Current configuration : 1563 bytes
!
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 25 of 27
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 26 of 27
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 27 of 27
Objectives
Explain the need for IPv6 network addresses.
This is an application-based activity. Students develop a plan to show how IoE subnets, unicasts and
multicasts could be used in our daily lives to affect data communication.
Background /Scenario
(Note: This activity may be completed individually or in small/large groups.)
This chapter discussed the ways that small to medium-sized businesses are connected to networks in
groups. The IoE was introduced in the modeling activity at the beginning of this chapter.
For this activity, choose one of the following:
Online banking
World news
Weather forecasting/climate
Traffic conditions
Devise an IPv6 addressing scheme for the area you have chosen. Your addressing scheme should
include how you would plan for:
Subnetting
Unicasts
Multicasts
Keep a copy of your scheme to share with the class or learning community. Be prepared to explain:
Instructor Note: This Modeling Activity is not intended to be a graded assignment. Its purpose is to
encourage students to reflect on their perceptions of how a network could use IPv6 and the undecillion
addresses available both for personal and corporate practice. Instructors should facilitate class discussion
and idea sharing as a result of this activity.
Required Resources
Packet Tracer (if you would like to display how your network would look physically)
Hard or soft copy of the final network topology with IPv6 addressing indicated for sharing with the class.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 3
Reflection
1. What was the hardest part of designing this network model? Explain your answer.
____________________________________________________________________________
Answers will vary within groups (as will the topologies developed). Some students may mention designing
a main group and then subnetted groups from the main group, some may indicate the actual addressing
of the network, some may indicate they had difficulty with where unicasts and multicasts could occur.
Windmills and/or solar panels will be turned on to generate electricity by, city, state or country
(subnetting).
Cities, states or countries will receive additional electricity based on unicast or multicast operation
of the windmills/solar panels.
(Note: Depending on the focus or use of this activity, students could actually draw a schematic of
their windmills or solar panels and address them to show mastery of the subnetting concept. They
could also group the windmills or solar panels to show unicast or multicast transmissions types.
Other possible scenarios might include:
1. Energy Efficiency
- Each household light bulb could be connected to the network and remotely managed. Each one would
therefore need an IPv6 address.
- Each home appliance should also be connected to the network and would also need IPv6.
- The network structure could group all appliances of a home into one subnet. Route summaries could be
created to group neighborhoods together. Unicast messages would be used to manage single devices.
Appliances of the same type could have a multicast group (all TVs, for instance) and managed in bulk.
2. Weather Forecast
- Sensor on trees would need IPv6 addresses to be connected to the network
- Mobile weather stations would also need IPv6 (several stations per city, for accuracy)
- Floating weather stations would gather info about the oceans and rivers and also need IPv6
- Once again route summaries would group/represent physical locations. Multicast groups could be
created based on station placement (land, river, and ocean) and unicast addresses used to manage a
specific station
3. Traffic Conditions
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 3
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 3
Objectives
Explain why routing is necessary for hosts on different subnets to communicate.
Students will recognize that data is delivered more quickly if group addressing identifiers are used.
Students will visualize how communication is facilitated through providing large groups and then
splitting those groups into more manageable parts. After reflecting on how their smartphone or
landline telephone numbers are divided, they can draw inferences to how networking employs the
same practices.
Background /Scenario
In this chapter, you will be learning how devices can be grouped into subnets, or smaller network groups,
from a large network.
In this modeling activity, you are asked to think about a number you probably use every day, a number
such as your telephone number. As you complete the activity, think about how your telephone number
compares to strategies that network administrators might use to identify hosts for efficient data
communication.
Complete the two sections listed below and record your answers. Save the two sections in either hard- or
soft-copy format to use later for class discussion purposes.
Explain how your smartphone or landline telephone number is divided into identifying groups of
numbers. Does your telephone number use an area code? An ISP identifier? A city, state, or country
code?
In what ways does separating your telephone number into managed parts assist in contacting or
communicating with others?
Instructor note: This is an individual or an in-class small/large group modeling activity. It is not intended
to be a graded assignment. Its purpose is to encourage students to reflect on their current knowledge of
how networks are grouped using a numerical basis. Facilitation of the discussion should be initiated as a
result of this Activity.
Instructor note: Please have students adjust their answers to incorporate a country area code if
necessary.
Required Resources
Recording capabilities (paper, tablet, etc.) for reflective comments to be shared with the class.
Reflection
1. Why do you think ISPs need your telephone number when setting up your account parameters?
___________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
Call me!
Example telephone number and identifying groups in that telephone number (if your country uses another
identifier, it would need to be incorporated into this sections answers:
Area Code (or ISP identifier)
City
571
555
Telephone Identifier
1212
571 directs calls from my telephone showing the general, geographic location of my ISP or state. I wish to call
someone in another state or through a different ISP, the area code or ISP identifier will be different.
555 indicates the city from which I am calling and this helps to route my communications to the correct switches
or routers.
1212 indicates my personal smartphone or landline telephone identifier when combined with the first two groups.
This enables my telephone to receive the communication after being processed, generally, through my area
code/ISP and city identifiers.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
Objectives
Part 1: Review Available Subnet Calculators
Part 2: Perform Network Calculations Using a Subnet Calculator
Background / Scenario
While it is important to understand how to convert a decimal IP address to its binary format and apply the
bitwise ANDing operation to determine the network address, it is also a tedious and mistake-prone process.
To assist with these calculations, many network administrators make use of an IP subnet calculator utility
program. A number of these types of programs have been developed that can be downloaded or run directly
from the Internet.
In this lab, you will be introduced to a few of the free IP subnet calculators that are available. You will use a
web-based IP subnet calculator to perform the network operations in this lab.
Required Resources
Device with Internet access
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 5
b. On the IP Subnet Calculator screen, enter an IP address and subnet mask or an IP address and CIDR
prefix notation. Examples of how to enter each of these are shown in the Introduction area.
c.
In the Application field, enter 192.168.50.50/27 and click Calc!. The next screen displays a table with
network information in both decimal and binary formats.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 5
Decimal
Binary
Address
10.223.23.136
00001010.11011111.00010111.10001000
Subnet mask
255.192.0.0
11111111.11000000.00000000.00000000
Network address
10.192.0.0
00001010.11000000.00000000.00000000
Broadcast address
10.255.255.255
00001010.11111111.11111111.11111111
10.192.0.1
00001010.11000000.00000000.00000001
10.255.255.254
00001010.11111111.11111111.11111110
4,194,302
N/A
Step 2: Fill in the following table for the 172.18.255.92 address with a subnet mask of
255.255.224.0:
Description
Decimal
Binary
Address
172.18.255.92
10101100.00010010.11111111.01011100
Subnet mask
255.255.224.0
11111111.11111111.11100000.00000000
Network address
172.18.224.0
10101100.00010010.11100000.00000000
Broadcast address
172.18.255.255
10101100.00010010.11111111.11111111
172.18.224.1
10101100.00010010.11100000.00000001
172.18.255.254
10101100.00010010.11111111.11111110
8,190
N/A
What is the CIDR prefix notation for this network? ________ /19
What type of address, public, or private? _____________ Private
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 5
Step 3: Fill in the following table using the 192.168.184.78 address with a subnet mask of
255.255.255.252:
Description
Decimal
Binary
Address
192.168.184.78
11000000.10101000.10111000.01001110
Subnet mask
255.255.255.252
11111111.11111111.11111111.11111100
Network address
192.168.184.76
11000000.10101000.10111000.01001100
Broadcast address
192.168.184.79
11000000.10101000.10111000.01001111
192.168.184.77
11000000.10101000.10111000.01001101
192.168.184.78
11000000.10101000.10111000.01001110
N/A
What is the CIDR prefix notation for this network? ________ /30
What type of address, public, or private? _____________ Private
Where would you most likely find a network like this being used?
_______________________________________________________________________________________
Answers may vary, but a good use for a /30 network is on serial link between two routers. Only two host
addresses are needed for this type of link.
Decimal
Binary
Address
209.165.200.225
11010001.10100101.11001000.11100001
Subnet mask
255.255.255.224
11111111.11111111.11111111.11100000
Network address
209.165.200.224
11010001.10100101.11001000.11100000
Broadcast address
209.165.200.255
11010001.10100101.11001000.11111111
209.165.200.225
11010001.10100101.11001000.11100001
209.165.200.254
11010001.10100101.11001000.11111110
30
N/A
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 5
Decimal
Binary
Address
64.104.110.7
01000000.01101000.01101110.00000111
Subnet mask
255.255.240.0
11111111.11111111.11110000.00000000
Network address
64.104.96.0
01000000.01101000.01100000.00000000
Broadcast address
64.104.111.255
01000000.01101000.01101111.11111111
64.104.96.1
01000000.01101000.01100000.00000001
64.104.111.254
01000000.01101000.01101111.11111110
4096
N/A
Reflection
1. What is an advantage of using a client-based subnet calculator?
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers may vary. Client-based subnet calculators do not require Internet access.
2. What is an advantage of using a web-based subnet calculator?
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers may vary, but web-based subnet calculators do not require download and installation. They can be
accessed by any device with Internet access, including mobile devices such as a smart phones and tablets.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 5
Objectives
Part 1: Determine IPv4 Address Subnetting
Background / Scenario
The ability to work with IPv4 subnets and determine network and host information based on a given IP
address and subnet mask is critical to understanding how IPv4 networks operate. The first part is designed to
reinforce how to compute network IP address information from a given IP address and subnet mask. When
given an IP address and subnet mask, you will be able to determine other information about the subnet such
as:
Network address
Broadcast address
In the second part of the lab, for a given IP address and subnet mask, you will determine such information as
follows:
Instructor Note: This activity can be done in class or assigned as homework. If the assignment is done in
class, you may wish to have students work alone or in teams of 2 students each. It is suggested that the first
problem is done together in class to give students guidance as to how to proceed for the rest of the
assignment.
The public IP addresses used in this lab are owned by Cisco.
Required Resources
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 8
192.168.10.10
Subnet Mask
255.255.255.0
==========
Result (Network)
192.168.10.0
Knowing this, you may only have to perform binary ANDing on an octet that does not have 255 or 0 in its
subnet mask portion.
Example:
IP Address
172.30.239.145
Subnet Mask
255.255.192.0
Analyzing this example, you can see that you only have to perform binary ANDing on the third octet. The first
two octets will result in 172.30 due to the subnet mask. The fourth octet will result in 0 due to the subnet
mask.
IP Address
172.30.239.145
Subnet Mask
255.255.192.0
==========
Result (Network)
172.30.?.0
Binary
239
11101111
192
11000000
=======
Result
192
11000000
172.30.239.145
Subnet Mask
255.255.192.0
==========
Result (Network)
172.30.192.0
Continuing with this example, determining the number of hosts per network can be calculated by analyzing
the subnet mask. The subnet mask will be represented in dotted decimal format, such as 255.255.192.0, or in
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 8
Network Address
Broadcast Address
Total Number
of Host Bits
Total Number
of Hosts
192.168.100.25/28
192.168.100.16
192.168.100.31
14
172.30.10.130/30
172.30.10.128
172.30.10.131
10.1.113.75/19
10.1.96.0
10.1.127.255
13
8190
198.133.219.250/24
198.133.219.0
198.133.219.255
254
128.107.14.191/22
128.107.12.0
128.107.15.255
10
1022
172.16.104.99/27
172.16.104.96
172.16.104.127
30
The following example shows a sample problem along with the solution for solving this problem:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 8
Given:
Host IP Address:
172.16.77.120
255.255.0.0
255.255.240.0
Find:
16
12
4,094
172.16.64.0
172.16.64.1
172.16.79.254
172.16.79.255
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 8
1st Octet
Description
2nd Octet
3rd Octet
4th Octet
Description
Network/Host
nnnnnnnn
nnnnnnnn
nnnnhhhh
hhhhhhhh
Subnet Mask
Binary
10101100
00010000
01000000
00000001
First Host
Decimal
172
16
64
First Host
Binary
10101100
00010000
01001111
11111110
Last Host
Decimal
172
16
79
254
Last Host
Binary
10101100
00010000
01001111
11111111
Broadcast
Decimal
172
16
79
255
Broadcast
Step 1: Fill out the tables below with appropriate answers given the IPv4 address, original
subnet mask, and new subnet mask.
a. Problem 1:
Given:
Host IP Address:
192.168.200.139
255.255.255.0
255.255.255.224
Find:
30
192.168.200.128
192.168.200.129
192.168.200.158
192.168.200.159
b. Problem 2:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 8
Given:
Host IP Address:
10.101.99.228
255.0.0.0
255.255.128.0
Find:
c.
512
15
32,766
10.101.0.0
10.101.0.1
10.101.127.254
10.101.127.255
Problem 3:
Given:
Host IP Address:
172.22.32.12
255.255.0.0
255.255.224.0
Find:
13
8,190
172.22.32.0
172.22.32.1
172.22.63.254
172.22.63.255
d. Problem 4:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 8
Given:
Host IP Address:
192.168.1.245
255.255.255.0
255.255.255.252
Find:
64
192.168.1.244
192.168.1.245
192.168.1.246
192.168.1.247
e. Problem 5:
Given:
Host IP Address:
128.107.0.55
255.255.0.0
255.255.255.0
Find:
f.
256
254
128.107.0.0
128.107.0.1
128.107.0.254
128.107.0.255
Problem 6:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 8
Given:
Host IP Address:
192.135.250.180
255.255.255.0
255.255.255.248
Find:
32
192.135.250.176
192.135.250.177
192.135.250.182
192.135.250.183
Reflection
Why is the subnet mask so important when analyzing an IPv4 address?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
The subnet mask determines everything about the address: the network, number of host bits, number of hosts
and the broadcast address. Merely looking at an IPv4 address tells you nothing. You need the subnet mask to
fill in all the important pieces of information.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 8
Objectives
Parts 1 to 5, for each network topology:
Determine the number of subnets.
Design an appropriate addressing scheme.
Assign addresses and subnet mask pairs to device interfaces.
Examine the use of the available network address space and future growth potential.
Background / Scenario
When given a network topology, it is important to be able to determine the number of subnets required. In this
lab, several scenario topologies will be provided, along with a base network address and mask. You will
subnet the network address and provide an IP addressing scheme that will accommodate the number of
subnets displayed in the topology diagram. You must determine the number of bits to borrow, the number of
hosts per subnet, and potential for growth as specified by the instructions.
How many usable host addresses per subnet are in this addressing scheme? ___________ 126
d. What is the new subnet mask in dotted decimal format? _________________________ 255.255.255.128
e. How many subnets are available for future use? _______________ 0
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 9
Subnet
Number
Subnet Address
Broadcast
Address
192.168.10.0
192.168.10.1
192.168.10.126
192.168.10.127
192.168.10.128
192.168.10.129
192.168.10.254
192.168.10.255
2
3
4
5
How many usable host addresses per subnet are in this addressing scheme? ___________ 62
d. What is the new subnet mask in dotted decimal format? _________________________ 255.255.255.192
e. How many subnets are available for future use? _______________ 0
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 9
Subnet
Number
Subnet Address
Broadcast
Address
192.168.10.0
192.168.10.1
192.168.10.62
192.168.10.63
192.168.10.64
192.168.10.65
192.168.10.126
192.168.10.127
192.168.10.128
192.168.10.129
192.168.10.190
192.168.10.191
192.168.10.192
192.168.10.193
192.168.10.254
192.168.10.255
4
5
6
7
How many usable host addresses per subnet are in this addressing scheme? ___________ 30
d. What is the new subnet mask in dotted decimal format? _________________________ 255.255.255.224
e. How many subnets are available for future use? _______________ 2
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 9
Subnet Address
Broadcast
Address
192.168.10.0
192.168.10.1
192.168.10.30
192.168.10.31
192.168.10.32
192.168.10.33
192.168.10.62
192.168.10.63
192.168.10.64
192.168.10.65
192.168.10.94
192.168.10.95
192.168.10.96
192.168.10.97
192.168.10.126
192.168.10.127
192.168.10.128
192.168.10.129
192.168.10.158
192.168.10.159
192.168.10.160
192.168.10.161
192.168.10.190
192.168.10.191
192.168.10.192
192.168.10.193
192.168.10.222
192.168.10.223
192.168.10.224
192.168.10.225
192.168.10.254
192.168.10.255
8
9
10
R2
R3
Interface
IP Address
Subnet Mask
GigabitEthernet 0/1
192.168.10.1
255.255.255.224
Serial 0/0/0
192.168.10.33
255.255.255.224
Serial 0/0/1
192.168.10.65
255.255.255.224
GigabitEthernet 0/1
192.168.10.97
255.255.255.224
Serial 0/0/0
192.168.10.34
255.255.255.224
Serial 0/0/1
192.168.10.129
255.255.255.224
GigabitEthernet 0/1
192.168.10.161
255.255.255.224
Serial 0/0/0
192.168.10.66
255.255.255.224
Serial 0/0/1
192.168.10.130
255.255.255.224
b. Fill in the following table with the IP addresses and subnet masks for devices in the LAN as displayed in
topology.
Instructor Note: These are suggested IP addresses based on using the first 6 subnets from the table
above as assigned to each segment.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 9
Device
Interface
IP Address
Subnet Mask
Default Gateway
PC-A
NIC
192.168.10.30
255.255.255.224
192.168.10.1
PC-B
NIC
192.168.10.29
255.255.255.224
192.168.10.1
S1
VLAN 1
192.168.10.2
255.255.255.224
192.168.10.1
PC-C
NIC
192.168.10.126
255.255.255.224
192.168.10.97
PC-D
NIC
192.168.10.125
255.255.255.224
192.168.10.97
S2
VLAN 1
192.168.10.98
255.255.255.224
192.168.10.97
PC-E
NIC
192.168.10.190
255.255.255.224
192.168.10.161
PC-F
NIC
192.168.10.189
255.255.255.224
192.168.10.161
S3
VLAN 1
192.168.10.162
255.255.255.224
192.168.10.161
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 9
How many usable host addresses per subnet are in this addressing scheme? ___________ 14
d. What is the new subnet mask in dotted decimal format? _________________________ 255.255.255.240
Subnet Address
Broadcast
Address
192.168.10.0
192.168.10.1
192.168.10.14
192.168.10.15
192.168.10.16
192.168.10.17
192.168.10.30
192.168.10.31
192.168.10.32
192.168.10.33
192.168.10.46
192.168.10.47
192.168.10.48
192.168.10.49
192.168.10.62
192.168.10.63
192.168.10.64
192.168.10.65
192.168.10.78
192.168.10.79
192.168.10.80
192.168.10.81
192.168.10.94
192.168.10.95
192.168.10.96
192.168.10.97
192.168.10.110
192.168.10.111
192.168.10.112
192.168.10.111
192.168.10.126
192.168.10.127
192.168.10.128
192.168.10.129
192.168.10.142
192.168.10.143
192.168.10.144
192.168.10.145
192.168.10.158
192.168.10.159
10
192.168.10.160
192.168.10.161
192.168.10.174
192.168.10.175
11
192.168.10.176
192.168.10.177
192.168.10.190
192.168.10.191
12
192.168.10.192
192.168.10.193
192.168.10.206
192.168.10.207
13
192.168.10.208
192.168.10.209
192.168.10.222
192.168.10.223
14
192.168.10.224
192.168.10.225
192.168.10.238
192.168.10.239
15
192.168.10.240
192.168.10.241
192.168.10.254
192.168.10.255
16
17
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 9
How many usable host addresses per subnet are in this addressing scheme? ___________ 2046
d. What is the new subnet mask in dotted decimal format? _________________________ 255.255.248.0
e. How many subnets are available for future use? _______________ 7
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 9
Subnet
Number
Subnet Address
Broadcast
Address
172.16.128.0
172.16.128.1
172.16.135.254
172.16.135.255
172.16.136.0
172.16.136.1
172.16.143.254
172.16.143.255
172.16.144.0
172.16.144.1
172.16.151.254
172.16.151.255
172.16.152.0
172.16.152.1
172.16.159.254
172.16.159.255
172.16.160.0
172.16.160.1
172.16.167.254
172.16.167.255
172.16.168.0
172.16.168.1
172.16.175.254
172.16.175.255
172.16.176.0
172.16.176.1
172.16.183.254
172.16.183.255
172.16.184.0
172.16.184.1
172.16.191.254
172.16.191.255
172.16.192.0
172.16.192.1
172.16.199.254
172.16.199.255
172.16.200.0
172.16.200.1
172.16.207.254
172.16.207.255
10
172.16.208.0
172.16.208.1
172.16.215.254
172.16.215.255
11
172.16.216.0
172.16.216.1
172.16.223.254
172.16.223.255
12
172.16.224.0
172.16.224.1
172.16.231.254
172.16.231.255
13
172.16.232.0
172.16.232.1
172.16.239.254
172.16.239.255
14
172.16.240.0
172.16.240.1
172.16.247.254
172.16.247.255
15
172.16.248.0
172.16.248.1
172.16.255.254
172.16.255.255
16
17
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 9
Device
R1
R2
R3
Interface
IP Address
Subnet Mask
GigabitEthernet 0/0
172.16.128.1
255.255.248.0
GigabitEthernet 0/1
172.16.136.1
255.255.248.0
Serial 0/0/0
172.16.144.1
255.255.248.0
Serial 0/0/1
172.16.152.1
255.255.248.0
GigabitEthernet 0/0
172.16.160.1
255.255.248.0
GigabitEthernet 0/1
172.16.168.1
255.255.248.0
Serial 0/0/0
172.16.144.2
255.255.248.0
Serial 0/0/1
172.16.176.1
255.255.248.0
GigabitEthernet 0/0
172.16.184.1
255.255.248.0
GigabitEthernet 0/1
172.16.192.1
255.255.248.0
Serial 0/0/0
172.16.152.2
255.255.248.0
Serial 0/0/1
172.16.176.2
255.255.248.0
Reflection
1. What information is needed when determining an appropriate addressing scheme for a network?
_______________________________________________________________________________________
_______________________________________________________________________________________
Number of networks and hosts are needed when determining an appropriate addressing scheme for a
network.
2. After the subnets are assigned, will all the host addresses be utilized in each subnet?
_______________________________________________________________________________________
_______________________________________________________________________________________
No. For the WAN serial links, only two addresses will be utilized. For the subnets with host PCs, all the
addresses can be used in each subnet.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 9
L
Lab - De
esigning
g and Im
mplementing a S
Subnette
ed IPv4 A
Address
sing
S
Scheme
e (Instruc
ctor Version)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
A
Addressing
g Table
Device
R1
R
Interface
IP Add
dress
S
Subnet Mask
Default Gateway
G0/0
N/A
G0/1
N/A
Lo0
N/A
Lo1
N/A
S1
S
VLAN 1
PC-A
P
NIC
PC-B
P
NIC
N/A
N/A
A
N/A
O
Objectives
Part 1: De
esign a Netw
work Subnettting Scheme
Comp
plete the diagram, showing
g where the ho
ost IP addressses will be ap
pplied.
Part 2: Co
onfigure the Devices
Assign an IP addre
ess, subnet mask,
m
and defa
ault gateway to the PCs.
Config
gure the route
er Gigabit Eth
hernet interfac
ces with an IP
P address and
d subnet massk.
Part 3: Te
est and Troubleshoot the
e Network
Verify
y and troubles
shoot network
k connectivity using ping.
B
Backgroun
nd / Scenarrio
In this lab
b, starting from
m a single nettwork address
s and networkk mask, you w
will subnet the
e network into
o multiple
subnets. The
T subnet sc
cheme should
d be based on
n the numberr of host comp
puters require
ed in each subnet, as
well as other network considerations
c
s, like future network
n
host expansion.
P
Page 1 of 11
L
Lab - Designing and Impllementing a Subnetted
S
IP
Pv4 Address
sing Scheme
After you have created
d a subnetting
g scheme and
d completed th
he network diiagram by filling in the host and
I addresses, you will configure the hos
st PCs and ro
outer interface
es, including lloopback inte
erfaces.
interface IP
The loopb
back interface
es are created
d to simulate additional
a
LA
ANs attached tto router R1.
After the network
n
devic
ces and host PCs have bee
en configured
d, you will use
e the ping command to tesst for
network connectivity.
c
This lab provides
p
minim
mal assistanc
ce with the acttual command
ds necessaryy to configure the router. However,
the requirred commands are provide
ed in Appendix
x A. Test you
ur knowledge by trying to cconfigure the d
devices
without re
eferring to the appendix.
Note: The
e routers used
d with CCNA hands-on lab
bs are Cisco 1
1941 Integrate
ed Services R
Routers (ISRss) with
Cisco IOS
S Release 15..2(4)M3 (univ
versalk9 image). The switch
hes used are
e Cisco Catalyyst 2960s with
h Cisco
IOS Relea
ase 15.0(2) (lanbasek9 ima
age). Other ro
outers, switch
hes and Cisco
o IOS version
ns can be use
ed.
Depending on the mod
del and Cisco IOS version, the comman
nds available a
and output prroduced migh
ht vary
from whatt is shown in the
t labs. Refe
er to the Routter Interface S
Summary Tab
ble at this end
d of the lab fo
or the
correct intterface identiffiers.
Note: Make sure that the routers an
nd switches ha
ave been era
ased and have
e no startup cconfigurationss. If you
are unsurre, contact your instructor.
Instructo
or Note: Referr to the Instructor Lab Man
nual for the prrocedures to iinitialize and reload device
es.
R
Required Resources
R
1 Rou
uter (Cisco 19
941 with Cisco
o IOS Releas
se 15.2(4)M3 universal ima
age or compa
arable)
1 Switch (Cisco 29
960 with Cisco
o IOS Release 15.0(2) lanb
basek9 image
e or compara
able)
2 PCs
s (Windows 7,
7 Vista, or XP
P with termina
al emulation p
program, such
h as Tera Term)
Conso
ole cables to configure the
e Cisco IOS devices via the
e console porrts
Ethernet cables as
s shown in the
e topology
e Gigabit Ethe
ernet interface
es on Cisco 1941
1
routers a
are autosensiing. An Etherrnet straight-th
hrough
Note: The
cable may
y be used bettween the rou
uter and PC-B
B. If using ano
other Cisco ro
outer model, it may be neccessary to
use an Ethernet crosso
over cable.
P
Part 1: Design
D
a Network
N
Subnetting Schem
me
S
Step 1: Cre
eate a subn
netting sche
eme that me
eets the req
quired numb
ber of subn
nets and req
quired
number of hos
st addresse
es.
In this sce
enario, you arre a network administrator
a
for a small su
ubdivision witthin a larger ccompany. You
u must
create mu
ultiple subnets
s out of the 19
92.168.0.0/24
4 network add
dress space tto meet the fo
ollowing requirements:
The second
s
subne
et is the admin
nistration netw
work. You nee
ed a minimum
m of 10 IP add
dresses.
The th
hird and fourtth subnets are
e reserved as
s virtual netwo
orks on virtua
al router interffaces, loopbacck 0 and
loopback 1. These virtual routerr interfaces simulate LANss attached to R
R1.
You also
a
need two
o additional un
nused subnetts for future ne
etwork expan
nsion.
P
Page 2 of 11
(/25) 11111111.11111111.11111111.10000000
Dotted decimal subnet mask equivalent: ________________________________
255.255.255.128
Number of subnets? ________________, Number of hosts? ________________
Two subnets (21) and 128 hosts (27) 2 = 126 hosts per subnet
(/26) 11111111.11111111.11111111.11000000
Dotted decimal subnet mask equivalent: ________________________________
255.255.255.192
Number of subnets? ________________, Number of hosts? ________________
Four subnets (22) and 64 hosts (26) 2 = 62 hosts per subnet
(/27) 11111111.11111111.11111111.11100000
Dotted decimal subnet mask equivalent: ________________________________
255.255.255.224
Number of subnets? ________________ Number of hosts? ________________
Eight subnets (23) and 32 hosts (25) 2 = 30 hosts per subnet
(/28) 11111111.11111111.11111111.11110000
Dotted decimal subnet mask equivalent: ________________________________
255.255.255.240
Number of subnets? ________________ Number of hosts? _________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 11
(/29) 11111111.11111111.11111111.11111000
Dotted decimal subnet mask equivalent: ________________________________
255.255.255.248
Number of subnets? ________________ Number of hosts? _________________
Thirty two subnets (25) and 8 hosts (23) 2 = 6 hosts per subnet
(/30) 11111111.11111111.11111111.11111100
Dotted decimal subnet mask equivalent: ________________________________
255.255.255.252
Number of subnets? ________________ Number of hosts? _________________
Sixty four subnets (26) and 4 hosts (22) 2 = 2 hosts per subnet
6) Considering your answers, which subnet masks meet the required number of minimum host
addresses?
________________________________________________________________________________
/25, /26, /27
7) Considering your answers, which subnet masks meets the minimum number of subnets required?
________________________________________________________________________________
/27, /28, /29, /30 will give the required number of subnets.
8) Considering your answers, which subnet mask meets both the required minimum number of hosts
and the minimum number of subnets required?
________________________________________________________________________________
/27 will give you eight subnets, which is greater than the minimum of five required, and 30 hosts per
subnet, which is greater than the 25 hosts required for the first subnet.
9) When you have determined which subnet mask meets all of the stated network requirements, you will
derive each of the subnets starting from the original network address. List the subnets from first to
last below. Remember that the first subnet is 192.168.0.0 with the newly acquired subnet mask.
Subnet Address
___________________ /
____
__________________________
___________________ /
____
__________________________
___________________ /
____
__________________________
___________________ /
____
__________________________
___________________ /
____
__________________________
___________________ /
____
__________________________
___________________ /
____
__________________________
___________________ /
____
__________________________
___________________ /
____
__________________________
___________________ /
____
__________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 11
L
Lab - Designing and Impllementing a Subnetted
S
IP
Pv4 Address
sing Scheme
S
Step 2: Co
omplete the diagram sh
howing whe
ere the hostt IP address
ses will be a
applied.
On the folllowing lines provided,
p
fill in
n the IP addre
esses and su
ubnets maskss in slash preffix notation. O
On the
router, use the first usa
able address in each subne
et for each off the interface
es, Gigabit Eth
hernet 0/0, Gigabit
Ethernet 0/1,
0 loopback
k 0, and loopb
back 1. Fill in an
a IP addresss for both PC
C-A and PC-B. Also enter th
his
informatio
on into the Addressing Tab
ble on Page 1.
The addre
esses of the router
r
Gigabitt Ethernet 0/0, Gigabit Ethe
ernet 0/1, loo pback 0 and loopback 1 in
nterfaces
would be: 192.168.0.1//27, 192.168.0.33/27, 192..168.0.65/27, 192.168.0.97
7/27. If the Giigabit 0/0 inte
erface is
the first su
ubnet then PC
C-Bs IP address would be
e a number be
etween 192.168.0.2 and 19
92.168.0.30. If the
Gigabit 0//1 interface is the second subnet,
s
then PC-As
P
IP add
dress would b
be a number b
between 192.168.0.34
and 192.1
168.0.62.
P
Part 2: Configure
C
e the Devices
In Part 2, set up the ne
etwork topolog
gy and configure basic setttings on the P
PCs and route
er, such as th
he router
Gigabit Etthernet interfa
ace IP addres
sses, and the PCs IP addrresses, subne
et masks, and
d default gate
eways.
Refer to th
he Addressing Table for de
evice names and address information.
Note: App
pendix A prov
vides configurration details for the steps in Part 2. You
u should attem
mpt to comple
ete Part 2
prior to re
eviewing Appe
endix A.
S
Step 1: Co
onfigure the
e router.
a. Enter into privilege
ed EXEC mod
de and then global config m
mode.
b. Assign the R1 as the hostname for the router.
c.
Config
gure both the
e G0/0 and G0
0/1 interfaces
s with IP addre
esses and su
ubnet masks, and then ena
able them.
d. Loopb
back interface
es are created
d to simulate additional LA
ANs on R1 rou
uter. Configurre the loopbacck
interfa
aces with IP addresses
a
and subnet mas
sks. After theyy are created
d, loopback intterfaces are e
enabled,
by default. (To crea
ate the loopback addresse
es, enter the ccommand inte
erface loopb
back 0 at the global
config
g mode)
Note: You can create additional loopbacks fo
or testing with
h different add
dressing sche
emes, if desirred.
e. Save the running configuration
c
to
t the startup
p configuration
n file.
S
Step 2: Co
onfigure the
e PC interfac
ces.
a. Config
gure the IP ad
ddress, subne
et mask, and default gatew
way settings o
on PC-A.
b. Config
gure the IP ad
ddress, subne
et mask, and default gatew
way settings o
on PC-B.
P
Page 5 of 11
L
Lab - Designing and Impllementing a Subnetted
S
IP
Pv4 Address
sing Scheme
P
Part 3: Test
T
and Troubles
T
hoot the Network
In Part 3, you will use the
t ping command to test network conn
nectivity.
a. Test to
t see if PC-A
A can communicate with its
s default gate
eway. From PC
C-A, open a ccommand pro
ompt and
ping the
t IP address
s of the route
er Gigabit Ethe
ernet 0/1 inte
erface. Do you
u get a reply?
? __________
________
If the PC and route
er interface ha
ave been con
nfigured corre ctly then the ping should b
be successful. If not,
check
k items d and e below.
b. Test to
t see if PC-B
B can communicate with its
s default gate
eway. From PC
C-B, open a ccommand pro
ompt and
ping the
t IP address
s of the route
er Gigabit Ethe
ernet 0/0 inte
erface. Do you
u get a reply?
? __________
_______
If the PC and route
er interface ha
ave been con
nfigured corre ctly then the ping should b
be successful. If not,
check
k items d and e below.
c.
Test to
t see if PC-A
A can communicate with PC
C-B. From PC
C-A, open a ccommand pro
ompt and ping
g the IP
addre
ess of PC-B. Do
D you get a reply? _____
____________
__
If both
h PCs and the
e router Gigabit Ethernet in
nterfaces havve been config
gured correcttly, then the p
pings
should be success
sful. If not, che
eck items d and e below.
R
Reflection
1
1. Subnetting one larger network
n
into multiple
m
smaller subnetworrks allows forr greater flexib
bility and secu
urity in
d
Howev
ver, what do you
y think som
me of the draw
wbacks are w
when the subn
nets are limite
ed to
network design.
being the same size?
________
___________
____________
___________
___________
____________
____________
___________
________
________
___________
____________
___________
___________
____________
____________
___________
________
Answers will
w vary. Stud
dents may suggest that, be
ecause some subnetworkss require man
ny ip addresse
es and
others req
quire only a fe
ew, having all of the subne
ets the same ssize is not the
e most efficien
nt way to divide the
subnets.
2
2. Why do yo
ou think the gateway/route
g
er IP address is usually the
e first usable IP address in
n the network?
?
________
___________
____________
___________
___________
____________
____________
___________
________
________
___________
____________
___________
___________
____________
____________
___________
________
Answers will
w vary. It ma
ay be sugges
sted that the router
r
or gatew
way is like a door to the ne
etwork and th
herefore it
is logical that
t
its addres
ss is at the be
eginning of th
he network. It is purely a co
onvention how
wever, and th
herefore
the routerr does not hav
ve to have the
e first or last address
a
in the
e network.
P
Page 6 of 11
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Router(config)#
c.
d. Configure both the G0/0 and G0/1 interfaces with IP addresses and subnet masks, and enable them.
R1(config)# interface g0/0
R1(config-if)# ip address <ip address> <subnet mask>
R1(config-if)# no shutdown
R1(config-if)# interface g0/1
R1(config-if)# ip address <ip address> <subnet mask>
R1(config-if)# no shutdown
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 11
L
Lab - Designing and Impllementing a Subnetted
S
IP
Pv4 Address
sing Scheme
e. Loopb
back interface
es are created
d to simulate additional LA
ANs off of routter R1. Config
gure the loopback
interfa
aces with IP addresses
a
and subnet mas
sks. When the
ey are created, loopback in
nterfaces are
e enabled,
by default.
onfig)# in
nterface lo
oopback 0
R1(co
R1(co
onfig-if)#
# ip addres
ss <ip add
dress> <sub
bnet mask>
>
R1(co
onfig-if)#
# interface
e loopback
k 1
R1(co
onfig-if)#
# ip addres
ss <ip add
dress> <sub
bnet mask>
>
R1(co
onfig-if)#
# end
f.
S
Step 2: Co
onfigure the
e PC interfac
ces.
a. Config
gure the IP ad
ddress, subne
et mask, and default gatew
way settings o
on PC-A.
b. Config
gure the IP ad
ddress, subne
et mask, and default gatew
way settings o
on PC-B.
P
Page 8 of 11
Device Configs
Router R1
R1#show run
Building configuration...
Current configuration : 1518 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
no ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
ip cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
!
redundancy
!
!
!
!
interface Loopback0
ip address 192.168.0.65 255.255.255.224
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 11
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 11
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 11
Topology
Objectives
Part 1: Examine Network Requirements
Part 2: Design the VLSM Address Scheme
Part 3: Cable and Configure the IPv4 Network
Background / Scenario
Variable Length Subnet Mask (VLSM) was designed to avoid wasting IP addresses. With VLSM, a network is
subnetted and then re-subnetted. This process can be repeated multiple times to create subnets of various
sizes based on the number of hosts required in each subnet. Effective use of VLSM requires address
planning.
In this lab, use the 172.16.128.0/17 network address to develop an address scheme for the network displayed
in the topology diagram. VLSM is used to meet the IPv4 addressing requirements. After you have designed
the VLSM address scheme, you will configure the interfaces on the routers with the appropriate IP address
information.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). Other routers and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers have been erased and have no startup configurations. If you are unsure,
contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
This lab can be performed in multiple sessions if time is an issue. Parts 1 and 2 are paper based and can be
assigned as homework. Part 3 is Hands-on and requires lab equipment.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 12
Required Resources
3 routers (Cisco 1941 with Cisco IOS software, Release 15.2(4)M3 universal image or comparable)
1 PC (with terminal emulation program, such as Tera Term, to configure routers)
Console cable to configure the Cisco IOS devices via the console ports
Ethernet (optional) and serial cables, as shown in the topology
Windows Calculator (optional)
Step 1: Determine how many host addresses and subnets are available.
How many host addresses are available in a /17 network? ________ 32,766
What is the total number of host addresses needed in the topology diagram? ________ 31,506
How many subnets are needed in the network topology? ______ 9
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 12
Number of
Hosts Needed
Network Address
/CIDR
First Host
Address
Broadcast
Address
HQ G0/0
16,000
172.16.128.0/18
172.16.128.1
172.16.191.255
HQ G0/1
8,000
172.16.192.0/19
172.16.192.1
172.16.223.255
BR1 G0/1
4,000
172.16.224.0/20
172.16.224.1
172.16.239.255
BR1 G0/0
2,000
172.16.240.0/21
172.16.240.1
172.16.247.255
BR2 G0/1
1,000
172.16.248.0/22
172.16.248.1
172.16.251.255
BR2 G0/0
500
172.16.252.0/23
172.16.252.1
172.16.253.255
172.16.254.0/30
172.16.254.1
172.16.254.3
172.16.254.4/30
172.16.254.5
172.16.254.7
172.16.254.8/30
172.16.254.9
172.168.254.11
Subnet Description
Interface
IP Address
Subnet Mask
Device Interface
G0/0
172.16.128.1
255.255.192.0
G0/1
172.16.192.1
255.255.224.0
S0/0/0
172.16.254.1
255.255.255.252
BR1 S0/0/0
S0/0/1
172.16.254.5
255.255.255.252
BR2 S0/0/1
G0/0
172.16.240.1
255.255.248.0
G0/1
172.16.224.1
255.255.240.0
S0/0/0
172.16.254.2
255.255.255.252
HQ S0/0/0
S0/0/1
172.16.254.9
255.255.255.252
BR2 S0/0/0
G0/0
172.16.252.1
255.255.254.0
G0/1
172.16.248.1
255.255.252.0
S0/0/0
172.16.254.10
255.255.255.252
BR1 S0/0/1
S0/0/1
172.16.254.6
255.255.255.252
HQ S0/0/1
HQ
BR1
BR2
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 12
g. Create a banner that will warn anyone accessing the device that unauthorized access is prohibited.
Reflection
Can you think of a shortcut for calculating the network addresses of consecutive /30 subnets?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers may vary. A /30 network has 4 address spaces: the network address, 2 host addresses, and a
broadcast address. Another technique for obtaining the next /30 network address would be to take the
network address of the previous /30 network and add 4 to the last octet.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 12
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router BR1 (Final Configuration)
BR1#sh run
Building configuration...
Current configuration : 1555 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BR1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
memory-size iomem 15
!
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 12
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 12
Objectives
Calculate the necessary subnet mask in order to accommodate a given number of hosts.
Subnetting is hierarchical and can help deliver network traffic more easily if small groups of IP addresses
are designed to serve network needs.
Background /Scenario
Note: This activity may be completed individually or in small/large groups using Packet Tracer software.
You are setting up a dedicated, computer addressing scheme for patient rooms in a hospital. The
switch will be centrally located in the nurses station, as each of the five rooms will be wired so
that patients can just connect to a RJ45 port built into the wall of their room. Devise a physical
and logical topology for only one of the six floors using the following addressing scheme
requirements: There are six floors with five patient rooms on each floor for a total of thirty
connections. Each room needs a network connection.
Use one router, one switch, and five host stations for addressing purposes.
Validate that all PCs can connect to the hospitals in-house services.
Keep a copy of your scheme to share later with the class or learning community. Be prepared to explain
how subnetting, unicasts, multicasts and broadcasts would be incorporated, and where your addressing
scheme could be used.
Instructor Note: This Modeling Activity may or may not be a graded assignment. Its purpose is to check
students mastery of hierarchical subnets and subnet masking operation. A facilitated chapter review
discussion can be initiated as a result of this activity.
Required Resources
Reflection
1. How would you change your addressing scheme if you were going to add an additional network
connection to the hospital rooms with a total of 10 connections per floor or 2 ports per room?
____________________________________________________________________________
If the number of network connections were doubled, a subnet mask of 255.255.255.240 with a prefix of
/28 would be necessary to support connectivity.
Another possible solution to the original activity might be:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
Objectives
Explain the operation of the Application layer in providing support to end-user applications.
Students will envision what it would be like not to have network applications available to use in the
workplace. They may also estimate what it would cost to not be able to use networked applications for a
short period of time.
Background / Scenario
It is the beginning of your work week. Your employer has decided to have IP telephones installed in your
workplace resulting in the network being inoperable until next week.
Your work; however, must continue. You have emails to send and quotes to write for your managers
approval. Because of possible security issues, you are not allowed to use personal or external computer
systems, equipment, or off-site equipment and systems, to complete your corporate workload.
Your instructor may ask you to complete the questions from both scenarios below, or to choose one
scenario (A. Emails, or B. Quote for Managers Approval). Answer the questions fully for the scenario(s).
Be prepared to discuss your answers in class.
A. Emails
You have a desktop application software package installed on your computer. Will it be relatively
easy to produce the quote your manager needs for the new contract due by the end of the week?
What limitations will be experienced while trying to complete the quote?
How will you present the quote to your manager for approval? How do you think he or she will
send the quote to the client for their approval?
Are these methods cost effective to your corporation? Justify your answer.
Instructor Note: This Modeling Activity is introductory in nature; its purpose is to focus on how the application
Layer is necessary for networking to operate effectively. To save classroom time (for discussion), students
may complete only one scenario of the two scenarios.
Reflection
1. What steps did you identify as important to communicating without network applications available to you
for a week in your workplace? Which steps were not important? Justify your answer.
_______________________________________________________________________________________
To resolve this issue, some alternatives to pursue might include:
Emails:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
Objectives
Part 1: Identify P2P Networks, File Sharing Protocols, and Applications
Part 2: Research P2P File Sharing Issues
Part 3: Research P2P Copyright Litigations
Background / Scenario
Peer-to-peer (P2P) computing is a powerful technology that has many uses. P2P networks can be used to
share and exchange music, movies, software, and other electronic materials.
The use of P2P networks to upload, download, or share copyrighted material, such as movies, music, and
software, can violate the rights of copyright owners. In the P2P file-sharing context, infringement may occur,
for example, when one person purchases an authorized copy and then uploads it to a P2P network to share
with others. Both the individual who makes the file available and those making copies may be found to have
infringed the rights of the copyright owners and may be violating copyright law.
Another problem with P2P file sharing is that very little protection is in place to ensure that the files exchanged
in these networks are not malicious. P2P networks are an ideal medium for spreading malware (computer
viruses, worms, Trojan horses, spyware, adware, and other malicious programs). In 2010, Cisco reported
increases in P2P activity, coupled with recent P2P malware developments, suggesting that P2P file shares
are becoming increasingly favored by users and malware attackers alike.
In this lab, you will research available P2P file sharing software and identify some issues that can arise from
the use of this technology.
Required Resources
Device with Internet access
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 4
What P2P file sharing protocol is attributed to producing the most P2P traffic on the Internet today?
____________________________________________________________________________________
Answers may vary, but most of the peer-to-peer traffic is likely from BitTorrent, after the demise of
LimeWire. As of January 2012, BitTorrent is utilized by 150 million active users (according to BitTorrent,
Inc.). At any given instant, BitTorrent has, on average, more active users than YouTube and Facebook
combined (this refers to the number of active users at any instant and not to the total number of unique
users).
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
d. What are the file sharing copyright laws in your area? Are they more strict or less strict than those in other
areas of the world? How aggressively do enforcement agencies in your area pursue those who share
copyrighted material?
____________________________________________________________________________________
____________________________________________________________________________________
Answers will vary depending on locale.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
How could identity theft occur through the use of P2P file sharing?
____________________________________________________________________________________
____________________________________________________________________________________
If the P2P client software is incorrectly configured it may provide access to the personal information and
files stored on your computer.
Reflection
1. How can you be sure that the files you are downloading from P2P networks are not copyrighted and are safe
from malware?
_______________________________________________________________________________________
There is no absolute assurance that P2P files are free of malware and not copyrighted. Use P2P file sharing
applications at your own risk.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
Objectives
Part 1: Observe the DNS Conversion of a URL to an IP Address
Part 2: Observe DNS Lookup Using the Nslookup Command on a Web Site
Part 3: Observe DNS Lookup Using the Nslookup Command on Mail Servers
Background / Scenario
The Domain Name System (DNS) is invoked when you type a Uniform Resource Locator (URL), such as
http://www.cisco.com, into a web browser. The first part of the URL describes which protocol is used.
Common protocols are Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol over Secure Socket
Layer (HTTPS), and File Transfer Protocol (FTP).
DNS uses the second part of the URL, which in this example is www.cisco.com. DNS translates the domain
name (www.cisco.com) to an IP address to allow the source host to reach the destination host. In this lab, you
will observe DNS in action and use the nslookup (name server lookup) command to obtain additional DNS
information. Work with a partner to complete this lab.
Required Resources
1 PC (Windows 7, Vista, or XP with Internet and command prompt access)
The first line of the output displays www.icann.net converted to an IP address by DNS. You should be
able to see the effect of DNS, even if your institution has a firewall that prevents pinging, or if the
destination server has prevented you from pinging its web server.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 6
Most humans find it easier to remember words, rather than numbers. If you tell someone to go to
www.icann.net, they can probably remember that. If you told them to go to 192.0.43.22, they would have
a difficult time remembering an IP address. Computers process in numbers. DNS is the process of
translating words into numbers. There is a second translation that takes place. Humans think in Base 10
numbers. Computers process in Base 2 numbers. The Base 10 IP address 192.0.43.22 in Base 2
numbers is 11000000.00000000.00101011.00010110. What happens if you cut and paste these Base 2
numbers into a browser?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
The web site does not come up. The software code used in web browsers recognizes Base 10 numbers.
It does not recognize Base 2 numbers.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 6
f.
When you ping www.cisco.com, do you get the same IP address as the example, or a different IP
address, and why?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
Answer will vary depending upon where you are geographically. Cisco hosts its web content on a series
of mirror servers. This means that Cisco uploads the exact same content to geographically diverse
(spread out all over the world) servers. When someone tries to reach www.cisco.com, the traffic is
directed to the closest mirror server.
g. Type the IP address that you obtained when you pinged www.cisco.com into a browser. Does the web
site dlsplay? Why or why not?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
The cisco.com web site does not come up. There are at least two possible explanations for this: 1. Some
web servers are configured to accept IP addresses sent from a browser; some are not. 2. It may be a
firewall rule in the Cisco security system that prohibits an IP address being sent via a browser.
Part 2: Observe DNS Lookup Using the Nslookup Command on a Web Site
a. At the command prompt, type the nslookup command.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 6
At the prompt, type the IP address of the Cisco web server that you just found. You can use nslookup to
get the domain name of an IP address if you do not know the URL.
You can use the nslookup tool to translate domain names into IP addresses. You can also use it to
translate IP addresses into domain names.
Using the nslookup tool, record the IP addresses associated with www.google.com.
____________________________________________________________________________________
Answer may vary. At the time of writing, the IP addresses are 173.194.75.147, 173.194.75.105,
173.194.75.99, 173.194.75.103, 173.194.75.106, 173.194.75.104.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 6
A fundamental principle of network design is redundancy (more than one mail server is configured). In
this way, if one of the mail servers is unreachable, then the computer making the query tries the second
mail server. Email administrators determine which mail server is contacted first using MX preference (see
above image). The mail server with the lowest MX preference is contacted first. Based upon the output
above, which mail server will be contacted first when email is being sent to cisco.com?
____________________________________________________________________________________
rcdn-mx-01.cisco.com
c.
At the nslookup prompt, type exit to return to the regular PC command prompt.
Reflection
What is the fundamental purpose of DNS?
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 6
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 6
Objectives
Part 1: Use FTP from a Command Prompt
Part 2: Download an FTP File Using WS_FTP LE
Part 3: Use FTP in a Browser
Background / Scenario
The File Transfer Protocol (FTP) is part of the TCP/IP suite. FTP is used to transfer files from one network
device to another network device. Windows includes an FTP client application that you can execute from the
command prompt. There are also free graphical user interface (GUI) versions of FTP that you can download.
The GUI versions are easier to use than typing from a command prompt. FTP is frequently used for the
transfer of files that may be too large for attachment with an email.
When using FTP, one computer is normally the server and the other computer is the client. When accessing
the server from the client, you need to provide a username and password. Some FTP servers have a user
named anonymous. You can access these types of sites by simply typing anonymous for the user, without
a password. Usually, the site administrator has files that can be copied but does not allow files to be posted
with the anonymous user.
In this lab, you will learn how to use anonymous FTP from the Windows command-line C:\> prompt. You will
also use the GUI-based FTP program, WS_FTP LE. Finally, you will use an anonymous FTP in a browser.
Required Resources
1 PC (Windows 7, Vista, or XP with access to the command prompt and Internet access and WS_FTP LE
installed)
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 10
c.
At the prompt, type get Readme. This downloads the file to your local computer from the anonymous FTP
server that the Center for Disease Control has setup. The file will be copied into the directory shown in
the C:\> prompt (C:\Users\User1 in this case).
Instructor Note: The students require a folder where ftp.exe has read and write access for the download
and viewing of the Readme file from the ftp site. The folder for C:\>Users\User1 is used as an example.
d. Type quit to leave FTP and return to the C:\> prompt. Type more Readme to see the contents of the
document.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 10
c.
In the Site Name field, type Center for Disease Control and click Next to continue.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 10
d. Click the Connection Type drop-down list, select FTP (the default connection type), and click Next.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 10
f.
In the User Name field, type anonymous, and leave the password field blank. Click Next.
g. Click Finish.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 10
h. When the Login Information Missing dialog box displays, click OK. Do not type a password in the
Password field.
i.
You are now anonymously connected to the Center for Disease Control FTP site.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 10
j.
On the WS_FTP LE toolbar menu under My Computer, click New Folder to create a folder on your local
C:\ drive.
k.
In the Make Directory dialog box name the folder as CDC and click OK.
Note: If the folder already exists, you can use the same folder or create another folder with a different
name. If using the same CDC folder, you can replace the existing Readme file with the downloaded
Readme file.
l.
After the directory is created, in the My Computer tab page, double-click the directory to open it.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 10
m. Drag the file Readme from the right side of the application (the remote CDC FTP server) into the CDC
folder on to the local C:\ drive.
n. Double-click the Readme file in the C:\CDC folder on your local C:\ drive. If prompted for an application to
open the document, choose any word processing software. You should see a message that looks
something like this:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 10
o. Which was easier, using FTP from the cmd prompt, or using WS_FTP LE? __________________
After it has been installed, a GUI FTP application such as WS_FTP LE is easier to use, especially if
working with a large number of large files.
p. Click Disconnect to disconnect from the ftp.cdc.gov site when finished.
q. The remote site will be removed from the saved list of FTP sites. In the Ipswitch WS_FTP LE window,
click the Open a Remote Connection link. Select the Center for Disease Control site, and click Delete
to remove the FTP site. Click Yes to confirm the deletion. Click Close to exit the Site Manager.
r.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 10
Reflection
1. Which FTP method was easiest to use?
_______________________________________________________________________________________
The browser.
2. Was there any advantage to using FTP from the command prompt or using WS_FTP LE?
_______________________________________________________________________________________
From an ease of use perspective, the browser was clearly superior to the other two methods. The only
advantage to the other two methods is that they give you more of a step-by-step view of the interaction
between the client software and the remote FTP server. This is useful in understanding how FTP works. It is
not a compelling argument to use either of those methods in practice.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 10
Objectives
Explain the operation of the application layer in providing support to end-user applications.
Students will apply new knowledge of application layer protocols and methods of the TCP/IP layer in
streamlining data/network communication.
Background /Scenario
Refer to the modeling activity from the beginning of this chapter as the basis for this activity.
Your IP telephones were installed in a half day vs. the full week originally anticipated. Your network has
been restored to full capacity and network applications are available for your use. You have the same
emails to answer and quotes to write for your managers approval.
Use the same scenario you completed in the introduction modeling activity to answer the following
questions:
A. Emails
What method(s) can you use to send email correspondence now that the network is working?
How can you now send the same message to multiple recipients?
How can you send the large attachments to multiple recipients using network applications?
Would using network applications prove to be a cost-effective communication method for your
corporation?
Because you have desktop application programs installed on your computer, will it be relatively easy
to produce the quote your manager needs for the new contract due by the end of the week? Explain
your answer.
When you finish writing the quote, how will you present it to your manager for approval? How will he
or she send the quote to the client for their approval?
Is using network applications a cost-effective way to complete business transactions? Justify your
answer.
Save a hard copy or an electronic copy of your answers. Be prepared to discuss your answers in
class.
Instructor Note: This Modeling Activitys purpose is to review the content learned in Chapter 4. The focus is
on how the application layer uses network applications to operate effectively.
To save classroom time (for discussion), students may be assigned to complete only one scenario (A. Emails,
or B. Quote for Managers Approval).
Stress that students must carefully read through the first paragraph of this modeling activity to know the
parameters of the assignment.
Reflection
1. Having network applications and services available to you may increase production, decrease costs, and
save time. Would this be true with the scenario you chose? Justify your answer.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
Make it happen!
____________________________________________________________________________________
Representative (discussion) answers may look like the following suggestions:
Emails:
What method(s) can you use to send email correspondence now that the network is working? Most likely,
POP or IMAP email delivery in conjunction with a network email software program will be used.
What format will your emails be sent over the network? POP or IMAP
How can you now send the same message to multiple recipients? The SAME copy of the email can be
sent to multiple recipients in a matter of seconds.
How can you send the large attachments to multiple recipients using the network applications? Write the
email, address it to the recipients and send the large attachments with the email (no printing required!).
Would using network applications prove to be cost-effective communications methods for your
corporation? This method would save time, resources, and provide a quality-driven product (everyone
gets the same information)
You have a word processing, spreadsheet and database program installed locally on your computer.
Will it be relatively easy to produce the quote your manager needs for the new contract due by the
end of the week? The local workstation software will assist in creating the quote for the manager at
no different cost in this scenario.
When you finish writing the quote, how will you present it to your manager for approval? Usually, it
will be sent as an email with attachment(s) to the manager.
How will he/she send the quote to the client for their consideration for approval? Most likely, it will be
emailed to the client (sometimes, though, an additional hard/paper copy or media copy is sent of the
quote to the client for their approval or sign-off)
Is using network applications a cost-effective way to complete business transactions? Using network
applications is more time-efficient and does definitely save resources.
Costs involved in daily business production decrease when using network applications
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
Objectives
Explain how a small network of directly connected segments is created, configured and verified.
Students will note how the networks differ, both in size and in function. They will identify how the networks
provide different networking solutions based upon their cost, speed, ports, expandability and manageability as
related to the needs of a small to medium-sized business.
Topology
Background /Scenario
Take a look at the two networks in the topology diagram. Answer the following questions and record your
answers to share with the class.
Visually compare and contrast Network A and Network B. How are the two networks the same?
Make note of the devices used in each network design. Because the devices are labeled, you already
know what types of end and intermediary devices they are. How are the two networks different? Is
the number of devices present in one network the only differentiating factor? Justify your answer.
Which network you would select if you owned a small to medium-sized business. Justify your
selected network based on cost, speed, ports, expandability, and manageability.
Instructor notes: This Modeling Activity is not intended to be a graded assignment. Rather students
should note similarities and differences regarding the network equipment shown and the types of
networks created. Addressing of the two networks should also be a factor in their comparisons of both
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 2
Required Resources
Recording capabilities (paper, tablet, etc.) for reflective comments to be shared with the class.
Reflection
1. Reflect upon your comparisons of the two network scenarios. What are some things you noted as points
of interest?
____________________________________________________________________________________
Multiple students may select Network B as their choice of the best network for a small to medium-sized
business. But this may not necessarily be the best choice.
Network A is less costly in equipment. It also provides a more streamlined design, which should assist
with network speed issues. Since there is no switch present in this particular network, expandability
would be an issue and limited to the ports already present on the ISRs. Manageability would be easy, as
there are fewer devices to keep documented and up to date.
Network B is more costly than A in equipment alone. It provides for redundancy which is important to the
cost of performing business functions. It allows for wireless transmission not just Ethernet, as shown in
Network A, but incorporating wireless technology increases the possibility of security breaches, which
increases manageability considerations. Speed could be enhanced if the devices used load balancing
and static routes to assist with load balancing. We do not know what types of Routers are included in
Network B and if they are 1841 routers, data traffic could actually be slowed, but this depends on the
route the network data travels.
Therefore, all categories considered, either network would be acceptable to use for a small to mediumsized business. Network A and B offer different positives and negatives, and it would be up to the small
to medium-sized business to prioritize cost, speed, ports, expandability and manageability. They would
eventually go on from their prioritization list with a look to the future and select the best design for the
business. This is similar to separating all sessions into multiple conference rooms according to their
topics.
Cost, speed, ports, expandability and manageability are all factors to consider when designing a
small to medium-sized network.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 2
Objectives
Part 1: Explore the SANS Website
Navigate to the SANS website and identify resources.
Part 2: Identify Recent Network Security Threats
Identify several recent network security threats using the SANS site.
Identify sites beyond SANS that provide network security threat information.
Part 3: Detail a Specific Network Security Threat
Select and detail a specific recent network threat.
Present information to the class.
Background / Scenario
To defend a network against attacks, an administrator must identify external threats that pose a danger to the
network. Security websites can be used to identify emerging threats and provide mitigation options for
defending a network.
One of the most popular and trusted sites for defending against computer and network security threats is
SysAdmin, Audit, Network, Security (SANS). The SANS site provides multiple resources, including a list of the
top 20 Critical Security Controls for Effective Cyber Defense and the weekly @Risk: The Consensus Security
Alert newsletter. This newsletter details new network attacks and vulnerabilities.
In this lab, you will navigate to and explore the SANS site, use the SANS site to identify recent network
security threats, research other websites that identify threats, and research and present the details about a
specific network attack.
Required Resources
Device with Internet access
Presentation computer with PowerPoint or other presentation software installed
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 4
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
Step 1: Complete the following form for the selected network attack.
Name of attack:
Code Red
Type of attack:
Worm
Dates of attacks:
July 2001
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
Mitigation options:
To prevent the exploitation of the IIS vulnerability, organizations needed to apply the IIS patch
from Microsoft.
Reflection
1. What steps can you take to protect your own computer?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary but could include keeping the operating system and applications up to date with patches
and service packs, using a personal firewall, configuring passwords to access the system and bios,
configuring screensavers to timeout and requiring a password, protecting important files by making them
read-only, encrypting confidential files and backup files for safe keeping.
2. What are some important steps that organizations can take to protect their resources?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary but could include the use of firewalls, intrusion detection and prevention, hardening of
network devices, endpoint protection, network vulnerability tools, user education, and security policy
development.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
Topology
Addressing Table
Device
Interface
IP Address
Subnet Mask
Default Gateway
R1
G0/1
192.168.1.1
255.255.255.0
N/A
S1
VLAN 1
192.168.1.11
255.255.255.0
192.168.1.1
PC-A
NIC
192.168.1.3
255.255.255.0
192.168.1.1
Objectives
Part 1: Configure Basic Device Settings
Part 2: Configure the Router for SSH Access
Part 3: Examine a Telnet Session with Wireshark
Part 4: Examine a SSH Session with Wireshark
Part 5: Configure the Switch for SSH Access
Part 6: SSH from the CLI on the Switch
Background / Scenario
In the past, Telnet was the most common network protocol used to remotely configure network devices.
However, protocols such as Telnet do not authenticate or encrypt the information between the client and
server. This allows a network sniffer to intercept passwords and configuration information.
Secure Shell (SSH) is a network protocol that establishes a secure terminal emulation connection to a router
or other networking device. SSH encrypts all information that passes over the network link and provides
authentication of the remote computer. SSH is rapidly replacing Telnet as the remote login tool of choice for
network professionals. SSH is most often used to log in to a remote device and execute commands; however,
it can also transfer files using the associated Secure FTP (SFTP) or Secure Copy (SCP) protocols.
For SSH to function, the network devices communicating must be configured to support it. In this lab, you will
enable the SSH server on a router and then connect to that router using a PC with an SSH client installed. On
a local network, the connection is normally made using Ethernet and IP.
In this lab, you will configure a router to accept SSH connectivity, and use Wireshark to capture and view
Telnet and SSH sessions. This will demonstrate the importance of encryption with SSH. You will also be
challenged to configure a switch for SSH connectivity on your own.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 16
Required Resources
1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
1 PC (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term, and Wireshark
installed)
Console cables to configure the Cisco IOS devices via the console ports
Ethernet cables as shown in the topology
Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as
though they were host names.
Configure and activate the G0/1 interface on the router using the information contained in the Addressing
Table.
j.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 16
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 16
Step 1: Open Wireshark and start capturing data on the LAN interface.
Note: If you are unable to start the capture on the LAN interface, you may need to open Wireshark using the
Run as Administrator option.
What is the default TCP port for Telnet sessions? _________________ Port 23
b. At the Username: prompt, enter admin and at the Password: prompt, enter adminpass. These prompts
are generated because you configured the VTY lines to use the local database with the login local
command.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 16
c.
d. Enter exit to exit the Telnet session and out of Tera Term.
R1# exit
Step 5: Use the Follow TCP Stream feature in Wireshark to view the Telnet session.
a. Right-click one of the Telnet lines in the Packet list section of Wireshark, and in the drop-down list, select
Follow TCP Stream.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 16
c.
After you have finished reviewing your Telnet session in the Follow TCP Stream window, click Close.
Step 1: Open Wireshark and start capturing data on the LAN interface.
Step 2: Start an SSH session on the router.
a. Open Tera Term and enter the G0/1 interface IP address of R1 in the Host: field of the Tera Term: New
Connection window. Ensure that the SSH radio button is selected and then click OK to connect to the
router.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 16
What is the default TCP port used for SSH sessions? __________________ Port 22
b. The first time you establish a SSH session to a device, a SECURITY WARNING is generated to let you
know that you have not connected to this device before. This message is part of the authentication
process. Read the security warning and then click Continue.
c.
In the SSH Authentication window, enter admin for the username and adminpass for the passphrase.
Click OK to sign into the router.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 16
d. You have established a SSH session on the router. The Tera Term software looks very similar to a
command window. At the command prompt, issue the show run command.
e. Exit the SSH session and out of Tera Term by issuing the exit command.
R1# exit
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 16
Step 5: Use the Follow TCP Stream feature in Wireshark to view the Telnet session.
a. Right-click one of the SSHv2 lines in the Packet list section of Wireshark, and in the drop-down list,
select the Follow TCP Stream option.
b. Examine the Follow TCP Stream window of your SSH session. The data has been encrypted and is
unreadable. Compare the data in your SSH session to the data of your Telnet session.
d. Close Wireshark.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 16
Step 1: View the parameters available for the Cisco IOS SSH client.
Use the question mark (?) to display the parameter options available with the ssh command.
S1# ssh
-c
-l
-m
-o
-p
-v
-vrf
WORD
?
Select encryption algorithm
Log in using this user name
Select HMAC algorithm
Specify options
Connect to this port
Specify SSH Protocol Version
Specify vrf name
IP address or hostname of a remote system
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 16
To return to the SSH session on R1, press Enter on a blank CLI line. You may need to press Enter a
second time to see the router CLI prompt.
S1#
[Resuming connection 1 to 192.168.1.1 ... ]
R1#
d. To end the SSH session on R1, type exit at the router prompt.
R1# exit
[Connection to 192.168.1.1 closed by foreign host]
S1#
What versions of SSH are supported from the CLI?
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers may vary, but this can be determined by using the ssh v ? on the command line. The 2960 switch
running IOS version 15.0(2) supports SSH v1 and V2.
S1# ssh -v ?
1
2
Protocol Version 1
Protocol Version 2
Reflection
How would you provide multiple users, each with their own username, access to a network device?
_______________________________________________________________________________________
Answers may vary. You would add each users username and password to the local database using the
username command. It is also possible to use a RADIUS or TACACS server, but this has not been covered
yet.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 16
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 16
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 16
Switch S1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
username admin privilege 15 secret 4 QHjxdsVkjtoP7VxKIcPsLdTiMIvyLkyjT1HbmYxZigc
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
ip domain-name ccna-lab.com
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 16
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 16
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 16
L
Lab Se
ecuring Network
k Device
es (Instru
uctor Ve
ersion)
Instructor No
ote: Red font color or Gray
y highlights ind
dicate text tha
at appears in the instructor copy only.
T
Topology
A
Addressing
g Table
Device
Interface
IP Ad
ddress
Subnet Mas
sk
Default Gateway
R1
G0/1
G
192.168
8.1.1
25
55.255.255.0
0
N/A
S1
VLAN
V
1
192.168
8.1.11
25
55.255.255.0
0
192.168.1.1
PC
C-A
NIC
N
192.168
8.1.3
25
55.255.255.0
0
192.168.1.1
O
Objectives
Part 1: Co
onfigure Bas
sic Device Se
ettings
Part 2: Co
onfigure Bas
sic Security Measures
M
on
n the Router
Part 3: Co
onfigure Bas
sic Security Measures
M
on
n the Switch
B
Backgroun
nd / Scenarrio
It is recom
mmended thatt all network devices
d
be co
onfigured with
h, at least, a m
minimum set o
of best practicce
security commands. Th
his includes end
e user devic
ces, servers, and network devices, such as routers a
and
switches.
In this lab
b, you will configure the nettwork devices
s in the topolo
ogy to accept SSH session
ns for remote
managem
ment. You will also use the IOS CLI to co
onfigure comm
mon, basic be
est practice ssecurity measures. You
will then te
est the security measures to verify that they are prop
perly impleme
ented and wo
orking correctlly.
Note: The
e routers used
d with CCNA hands-on lab
bs are Cisco 1
1941 ISRs witth Cisco IOS Release 15.2
2(4)M3
(universallk9 image). The switches used
u
are Cisc
co Catalyst 29
960s with Ciscco IOS Relea
ase 15.0(2) (la
anbasek9
image). Other
O
routers, switches and
d Cisco IOS versions can b
be used. Depe
ending on the
e model and C
Cisco IOS
version, th
he commands
s available an
nd output prod
duced might vvary from wha
at is shown in
n the labs. Re
efer to the
Router Intterface Summ
mary table at the
t end of the
e lab for the ccorrect interface identifiers.
Note: Make sure that the routers an
nd switches ha
ave been era
ased and have
e no startup cconfigurationss. If you
ur instructor.
are unsurre contact you
Instructo
or Note: Referr to the Instructor Lab Man
nual for the prrocedures to iinitialize and reload device
es.
R
Required Resources
R
1 Rou
uter (Cisco 19
941 with Cisco
o IOS softwarre, release 15
5.2(4)M3 univversal image o
or comparable)
1 Switch (Cisco 29
960 with Cisco
o IOS Release 15.0(2) lanb
basek9 image
e or compara
able)
Conso
ole cables to configure the
e Cisco IOS devices via the
e console porrts
P
Page 1 of 13
d. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as
though they were hostnames.
e. Assign class as the privileged EXEC encrypted password.
f.
Create a banner that warns anyone accessing the device that unauthorized access is prohibited.
j.
Configure and activate the G0/1 interface on the router using the information contained in the Addressing
Table.
k.
d. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as
though they were hostnames.
e. Assign class as the privileged EXEC encrypted password.
f.
Create a banner that warns anyone accessing the device that unauthorized access is prohibited.
j.
Configure the default SVI with the IP address information contained in the Addressing Table.
k.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 13
Configure the transport input for the vty lines so that they accept SSH connections, but do not allow
Telnet connections.
R1(config)# line vty 0 4
R1(config-line)# transport input ssh
d. The vty lines should use the local user database for authentication.
R1(config-line)# login local
R1(config-line)# exit
e. Generate a RSA crypto key using a modulus of 1024 bits.
R1(config)# crypto key generate rsa modulus 1024
The name for the keys will be: R1.CCNA-lab.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)
R1(config)#
*Jan 31 17:54:16.127: %SSH-5-ENABLED: SSH 1.99 has been enabled
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 13
console 0
exec-timeout 5 0
line vty 0 4
exec-timeout 5 0
exit
b. The following command impedes brute force login attempts. The router blocks login attempts for 30
seconds if someone fails two attempts within 120 seconds. This timer is set especially low for the purpose
of this lab.
R1(config)# login block-for 30 attempts 2 within 120
What does the 2 within 120 mean in the above command?
____________________________________________________________________________________
If two failed attempts are made within a 2 minute (120 seconds) time span, login access will be blocked.
What does the block-for 30 mean in the above command?
____________________________________________________________________________________
If login access is blocked, the device will wait 30 seconds before allowing login access again.
IP-Address
unassigned
unassigned
192.168.1.1
unassigned
unassigned
OK?
YES
YES
YES
YES
YES
Method
NVRAM
NVRAM
manual
NVRAM
NVRAM
Status
administratively
administratively
up
administratively
administratively
Protocol
down down
down down
up
down down
down down
Step 5: Verify that your security measures have been implemented correctly.
a. Use Tera Term to telnet to R1.
Does R1 accept the Telnet connection? ___________________________ No, the connection is refused.
Why or why not?
____________________________________________________________________________________
Telnet was disabled with the transport input ssh command.
b. Use Tera Term to SSH to R1.
Does R1 accept the SSH connection? __________ Yes
c.
Intentionally mistype the user and password information to see if login access is blocked after two
attempts.
What happened after you failed to login the second time?
____________________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 13
e. After the 30 seconds has expired, SSH to R1 again and login using the admin username and
Admin15p@55 for the password.
After you successfully logged in, what was displayed? ________________________ The R1 login banner
f.
Enter privilege Exec mode and use Enablep@55 for the password.
If you mistype this password, are you disconnected from your SSH session after two failed attempts
within 120 seconds? ______________ No
Why or why not?
____________________________________________________________________________________
The login block-for 30 attempts 2 within 120 command only monitors session login attempts.
g. Issue the show running-config command at the privileged EXEC prompt to view the security settings
you have applied.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 13
Configure the transport input for the vty lines to allow SSH connections but not allow Telnet connections.
S1(config)# line vty 0 15
S1(config-line)# transport input ssh
d. The vty lines should use the local user database for authentication.
S1(config-line)# login local
S1(config-line)# exit
e. Generate a RSA crypto key using a modulus of 1024 bits.
S1(config)# crypto key generate rsa modulus 1024
console 0
exec-timeout 10 0
line vty 0 15
exec-timeout 10 0
exit
b. To impede brute force login attempts, configure the switch to block login access for 30 seconds if there
are 2 failed attempts within 120 seconds. This timer is set especially low for the purpose of this lab.
S1(config)# login block-for 30 attempts 2 within 120
S1(config)# end
IP-Address
192.168.1.11
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
OK?
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
Method
manual
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Status
up
down
down
down
down
up
up
down
down
down
down
down
down
down
down
down
down
Protocol
up
down
down
down
down
up
up
down
down
down
down
down
down
down
down
down
down
Page 6 of 13
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
b. Use the interface range command to shut down multiple interfaces at a time.
S1(config)# interface range f0/14 , f0/7-24 , g0/1-2
S1(config-if-range)# shutdown
S1(config-if-range)# end
S1#
c.
Verify that all inactive interfaces have been administratively shut down.
S1# show ip interface brief
Interface
Vlan1
FastEthernet0/1
FastEthernet0/2
FastEthernet0/3
FastEthernet0/4
FastEthernet0/5
FastEthernet0/6
FastEthernet0/7
FastEthernet0/8
FastEthernet0/9
FastEthernet0/10
FastEthernet0/11
FastEthernet0/12
FastEthernet0/13
FastEthernet0/14
FastEthernet0/15
FastEthernet0/16
FastEthernet0/17
FastEthernet0/18
FastEthernet0/19
FastEthernet0/20
FastEthernet0/21
FastEthernet0/22
FastEthernet0/23
FastEthernet0/24
GigabitEthernet0/1
GigabitEthernet0/2
S1#
IP-Address
192.168.1.11
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
unassigned
OK?
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
Method
manual
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
unset
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Status
up
administratively
administratively
administratively
administratively
up
up
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
administratively
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
Protocol
up
down
down
down
down
up
up
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
Page 7 of 13
Step 5: Verify that your security measures have been implemented correctly.
a. Verify that Telnet has been disabled on the switch.
b. SSH to the switch and intentionally mistype the user and password information to see if login access is
blocked.
c.
After the 30 seconds has expired, SSH to S1 again and log in using the admin username and
Admin15p@55 for the password.
Did the banner appear after you successfully logged in? __________ Yes
Reflection
1. The password cisco command was entered for the console and vty lines in your basic configuration in Part
1. When is this password used after the best practice security measures have been applied?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
This password will not be used any longer. Even though the password command still appears in the line
sections of the running-config, this command was disabled as soon as the login local command was entered
for those lines.
2. Are preconfigured passwords, shorter than 10 characters, affected by the security passwords min-length
10 command?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
No. The security passwords min-length command only affects passwords that are entered after this command
is issued. Any pre-existing passwords remain in effect. If they are changed, they will need to be at least 10
characters long.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 13
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 13
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 13
Switch S1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret 4 jowh6xYPeJucL2dB/ulkSjK2YGee/Usr./fiqFhbxTQ
!
username admin privilege 15 secret 4 iAAxTYNDMJO3iHURmpY85S.NR4m72e1HMyRxq9kPN0g
!
system mtu routing 1500
!
no ip domain-lookup
ip domain-name CCNA-lab.com
login block-for 30 attempts 2 within 120
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
shutdown
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 13
FastEthernet0/9
FastEthernet0/10
FastEthernet0/11
FastEthernet0/12
FastEthernet0/13
FastEthernet0/14
FastEthernet0/15
FastEthernet0/16
FastEthernet0/17
FastEthernet0/18
FastEthernet0/19
FastEthernet0/20
FastEthernet0/21
FastEthernet0/22
FastEthernet0/23
FastEthernet0/24
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 13
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 13
Topology
Objectives
Part 1: Use Ping to Document Network Latency
Part 2: Use Traceroute to Document Network Latency
Background / Scenario
To obtain realistic network latency statistics, this activity must be performed on a live network. Be sure to
check with your instructor for any local security restrictions against using the ping command on the network.
Instructor Note: Some institutions disable ICMP echo replies throughout the network. Before students begin
this activity, make sure there are no local restrictions related to ICMP datagrams. This activity assumes that
ICMP datagrams are not restricted by any local security policy.
The purpose of this lab is to measure and evaluate network latency over time, and during different periods of
the day to capture a representative sample of typical network activity. This will be accomplished by analyzing
the return delay from a distant computer with the ping command. Return delay times, measured in
milliseconds, will be summarized by computing the average latency (mean) and the range (maximum and
minimum) of the delay times.
Required Resources
1 PC (Windows 7, Vista, or XP with Internet access)
ping
ping
ping
ping
www.arin.net
www.lacnic.net
www.afrinic.net
www.apnic.net
Note: Because www.ripe.net does not reply to ICMP requests, it cannot be used for this lab.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 5
-a
-n count
-l size
-f
-i TTL
-v TOS
<output omitted>
b. Using the ping command with the count option, you can send 25 echo requests to the destination as
illustrated below. Furthermore, it will create a text file with filename of arin.txt in the current directory. This
text file will contain the results of the echo requests.
C:\Users\User1> ping n 25 www.arin.net > arin.txt
Note: The terminal remains blank until the command has finished, because the output has been redirected to
a text file, arin.txt, in this example. The > symbol is used to redirect the screen output to the file and overwrite
the file if it already exists. If appending more results to the file is desired, replace > with >> in the command.
c.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 5
Note: Press the Spacebar to display the rest of the file or press q to exit.
To verify that the files have been created, use the dir command to list the files in the directory. Also the
wildcard * can be used to filter only the text files.
C:\Users\User1> dir *.txt
Volume in drive C is OS
Volume Serial Number is 0A97-D265
Directory of C:\Users\User1
02/07/2013
02/07/2013
02/07/2013
02/07/2013
12:59 PM
1,642 afrinic.txt
01:00 PM
1,615 apnic.txt
12:40 PM
1,641 arin.txt
12:58 PM
1,589 lacnic.txt
4 File(s)
6,487 bytes
0 Dir(s) 34,391,453,696 bytes free
Maximum
Average
www.afrinic.net
359 ms
389 ms
369 ms
www.apnic.net
201
210
204
www.arin.net
107
121
112
www.lacnic.net
216
226
218
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 5
Step 1: Use the tracert command and record the output to text files.
Copy the following commands to create the traceroute files:
C:\Users\User1>
C:\Users\User1>
C:\Users\User1>
C:\Users\User1>
tracert
tracert
tracert
tracert
<1
11
10
19
13
72
72
74
75
74
71
73
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
<1
12
15
10
10
71
71
83
71
75
71
71
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
<1
11
11
11
11
70
72
73
73
73
71
71
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
ms
192.168.1.1
10.39.0.1
172.21.0.116
70.169.73.90
chnddsrj01-ae2.0.rd.ph.cox.net [70.169.76.229]
mrfddsrj02-ae0.0.rd.dc.cox.net [68.1.1.7]
68.100.0.146
172.22.66.29
172.22.66.29
wsip-98-172-152-14.dc.dc.cox.net [98.172.152.14]
host-252-131.arin.net [192.149.252.131]
www.arin.net [192.149.252.75]
Trace complete.
In this example, it took less than 1 ms to receive a reply from the default gateway (192.168.1.1). In hop
count 6, the round trip to 68.1.1.7 took an average of 71 ms. For the round trip to the final destination at
www.arin.net took an average of 72 ms.
Between lines 5 and 6, there is more network delay as indicated by the round trip time increase from an
average of 11 ms to 71 ms
b. Perform the same analysis with the rest of the tracert results.
What can you conclude regarding the relationship between the roundtrip time and geographical location?
____________________________________________________________________________________
____________________________________________________________________________________
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 5
Reflection
1. The tracert and ping results can provide important network latency information. What do you need to do if
you want an accurate baseline picture regarding network latency for your network?
_______________________________________________________________________________________
Answers will vary. You will need to perform careful delay analysis over successive days and during different
periods of the day.
2. How can you use the baseline information?
_______________________________________________________________________________________
You can compare baseline data against current data to determine if there has been a change in network
response times. This analysis may assist with troubleshooting network issues and scheduling of routine data
transfer during off-peak hours.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 5
Topology
Addressing Table
Device
Interface
IP Address
Subnet Mask
Default Gateway
R1
G0/1
192.168.1.1
255.255.255.0
N/A
S1
VLAN 1
192.168.1.11
255.255.255.0
192.168.1.1
PC-A
NIC
192.168.1.3
255.255.255.0
192.168.1.1
Objectives
Part 1: Configure Basic Device Settings
Part 2: Use Terminal Emulation Software to Create a Backup Configuration File
Part 3: Use a Backup Configuration File to Restore a Router
Background / Scenario
It is a recommended best practice to maintain backup configuration files for routers and switches in the event
that they need to be restored to a previous configuration. Terminal emulation software can be used to easily
back up or restore a router or switch configuration file.
In this lab, you will use Tera Term to back up a router running configuration file, erase the router startup
configuration file, reload the router, and then restore the missing router configuration from the backup
configuration file.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Instructor Note: This lab uses Tera Term 4.75. Tera Term should be installed on the PC prior to starting the
lab. You can download the latest version from a number of Internet sites. Simply search for a tera term
download.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 10
Required Resources
1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
1 PC (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term)
Console cables to configure the Cisco IOS devices via the console ports
Ethernet cables as shown in the topology
Step 2: Configure the PC-A network settings according to the Addressing Table.
Step 3: Initialize and reload the router and switch.
Step 4: Configure the router.
a. Console into the router and enter global configuration mode.
b. Set the router name to R1.
c.
Configure and activate the G0/1 interface on the router using the information contained in the Addressing
Table.
j.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 10
Configure the default SVI management interface with the IP address information contained in the
Addressing Table.
j.
k.
c.
The Tera Term log file will create a record of every command issued and every output displayed.
Note: You can use this feature to capture the output from several commands in sequence and use it for
network documentation purposes. For example, you could issue the show version, show ip interface
brief, and show running-config commands to capture information about the router.
d. Continue pressing the space bar when --More-- is displayed until you see the router R1# prompt return.
e. Click the Tera Term: Log icon on the Task bar. Click Close to end log session.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 10
Note: You can also copy and paste the text from the Tera Term window directly into a text editor.
At the System Configuration Dialog prompt, type no; a router prompt displays, indicating an unconfigured
router.
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]:
Press RETURN to get started!
<output omitted>
Router>
d. Enter privileged EXEC mode and enter a show running-config command to verify that all of the previous
configurations were erased.
Step 2: Edit the saved configuration backup file to prepare it for restoring the router
configuration.
To restore the router configuration from a saved running configuration backup file, you must edit the text.
a. Open the teraterm.log text file.
b. Remove each instance of --More-- in the text file.
Note: The --More-- was generated by pressing the Spacebar when displaying the running configuration.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 10
Delete the initial lines of the backup configuration file, so that the first line starts with the first configuration
command as shown below.
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
Change the message-of-the-day (MOTD) banner configuration to insert the delimiting characters as if you
were entering the command at the command line.
banner motd ^C Unauthorized Access is Prohibited! ^C
Change to:
banner motd Unauthorized Access is Prohibited!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 10
Reflection
Why do you think it is important to use a text editor instead of a word processor to copy and save your
command configurations?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
A word processor could possibly add special control characters to the text making it difficult to use to restore
the router.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 10
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 10
Switch S1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 10
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 10
Topology
Addressing Table
Device
Interface
IP Address
Subnet Mask
Default Gateway
R1
G0/1
192.168.1.1
255.255.255.0
N/A
S1
VLAN 1
192.168.1.11
255.255.255.0
192.168.1.1
PC-A
NIC
192.168.1.3
255.255.255.0
192.168.1.1
Objectives
Part 1: Build the Network and Configure Basic Device Settings
Part 2: (Optional) Download TFTP Server Software
Part 3: Use TFTP to Back Up and Restore the Switch Running Configuration
Part 4: Use TFTP to Back Up and Restore the Router Running Configuration
Part 5: Back Up and Restore Running Configurations Using Router Flash Memory
Part 6: (Optional) Use a USB Drive to Back Up and Restore the Running Configuration
Background / Scenario
Cisco networking devices are often upgraded or swapped out for a number of reasons. It is important to
maintain backups of the latest device configurations, as well as a history of configuration changes. A TFTP
server is often used to backup configuration files and IOS images in production networks. A TFTP server is a
centralized and secure method used to store the backup copies of the files and restore them as necessary.
Using a centralized TFTP server, you can back up files from many different Cisco devices.
In addition to a TFTP server, most of the current Cisco routers can back up and restore files locally from
CompactFlash (CF) memory or a USB flash drive. The CF is a removable memory module that has replaced
the limited internal flash memory of earlier router models. The IOS image for the router resides in the CF
memory, and the router uses this IOS Image for the boot process. With the larger size of the CF memory,
additional files can be stored for backup purposes. A removable USB flash drive can also be used for backup
purposes.
In this lab, you will use TFTP server software to back up the Cisco device running configuration to the TFTP
server or flash memory. You can edit the file using a text editor and copy the new configuration back to a
Cisco device.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Instructor Note: If time is limited, the lab can be divided up and performed over multiple sessions. For
example, after building the network in Part 1, any combination of the remaining lab parts can be performed in
any order.
Required Resources
1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
1 PC (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term, and a TFTP server)
Console cables to configure the Cisco IOS devices via the console ports
Ethernet cables as shown in the topology
USB flash drive (Optional)
d. Configure the passwords and allow login for console and vty lines using the cisco as the password.
e. Configure the default gateway for the switch.
f.
g. Configure the IP address, subnet mask, and default gateway for PC-A.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
If the pings are not successful, troubleshoot the basic device configurations before continuing.
If a TFTP server is not found, a TFTP server can be downloaded from the Internet.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
c.
Click Browse to choose a directory where you have write permission, such as C:\Users\User1, or the
Desktop.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
tftp:
tmpsys:
xmodem:
ymodem:
Copy
Copy
Copy
Copy
from
from
from
from
b. Use the ? to display the destination options after a source file location is chosen. The flash: file system
for S1 is the source file system in this example.
S1# copy flash: ?
archive:
flash0:
flash1:
flash:
ftp:
http:
https:
idconf
null:
nvram:
rcp:
running-config
scp:
startup-config
syslog:
system:
tftp:
tmpsys:
xmodem:
ymodem:
Step 4: Transfer the running-config file from switch S1 to TFTP server on PC-A.
a. From the privileged EXEC mode on the switch, enter the copy running-config tftp: command. Provide
the remote host address of the TFTP server (PC-A), 192.168.1.3. Press Enter to accept default
destination filename (s1-confg) or provide your own filename. The exclamation marks (!!) indicate the
transfer process is in progress and is successful.
S1# copy running-config tftp:
Address or name of remote host []? 192.168.1.3
Destination filename [s1-confg]?
!!
1465 bytes copied in 0.663 secs (2210 bytes/sec)
S1#
The TFTP server also displays the progress during the transfer.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
Note: If you do not have permission to write to the current directory that is used by the TFTP server, the
following error message displays:
S1# copy running-config tftp:
Address or name of remote host []? 192.168.1.3
Destination filename [s1-confg]?
%Error opening tftp://192.168.1.3/s1-confg (Permission denied)
You can change the current directory in TFTP server by clicking Browse and choosing a different folder.
Note: Other issues, such as a firewall blocking TFTP traffic, can prevent the TFTP transfer. Please check
with your instructor for further assistance.
b. In the Tftpd32 server window, click Show Dir to verify that the s1-confg file has been transferred to your
current directory. Click Close when finished.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
c.
F70D0101 05050030
6E65642D 43657274
D2C59E23 102EC12E
35B38D90 E6F07CD4
0AF27EDC 6D6FA0E5
Save this file as a plain text file with a new filename, Switch1-confg.txt, in this example.
Note: When saving the file, an extension, such as .txt, may be added to the filename automatically.
d. In the Tftpd32 server window, click Show Dir to verify that the Switch1-confg.txt file is located in the
current directory.
Step 6: Upload running configuration file from TFTP server to switch S1.
a. From the privileged EXEC mode on the switch, enter the copy tftp running-config command. Provide
the remote host address of the TFTP server, 192.168.1.3. Enter the new filename, Switch1-confg.txt.
The exclamation mark (!) indicates the transfer process is in progress and is successful.
S1# copy tftp: running-config
Address or name of remote host []? 192.168.1.3
Source filename []? Switch1-confg.txt
Destination filename [running-config]?
Accessing tftp://192.168.1.3/Switch1-confg.txt...
Loading Switch1-confg.txt from 192.168.1.3 (via Vlan1): !
[OK - 1580 bytes]
[OK]
1580 bytes copied in 9.118 secs (173 bytes/sec)
*Mar 1 00:21:16.242: %PKI-4-NOAUTOSAVE: Configuration was modified.
memory" to save new certificate
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Issue "write
Page 7 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
*Mar 1 00:21:16.251: %SYS-5-CONFIG_I: Configured from tftp://192.168.1.3/Switch1confg.txt by console
Switch1#
After the transfer has completed, the prompt has changed from S1 to Switch1, because the running
configuration is updated with the hostname Switch1 command in the modified running configuration.
b. Enter the show running-config command to examine running configuration file.
Switch1# show running-config
Building configuration...
Current configuration : 3062 bytes
!
! Last configuration change at 00:09:34 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch1
!
boot-start-marker
boot-end-marker
<output omitted>
Note: This procedure merges the running-config from the TFTP server with the current running-config in
the switch or router. If changes were made to the current running-config, the commands in the TFTP copy
are added. Alternatively, if the same command is issued, it updates the corresponding command in the
switch or router current running-config.
If you want to completely replace the current running-config with the one from the TFTP server, you must
erase the switch startup-config and reload the device. You will then need to configure the VLAN 1
management address, so there is IP connectivity between the TFTP server and the switch.
Step 2: Transfer the running configuration from router R1 to TFTP server on PC-A.
a. From the privileged EXEC mode on R1, enter the copy running-config tftp command. Provide the
remote host address of the TFTP server, 192.168.1.3, and accept the default filename.
b. Verify that the file has been transferred to the TFTP server.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
Size(b)
260153344
262136
-
Free(b)
64499712
242776
-
Type
opaque
opaque
opaque
opaque
network
disk
disk
nvram
opaque
opaque
opaque
network
network
network
network
opaque
Flags
rw
rw
rw
rw
rw
rw
rw
rw
wo
rw
rw
rw
rw
rw
rw
ro
Prefixes
archive:
system:
tmpsys:
null:
tftp:
flash0: flash:#
flash1:
nvram:
syslog:
xmodem:
ymodem:
rcp:
http:
ftp:
scp:
tar:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
-
network
opaque
rw
ro
https:
cns:
b. Use dir command to verify the running-config has been copied to flash.
R1# dir flash:
Directory of flash0:/
1 drw0
<output omitted>
20 -rw67998028
4.M3.bin
22 -rw2169
24 -rw5865
25 -rw6458
ipsdir
c1900-universalk9-mz.SPA.152R1-running-config-backup
lpnat
lpIPSec
c.
Use the more command to view the running-config file in flash memory. Examine the file output and scroll
to the Interface section. Notice the no shutdown command is not included with the GigabitEthernet0/1.
The interface is shut down when this file is used to update the running configuration on the router.
R1# more flash:R1-running-config-backup
<output omitted>
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
<output omitted>
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
Use the show ip interface brief command to view the status of the interfaces. The interface
GigabitEthernet0/1 was not enabled when the running configuration was updated, because it is
administratively down.
R1# show ip interface brief
Interface
Embedded-Service-Engine0/0
GigabitEthernet0/0
GigabitEthernet0/1
Serial0/0/0
Serial0/0/1
IP-Address
unassigned
unassigned
192.168.1.1
unassigned
unassigned
OK?
YES
YES
YES
YES
YES
Method
unset
unset
TFTP
unset
unset
Status
administratively
administratively
administratively
administratively
administratively
down
down
down
down
down
Protocol
down
down
down
down
down
The interface can be enabled using the no shutdown command in the interface configuration mode on
the router.
Another option is to add the no shutdown command for the GigabitEthernet0/1 interface to the saved file
before updating the router running configuration file. This will be done in Part 6 using a saved file on a
USB flash drive.
Note: Because the IP address was configured by using a file transfer, TFTP is listed under the Method
heading in the show ip interface brief output.
Part 6: (Optional) Use a USB Drive to Back Up and Restore the Running
Configuration
A USB flash drive can be used to backup and restore files on a router with an available USB port. Two USB
ports are available on the 1941 routers.
Note: USB ports are not available on all routers, but you should still become familiar with the commands.
Note: Because some ISR G1 routers (1841, 2801, or 2811) use File Allocation Table (FAT) file systems, there
is a maximum size limit for the USB flash drives that can be used in this part of the lab. The recommended
maximum size for an ISR G1 is 4 GB. If you receive the following message, the file system on the USB flash
drive may be incompatible with the router or the capacity of the USB flash drive may have exceed maximum
size of the FAT file system on the router.
*Feb 8 13:51:34.831: %USBFLASH-4-FORMAT: usbflash0 contains unexpected values in
partition table or boot sector. Device needs formatting before use!
Step 1: Insert a USB flash drive into a USB port on the router.
Notice the message on the terminal when inserting the USB flash drive.
R1#
* *Feb
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
Size(b)
260153344
262136
7728881664
Free(b)
64512000
244676
7703973888
Type
opaque
opaque
opaque
opaque
network
disk
disk
nvram
opaque
opaque
opaque
network
network
network
network
opaque
network
opaque
usbflash
Flags
rw
rw
rw
rw
rw
rw
rw
rw
wo
rw
rw
rw
rw
rw
rw
ro
rw
ro
rw
Prefixes
archive:
system:
tmpsys:
null:
tftp:
flash0: flash:#
flash1:
nvram:
syslog:
xmodem:
ymodem:
rcp:
http:
ftp:
scp:
tar:
https:
cns:
usbflash0:
Step 3: Copy the running configuration file to the USB flash drive.
Use the copy command to copy the running configuration file to the USB flash drive.
R1# copy running-config usbflash0:
Destination filename [running-config]? R1-running-config-backup.txt
2198 bytes copied in 0.708 secs (3105 bytes/sec)
-rw-rw-rw-rw-rw-rw-
16216
2462
24810439
71
65327
2198
Nov 15
May 26
Apr 16
Jun 4
Mar 11
Feb 5
2006
2006
2010
2010
2008
2013
09:34:04
21:33:40
10:28:00
11:23:06
10:54:26
21:36:40
+00:00
+00:00
+00:00
+00:00
+00:00
+00:00
ConditionsFR.txt
Nlm.ico
Twice.exe
AUTORUN.INF
ConditionsEN.txt
R1-running-config-backup.txt
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
Router#
*Feb
Modify the file using a text editor. The no shutdown command is added to the GigabitEthernet0/1
interface. Save the file as a plain text file on to the USB flash drive.
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
no shutdown
duplex auto
speed auto
!
-rw-rw-rw-rw-rw-rw-
16216
2462
24810439
71
65327
2344
Nov 15
May 26
Apr 16
Jun 4
Mar 11
Feb 6
2006
2006
2010
2010
2008
2013
09:34:04
21:33:40
10:28:00
11:23:06
10:54:26
14:42:30
+00:00
+00:00
+00:00
+00:00
+00:00
+00:00
ConditionsFR.txt
Nlm.ico
Twice.exe
AUTORUN.INF
ConditionsEN.txt
R1-running-config-backup.txt
c.
IP-Address
unassigned
unassigned
192.168.1.1
unassigned
unassigned
OK?
YES
YES
YES
YES
YES
Method
unset
unset
TFTP
unset
unset
Status
administratively
administratively
up
administratively
administratively
Protocol
down down
down down
up
down down
down down
The G0/1 interface is enabled because the modified running configuration included the no shutdown
command.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
Reflection
1. What command do you use to copy a file from the flash to a USB drive?
_______________________________________________________________________________________
copy flash:filename usbflash0:
2. What command do you use to copy a file from the USB flash drive to a TFTP server?
_______________________________________________________________________________________
copy usbflash0:filename tftp:
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router R1
R1# show run
Building configuration...
Current configuration : 1283 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
boot-start-marker
boot-end-marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
memory-size iomem 15
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
password 14141B180F0B
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 070C285F4D06
login
transport input all
!
scheduler allocate 20000 1000
!
end
Switch S1
S1#show run
Building configuration...
Current configuration : 1498 bytes
!
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname S1
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 18
Lab Managing Device Configuration Files Using TFTP, Flash and USB
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.11 255.255.255.0
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
!
!
!
line con 0
password 045802150C2E
login
line vty 0 4
password 045802150C2E
login
line vty 5 15
password 045802150C2E
login
!
end
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 18 of 18
Objectives
Part 1: Research the Configuration Register
Part 2: Document the Password Recovery Procedure for a Specific Cisco Router
Research and record the process for password recovery on a specific Cisco router.
Background / Scenario
The purpose of this lab is to research the procedure for recovering or resetting the enable password on a
specific Cisco router. The enable password protects access to privileged EXEC and configuration mode on
Cisco devices. The enable password can be recovered, but the enable secret password is encrypted and
would need to be replaced with a new password.
In order to bypass a password, a user must be familiar with the ROM monitor (ROMMON) mode, as well as
the configuration register setting for Cisco routers. ROMMON is basic CLI software stored in ROM that can be
used to troubleshoot boot errors and recover a router when an IOS is not found.
In this lab, you will begin by researching the purpose and settings of the configuration register for Cisco
devices. You will then research and detail the exact procedure for password recovery for a specific Cisco
router.
Required Resources
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 4
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 4
Reflection
1. Why is it of critical importance that a router be physically secured to prevent unauthorized access?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Because the password recovery procedure is based on a console connection, which requires direct physical
access to the device, preventing unauthorized users access to the physical device is an imperative part of an
overall security plan.
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 4
Objectives
Explain how a small network of directly connected segments is created, configured and verified.
Students will demonstrate that they know how to design, configure, verify and secure a very small network.
Documentation and presentation are also vital parts of this Capstone Project.
Background /Scenario
Note: This activity is best completed in groups of 2-3 students.
Your design must include a minimum of one router, one switch, and one PC.
Fully configure the network and use IPv4 or IPv6 (subnetting must be included as a part of your
addressing scheme).
Secure the network using SSH, secure passwords and console passwords (minimum).
Create a rubric to use for informal peer grading. Alternatively, your Instructor may choose to use the
rubric provided with this activity.
Present your Capstone Project to the class and be able to answer questions from your peers and
Instructor!
Instructor notes: This Modeling Activity is suggested to be a graded assignment after completing
Chapters 1-11. Students should be able to show how small networks are designed, configured, verified
and secured. Documentation is a large factor of this project and students must be able to explain their
network design and verification through the use of show commands.
Required Resources
Packet Tracer
Reflection
1. What was the most difficult portion of this activity?
____________________________________________________________________________
Answers will vary.
2. Why do you think network documentation is so important to this activity and in the read world?
____________________________________________________________________________
Documentation is imperative to good network management and without it, network administrators have to
recreate topologies, physically check addressing, etc. This takes time, which could be used elsewhere.
A suggested rubric and documentation examples are provided below:
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 7
Points Earned
(20 suggested)
(20 suggested)
(20 suggested)
(20 suggested)
(20 suggested)
Create a small network of directly connected segments, at a minimum 1 router, 1 switch and 1 PC, and
include a screenshot of the network in your final documentation.
Configure the network to include switches, routers, and end devices and use your own network
addressing. You must use subnetting of some type and you can use either IPv4 or IPv6 logical
addressing. Create a table showing your physical addressing scheme for the router, switch, and PC and
include it in your final documentation.
Device Name
IP Address
Subnet Mask
Chapter_11
Gig0/0 192.168.1.30
255.255.255.224
S1
VLAN1 192.168.1.20
255.255.255.224
PC_Capstone
Fa0 192.168.1.10
255.255.255.224
Verify the network by using show commands (at least 5) to provide a performance baseline. Be able to
discuss why you chose the show commands you selected and what the output means (use all Packet
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 7
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 7
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 7
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 7
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 7
2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 7