NAT Basics Overview

NAT basics, also known as network address translation is an important part of the CCENT and
CCNA certification exams. When NAT is implemented it allows a router to translate the source
IPv4 address in the packet header as it crosses the router, changing the source address in the
packet from one address to another. This allows the sending computer’s message to appear as if
it is coming from another computer’s address. When you masquerade the origin of a computer’s
IPv4 address on a network it is known as a NAT firewall.

Network address translation is a primary reason that IPv4 addressing has survived and is still in
use today. The creation of NAT along with private IPv4 address ranges like 192.168.0.0 to
192.168.255.255, 172.16.0.0 to 172.31.255.255, and 10.0.0.0 to 10.255.255.255 has allowed for
the conservation of publicly routable IPv4 addresses. One of the results of NAT’s ability
translate public addresses at the router to private IPv4 addresses is that the advent of IPv6
addressing has essentially been delayed.

Configuring NAT
For the CCENT and the CCNA certifications you need to know how NAT works and how to
configure it on a Cisco router. In the following Packet Tracer exercise and accompanying video
tutorials, I demonstrate four different ways of configuring NAT.

 Static NAT translation

 Port forwarding static NAT translation
 NAT overload translation
  Dynamic NAT translation using a NAT Pool

Download
Download the Packet Tracer 6.3 activity here: NAT_practice_activity

NAT Basics Lab – Video Tutorials

Author DanPosted on April 29, 2017Categories CCNA 2, Cisco, Packet TracerTags

Dynamic NAT, NAT, NAT overload, PAT, Static NAT7 Comments on Configuring NAT basics
for the CCNA with Packet Tracer

VLANs and Trunks Packet Tracer 6.1 Activity

VLANs and Trunks – Activity Overview

In this graded Packet Tracer 6.1 activity you will configure two Cisco Catalyst 2960 switches
with VLANs and Trunks. The tasks include named VLANs, a trunk between two switches, and a
management IP address on each switch using switched virtual interfaces or SVIs. You will also
need to configure hostnames on the switches and each PC, with an IP address and subnet mask.

Instructions
1. Set the PC’s IP addresses based on the host address label and VLAN color code in the
topology diagram
2. Assign the switch hostnames based on their labels.
3. Configure the switch VLAN numbers and VLAN names according to the diagram.
4. Configure Interface VLAN88 (SVI) addresses on both switches according to the diagram.
5. Change the switchports as access ports and assign them to VLANs according to the diagram.
6. Configure G0/1 as a Trunk. Allow the listed VLANs only across the trunk and configure the
Native VLAN as shown
7. Shutdown the G0/2 interface.

Download
For this graded activity you will need Packet Tracer version 6.1 or higher.

VLANS-Switchports-Trunks-SVIs.zip

IOS CLI Commands for Switch S1

Switch> enable
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# vlan 10
S1(config-vlan)# name students
S1(config-vlan)# vlan 20
S1(config-vlan)# name faculty
S1(config-vlan)# vlan 30
S1(config-vlan)# name administration
S1(config-vlan)# vlan 88
S1(config-vlan)# name management
S1(config-vlan)# vlan 99
S1(config-vlan)# name native
S1(config-vlan)# exit
S1(config)# int range f0/1 – 8
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# int range f0/9 – 16
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
S1(config-if)# int range f0/17 – 23
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 30
S1(config-if)# int f0/24
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 88
S1(config-if)# int vlan 88
S1(config-if)# ip address 192.168.88.254 255.255.255.0
S1(config-if)# int g0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20,30,88,99
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# int g0/2
S1(config-if)# shut

Author DanPosted on January 26, 2015Categories CCNA 2, Cisco, Packet Tracer,

Switch, VLANLeave a comment on VLANs and Trunks Packet Tracer 6.1 Activity

Routing and Switching Essentials Practice Final – Packet

Tracer 6
Lab Overview – Routing and Switching Essentials Practice
Final
I designed this Packet Tracer 6 lab activity as a final review for the CCNA2: Routing and
Switching Essentials. This lab covers many of the skill and knowledge areas necessary for the
Cisco Academy CCNA5.0, Routing and Switching Essentials Final, Hands-on Lab Final and
Packet Tracer Final. This Packet Tracer activity also includes IPv6 configurations that are
covered in the new curriculum. You will need Packet Tracer 6.0.1 to open the activity file. The
activity tracks your overall progress and provides feedback on correctly executed tasks. Here is a
list of the knowledge and skill areas that it covers:

• IPv4 addressing and IPv6 addressing,

• VLANs, Trunks and InterVLAN routing,
• OSPFv2 and OSPFv3 for IPv6
• DHCPv4 as well as SLAAC and Stateless DHCPv6
• NAT for IPv4,
• ACLs and IPv6 ACLs,

The scoring is based on the total number of items correctly configured. Remember that when
entering configurations the system is case sensitive. When you are finished, you should be able
to communicate across the network. In this PT activity access to the CLI tab has not been
disabled. Have fun!

Download
CCNA2_RoutingNSwitching-practice-final.zip

Note: You will need Packet Tracer version 6.0.1 to open this activity

Video Tutorials

Author DanPosted on December 9, 2013Categories CCNA 2, Packet TracerLeave a

comment on Routing and Switching Essentials Practice Final – Packet Tracer 6

Packet Tracer 6 Activity – RIPng and IPv6

Overview
The goal in this activity is to configure an IPv6 network with the RIPng routing protocol. In
addition to configuring RIPng on the routers, you will need to configure all of the devices in the
network with the correct IPv6 addressing. The goal is to configure the routers and PCs with the
following information:
• Enable IPv6 routing on all routers,
• On all routers, configure link-local and global unicast IPv6 addresses with network prefix
lengths (see the network diagram),
• On routers R1, R2, and R3 configure the RIPng IPv6 routing protocol (use the name: RIP1 in
all caps as the routing process name),
• On router R1, configure a default route towards the ISP router, and use RIPng to distribute that
route to routers R2 and R3,
• On router ISP, configure a summary route to reach all of the subnets on R1, R2, and R3,
• On the PCs configure static IPv6 addresses with network prefix lengths, and gateway addresses
(see the network diagram),
• Configure hostnames on all routers and save the running configuration to the startup-
configuration file

The scoring is based on the total number of items correctly configured. Remember that when
entering configurations the system is case sensitive. When you are finished, you should be able
to communicate across the network (e.g. successfully ping PCB from PCA)

Download
RIPng.zip

Note: You will need Packet Tracer version 6.0.1 to open this activity

Spoiler Alert – read below if you are stuck and need help with the commands

IOS Command List

router>enable
router#configure terminal
router(config)#hostname R1
R1(config)#ipv6 unicast-routing
R1(config)#interface g0/0
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:DA:1::1/64
R1(config-if)#ipv6 rip RIP1 enable
R1(config-if)#no shut
R1(config-if)#interface s0/0/0
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:DA:2::1/64
R1(config-if)#ipv6 rip RIP1 enable
R1(config-if)#ipv6 rip RIP1 default-information originate
R1(config-if)#clock rate 128000
R1(config-if)#no shut
R1(config-if)#interface s0/0/1
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:CD1:C::2/64
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#ipv6 route ::/0 s0/0/1
R1(config)#exit
R1#copy running-config startup-config
R1#show running-config
R1#show ipv6 route
R1#show ipv6 int brief

Author DanPosted on November 24, 2013Categories CCNA 2, IPv6, Packet TracerLeave

a comment on Packet Tracer 6 Activity – RIPng and IPv6

Standard ACL Packet Tracer Challenge

Packet Tracer Challenge Overview
Learn the basics of using standard access lists with these Packet Tracer graded activities. In the
activities, the networks have been pre-configured. All you need to do is write the access list, and
decide where to apply it. Open the Packet Tracer files, follow the written instructions and the
instructions on the topology diagrams.

Standard ACL Practice #1

In this Packet Tracer exercise, the goal is to create a simple standard ACL to permit one network
and block the other. Follow the written instructions on where to apply the access list.

Download
The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will
track your progress and give you a completion percentage and point total. You can download it
here: standardACL-practice1.zip

Standard ACL Practice #2

In this exercise the goal is to permit two hosts, one from the yellow network and one from the
blue network, to reach the green network. In this exercise you need to figure out where to apply
the ACL so that the intended networks are effected. Hint: standard ACL are usually applied
closest to the destination network effected.
Download
The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will
track your progress and give you a completion percentage and point total. You can download the
file here: standardACL-practice2.zip

Author DanPosted on February 12, 2013Categories ACL, CCNA 2, Cisco, Packet

Tracer1 Comment on Standard ACL Packet Tracer Challenge

Switch & VLAN Packet Tracer Challenge

Switch & VLAN Packet Tracer Challenge Overview
A Packet Tracer graded activity. It covers basic Cisco CCNA switch configurations, VLANs,
native VLAN, trunk ports, port-security, and setting up secure remote administration with SSH.
Great practice for the the Cisco CCNA!

Download
The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will
track your progress and give you a completion percentage and point total. You can download it
here: BasicConfig-VLAN-Trunk-PortSec-SSH-challenge.zip

Activity Instructions
Configure the Network according to the Topology Diagram and Labels.
When you are finished, the PCs on the Student VLAN should be able to ping each other and so
should the PCs on the Faculty VLAN. The Admin PC should be able to SSH into S1 and S2 from
the command prompt (Eg. PC>ssh -l admin 192.168.99.2)

PCs
1. IP address (see topology),
2. subnet mask (see topology),
3. default gateway address (first usable address in network)

Cisco 2960 Switches: S1 & S2

1. name: S1, S2
2. enable password, md5 encrypted: class
3. domain name: danscourses.com
4. message of the day banner: Unauthorized access is prohibited!
5. console password: cisco
6. vty 0 15 password: cisco
7. Security RSA Key size: 1024
8. SSH version 2
9. vty: ssh only
10. VLAN 10: student
11. VLAN 20: faculty
12. VLAN 99: Mgt
13. Interface VLAN 99: S1-IP address 192.168.99.2, S2-IP address 192.168.99.3
14. Native VLAN 99
15. fa0/1 Trunk
16. fa0/2-0/13 access VLAN 10
17. fa0/14-0/24 access VLAN 20
18. Gi1/1 access VLAN 99
19. Encrypt all passwords
20. Save running-config to startup-config

Cisco 2960 Switch: S1 Only

1. Gi1/1 Switchport Port-Security, sticky, maximum 1 mac address, violation shutdown

Author DanPosted on February 9, 2013Categories CCNA 2, Cisco, Packet Tracer,

Switch, VLANLeave a comment on Switch & VLAN Packet Tracer Challenge

RIPv2 Packet Tracer Lab

Instructions
1. This is a classless addressing scenario (VLSM-CIDR), so you need a classless routing
protocol. For this lab use RIPv2.
2. The lab topology has discontiguous networks, so you will need to disable RIP auto-summary.
3. R2 needs to have a default static route to the internet through the ISP router. Use the next hop
ip address.
4. R2 needs to tell the other routers about its default route.
5. R2’s Fast Ethernet 0/1 interface should be passive.
6. Use passive-interface in order to not send routing updates to the LANs.
7. The ISP router should not use RIP, but instead use three static routes, two of the static routes
should be summary routes.
8. The routers with DCE interfaces should have the clock rate set to 64000
9. The router’s serial DTE interfaces should have the first usable ip address in the network and
the DCE interfaces should have the second usable ip address in the network.
10. All router LAN interfaces should have the first usable address in the network.
11. All PCs should have the x.x.x.10 host ip address.
12. Configure hostnames on all of the routers.

RIP Commands
R2(config)#router rip
R2(config-router)#version 2 //change to RIP version 2
R2(config-router)#no auto-summary //turn off default route
summarization
R2(config-router)#network //advertises a connected network to
neighboring RIP routers
R2(config-router)#network
R2(config-router)#network
R2(config-router)#default-information originate //distribute a
default route to neighboring RIP routers
R2(config-router)#passive-interface //stops RIP from advertising
routes out of an interface
R2(config-router)#end

Packet Tracer Graded Exercise

RIPv2_with_summary_routes.zip
 Author DanPosted on November 23, 2012Categories CCNA 2, Packet TracerLeave a
comment on RIPv2 Packet Tracer Lab

Configure the Network with RIP Packet Tracer Challenge

Overview
In the lab, we configure a network topology which includes three Cisco 1841 or 1941 routers,
three Cisco 2960 switches, and three PCs. The three routers need to be connected to each other
over serial connections. {loadposition adposition5}Each router also needs to be connected to a
switch over a fast ethernet (1841) or gigabit ethernet port (1941). Each PC needs to be connected
to a switch. The goal of the lab is to do the following things:

1) Wire all of the devices in the network as instructed,

2) Configure the ip addressing and names of all of the devices as instructed,
3) Configure the devices using CLI commands as instructed,
4) Configure RIP so all devices can communicate over the network,
5) Verify that all PCs can communicate with each other over the network

I have created a Packet Tracer Activity which has all of the lab instructions included in it and
will also check your results when you are finished. You will need Packet Tracer version 5.3.3.
You can download the activity by clicking here, :
CCNA2_Configure_the_Network_Challenge_1b.zip

Here is an image of the network topology at the start of the activity lab.

Lab Outline
1) Wire the network. The serial interfaces with .2 as the address should be the DCE.
2) Configure the ip addressing and names of all of the devices as shown in the topology
3) Configure the devices using the commands listed below
4) Configure RIP so all devices can communicate over the network

Notes:
• Login passwords should be “cisco” (no quotes)
• Enable secret should be “class” (no quotes)
• Clock rates should be set to 64000
• Interface descriptions should be based on the connected network subnet like: “network-1”,
“network-2”, up to “network-6”
• commands not listed below are: “enable” are “configure terminal”
• Start wiring the local area networks from the PCs using first available ethernet ports. PC1 to
S1(fa0/1) and S1(fa0/2) to R1(fa0/0). Start wiring serial ports clockwise starting from R1(0/0/0)
to R2 (0/0/0), R2(0/0/1) to R2 (0/0/0), etc.. (Remember the .2s should be the DCEs.)
• PCs should be configured with .10 host addresses, switches with .2 host addresses, and routers
with .1 and .2 host addresses (refer to diagram)
Router Commands
hostname <name>
banner motd <#No unauthorized access!#>
enable secret <password>
line console 0
password <password>
login
line vty 0 4
password <password>
login
int fa 0/0
ip address <ip addr> <mask>
description <description>
no shut
int s 0/0/0
ip address <ip addr> <mask>
clock rate <rate num> (only if the interface is the DCE)
description <description>
no shut
int s 0/0/1
ip address <ip addr> <mask>
clock rate <rate num> (only if the interface is the DCE)
description <description>
no shut
router rip
network <net address>
network <net address>
network <net address>
copy running-config startup-config

Switch Commands
hostname <name>
banner motd <#No unauthorized access!#>
enable secret <password>
line console 0
password <password>
login
line vty 0 15
password <password>
login
int vlan 1
ip address <ip addr> <mask>
no shutdown
ip default-gateway <ip addr>
copy running-config startup-config

LAN Design

Overview
A hierarchical network design model, as opposed to a flat network design model, creates a more
more functional network by differentiating network devices into core, distribution, and access
layers, which creates a hierarchy of network devices and gives the network the following
benefits:

• Scalability – is improved because having distribution layer 3 switches segments the network,
creates multiple broadcast domains, and distributes routing duties, this in turn allows the ability
to add more access layer switches and add more host computers.
• Redundancy – instead of having only one way out of the network, a hierarchical network
design creates redundant, interconnected (meshed) distribution layer and core layer switches
allowing more paths for traffic to flow.
• Manageability – centralized management software can manage from the distribution layer
• Enhanced bandwidth resources – greater network segmentation will lead to better bandwidth
availability
• Enhanced Security – having more than one distribution layer switch allows differentiated
security policies and network security services

Hierarchical Network Design Model

 Access Layer -This layer is used to connect end devices to the network such as PC’s, IP phones,
and Printers. This layer may also include switches and routers especially workgroup switches
which connect to end users. The Access Layer is also used to allow and control which devices
can communicate on the network.
 Distribution Layer -This is the layer where we apply filtering and apply network policies. The
distribution layer controls the flow of the network, adds redundancy, and adds routing functions
between VLANs. High performance switches.
 Core Layer – The core is the backbone of the network and it requires the highest level of
bandwidth, typically fiber optic connections. The core connects to the ISP and has major routers
and switches with redundancy. The core interconnects the distribution layer switches and
routers.

Switch Attributes
  Port Security – The ability to configure which host MAC addresses can be on a port, and
shutdown ports if they are not the specified host MAC addresses.
 PoE (power over ethernet) – The ability to use certain ethernet wire pairs for electrical power
instead of data.
 Link Aggregation – The ability to have multiple ports work together as uplink ports, effectively
doubling and tripling uplink speeds.
 QoS (quality of service)- The ability to distinguish and prioritize certain kinds of traffic like voice
data.
 Port Density – How many ports a switch has.
 VLANs (virtual local area networks) – The ability to create VLANs and assign ports to separate
VLANs
 Access List Control – Layer 3 functionality. A layer 3 switch, which is a switch and a router
combined is needed.

Switch Types
 Fixed Configuration Switches -Cannot be changed or altered, port density is set.
 Modular Switches – Can be altered by adding switch blade ports.
 Stackable Switches – Special high speed backplane for connecting the switches together.

Switching Modes
 Store and Forward – Slowest, most reliable
 Cut Through Switching – Faster, but less reliabl
 Fast Forward – Fastest, least reliable. The switch forwards the packet/frame once it has stripped
off the destination MAC address.
 Fragment Free – Second fastest. The switch forwards the packet after reading the first 64 bytes.

Basic Switch Configuration and Port Security

Switch Security Overview

In the video tutorials below, I show how to use Packet Tracer to build a small LAN with a Cisco
2960 Switch, three PC clients, and two PC servers, one of the servers is placed on a separate
VLAN for management purposes. Excellent review and study for the Cisco CCNA exam. The
networking tasks that are accomplished in the videos are:

• Changing the management VLAN on the switch,

• Configuring the switch with an IP address,
• Configuring the switchports as access ports and assigning them to VLANs,
• Remotely connecting to the switch with telnet,
• Configuring passwords for console and virtual terminal ports,
• Configure privileged user mode with an md5 encrypted password,
• Configuring the hostname on the switch,
• Testing LAN connections with the Ping utility,
• Backing up the switch configuration file and IOS image file to a TFTP server using the copy
command,
• Using the show mac-address-table command,
• Configuring switchport port-security and sticky mac address

Configure a Switch for SSH Secure Access

SSH Overview
The ability to remotely manage your Cisco switch or router is very important. Network
administrators are usually not sitting next to the switch or router with a laptop and a console
interface connection. There are various methods of managing a network device like a switch or
router, remotely over the network. Remote management can be accomplished through a browser
based interface (web browser) or more commonly through a terminal interface (CLI). Cisco
switches and routers can be configured to use Telnet or SSH for remote terminal access. Telnet is
not desirable because it is an unencrypted protocol that sends messages in clear text over the
network. SSH is preferred to Telnet because it uses strong key based, encryption techniques to
secure data transmission.

VLANs and Trunks

VLANs Overview
VLANs – A switches is used to set up a local area network (LAN). A VLAN stands for a virtual
local area network. By default, all of the ports on a Cisco switch are part of the same default
VLAN (VLAN1) and therefore the same network. A VLAN is a network and a network is a
broadcast domain. If you configure various switch ports for separate VLANs, then the devices on
those ports will belong to separate VLANs and therefore, will be segmented into separate
broadcast domains and networks. This is effectively like dividing a switch into multiple
switches. This is cost effective, because instead of having multiple switches, each for a different
network, you can have one switch configured for multiple VLANs and you can assign the ports
on that switch to belong to whatever VLAN you need the host to belong to.

VLAN Types
Data VLAN – A data VLAN carries only user data not management data, control data or voice
data.

Default VLAN – On a Cisco switch the default VLAN is VLAN1. This means that by default,
when a Cisco switch boots up for the first time all the ports are automatically assigned to the
default VLAN, VLAN1. You cannot delete or rename VLAN1 but you can assign the ports on
the switch to a different VLAN. It is considered best practice to make all of the user ports on the
switch belong to a different default VLAN, one other than VLAN1. In this way, control data
such as CDP and STP (spanning tree protocol) which are by default carried on VLAN1 would be
on a separate VLAN from user data.

Native VLAN – The native VLAN, if not explicitly configured, will default to the default
VLAN, (VLAN1). The Native VLAN is configured for an 802.1Q Trunk port. 802.1Q trunks
carry traffic from multiple VLANs by tagging the traffic with VLAN identifiers (Tagged Traffic)
which identifies which packets are associated with which VLANs, and they can also carry non
VLAN traffic from legacy switches or non 802.1Q compliant switches (Untagged Traffic). The
switch will place untagged traffic on the Native VLAN by using a PVID identifier. Native
VLAN traffic is not tagged by the switch. It is a best practice to configure the Native VLAN to
be different than VLAN1 and to configure it on both ends of the trunk.

Management VLAN – The management VLAN is any VLAN you configure to allow a host to
connect to the switch and remotely manage it. The management VLAN will need to be
configured with an IP address and subnet mask to allow a manager to connect to the switch by
either a web interface (HTTP), Telnet, SSH, or SNMP.

VLAN ID Ranges
Normal Range

 1 to 1005
 VLAN1 (default), created by default, cannot be deleted
 VLAN1002-1005 (Token Ring and FDDI default), created by default and cannot be deleted
 Stored in the VLAN.dat file in Flash memory

Extended Range

 1006 – 4094
 Extended VLAN range used by ISPs
 Stored in Running-Config

Trunks – If you have a switch that has ports variously configured on four different VLANs, then
that switch has four different networks on it. When you connect that switch to a router or to
another switch you will need four ethernet connections or links, one for each VLAN/network. A
more cost effective way to connect a switch with multiple VLANs to a router or switch would be
to configure a Trunk. A Trunk is a special kind of port configuration which allows multiple
VLANs to travel over one link. This way multiple networks can travel over one trunk instead of
wasting valuable ports to connect from switch to switch or switch to router. A Cisco trunk by
default uses the 802.1Q protocol. The 802.1Q protocol places and strips VLAN tags on packets
to identify which VLAN they belong to.

CLI Commands
switch#show vlan
switch#show interfaces trunk
switch(config)#vlan <vlan number>
switch(config-vlan)#name <vlan name>

switch(config)#interface fa0/x
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan <1-4096>

switch(config-if)#switchport mode trunk

switch(config-if)#switchport trunk allowed vlan <1-1005>
switch(config-if)#switchport trunk native vlan <1-1005>

VLANs and Trunks Packet Tracer 6.1 Activity

VLANs and Trunks – Activity Overview

In this graded Packet Tracer 6.1 activity you will configure two Cisco Catalyst 2960 switches
with VLANs and Trunks. The tasks include named VLANs, a trunk between two switches, and a
management IP address on each switch using switched virtual interfaces or SVIs. You will also
need to configure hostnames on the switches and each PC, with an IP address and subnet mask.
Instructions
1. Set the PC’s IP addresses based on the host address label and VLAN color code in the
topology diagram
2. Assign the switch hostnames based on their labels.
3. Configure the switch VLAN numbers and VLAN names according to the diagram.
4. Configure Interface VLAN88 (SVI) addresses on both switches according to the diagram.
5. Change the switchports as access ports and assign them to VLANs according to the diagram.
6. Configure G0/1 as a Trunk. Allow the listed VLANs only across the trunk and configure the
Native VLAN as shown
7. Shutdown the G0/2 interface.

Download
For this graded activity you will need Packet Tracer version 6.1 or higher.

VLANS-Switchports-Trunks-SVIs.zip

IOS CLI Commands for Switch S1

Switch> enable
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# vlan 10
S1(config-vlan)# name students
S1(config-vlan)# vlan 20
S1(config-vlan)# name faculty
S1(config-vlan)# vlan 30
S1(config-vlan)# name administration
S1(config-vlan)# vlan 88
S1(config-vlan)# name management
S1(config-vlan)# vlan 99
S1(config-vlan)# name native
S1(config-vlan)# exit
S1(config)# int range f0/1 – 8
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# int range f0/9 – 16
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
S1(config-if)# int range f0/17 – 23
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 30
S1(config-if)# int f0/24
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 88
S1(config-if)# int vlan 88
S1(config-if)# ip address 192.168.88.254
255.255.255.0
S1(config-if)# int g0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan
10,20,30,88,99
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# int g0/2
S1(Switch & VLAN Packet Tracer Challenge

Switch & VLAN Packet Tracer Challenge Overview

A Packet Tracer graded activity. It covers basic Cisco CCNA switch configurations, VLANs,
native VLAN, trunk ports, port-security, and setting up secure remote administration with SSH.
Great practice for the the Cisco CCNA!

Download
The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will
track your progress and give you a completion percentage and point total. You can download it
here: BasicConfig-VLAN-Trunk-PortSec-SSH-challenge.zip

Activity Instructions
Configure the Network according to the Topology Diagram and Labels.
When you are finished, the PCs on the Student VLAN should be able to ping each other and so
should the PCs on the Faculty VLAN. The Admin PC should be able to SSH into S1 and S2 from
the command prompt (Eg. PC>ssh -l admin 192.168.99.2)

PCs
1. IP address (see topology),
2. subnet mask (see topology),
3. default gateway address (first usable address in network)

Cisco 2960 Switches: S1 & S2

1. name: S1, S2
2. enable password, md5 encrypted: class
3. domain name: danscourses.com
4. message of the day banner: Unauthorized access is prohibited!
5. console password: cisco
6. vty 0 15 password: cisco
7. Security RSA Key size: 1024
8. SSH version 2
9. vty: ssh only
10. VLAN 10: student
11. VLAN 20: faculty
12. VLAN 99: Mgt
13. Interface VLAN 99: S1-IP address 192.168.99.2, S2-IP address 192.168.99.3
14. Native VLAN 99
15. fa0/1 Trunk
16. fa0/2-0/13 access VLAN 10
17. fa0/14-0/24 access VLAN 20
18. Gi1/1 access VLAN 99
19. Encrypt all passwords
20. Save running-config to startup-config

config-if)# shut

Routers and Routing Intro

Overview
Some of the ideas that are covered in this section are how Cisco routers are put together, their
different types of memory, their various interfaces both LAN and WAN, and their start-up
processes? Allso in this section there is a review on how to configure a router, how to bring up
its interfaces, and how to issue show commands to read its status. This first part of CCNA 2 also
covers in an introductory way the router’s routing table, and static versus dynamic routing.

Router Memory
Similar yet different from a regular computer, the router has different kinds of memory ROM,
Flash, NVRAM, and SDRAM which all have different functions:

 ROM – POST, Bootstrap, and ROMMON

 Flash – IOS
 NVRAM – Configuration File
 SDRAM – Running-Config, Routing Table, IOS (everything is loaded and executed from RAM)

Notice: The router is a computer but it does not have a traditional hard drive to store files and the
operating system, this is accomplished in Flash memory and NVRAM memory.

Bootup Process
1. POST – ROM memory,
2. Bootstrap – ROM memory,
3. Load the IOS – the router has an ordered routine for loading the IOS
1. Flash Memory – the IOS is typically loaded from Flash memory
2. TFTP – if there is no IOS in Flash, the router will search for a network TFTP server,
3. ROM – if there is no IOS found, the router defaults to a recovery IOS called Rommon,
4. Load the Startup-Config – the router has an ordered routine for loading the startup-config file
1. NVRAM memory – the startup-config file is typically loaded from NVRAM memory
2. TFTP – if there is no config file in NVRAM, the router will search for a network TFTP
server,
3. Setup-Mode – if there is no configuration file found, the router defaults to setup-mode

The Function of the Router

The router’s purpose or function is to find the best path (route) and switch out of the correct
interface. The router will make the decision of the “best path” by first determining the
destination network, and second by consulting its routing table.

Static Routing and Dynamic Routing

Routers can be configured to route traffic based on static routes that have to be manually entered
by an administrator or by dynamic routes that are created dynamically by a routing protocol.
Static routing is a good choice for networks that: never change, are small in size or have only
one router, or have only one way out of the network. Dynamic routing is a good choice if a
network has multiple routers, is part of a larger network, or if the network changes frequently.
For instance, in a situation where the network changes, with a dynamic routing protocol if a
network goes down, the routers will inform each other automatically through the routing
protocol, and the route will be removed from the routing table; with static routing, if a network
goes down, an administrator will have to go in and remove the the static route manually.

There is a difference between routed or routable protocols and routing protocols. A routed
protocol is a protocol that is routable over multiple networks like the internet. Today the de facto
routed protocol is TCP/IP. A routing protocol is a protocol used by routers to share information
with each other, specifically information about available routes. Examples of routing protocols
would be RIP, EIGRP, OSPF, and ISIS.

For the Cisco CCNA certification exam you will need to know how to configure an interior
gateway routing protocol in a multiple router network. You will be required to know the
following interior gateway routing protocols: RIPv1, RIPv2, EIGRP, and OSPF.

Routed Protocols
TCP/IP
IPX/SPX (Novell – no longer in use)
Apple Talk (Apple – no longer in use)

Routing Protocols

RIP v1 – interior gateway protocol, IETF – RFC1058, open standard

RIP v2 – interior gateway protocol, IETF, open standard
EIGRP – interior gateway protocol, Cisco proprietary
OSPF – interior gateway protocol, IETF, open standard
ISIS – interior gateway protocol, covered in CCNP
BGP – exterior gateway protocol, covered in CCNP

Interior Gateway Routing Protocol Types

Distance Vector Link State

RIP v1 OSPF (VLSM/CIDR)

RIP v2 (VLSM/CIDR) ISIS (VLSM/CIDR)

EIGRP (VLSM/CIDR)

The Routing Table and RIP