CCNA Lab Guide

www.ccieuniversity.com

Static Route Configuration .............................................................................................................. 2
Basic Configuration Of RIPV1 .......................................................................................................... 3
RIPV2 Basic Configuration ............................................................................................................... 3
RIP Extended Lab ............................................................................................................................. 4
RIP Equal Cost Load Balancing ......................................................................................................... 6
EIGRP Basic Configuration Lab ........................................................................................................ 7
EIGRP MD5 Authentication Configuration Lab ................................................................................ 8
OSPF Basic Configurationand DR BDR Selection Lab ....................................................................... 9
OSPF extend configuration lab ...................................................................................................... 10
Route Redistribution Configuration Lab ........................................................................................ 12
Switch Basic Configuration And Port Security ............................................................................... 13
Switch Vlan Configuration Lab ...................................................................................................... 14
Switch Vlan Trunk Configuration Lab ............................................................................................ 15
Switch VTP Configuration Lab ....................................................................................................... 16
Switch STP Basic Configuration Lab ............................................................................................... 17
Routing Between Vlans - Router On A Stick .................................................................................. 18
Frame-Relay Basic Configuration Lab ............................................................................................ 19
Static Frame-Relay Map Configuration Lab ................................................................................... 21
Distance Vector Routing Protocol in Frame-Relay Network Lab ................................................... 22
Frame-Relay Point to Point Sub-interface Configuration Lab ....................................................... 24
Frame-Relay Multi-Point Sub-interface Configuration Lab ........................................................... 25
PPP PAP Authentication Basic Lab Configuration.......................................................................... 26
PPP CHAP Authentication Basic Lab Configuration ....................................................................... 27
Static Nat And Dynamic Nat Basic Configuration Lab ................................................................... 27
Basic Standard ACL Configuration Lab .......................................................................................... 28
Basic Extended ACL Configuration Lab .......................................................................................... 29
Named Extended ACL Configuration Lab ...................................................................................... 30
ACL Working on VTY Line Configuration Lab ................................................................................. 31
IPV6 Basic Configuration Lab ......................................................................................................... 31


Static Route Configuration
Topology

Lab Purpose: Master static route and default route configuration
Lab Requirement 1: The whole network should be reachable
R1 use egress static route configuration
R2 use next hop interface static route configuration
R2 should perform load balance to network 10.1.1.128/30
R2 should perform load balance to network 10.1.1.128/30
R3 use next hop + egress interface static route configuration
R4 use default route to access other network
Lab Steps:
Step 1 Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2 Config static route on the 4 routers.
R1(config)#ip route 10.1.1.64 255.255.255.252 s0
R1(config)#ip route 10.1.1.128 255.255.255.252 s0
R2(config)#ip route 10.1.1.128 255.255.255.252 10.1.1.66
R2(config)#ip route 10.1.1.128 255.255.255.252 192.168.1.2
Tips: If you want to enable packet based load balance, You need to
disable Cisco CEF first.
R2(config)#no ip cef
R2(config)#int s1
R2(config-if)#no ip route-cache
R2(config)#int e0
R3(config)#ip route 10.1.1.0 255.255.255.252 s1 10.1.1.65
R4(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.129

Lab Requirement 2: Change load balance to floating static route on
R2, packets should prefer ethernet to serial line, when ethernet is
down, route should switch to serial line automatically.
Lab Steps: Change the Administrative Distance of static route to
enable the function of floating static route.
R2(config)#no ip route 10.1.1.128 255.255.255.252 10.1.1.66
R2(config)#ip route 10.1.1.128 255.255.255.252 10.1.1.66 2

Before we shutdown E0 interface on R2, ethernet is preferred.
S 10.1.1.128 [1/0] via 192.168.1.2

After we shutdown E0 interface on R2, the route switch to use serial
line.
S 10.1.1.128 [2/0] via 10.1.1.66

By www.ccieuniversity.com


Basic Configuration Of RIPV1
Topology

Lab Purpose: Master RIPV1 basic configuration
Lab Requirement: The whole network should be reachable by ripv1
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
Step 2: Config RIPV1 on the 3 routers.
R1(config)#router rip //enable rip
R1(config-router)#version 1 //assign rip version 1
R1(config-router)#network 172.16.0.0 //RIP's main network announce
R1(config-router)#network 10.0.0.0
R2(config)#router rip
R2(config-router)#version 1

Tips:RIPV1 is based on UDP port 520 and using broadcast to send
period update.
Timer: Sending updates every 30 seconds, next due in 27 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Version: Default version control: send version 1, receive version 1
Route summary: Automatic network summarization is in effect
Load balance: Maximum path: 4
Administrative Distance: (default is 120)


RIPV2 Basic Configuration
Topology

Lab Purpose: Master RIPV2 basic configuration, watch the auto
summarization of RIPV2, master how to change RIP timer.
Lab Requirement: The whole network should be reachable by ripv2


Lab Steps:
Step 2: Config RIPV2 on the 3 routers.
R1(config-router)# network 10.0.0.0
Step 3: Use show ip route to check whether there is auto summarize
Step 4: Disable auto summarize to see the changes
R1(config-router)#no auto-summary
Step 5: change the 4 timers on R1
R1(config-router)#timers basic 20 120 120 160
The above 4 value are update, Invalid, hold down, flushed
Tips:RIPV2 is based on UDP port 520 and using multicast to send
triggered update.


RIP Extended Lab
Topology


Lab Purpose:Master RIPV2 manual summarize configuration
Master RIPV2 passive interface and unicast update configuration
Master RIPV2 authentication configuration

Lab Requirement:
Only R1 can learn routes from R3, R2 can't learn routes from R3，R2
can only use default route to reach other network.
Enable RIP MD5 authentication between R3 and R4.
Manually summary network from 172.16.1.0 to 172.16.3.0 on R4.
Disable split horizon on R4.
The Whole network should be reachable.

Lab Steps:

Step 2: Enable RIP on R1 R3 R4.

Step 3: config default route on R2.
R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.3

Step 4: Config passive interface and unicast update, so R2 can not
learn route from R3.
R3(config-router)#passive-interface E0
R3(config-router)#neighbor 192.168.1.1
Tips: You could use debug ip rip to observe the unicast update.

Step 5: enable RIP MD5 authentication between R3 and R4.
R3(config)#key chain www.ccieuniversity.com
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string cisco
R3(config-keychain-key)#exit


R3(config-keychain)#exit
R4(config-keychain-key)#exit
R4(config-keychain)#exit
Enable rip md5 authentication on interface：
R3(config)#interface s0
R3(config-if)#ip rip authentication mode md5
R3(config-if)#ip rip authentication key-chain www.ccieuniversity.com
R4(config-if)#ip rip authentication mode md5
R4(config-if)#ip rip authentication key-chain www.ccieuniversity.com
Step 6:config route summarize on R4.
R4(config-if)#ip summary-address rip 172.16.0.0 255.255.252.0

Step 7: disable split horizon on R4 s0, and use debug ip rip to
check it.
R4(config-if)#no ip split-horizon
R4(config-if)#end

RIP Equal Cost Load Balancing
Topology

Lab Purpose: Master RIP Equal Cost Load Balancing configuration,
learn how to modify load balancing path.

Lab Requirement: Based on connectivity RIP should do load balancing.

Lab Steps:
Step 2: Enable RIP on 3 routers


Step 3: Check route table of R2 to see whether there are 2 routes
for network 13.0.0.0
Step 4: If you want to enable packet based load balance, You need to
disable Cisco CEF first.
R2(config-if)#no ip cef
R2(config-if)#no ip cef
Step 5: "ping 13.0.0.1 source 2.2.2.2" and "debug ip packet" to
check RIP Equal Cost Load Balancing feature.

Step 6: Change the maximum load balancing number of RIP to 6
Use show ip protocols we can see Maximum path: 4
Change the number to 6：
R2(config-router)#maximum-paths 6
Tips: Before IOS 12.3 the maximum number is 6, after 12.3 it could
be up to 16.


EIGRP Basic Configuration Lab
Topology

Lab Purpose:
Master EIGRP basic configuration
Observe EIGRP auto summary

Lab Steps:
Step 2: Enable EIGRP on the 3 routers
R1(config)#router eigrp 100 //EIGRP Autonomous System
R1(config-router)#network 172.16.1.0 0.0.0.255


R2(config)#router eigrp 100
Step 3:Use "show ip route" to observe the auto summary feature
Step 4:Disable auto summary then "show ip route" again

EIGRP MD5 Authentication Configuration Lab
Topology

Lab Purpose:
Master EIGRP basic configuration
Master EIGRP MD5 Authentication Configuration

Lab Steps:
Step 2: Enable EIGRP on the 3 routers
R1(config)#router eigrp 100 //EIGRP Autonomous System

Step 3:Use "show ip route" to observe the auto summary feature

Step 4:enable MD5 authentication on 3 routers
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100






OSPF Basic Configurationand DR BDR Selection Lab
Topology

Lab Purpose: Master OSPF basic configuration.
Master manually assign RID(Router ID).
Master how to modify ospf interface priority.
Observe DR BDR selection process.
Lab Requirement: R3 would be the DR,R2 would be BDR, R4 will not
participate in the selection.

Lab Steps:

Step 2: Enable ospf on the 3 Routers


R1(config)#interface lo0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config)#router ospf 100
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.1.0 0.0.0.3 area 1

Step 3: Use "show ip ospf neighbors" to see the DR BDR selection
result.

Step 4: Modify R4 E0 interface priority to 0 then it will not
participate in the DR BDR selection.
R4(config)#int E0
R4(config-if)#ip ospf priority 0
Tips: The default ospf interface priority is 1, so R2 and R3 should
compare RID to decide who will be DR, as 3.3.3.3 is greater than
2.2.2.2, so R3 would be DR.


OSPF extend configuration lab
Topology

Lab Purpose:
Master OSPF area summarization configuration.
Master OSPF simple password and MD5 authentication configuration.


Learn how to modify OSPF hello interval, dead interval, and cost
value.
Lab Requirement:
Enable route summary from area 1 to area 0.
Enable simple password authentication between R1 and R2.
Enable MD5 authentication between R2 and R3.
Modify hello interval to 5 and dead interval to 10 between R3 and R4.
Modify R4 s0 cost to 80.
Enable OSPF neighbor log on all Routers.
Lab Steps:

Step 2: Enable OSPF on all routers
R1(config-router)#log-adjacency-changes //enable OSPF neighbor log
R2(config-router)#log-adjacency-changes

Step 3: Enable area 1 route summary on R2
R2(config-router)#area 1 range 172.16.0.0 255.255.248.0

Step 4:Enable MD5 authentication between R2 and R3
R2(config)#int s1
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
R2(config-if)#ip ospf authentication message-digest
R3(config)#int s1
R3(config-if)#ip ospf message-digest-key 1 md5 cisco
R3(config-if)#ip ospf authentication message-digest
Step 5: enable simple password authentication between R1 and R2
R1(config)#int s0
R1(config-if)#ip ospf authentication-key cisco
R1(config-if)#ip ospf authentication
R2(config)#int s0
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#ip ospf authentication
Step 6:Modify hello、dead interval
R3(config)#int s0
R3(config-if)#ip ospf hello-interval 5
R3(config-if)#ip ospf dead-interval 20
R4(config)#int s0
R4(config-if)#ip ospf hello-interval 5
R4(config-if)#ip ospf dead-interval 20
Step 7: Modify R4 interface s0 cost
R4(config)#int s0
R4(config-if)#ip ospf cost 80


Use "show ip ospf interface so" to see all the modify value
including RID, priority, area, timer, cost, etc.

Route Redistribution Configuration Lab
Topology

Lab Purpose: Master redistribution configuration between different
routing protocols.
Lab Requirement: The whole network should be reachable with out
static route nor default route.
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram.
Step 2: Enable RIPV2 on R1, enable RIPV2 EIGRP OSPF on R2, enable
EIGRP on R3，enable OSPF on R4.
Step 3: redistribute routing protocols on R2.


R2(config-router)#redistribute eigrp 100 metric 2
R2(config-router)#redistribute ospf 100 metric 2
R2(config-router)#redistribute rip metric 2000 1 255 1 1500
//EIGRP combine metric
R2(config-router)#redistribute ospf 100 metric 2000 1 255 1500
R2(conf t)#router ospf 100
R2(config-router)#redistribute rip metric 64 subnets
R2(config-router)#redistribute eigrp 100 metric 64 subnets
Tips: Command "subnets" in OSPF redistribution is to allow
subnets prefix join the OSPF route table.

Switch Basic Configuration And Port Security
Topology

Lab Purpose:
Master switch basic configuration.
Master switch port security configuration.
Lab Requirement: finish basic configuration including ip address, default gateway.
Enable port security on Fa0/3 to allow maximum 10 mac address to be learn, others
will be dropped.
Lab Steps:
Step 1: basic configuration
Switch(config)#ip default-gateway 192.168.1.1
//If without default gateway you can not access the switch from
different network.
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.1.2 255.255.255.0
Switch(config-if)#no shutdown
//set up switch management ip address.
Switch(config)#int fa0/1


Switch(config-if)#duplex full
Switch(config-if)#speed 100
Step 2:enable port security.
Switch(config-if)#int fa0/3
Switch(config-if)#switchport mode access
//only access mode can enable port security
Switch(config-if)#switchport port-security maximum 10
//set the maximum learned mac address number to 10
Switch(config-if)#switchport port-security violation protect
//drop the exceeded frames

Switch Vlan Configuration Lab
Topology

Lab Purpose:
Master vlan basic configuration.
Master interface assign vlan configuration.
Lab Requirement: create vlan2 and vlan3，vlan name is HR、ENG
Assign pc1 in vlan2, assign pc2 in vlan3
Lab Steps:
Step 1:create VLAN2 and VLAN3
Switch#conf t
Switch(config)#vlan 2
Switch(config-vlan)#name HR
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#name ENG
Step 2: assign the 2 PC connected interfaces to the 2 vlan.
Switch(config-if)#switchport access vlan 2
Switch(config-if)#end
Switch(config-if)#switchport access vlan 3
Switch(config-if)#end
Step 3:Use "show vlan brif" to check the vlan table.


Switch Vlan Trunk Configuration Lab
Topology

Lab Purpose: Master trunk basic configuration
Lab Requirement: create vlan2 on both SW1 and SW2, set up trunk link
between SW1 and SW2.
Lab Steps:

Step 1: Create vlan2 and assign pc1 pc2 connected switch interfaces
to vlan2.
SW1#conf t
SW1(config)#vlan 2
SW1(config-vlan)#name HR
SW1(config-vlan)#exit
SW1(config)#int fa0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 2
SW2#conf t
SW2(config)#vlan 2
SW2(config-vlan)#name HR
SW2(config-if)#switchport access vlan 2
Step 2: Set up trunk link between the 2 switches.
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW2(config-if)#switchport mode trunk


Switch VTP Configuration Lab
Topology

Lab Purpose: Master VLAN and VTP configuration
Lab Requirement: Set VTP to www.ccieuniversity.com , password
www.ccieuniversity.com.
Set SwitchA to VTP Server mode，create VLAN 10 name ccieuniversity1
and VLAN 20 name ccieuniversity2，enable VTP pruning.
Set SwitchB to VTP Client more，assign interfaces Fa0/1—10 to
VLAN10, Fa0/11—20 to VLAN20.
Set SwitchC to VTP Transparent mode.

Lab Steps:
Step 1: AS VTP information based on trunk link transfer，So we set
up trunk link first.
SwitchA(config)#int f0/0
SwitchA(config-if)#switchport trunk encapsulation dot1q
SwitchA(config-if)#switchport mode trunk
SwitchA(config)#int f0/1
SwitchA(config-if)#switchport trunk encapsulation dot1q
SwitchA(config-if)#switchport mode trunk
SwitchB(config)#int f0/0
SwitchB(config-if)#switchport trunk encapsulation dot1q
SwitchB(config-if)#switchport mode trunk
SwitchC(config)#int f0/0
SwitchC(config-if)#switchport trunk encapsulation dot1q
SwitchC(config-if)#switchport mode trunk

Step 2: Enable VTP Server mode and pruning on SwitchA, then create
vlans
SwitchA(config)#vtp mode server
SwitchA(config)#vtp domain www.ccieuniversity.com
SwitchA(config)#vtp password www.ccieuniversity.com
SwitchA(config)#vtp pruning
SwitchA#vlan 10 name ccieuniversity1
SwitchA#vlan 20 name ccieuniversity2

Step 3: Enable VTP Client mode on SwitchB
SwitchB(config)#vtp mode client
SwitchB(config)#vtp domain www.ccieuniversity.com
SwitchB(config)#vtp password www.ccieuniversity.com

Step 4: Enable VTP transparent mode on SwitchC
SwitchC(config)#vtp mode transparent


Step 5: Check SwitchB vlan information to see whether there are
automatically created vlan10 and vlan20.

Step 6: Check whether SwitchB and SwitchC could create vlans.

Switch STP Basic Configuration Lab
Topology

Lab Purpose:
Observed STP working principal, learn how to change STP common
parameters such as STP priority, STP interface cost, STP interface
priority.
Learn how to modify a switch to a primary root or a secondary root.
Learn how to enable rapid STP.

Lab Requirement: SW1 should become the primary root，SW2 will be the
secondary root.
Modify SW3 Fa0/24 interface priority to 64.
Modify SW3 and SW4 Fa0/20 interface cost to 5.
Lab Steps:
Step 1: Use "show spanning-tree" command to see the default
PVST+(Per Vlan Spanning Tree)

Step 2: enable or disable STP for specific vlan.
Switch(config)#spanning-tree vlan 2 //enable STP for vlan2,the
default is enable.
Switch(config)#no spanning-tree vlan 2 //disable STP for vlan2

Step 3: Modify STP priority to make SW1 be primary root，SW2 be
secondary root.
SW1(config)#spanning-tree vlan 1 priority 24576
SW2(config)#spanning-tree vlan 1 priority 28672
Tips: Switch STP priority must be multiple of 4096
Also you could use the following command to decide who is
primary root and who is secondary root.
SW1(config)#spanning-tree vlan 1 root primary
Tips: Sw1 will set it's STP priority lower than all others' in the network.


SW2(config)#spanning-tree vlan 1 root secondary
Tips: Sw2 will set it's STP priority only higher than SW1 and lower than all others in the
network.

Step 4: Modify SW3 Fa0/24 STP priority to 64
SW3(config-if)#spanning-tree vlan 1 port-priority 64
Tips: STP interface priority should be multiple of 16
Step 5: Modify SW3、SW4 Fa0/20 cost to 5
SW3(config-if)#spanning-tree vlan 1 cost 5
SW4(config-if)#spanning-tree vlan 1 cost 5
Step 6: enable rapid STP.
SW1(config)#spanning-tree mode rapid-pvst

Routing Between Vlans - Router On A Stick
Topology

Lab Purpose: Master "router on a stick" configuration.

Lab Requirement:
1 Make R1 R2 work as host
2 R1 F0/0 ip address is 192.168.1.2 default gateway is 192.168.1.1
3 R2 F0/0 ip address is 192.168.2.2 default gateway is 192.168.2.1
4 Create VLAN5 and VLAN10 on SW1，assign R1 to VLAN5，assign R2 to
VLAN10.
5 Enable routing between vlans on R3.
6 Ping package can go trough R1 and R2.

Lab Steps:
Step 1: Disable R1 R2 routing function
R1(config)#no ip routing //disable routing function


R1(config)#ip default-gateway 192.168.1.1 //set default
gateway
R1(config)#int fa0/0
R1(config-if)#ip add 192.168.1.2 255.255.255.0
R1(config-if)#no shutdown
R2(config)#no ip routing
R2(config)#ip default-gateway 192.168.2.1
R2(config-if)#ip add 192.168.2.2 255.255.255.0
Step 2: Create and assign vlans on SW1.
SW1#conf t
SW1(config)#vlan 5
SW1(config)#vlan 10
SW1(config-if)#switchport access vlan 5 SW1(config-if)#exit
SW1(config-if)#switchport access vlan 10 SW1(config-
if)#exit
Step 3: Create trunk between SW1 and R3.
SW1(config-if)#switchport mod trunk
SW1(config-if)#no shutdown
SW1(config-if)#exit
Step 4: Encapsulate vlans on R3.
R3(config)#ip routing
R3(config)#int fa0/0.5
R3(config-subif)#encapsulation dot1q 5
R3(config-subif)#ip add 192.168.1.1 255.255.255.0
R3(config-subif)#no shutdown
R3(config-subif)#exit
R3(config)#int fa0/0.10
R3(config-subif)#encapsulation dot1q 10
Step 5: Ping between R1 and R2 to make sure the router on a stick is
working properly.

Frame-Relay Basic Configuration Lab
Topology


Lab Purpose: Master frame-relay principal, frame-relay switch basic
configuration, frame-relay client basic configuration.

Lab Requirement: frame-relay encapsulationis IETF, LMI type is ANSI.
Make the whole frame-relay network full-mesh and could ping from
each other.
Frame-relay Clients are in 10.1.1.0/24 network.

Lab Steps:
Step 1: Frame-relay switch configuration.
FR(config)#frame-relay switching //enable frame-relay switching
globally.
FR(config)#int s0/0
FR(config-if)#encapsulation frame-relay ietf
FR(config-if)#frame-relay intf-type dce
FR(config-if)#clock rate 64000
FR(config-if)#frame-relay lmi-type ansi
FR(config-if)#frame-relay route 102 interface s0/1 201
FR(config-if)#no shutdown
FR(config)#int s0/1
FR(config)#int s0/2
Step 2: Frame-relay client configuration.
R1(config)#int s0
R1(config-if)#encapsulation frame-relay ietf
R1(config-if)#frame-relay lmi-type ansi


R1(config-if)#ip add 10.1.1.1 255.255.255.0
R2(config)#int s0
R2(config-if)#ip add 10.1.1.2 255.255.255.0
R3(config)#int s0
R3(config-if)#ip add 10.1.1.3 255.255.255.0
Step 3:ping between clients to check the FR connectivity.

Static Frame-Relay Map Configuration Lab
Topology

Lab Purpose: Master inverse arp principal.
Master static IP/DLCI match configuration.
Lab Requirement: Disable frame-relay inverse arp, create static IP
DLCI map on clients.
Lab Steps:

Step 1: Disable inverse-arp on frame-relay switch.
FR(config)#int s0/0
FR(config-if)#no frame-relay inverse-arp
FR(config)#int s0/1
FR(config)#int s0/2

Step 2: Create frame-relay map on the 3 FR clients.
R1(config)#int s0
R1(config-if)#frame-relay map ip 10.1.1.2 102


R2(config)#int s0
R3(config)#int s0

Step 3:use "show frame-relay map" command to check the created
IP/DLCI map, and check the ping connectivity.
R1#show frame-relay map
Serial0 (up): ip 10.1.1.2 dlci 102(0x66,0x1860), static,
IETF, status defined, active
Serial0 (up): ip 10.1.1.3 dlci 103(0x67,0x1870), static,
IETF, status defined, active

R1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
32/60/80 ms
R1#ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/61/96
ms

Distance Vector Routing Protocol in Frame-Relay Network Lab
Topology


Lab Purpose: Observe distance vector routing protocol running in
frame-relay network.
Lab Requirement: enable EIGRP on frame-relay network and learn route
from each other.

Lab Steps:
Step 1: Finish the basic ip and frame-relay configuration

Step 2: Add a loopback interface on all routers for future test.
R1(config)#int lo0
R1(config-if)#ip add 172.16.1.1 255.255.255.0
R2(config)#int lo0
R2(config-if)#ip add 172.16.2.1 255.255.255.0
R3(config)#int lo0
R3(config-if)#ip add 172.16.3.1 255.255.255.0
Step 3: Enable EIGRP on R1 R2 R3, announce the necessary network.

Step 4: Check R2 R3 routing table and observe the effect of split
horizon.

Step 5: Disable R1 S0 EIGRP split horizon to insure necessary update.

R1(config-if)#no ip split-horizon eigrp 100


Frame-Relay Point to Point Sub-interface Configuration Lab
Topology

Lab Purpose: Master frame-relay point to point sub-interface
configuration.
Lab Requirement: Enable frame-relay point to point sub-interface on
R1 to solve split horizon issue.
Lab Steps:
Step 1: Create 2 frame-relay point to point sub-interface on R1.
Sub-interfaces are on different networks.
R1(config)#int s0
R1(config-if)#no ip address
R1(config-if)#exit
R1(config)#int s0.1 point-to-point
R1(config-subif)#frame-relay interface-dlci 102
R1(config-fr-dlci)#exit
R1(config)#int s0.2 point-to-point
R1(config-subif)#end
Under frame-relay point to point sub-interface EIGRP is working
properly without disabling split horizon.


Frame-Relay Multi-Point Sub-interface Configuration Lab
Topology

Lab Purpose: Master frame-relay multi-point sub-interface
configuration.

Lab Steps:
Step 1: Finish basic configuration.

Step 2: Enable multi-point interface on R1.
R1(config)#int s0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no ip address
R1(config)#int s0.1 multipoint
R1(config-subif)#ip add 10.1.1.1 255.255.255.0 / Same network
as R2 and R3.
Tips: Frame-Relay multi-point sub-interface will bring split-horizon
issue as the common frame-relay interface do.


PPP PAP Authentication Basic Lab Configuration
Topology

Lab Purpose: Master ppp one way authentication configuration for pap.

Lab Requirement: R2 is the ppp authentication server, R1 and R3 are
clients.

Lab Steps:
Step 1: PPP sever configuration on R2.
R2(config)#username R1 password cisco
R2(config)#username R3 password cisco
R2(config)#int s1
R2(config-if)#encapsulation ppp
R2(config-if)ppp authentication pap
R2(config)#int s0
R2(config-if)# ppp authentication pap

Step 2: PPP client configuration on R1 and R3.
R1(config)#int s0
R1(config-if)#ppp pap send-username R1 password cisco
R3(config)#int s1
R3(config-if)# ppp pap send-username R3 password cisco



PPP CHAP Authentication Basic Lab Configuration
Topology

Lab Purpose: Master ppp one way authentication configuration for pap.

Lab Steps: Enable ppp chap authentication on all routers interfaces.

R1(config)#username R2 password www.ccieuniversity.com
R1(config)#int s0
R1(config-if)# ppp authentication chap
R2(config)#int s0
R2(config)#int s1
R3(config)#int s1


Static Nat And Dynamic Nat Basic Configuration Lab
Topology

Lab Purpose: Master static and dynamic NAT configuration.

Lab Requirement: Add static nat translation for host 192.168.1.2,
192.168.1.5, add dynamic nat translation for network 192.168.1.0/24.

Lab Steps:


Step 2: Add a default route on router NAT.
NAT(config)#ip route 0.0.0.0 0.0.0.0 200.200.100.2
Step 3: Create static translation for host 192.168.1.2 and
192.168.1.5
NAT(config)#ip nat inside source static 192.168.1.2 200.200.100.129
NAT(config)#ip nat inside source static 192.168.1.5 200.200.100.130
Step 4: Create dynamic translation for network 192.168.1.0/24
NAT(config)#access-list 1 permit 192.168.1.0 0.0.0.255
NAT(config)#ip nat pool public 200.200.100.129 200.200.100.254
netmask 255.255.255.128
NAT(cinfig)#ip nat inside source list 1 pool public
Step 5: Assign inside and outside interface for router NAT.
NAT(config)#int f0/0
NAT(config-if)#ip nat inside
NAT(config)#int s0/0
NAT(config-if)#ip nat outside


Basic Standard ACL Configuration Lab
Topology

Lab Purpose: Master basic standard ACL configuration

Lab Requirement: Deny all traffic from R1 to R3.

Lab Steps:
Step 1: Finish the basic IP and route configuration according to the
diagram, and test connectivity.
R1(config)#ip route 10.1.1.64 255.255.255.252 10.1.1.2
R3(config)#ip route 10.1.1.0 255.255.255.252 10.1.1.65

Step 2: add a standard ACL to block the traffic from R1 to R3.
R3(config)#access-list 1 deny 10.1.1.1 0.0.0.0
Or use the host command.
R3(config)#access-list 1 deny host 10.1.1.1
Tips: As there is a default deny any at the bottom of the ACL, so
add permit any to allow other traffic.
R3(config)#access-list 1 permit any
Choose the right direction to assign the ACL.
R3(config)#int s1
R3(config-if)#ip access-group 1 in



Basic Extended ACL Configuration Lab
Topology

Lab Purpose: Master basic extended ACL configuration

Lab Requirement: Deny icmp traffic from network 192.168.1.0, only
pc1 can access FTP server.

Lab Steps:

Step 1: finish basic ip configuration and enable RIPV2 on the 3
routers.
R1(config-rotuer)#network 10.0.0.0

Step 2: Create an extended ACL on R3 to deny traffic from network
192.168.1.0
R3(config)#access-list 102 deny icmp 192.168.1.0 0.0.0.255 any
R3(config)#access-list 102 permit ip any any
R3(config)#int e0
R3(config-if)ip access-group 102 in

Step 3: Create an extended ACL on R1 to allow only pc1 to access the
FTP server.
Tips：normally FTP server is using tcp port 20 and 21 to communicate
with FTP clients.
R1(config)#access-list 110 permit tcp 192.168.1.1 0.0.0.0 172.16.1.2
0.0.0.0 eq 21
R1(config)#access-list 110 permit tcp 192.168.1.1 0.0.0.0 172.16.1.2
0.0.0.0 eq 20
R1(config)#int s0
R1(config-if)#ip access-group 110 in



Named Extended ACL Configuration Lab
Topology

Lab Purpose: Master basic extended ACL configuration

Lab Requirement: Deny icmp traffic from network 192.168.1.0, only
pc1 can access FTP server.

Lab Steps:

Step 1: finish basic ip configuration and enable RIPV2 on the 3
routers.

Step 2: Create an named extended ACL on R3 to deny traffic from
network 192.168.1.0
R3(config)#ip access-list extended deny_icmp
R3(config-ext-nacl)#deny icmp 192.168.1.0 0.0.0.255 any
R3(config-ext-nacl)#permit ip any any
R3(config)#int e0
R3(config-if)#ip access-group deny_icmp in

Step 3: Create an named extended ACL on R1 to allow only pc1 to
access the FTP server.
Tips：normally FTP server is using tcp port 20 and 21 to communicate
with FTP clients.
R1(config)#ip access-list extended deny_ftp
R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2
0.0.0.0 eq 20
R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2
0.0.0.0 eq 21
R1(config)#int s0
R1(config-if)#ip access-group deny_ftp in



ACL Working on VTY Line Configuration Lab
Topology

Lab Requirement: Only PC1 can remote access the router.

Lab Steps:

Router(config)#access-list 1 permit host 172.16.1.3
Router(config)#line vty 0 15
Router(config-line)#password www.ccieuniversity.com
Router(config-line)#login
Router(config-line)#access-class 1 in


IPV6 Basic Configuration Lab
Topology

Lab Purpose: Master IPV6 basic principal and configuration

Lab Requirement: Add IPV6 address and IPV6 static route on R1 and R2.

Lab Steps:

Step 1: Add IPV6 address on R1 and R2.
R1(config-if)#ipv6 address 2001:aaaa:1::1/64


R1(config-if)#exit
R1(config)#interface s1/1
R1(config-if)#clock rate 64000
R1(config-if)#end
R2(config)#interface s1/0
R2(config-if)#clock rate 64000
R2(config-if)#exit
R2(config-if)#end
Step 2: Enable IPV6 routing on R1 and R2.
R1#conf t
R1(config)#ipv6 unicast-routing
R2#conf t
R2(config)#ipv6 unicast-routing
Step 3: Add static IPV6 route on R1 and R2.
R1(config)#ipv6 route 2001:aaaa:3::/64 s1/1
R2(config)#ipv6 route 2001:aaaa:1::/64 s1/0


CCNA Lab Guide

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie CCNA Lab Guide

Ähnlich wie CCNA Lab Guide (20)

CCNA Lab Guide