Labmannual

Lab manual
Contents
SL No. TOPICS PAGE No.
1 Command Line Interface 2
2 Static Routing 5
3 Wan Protocols 10
4 RIP and IGRP Protocols 14
5 TELNET 21
6 SDM – Security Device Manager 24
7 ACL- Access Control List 27
8 NAT – Network Address Translation 31
9 OSPF and EIGRP 35
10 RIP V2 43
11 Frame relay 50
12 Switching 59
13 Intervlan 63
14 Virtual Private Network 69
15 Internet Protocol Version 6 71
16 Wireless LAN 79
17 Booting 81

Lab manual
COMMAND LINE INTERFACE (CLI)
• To enter the hyper terminal
Programs  Accessories  Communication HyperTerminal
(HyperTerminal window opens)
-prompts for the screen name (not the router name)
-connect to window  select com1  ok
-com1 properties window  select restore default  ok
• Switch ON the router (if new router that is not configured it will ask -----
Would u like to enter initial configuration dialog[yes/no]: no
Press return to get started (enter)
Router>
* User Mode/User Executable Mode
Router> enable (enter)
Router#
* Privileged Mode/Enable Mode – Executable Mode.
The following commands can be executed in this mode
Router#show running-config(enter)
Router#debug xxx
Router#copy xxx
Router#configure terminal(enter)
Router(config)#
* Global Configuration Mode - Any configuration change in this mode affects the
whole router.
Router(config)#interface e 0/fastethernet 0/ S0 / S 1(enter)
Router(config-if)#
* Specific Configuration Mode – configuration changes to specific part of the
router like lines and interfaces.

Lab manual
• Setting User mode Password
Router(config)#Line console 0(enter)
Router(config-line)#password xxxx
Router(config-line)#login
• To set username & password for the user mode
Router(config)#username xxxx password xxxx
Router(config)#Line console 0
Router(config-line)#login local
• To change the hostname
Router(config)#hostname HOR(enter)
HOR(config)#
• T o encrypt all the passwords
Router(config)#service password-encryption
• To set password for the privileged mode
Router(config)#enable password/secret xxxx

Lab manual
QUESTIONS
1 . What are the different modes in a router?
o Router> ------------- User mode or the user executable mode
Enable (enter)
o Router# ---------- Privileged mode/Enable mode
Show running-config
Debug xxx
Ping A.B.C.D
o Router# configure terminal (enter)
Router(config)# ----------- Global configuration mode
o Router(config)#interface ethernet 0/fastethernet 0/serial 0/ serial 1(enter)
o Router(config)# line console 0
Router(config-if/line)# ---------- Specific configuration mode
2 . Difference between Login and Login Local?
o Login activates the usermode entry password for a single user without username.
o Login local activates the username and password for the same usermode, incase of multiple
users.
3 . How to encrypt our passwords?
o Router(config)#service password-encryption – Encrypts all the passwords at a time. The
passwords once encrypted, cannot be decrypted by any command.
4 . How to set password to the user mode?
o Router(config)#Line console 0(enter)
Router(config-line)#password xxxx
Router(config-line)#login - Login activates the usermode entry password for a single user
without username.
5 . How to set password to the privilege mode?
o Router(config)#enable password/secret xxxx
6 . How to set username and password to the user mode?
o Router(config)#username xxxx password xxxx
o Router(config-line)#login local - Login local activates the username and password for the
same usermode, incase of multiple users.

Lab manual
STATIC ROUTING
DTE DCE
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10n/w 30 n/w
E0 S0 S0 E0
HOR BOR
R1(config)#interface e 0 R2(config)#interface e 0
R1(config-if)#ip address 10.0.0.1 255.0.0.0 R2(config-if)#ip address 30.0.0.1 255.0.0.0
R1(config-if)#no shutdown * R2(config-if)#no shutdown
R1(config)#interface s 0 R2(config)#interface s 0
R1(config-if)#ip address 20.0.0.1 255.0.0.0 R2(config-if)#ip address 20.0.0.2 255.0.0.0
R1(config-if)#no shutdown R2(config-if)#clock rate 64000
R2(config-if)#no shutdown
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2 **
R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1 **
* All interfaces are administratively down when the router is switched on. We change their
status to up by using the command ‘no shutdown’.
** In static routing, we are manually adding the destination network to our Routing table.
 Router(config-if)# ip route <dest. N/W> <DSNM> <next hop addr>
Next hop address refers to the address of the next router that receives the packet and then
forwards it to the remote location.
R1 R2

Lab manual
Commands
1 . Router#show running-config
This will display the current configuration of the router.
2 . Router#show controllers serial 0
To identify the DCE & DTE ends of the Serial cable.
3 . Router#show interface ethernet 0
This will displays the details of ethernet interface.
4 . Router#show interface serial 0
This will display the details of serial interface.
5. Router#show ip interface brief
This will display the interface & line protocol status in a tabular format.
Outputs
Router#sh running-config
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
!
interface Ethernet1
no ip address
shutdown
!
interface Serial0
ip address 20.0.0.2 255.0.0.0
clockrate 64000
!
interface Serial1
no ip address
shutdown
!
IP route 30.0.0.0 255.0.0.0 20.0.0.1
!
line con 0
line aux 0
line vty 0 4
login
!
End

Lab manual
Router#sh int e0
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 0010.7b80.c3c6 (bia 0010.7b80.c3c6)
Internet address is 10.0.0.1/8
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
Router#sh int s0
Serial0 is up, line protocol is up
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keep alive set (10 sec)
Router#show ip int brief
State 1 - When both no shutdown and clock rate is applied to corresponding interfaces
Interface IP-Address OK? Method Status Protocol
Ethernet0 30.0.0.1 YES manual up up
Serial0 20.0.0.2 YES manual up up
State 2 - When clock rate is not given on DCE end & layer 1 problem
Serial0 20.0.0.2 YES manual up down
State 3 - When the other end serial interface is shut down
Serial0 20.0.0.2 YES manual down down

Lab manual
Router#show controllers s 0
HD unit 0, idb = 0xB883C, driver structure at 0xBDB98
buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is not set
C 20.0.0.0/8 is directly connected, Serial0
C 10.0.0.0/8 is directly connected, Ethernet0
S 30.0.0.0/8 [1/0] via 20.0.0.1
Router#sh protocols
Global values:
Internet Protocol routing is enabled
Ethernet1 is administratively down, line protocol is down
Serial1 is administratively down, line protocol is down

Lab manual
Questions
1 . How to assign an IP address to the Router and configure it?
o Router(config)interface e 0 / s 0
Router(config-if)ip address <IP addr> <SNM>
Router(config-if)no shutdown
 We assign our default-gateway as the IP address to the ethernet port.
 When the router is switched ON, by default all the interfaces are administratively
down. To make the interfaces up we give no shutdown
2 . Why and where we use the clock rate?
o The serial line has two ends DTE and DCE. This line goes up and down when IP address
and no shutdown is configured on both sides and will be in asynchronous state always. To
synchronize the link clock rate should be configured at DCE end.
3 . How to find out the DCE end?
o Router#sh controllers s 0
4 . Difference between
Request timed out
Destination host unreachable
Reply from <ip add> : <byte= > time<xms TTL=xxx
o Request timed out
When the packet is lost in transition, we will get “request timed out” message.
o Destination host unreachable
If the host doesn’t know the route to the destination - “Destination unreachable”
message is displayed i.e., the specified address is not present in the routing table
o Reply from <ip add> : <byte= > time<xms TTL=xxx
Reply from the destination indicates that the connection exists
 Time To Live (TTL) – a field in an IP header that indicates the no. of routers (hops) the
packet can cross. TTL for systems is 128 and for routers it is 255. If the destination is
not reached before the TTL expires, then the packet is dropped. This stops IP packets
from continuously circling around in the network looking for a home.
WAN PROTOCOLS

Lab manual
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10 N/w 30 N/w
E0 S0 S0 E0
 Make sure you are able to ping the destination network before you configure WAN
Protocols
R1(config)#int s 0
R1(config-if)#encapsulation PPP
R1(config-if)#exit
 When line protocol is not same on both routers, then the state of the link goes up and
down i.e. the encapsulation on R1 --- PPP, R2 --- HDLC.
R2(config)#int s 0
R2(config-if)#encapsulation PPP
R2(config-if)#exit
CHAP
R1(config)#username R2 password 123
R1(config)#int s 0
R1(config-if)#PPP authentication CHAP
R2(config)#int s 0
R2(config-if)#PPP authentication CHAP
 In case of CHAP, the user password should be the same. Here 3-way handshake takes
place.
PAP
R1(config)#int s 0
R1(config-if)#PPP authentication PAP
R1(config-if)#PPP PAP sent-username R1 password 321
R2(config)#int s 0
R2(config-if)#PPP authentication PAP
R2(config-if)#PPP PAP sent-username R2 password 123
 In PAP, the username and password is sent manually.
R2R1

Lab manual
COMMANDS
1. Router#sh int s 0
To check the encapsulation in the serial interface
2. R1#debug PPP authentication
To debug PPP authentication
OUTPUTS
Router#sh int s0
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
hor#debug ppp authentication ( PAP )
Se0 PPP: Treating connection as a dedicated line
Se0 PPP: Phase is AUTHENTICATING, by both
Se0 PAP: O AUTH-REQ id 2 len 12 from "hor"
Se0 PAP: I AUTH-REQ id 2 len 12 from "bor"
Se0 PAP: Authenticating peer bor
Se0 PAP: O AUTH-ACK id 2 len 5
Se0 PAP: I AUTH-ACK id 2 len 5
HOR#debug ppp authentication ( CHAP )
Se0 PPP: Treating connection as a dedicated line
Se0 PPP: Phase is AUTHENTICATING, by both
Se0 CHAP: O CHALLENGE id 21 len 24 from "HOR"
Se0 CHAP: I CHALLENGE id 20 len 24 from "BOR"
Se0 CHAP: O RESPONSE id 20 len 24 from "HOR"
Se0 CHAP: I RESPONSE id 21 len 24 from "BOR"
Se0 CHAP: O SUCCESS id 21 len 4
Se0 CHAP: I SUCCESS id 20 len 4
Questions

Lab manual
1 . Different WAN Protocols?
o HDLC – High level Data Link Control
o PPP – Point-to-Point Protocol
o Frame-Relay
2 . Difference between PPP and HDLC?
PPP HDLC
Open Protocol Cisco Proprietary
Authentication is allowed. Authentication is not possible
PAP CHAP
3 . What are the advantages of using PPP encapsulation over ISDN links?
o PPP authentication prevents unauthorized callers from establishing an ISDN circuit.
o PPP can be implemented among different equipment vendors.
4 . How PAP and CHAP works?
o PAP
Username is xxx and password xxxx
Authentication Request
Authentication Acknowledgement
 When the username and password are matched in the HOR Database, BOR is allowed.
o CHAP
Can I Talk to you
Challenge
Response
Success / Failure
 Message Digest (Message Integrity) is one of the forms of Encryption
HOR BOR
HOR BOR
HOR BOR

Lab manual
Packet + Hash Function =Message Digest
1. MD 5 is one-way process.
2. It is always constant.
3. A small change will result in a big change in MD.
5 . What command would you enter to display the CHAP authentication as it occurs in
real time?
o debug PPP authentication
6 . Difference between PAP and CHAP?
o CHAP is more secure than PAP as the password is encrypted here using MD5,
while in PAP the clear text password is sent over the link.
7 . The output shown below was taken from two directly connected routers. Based on the
output of these two routers, What happen when the below command Router#show interface
serial 0 is entered?
Corp#show running-config
!
Isdn switch-type basic-5ess
Username Remote password cisco
!
interface s0
ip address 192.168.0.1 255.255.255.0
encapsulation ppp
Remote#show running-config
!
Isdn switch-type basic-5ess
Username Corp password Cisco
!
interface s0
ip address 192.168.0.2 255.255.255.0
encapsulation ppp
ppp authentication chap
o The passwords in the username do not match, so the link will not come up and the line
protocol will be down, which would make LCP closed. Both the usernames and the
passwords are case sensitive.

Lab manual
RIP AND IGRP Protocols
DCE DTE
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10 n/w E0 S0 S0 E0 30 n/w
HOR BOR
RIP
R1(config)#router RIP * R2(config)#router RIP
R1(config-router)#network 10.0.0.0 R2(config-router)#network 20.0.0.0
IGRP
R1(config)#router IGRP 123 ** R2(config)#router IGRP 123
* In RIP, we specify only those networks that belong to us. RIP sends routing table updates to
its neighbors for every 30secs. RIP uses hop count as a unit of metric. The administrative distance
of RIP is 120
** IGRP uses autonomous number system. Here, only the networks that come under the same
autonomous system number will communicate with each other. Autonomous number is provided
by ISP. (By default, networks in different Autonomous system will not communicate, for different
Autonomous systems to communicate redistribution should be done - CCNP concept).
IGRP sends updates for every 90secs and uses bandwidth and delay as unit of metric. IGRP has
an administrative distance of 100
R1 R2

Lab manual
Commands
1 . Router#debug ip rip
It shows the updates sent to the neighbor routers for every 30 sec.
2. Router#Clear ip route *
This allows the routing table to switch to the new updates by clearing the old entries.
3 . Router#debug ip igrp transactions
Displays the routing table updates that is sent for every 90sec
4 . Router#Undebug all (u all)
To stop all debug commands those are active.
5 . Router#debug ip routing
Displays the dynamic changes made in the routing table
Time Intervals RIP IGRP
Update Interval 30 90
Hold-down timer 180 280
Invalid after 180 270
Flushed after 240 630

Lab manual
Outputs
Router#debug ip rip
RIP protocol debugging is on
Router#
00:29:26: RIP: received v1 update from 20.0.0.1 on Serial0
00:29:26: 30.0.0.0 in 1 hops
00:29:30: RIP: sending v1 update to 255.255.255.255 via Ethernet0 (10.0.0.1)
00:29:30: network 20.0.0.0, metric 1
00:29:30: network 30.0.0.0, metric 2
00:29:30: RIP: sending v1 update to 255.255.255.255 via Serial0 (20.0.0.2)
00:29:30: network 10.0.0.0, metric 1
00:29:55: RIP: received v1 update from 20.0.0.1 on Serial0
00:29:55: 30.0.0.0 in 1 hops
Router#debug ip igrp transactions
IGRP protocol debugging is on
Router#
00:26:16: IGRP: sending update to 255.255.255.255 via Ethernet0 (10.0.0.1)
00:26:16: network 20.0.0.0, metric=8476
00:26:16: network 30.0.0.0, metric=8576
00:26:16: IGRP: sending update to 255.255.255.255 via Serial0 (20.0.0.2)
00:26:16: network 10.0.0.0, metric=1100
00:26:32: IGRP: received update from 20.0.0.1 on Serial0
00:26:32: network 30.0.0.0, metric 8576 (neighbor 1100)
Router#debug ip igrp events
IGRP event debugging is on
Router#
00:22:47: IGRP: received update from 20.0.0.1 on Serial0
00:22:47: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.
00:22:47: IGRP: Total routes in update: 1
00:23:40: IGRP: sending update to 255.255.255.255 via Ethernet0 (10.0.0.1)
00:23:40: IGRP: sending update to 255.255.255.255 via Serial0 (20.0.0.2)

Lab manual
Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 20.0.0.0/8 is directly connected, Serial0
C 10.0.0.0/8 is directly connected, Ethernet0
R 30.0.0.0/8 [120/1] via 20.0.0.1, 00:00:06, Serial0
E:ftp 30.0.0.10
connected to 30.0.0.10
220 mohan Microsoft FTP service <version 5.0>.
user <30.0.0.10:<none>>:anonymous
331 Anonymous access allowed, send identity <e-mail name> as password.
Password:
230 Anonymous user logged in
ftp> dir
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
09-17-07 07:41PM 26 Frame.txt
09-17-07 07:41PM 9 Igrp.txt
09-17-07 07:41PM 32 Isdn.txt
09-17-07 07:40PM 10 Rip.txt
226 Transfer complete.
ftp:247 bytes received in 0.00seconds 284000.00kbytes/sec.
ftp>get frame.txt
200 PORT command successful.
226 Transfer complete.
ftp:28 bytes received in 0.00seconds 26000.00kbytes/sec.
ftp>bye

Lab manual
Questions
1. Difference between Static Routing & Dynamic Routing?
o In static routing, we are manually adding the destination network to our Routing table.
o In Dynamic Routing, the protocols build the routing table automatically.
2. Difference between RIP and IGRP?
Interior Gateway Routing Protocol Routing Information Protocol
Uses autonomous number system. Does not use autonomous number system.
Works only on Cisco routers. Works on multi-vendor routers.
Sends updates for every 90secs. Sends updates for every 30secs.
Bandwidth, delay and distance as a unit of
metric.
Hop count as a unit of metric.
Administrative distance is 100 Administrative distance is 120
Has a maximum hop count of 100 Has a maximum hop count of 16
.
Time Intervals RIP IGRP
Update Interval 30 90
Hold-down timer 180 280
Invalid after 180 270
Flushed after 240 630

Lab manual
3 . What is Routing loop and when it occurs?
Distance-vector routing protocols sends routing table updates at regular intervals to keep
track of any changes in the Internetwork. Routing loops can occur when a network outage happens
and no router is updated with the change in routing table.
Ra Rb Rc Re
n/w 3 n/w 4 n/w 5
Rd
o Assume that the first update has been received by every router and now they are in the due
of 29sec.
o Now, the interface to Network 5 is down and also all routers know about Network 5.
Then Re prompts Rc to stop routing to Network 5 through it. But Ra, Rb and Rd don’t
know about Network 5 yet, so they keep sending the updates.
o Rc will be sending its update and cause Rb to stop routing to Network 5, but Ra and Rd
are not updated. To them, it appears that Network 5 is still available through Rb.
o Ra will continue to send its updates for every 30secs and unfortunately Rb and Rd
receives a message that Network 5 can be reached from Ra. So Rb and Rd sends the
information that Network 5 is available.
o Any packet destined for Network 5 will go from Ra to Rb and then back to Ra. This leads
to a routing loop.
3. Methods to avoid Routing loop?
Maximum hop count:
When the routing loop occurs, the hop count increases indefinitely each time a packet
passes through a router. To resolve this maximum hop count was defined. RIP permits hop count
up to 15, so anything that requires 16th hop will be considered as unreachable.
Split horizon:
Split horizon defines that the routing information cannot be sent back in the direction from
which it was received i.e., the routing protocol determines which interface a network route was
learned on and it won’t advertise the route back to that same interface.

Lab manual
Route poisoning:
This helps to avoid routing loops in a meshed structure even if split horizon works out. E.g.
when Network 5 goes down, Re initiates route poisoning by advertising Network 5 as 16 hops or
unreachable, this poisoning of the route to Network 5 keeps Rc from being susceptible to
incorrect updates about the route to Network 5. When Rc receives a route poisoning from Re; it
sends an update, called “Poison reverse” back to Re. This ensures all routes on the segment have
received the poisoned route information.
4. Define Hold down timer
o This sets the amount of time for which the routing information is suppressed. Routes will
enter into the hold down state, when an update packet is received indicating the route as
unreachable. This continues, either till it receives an update packet with a better metric or
till the hold down timer is expired. By default Hold down timer is for 180 seconds.
5. You type “debug ip rip” on your router console and see that 172.16.10.0 is being
advertised to you with a metric of 16. What does this mean?
o The route is inaccessible.
6. What command is used to stop RIP routing updates from exiting out an interface but still
receive RIP route updates?
o Router(config-router)#passive-interface s0
7. A network that is advertised by both RIP and IGRP appears in the routing table flagged
as an IGRP route. Why is the RIP route to this network not used in the routing table?
o IGRP has a lower administrative distance
8. Which parameters does IGRP use to find out the best path to a remote network?
o Bandwidth and Delay.
9. Which command displays RIP routing updates?
o Router#debug ip rip

Lab manual
TELNET
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10 n/w 20 n/w 30 n/w
• Make sure you are able to ping the destination network before you configure WAN
Protocols
R1(config)#line vty 0 4 R2(config)#line vty 0 4
R1(config-line)#password xxx R2(config-line)#password xxx
R1(config-line)#Login R2(config-line)#Login
R1(config)#enable password xxx R2(config)#enable password xxx
• If vty password is not configured in R2
R1#telnet 20.0.0.2
Password required, but none set
Connection to 20.0.0.2 is closed
• After password is configured on R2, try to telnet R2(20.0.0.2)
R1>telnet 20.0.0.2
User access verification
Password:
• If password is not enabled for the privileged mode
R2>enable
%No password set
• If the password is set
R2>enable
Password:
R2#
• R2>exit
R1# ----------- Will disconnect the session.
• R2>(Press) ctrl + shift + 6 and x
R1# ----------- Will suspend the session.
R1 R2

Lab manual
Commands
1. R1#sh sessions - To display the sessions opened by a particular user.
2. R1#(enter)(enter) - To move to the lastly opened session
3. R1#sh users - To display the users logged on
4. R1#clear line 3 - To disconnect a user
[Confirm]
R1#
5. R1#sh cdp - Works only on directly connected Cisco routers
CDP runs every 60 sec.
6. Hold time – 180 sec.
7. R1#sh cdp neighbors
R1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Router Ser 0 143 R 2500 Ser 0
8. R1#show cdp neighbors detail
-------------------------
Device ID: Router
Entry address(es):
IP address: 20.0.0.2
Platform: cisco 2500, Capabilities: Router
Interface: Serial0, Port ID (outgoing port): Serial0
Holdtime : 122 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(13), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 10-Feb-05 11:49 by ssearch
advertisement version: 2
9. R1(config)#ip host <NAME> 20.0.0.2 – Creates Host Table.

Lab manual
Outputs
Router#sh sessions
Conn Host Address Byte Idle Conn Name
1 20.0.0.1 20.0.0.1 0 0 20.0.0.1
* 2 20.0.0.1 20.0.0.1 0 0
Router#sh users
Line User Host(s) Idle Location
* 0 con 0 20.0.0.1 00:06:03
20.0.0.1 00:05:42
2 vty 0 idle 00:07:45 20.0.0.1

Lab manual
Security Device Manager (SDM) – GUI
Security Device Manager (SDM) is a web-based device-management tool for Cisco
routers that can simplify router deployments by allowing us to manage and troubleshoot complex
network and connectivity issues and also supports a wide range of Cisco IOS Software releases to
set up advanced configurations. It is used to configure a router through a HTTP service. To do
this make sure your router is configured with atleast one ip address on a LAN interface and
connects a host to the router.
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#ip address 1.1.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#do ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
From here, you just open a browser & type http://1.1.1.1, SDM gets loaded and open a window.
Clicking the Configure button at the top of the page, choose the type of interface we want to
configure and then click the Create New Connection button at the bottom of the page (fig.1a). This
opens the LAN or WAN wizard, depending on which interface we chose to configure. By clicking
the Edit Interface/Connection tab, you get to see your interface status. (fig.1b).

Lab manual
Fig.1a
Fig.1b
You can double-click to edit that particular interface. Click on the Additional Tasks Button at the
bottom left portion and then select Router properties icon. Here, you can set the hostname, MOTD
banner, and enable secret password.
You can also create a DHCP pool on your router. Click on the DHCP folder, then the DHCP pool
icon and then click Add button.

Lab manual
Questions
1. Difference between exit and using ctrl+shift+6 x?
• Using exit command will disconnect the current session
• Using ctrl+shift +6 x command we can suspend a session without disconnecting that
session
2. Differentiate between show sessions and show users?
• Show sessions will show the sessions we opened by telnet ting to the corresponding
Destinations.
• Show users will show the sessions opened by other destinations to us.
3. What are two characteristics of Telnet? (Choose two.)
 It sends data in clear text format.
 It is no longer supported on Cisco network devices.
 It is more secure than SSH.
 It requires an enterprise license in order to be implemented.
 It requires that destination device be configured to support Telnet connections.
• A and E
4. What happens if we try to open a 6th
session to a destination?
• If 6th
session is opened an error message is displayed.
R1#telnet <destination IP address>
Trying Telnet < destination IP address >
% connection refused by remote host.
5. What are two reasons a network administrator would use CDP? (Choose two.)
 to verify the type of cable interconnecting two devices
 to determine the status of network services on a remote device
 to obtain VLAN information from directly connected switches
 to verify Layer 2 connectivity between two devices when Layer 3 fails
 to obtain the IP address of a connected device in order to telnet to the device
 to determine the status of the routing protocols between directly connected routers
• D and E

Lab manual
ACCESS CONTROL LISTS (ACL)
In Out
E0 S0 S0 E0
Out In
LAN1 LAN2
30.0.0.0 10.0.0.0
 An access list is a list of conditions that classify the packets (or) the packet definition).
Unauthorized access can be blocked by using access list. These lists can be used to
control the traffic passing through the router. Following are different types of access lists.
• Standard ACL - Access-list No.1-99
Action, ACL number, Source IP, SWCM (Source Wild Card Mask) are the parameters to
be considered while configuring standard ACL which considers only the source address when rules
are defined and to be checked.
Syntax:
R1(config)#Access-list <Al No> <Action> <SIP> <SWCM>
R1(config)#Access-list 5 deny 30.0.0.10 0.0.0.0
R1(config)#Access-list 5 permit 30.0.0.15 0.0.0.0 - Here it considers the source address only
 Once you have defined the access-list, binding should be done at the interface
required (E0 or S0).
 For an interface at any time there are maximum of two binding (in and out).
R1(config)#int e 0 / s0
R1(config-if)#ip Access-group 5 in/out
 For binding we consider two directions: In & Out. This specifies the direction in which the
data packets are moving with respect to the Router.
• Extended ACL - Access-list No. 100-199
Action, ACL number, Source IP, SWCM (Source Wild Card Mask), Destination IP, DWCM,
Protocol, interface and the destination port number are the parameters considered while
configuring Extended ACL.
R1 R2

Lab manual
Syntax:
R1(config)#Access-list<AlNo><Action><protocol><SIP><SWCM><DIP><DWCM>eq
<PORT No./Name>
 Port no - can be replaced by the port names.
 Source IP – From IP address.
 Destination IP – To IP address.
 Eq – equivalent to.
 Action – permit or deny.
R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 80
R1(config)#Access-list 101 permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 23
R1(config)#Access-list 101 deny ICMP any any
Syntax:
R1(config)#Access-list<AlNo><Action><protocol><SIP><SWCM><DIP><DWCM>eq
<PORT No./Name>log
R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq ftp log
 Log - gives information about the port no of source, number of packets send, number of
matches made etc.,
NAMED ACCESS LIST
 Standard
R1(config)#IP Access-list standard <Name>
R1(config)#IP access-list standard moon
R1(config-std-nacl)# <Action> <SIP> <SWCM>
R1(config-std-nacl)#deny 30.0.0.10 0.0.0.0
R1(config-std-nacl)# permit 30.0.0.15 0.0.0.0
 Extended
R1(config)#IP Access-list Extended <Name>
R1(config)#ip access-list extended sun
R1(config-ext-nacl)#<Action><protocol><SIP><SWCM><DIP><DWCM>eq<PORT
No./Name>
R1(config-ext-nacl)#deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq www
R1(config-ext-nacl)#permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq telnet
R1(config-ext-nacl)#deny ICMP any any
Command

Lab manual
1 . Show access-lists
This displays all the access lists created.
Output
Router#sh access-lists
Extended access-list 123
10 deny tcp host 10.0.0.10 host 30.0.0.10 eq telnet
Questions
1 . Different types of Access lists?
o Standard Access Lists - Standard access list considers only the source address.
Deny/Permit actions are applied on the source address. Once the access list is defined,
binding can be done at any one of the interface (Ethernet or serial).
o Extended Access Lists - This considers source address, Destination address, protocol,
destination ports etc .In Extended access list we can specify the applications that are to be
permitted or denied from the source to destination.
o Named Access Lists - As the name suggests, we can define an access list using a
name instead of number wherein we can modify (or delete) the list by individual
conditions which is not possible in the numbered lists.
2 . Difference between numbered access lists and named access lists?
o In numbered access lists, if we try to delete an individual statement from the access list,
the whole list will be deleted. In named access lists, we can edit the list by individual
statement.
3 . what are the benefits provided by access control lists (ACLs)?
o ACL helps to define the packet parameters
o ACLs classify and organize network traffic
o ACLs provide IP route filtering
4 . Which command is required to apply an access list on a virtual terminal line of a
router?
o Router(config-line)# access-class 10 in
5 . Which single access list statement will combine all four of these statements into a
single statements that will have exactly the same effect?

Lab manual
access-list 15 permit 172.29.16.0 0.0.0.255
o access-list 10 permit 172.29.16.0 0.0.3.255
6 . If you want to deny all Telnet connections to the network 192.168.10.0, which
Command will you use?
o access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
7 . What are the possible ways to refer to a host 172.16.30.55 in an IP access list?
o 172.16.30.55 0.0.0.0
o host 172.16.30.55
8 . Which access lists will allow only HTTP traffic into network 196.15.7.0?
o access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
9. Which command connect access list 110 inbound to interface ethernet0?
o Router(config)#interface ethernet 0
o Router(config-if)#ip access-group 110 in
NETWORK ADDRESS TRANSLATION (NAT)

Lab manual
20.0.0.2
Private
10.0.0.10 Public
30.0.0.20
Inside local Inside global
R1(config)#Ip route 0.0.0.0 0.0.0.0 S0 -------------- Default Network
R1(config)#access-list 15 permit 10.0.0.0 0.255.255.255 -------- Defining the range of hosts
R1(config)#int e 0
R1(config-if)#ip NAT inside
R1(config)#int s 0
R1(config-if)#ip NAT outside
1. Dynamic NAT configuring
R1(config)#IP NAT inside source list 15 int S0 overload *
2. Pool NAT
R1(config)#IP NAT pool MOHAN 20.0.0.30 20.0.0.35 netmask 255.0.0.0
R1(config)#IP NAT inside source list 15 pool MOHAN overload **
3. Static NAT
R1(config)#IP NAT inside source static 10.0.0.10 20.0.0.5 ***
* Router translates source addresses reaching inside (say e0) if it matches the list, to the same
public address at serial interface.
** Router translates source addresses reaching inside (say e0) if it matches the list, from the range
of addresses mentioned in the pool.
*** When a packet comes from 10.0.0.10 through inside source, then source is always translated
to only one address (20.0.0.5) and vice versa.
Commands
R1

Lab manual
1. Router#debug ip nat ------------- To debug NAT
2. Router#sh ip nat translations ----------- To display translations( Displays Inside
local, Inside Global, Outside local and Outside Global )
3. R1#clear ip nat translations * ----------- To clear translations
OUTPUTS
Router#debug ip nat
IP NAT debugging is on
Router#
01:10:59: NAT*: s=10.0.0.10->20.0.0.5, d=30.0.0.1 [205]
01:10:59: NAT*: s=30.0.0.1, d=20.0.0.5->10.0.0.10 [205]
01:11:00: NAT*: s=10.0.0.10->20.0.0.5, d=30.0.0.1 [206]
01:11:00: NAT*: s=30.0.0.1, d=20.0.0.5->10.0.0.10 [206]
Router#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
ICMP 20.0.0.5 10.0.0.10 --- ---
Questions

Lab manual
1. What is NAT?
• Network Address Translation involves re-writing the source and destination address
of packets as they pass through a router. NAT is done in order to enable multiple hosts on
a private network to access the Internet using a single public IP address.
2. What does the Inside Global address represent in the configuration of NAT?
• A registered address that represents an inside host to an outside network
3. Why we use access-list in NAT?
• Access-list defines the range of the hosts that can access the global address.
4. A network technician at Mohans would like to implement NAT in the network shown
in the exhibit. Inside hosts are allowed to use a private addressing scheme. Where NAT
should be configured?
R3 R2 R1
Internet
Pc1 Pc2 Pc3 Pc4
• Router R3
5 . Type of NAT that utilizes different ports to map multiple IP addresses to a single globally
registered IP address?
• Overloading
6. What is the function of the Cisco IOS command ip nat inside source static 10.1.1.5
172.35.16.5?
 It creates a global address pool for all outside NAT transactions.
 It establishes a dynamic address pool for an inside static address.
 It creates dynamic source translations for all inside local PAT transactions.
 It creates a one-to-one mapping between an inside local address and an inside
 global address.
• D
7. What flavor of Network Address Translation can be used to have one IP address

Lab manual
allow many users to connect to the global Internet?
 NAT
 Static
 Dynamic
 PAT
 Overloading
• E
8. Which of the following are disadvantages of using NAT? (Choose three.)
 Translation introduces switching path delays.
 Conserves legally registered addresses.
 Causes loss of end-to-end IP traceability.
 Increases flexibility when connecting to the Internet.
 Certain applications will not function with NAT enabled.
 Reduces address overlap occurrence.
• A,C and E
OSPF & EIGRP

Lab manual
10.0.0.0 10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1 30.0.0.0
OSPF
Router(config)#router OSPF <process-id> ------- [Process-id  1 to 65535]
Router(config-router)#network <NID> <WCM>area <area no>
R1(config)#router OSPF 15
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R2(config)#router OSPF 12
 Between two OSPF routers the process-ids need not be the same
EIGRP
R1(config)#router EIGRP <autonomous-no> ---------- [autonomous-no  1 to 65535]
R1(config-router)#network <NID>
R1(config)#router EIGRP 123
R1(config-router)#network 10.0.0.0
R2(config)#router EIGRP 123
 The autonomous system numbers should be the same while communicating between
EIGRPs
 In OSPF, area should be same.
Loop back interface
R2R1

Lab manual
It’s a logical interface i.e., not a real router interface. When the Router ID of a router-
interface with the highest address, goes up and down, re-election for the new DR will not get
completed. Loop back interface resolves this problem, as it never goes down & router id never
changes.
Types of network using OSPF
Broadcast (multi-access) networks provide a broadcast ability in which every single
broadcast is delivered to all nodes on the network. This can be avoided in OSPF by electing a DR
and BDR for each broadcast multi-access networks.
LSA   LSA
LSA
Non-broadcast multi-access network allows for multi-access, but have no broadcast
ability. So, NBMA networks require special OSPF configuration to function properly and neighbor
relationships must be defined.
Here,
Information of Ra is not sent to Rc
Information of Rc is not sent to Ra
But Rb knows about Ra and Rc
Point-to-point refers to a type of network topology consisting of a direct connection
between two routers that provides a single communication path. This type of configuration
eliminates the need for DRs or BDRs, but neighbors are discovered automatically.
Commands
Rb
Ra Rc
Ra Rb

Lab manual
OSPF
• Router#sh ip ospf interface e 0
• Router#sh ip ospf int f 0
• Router#sh ip ospf int s 0
• Router#sh ip ospf neighbor  shows neighbor router-id.
• Router#sh ip protocols
EIGRP
• Router#sh ip eigrp neighbors
• Router#sh ip eigrp topology
• Router#sh ip eigrp traffic
OUTPUTS

Lab manual
Router#debug ip ospf events
OSPF events debugging is on
Router#
OSPF: Rcv hello from 100.0.0.1 area 0 from Serial0 20.0.0.2
OSPF: End of hello processing
Router#sh ip ospf int e0
Internet Address 30.0.0.1/8, Area 0
Process ID 5, Router ID 30.0.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 30.0.0.1, Interface address 30.0.0.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Router#sh ip ospf int s0
Internet Address 20.0.0.1/8, Area 0
Process ID 5, Router ID 30.0.0.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 100.0.0.1
Suppress hello for 0 neighbor(s)
Router#sh ip eigrp topology
IP-EIGRP Topology Table for process 5
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
P 20.0.0.0/8, 1 successors, FD is 2169856
via Connected, Serial0
via Connected, Ethernet0
via 20.0.0.2 (2195456/281600), Serial0
Questions

Lab manual
1. Differentiate between Distance vector and Link state Protocol?
Sl.
No
Distance vector Link state
1 Considers only distance. Bandwidth, delay, load, Reliability and MTU.
2 Sends the routing table. Sends the state of the link.
3 Learns about the adjacent routers. Learns the entire topology.
2. Differentiate between OSPF and EIGRP?
Sl.
No OSPF EIGRP
1 Link state. Hybrid(DV + LS).
2 Open protocol (multi-vendor). Cisco Proprietary Protocol.
3
Supports only IP protocol.
Supports multiple protocols like
IP, IPX, Apple Talk etc.,
4 Cost = 108
/ Bandwidth. Cost is calculated based on the
Bandwidth, Delay etc.,
5 Link State Advertisement (LSA) is
made. (State of Link is broadcasted).
Routing Table is sent.
6 For every 10 sec a Hello packet is sent. For every 5 sec a Hello packet is sent.
7 For every 30 min LSA is broadcasted. Broadcast is sent only when there is a
change in the Routing table.
8 When the Link goes down OSPF needs
to run the SPF algorithm again.
When the link goes down EIGRP
proceeds with the Next Best Path
(Feasible Successor).
9 Area is used for administrative
convenience of a large network
Autonomous System is used for
administrative convenience of a large
network
10 Uses Dijsktra algorithm to find the best
path (Shortest path).
Uses DUAL (Diffusing Update
Algorithm) is used to find the best path.
Backbone Router Switch
3. How OSPF works out? ABR

Lab manual
ASBR Internal Router AS 100
AS 200
 ABR – Area Border Router.
 ASBR – Autonomous System Border Router.
 AS – Autonomous System.
• OSPF is designed to have a hierarchical structure as large networks are a bit difficult to
manage. This allows to decrease routing overhead and to confine n/w instability to single
area of n/w.
• OSPF must have an area 0 (backbone area) and all routers should connect to this area. But
routers (i.e., ABRs) that connect other areas to backbone area should have at least one
interface connecting to area 0.
4. Show commands that will display the state of the OSPF DR/BDR election process?
• Router# show ip ospf interface
ABR
Area 2
Area 1
Area 1
ABR
Area 0
Area 3 Area 2
Area 1

Lab manual
5. Which command will display all the EIGRP feasible successor routes known to a router?
• Router# show ip eigrp topology
6. When designing OSPF networks; what is the purpose of using a hierarchical design?
• To speed up convergence
• To confine network instability to single areas of the network
• To reduce routing overhead
7. If routers in a single area are configured with the same priority value, what value does a
router use for the OSPF Router ID?
• The highest IP address of any physical interface
8. Which one of the following EIGRP commands can check the IP addresses of the
adjacent neighbors?
• R1#show ip eigrp neighbors
9 . Which commands will place network 10.2.3.0/24 into area 0?
• Router(config)# router ospf 10
Router (config_router) # network 10.2.3.0 0.0.0.255 area 0
10. With which network type will OSPF establish router adjacencies but not perform the
DR/BDR election process?
• Point-to-point
11. Which is true regarding EIGRP successor routes?
• A successor route may be backed up by a feasible successor route.
• A successor route is used by EIGRP to forward traffic to a destination.
o A
12. A network administrator typed the following into his router:

Lab manual
Router(config)# router ospf 1
Router(config-router)#network 10.0.0.0 255.0.0.0 area 0
But still he can’t see any routes in the routing table. What configuration error did the
administrator make?
• The wildcard mask is incorrect. The wildcard should have been 0.255.255.255.
13 . Which EIGRP information is held in RAM and maintained through the use of
Hello and update packets?
• Neighbor table
• Topology table
o A
ROUTING INFORMATION PROTOCOL VERSION 2

Lab manual
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10.0.0.0 30.0.0.0
E0 S0 S0 E0
R1(config)#router RIP R2(config)#router RIP
R1(config-router)#version 2 R2(config-router)#version 2
Here the command ‘version 2’ is added to the RIP protocol to change it to RIPv2.
Authenticating Packets using RIPv2
R1(config)#Key chain ABC // Key chain <name>
R1(config-keychain)#key 2 // Key Identifier
R1(config-keychain-key)#key-string 123 // Key-string Line
R2(config)#Key chain XYZ
R2(config-keychain)#key 2
R2(config-keychain-key)#key-string 123
The Key identifier and the Key-string should be same on the both end routers.
R1(config)#int s0
R1(config-if)#ip rip authentication key-chain ABC
R1(config-if)#ip rip authentication mode text / md5
R2(config)#int s0
R2(config-if)#ip rip authentication key-chain XYZ
R2(config-if)#ip rip authentication mode text / md5
Text and md5 are the two authentication methods used in RIPv2. By default RIPv2
can send & receive only version 2 updates. RIPv2 also allows sending and receiving
version 1 updates on any of the interface.
R1(config)#int s0
R1(config-if)#ip rip send / receive version 1 2
R2(config)#int s0
R2(config-if)#ip rip send / receive version 1 2
RIP version 2 has all its characteristics same as RIPv1 except some changes.
R1 R2

Lab manual
Difference between Routing Protocols:
RIPv1 IGRP OSPF EIGRP RIPv2
Protocol Distance
vector
Distance vector Link state Hybrid
( DV + LS )
Distance
vector
Multi
vendor
support
Yes No Yes No yes
Metric Hop count Bandwidth &
Delay
Cost Bandwidth &
Delay
Hop count
Sends Routing table
updates
Routing table
updates
Link state
advertiseme
nt
Routing table
updates
Routing
table
updates
Routing
table
Update
intervals
30 sec 90 sec 30 min Whenever a
change occurs
30 sec
Supports
VLSM
No No Yes Yes Yes
Supports Classful Classful Classless Classless Classless
Uses 255.255.255.2
55
255.255.255.255 224.0.0.5
224.0.0.6
224.0.0.10 224.0.0.9
Outputs
• After RIPv2 is configured on both the routers

Lab manual
Router#debug ip rip
Router#
RIP: sending v2 update to 224.0.0.9 via Ethernet0/0 (10.0.0.1)
RIP: build update entries
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
30.0.0.0/8 via 0.0.0.0, metric 2, tag 0
RIP: sending v2 update to 224.0.0.9 via Serial0/1 (20.0.0.1)
10.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: received v2 update from 20.0.0.2 on Serial0/1
30.0.0.0/8 via 0.0.0.0 in 1 hops
• RIPv2 on one router & the other end is configured with RIPv1
Router#debug ip rip
Router#
RIP: sending v2 update to 224.0.0.9 via Serial0 (20.0.0.2)
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: sending v2 update to 224.0.0.9 via Ethernet0 (30.0.0.1)
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: ignored v1 packet from 20.0.0.1 (illegal version)
• Using debug command on the other end.
Router#debug ip rip
Router#
RIP: sending v1 update to 255.255.255.255 via Ethernet0/0(30.0.0.1)
network 10.0.0.0 metric 2
RIP: sending v1 update to 255.255.255.255 via Serial0/1 (20.0.0.2)
RIP: received v2 update from 20.0.0.1 on Serial0/1
10.0.0.0/8 via 0.0.0.0 in 1 hops
• Router#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 21 seconds

Lab manual
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Ethernet0/0 2 2
Serial0/1 2 2
Routing for Networks:
20.0.0.0
30.0.0.0
Routing Information Sources:
Gateway Distance Last Update
20.0.0.1 120 00:00:03
Distance: (default is 120)
[ By default RIPv2 can send & receive only version 2 updates ]
• Authentication modes is text on both routers
Router#debug ip rip
Router#
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: received packet with text authentication abc
RIP: received v2 update from 20.0.0.1 on Serial0
10.0.0.0/8 via 0.0.0.0 in 1 hops
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
• md5 is the authentication mode on both routers
Router#debug ip rip
Router#
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: received packet with MD5 authentication
RIP: received v2 update from 20.0.0.1 on Serial0
10.0.0.0/8 via 0.0.0.0 in 1 hops

Lab manual
• Different Authentication modes on both ends i.e., md5 authentication on one end &
text on the other end.
Router#debug ip rip
Router#
RIP: ignored v2 packet from 20.0.0.1 (invalid authentication)
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
Questions
1. Which three statements are correct about RIPv2?

Lab manual
♦ It has the same maximum hop count as version 1
♦ It uses broadcasts for its routing updates
♦ It is a classless routing Protocol
♦ It has a lower administrative distance than RIPv1
♦ It supports authentication
o It has the same maximum hop count as version 1
o It is a classless routing Protocol
o It supports authentication
2. Which statement is true regarding classless routing protocols? (Choose two.)
♦ The use of discontinuous networks is not allowed.
♦ The use of variable length subnet masks is permitted.
♦ RIPv1 is a classless routing protocol.
♦ IGRP supports classless routing within the same autonomous system.
♦ RIPv2 supports classless routing.
o The use of variable length subnet masks is permitted
o RIPv2 supports classless routing.
3. RIPv2 uses ---- to send the routing table updates
• Broadcast
• Multicast
• Unicast
o Multicast
4. The network shown in the exhibit is running the RIPv2 routing protocol. The
fastEthernet0/0 interface on R1 goes down. In which two ways will the routers in this
network respond to this change? (Choose two.)
A. All routers will reference their topology database to determine if any backup routes
to the 192.168.1.0 network are known.
B. Routers R2 and R3 mark the route as inaccessible and will not accept any further

Lab manual
routing updates from R1 until their hold down timers expire.
C. Because of the split-horizon rule, router R2 will be prevented from sending
erroneous information to R1 about connectivity to the 192.168.1.0 network.
D. When router R2 learns from R1 that the link to the 192.168.1.0 network has been
lost, R2 will respond by sending a route back to R1 with an infinite metric to the
192.168.1.0 network.
E. R1 will send LSAs to R2 and R3 informing them of this change, and then all
routers will send periodic updates at an increased rate
o C and D
5. What does the below output depicts?
Router#debug ip rip
Router#
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
10.0.0.0/8 via 0.0.0.0, metric 2, tag 0
20.0.0.0/8 via 0.0.0.0, metric 1, tag 0
RIP: ignored v1 packet from 20.0.0.1 (illegal version)
o The above output depicts that the other end router is using RIPv1 and the routing
protocol used on this router is RIPv2. As RIPv2 cannot receive version 1 by default, it is
ignoring version1 packets sent by the router that is configured with RIPv1
Frame Relay

Lab manual
X X
HO hor bor HO
Frame-relay switch
Y Y
 Frame-relay is an example of a Packet Switched Network. This network enables
end-stations to dynamically share the existing connection
Frame relay connections are often given a Committed Information Rate (CIR) and an allowance
of burstable bandwidth known as the Extended Information Rate (EIR). The provider guarantees
that the connection will always support the CIR rate, and sometimes the EIR rate. Frames that are
sent in excess of the CIR are marked as "discard eligible" (DE) which means they can be dropped
when congestion occurs within the frame relay network. Frames sent in excess of the EIR are
dropped immediately.
Congestions in the network are reported by
1. FECN=Forward Explicit Congestion Notification bit
2. BECN=Backward Explicit Congestion Notification bit
3. DE=Discard Eligibility bit provides the network with a signal to determine which
frames to be discarded, when there is a congestion on the line. The Frame-relay
switch will discard frames with a DE value of 1 before discarding other frames.
R(config)#int s 0
R(config)#encapsulation frame-relay
// Defining the wan protocol
Once Encapsulation Frame-relay is given, serial interface requests the Frame-relay switch for
the LMI type it uses and accordingly it changes. Then a DLCI is allocated to the link by the
Frame Relay Switch. Then inverse arp maps destination ip address to the link’s DLCI No.
.
Frame Relay mapping

Lab manual
R3
S0 s1
100 200
20.0.0.1 20.0.0.2
R1 R2
R(config)#int S 0
R(config-if)#frame-relay map ip 20.0.0.2 100 broadcast
Frame-relay mapping can be used in partially meshed topology or Hub & Spoke. If R1
wants to communicate with R2, which is not directly connected, we map R1 to R2 through the
source DLCI number i.e, 100.
Point-to-point (Sub-interface)
R3
Frame Switch
100 200
R1 R2
We can have multiple virtual circuits on a single serial interface, treating each and every
single virtual circuit as a separate interface. This is achieved by creating sub interfaces in a Frame
Relay network to avoid split horizon issues from preventing routing updates. We can configure
separate sub interfaces for each PVC with a unique DLCI and subnet assigned to the sub interface.
. R3(config)#int S 0
R3(config-if)#no ip address
R3(config-if)#exit
R3(config)#int S 0.5 point-to-point
// logically dividing the physical interface
R3(config-subif)#ip address 20.0.0.1 255.0.0.0
// Assigning the IP address to the sub-interface
R3(config-subif)#frame-relay interface-DLCI 100
Lab Setup :

Lab manual
S1 S0
DCE DCE
20 .0.0.1 20.0.0.2
DTE S0 S0 DTE
E0 E0
HOR BOR
Step : 1
Configure Frame-Relay Switch
FRSW (config)#Frame-relay switching
Frsw(config)#int S 0
Frsw(config-if)#encapsulation frame-relay *
Frsw(config-if)#frame-relay intf-type dce **
Frsw(config-if)#frame-relay route 100 int S 1 200 ***
Frsw(config-if)#clock rate 64000
Frsw(config-if)#no shutdown
Frsw(config)#int S 1
Frsw(config-if)#encapsulation frame-relay
Frsw(config-if)#frame-relay intf-type dce
Frsw(config-if)#frame-relay route 200 int S 0 100
Frsw(config-if)#clock rate 64000
Frsw(config-if)#no shutdown
* FRSW (config-if)#encapsulation frame-relay ietf ( for non Cisco routers)
** By default Router’s serial interface is DTE.
*** Routing the packets from S0 (DLCI=100) to S1 (DLCI no=200)
Step : 2
Configuring Head Office & Branch Office Routers
Configure HOR & BOR using routing protocols. Then
HOR(config)#int s0 BOR(config)#int s0
HOR(config-if)#encapsulation frame-relay BOR(config-if)#encapsulation frame-relay
Step : 3
Frame switch

Lab manual
HOR#sh frame-relay map
Serial0 (up): ip 20.0.0.2 dlci 100(0xC8,0x3080), dynamic,
broadcast,, status defined, active
BOR#sh frame-relay map
Step : 4
Statically mapping - IP address to DLCI number (frame-mapping)
HOR(config)#int s0 BOR(config)#int s0
HOR(config-if)#no frame-relay inverse-arp BOR(config-if)#no frame-relay inverse-arp
HOR(config-if)# ^z BOR(config-if)# ^z
HOR#clear frame-relay-inarp BOR#clear frame-relay-inarp
 This will remove the dynamic address resolution done by Frame Relay Switch
HOR(config)#int s0
HOR(config-if)#frame-relay map ip 20.0.0.2 100 broadcast *
BOR(config)#int s0
BOR(config-if)#frame-relay map ip 20.0.0.1 200 broadcast
* Here we are mapping Branch office IP address to the Head office DLCI number manually. If
dynamic routing protocols are used, we use the keyword ‘broadcast’.
Step : 5
HOR#sh frame-relay map
Serial0 (up): ip 20.0.0.2 dlci 100(0xC8,0x3080), Static,
BOR#sh frame-relay map
Serial0 (up): ip 20.0.0.1 dlci 200(0xC8,0x3080), Static,
Step : 6
Creating Sub-interface

Lab manual
HOR(config)#int s0
HOR(config-if)#no ip address
HOR(config-if)#exit
HOR(config)#int s0.100 point-to-point
HOR(config-subif)#ip address 20.0.0.1 255.0.0.0
HOR(config-subif)#frame-relay interface-dlci 100
BOR(config)#int s0
BOR(config-if)#no ip address
BOR(config-if)#exit
BOR(config)#int s0.200 point-to-point
BOR(config-subif)#ip address 20.0.0.2 255.0.0.0
BOR(config-subif)#frame-relay interface-dlci 200
Commands
• Router#sh frame-relay LMI
To show frame-relay LMI type (CISCO, ANSI, Q933a)
• Router#sh frame-relay PVC
To show frame-relay PVC
(Shows the FECN, BECN, DE, etc bits in the frame )
• Router#sh frame-relay map
To show frame-relay mapping (Shows the DLCI number assigned)
Outputs
Router#sh frame-relay map
Router#sh frame-relay lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Information ID 0 Invalid Report IE Len 0
Num Status Enq. Sent 13 Num Status msgs Rcvd 9
Router#sh frame-relay pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)

Lab manual
Active Inactive Deleted Static
Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 200, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0
input pkts 13 output pkts 12 in bytes 1104
out bytes 1090 dropped pkts 1 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 7 out bcast bytes 570
pvc create time 00:02:21, last time pvc status changed 00:02:01
Questions
1 . What is frame-relay?

Lab manual
o Frame-relay is an example of a Packet Switched Network. This network enables end-
stations to dynamically use the available bandwidth and share the connection. Frame relay
connections are often given a Committed Information Rate (CIR) and an allowance of
burst able bandwidth known as the Extended Information Rate (EIR). Frames that are sent
in excess of the CIR are marked as discard eligible(DE) which means they can be dropped
when congestion occur in the network
2 . What is Link Management Interface (LMI)?
o LMI manages the link between frame switch and the router WAN port. Once the line is
encapsulated to frame-relay, it requests frame switch which LMI it is using and accordingly
WAN port also changes.
3 . Difference between Inverse ARP, ARP & RARP
o Inverse ARP helps to map destination IP address to local DLCI number at the frame Switch
o ARP helps to get the MAC address from the corresponding IP address.
o RARP helps to get the IP address from the corresponding MAC address
4 . What is DLCI (Data Link Connection Identifier)?
o The DLCI serves to identify the virtual connection so that the receiving end knows which
information connection a frame belongs to.(Range=16 to 1007). This helps in Layer 2
identification.
5 . You are troubleshooting a frame relay connection and wish to view the LMI traffic status.
Which command should you issue?
o Show frame-relay lmi
6 . When setting up Frame Relay for point-to-point subinterface, what should not
be configured?
o An IP address on the physical interface.
7 . You need to configure a router for a Frame Relay connection to a non-Cisco
router. Which command will prepare the WAN interface of the router for this
connection?

Lab manual
o Router(config-if)#encapsulation frame-relay ietf
8 . How should a router that is being used in a Frame Relay network be configured to
avoid split horizon issues from preventing routing updates?
o Configure a separate subinterface for each PVC with a unique DLCI and subnet
assigned to the subinterface.
9 . What does the term ‘dynamic’ in the below output refers to :
Router#sh frame-relay map
o The mapping between DLCI 100 and the end station IP address 20.0.0.2 was learned
through Inverse ARP
10. In Frame Relay; what is the purpose of Inverse ARP?
o It is used to map a known DLCI to an IP address
11. By looking at the graphic below, what functions does the Frame Relay DLCI provide
with respect to Router A?
DLCI 100 DLCI 200
Router A RouterB
o Router A would use DLCI 100 to get to the RouterB networks. RouterB would use DLCI
200 to get to the Router A networks.
12 . What does the STATUS=ACTIVE refers to in the output of the show frame-relay
pvc command?

Lab manual
Router#sh frame-relay pvc
pvc statistics for interface serial0 (frame relay dte)
dlci = 200, dlci usage = local, pvc status = active
o Active state - Indicates that the connection is active and that routers can exchange data.
This is the state of an operational Permanent virtual Connection
13 . A default Frame Relay WAN is classified as what type of physical network?
o Non-broadcast multi-access
SWITCHING

Lab manual
Trunk Port
Trunk Link
Switches
Hosts Access Link
Would you like to start initial configuration [yes/no]: no
Press return to get started
Switch>enable
Switch#configure terminal
Switch (config) #int vlan 1
* By default all ports are in the VLAN1
Switch (config-if) #ip address 10.0.0.5 255.0.0.0
Switch (config-if) #no shutdown
Switch (config-if) #exit
Switch (config) #ip default gateway 10.0.0.1
Configuring different VLANs
Switch (config) #vlan 2 // Creating the vlan
Switch (config-vlan) #name finance
Switch (config-vlan) #exit
Switch (config) #vlan 3
Switch (config-vlan) #name production
Switch (config-vlan) #exit
• [VLAN-no ranges from 2 to 1001]
• [VLAN name (xxx) is optional]
Allocating the ports to the VLANs
Switch(config)#int f 0/1
Switch(config-if)#switchport access vlan 3 // allocating ports to vlan
Switch(config-if)#exit
Switch(config)#int f 0/2
Switch(config-if)#switchport access vlan 2
Configuring the trunk Port
** Switch(config)#int f 0/24

Lab manual
Switch(config-if)#switchport mode trunk // creating the trunk port
 By default, trunk port of the switch is in VLAN1. So this port should be configured as trunk
port to carry all Vlan information.
Domain Name
Switch(config)#VTP domain <domain name>
Switch(config-if)#VTP domain MOHAN
 All the switches should be in the same domain
Switch’s operating mode
Switch(config)#VTP server/client/transparent
Commands

Lab manual
1. Switch#sh MAC-address-table
Displays the MAC address of the device and the corresponding port nos. to which
the devices are connected.
2. Switch#sh vlan
Displays the vlan information including port nos. that are in use, existing vlans &
which port belongs to which vlan.
3. Switch#sh VTP status
Displays configuration register, operating mode, domain name, etc..,
4. Switch#sh spanning-tree
Displays priority, Root ID, Bridge ID, Mac address, Root Bridge
OUTPUTS
Switch#sh vlan

Lab manual
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
SwX#sh vtp status
Switch#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0014.a845.7280
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0014.a845.7280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/4 Desg FWD 100 128.4 Shr
Fa0/17 Desg FWD 100 128.17 Shr
Intervlan Routing

Lab manual
 By default, only hosts that are within the same VLAN can communicate. To allow inter-VLAN
communication, we need a router or a layer 3 switch.
• Intervlan switching using two fast Ethernet interfaces of the Router
Router
f 0/0 f 0/1
f 0/4 f 0/9
PC 1 PC 2
f 0/3 f 0/8
IP address: 10.1.0.10 IP address: 10.2.0.10
SNM : 255.255.0.0 SNM : 255.255.0.0
DG : 10.1.0.1 DG : 10.2.0.1
Vlan 2 Vlan 3
Configuring Switch
Switch(config)#vlan 2 Switch(config)#vlan 3
Switch(config-vlan)#name Fin Switch(config-vlan)#name mktg
Allocating Ports
Switch(config)#int f0/3 Switch(config)#int f0/8
Switch(config-if)#switchport access vl 2 Switch(config-if)#switchport access vl 3
Configuring Router
Router (config-if)#ip add 10.1.0.1 255.255.0.0
Router (config-if)#no shutdown
Router (config-if)#ip add 10.2.0.1 255.255.0.0
• Intervlan communication using single fast Ethernet interface of the Router is achieved by
creating sub interfaces.
Switch

Lab manual
Router
f 0/0
f 0/5
PC 1 f 0/3 f 0/8 PC 2
IP address: 10.1.0.10 IP address: 10.2.0.10
SNM : 255.255.0.0 SNM : 255.255.0.0
DG : 10.1.0.1 DG : 10.2.0.1
Vlan 2 Vlan 3
Configuring Switch
Switch(config)#vlan 2 Switch(config)#vlan 3
Switch(config-vlan)#name Fin Switch(config-vlan)#name mktg
Allocating Ports
Switch(config)#int f0/5
Switch(config-if)#switchport mode trunk
Configuring Router
Router (config-if)#no ip address
Router (config-if)#exit
Router(config)#int f0/0 .1
Router(config-subif)#encapsulation dot1q <vlan no.>
Router(config-subif)#encapsulation dot1q 2
Router(config-subif)#ip add 10.1.0.1 255.255.0.0
Router(config)#int f0/0 .2
Router(config-subif)#encapsulation dot1q <vlan no.>
Router(config-subif)#encapsulation dot1q 3
Router(config-subif)#ip add 10.2.0.1 255.255.0.0
Questions

Lab manual
1. Difference between Switch and Hub?
Switch Hub
 Switch is a layer-2 component Hub is a layer-1 component
 Switch learn MAC address Hub doesn’t learn MAC address
 Has one Broadcast Domain Has one Broadcast domain
 Has multiple collision domain Has only one collision domain
2 . Different forwarding trends in switch?
o Store & forward-- stores the frame, checks for the errors and forwards only the error
free frames.
o Cut-through – No error checking; just receives and forwards the frames.
o Fragment free – is also called as Modified Cut-through. The minimum ip packet size
is of 64 bytes. The 1st
64 bytes of frame is checked for errors, where this 64 bytes
include the frame header, Destination MAC add (DMAC), Source MAC add (SMAC)
and some data. So, if these 64 bytes seem to be a good frame set then it is forwarded or
else it dumps the packets.
3 . Facts of Vlans
o Vlan is created to avoid unnecessary broadcasts
o Vlans are created without changing the physical set up
o By default each switch is in vlan 1
o Only systems in same vlan will communicate
o For inter-vlan communication we need Router/Layer 3 Switch
o VLAN setup is controlled by VTP(VLAN Trunk Protocol)
4 . Difference between Access link and Trunk link?
o Systems are connected to the switch through the access link and the switches are
connected each other through the trunk links.
5 . Different Operating modes in switch?

Lab manual
o Server — By default, all switches are in Server mode.Vlans can configured in created in
this mode.
o Clients — No changes can be made in client mode.
o Transparent — will not take any condition; it just forwards the conditions to the other
switches.
6. Why spanning-tree Protocol is used?
o Spanning-tree Protocol is been run to avoid the routing loops in a switched network. It
elects the Root Bridge and the Non-Root Bridge with the help of bpdu. The one with the
lesser bpdu will be elected as the Root Bridge. Root Bridge will be having every port in
forwarding mode of a frame on interface.
7 . What does a switch do when it receives a frame on interface and destination address is
unknown?
o It floods the network with the frame looking for the device
8 . How to manually elect a switch as root bridge?
o We could manually elect a switch as root bridge by changing the priority as
Switch(config)#spanning-tree vlan1 priority<value>
8 . Different Spanning-tree port states?
o Blocking: It won’t forward frames, prevent looping and by defaults all ports are blocked.
o Listening: Listens no loop has formed on N/W before passing frame.
o Learning: Listens and learns all paths in the N/W and updates MAC table.
o Forwarding: Sends and receives frames.
o Disabled: Does not participate in forwarding frame.
9 . What are the different functions of Switch?
o Address Learning: Learns the source hardware/Mac address of each frame received and
stores it in MAC address table.
o Forwarding/Filtering Decision: When received a frame on an interface, switch looks the
destination hardware address and finds the exit interface in the MAC table.
o Loop Avoidance: When more connection are made on switch for redundancy, BC loops
occur. Spanning-tree Protocol is used to stop BC loops.
10 . What is the result of segmenting a network with a switch?

Lab manual
o It increases the number of collision domains and will be smaller collision domains
11 . What will occur if two Cisco LAN switches are connected with a single crossover cable?
o The switch port link lights will be green, indicating normal operation.
12 . What are the three distinct functions of layer 2 switching that increase available
bandwidth on the network?
• Address learning
• Forwarding and filtering
• Loop avoidance
o A
13 . What technology is used by Catalyst switches to resolve topology loops and ensure that
data flows properly through a single network path?
o Spanning Tree Protocol (STP )
14 . Your core switch needs to be set as the root bridge of your network. What will make our
core switch the root bridge?
o Setting the bridge priority to less than 32,768
15 . What purpose in a switched LAN does STP perform?
o Prevent switching loops in a network with redundant switched paths.
16 . Which LAN switch type waits for the collision window to pass before looking up the
destination hardware address in the MAC filter table and forwarding the frame?
o Fragment Free looks at the first 64 bytes of a frame to make sure a collision does not
occur. It is sometimes referred to as modified cut-through.
17 . When a new trunk link is configured on an IOS-based switch, which VLANs are allowed
over the link?
o By default, all Vlans are allowed on the trunk.
18 . What VTP mode allows you to change VLAN information on the switch?
o Server
19 . These two switches are not sharing VLAN information. From the output below,

Lab manual
what is the reason. why these switches are not sharing VTP messages?
SwitchA#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : RouterSim
VTP Pruning Mode : Disabled
SwitchB#sh vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 64
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : GlobalNet
VTP Pruning Mode : Disabled
o The VTP domain names are not configured correctly.
20 . What is the benefit of creating Vlans?
o They allow logical grouping of users by function.
o They can enhance network security.
o They increase the number of broadcast domains while decreasing the size of the
Broadcast domains.
• A
21 . How many broadcast domain exist in the exhibited topology?
o Three
VIRTUAL PRIVATE NETWORK (VPN)

Lab manual
A virtual private network (VPN) allows the creation of private networks across the
Internet. VPNs are used daily to give remote users and disjointed networks connectivity over a
public medium like the Internet instead of using more expensive permanent means.
Virtual private network is a method of encrypting point-to-point logical connections across a
public network, such as the Internet. This allows secure communications across a public network.
Questions

Lab manual
1. What are the two security appliances that can be installed in a network? (choose 2)
A. ATM (Asynchronous Transfer Mode)
B. IDS (Intrusion Detection System)
C. IOS (Internetwork Operating System)
D. IOX
E. IPS (Intrusion Prevention System)
F. SDM (Security Device Manager)
o B and E
2. What are the 3 typical categories of VPNs?
Remote access VPNs
Site-to-site VPNs
Extranet VPNs
 Remote access VPNs allow remote users like telecommuters to securely access the corporate
network wherever and whenever they need to.
 Site-to-site VPNs or intranet VPNs, allow a company to connect its remote sites to the
corporate backbone securely over a public medium like the Internet instead of requiring more
expensive WAN connections like Frame Relay.
 Extranet VPNs allow an organization’s suppliers, partners, and customers to be connected
to the corporate network in a limited way for business-to-business (B2B) communications.
3. To provide security in your VPN tunnel, what protocol suite would you use?
o IPSec
IPSec is an industry-wide standard suite of protocols and algorithms that allows for secure
data transmission over an IP-based network that functions at the layer 3 Network layer of the OSI
model.
4. Which of the following describes the creation of private networks across the Internet,
enabling privacy and tunneling of non-TCP/IP protocols?
A. HDLC
B. Cable
C. VPN
D. IPSec
E. xDSL
o C
Internet Protocol Version 6 (IPv6)

Lab manual
Ipv4 is a 32 bit addressing scheme, whereas IPv6 is a 128 bit hexa decimal addressing
scheme, represented in 8 combinations of 4 hexa decimal numbers each separated by a colon.
Hence IPV6 is called a 16-bit Hexadecimal Colon-delimited Block.
Representation:
An IPV6 address is represented as shown below:
2003:1234:ABCD:0001:5678:DCBA:4321:EFGH
Global Interface ID
Unicast
Subnet
Global Prefix
1. Global Unicast recognizes the particular Region or Zone. It is a publicly routable address.
2. Global Prefix is provided by ISP, it’s of 48 bits.
3. Subnet tells you to which particular organization it belongs.
4. Interface id is of 64 bits, where the 48 bit MAC address is padded with FFFE which is of 16
bits and is placed exactly in the middle of the MAC address to make it a 64 bit interface id.
 Ex: 2000:12ab:34cd:00ef:1234:4295:0000:00cd
 In the above expression ‘00ef ‘ can be represented as ‘ef ‘ and the continuous zeros can be
replaced by double colons( :: ).It can be re-written as
2000:12ab:34cd:ef:1234:4295::cd
 Ex : 2000:0000:0000:00ef:1234:kf34:eef0:cd4e
=>
2000::ef: 1234:kf34:eef0:cd4e
 Ex : 2001:0000:0000:0012:0000:0000:1234:56ab
And you can’t do this:

Lab manual
2001::12::1234:56ab
Instead, the best way you can do is
2001::12:0:0:1234:56ab
Difference between IPv4 & IPv6:
0:0:0:0:0:0:0:0
This is the equivalent of IPv4’s 0.0.0.0
0:0:0:0:0:0:0:1
The equivalent of 127.0.0.1 in IPv4
2000::/3
The global Unicast address range.
FC00::/7
The unique local Unicast range.
FE80::/10
The link-local Unicast range.
FF00::/8
The multicast range.
3FFF:FFFF::/32
Reserved for examples and documentation.
2001:0DB8::/32
Also reserved for examples and documentation.
Extended Uniform Identification (eui-64):
You can specify the entire 128-bit global IPv6 address or you can use the eui-64 option.
The eui-64 format allows the device to use its MAC address and pad it to make the interface ID.
Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64
The Globe is divided into 5 Zones and each zone will be assigned a number range to identify them.
Here the ‘/64’ represents the identification of the Zone and the IP of the company in that zone.Eui-
64 will pad an extra FFFE to the MAC address exactly to its center.
E.g. MAC address 0060.d673.1987 after padding would look like – 0260.d6ff.fe73.1987

Lab manual
In the above e.g.
0 0 6 0 D 6 7 3 1 9 8 7
0000 0000
7th
bit is 0 then the address is locally unique.
0 2 6 0 D 6 F F F E 7 3 1 9 8 7
0000 0010
After padding the 7th
bit changes to 1, now the address is Link local address. It is globally unique
address.
This padding process is called as EUI-64 i.e. Extended Uniform Identifier. EUI-64 is an IEEE
standard that is given to the MAC address of any particular system where every system’s MAC
address will be automatically assigned. MAC address is the part of IPV6 address which makes it a
unique address.
LAB

Lab manual
DTE DCE
E0 S0 S0 E0
R1 R2
R1(config)#ipv6 unicast-routing // By default ipv6 is disabled
R1(config)#int e0
R1(config-if)#ipv6 add 2004:abcd:1234:0001::/64 eui-64
R1(config-if)#ipv6 rip 1 enable
R1(config)#int s0
R1(config-if)#ipv6 rip 1 enable
R2(config)#ipv6 unicast-routing
R2(config)#int e0
R2(config-if)# ipv6 rip 1 enable
R2(config)#int s0
R2(config-if)# ipv6 rip 1 enable
R2(config-if)#clock rate 64000
Outputs

Lab manual
 R2#sh ipv6 int brief
Ethernet0 [up/up]
FE80::210:7BFF:FE7F:B8EA
2003:ABCD:1234:1:210:7BFF:FE7F:B8EA
Serial0 [up/up]
FE80::210:7BFF:FE7F:B8EA
2005:ABCD:1234:2:210:7BFF:FE7F:B8EA
Serial1 [administratively down/down]
 For each interface IPv6 will create a Link local & Global Unicast address.
Global unicast addresses
These are publicly routable addresses, and they’re the same as they are in IPv4.
Link-local addresses
These are like the private addresses in IPv4, that means they’re not routable on a public
network.
R2#sh ipv6 int e0
IPv6 is enabled, link-local address is FE80::210:7BFF:FE7F:B8EA
Global unicast address(es):
2003:ABCD:1234:1:210:7BFF:FE7F:B8EA, subnet is 2003:ABCD:1234:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF7F:B8EA
MTU is 1500 bytes
R2#sh ipv6 int s0
IPv6 is enabled, link-local address is FE80::210:7BFF:FE7F:B8EA
Global unicast address(es):
2005:ABCD:1234:2:210:7BFF:FE7F:B8EA, subnet is 2005:ABCD:1234:2::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF17:2
FF02::1:FF7F:B8EA
MTU is 1500 bytes
 R2#sh ipv6 route ( without configuring RIP )
IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

Lab manual
C 2003:ABCD:1234:1::/64 [0/0]
via ::, Ethernet0
L 2003:ABCD:1234:1:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Ethernet0
C 2005:ABCD:1234:2::/64 [0/0]
via ::, Serial0
L 2005:ABCD:1234:2:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Serial0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
 R2#sh ipv6 route (configuring RIP )
IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
C 2003:ABCD:1234:1::/64 [0/0]
via ::, Ethernet0
L 2003:ABCD:1234:1:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Ethernet0
R 2004:abcd:1234:1::/64 [120/2]
Via FE80::200:CFF:FE91:811E, serial 0
C 2005:ABCD:1234:2::/64 [0/0]
via ::, Serial0
L 2005:ABCD:1234:2:210:7BFF:FE7F:B8EA/128 [0/0]
via ::, Serial0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
 R2#debug ipv6 rip
RIP Routing Protocol debugging is on
R2#
RIPng: response received from FE80::200:CFF:FE91:811E on Serial0 for 1
src=FE80::200:CFF:FE91:811E (Serial0)
dst=FF02::9 …….. Multicast address
sport=521, dport=521, length=52
command=2, version=1, mbz=0, #rte=2
tag=0, metric=1, prefix=2003:ABCD:1234:2::/64
RIPng: Sending multicast update on Ethernet0 for 1
src=FE80::210:7BFF:FE7F:B8EA

Lab manual
dst=FF02::9 (Ethernet0)
RIPng: Sending multicast update on Serial0 for 1
src=FE80::210:7BFF:FE7F:B8EA
dst=FF02::9 (Serial0)
Dual Stacking :
It allows our devices to communicate using either IPv4 or IPv6. It’ll look something like this:
Router(config)#ipv6 unicast-routing
Router(config)#interface fastethernet 0/0
Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64
Router(config-if)#ip address 192.168.255.1 255.255.255.0
Questions

Lab manual
1. How long is an IPv6 address?
A. 32 bits
B. 128 bytes
C. 64 bits
D. 128 bits
 D
2. To enable RIPng, which of the following would you use?
A. Router1(config-if)# ipv6 ospf 10 area 0.0.0.0
B. Router1(config-if)#ipv6 rip 1 enable
C. Router1(config)# ipv6 router eigrp 10
D. Router1(config-rtr)#no shutdown
E. Router1(config-if)#ipv6 eigrp 10
 B
3. What two statements about IPv6 addresses are true? (Choose two.)
A. Leading zeros are required.
B. Two colons (::) are used to represent successive hexadecimal fields of zeros.
C. Two colons (::) are used to separate fields.
D. A single interface will have multiple IPv6 addresses of different types.
 B,D
4. What two statements about IPv4 and IPv6 addresses are true?
A. An IPv6 address is 32 bits long, represented in hexidecimal.
B. An IPv6 address is 128 bits long, represented in decimal.
C. An IPv4 address is 32 bits long, represented in decimal.
D. An IPv6 address is 128 bits long, represented in hexidecimal.
 C,D
WIRELESS LAN (WLAN)

Lab manual
1. A single 802.11g access point has configured and installed in the center of a square office. A
few wireless users are experiencing slow performance and drops while most users are operating at
peak efficiency. What are three likely causes?
A. mismatched TKIP encryption
B. cordless phones
C. mismatched SSID
D. metal file cabinets
E. antenna type or direction
 B,D,E
2. Which two statements best describe the wireless security standard that is defined by WPA?
(Choose two.)
A. It specifies use of a static encryption key that must be changed frequently to
enhance security.
B. It requires use of an open authentication method.
C. It specifies the use of dynamic encryption keys that change each time a client
establishes a connection.
D. It requires that all access points and wireless devices use the same encryption
key.
E. It includes authentication by PSK.
 C, E
3. You and a co-worker have established wireless communication directly between your wireless
laptops. What type of wireless topology has been created?
A. BSS
B. ESS
C. IBSS
D. SSID
 C
4. Which two devices can interfere with the operation of a wireless network because they operate
on similar frequencies? (Choose two.)
A. copier
B. microwave oven
C. toaster
D. cordless phone
E. IP phone
 B, D
5. What is the maximum data rate specified for IEEE 802.11b WLANs?
A. 10 Mbps

Lab manual
B. 11 Mbps
C. 54 Mbps
D. 100 Mbps
 B
6. Which spread spectrum technology does the 802.11b standard define for operation?
A. IR
B. DSSS
C. FHSS
D. DSSS and FHSS
E. IR, FHSS and DSSS
 B
7. What is one reason that WPA encryption is preferred over WEP?
A. A WPA key is longer and requires more special characters than the WEP key.
B. The access point and the client are manually configured with different WPA key values.
C. WPA key values remain the same until the client configuration is changed.
D. The values of WPA keys can change dynamically while the system is used.
 D
8. What two facts can be determined from the WLAN diagram (choose 2)?
A. The area of overlap of the two cells represents a basic service set (BSS)
B. The network diagram represents an extended service set (ESS)
C. Access points in each cell must be configured to use channel 1
D. The area of overlap must be less than 10% of the area to ensure connectivity
E. The two APs should be configured to operate on different channels
 B and E
BOOTING

Lab manual
1. Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location
that is shown(choose two)?
A. Router 1 has specific boot system commands that instruct it to load IOS from a TFTP server
B. Router 1 is acting as a TFTP server for other routers.
C. Router 1 cannot locate a valid IOS image in the flash memory.
D. Router 1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server.
E. Cisco routers will first attempt to load an image from TFTP for management purpose
 A and C
2. During startup, the router displays the following error message.
Boot cannot open “flash”.
What will the router do next?
A. because of damaged flash memory, router will fail the POST.
B. It will attempt to locate the IOS from a TFTP server, if it fails it will initiate the setup dialog.
C. It will attempt to locate the IOS from a TFTP server, it will load a limited IOS from ROM.
D. It will attempt to locate the configuration file from a TFTP server, if it fails it will initiate the
setup dialog
E. It will attempt to locate the configuration file from a TFTP server, if it fails it will load a
limited configuration from ROM
 C
3. When upgrading the IOS image, the network administrator receives the exhibited
Error message. What could be the cause of error?

Lab manual
A. The new IOS image is too large for the router flash memory.
B. The TFTP server is unreachable from the router
C. The new IOS is not correct for this router platform.
D. The IOS image on the TFTP server is corrupt.
E. There is not enough disk space on the TFTP server for the IOS image.
 B
4. There are no boot system commands in a router configuration in NVRAM. What is the fallback
sequence that the router will use to find an IOS during reload?
A. TFTP server,Flash,NVRAM
B. ROM,NVRAM,TFTP server
C. NVRAM,TFTP server,ROM
D. Flash,TFTP server<ROM
E. Flash,NVRAM,ROM
 D
5. What does the command o/r 0x2142 provide?
A. It is used to restart the router.
B. It is used to bypass the configuration in NVRAM.
C. It is used to enter ROM Monitor mode.
D. It is used to view the lost password.
 B
6. Which command will copy the IOS to a backup host on your network?
A. transfer IOS to 172.16.10.1
B. copy run start
C. copy tftp flash
D. copy start tftp
E. copy flash tftp
 E
7. The corporate office sends you a new router to connect, but upon connecting the console
cable,you see that there is already a configuration on the router. What should be done before a new
configuration is entered in the router?

Lab manual
A. RAM should be erased and the router restarted.
B. Flash should be erased and the router restarted.
C. NVRAM should be erased and the router restarted.
D. The new configuration should be entered and saved.
 C
8. What should the configuration register value be after you successfully complete the password
recovery procedure and return the router to normal operation?
A. 0x2100
B. 0x2101
C. 0x2102
D. 0x2142
 C
9. Which command displays the configuration register setting?
A. show ip route
B. show boot version
C. show version
D. show flash
 C
10. The configuration register setting of 0x2102 provides what function to a router?
A. Tells the router to boot into ROM monitor mode
B. Provides password recovery
C. Tells the router to look in NVRAM for the boot sequence
D. Boots the IOS from a TFTP server
E. Boots an IOS image stored in ROM
 C
11. You copy a configuration from a network host to a router’s RAM. The configuration looks
correct, yet it’s not working at all. What could the problem be?
A. You copied the wrong configuration into RAM.
B. You copied the configuration into flash memory instead.
C. The copy did not override the shutdown command in running-config.
D. The IOS became corrupted after the copy command was initiated.
 C
12. You save the configuration on a router with the copy running-config startup- config command
and reboot the router. The router, however, comes up with a blank configuration. What can the
problem be?

Lab manual
A. You didn’t boot the router with the correct command.
B. NVRAM is corrupted.
C. The configuration register setting is incorrect.
D. The newly upgraded IOS is not compatible with the hardware of the router.
E. The configuration you save is not compatible with the hardware.
 C
13. Which command loads a new version of the Cisco IOS into a router?
A. copy flash ftp
B. copy ftp flash
C. copy flash tftp
D. copy tftp flash
 D
14. Which command will show you the IOS version running on your router?
A. sh IOS
B. sh flash
C. sh version
D. sh running-config
 C

Labmannual

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (18)

Ähnlich wie Labmannual

Ähnlich wie Labmannual (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Labmannual