Bridging Lab Manual From CCNA2.0 To CCNA3.0

CCNA Routing and Switching:
6.0 Bridging
Instructor Lab Manual
This document is exclusive property of Cisco Systems, Inc. Permission is granted

to print and copy this document for non-commercial distribution and exclusive
use by instructors in the CCNA Routing and Switching: Introduction to Networks course
as part of an official Cisco Networking Academy Program.
Lab - Troubleshooting Connectivity Issues (Instructor Version –
Recommend Lab)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
G0/1 192.168.1.1 255.255.255.0 N/A

R1
S0/0/0 10.1.1.1 255.255.255.252 N/A
S0/0/0 10.1.1.2 255.255.255.252 N/A
ISP
Lo0 209.165.200.226 255.255.255.255 N/A
S1 VLAN 1 192.168.1.2 255.255.255.0 192.168.1.1
PC-A NIC 192.168.1.10 255.255.255.0 192.168.1.1
Objectives
Part 1: Identify the Problem
Part 2: Implement Network Changes
Part 3: Verify Full Functionality
Part 4: Document Findings and Configuration Changes
Background / Scenario
In this lab, the company that you work for is experiencing problems with their Local Area Network (LAN). You
have been asked to troubleshoot and resolve the network issues. In Part 1, you will connect to devices on the
LAN and use troubleshooting tools to identify the network issues, establish a theory of probable cause, and
test that theory. In Part 2, you will establish a plan of action to resolve and implement a solution. In Part 3, you
will verify full functionality has been restored. Part 4 provides space for you to document your troubleshooting
findings along with the configuration changes that you made to the LAN devices.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions may be used.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 19
Lab - Troubleshooting Connectivity Issues
Depending on the model and Cisco IOS version, the commands available and the output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Required Resources
• 2 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• 1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
• 1 PC (Windows 7 or 8 with terminal emulation program, such as Tera Term)
• Ethernet and Serial cables as shown in the topology
Troubleshooting Configurations
The following settings must be configured on the devices shown in the topology. Paste the configurations onto
the specified devices prior to starting the lab.
PC:
IP Address: 192.168.1.10
Subnet Mask: 255.255.255.0
Default Gateway: (leave blank)
Instructor: You may choose to configure the PC settings; otherwise, student will know that the missing
default gateway setting is a problem.
S1:
no ip domain-lookup
hostname S1
ip domain-name ccna-lab.com
username admin01 privilege 15 secret cisco12345
interface FastEthernet0/1
shutdown
shutdown
shutdown
shutdown
duplex full
interface Vlan1
ip address 192.168.1.2 255.255.255.0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
crypto key generate rsa general-keys modulus 1024
end
R1:
hostname R1
no ip domain-lookup
username admin01 privilege 15 secret cisco12345
interface GigabitEthernet0/0
shutdown
ip address 192.168.1.1 255.255.255.0
duplex half
speed auto
no shutdown
interface Serial0/0/0
ip address 10.1.2.1 255.255.255.252
no shutdown
no ip address
shutdown
line vty 0 4
login local
transport input ssh
crypto key generate rsa general-keys modulus 1024
end
ISP:
hostname ISP
no ip domain-lookup
ip address 10.1.1.2 255.255.255.252
no shut
interface Lo0
ip address 209.165.200.226 255.255.255.255
ip route 0.0.0.0 0.0.0.0 10.1.1.1
end
Part 1: Identify the Problem.

The only available information about the network problem is that the users are experiencing slow response
times and that they are not able to reach an external device on the Internet at IP address 209.165.200.226.
To determine probable cause(s) for these network issues, you will need to utilize network commands and
tools on the LAN equipment shown in the topology.
Note: The user name admin01 with a password of cisco12345 will be required to log into the network
equipment.
Step 1: Troubleshoot from the PC.

a. From the PC command prompt, ping the external server IP Address 209.165.200.226.
b. Use the ipconfig command to determine the network settings on the PC.
Step 2: Troubleshoot from S1 using a SSH client session.

Note: Any SSH client software can be used. Tera Term is used in the examples in this lab.
a. SSH to S1 using its IP Address of 192.168.1.2 and log into the switch using admin01 for the user name
and cisco12345 for the password.
b. Issue the terminal monitor command on S1 to allow log messages to be sent to the VTY line of your
SSH session. After a few seconds you notice the following error message being displayed in your SSH
window.
S1# terminal monitor
S1#
*Mar 1 02:08:11.338: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on
FastEthernet0/5 (not half duplex), with R1.ccna-lab.com GigabitEthernet0/1
(half duplex).
S1#
c. On S1, issue the show interface f0/5 command to view the duplex setting of the interface.
S1# show interface f0/5
FastEthernet0/5 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0cd9.96e8.8a05 (bia 0cd9.96e8.8a05)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:35, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
849 packets input, 104642 bytes, 0 no buffer
Received 123 broadcasts (122 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 122 multicast, 0 pause input

0 input packets with dribble condition detected
4489 packets output, 361270 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
S1#
Step 3: Troubleshoot on R1 using an SSH client.

a. SSH to R1’s LAN interface and log in using admin01 for the user name and cisco12345 as the
password.
b. Issue the terminal monitor command on R1 to allow log messages to be sent to the VTY line of your
SSH session for R1. After a few seconds the duplex mismatch message appears on R1’s SSH session.
R1# terminal monitor
R1#
*Nov 23 16:12:36.623: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on
GigabitEthernet0/1 (not full duplex), with S1.ccna-lab.com FastEthernet0/5 (full
duplex).
R1#
c. Issue the show interface G0/1 command on R1 to display the duplex setting.
R1# show interfaces g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is d48c.b5ce.a0c1 (bia d48c.b5ce.a0c1)
Internet address is 192.168.1.1/24
Half Duplex, 100Mbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported

Received 453 broadcasts (0 IP multicasts)
R1#
d. Issue the ping 209.165.200.226 command on R1 to test connectivity to the external server.
R1# ping 209.165.200.226
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.226, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
e. Issue the show ip interface brief command on R1 to verify interface IP Address settings.
R1# show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet0/1 192.168.1.1 YES manual up up
Serial0/0/0 10.1.2.1 YES manual up up
Serial0/0/1 unassigned YES unset administratively down down
R1#
f. Issue the show ip route command on R1 to verify the router’s default gateway setting.
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.1.2.0/30 is directly connected, Serial0/0/0
L 10.1.2.1/32 is directly connected, Serial0/0/0
C 192.168.1.0/24 is directly connected, GigabitEthernet0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/1
R1#
List the probable causes for the network problems that employees are experiencing.
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
1. The Default Gateway is not set on the PC.
2. Interface G0/1 is set to Half-Duplex on R1.
3. An incorrect IP Address is set on S0/0/0 on R1.
4. The Gateway of last resort is not set on R1.
Part 2: Implement Network Changes

You have communicated the problems that you discovered in Part 1 to your supervisor. She has approved
these changes and has requested that you implement them.
Step 1: Set the Default Gateway on the PC to 192.168.1.1.
Step 2: Set the duplex setting for interface G0/1 on R1 to full duplex.
R1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
*Nov 23 17:23:36.879: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on
GigabitEthernet0/1 (not full duplex), with S1.ccna-lab.com FastEthernet0/5
(full duplex).
R1(config)#
R1(config)# interface g0/1
R1(config-if)# duplex full
R1(config-if)# exit
*Nov 23 17:24:08.039: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to
down
R1(config)#
*Nov 23 17:24:10.363: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to
up
*Nov 23 17:24:10.459: %SYS-5-CONFIG_I: Configured from console by console
R1(config)#
Step 3: Reconfigure the IP address for S0/0/0 to IP Address 10.1.1.1/30 on R1.

R1(config)# interface s0/0/0
R1(config-if)# ip address 10.1.1.1 255.255.255.252

R1(config-if)# exit
Step 4: Configure the Gateway of last resort on R1 with a 10.1.1.2 default route.
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2
R1(config)# end
Part 3: Verify Full Functionality

Verify that full functionality has been restored.
Step 1: Verify that all interfaces and routes have been set correctly and that routing has been
restored on R1.
a. Issue the show ip route command to verify that the default gateway has been set correctly.
R1# show ip route
Gateway of last resort is 10.1.1.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.1.2

C 192.168.1.0/24 is directly connected, GigabitEthernet0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/1
R1#
b. Issue the show ip interface s0/0/0 command to verify that the IP Address on S0/0/0 is set correctly.
R1# show ip interface s0/0/0
Serial0/0/0 is up, line protocol is up
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
<output omitted>
IPv4 WCCP Redirect exclude is disabled
R1#
c. Issue the ping 209.165.200.226 command to verify that the external server is reachable now.
R1# ping 209.165.200.226

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1#
d. Issue the show interface g0/1 command to verify that the duplex setting is full duplex.
R1# show interface g0/1
Hardware is CN Gigabit Ethernet, address is d48c.b5ce.a0c1 (bia d48c.b5ce.a0c1)
Full Duplex, 100Mbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
Received 279 broadcasts (0 IP multicasts)
R1#
Step 2: Verify End-to-End connectivity from the LAN PC.

a. Issue the ipconfig command from the command prompt on the PC.
b. Issue the ping 209.165.200.226 command from the CMD window on the PC
Part 4: Document Findings and Configuration Changes

Use the space provided below to document the issues found during your troubleshooting and the
configurations changes made to resolve those issues.
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Documentation will vary but should include the date when troubleshooting was conducted, devices that were
tested, commands used along with the output generated by those commands, issues found, and configuration
changes made to resolve those issues.
Reflection
This lab had you troubleshoot all devices before making any changes. Is there another way to apply the
troubleshooting methodology?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers may vary. Another way the troubleshooting methodology could be applied would be to complete all 6
steps on a device before moving on to another device. e.g. After you determined that the default gateway was
not set on the PC, you would add the default gateway setting and verify functionality. If network issues still
exist, you would then move on to the next device, S1 in this example. When the troubleshooting process had
been completed on S1 and issues still exist, you would then move on to R1. This process would continue until
full network functionality was achieved.
Router Interface Summary Table
Router Interface Summary
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
(F0/0) (F0/1)
(F0/0) (F0/1)
(G0/0) (G0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs - Final
Router R1
R1# show run
Building configuration...
Current configuration : 1531 bytes
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 15
!
no ip domain lookup
ip domain name ccna-lab.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
username admin01 privilege 15 secret 9
$9$8a4jGjbPPpeeoE$WyPsIiOaYT4ATlJzrR6T9E6vIdESOGF.NYX53arPmtA
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 192.168.1.1 255.255.255.0
duplex full
speed auto
!
ip address 10.1.1.1 255.255.255.252
clock rate 2000000
!
no ip address
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end
Switch S1
S1# show run
!
version 15.0
no service pad
!
hostname S1
!
boot-start-marker
boot-end-marker
!
username admin01 privilege 15 secret 9
$9$lJgfiLCHj.Xp/q$hA2w.oyQPTMhBGPeR.FZo3NZRJ9T1FdqvgRCFyBYnNs
no aaa new-model
system mtu routing 1500
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
duplex full
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip http server
ip http secure-server
!
line con 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
end
Router ISP
ISP# show run
!
version 15.4
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 209.165.200.226 255.255.255.255
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 10.1.1.2 255.255.255.252
!
no ip address
shutdown
clock rate 125000
!
!
no ip http server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
control-plane
!
line con 0
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
login
transport input none
!
!
end
Lab - Configure CDP and LLDP (Instructor Version)
Topology
Addressing Table
Device Interface IP Address Subnet Mask
G0/1 192.168.1.254 255.255.255.0

Gateway
S0/0/1 209.165.200.226 255.255.255.252
ISP S0/0/1 (DCE) 209.165.200.225 255.255.255.252
Objectives
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Network Discovery with CDP
Part 3: Network Discovery with LLDP
Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol for network discovery on the data link layer. It
can share information such as device names and IOS versions, with other physically connected Cisco
devices. Link Layer Discovery Protocol (LLDP) is vendor-neutral protocol using on the data link layer for
network discovery. It is mainly used with network devices in the local area network (LAN). The network
devices advertise information, such as their identities and capabilities to their neighbors.
In this lab, you must document the ports that are connected to other switches using CDP and LLDP. You will
document your findings in a network topology diagram. You will also enable or disable these discovery
protocols as necessary.
Lab – Configure CDP and LLDP
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and the output produced might vary
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
• 3 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet cables as shown in the topology

In Part 1, you will set up the network topology and configure basic settings on the router and switches.
Step 1: Cable the network as shown in the topology.

The Ethernet ports used on the switches are not specified in the topology. You may choose to use any
Ethernet ports to cable the switches as shown in the topology diagram.
Step 2: Initialize and reload the network devices as necessary.
Step 3: Configure basic device settings for the switches.

a. Console into the device and enable privileged EXEC mode.
b. Enter configuration mode.
c. Disable DNS lookup to prevent the switch from attempting to translate incorrectly entered commands as
though they were host names.
d. Configure the hostname according to the topology.
e. Verify that the switchports with connected Ethernet cables are enabled.
f. Save the running configuration to the startup configuration file.
Step 4: Configure basic device settings for the routers.

a. Console into the device and enable privileged EXEC mode.
b. Enter configuration mode.
c. Copy and paste the following configurations into the routers.
ISP:
hostname ISP
no ip domain lookup
ip address 209.165.200.225 255.255.255.252
no shutdown
Gateway:
hostname Gateway
no ip domain lookup
ip address 192.168.1.254 255.255.255.0
ip nat inside
no shutdown
ip address 209.165.200.226 255.255.255.252
ip nat outside
no shutdown
ip nat inside source list 1 interface Serial0/0/1 overload
access-list 1 permit 192.168.1.0 0.0.0.255
d. Save the running configuration to the startup configuration file.
Part 2: Network Discovery with CDP

On Cisco devices, CDP is enabled by default. You will use CDP to discover the ports that are currently
connected.
a. On router Gateway, enter the show cdp command in the privileged EXEC mode to verify that CDP is
currently enabled on router Gateway.
Gateway# show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
How often are CDP packets sent?
____________________________________________________________________________________
CDP packets are sent out every 60 seconds.
If CDP is disabled on Gateway, enable CDP by issuing the cdp run command in the global configuration
mode.
Gateway(config)# cdp run
Gateway(config)# end
b. Issue the show cdp interface to list the interfaces that are participating in CDP advertisements.
Gateway# show cdp interface
Embedded-Service-Engine0/0 is administratively down, line protocol is down
Encapsulation ARPA
Holdtime is 180 seconds
GigabitEthernet0/0 is administratively down, line protocol is down
Encapsulation ARPA
Encapsulation ARPA
Serial0/0/0 is administratively down, line protocol is down
Encapsulation HDLC
Serial0/0/1 is up, line protocol is up
Encapsulation HDLC
cdp enabled interfaces : 5

interfaces up : 2
interfaces down : 3
How many interfaces are participating in the CDP advertisement? Which interfaces are up?
____________________________________________________________________________________
Five interfaces are participating in CDP. The interfaces S0/0/1 and G0/1 are up.
c. Issue the show cdp neighbors command to determine the CDP neighbors.
Gateway# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID

ISP Ser 0/0/1 158 R B S I CISCO1941 Ser 0/0/1
S3 Gig 0/1 170 S I WS-C2960- Fas 0/5
d. For more details on CDP neighbors, issue the show cdp neighbors detail command.
Gateway# show cdp neighbors detail
-------------------------
Device ID: ISP
Entry address(es):
IP address: 209.165.200.225
Platform: Cisco CISCO1941/K9, Capabilities: Router Source-Route-Bridge
Switch IGMP
Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1
Holdtime : 143 sec
Version :
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M2,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 06-Feb-15 17:01 by prod_rel_team
advertisement version: 2
Management address(es):
IP address: 209.165.200.225
-------------------------
Device ID: S3
Entry address(es):
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): FastEthernet0/5
Holdtime : 158 sec
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7,
Compiled Thu 23-Oct-14 14:49 by prod_rel_team
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27,
value=00000000FFFFFFFF010221FF0000000000000CD996E87400FF0000
VTP Management Domain: ''
Native VLAN: 1
Duplex: full
e. What can you learn about ISP and S3 from the outputs of the show cdp neighbors detail command?
____________________________________________________________________________________
____________________________________________________________________________________
The output displays the IOS version, device model, and the IP Address on S0/0/1 interface for ISP. On
S3, the output shows information, such as the IOS version, VTP management domain, and native VLAN,
duplex.
f. Configure the SVI on S3. Use an available IP address in 192.168.1.0 / 24 network. Configure
192.168.1.254 as the default gateway.
S3(config)# interface vlan 1
S3(config-if)# ip address 192.168.1.3 255.255.255.0
S3(config-if)# no shutdown
S3(config-if)# exit
S3(config)# ip default-gateway 192.168.1.254
g. Issue the show cdp neighbors detail command on Gateway. What additional information is available?
____________________________________________________________________________________
The output includes the IP address for SVI on S3 that was just configured.
Gateway# show cdp neighbors detail | begin S3
Device ID: S3
Entry address(es):
IP address: 192.168.1.3
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): FastEthernet0/5
Holdtime : 163 sec
Version :
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27,
value=00000000FFFFFFFF010221FF0000000000000CD996E87400FF0000
VTP Management Domain: ''
Native VLAN: 1
Duplex: full
Management address(es):
IP address: 192.168.1.3
Total cdp entries displayed : 2

h. For security reasons, it is a good idea to turn off CDP on an interface facing an external network. Issue
the no cdp enable in the interface configuration mode on the S0/0/1 interface on Gateway.
Gateway(config)# interface s0/0/1
Gateway(config-if)# no cdp enable
Gateway(config-if)# end
To verify that CDP has been turned off on the interface S0/0/1, issue the show cdp neighbors or show
cdp interface command. You may need to wait for the hold time to expire. The hold time is the amount of
time the network devices will hold the CDP packets until the devices discard them.
Gateway# show cdp neighbors

S3 Gig 0/1 161 S I WS-C2960- Fas 0/5
The interface S0/0/1 on Gateway no longer has a CDP adjacency with the ISP router. But it still has CDP
adjacencies with other interfaces.
Gateway# show cdp interface
Embedded-Service-Engine0/0 is administratively down, line protocol is down
Encapsulation ARPA
GigabitEthernet0/0 is administratively down, line protocol is down

Encapsulation ARPA
Encapsulation ARPA
Serial0/0/0 is administratively down, line protocol is down
Encapsulation HDLC
cdp enabled interfaces : 4

interfaces up : 1
interfaces down : 3
i. To disable CDP globally, issue the no cdp run command in the global configuration mode.
Gateway# conf t
Gateway(config)# no cdp run
Gateway(config)# end
Which command(s) would you use to verify that CDP has been disabled?
____________________________________________________________________________________
show cdp, show cdp neighbors, show cdp neighbors detail, or show cdp interface
j. Enable CDP globally on Gateway. How many interfaces are CDP enabled? Which interfaces are CDP
disabled?
____________________________________________________________________________________
Four interfaces are CDP enabled. The interface S0/0/1 is CDP disabled.
k. Console into all the switches and use the CDP commands to determine the Ethernet ports that connected
to other devices. An example of the CDP commands for S3 is displayed below.
S3# show cdp neighbors

Gateway Fas 0/5 143 R B S I CISCO1941 Gig 0/1
S2 Fas 0/2 173 S I WS-C2960- Fas 0/4
S1 Fas 0/4 171 S I WS-C2960- Fas 0/4
Part 3: Network Discovery with LLDP

On Cisco devices, LLDP maybe enabled by default. You will use LLDP to discover the ports that are currently
connected.
a. On Gateway, enter the show lldp command in the privileged EXEC mode.
Gateway# show lldp

% LLDP is not enabled
If LLDP is disabled, enter the lldp run command in the global configuration mode.
Gateway(config)# lldp run
b. Use the show lldp command to verify that LLDP is enabled on Gateway.
Gateway# show lldp
Global LLDP Information:

Status: ACTIVE
LLDP advertisements are sent every 30 seconds
LLDP hold time advertised is 120 seconds
LLDP interface reinitialisation delay is 2 seconds
Issue the show lldp neighbors command. Which devices are neighbors to Gateway?
____________________________________________________________________________________
Currently there are no neighbors.
c. If there are no LLDP neighbors for Gateway, enable LLDP on the switches and ISP. Issue lldp run in the
global configuration mode on the devices.
S1(config)# lldp run
ISP(config)# lldp run
d. Issue the show lldp neighbors command on the switches and router to list the LLDP enabled ports. The
output for Gateway is shown below.
Gateway# show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID

S3 Gi0/1 120 B Fa0/5
Total entries displayed: 1

e. Issue the show lldp neighbors detail command on Gateway.
Gateway# show lldp neighbors detail
------------------------------------------------
Local Intf: Gi0/1
Chassis id: 0cd9.96e8.7400
Port id: Fa0/5
Port Description: FastEthernet0/5
System Name: S3
System Description:

Time remaining: 103 seconds

System Capabilities: B
Enabled Capabilities: B
Management Addresses:
IP: 192.168.1.3
Auto Negotiation - supported, enabled
Physical media capabilities:
100base-TX(FD)
100base-TX(HD)
10base-T(FD)
10base-T(HD)
Media Attachment Unit type: 16
Vlan ID: 1
Total entries displayed: 1
What port is used on S3 to connect to the Gateway router?

____________________________________________________________________________________
Port Fa0/5 is used on S3 is connected to the Gi0/1 port on Gateway.
f. Use the show command outputs from CDP and LLDP to document the connected ports in the network
topology.
Reflection
Within a network, on which interfaces should you not use discovery protocols? Explain.
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Discovery protocols should not be used on interfaces that are facing the external networks because these
protocols provide insights about the internal network. This information allows attackers to gain valuable
information about the internal network and exploit the network.
(F0/0) (F0/1)
(G0/0) (G0/1)
(F0/0) (F0/1)
(F0/0) (F0/1)
(G0/0) (G0/1)
Device Configs - Final
Router ISP
ISP# show run

!
version 15.4
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip cef
no ipv6 cef
!
!
cts logging verbose
!
redundancy
!
lldp run
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
!
ip address 209.165.200.225 255.255.255.252
clock rate 125000
!
!
no ip http server
!
control-plane
!
line con 0
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
login
!
!
end
Router Gateway
Gateway# show run

!
version 15.4
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
cts logging verbose
!
redundancy
!
lldp run
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
no ip address
shutdown
clock rate 125000
!
ip address 209.165.200.226 255.255.255.252
ip nat outside
ip virtual-reassembly in
no cdp enable
!
!
no ip http server
!
ip nat inside source list 1 interface Serial0/0/1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
line con 0
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
login
!
!
end
Switch S1
S1# show run

!
version 15.0
no service pad
!
hostname S1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
!
lldp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
no ip address
!
ip http server
!
line con 0
line vty 5 15
!
end
Switch S2
S2# show run

!
version 15.0
no service pad
!
hostname S2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
!
lldp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
no ip address
!
ip http server
!
line con 0
line vty 5 15
!
end
Switch S3
S3# show run

!
version 15.0
no service pad
!
hostname S3
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
!
lldp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
no ip address
!
ip http server
!
line con 0
line vty 5 15
!
end
Lab - Configure Extended VLANs, VTP and DTP (Instructor Version)
Topology
Objectives
Part 2: Use Dynamic Trunking Protocol (DTP) to Form Trunk Links
Part 3: Configure VLAN Trunking Protocol (VTP)
Part 4: Create extended VLAN
In this lab you will configure a switched environment where trunks are negotiated and formed via DTP, and
VLAN information is propagated automatically through a VTP domain. You will create an extended VLAN and
to add it to the VTP domain.
Scalability and management are two critical considerations when creating a large network. VTP and DTP are
protocols that improve management and scalability. Extended VLANs enable better scalability in large
environments by extending the number of VLANs that can be configured in a switch. VLAN Trunking Protocol
(VTP) allows the switches to automatically communicate VLAN information, improving management and
scalability. Dynamic Trunking Protocol (DTP) allows the switches to automatically negotiate and establish
trunk links. DTP also improves scalability.
Required Resources
• 3 Switches (Cisco Catalyst 2960)

In Part 1, you will set up the network topology and configure basic settings on the routers.
a. Cable the network as shown in the topology.
b. Initialize and reload the network devices as necessary.
c. Console into the device and enable privileged EXEC mode.
d. Enter configuration mode.
Lab – Configure Extended VLANs, VTP and DTP
e. Disable DNS lookup to prevent the switches from attempting to translate incorrectly entered commands
as though they were host names.
f. Configure the hostnames according to the topology.
g. Save the running configuration to the startup configuration file.
Part 2: Use Dynamic Trunking Protocol (DTP) to Form Trunk Links

While access links transport single VLAN frames, trunk links are links designed to carry frames belonging to
multiple VLANs. While trunk links can be manually configured, DTP can be used to allow the switches to
negotiate and establish trunk links.
a. Based on the topology, enable and configure DS1 ports F0/1 and F0/3 as DTP desirable:
DS1(config)# interface range F0/1, F0/3
DS1(config-if-range)# switchport mode dynamic desirable
DS1(config-if-range)#
*Mar 1 00:18:00.821: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to down
changed state to up
*Mar 1 00:18:03.858: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed
state to upBased on the fact that the ports above were made DTP desirable, should DS1 ports F0/1 and
F0/3 become trunk links?
___________________________________________________________________________________
___________________________________________________________________________________
Yes. By default, DTP is enabled and the ports are set to DTP auto. DTP desirable on one side and DTP
auto on the other result in an established trunk link.
b. Verify that AS1 port F0/1 was in fact configured as DTP auto (the default setting). If not, use the
commands below to configure AS1 port F0/1 as DTP auto:
AS1# sh interfaces F0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
What portion of the output above shows the DTP configuration of AS1 port F0/1?
____________________________________________________________________________________
The third line, Administrative Mode: dynamic auto
What portion of the output above shows the current status of AS1 port F0/1?
____________________________________________________________________________________
The fourth line, Operational Mode: trunk.
If AS1 F0/1 was not configured as DTP auto, what commands should be used to do so?
____________________________________________________________________________________
____________________________________________________________________________________
AS1(config)# int F0/1
AS1(config-if)# swtichport mode dynamic auto
c. Similarly, verify and configure AS2 port F0/3 as DTP auto if it is not already configured as such:
AS2(config)# interface range F0/3
AS2(config-if-range)# switchport mode dynamic auto
AS2# show interfaces F0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
<output omitted>
Part 3: Configuring VLAN Trunking Protocol (VTP)

VTP is protocol used to communicate VLAN information among VTP domain participating switches. To
configure a new VTP domain, follow the steps below:
a. Configure switch DS1 as VTP server:
DS1(config)# vtp mode server

DS1(config)#
Device mode already VTP Server for VLANS.
b. Create the VTP domain by assigning it a name. The VTP domain name is CCNA-LAB.
Note: VTP domain names are case-sensitive.
DS1(config)# vtp domain CCNA-LAB
Changing VTP domain name from NULL to CCNA-LAB
*Mar 1 01:12:07.498: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to CCNA-
LAB.
DS1(config)#
c. Use the command vtp password to assign a password to the VTP domain. VTP domain passwords are
optional, but recommended because they increase security.
DS1(config)# vtp password cisco12345
Setting device VTP password to cisco12345
d. Verify the domain was properly created with show vtp status:
DS1# show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : CCNA-LAB
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 001e.4914.6980
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
Configuration Revision : 0
MD5 digest : 0xFE 0x1A 0x4F 0xF2 0xF3 0x21 0x57 0xC5
0x01 0xDC 0x3C 0x4A 0xB1 0xCB 0x4A 0x54
Based on the output above, what is the revision number of the CCNA-LAB domain? What does that
mean?
____________________________________________________________________________________
____________________________________________________________________________________
Based on the output above, the revision number is 0. This means that if another VTP server is added to
the domain (with correct domain name and password) and this new server has a higher revision number,
its VLAN configuration will overwrite the current domain configuration.
What portion of the output above indicates a VTP password has been configured for the domain?
____________________________________________________________________________________
____________________________________________________________________________________
The MD5 hash field. In the case above, 0xFE 0x1A 0x4F 0xF2 0xF3 0x21 0x57 0xC5 0x01 0xDC 0x3C
0x4A 0xB1 0xCB 0x4A 0x54 represents the domain password.
e. Use DS1, the VTP server, to add five VLANs to domain:
DS1(config)# vlan 10
DS1(config-vlan)# vlan 20
DS1(config-vlan)# end
DS1#
f. Add the access layer switches AS1 and AS2 to the domain as VTP clients:
Note: It is important to set a new switch to VTP client before adding it to an existing domain. If the new
switch contains any leftover VTP configuration, setting it as VTP client minimizes the risk of the new
switch modifying the VLANs already present in the domain.
AS1(config)# vtp mode client
Setting device to VTP Client mode for VLANS.
AS1(config)# vtp domain CCNA-LAB
Changing VTP domain name from NULL to CCNA-LAB
AS1(config)#
*Mar 1 01:36:06.161: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to CCNA-
LAB.vtp pass
AS1(config)# vtp password cisco12345
Setting device VTP password to cisco12345
AS1(config)# end
g. Verify that AS1 has learned the VLANs added to the domain by DS1:
AS1# show vlan
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
100 VLAN0100 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs

------------------------------------------------------------------------------
Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------
h. Verify that AS2 has learned the VLANs added to the domain by DS1:
AS2# show vlan

---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
100 VLAN0100 active
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs

------------------------------------------------------------------------------
Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------
Part 4: Creating Extended VLANs

a. Extended VLANs, ranging from 1006 to 4094, are a useful in large networks. Create an extended VLAN
on AS1:
AS1(config)# vlan 1010
AS1(config)# end
% Failed to create VLANs 1010
Extended VLAN(s) not allowed in current VTP mode.
%Failed to commit extended VLAN(s) changes.
Was the extended VLAN 1010 created? Why?
____________________________________________________________________________________
No. AS1 is a VTP client and extended VLAN creation is not allowed in VTP client switches.
b. Make AS1 VTP mode to transparent:
AS1(config)# vtp mode transparent
Setting device to VTP Transparent mode for VLANS.
AS1(config)# end
c. Verify AS1 is in VTP transparent mode:
AS1# show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : CCNA-LAB
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0025.83e6.9980
Configuration last modified by 0.0.0.0 at 3-1-93 02:39:34
Feature VLAN:
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 255
Number of existing VLANs : 10
Configuration Revision : 0
MD5 digest : 0x38 0x18 0xBA 0x48 0x7F 0x7B 0x4C 0xBB
0x03 0x52 0x07 0x2B 0x33 0xC1 0xC9 0xE6
d. Create the extended VLAN 1010 on AS1:

AS1(config)# vlan 1010
AS1(config-vlan)# end
AS1#
e. Verify the extended VLAN 1010 was created on AS1:
AS1# show vlan

---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/6, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
100 VLAN0100 active
1010 VLAN1010 active
<output omitted>
Was extended VLAN 1010 created on AS1? Explain

____________________________________________________________________________________
Yes. Now that the switch is in VTP mode transparent, extended VLANs can be configured.
Is extended VLAN 1010 propagated to DS1 or AS2? Why?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
No.AS1 is in transparent mode and as such, it doesn’t make changes to the VTP domain. However, even
if AS1 was configured to VTP server, DS1, AS1 and AS2 are members of a VTP version 1 domain; VTP
version 1 doesn’t support extended VLANs.
f. For verification purposes only, attempt to change AS1 from VTP transparent mode to VTP server mode:
AS1(config)# vtp mode server
Device mode cannot be VTP Server for VLANS because extended VLAN(s) exist
AS1(config)#
As expected, AS1 can not be made a VTP version 1 server while it hosts extended VLANs.
What is the solution if the network design requires extended VLANs to be added to a VTP domain?
____________________________________________________________________________________
VTP version 3 should be deployed. VTP version 3 adds support to extended VLANs.
Switch DS1
DS1# show run

!
version 15.0
no service pad
hostname DS1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain-lookup
!
!
!
switchport mode dynamic desirable
!
shutdown
!
switchport mode dynamic desirable
!
shutdown
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
no ip address
!
ip http server
!
line con 0
line vty 5 15
!
end
Switch AS1
AS1# show run

!
version 15.0
no service pad
!
hostname AS1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
vtp domain CCNA-LAB
vtp mode transparent
!
!
no ip domain-lookup
!
!
!
vlan 10,20,30,40,100,1010
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
no ip address
!
ip http server
!
!
line con 0
line vty 5 15
!
end
Switch AS2
AS2#show run

!
version 15.0
no service pad
!
hostname AS2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
!
no ip domain-lookup
!
!
!
shutdown
!
shutdown
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
no ip address
!
ip http server
!
line con 0
line vty 5 15
!
end
Lab - Configuring HSRP (Instructor Version)
Topology
Lab – Configuring HSRP
Addressing Table
G0/1 192.168.1.1 255.255.255.0 N/A

R1
S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A
S0/0/0 10.1.1.2 255.255.255.252 N/A
R2 S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A
Lo1 209.165.200.225 255.255.255.224 N/A
G0/1 192.168.1.3 255.255.255.0 N/A
R3
S0/0/1 10.2.2.1 255.255.255.252 N/A
S1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1
S3 VLAN 1 192.168.1.13 255.255.255.0 192.168.1.3
PC-A NIC 192.168.1.31 255.255.255.0 192.168.1.1
PC-C NIC 192.168.1.33 255.255.255.0 192.168.1.3
Objectives
Part 1: Build the Network and Verify Connectivity
Part 2: Configure First Hop Redundancy using HSRP
Spanning tree provides loop-free redundancy between switches within a LAN. However, it does not provide
redundant default gateways for end-user devices within the network if one of the routers fails. First Hop
Redundancy Protocols (FHRPs) provide redundant default gateways for end devices with no end-user
configuration necessary. In this lab, you will configure Cisco’s Hot Standby Routing Protocol (HSRP), a First
Hop Redundancy Protocol (FHRP).
Depending on the model and Cisco IOS version, the commands available and output produced might vary
Required Resources
• 3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• 2 PCs (Windows 8, 7, or Vista with terminal emulation program, such as Tera Term)
• Ethernet and serial cables as shown in the topology

In Part 1, you will set up the network topology and configure basic settings, such as the interface IP
addresses, static routing, device access, and passwords.

Attach the devices as shown in the topology diagram, and cable as necessary.
Step 2: Configure PC hosts.
Step 3: Initialize and reload the routers and switches as necessary.
Step 4: Configure basic settings for each router.

a. Disable DNS lookup.
b. Configure the device name as shown in the topology.
c. Configure IP addresses for the routers as listed in the Addressing Table.
d. Set clock rate to 128000 for all DCE serial interfaces.
e. Assign class as the encrypted privileged EXEC mode password.
f. Assign cisco for the console and vty password and enable login.
g. Configure logging synchronous to prevent console messages from interrupting command entry.
h. Copy the running configuration to the startup configuration.
Step 5: Configure basic settings for each switch.

c. Assign class as the encrypted privileged EXEC mode password.
d. Configure IP addresses for the switches as listed in the Addressing Table.
e. Configure the default gateway on each switch.
Step 6: Verify connectivity between PC-A and PC-C.

Ping from PC-A to PC-C. Were the ping results successful? ________________ Yes
If the pings are not successful, troubleshoot the basic device configurations before continuing.
Note: It may be necessary to disable the PC firewall to successfully ping between PCs.
Step 7: Configure routing.

a. Configure RIP on the routers in area 0 with process ID of 1. Add all the networks, except
209.165.200.224/27 into the RIP process.
b. Configure a default route on R2 using Lo1 as the exit interface to 209.165.200.224/27 network.
c. On R2, use the following commands to redistribute the default route into the RIP process.
R2(config)# router rip

R2(config-router)# default-information originate
Step 8: Verify connectivity.

a. From PC-A, you should be able to ping every interface on R1, R2, R3, and PC-C. Were all pings
successful? ______________ Yes
b. From PC-C, you should be able to ping every interface on R1, R2, R3, and PC-A. Were all pings
Part 2: Configure First Hop Redundancy Using HSRP

Even though the topology has been designed with some redundancy (two routers and two switches on the
same LAN network), both PC-A and PC-C are configured with only one gateway address. PC-A is using R1
and PC-C is using R3. If either of these routers or the interfaces on the routers went down, the PC could lose
its connection to the Internet.
In Part 2, you will test how the network behaves both before and after configuring HSRP. To do this, you will
determine the path that packets take to the loopback address on R2.
Step 1: Determine the path for Internet traffic for PC-A and PC-C.
a. From a command prompt on PC-A, issue a tracert command to the 209.165.200.225 loopback address
of R2.
C:\ tracert 209.165.200.225
Tracing route to 209.165.200.225 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 192.168.1.1
2 13 ms 13 ms 13 ms 209.165.200.225
Trace complete.
What path did the packets take from PC-A to 209.165.200.225?
______________________________________ PC-A to R1 to R2
b. From a command prompt on PC-C, issue a tracert command to the 209.165.200.225 loopback address
of R2.
What path did the packets take from PC-C to 209.165.200.225?
______________________________________ PC-C to R3 to R2
Step 2: Start a ping session on PC-A, and break the connection between S1 and R1.
a. From a command prompt on PC-A, issue a ping –t command to the 209.165.200.225 address on R2.
Make sure you leave the command prompt window open.
Note: The pings continue until you press Ctrl+C, or until you close the command prompt window.
C:\ ping –t 209.165.200.225
Pinging 209.165.200.225 with 32 bytes of data:
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
<output omitted>
b. As the ping continues, disconnect the Ethernet cable from F0/5 on S1. You can also shut down the S1
F0/5 interface, which creates the same result.
What happened to the ping traffic?
____________________________________________________________________________________
After the cable was disconnected from F0/5 on S1 (or the interface was shut down), pings failed. Sample
output is below.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
<output omitted>
c. Would be the results if you repeat Steps 2a and 2b on PC-C and S3?
____________________________________________________________________________________
The results were the same as on PC-A. After the Ethernet cable was disconnected from F0/5 on S3, the
pings failed.
d. Reconnect the Ethernet cables to F0/5 or enable the F0/5 interface on both S1 and S3, respectively. Re-
issue pings to 209.165.200.225 from both PC-A and PC-C to make sure connectivity is re-established.
Step 3: Configure HSRP on R1 and R3.

In this step, you will configure HSRP and change the default gateway address on PC-A, PC-C, S1, and S2 to
the virtual IP address for HSRP. R1 becomes the active router via configuration of the HSRP priority
command.
a. Configure HSRP on R1.
R1(config-if)# standby version 2
R1(config-if)# standby 1 ip 192.168.1.254
R1(config-if)# standby 1 priority 150
R1(config-if)# standby 1 preempt
b. Configure HSRP on R3.
R3(config-if)# standby version 2
R3(config-if)# standby 1 ip 192.168.1.254
c. Verify HSRP by issuing the show standby command on R1 and R3.
R1# show standby
GigabitEthernet0/1 - Group 1 (version 2)
State is Active
4 state changes, last state change 00:00:30
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c9f.f001
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.696 secs
Preemption enabled
Active router is local

Standby router is 192.168.1.3, priority 100 (expires in 11.120 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/1-1" (default)
R3# show standby

GigabitEthernet0/1 - Group 1 (version 2)
State is Standby
4 state changes, last state change 00:02:29
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c9f.f001
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.720 secs
Preemption disabled
Active router is 192.168.1.1, priority 150 (expires in 10.128 sec)
MAC address is d48c.b5ce.a0c1
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi0/1-1" (default)
Using the output shown above, answer the following questions:
Which router is the active router? _____________________ R1
What is the MAC address for the virtual IP address? ____________________________ 0000.0c9f.f001
What is the IP address and priority of the standby router?
____________________________________________________________________________________
____________________________________________________________________________________
IP address is 192.168.1.3 and the priority is 100 (the default which is less than that of R1, the active
router, with a priority of 150).
d. Use the show standby brief command on R1 and R3 to view an HSRP status summary. Sample output
is shown below.
R1# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/1 1 150 P Active local 192.168.1.3 192.168.1.254
R3# show standby brief

P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/1 1 100 Standby 192.168.1.1 local 192.168.1.254
e. Change the default gateway address for PC-A, PC-C, S1, and S3. Which address should you use?
____________________________________________________________________________________
192.168.1.254
f. Verify the new settings. Issue a ping from both PC-A and PC-C to the loopback address of R2. Are the
pings successful? __________ Yes
Step 4: Start a ping session on PC-A and break the connection between the switch that is
connected to the Active HSRP router (R1).
a. From a command prompt on PC-A, issue a ping –t command to the 209.165.200.225 address on R2.
Ensure that you leave the command prompt window open.
b. As the ping continues, disconnect the Ethernet cable from F0/5 on S1 or shut down the F0/5 interface.
What happened to the ping traffic?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
A few packets may be dropped while the Standby router takes over. Sample output is shown below:
Request timed out.
Request timed out.
<output Omitted>
Step 5: Verify HSRP settings on R1 and R3.

a. Issue the show standby brief command on R1 and R3.
Which router is the active router? __________________________________ R3 is now the active router.
b. Reconnect the cable between the switch and the router or enable interface F0/5. Now which router is the
active router? Explain.
____________________________________________________________________________________
R1 became the active router because preemption is enabled and has a higher priority.
Step 6: Change HSRP priorities.

a. Change the HSRP priority to 200 on R3. Which is the active router? ___________________________ R1
b. Issue the command to change the active router to R3 without changing the priority. What command did
you use?
____________________________________________________________________________________
R3(config-if)# standby 1 preempt
c. Use a show command to verify that R3 is the active router.
Reflection
Why would there be a need for redundancy in a LAN?
_______________________________________________________________________________________
_______________________________________________________________________________________
In today’s networks, down time can be a critical issue affecting sales, productivity, and general connectivity
(IP Telephony phones for example).
(F0/0) (F0/1)
(G0/0) (G0/1)
(F0/0) (F0/1)
(F0/0) (F0/1)
(G0/0) (G0/1)
Device Configs
Router R1
R1# show run

!
version 15.2
!
hostname R1
!
boot-start-marker
boot-end-marker
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 192.168.1.1 255.255.255.0
standby version 2
standby 1 ip 192.168.1.254
standby 1 priority 150
standby 1 preempt
duplex auto
speed auto
!
ip address 10.1.1.1 255.255.255.252
clock rate 128000
!
no ip address
shutdown
!
!
router rip
network 10.1.1.0
network 192.168.1.0
!
!
no ip http server
!
!
!
control-plane
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no exec
transport input all
stopbits 1
line vty 0 4
password cisco
login
transport input all
!
!
end
Router R2
R2# show run

!
version 15.2
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
interface Loopback1
ip address 209.165.200.225 255.255.255.224
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 10.1.1.2 255.255.255.252
!
ip address 10.2.2.2 255.255.255.252
clock rate 128000
!
!
router rip
network 10.1.1.0
network 10.2.2.0
default-information originate
!
!
no ip http server
!
ip route 0.0.0.0 0.0.0.0 Loopback1
!
!
control-plane
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no exec
transport input all
stopbits 1
line vty 0 4
password cisco
login
transport input all

!
!
end
Router R3
R3# show run

!
version 15.2
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 192.168.1.3 255.255.255.0
standby version 2
standby 1 ip 192.168.1.254
standby 1 priority 200
standby 1 preempt
duplex auto
speed auto
!
no ip address
shutdown
clock rate 2000000
!
ip address 10.2.2.1 255.255.255.252
!
!
router rip
network 10.2.2.0
network 192.168.1.0
!
!
no ip http server
!
!
!
control-plane
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no exec
transport input all
stopbits 1
line vty 0 4
password cisco
login
transport input all
!
!
end
Switch S1
S1# show run

!
version 15.0
no service pad
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
no ip domain-lookup
!
crypto pki trustpoint TP-self-signed-2530377856
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2530377856
revocation-check none
rsakeypair TP-self-signed-2530377856
!
!
!1panning-tree mode pvst
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
ip address 192.168.1.11 255.255.255.0
!
ip default-gateway 192.168.1.254
ip http server
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
Switch S3
S3# show run

!
version 15.0
no service pad
!
hostname S3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
no ip domain-lookup
!
!
crypto pki trustpoint TP-self-signed-2530358400
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2530358400
revocation-check none
rsakeypair TP-self-signed-2530358400
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
ip address 192.168.1.13 255.255.255.0
!
ip http server
!
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
Lab – Troubleshoot PPPoE (Instructor Version)
Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Cust1 G0/1 Learned via PPP Learned via PPP Learned via PPP
ISP G0/1 N/A N/A N/A
Objectives
Part 1: Build the Network
Part 2: Troubleshoot PPPoE on Cust1
ISPs sometimes use Point-to-Point Protocol over Ethernet (PPPoE) on DSL links to their customers. PPP
supports the assignment of IP address information to a device at the remote end of a PPP link. More
importantly, PPP supports CHAP authentication. ISPs can check accounting records to see if a customer’s bill
has been paid, before letting them connect to the Internet.
In this lab, you will troubleshoot the Cust1 router for PPPoE configuration problems.
Note: Ensure that the routers and switches have been erased and have no startup configurations. If you are
unsure, contact your instructor.
Required Resources
Lab – Troubleshoot PPPoE
Part 1: Build the Network

Step 2: Initialize and reload the routers and switches.
Step 3: Copy the configurations on to routers.

a. Copy and paste the Cust1 configuration to the Cust1 router.
hostname Cust1
enable secret class
no aaa new-model
no ip domain lookup
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no shut
interface Dialer1
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname Cust1
ppp chap password 0 ciscoppp
ip route 0.0.0.0 0.0.0.0 Dialer1
banner motd ^C
Unauthorized Access Prohibited.
^C
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password cisco
login
end
b. Copy and paste the ISP configuration to the ISP router.
hostname ISP
enable secret class

username Cust1 password 0 ciscopppoe
bba-group pppoe global
virtual-template 1
no ip address
duplex auto
speed auto
no shut
interface Virtual-Template1
ip address 10.0.0.254 255.255.255.0
mtu 1492
peer default ip address pool PPPoEPOOL
ip local pool PPPoEPOOL 10.0.0.1 10.0.0.10
banner motd ^C
^C
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
end
Note: Many of the ISP router PPPoE configuration commands are beyond the scope of the course.
c. Save the router configurations.
Part 2: Troubleshoot PPPoE on Cust1

In Part 2, you will troubleshoot PPPoE on the Cust 1 router. The privileged EXEC mode password is class,
and console and vty passwords are cisco. The ISP has provided a username of Cust1 and a password of
ciscopppoe for PPPoE CHAP authentication.
The following log messages should be appearing on your console session to Cust1:
Cust1#
*Nov 5 22:53:46.999: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Nov 5 22:53:47.003: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Nov 5 22:53:47.035: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Nov 5 22:53:47.039: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
Cust1#
Step 1: Verify that IPv4 Address is assigned to the Cust1 Dialer interface.
The Dialer virtual interface did not receive an IP address.
Cust1# show ip interface brief
GigabitEthernet0/1 unassigned YES unset up up
Dialer1 unassigned YES IPCP up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset down down
Step 2: Debug PPP to determine if the problem is with authentication.

a. Turn on debug for PPP authentication.
Cust1# debug ppp authentication
PPP authentication debugging is on
Cust1#
*Nov 5 23:09:00.287: Vi2 PPP: Using dialer call direction
*Nov 5 23:09:00.287: Vi2 PPP: Treating connection as a callout
*Nov 5 23:09:00.287: Vi2 PPP: Session handle[8A000036] Session id[54]
*Nov 5 23:09:00.315: Vi2 PPP: No authorization without authentication
*Nov 5 23:09:00.315: Vi2 CHAP: I CHALLENGE id 1 len 24 from "ISP"
*Nov 5 23:0
Cust1#9:00.315: Vi2 PPP: Sent CHAP SENDAUTH Request
*Nov 5 23:09:00.315: Vi2 PPP: Received SENDAUTH Response FAIL
*Nov 5 23:09:00.315: Vi2 CHAP: Using hostname from interface CHAP
*Nov 5 23:09:00.315: Vi2 CHAP: Using password from interface CHAP
*Nov 5 23:09:00.315: Vi2 CHAP: O RESPONSE id 1 len 26 from "Cust1"
*Nov 5 23:09:00.315: Vi2 CHAP: I FAILURE id 1 len 25 msg is "Authentication failed"
*Nov 5 23:09:00.315: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Nov 5 23:09:00.319: %LINK-3
Cust1#-UPDOWN: Interface Virtual-Access2, changed state to down
Cust1#
b. End debug mode.
Cust1# u all
All possible debugging has been turned off
Cust1#
Step 3: Verify that the PPPoE username and password matches what was given by the ISP.
a. Display the running configuration; apply a filter to display only the Dialer section. Verify that the username
and password matches what was provided by the ISP.
Cust1# show run | section Dialer
interface Dialer1
mtu 1492
encapsulation ppp
dialer pool 1
ppp chap password 0 ciscoppp
b. The problem appears to be with the password. Enter Global configuration mode and fix the ppp
password.
Cust1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cust1(config)# interface Dialer1
Cust1(config-if)# ppp chap password 0 ciscopppoe
Cust1(config-if)# end
Cust1#
*Nov 5 23:42:07.343: %SYS-5-CONFIG_I: Configured from console by console
Cust1#
Cust1#
*Nov 5 23:42:25.063: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2,
changed state to up
Step 4: Verify PPPoE connectivity.

a. Verify that this change resolved the problem and that an IP address has been assigned to the Dialer1
interface.
Cust1# show ip interface brief
GigabitEthernet0/1 unassigned YES unset up up
Dialer1 10.0.0.2 YES IPCP up up
b. Display the routing table to verify a route to the ISP router.
Cust1# show ip route
S* 0.0.0.0/0 is directly connected, Dialer1

10.0.0.0/32 is subnetted, 2 subnets
C 10.0.0.1 is directly connected, Dialer1
C 10.0.0.254 is directly connected, Dialer1
c. Display information about the active PPPoE sessions.
Cust1# show pppoe session
1 client session
Uniq ID PPPoE RemMAC Port VT VA State

SID LocMAC VA-st Type
N/A 1 30f7.0da3.1641 Gi0/1 Di1 Vi2 UP
30f7.0da3.0da1 UP
Step 5: Adjust the maximum segment size on the physical interface.

The PPPoE header adds an additional 8 bytes to each segment. To prevent TCP sessions from being
dropped, the maximum segment size (MSS) needs to be adjusted to its optimum value on the physical
interface.
a. Display G0/1s configuration setting to see if the MSS has been adjusted.
Cust1# show run interface g0/1

!
no ip address
duplex auto
speed auto
end
b. Adjust the MSS to its optimum value of 1452 bytes.
Cust1(config)# interface g0/1
Cust1(config-if)# ip tcp adjust-mss 1452
Cust1(config-if)# end
Reflection
Explain why the TCP segment size needs to be adjusted for PPPoE.
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary. The default segment size for Ethernet is 1500. The header information takes up 40 bytes of
the segment, leaving 1460 bytes for payload (data). PPPoE requires an additional 8 bytes for its header, so
the payload needs to be reduced by 8 bytes to accommodate for the PPPoE header, bringing the optimum
maximum segment size down to 1452 bytes.
(F0/0) (F0/1)
(G0/0) (G0/1)
(F0/0) (F0/1)
(F0/0) (F0/1)
(G0/0) (G0/1)
Device Configs
Router Cust1
Cust1# show run
!
version 15.2
service password-encryption
!
hostname Cust1
!
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
ip tcp adjust-mss 1452
duplex auto
speed auto
!
no ip address
shutdown
clock rate 2000000
!
no ip address
shutdown
!
interface Dialer1
mtu 1492
encapsulation ppp
dialer pool 1
ppp chap password 0 ciscopppoe
!
!
no ip http server
!
!
control-plane
!
banner motd ^C

^C
!
line con 0
password 7 14141B180F0B
logging synchronous
login
line aux 0
line 2
no exec
transport input all
stopbits 1
line vty 0 4
password 7 05080F1C2243
login
transport input all
!
!
end
Router ISP
ISP# show run

!
version 15.2
service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
username Cust1 password 0 ciscopppoe

!
bba-group pppoe global
virtual-template 1
!
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
ip tcp adjust-mss 1452
duplex auto
speed auto
!
no ip address
shutdown
clock rate 2000000
!
no ip address
shutdown
!
interface Virtual-Template1
ip address 10.0.0.254 255.255.255.0
mtu 1492
peer default ip address pool PPPoEPOOL
!
ip local pool PPPoEPOOL 10.0.0.1 10.0.0.10
!
no ip http server
!
control-plane
!
banner motd ^C
^C
!
line con 0
password 7 14141B180F0B
logging synchronous
login
line aux 0
line 2
no exec
transport input all
stopbits 1
line vty 0 4
password 7 05080F1C2243
login
transport input all
!
!
end
Lab - Configure and Verify eBGP (Instructor Version)
Topology
Addressing Table
Device Interface IP Address Subnet Mask
R1 S0/0/1 198.133.219.1 255.255.255.248

S0/0/0 198.133.219.2 255.255.255.248
R2
S0/0/1 (DCE) 209.165.200.2 255.255.255.252
ISP-1 S0/0/1 209.165.200.1 255.255.255.252
Web Server 10.10.10.10 255.255.255.255
Objectives
Part 2: Configure eBGP on R1
Part 3: Verify eBGP Configuration
In this lab you will configure eBGP for the Company. The ISP will provide the default route to the Internet.
Once configuration is complete you will use various show commands to verify that the eBGP configuration is
working as expected.
Required Resources
• Serial cables as shown in the topology
Lab – Configure and Verify eBGP

In Part 1, you will set up the network topology and configure basic settings on R1 and R2 routers. You will
also copy the provided configuration for ISP-1 on to that router.
Step 2: Initialize and reload the network devices as necessary.
Step 3: Configure basic settings on R1 and R2.

a. Disable DNS lookup to prevent the routers from attempting to translate incorrectly entered commands as
though they were host names.
b. Configure the hostnames according to the topology.
c. Configure interfaces according to the Addressing Table.
d. Save the running configuration to the startup configuration file.
Step 4: Copy configuration to ISP-1.

Copy and paste the following configuration to ISP-1.
hostname ISP-1
no ip domain-lookup
interface Loopback0
ip address 10.10.10.10 255.255.255.255
ip address 209.165.200.1 255.255.255.252
no shut
ip route 0.0.0.0 0.0.0.0 lo0
router bgp 65001
bgp log-neighbor-changes
network 0.0.0.0
neighbor 209.165.200.2 remote-as 65000
end
Part 2: Configure eBGP on R2

Configure R2 to become an eBGP peer with ISP-1. Refer to the Topology for BGP AS number information.
Step 1: Enable BGP and identify the AS number for the Company.
R2(config)# router bgp 65000
Step 2: Use the neighbor command to identify ISP-1 as the BGP peer.
R2(config-router)# neighbor 209.165.200.1 remote-as 65001
Step 3: Add the Company’s network to the BGP table so it is advertised to ISP-1.
R2(config-router)# network 198.133.219.0 mask 255.255.255.248
Part 3: Verify eBGP Configuration

In Part 3, use the BGP verifications commands to verify that the BGP configuration is working as expected.
Step 1: Display the IPv4 routing table on R2.

R2# show ip route
B* 0.0.0.0/0 [20/0] via 209.165.200.1, 00:00:07

Step 2: Display the BGP table on R2.

R2# show ip bgp
BGP table version is 4, local router ID is 209.165.200.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 209.165.200.1 0 0 65001 i
*> 198.133.219.0/29 0.0.0.0 0 32768 i
Step 3: Display the BGP connection status on R2.

R2# show ip bgp summary
BGP router identifier 209.165.200.2, local AS number 65000
BGP table version is 4, main routing table version 4
2 network entries using 288 bytes of memory
2 path entries using 160 bytes of memory
2/2 BGP path/bestpath attribute entries using 320 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory

BGP using 792 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

State/PfxRcd
209.165.200.1 4 65001 12 11 4 0 0 00:06:56 1
Step 4: Display the IPv4 routing table on ISP-1.

Verify that the 198.133.218.0/29 network is being advertised to the ISP-1 router.
ISP-1# show ip route
S* 0.0.0.0/0 is directly connected, Loopback0

C 10.10.10.10 is directly connected, Loopback0
B 198.133.219.0 [20/0] via 209.165.200.2, 00:00:25
Ping the Web Server from R1. Were the pings successful?
_______________________________________________________________________________________
Yes, the pings should have been successful.
Reflection
The topology used in this lab was created to demonstrate how to configure the BGP routing protocol.
However, the BGP protocol would not normally be configured for a topology like this in the real world. Why?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers may vary. BGP is normally not needed for a Single-honed network. The ISP would provide a IP
Subnet range of IP addresses for the Company to use for Internet Access and the ISP would be responsible
for routing the Company traffic to R2. So, only the ISP would need to have BGP configured.
(F0/0) (F0/1)
(G0/0) (G0/1)
(F0/0) (F0/1)
(F0/0) (F0/1)
(G0/0) (G0/1)
Device Configs
Router R1
R1# show run

!
version 15.4
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
cts logging verbose
!
redundancy
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 198.133.219.1 255.255.255.248
clock rate 2000000
!
no ip address
shutdown
!
!
no ip http server
!
control-plane
!
line con 0
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
login
!
!
end
Router R2
R2# show run

!
version 15.4
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
cts logging verbose
!
redundancy
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 198.133.219.2 255.255.255.248

!
ip address 209.165.200.2 255.255.255.252
clock rate 2000000
!
router bgp 65000
network 198.233.219.0 mask 255.255.255.248
!
!
no ip http server
!
control-plane
!
line con 0
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
login
!
!
end
Router ISP-1
ISP-1# show run

!
version 15.4
!
hostname ISP-1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
clock rate 2000000
!
ip address 209.165.200.1 255.255.255.252
!
router bgp 65001
network 0.0.0.0
!
!
no ip http server
!
ip route 0.0.0.0 0.0.0.0 Loopback0
!
control-plane
!
line con 0
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
login
!
!
end
Lab – Implement Local SPAN (Instructor Version)
Topology
Addressing Table
R1 G0/1 192.168.1.1 255.255.255.0 N/A

S1 VLAN 1 192.168.1.2 255.255.255.0 192.168.1.1
S3 VLAN 1 192.168.1.3 255.255.255.0 192.168.1.1
PC-A NIC 192.168.1.254 255.255.255.0 192.168.1.1
PC-C NIC 192.168.1.10 255.255.255.0 192.168.1.1
Objectives
Part 2: Configure Local SPAN and Capture Copied Traffic with Wireshark
As the network administrator you want to analyze traffic entering and exiting the local network. To do this, you
will set up port mirroring on the switchport connected to the router and mirror all traffic to another switchport.
The goal is to send all mirrored traffic to an intrusion detection system (IDS) for analysis. In this initial
implementation, you will send all mirrored traffic to a PC which will capture the traffic for analysis using a port
sniffing program. To set up port mirroring you will use the Switched Port Analyzer (SPAN) feature on the
Cisco switch. SPAN is a type of port mirroring that sends copies of a frame entering a port, out another port
on the same switch. It is common to find a device running a packet sniffer or Intrusion Detection System (IDS)
connected to the mirrored port.
Lab – Implement Local SPAN
Required Resources
• 2 PCs (Windows 8, 7, or Vista with terminal emulation program, such as Tera Term)


Step 4: Configure basic settings for the router.

c. Configure an IP address for the router as listed in the Addressing Table.
d. Assign class as the encrypted privileged EXEC mode password.
e. Assign cisco for the console and vty password, enable login.
f. Set the vty lines to transport input telnet



a. From PC-A, you should be able to ping the interface on R1, S1, S3, and PC-C. Were all pings
b. From PC-C, you should be able to ping the interface on R1, S1, S3, and PC-A. Were all pings
To configure Local SPAN you need to configure one or more source ports called monitored ports and a single
destination port also called a monitored port for copied or mirrored traffic to be sent out of. SPAN source ports
can be configured to monitor traffic in either ingress or egress, or both directions (default).
The SPAN source port will need to be configured on the port that connects to the router on S1 switchport
F0/5. This way all traffic entering or exiting the LAN will be monitored. The SPAN destination port will be
configured on S1 switchport F0/6 which is connected to PC-A running Wireshark.
Step 1: Configure SPAN on S1.

a. Console into S1 and configure the source and destination monitor ports on S1. Now all traffic entering or
leaving F0/5 will be copied and forwarded out of F0/6
S1(config)# monitor session 1 source interface f0/5
S1(config)# monitor session 1 destination interface f0/6
Step 2: Start a Wireshark Capture on PC-A.

a. Open Wireshark on PC-A, set the capture interface to the Local Area Connection and click Start.
Step 3: Telnet into R1 and create ICMP traffic on the LAN.

a. Telnet from S1 to R1.
S1# Telnet 192.168.1.1
Trying 192.168.1.1 . . . Open
User Access Verification
Password:
R1>
b. From privileged mode, ping PC-C, S1 and S3.
R1> enable
Password:
R1# ping 192.168.1.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1# ping 192.168.1.2
<Output omitted>
R1# ping 192.168.1.3
<Output omitted>
Step 4: Stop the Wireshark Capture on PC-A and Filter for ICMP.
a. Return to PC-A and stop the running Wireshark capture on PC-A.
b. Filter the Wireshark capture for ICMP packets.
c. Examine the Wireshark capture filtered for ICMP packets.
d. Were the pings from R1 to PC-C, S1 and S3 successfully copied and forwarded out f0/6 to PC-A?
________________ Yes
e. Was the traffic monitored and copied in both directions? ________________ Yes
Reflection
In this scenario, instead of using PC-A, and a packet sniffer, would an IDS or an IPS be more appropriate?
_______________________________________________________________________________________
_______________________________________________________________________________________
This scenario is designed for an IDS since copying traffic to a mirrored port is useful for analysis and
detection but not prevention since undesirable traffic is allowed to reach its intended destination.
(F0/0) (F0/1)
(G0/0) (G0/1)
(F0/0) (F0/1)
(F0/0) (F0/1)
(G0/0) (G0/1)
Device Configs
Router R1
R1#show run

!
! Last configuration change at 15:44:27 UTC Sun Jan 10 2016
!
version 15.4
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$9VIJ$vAdKomdXQ9N4SieMoFxeD1
!
no aaa new-model
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
cts logging verbose
!
!
license udi pid CISCO1941/K9 sn FTX163283RA
license accept end user agreement
license boot module c1900 technology-package securityk9
!
!
redundancy
!
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
no ip address
shutdown
clock rate 2000000
!
no ip address
shutdown
!
!
no ip http server
!
control-plane
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
password cisco
login
transport input telnet
!
!
end
Switch S1
S1#show run

!
! Last configuration change at 02:22:15 UTC Mon Mar 1 1993
!
version 15.0
no service pad
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
no ip domain-lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip http server
!
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
monitor session 1 source interface Fa0/5
monitor session 1 destination interface Fa0/6
end
Switch S3
S3#show run

!
! Last configuration change at 20:17:07 UTC Sun Apr 4 1993
!
version 15.0
no service pad
!
hostname S3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$YRtb$6k0fixPDtcRtjKATQH5Op1
!
no aaa new-model
!
!
no ip domain-lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
ip address 192.168.1.3 255.255.255.0
!
ip http server
!
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
Lab – Troubleshoot LAN Traffic Using SPAN (Instructor Version)
Topology
Addressing Table
R1 G0/1 192.168.1.1 255.255.255.0 N/A

S1 VLAN 1 192.168.1.2 255.255.255.0 192.168.1.1
S3 VLAN 1 192.168.1.3 255.255.255.0 192.168.1.1
PC-A NIC 192.168.1.254 255.255.255.0 192.168.1.1
PC-C NIC 192.168.1.10 255.255.255.0 192.168.1.1
Objectives
As the network administrator you decide to analyze the internal local area network for suspicious network
traffic and possible DoS or reconnaissance attacks. To do this, you will set up port mirroring on all active
switchports and mirror/copy all traffic to a designated switchport where a PC running Wireshark can analyze
the captured traffic. The goal is to identify the source of suspicious traffic. To set up port mirroring you will use
the Switched Port Analyzer (SPAN) feature on the Cisco switch.. It is common to find a device running a
packet sniffer or Intrusion Detection System (IDS) connected to the mirrored port.
Lab – Troubleshoot LAN Traffic Using SPAN
Required Resources
• 2 PCs (Windows 8, 7, or Vista with a terminal emulation program, such as Tera Term or PuTTY,
Wireshark, and Zenmap)


Step 4: Configure basic settings for the router.

f. Set the vty lines to transport input telnet



a. From PC-A, you should be able to ping the interface on R1, S1, S3, and PC-C. Were all pings
b. From PC-C, you should be able to ping the interface on R1, S1, S3, and PC-A. Were all pings
To configure Local SPAN, you need to configure one or more source ports called monitored ports, and a
single destination port, also called a monitored port, for copied or mirrored traffic to be sent out of. SPAN
source ports can be configured to monitor traffic in either ingress, or egress, or both directions (default).
Step 1: Configure SPAN on S1.

a. Locate the switchports that are up on S1
S1# show ip interface brief
Which switchports are physically up and logically up? _____________________________________
F0/4, F0/5, F0/6 are up
b. On S1, F0/6 connects to PC-A which will be used for analyzing traffic with Wireshark. F0/6 will be the
SPAN destination monitor port for duplicated packets. F0/4 and F0/5 will be the source monitor ports for
intercepted packets. You can configure multiple source monitor ports but only one destination monitor
port.
S1(config)# monitor session 1 source interface f0/4 - 5
S1(config)# monitor session 1 destination interface f0/6
Step 2: Start a Wireshark Capture on PC-A.

a. Open Wireshark on PC-A, set the capture interface to the Local Area Connection and click Start.
Step 3: From PC-C Use NMAP to Generate Suspicious Traffic.

a. Open Zenmap on PC-C and run a UDP ping scan to scan for available hosts (nmap –sn –PU 192.168.1-
6). The scan result identifies 3 hosts on the network R1, S1, and S2 at 192.168.1.1, 192.168.1.2 and
192.168.1.3. Notice that Zenmap has also identified the MAC addresses of the three hosts as Cisco
Systems interfaces. If this were a real network reconnaissance attack the scan might involve the entire
range of network hosts as well as ports and OS fingerprinting.
b. The hypothetical attacker can now issue an intense scan on R1 at 192.168.1.1 (nmap –T4 –A –v
192.168.1.1). The scan result identifies an open port 23/Telnet.
Step 4: From PC-A Stop the Wireshark Capture and Examine the Captured SPAN Packets.
a. Return to PC-A, and stop the Wireshark capture. Notice the non-standard traffic patterns between PC-C
at 192.168.1.10 and R1 at 192.168.1.1. It is filled with Out-Of-Order segments and Connection resets
(RST). This packet capture identifies PC-C as sending suspicious traffic to router R1.
b. The attacker on PC-C knowing that the router has an open port on 23 could attempt an additional brute
force attack or DoS style attack, like a LAND attack. A LAND attack is a TCP SYN packet with the same
source and destination IP address and port number. Using Zenmap, the command nmap –sS
192.168.1.1 –S 192.168.1.1 –p23 –g23 –e eth0 is an example. Notice how the LAND attack sets both the
source and destination IP addresses to 192.168.1.1 and both the source and destination port numbers to
the open port at 23. Although R1 with IOS15 is not vulnerable to this older type of DoS attack, many older
systems and servers are still vulnerable. This attack will crash vulnerable systems, by setting them into an
infinite loop.
Reflection
In this scenario, SPAN was used to troubleshoot and identify the source of suspicious activity on the network?
What other troubleshooting scenarios might SPAN be useful for?
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary. Examples: Identifying the source of excessive broadcasts on the network. Identifying hosts
infected with malware that attempt to call out to command and control servers, etc.
(F0/0) (F0/1)
(G0/0) (G0/1)
(F0/0) (F0/1)
(F0/0) (F0/1)
(G0/0) (G0/1)
Device Configs
Router R1
R1#show run

!
! Last configuration change at 15:44:27 UTC Sun Jan 10 2016
!
version 15.4
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$9VIJ$vAdKomdXQ9N4SieMoFxeD1
!
no aaa new-model
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
cts logging verbose
!
!
license udi pid CISCO1941/K9 sn FTX163283RA
license accept end user agreement
license boot module c1900 technology-package securityk9
!
!
redundancy
!
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
no ip address
shutdown
clock rate 2000000
!
no ip address
shutdown
!
!
no ip http server
!
control-plane
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
password cisco
login
transport input telnet
!
!
end
Switch S1
S1#show run

!
! Last configuration change at 02:22:15 UTC Mon Mar 1 1993
!
version 15.0
no service pad
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
no ip domain-lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip http server
!
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
monitor session 1 source interface Fa0/4 - 5
monitor session 1 destination interface Fa0/6
end
Switch S3
S3#show run

!
! Last configuration change at 20:17:07 UTC Sun Apr 4 1993
!
version 15.0
no service pad
!
hostname S3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$YRtb$6k0fixPDtcRtjKATQH5Op1
!
no aaa new-model
!
!
no ip domain-lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Vlan1
ip address 192.168.1.3 255.255.255.0
!
ip http server
!
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
Lab – Configure IP SLA ICMP Echo (Instructor Version)
Topology
Addressing Table
R1 S0/0/0 209.165.200.9 255.255.255.252 N/A

S0/0/0 209.165.200.10 255.255.255.252 N/A
ISP
Lo0 198.133.219.1 255.255.255.255 N/A
Objectives
Part 2: Configure IP SLA ICMP Echo on R1
Part 3: Test and Monitor the IP SLA Operation
An outside vendor has been contracted to provide web services for your company. As the network
administrator, you have been asked to monitor the vendor’s service. You decide to configure IP SLA to help
with that task.
Required Resources
Lab – Configure IP SLA ICMP Echo
• Serial cable as shown in the topology


Step 2: Initialize and reload the routers as necessary.
Step 3: Configure basic settings for R1.

f. Configure logging synchronous to prevent console messages from interrupting command entry.
g. Configure the default route for R1 to the ISP S0/0/0 IP address.
Step 4: Copy and paste the configuration to the ISP router.

The ISP router configuration is provided below. Copy and paste this configuration into the ISP router.
Loopback 0 is being used to simulate the Web server shown in the Topology.
hostname ISP
no ip domain lookup
interface Loopback0
ip address 198.133.219.1 255.255.255.255
ip address 209.165.200.10 255.255.255.252
no shut
end

a. From R1, you should be able to ping the ISP Serial interface IP address. Were all pings successful?
______________ Yes
b. From R1, you should be able to ping the Web Server IP address. Were all pings successful?
______________ Yes
Part 2: Configure IP SLA ICMP Echo on R1

In Part 2, you configure an IP SLA ICMP Echo operation on R1. Use the following parameters for this
operation:
• Operation-number: 22
• ICMP Echo Destination Address: 198.133.219.1
• Frequency: 20 seconds
• Schedule Start: Now
• Schedule Life time: Forever
Step 1: Create an IP SLA Operation.

R1(config)# ip sla 22
Step 2: Configure the ICMP Echo Operation.

R1(config-ip-sla)# icmp-echo 198.133.219.1
Step 3: Set the rate the IP SLA operation repeats.

R1(config-ip-sla-echo)# frequency 20
Step 4: Schedule the IP SLA ICMP Echo operation.

R1(config)# ip sla schedule 22 start-time now life forever
Step 5: Use show command to verify the IP SLA configuration.

R1# show ip sla configuration
IP SLAs Infrastructure Engine-III
Entry number: 22
Owner:
Tag:
Operation timeout (milliseconds): 5000
Type of operation to perform: icmp-echo
Target address/Source address: 198.133.219.1/0.0.0.0
Type Of Service parameter: 0x0
Request size (ARR data portion): 28
Verify data: No
Vrf Name:
Schedule:
Operation frequency (seconds): 20 (not considered if randomly scheduled)
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Randomly Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
Number of statistic hours kept: 2

Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
Enhanced History:
History Statistics:
Number of history Lives kept: 0
Number of history Buckets kept: 15
History Filter Type: None
Part 3: Test and Monitor the IP SLA Operation

In Part 3, you will simulate an outage of web services. This can be done by an administratively shutdown of
the loopback 0 interface on the ISP router. You will then display the IP SLA operation statistics to monitorthe
effect of this test.
Step 1: Shutdown the loopback 0 interface on the ISP router.

ISP(config)# interface Lo0
ISP(config-if)# shutdown
ISP(config-if)#
*Nov 28 14:00:52.823: %LINK-5-CHANGED: Interface Loopback0, changed state to
administratively down
*Nov 28 14:00:53.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
ISP(config-if)#
Note: Wait a few minutes before executing Step 2.
Step 2: Activate the loopback 0 interface on the ISP router.

R2(config-if)# no shutdown
R2(config-if)#
*Nov 28 14:04:23.263: %LINK-3-UPDOWN: Interface Loopback0, changed state to up
*Nov 28 14:04:24.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to up
R2(config-if)#
Step 3: Issue the command used to display the IP SLA operation statistics on R1.
R1# show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 22

Latest RTT: 1 milliseconds
Latest operation start time: 18:44:45 UTC Thu Jan 28 2016
Latest operation return code: OK
Number of successes: 103
Number of failures: 10
Operation time to live: Forever
Note: You should see a failure count greater than zero if you waited more than 20 seconds before re-
activating the loopback 0 interface on the ISP router.
The IP SLA configured in Part 2 will run forever. How would you stop the IP SLA from running but still leave
the IP SLA configured to use at a future time?
_______________________________________________________________________________________
R1(config)# no ip sla schedule 22
Reflection
Using the lab’s show ip sla statistics example, what does the failure count indicate about the Web Server?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary, but this number shows that the IP SLA ICMP Echo operation was not able to reach the
Web Server 10 times since the start of the IP SLA monitoring operation. This can be interpreted that there has
been approximately 3 minutes’ of interruptions in web services since Jan 28, 2016 6:45pm. However, it is not
known if this was one long incident (approximately 3 minutes) or if it was multiple shorter incidents.
(F0/0) (F0/1)
(G0/0) (G0/1)
(F0/0) (F0/1)
(F0/0) (F0/1)
(G0/0) (G0/1)
Device Configs
Router R1
R1#show run

!
version 15.4
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$papm$awGgHPitBMUA2.bImJtdp0
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
redundancy
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 209.165.200.9 255.255.255.252
clock rate 2000000
!
no ip address
shutdown
!
!
no ip http server
!
ip route 0.0.0.0 0.0.0.0 209.165.200.10
!
ip sla 22
icmp-echo 198.133.219.1
frequency 20
ip sla schedule 22 life forever start-time now
!
control-plane
!
line con 0
password cisco
login
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
password cisco
login
!
!
end
Router ISP
ISP# show run

version 15.4
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 198.133.219.1 255.255.255.255
!
no ip address
shutdown
!
no ip address
shutdown
duplex auto
speed auto
!
no ip address
shutdown
duplex auto
speed auto
!
ip address 209.165.200.10 255.255.255.252
!
no ip address
shutdown
clock rate 125000
!
!
no ip http server
!
control-plane
!
line con 0
line aux 0
line 2
no exec
stopbits 1
line vty 0 4
login
!
!
end

Bridging Lab Manual From CCNA2.0 To CCNA3.0

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Bridging Lab Manual From CCNA2.0 To CCNA3.0

Загружено:

Авторское право:

Доступные форматы

CCNA Routing and Switching:

This document is exclusive property of Cisco Systems, Inc. Permission is granted

Device Interface IP Address Subnet Mask Default Gateway

G0/1 192.168.1.1 255.255.255.0 N/A

Part 1: Identify the Problem.

Step 1: Troubleshoot from the PC.

Step 2: Troubleshoot from S1 using a SSH client session.

0 watchdog, 122 multicast, 0 pause input

Step 3: Troubleshoot on R1 using an SSH client.

Last input 00:00:15, output 00:00:05, output hang never

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

Part 2: Implement Network Changes

Step 1: Set the Default Gateway on the PC to 192.168.1.1.

Step 3: Reconfigure the IP address for S0/0/0 to IP Address 10.1.1.1/30 on R1.

R1(config-if)# ip address 10.1.1.1 255.255.255.252

Part 3: Verify Full Functionality

Gateway of last resort is 10.1.1.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.1.1.2

Type escape sequence to abort.

Step 2: Verify End-to-End connectivity from the LAN PC.

Part 4: Document Findings and Configuration Changes

Router Interface Summary Table

Router Interface Summary

Device Configs - Final

Device Interface IP Address Subnet Mask

G0/1 192.168.1.254 255.255.255.0

Part 1: Build the Network and Configure Basic Device Settings

Step 1: Cable the network as shown in the topology.

Step 2: Initialize and reload the network devices as necessary.

Step 3: Configure basic device settings for the switches.

Step 4: Configure basic device settings for the routers.

Part 2: Network Discovery with CDP

cdp enabled interfaces : 5

Device ID Local Intrfce Holdtme Capability Platform Port ID

Total cdp entries displayed : 2

Device ID Local Intrfce Holdtme Capability Platform Port ID

GigabitEthernet0/0 is administratively down, line protocol is down

cdp enabled interfaces : 4

Device ID Local Intrfce Holdtme Capability Platform Port ID

Part 3: Network Discovery with LLDP

Gateway# show lldp

Global LLDP Information:

Device ID Local Intf Hold-time Capability Port ID

Total entries displayed: 1

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7,

Time remaining: 103 seconds

Total entries displayed: 1

What port is used on S3 to connect to the Gateway router?

Router Interface Summary Table

Router Interface Summary

Device Configs - Final

Current configuration : 1285 bytes

Current configuration : 1524 bytes

Current configuration : 1308 bytes

Current configuration : 1308 bytes

Current configuration : 1364 bytes

Part 1: Build the Network and Configure Basic Device Settings

Part 2: Use Dynamic Trunking Protocol (DTP) to Form Trunk Links

Administrative private-vlan trunk associations: none

Part 3: Configuring VLAN Trunking Protocol (VTP)

DS1(config)# vtp mode server

VLAN Name Status Ports