Академический Документы
Профессиональный Документы
Культура Документы
This publication, CCNA LAB WORKBOOK, was developed by Mohamed Ouamer. All rights
reserved. No part of this publication may be reproduced or distributed in any form or by any
means without the prior written permission of Mohamed Ouamer.
Cisco®, Cisco Systems®, CCDA®, CCNA®, CCDP®, CCNP®, CCIE®, CCSI®, the Cisco
Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems,
Inc. in the United States and certain other countries. All other trademarks are trademarks of
their respective owners.
If you have questions or concerns about our Copyright information, please email us at
contact@networkexperttraining.com.
DISCLAIMER
The following publication, CCNA LAB WORKBOOK, is developed to assist candidates in the
preparation for Cisco Systems’ CCNA exam.
While every effort has been made to ensure that all material is as complete and accurate as
possible, the enclosed material is presented on an “as is” basis. Neither the authors nor
networkexperttraining.com assume any liability or responsibility to any person or entity with
respect to loss or damages incurred from the information contained in this workbook.
ERRATA
Although we have taken every care to ensure the accuracy of our contents, mistakes do
happen. If you find a mistake in this workbook—maybe a mistake in text or configuration—we
would be grateful if you would report this to us. By doing this you can save other readers from
frustration, and help to improve subsequent versions of this workbook. If you find any errata,
report them by contacting us at support@networkexperttraning.com. Once your errata have
been verified, your submission will be accepted and the errata added to the list of existing
errata. . The existing errata can be requested by by contacting us at
support@networkexperttraning.com.
TABLE OF CONTENTS:
TELNET…………………………………………………………………...…………………… 4
CONTROLLING TELNET ACCESS USING ACL ………………………………………………. 12
SSH - BASIC CONFIGURATION ..……………………………………………………………. 21
STATIC NAT………………………………………………………..………………………… 34
DYNAMIC NAT ……………………………………………..………………………………... 43
PAT……………………………………..……………………………………………………. 49
DHCP………………………………………………………………………………………… 54
CCNA LAB WORKBOOK IP SERVICES
LAB 1: TELNET
I. Network diagram:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 1/1
CCNA LAB WORKBOOK IP SERVICES
R1:
hostname R1
!
interface loopback0
ip address 1.1.1.1 255.255.255.255
!
interface fastethernet 0/0
ip address 12.12.12.1 255.255.255.0
no shutdown
!
ip route 2.2.2.2 255.255.255.255 12.12.12.2
R2:
hostname R2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface fastethernet 0/0
ip address 12.12.12.2 255.255.255.0
no shutdown
!
ip route 1.1.1.1 255.255.255.255 12.12.12.1
III. Tasks:
1. Configure telnet on R1 using the password cisco.
2. On R2, telnet into R1. Make sure that R2 inserts the loopack0’s IP address in telnet
packets.
3. On R1, try to telnet into R1 using its hostname “R1”.
Use the ip host command to create the mapping between the R1 and one of R1’s IP
addresses.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 2/2
CCNA LAB WORKBOOK IP SERVICES
IV. Solutions:
Task 1:
R1:
R1#configure terminal
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#end
R1#
Verification:
R2:
After configuring telnet access on R1, you can access R1 through telnet from any device
on the network. Below is the output you’ll get if you telnet into R1 from R2.
R2#telnet 12.12.12.1
Trying 12.12.12.1 ... Open
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 3/3
CCNA LAB WORKBOOK IP SERVICES
Local Area Transport (LAT) protocol, a protocol in the DECnet, is designed to handle
multiplexed terminal traffic to/from timesharing hosts.
In our case, the show sessions command displays the parameters of the telnet session
established by R2. This command displays the host name, address, number of unread bytes
for the user to receive, idle time, and connection name.
R2#show sessions
Conn Host Address Byte Idle Conn Name
* 1 12.12.12.1 12.12.12.1 0 0 12.12.12.1
• The asterisk (*) indicates the current terminal session which you can resume by pressing
Enter key once.
• Conn is the name or the address of the remote host to which the connection is made. The
Conn value is used as a parameter of the resume command to resume an active network
connection.
• The host field represents the network address (IP address, IPv6 address...) or the DNS
name of the remote host to which the router is connected.
• Address is the network address (IP address, IPv6 address...) of the remote host.
• Byte is the number of unread bytes displayed for the user to receive.
• Idle is the interval (in minutes) since data was last sent on the line.
R1:
R1#show line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
* 0 CTY - - - - - 0 0 0/0 -
97 AUX 9600/9600 - - - - - 0 0 0/0 -
* 98 VTY - - - - - 1 0 0/0 -
99 VTY - - - - - 0 0 0/0 -
100 VTY - - - - - 0 0 0/0 -
101 VTY - - - - - 0 0 0/0 -
102 VTY - - - - - 0 0 0/0 -
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 4/4
CCNA LAB WORKBOOK IP SERVICES
The show line command displays the status of the console line, the Auxiliary line and the
VTY lines. It shows you also a couple of parameter associated with these lines. The asterisk
(*) indicates that the line is active. The lines without asterisk (*) are available but not active.
Two lines are active: the VTY line number 98(equivalent to 0) and the console line.
Task 2:
R2:
R2#enable
R2#telnet 12.12.12.1 /source-interface loopback 0
Trying 12.12.12.1 ... Open
Password:
R1>
Using the telnet command with the option /source-interface allows you the specify an
interface as the source of the telnet packets. This means that the IP address of this interface
will be inserted in the source IP address field of the IP packets carrying telnet segments.
Verification:
R1:
R1#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
98 vty 0 idle 00:00:17 2.2.2.2
The show users command displays information about the active lines on the router.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 5/5
CCNA LAB WORKBOOK IP SERVICES
Task 3:
To accomplish this task, create a mapping between the one of the IP addresses
configured on R1 and the string “R1”. Do this using the ip host command in global
configuration mode.
The ip host command defines a static host name-to-address mapping in the host cache.
R2:
R2#configure terminal
R2(config)#ip host R1 1.1.1.1
R1(config)#end
R1#
R2#telnet r1
Trying R1 (1.1.1.1)... Open
Password:
R1>
Password:
R1>
Password:
R1>
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 6/6
CCNA LAB WORKBOOK IP SERVICES
Verification:
The show hosts displays the default domain name, the style of name lookup service, a
list of name server hosts, and the cached list of host names and addresses.
R2:
R2#show hosts
<omitted output>
R2#show sessions
Conn Host Address Byte Idle Conn Name
* 1 r1 1.1.1.1 0 0 r1
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 7/7
CCNA LAB WORKBOOK IP SERVICES
V. Links
For more information about the commands used in the current lab, open the following links:
1. ip host
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp
1108949
2. login
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_l1g.html#
wp998262
3. password
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_i2g.html#w
p1075206
4. show hosts
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp
1079234
5. show line
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_l1g.html#
wp1039571
6. show sessions
http://www.cisco.com/en/US/docs/ios/12_3/dial/command/reference/dia_s5g.html#wp99
8201
7. show users
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_l1g.html#
wp1000969
8. telnet
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_s1g.html#
wp998287
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 8/8
CCNA LAB WORKBOOK IP SERVICES
I. Network diagram:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 1/1
CCNA LAB WORKBOOK IP SERVICES
R1:
hostname R1
!
interface loopback0
ip address 1.1.1.1 255.255.255.255
!
interface fastethernet 0/0
ip address 12.12.12.1 255.255.255.0
no shutdown
!
ip route 2.2.2.2 255.255.255.255 12.12.12.2
R2:
hostname R2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface fastethernet 0/0
ip address 12.12.12.2 255.255.255.0
no shutdown
!
ip route 1.1.1.1 255.255.255.255 12.12.12.1
III. Tasks:
1. Configure Telnet access on R1. The line password is cisc@?.
2. Configure R1 to accept only telnet sessions initiated from the host 12.12.12.3.
3. Configure R1 to reject outcoming telnet session initiated by users connected to its VTY
lines. Only SSH and rLogin outcoming sessions should remain enabled.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 2/2
CCNA LAB WORKBOOK IP SERVICES
IV. Solutions:
Task 1:
R1:
R1#configure terminal
R1(config)#line vty 0 4
R1(config-line)#password cisc@?
R1(config-line)#login
R1(config-line)#end
R1#
Verification:
R2:
After configuring telnet access on R1, you can access R1 through telnet from any device
on the network. Below is the output you’ll get if you telnet into R1 from R2.
R2#telnet 12.12.12.1
Trying 12.12.12.1 ... Open
PC:
Follow these steps to telnet into the router from the windows-based PC.
1. Click on startÆ Run
2. Type telnet 12.12.12.1 and press Enter, as shown below.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 3/3
CCNA LAB WORKBOOK IP SERVICES
R1:
Now, both R2 and the host PC have opened two telnet sessions to R1. To verify this, use
the show users command in R1’s EXEC mode.
R1#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
98 vty 0 idle 00:00:20 12.12.12.2
99 vty 1 idle 00:00:15 12.12.12.3
Interface User Mode Idle Peer Address
As shown in the output of the show users command, the VTY lines number 0 and 1 are active
on R1. The hosts opening the sessions have the IP addresses 12.12.12.2 and 12.12.12.3.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 4/4
CCNA LAB WORKBOOK IP SERVICES
Task 2:
R1:
To meet the requirement of this task, you have to do two things:
1. Configure an ACL that permits only telnet traffic sourced by the IP address 12.12.12.3.
2. Apply the ACL to VTY lines in the inbound direction.
Beginning in the global configuration mode, type the following the statements:
R1#configure terminal
R1(config#access-list 1 permit host 12.12.12.3
R1(config#line vty 0 4
R1(config-line)#access-class 1 in
R1(config-line)#end
R1#
This ACL applies to any incoming VTY session, even using a VTY protocol other than
TELNET.
Verification:
To test our configuration, we’ll initiate two telnet sessions from the router R2 and the host
PC to R1.
R2:
Enable detailed ip packet debugging to see what happens when R2 tries to open a telnet
session with R1.
R2#telnet 12.12.12.1
Trying 12.12.12.1 ...
% Connection refused by remote host
R2#
IP: tableid=0, s=12.12.12.2 (local), d=12.12.12.1 (FastEthernet0/0), routed via FIB
IP: s=12.12.12.2 (local), d=12.12.12.1 (FastEthernet0/0), len 44, sending
TCP src=56971, dst=23, seq=2997210285, ack=0, win=4128 SYN
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 5/5
CCNA LAB WORKBOOK IP SERVICES
Telnet protocol uses TCP as a transport protocol. So before establishing the telnet
session, R2 will send a TCP SYN segment to R1 to initiate a TCP connection. At this step,
router R1 will verify if the IP address inserted in the source IP address field of IP packets
carrying the TCP SYN segment is allowed by the ACL configured for incoming VTY
connections. If the IP address is not allowed by the ACL, which is the case here, then R1 will
send an ACK RST segment back to R2 to reset the TCP connection. The output of the debug
ip packets detail command shows you that R2 has sent a TCP SYN segment to R1, and R1
has replied by an ACK RST segment back to R2.
PC:
Follow these steps to telnet into the router from the windows-based PC.
1. Click on startÆ Run
2. Type telnet 12.12.12.1 and press Enter, as shown below.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 6/6
CCNA LAB WORKBOOK IP SERVICES
R1:
R1 has accepted incoming telnet session from the PC host because it’s allowed by the ACL 1.
R1#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
98 vty 0 idle 00:00:02 12.12.12.3
Task 3:
R1:
R1#configure terminal
R1(config#line vty 0 4
R1(config-line)#transport output ssh rlogin
R1(config-line)#end
R1#
The transport command determines the allowed protocols used for incoming or outcoming VTY
sessions.
The effect of this configuration is that users connected to R1 via VTY lines cannot initiate
a telnet session to a remote device. Instead, users connected to the router’s console can telnet
into a remote device until otherwise configured. To block the outcoming telnet session initiated
from the router’s console, use the following configuration.
access-list 111 deny tcp any any eq telnet
access-list 111 permit ip any any
line con 0
access-class 111 out
Verification:
To verify the configuration, we’ll telnet into R1 from the PC host, and then we’ll try to
telnet into R2. As show in the output below, R1 has displayed the message “% telnet
connections not permitted from this terminal”.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 7/7
CCNA LAB WORKBOOK IP SERVICES
R1:
Follow these steps to telnet into the router from the windows-based PC.
3. Click on startÆ Run
4. Type telnet 12.12.12.1 and press Enter, as shown below.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 8/8
CCNA LAB WORKBOOK IP SERVICES
V. Links
For more information about the VTY line commands, use the following links:
1. access-class
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_a1g.html#wp
1083361
2. ip host
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp
1108949
3. login
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_l1g.html#
wp998262
4. password
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_i2g.html#w
p1075206
5. show hosts
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp
1079234
6. show line
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_l1g.html#
wp1039571
7. show sessions
http://www.cisco.com/en/US/docs/ios/12_3/dial/command/reference/dia_s5g.html#wp99
8201
8. show users
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_l1g.html#
wp1000969
9. telnet
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_s1g.html#
wp998287
10. transport output
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_t1g.html#
wp1083654
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 9/9
CCNA LAB WORKBOOK IP SERVICES
I. Network diagram:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 1/1
CCNA LAB WORKBOOK IP SERVICES
R1:
hostname R1
!
interface loopback0
ip address 1.1.1.1 255.255.255.255
!
interface fastethernet 0/0
ip address 12.12.12.1 255.255.255.0
no shutdown
!
ip route 2.2.2.2 255.255.255.255 12.12.12.2
R2:
hostname R2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface fastethernet 0/0
ip address 12.12.12.2 255.255.255.0
no shutdown
!
ip route 1.1.1.1 255.255.255.255 12.12.12.1
III. Tasks:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 2/2
CCNA LAB WORKBOOK IP SERVICES
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 3/3
CCNA LAB WORKBOOK IP SERVICES
IV. Solutions:
Task 1:
3. Configure VTY line authentication based on the local user database. To accomplish this
use the login local command in the VTY line configuration mode.
4. Enable the router to respond to incoming SSH requests. Use the transport input
command in the VTY line configuration mode.
R1:
R1#configure terminal
R1(config)#ip domain-name networkexperttraining.com
R1(config)#
R1(config)#crypto key generate rsa
R1(config)#
R1(config)#username ssh password cisco
R1(config)#
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local
R1(config-line)#end
R1#
Using RSA key size of 512 bits enables SSH version 1.5. The modulus needs to be at
least 768 bits to enable SSH version 2. Use the ip ssh version command to change the
version of SSH service.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 4/4
CCNA LAB WORKBOOK IP SERVICES
Verification:
R1:
R1#show hosts
Default domain is networkexperttraining.com
Name/address lookup uses domain service
Name servers are 255.255.255.255
<omitted output>
R1#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
98 vty 0 ssh idle 00:00:29 12.12.12.2
99 vty 1 ssh idle 00:00:25 12.12.12.3
To test our SSH configuration we’ll open two SSH sessions to R1, one from PC1 using the
PuTTY software, and one from R2.
PC1:
Follow these steps to open an SSH connection from PC1:
1. Open the PuTTY software by double-clicking its icon on the desktop, type the one the IP
addresses of R1 in the “Host Name“ textbox, and click on the open botton.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 5/5
CCNA LAB WORKBOOK IP SERVICES
2. The dialog box will appear and ask you to accept or reject RSA key sent by R1. So click
on the Yes button.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 6/6
CCNA LAB WORKBOOK IP SERVICES
R2:
In the privileged EXEC mode, use the ssh command to open an SSH session to R2. You
have to specify a username and a hostname of an IP address of the remote device to the ssh
command. If SSH version 1 is enabled, you have to specify the version. The default version is
2.
R2#show sessions
Conn Host Address Byte Idle Conn Name
* 1 12.12.12.1 12.12.12.1 0 0 12.12.12.1
Task 2:
Beginning in the global configuration mode, type the following the statements:
R1:
R1#configure terminal
R1(config)#access-list 100 permit tcp host 12.12.12.3 any eq 22
R1(config)#access-list 100 deny tcp 12.12.12.0 0.255.255.255 any eq 22
R1(config)#access-list 100 permit tcp any any eq 22
R1(config)#access-list 100 permit tcp any any eq telnet
R1(config)#
R1(config)#line vty 0 4
R1(config-line)# access-class 100 in
R1(config-line)#transport input telnet ssh
R1(config)#end
R1#
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 7/7
CCNA LAB WORKBOOK IP SERVICES
Verification:
R1:
R1#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
98 vty 0 ssh idle 00:00:41 12.12.12.2
99 vty 1 ssh idle 00:00:36 12.12.12.3
100 vty 2 ssh idle 00:00:26 12.12.12.3
R1#show ssh
Connection Version Encryption State Username
99 1.5 3DES Session started ssh
%No SSHv2 server connections running.
The command show ssh displays the started SSH sessions. As shown in the output of
the show ssh command, one session is open from the host 12.12.12.3(PC1). Because the
show users command output shows three active VTY session, we have two active Telnet
session and one active SSH session.
PC1 has opened a Telnet session and an SSH session to R1. R2 could only open a
Telnet session to R1.
R2:
R2#ssh -v 1 -l ssh 12.12.12.1
% Connection refused by remote host
R2#telnet 12.12.12.1
Trying 12.12.12.1 ... Open
Username: ssh
Password:
R1>
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 8/8
CCNA LAB WORKBOOK IP SERVICES
Task 3:
2. Set SSH version to the value of 2 using the ip ssh version command.
4. Set the time-out interval to 90 seconds using the ip ssh time-out command.
6. Configure VTY line authentication based on the local user database. To accomplish this
use the login local command in the VTY line configuration mode.
7. Enable the router to respond to incoming SSH requests. Use the transport input
command in the VTY line configuration mode.
R2:
R2(config)#ip domain-name networkexperttraining.com
R2(config)#
R2(config)#username ssh_user password 0 cisco
R2(config)#
R2(config)#ip ssh time-out 90
R2(config)#ip ssh authentication-retries 5
R2(config)#ip ssh version 2
R2(config)#
R2(config)#line vty 0 4
R2(config-line)# login local
R2(config-line)# transport input ssh
R2(config-line)#end
R2#
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 9/9
CCNA LAB WORKBOOK IP SERVICES
Verification:
The show crypto key mypubkey rsa command displays the RSA public keys of the router.
It is accessible in the privileged EXEC mode.
R2#show ip ssh
SSH Enabled - version 2
Authentication timeout: 90 secs; Authentication retries: 5
R2#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
98 vty 0 ssh_user idle 00:00:23 12.12.12.1
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 10/10
CCNA LAB WORKBOOK IP SERVICES
Task 4:
R1:
R1#conf t
R1(config)#ip ssh source-interface loopback 0
Verification:
As shown in the outputs of the show users and show ssh command, R1 has initiate an SSH
session to R2 using its loopback0’s IP address.
R2:
R2#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
98 vty 0 ssh_user idle 00:00:19 1.1.1.1
R2#show ssh
Connection Version Mode Encryption Hmac State Username
98 2.0 IN aes128-cbc hmac-sha1 Session started ssh_user
98 2.0 OUT aes128-cbc hmac-sha1 Session started ssh_user
%No SSHv1 server connections running.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 11/11
CCNA LAB WORKBOOK IP SERVICES
V. Links:
For more information about the related VTY line commands, use the following links:
1. access-class
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_a1g.html#wp
1083361
2. crypto key generate rsa
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#
wp1104892
3. ip domain-name
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp
1081400
4. ip ssh
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_i1g.html#w
p1110109
5. ip ssh source-interface
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_i1g.html#w
p1110445
6. login
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_l1g.html#
wp998262
7. show crypto key mypubkey rsa
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_s1g.html#
wp1100280
8. show hosts
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp
1079234
9. show ip ssh
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_s1g.html#
wp1070647
10. show line
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_l1g.html#
wp1039571
11. show sessions
http://www.cisco.com/en/US/docs/ios/12_3/dial/command/reference/dia_s5g.html#wp99
8201
12. show ssh
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_s1g.html#
wp1071692
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 12/12
CCNA LAB WORKBOOK IP SERVICES
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 13/13
CCNA LAB WORKBOOK IP SERVICES
I. Network diagram:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 1/1
CCNA LAB WORKBOOK IP SERVICES
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end
R2:
hostname R2
!
interface Serial 0/0
ip address 172.19.1.2 255.255.255.0
no shutdown
!
!
ip route 0.0.0.0 0.0.0.0 s0/0
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end
III. Tasks:
1. Configure R1 to route traffic with addresses destined for the subnet122.1.0.0/16 to the
router ISP.
2. Configure R1 to map the private IP address of PC1 to the public ip address
196.12.12.10.
3. Configure r1 to translate the private IP address into the public IP addresses
196.12.12.11,196.12.12.12,and 196.12.12.13.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 3/3
CCNA LAB WORKBOOK IP SERVICES
IV. Solutions:
Task 1:
R1:
R1#configure terminal
R1(config)#ip route 0.0.0.0 0.0.0.0 f0/0
Or
R1#configure terminal
R1(config)#ip route 0.0.0.0 0.0.0.0 196.12.12.2
Verification:
R1:
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
R1#ping 12.12.12.12
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 4/4
CCNA LAB WORKBOOK IP SERVICES
Task 2:
Static NAT maps statically one private IP address to one registered IP address.
Static Nat translations do not timeout. They can be deleted only using the no ip nat inside
command.
By configuring a static Nat entry you reserve one global IP address to one private IP
address. This means you cannot use the same global IP address in inure than one static NAT
configuration.
Verification:
R1:
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 196.12.12.3 10.1.2.2 --- ---
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 5/5
CCNA LAB WORKBOOK IP SERVICES
R1#
*Mar 1 00:17:38.935: NAT*: i: icmp (10.1.2.2, 768) -> (12.12.12.12, 768) [12071]
*Mar 1 00:17:38.939: NAT*: i: icmp (10.1.2.2, 768) -> (12.12.12.12, 768) [12071]
*Mar 1 00:17:38.939: NAT*: s=10.1.2.2->196.12.12.3, d=12.12.12.12 [12071]
*Mar 1 00:17:39.107: NAT*: o: icmp (12.12.12.12, 768) -> (196.12.12.3, 768) [12071]
*Mar 1 00:17:39.107: NAT*: s=12.12.12.12, d=196.12.12.3->10.1.2.2 [12071]
*Mar 1 00:17:39.523: NAT*: i: icmp (10.1.2.2, 768) -> (12.12.12.12, 768) [12100]
*Mar 1 00:17:39.523: NAT*: s=10.1.2.2->196.12.12.3, d=12.12.12.12 [12100]
*Mar 1 00:17:39.587: NAT*: o: icmp (12.12.12.12, 768) -> (196.12.12.3, 768) [12100]
R1#
*Mar 1 00:17:39.587: NAT*: s=12.12.12.12, d=196.12.12.3->10.1.2.2 [12100]
R1#
*Mar 1 00:17:41.015: NAT*: i: icmp (10.1.2.2, 768) -> (12.12.12.12, 768) [12151]
*Mar 1 00:17:41.015: NAT*: s=10.1.2.2->196.12.12.3, d=12.12.12.12 [12151]
*Mar 1 00:17:41.131: NAT*: o: icmp (12.12.12.12, 768) -> (196.12.12.3, 768) [12151]
*Mar 1 00:17:41.131: NAT*: s=12.12.12.12, d=196.12.12.3->10.1.2.2 [12151]
R1#
*Mar 1 00:17:42.031: NAT*: i: icmp (10.1.2.2, 768) -> (12.12.12.12, 768) [12214]
*Mar 1 00:17:42.031: NAT*: s=10.1.2.2->196.12.12.3, d=12.12.12.12 [12214]
*Mar 1 00:17:42.099: NAT*: o: icmp (12.12.12.12, 768) -> (196.12.12.3, 768) [12214]
*Mar 1 00:17:42.099: NAT*: s=12.12.12.12, d=196.12.12.3->10.1.2.2 [12214]
R1#
*Mar 1 00:18:06.099: NAT: expiring 196.12.12.3 (10.1.2.2) icmp 2 (2)
R1#
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 6/6
CCNA LAB WORKBOOK IP SERVICES
ISP
ISP#ping 196.12.12.3
R1#
*Mar 1 00:20:31.735: NAT*: s=196.12.12.2, d=196.12.12.3->10.1.2.2 [14]
*Mar 1 00:20:31.787: NAT*: s=10.1.2.2->196.12.12.3, d=196.12.12.2 [19966]
*Mar 1 00:20:31.927: NAT*: s=196.12.12.2, d=196.12.12.3->10.1.2.2 [15]
*Mar 1 00:20:31.975: NAT*: s=10.1.2.2->196.12.12.3, d=196.12.12.2 [19981]
*Mar 1 00:20:32.047: NAT*: s=196.12.12.2, d=196.12.12.3->10.1.2.2 [16]
*Mar 1 00:20:32.103: NAT*: s=10.1.2.2->196.12.12.3, d=196.12.12.2 [19988]
*Mar 1 00:20:32.147: NAT*: s=196.12.12.2, d=196.12.12.3->10.1.2.2 [17]
*Mar 1 00:20:32.159: NAT*: s=10.1.2.2->196.12.12.3, d=196.12.12.2 [19998]
*Mar 1 00:20:32.187: NAT*: s=196.12.12.2, d=196.12.12.3->10.1.2.2 [18]
R1#
*Mar 1 00:20:32.259: NAT*: s=10.1.2.2->196.12.12.3, d=196.12.12.2 [20006]
R1#
Task 3:
R1:
R1#configure terminal
R1(config)#interface s1/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#ip nat Inside source static 172.19.1.2 196.12.12.10
R1(config)#end
R1#
Verification:
R1:
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 196.12.12.3:768 10.1.2.2:768 12.12.12.12:768 12.12.12.12:768
--- 196.12.12.3 10.1.2.2 --- ---
--- 196.12.12.10 172.19.1.2 --- ---
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 7/7
CCNA LAB WORKBOOK IP SERVICES
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 8/8
CCNA LAB WORKBOOK IP SERVICES
V. Links:
For more information about the commands used in the current lab, open the following links:
1. ip nat
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp
1078863
2. ip nat inside source
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp
1079180
3. show ip nat translations
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp
1082204
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 9/9
CCNA LAB WORKBOOK IP SERVICES
I. Network diagram:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 1/1
CCNA LAB WORKBOOK IP SERVICES
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 2/2
CCNA LAB WORKBOOK IP SERVICES
III. Tasks:
1. Configure R1 to route all traffic destined to the Internet out of the interface f0/0.
Additionally, configure the question the router ISP to reach the subnet 195.16.1.0/24
2. PC1 through PC6 cannot access the Internet. Configure R1 to circumvent this situation.
Use the pool of IP addresses 195.16.1.1 through 195.16.1.6.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 3/3
CCNA LAB WORKBOOK IP SERVICES
IV. Solution
Task 1:
R1:
R1#configure terminal
R1(config)#ip route 0.0.0.0 0.0.0.0 196.12.12.2
R1(config)# end
R1#
ISP:
ISP#configure terminal
ISP(config)#ip route 195.16.1.0 255.255.255.240 196.12.12.1
ISP(config)# end
ISP#
Verification:
R1:
R1#show ip route static
S* 0.0.0.0/0 [1/0] via 196.12.12.2
R1#ping 12.12.12.12
ISP#ping 195.16.1.1
Task 2:
Because the question dictates that the configuration must be done on R1, you cannot
configure ip routing on R2 to accomplish this ask .The unique solution is to configure Dynamic
NAT using the global IP addresses mentioned above.
R1:
R1#configure terminal
R1(config)#ip nat pool NAT_POOL 195.16.1.1 195.16.1.6 netmask 255.255.255.240
R1(config)#
R1(config)#access-list 1 permit 10.1.2.0 0.0.0.255
R1(config)#
R1(config)#ip nat inside source list 1 pool NAT_POOL
R1(config)#
R1(config)#interface f0/0
R1(config-if)#ip nat outside
R1(config-if)#
R1(config-if)#interface f0/1
R1(config-if)#ip nat inside
R1(config-if)#^Z
R1#
Verification:
R1:
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 195.16.1.1 10.1.2.2 --- ---
--- 195.16.1.2 10.1.2.3 --- ---
--- 195.16.1.3 10.1.2.4 --- ---
--- 195.16.1.4 10.1.2.5 --- ---
--- 195.16.1.5 10.1.2.6 --- ---
--- 195.16.1.6 10.1.2.7 --- ---
R1#
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 5/5
CCNA LAB WORKBOOK IP SERVICES
V. Links
For more information about the commands used in the current lab, open the following links:
1. ip nat
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp
1078863
2. ip nat inside source
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp
1079180
3. ip nat pool
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp
1079697
4. show ip nat translations
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp
1082204
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 6/6
CCNA LAB WORKBOOK IP SERVICES
LAB 6: PAT
I. Network diagram:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 1/1
CCNA LAB WORKBOOK IP SERVICES
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end
R1:
hostname R1
!
interface fastethernet 0/0
ip address 196.12.12.1 255.255.255.0
no shutdown
!
!
interface fastethernet 0/1
ip address 10.1.2.1 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 f0/0
!
line con 0
exec-timeout 0 0
logging synchronous
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 2/2
CCNA LAB WORKBOOK IP SERVICES
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end
III. Tasks:
1. Configure R1 to map all private IP addresses to the F0/0’s IP address.
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 3/3
CCNA LAB WORKBOOK IP SERVICES
IV. Solutions:
Task 1:
One of the reasons to implement NAT is to slowdown the depletion of the public IP address
on the Internet. Static & dynamic NAT do not remedy this problem because we still need as
many registered IP address as the number of internal hosts needing Internet access increases.
PAT allows the translation of all internal IP address using one or multiple public IP address.
R1:
R1(config)#access-list 1 permit 10.1.2.0 0.0.0.255
R1(config)#
R1(config)#ip nat inside source list 1 interface FastEthernet0/0 overload
R1(config)#
R1(config)#int F0/0
R1(config-if)#ip nat outside
R1(config-if)#
R1(config-if)#interface f0/1
R1(config-if)#ip nat inside
R1(config-if)#^Z
R1#
Verification:
R1:
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 196.12.12.1:768 10.1.2.2:768 12.12.12.12:768 12.12.12.12:768
R1#
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 4/4
CCNA LAB WORKBOOK IP SERVICES
V. Links:
For more information about the commands used in the current lab, open the following links:
1. ip nat
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp
1078863
2. ip nat inside source
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp
1079180
3. show ip nat translations
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp
1082204
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 5/5
CCNA LAB WORKBOOK IP SERVICES
LAB 7: DHCP
I. Network diagram:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 1/1
CCNA LAB WORKBOOK IP SERVICES
R1:
hostname R1
!
interface serial 0/0
encapsulation ppp
ip address 173.2.13.1 255.255.255.0
!
router eigrp 123
network 173.2.0.0
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
password cisco
login
!
end
R2:
hostname R2
!
interface fastethernet 0/0
ip address 173.2.23.2 255.255.255.0
!
interface fastethernet 0/1
ip address 173.2.2.2 255.255.255.0
!
router eigrp 123
network 173.2.0.0
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 2/2
CCNA LAB WORKBOOK IP SERVICES
logging synchronous
password cisco
login
!
end
R3:
hostname R3
!
interface fastethernet 0/0
ip address 173.2.23.3 255.255.255.0
!
interface fastethernet 0/1
ip address 173.2.3.3 255.255.255.0
!
interface serial 1/0
encapsulation ppp
ip address 173.2.13.3 255.255.255.0
!
router eigrp 123
network 173.2.0.0
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
password cisco
login
!
end
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 3/3
CCNA LAB WORKBOOK IP SERVICES
III. Tasks:
1. Configure the DHCP service on R1 to supply the dynamic configuration. Create two DHCP
pools using the following parameters:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 4/4
CCNA LAB WORKBOOK IP SERVICES
IV. Solutions:
Task 1:
The DHCP service is enabled by default. You can verify this by using the show udp
command in the privileged EXEC mode. In this task, you have to configure two DHCP pools,
and exclude two IP addresses from being assigned by the DHCP server.
To configured a DHCP pool use the ip dhcp pool command in the global configuration
mode. To exclude an IP address from being use the ip dhcp exclude command in the global
configuration mode.
R1:
R1#conf t
R1(config)#ip dhcp pool R2_PooL
R1(dhcp-config)# network 173.2.2.0 /24
R1(dhcp-config)# default-router 173.2.2.2
R1(dhcp-config)#
R1(dhcp-config)#ip dhcp pool R3_PooL
R1(dhcp-config)# network 173.2.3.0 /24
R1(dhcp-config)# default-router 173.2.3.3
R1(dhcp-config)#
R1(dhcp-config)#ip dhcp excluded-address 173.2.2.2
R1(config)#ip dhcp excluded-address 173.2.3.3
R1(config)#end
R1#
Verification:
R1:
R1#show ip dhcp pool
Pool R2_PooL :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) :0/0
Total addresses : 254
Leased addresses :0
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
173.2.2.1 173.2.2.1 - 173.2.2.254 00000000
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 5/5
CCNA LAB WORKBOOK IP SERVICES
Pool R3_PooL :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) :0/0
Total addresses : 254
Leased addresses :0
Pending event : none
1 subnet is currently in the pool:
Current index IP address range Leased addresses
173.2.3.1 173.2.3.1 - 173.2.3.254 0 0
Task 2:
DHCP requests are sent to the broadcast IP address 255.255.255.255. So R2 and R3 will
not forward DHCP request to R1 because Cisco routers de not forward IP broadcasts by
default.
To circumvent this issue, you can configure R2 & R3 to forward DHCP request as unicast
IP packets to R1. R2 and R3 will insert the IP address of the interface on which the DHCP
requests are received as the source for the unicast DHCP requests sent to the server. This will
help the DHCP server choose the appropriate DHCP pool to be used to configure the DHCP
clients.
As a result PC1 will be configured using the DHCP pool named R3_Pool, and PC2 will be
configured using the DHCP pool named R2_Pool
R2:
R2# configure terminal
R2(config)#interface f0/1
R2(config-if)#ip helper-address 173.2.13.1
R2(config-if)#end
R3#
R3:
R3# configure terminal
R3(config)#interface f0/1
R3(config-if)#ip helper-address 173.2.13.1
R3(config-if)#end
R3#
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 6/6
CCNA LAB WORKBOOK IP SERVICES
Verification:
R1:
R1#debug ip dhcp server events
*Mar 1 00:04:55.291: DHCPD: Sending notification of DISCOVER:
*Mar 1 00:04:55.291: DHCPD: htype 1 chaddr 0200.4c4f.4f50
*Mar 1 00:04:55.295: DHCPD: circuit id 00000000
*Mar 1 00:04:55.295: DHCPD: Seeing if there is an internally specified pool class:
*Mar 1 00:04:55.299: DHCPD: htype 1 chaddr 0200.4c4f.4f50
*Mar 1 00:04:55.299: DHCPD: circuit id 00000000
R1#
*Mar 1 00:04:57.303: DHCPD: Adding binding to radix tree (173.2.2.1)
*Mar 1 00:04:57.303: DHCPD: Adding binding to hash tree
*Mar 1 00:04:57.307: DHCPD: assigned IP address 173.2.2.1 to client
0102.004c.4f4f.50.
*Mar 1 00:04:57.651: DHCPD: Sending notification of ASSIGNMENT:
*Mar 1 00:04:57.655: DHCPD: address 173.2.2.1 mask 255.255.255.0
*Mar 1 00:04:57.655: DHCPD: htype 1 chaddr 0200.4c4f.4f50
*Mar 1 00:04:57.659: DHCPD: lease time remaining (secs) = 86400
R1#
*Mar 1 00:06:25.731: DHCPD: checking for expired leases.
R1#
*Mar 1 00:07:19.011: DHCPD: Sending notification of DISCOVER:
*Mar 1 00:07:19.015: DHCPD: htype 1 chaddr 0050.56c0.0001
*Mar 1 00:07:19.015: DHCPD: circuit id 00000000
*Mar 1 00:07:19.019: DHCPD: Seeing if there is an internally specified pool class:
*Mar 1 00:07:19.019: DHCPD: htype 1 chaddr 0050.56c0.0001
*Mar 1 00:07:19.023: DHCPD: circuit id 00000000
R1#
*Mar 1 00:07:21.027: DHCPD: Adding binding to radix tree (173.2.3.1)
*Mar 1 00:07:21.031: DHCPD: Adding binding to hash tree
*Mar 1 00:07:21.031: DHCPD: assigned IP address 173.2.3.1 to client
0100.5056.c000.01.
*Mar 1 00:07:21.683: DHCPD: Sending notification of ASSIGNMENT:
*Mar 1 00:07:21.687: DHCPD: address 173.2.3.1 mask 255.255.255.0
*Mar 1 00:07:21.687: DHCPD: htype 1 chaddr 0050.56c0.0001
*Mar 1 00:07:21.691: DHCPD: lease time remaining (secs) = 86400
R2:
R2#show ip interface fastethernet 0/1
FastEthernet0/1 is up, line protocol is up
Internet address is 173.2.2.2/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is 173.2.13.1
Directed broadcast forwarding is disabled
<omitted output>
R3:
R3# show ip interface fastethernet 0/1
FastEthernet0/1 is up, line protocol is up
Internet address is 173.2.3.3/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is 173.2.13.1
Directed broadcast forwarding is disabled
PC1:
ipconfig command output:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 8/8
CCNA LAB WORKBOOK IP SERVICES
PC2:
ipconfig command output:
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 9/9
CCNA LAB WORKBOOK IP SERVICES
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 10/10
CCNA LAB WORKBOOK IP SERVICES
V. Links
For more information about the commands used in the current lab, open the following links:
1. ip dhcp excluded-address
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp
1080791
2. ip dhcp pool
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp
1080966
3. ip helper-address
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp
1084408
4. show ip dhcp pool
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp
1096976
5. show ip interface
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp
1096472
COPYRIGHT © 2009 MOHAMED OUAMER. ALL RIGHTS RESERVED
HTTP://WWW.NETWORKEXPERTTRAINING.COM
PAGE 11/11