Академический Документы
Профессиональный Документы
Культура Документы
DSP
Switch Router Access Server
Multilayer Switch
Personal Computer
Cisco IP Phone
WAN Cloud
PBX
PSTN Cloud
Ethernet
Fast Ethernet
Serial Line
Circuit-Switched Line
2
Im
po
rt
10
0: 10
F0/0 .10
10.0.Y.0/24 SW1
Lab-SW
TFTP Server
Objectives:
In this lab, students configure some basic router settings: 1. Router name. 2. Router passwords:console, vty, enable password, perform password encryption. 3. Serial interfaces, FastEthernet interfaces. 4. Interface description. 5. Login banners. 6. Host name resolution. 7. Using Router show commands. 8. Making configuration changes. 9. Backing up configuration files, IOS on TFTP servers. 10. Capture the configuration . 11. Verifying and Troubleshooting: show, telnet, ping, traceroute
4
F0/0 .10
F0/0 .11
F0/0 .12
LAB-SW
RD
F0/0 .13 RE
F0/0 .14
F0/0 .15
RF
TFTP Server
Objectives: 1. Using the boot system command 2. Configuration Register 3. Managing configuration files using TFTP 4. Managing configuration files using copy and paste 5. Managing IOS images using TFTP 6. Download using TFTP from ROMmon 7. Password Recovery 8. Verifying and Troubleshooting: show, telnet, ping, traceroute
5
LabS3-RIP-OSPF-EIGRP
Default route1: 20.0.0.0/24
OFF1
GATE1
3
SW1
BORDER GATE2
4 5
Objectives: 1. Configuring RIP ver2, EIGRP, OSPF routing protocols 2. Propagating a default route (use one and only): 1. Default route 1 2. Default route 2 3. Default route 3 3. Redistrbute RIP, OSPF, EIGRP routes 4. Enable MD5 authentication 5. Verifying and Troubleshooting
SW2 OFF3
8 9 7
GATE3
LabS2b-RIP-EIGRP-OSPF
EIGRP 22, 122.22.X.0/24
1
OSPF authentication: key-id=1 password=red123 MD5 level 7 RIP authentication: key=2 key-string=blue123 MD5 EIGRP authentication: key=3 key-string=green123 MD5 Objectives: 1. Propagate the default route (use one and only): Default route 1 or Default route 2 or Default route 3 2. OFF router: Disable routing protocol 3. GATE1: configure and redistribute static routes to 16,17,18 subnets
GATE2
6 2
BR2
GATE1
13 14
15
18
17
BR3
8 12
OFF
16
GATE3
10 11
OSPF, 166.66.X.0/24
(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
7
LabS2-OpenLab2
OSPF, 177.77.X.0/24 key-id=1 password=green123" MD5 GATE1
2 1
BR1
5
Objectives: 1. Propagate the default route (use one and only): Default route 1 or Default route 2 or Default route 3 2. Redistrbute RIP, OSPF, EIGRP routes 3. Enable MD5 authentication
BR2
8 9
GATE2
10 11
15
BR3
12
GATE3
13
(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
LabS2- RIPv2-EIGRP-OSPF
2 5
SITE1 S0/0
1 4
BR1
6
S0/1
3
S0/0
7
S0/1
F0/0
SW2
F0/1 SW1
F0/0
9
RIPver2, 133.33.X.0/24
S0/0
11
BR2
10
OSPF 122.22.X.0/24
S0/1
14 16
BR3
12
S0/1 SITE3
17
S0/0
13
(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU }
9
LabS3-Switch Configuration
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 Sw1:+8 Sw2:+9 Sw3:+10
RIP ver2 172.16.X.0/24 PC11 PC12
TFTP Server1
SW1
3
Objectives: 1. Configuring RIP routing protocol 2. Resetting the switch defaults 3. Assigning the switch host name and password 4. Assigning the switch IP address and Default gateway 5. Enabling HTTP service and port on all switchs 6. Configuring static MAC addresses 7. Configuring port security 8. Back up the IOS to a local TFTP server 9. Password recovery (reference: CCNA3_lab_6_2_8_en.pdf ) 10. Verifying and Troubleshooting: show, debug, ping, traceroute, telnet on switchs: debug ip packet, debug ip icmp, show macaddress-table, show arp, clear mac-address-table dynamic ...
GATE1
SW2 SW3
PC21
PC22
PC23
PC24
10
LabS4-NAT-DHCP-PPP
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7
4
SW1
5
ISP2
6
ISP3 200.0.X.0/24 CHAP 3 USER2 NAT DHCP NAT DHCP 200.0.X.0/24
CHAP 1
CHAP 2
USER1
NAT DHCP
USER3
172.16.X.0/24
Objectives: 1. Configuring OSPF routing protocol in ISP area 2. Configuring PPP-Multilink, CHAP (one-way), NAT, DHCP, ACLs 3. Verifying and Troubleshooting
11
LabS4-NAT-DHCP-PPP-VLANs
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7
NAT CHAP USER1 1 4 CHAP 2 CHAP 5 3 172.16.X.0/24 DNS server 192.168.2.1
ISP1
ISP2
ISP3 10.0.Y.0/24
USER2
USER3
NAT DHCP
192.168.X.0/24
6 VLAN2 T VLAN3 7 SW1 (Server) T
Objectives: 1. Configuring OSPF routing protocol in user area 2. Configuring PPP, CHAP (bidirection), NAT, DHCP, ACLs 3. Configuring Vlans, VTP 4. Verifying and Troubleshooting: all PCs can access Internet
SW2 (Client) VTP ver2 Domain: bkacad Pass=redblue Vlan2: Technical Vlan3: Admin
SW3 (Client)
12
Open Lab 1
DNS Server WEB Server1 (www.cisco.com) TFTP Server Switch3 LAN3 Loopback3 WAN F0/1 Router1 S0/1 F0/0 Switch4 Router2 S0/0 F0/1 LAN5 Loopback6 Loopback7 LAN6 LAN7 WEB Server2 (www.yahoo.com)
LAN4
F0/0
DHCP Server2 PC4 LAN8
Switch1
Switch2
PC2
PC3
13
HUB SP1
+CA +EzVPN server for mobile users
3
SP5
+EzVPN server for mobile users
5
ISP
SP2
+EzVPN client
2
SP4
+EzVPN server for mobile users
4
100
SP3
+DHCP client
Mobile users
3
14
NS1- OpenLab1
Network address 1: 10.0.0.0/24 2,7: 172.16.0.0/24 3,4,5,6: X.0.0.0/24
SW-2950 F0/0 GATE1 F0/1 SW-2950 4 5 GATE2 6 F0/1 SW-2950 E0 AAA Server PIX1 T E1 E1 SW-2950 INSIDE1 1 INSIDE2 PIX2 T E2 SW-3550 TECH2 WEB FTP F0/0
DMZ1
E2 SW-3550 TECH1
E0
DMZ2
Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM Configure 802.1X on SW-2950 for Inside users. Inside users can access to DMZ, Internet. Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts. Tech networks can access into together.
15
NS1- OpenLab2
Network address 1: 10.0.0.0/24 2,7: 172.16.0.0/24 3,4,5,6: X.0.0.0/24
SW-2950 F0/0 GATE1 F0/1 SW-2950 4 5 GATE2 6 F0/1 SW-2950 E0 AAA Server PIX1 T E1 E1 SW-2950 INSIDE1 1 INSIDE2 PIX2 T E2 SW-3550 TECH2 WEB FTP F0/0
DMZ1
E2 SW-3550 TECH1
E0
DMZ2
Configure features of PIX as the following: NAT, ACL, Vlans, Trunking, Routing, AAA, Cut-through, Telnet, SSH, ASDM Configure 802.1X on SW-2950 for Inside users. Inside users can access to DMZ, Internet. Outside users can access to the WEB, FTP servers in DMZ by the IP address assigned to the hosts. Tech networks can access into together.
16
NS1- OpenLab2
Network address 1,2,3,4,12: 10.0.X.0/24 5: 100.0.0.0/24 6,7,8,9: 200.0.X.0/24 10,11: 172.16.0.0/24
F0/0 BKACAD network 192.168.131.0/24 WEB FTP GATE1 F0/1 SW-3550 E0 SW-2950 E2 5 DMZ1 E1 Outside User SITE1 SITE2 F0/1.1 F0/1.2 ENG1 F0/1.2 ENG2 F0/1.1 F0/0
10
Lab-SW
9 E0
WEB
FTP
E2 E1 DMZ4
SW-2950
12
Basic configurations: NAT, ACL, Object-group, Vlan, Trunking, Routing Outside user can access to the devices by SSH Inside user can access to the devices by Telnet, SDM or ASDM Outside user can access to DMZ servers Eng1 and Eng2 can access into together
Enable Authentication-Proxy, Cut-through Configure FTP, HTTP Inspection Mitigate layer 2 attack
17
DNS
ISP
1
TFTP
GATE
3 8
SITE3
5
7 6
PC1
Tasks: Basic Router configuration: Hostname Passwords Banner Message Descriptions Host Table disable the Name Service Logging Synchronous 200.200.X.0/24 Basic RIPv1 configuration : Enable RIP RIP Passive interfaces 172.16.X.0/24 Configure and propagate the default route Create and redistribute the static route SITE1 Configuring the Servers, PCs Backing up configuration files on the TFTP server 4 Verifying and Troubleshooting: Show SITE2 Telnet Ping Traceroute, Tracert External LAN Debug 30.30.30.0/24
18
RIP version1
10.0.0.1/16 10.1.0.1/16 10.0.0.2/24 10.2.0.1/16
19
LabS2- OpenLab1
Default Route 200.200.200.0/24
EIGRP 55 155.55.X.0/24
OSPF 133.33.X.0/24
8
HaiBaTrung
9 10
6 5
16
18
TayHo
1 4 3
(DR)
CauGiay
20
HoanKiem
SW1
BaDinh
17 19
(BDR)
11 12
ThanhXuan
13
HaTay
15 14
(config)# router ospf {process-id} (config-router)# redistribute [rip | eigrp {as_number}] [subnets | metric {value}| metric-type {1| 2}] (config)# router rip (config-router)# redistribute [eigrp {as_number} | ospf {process-id}] metric {value} (config)# router eigrp {as_number} (config-router)# redistribute [rip | ospf {process-id} ] metric {bandwidth | delay | reliability | loading | MTU } 20
LabS4-Load Balancing
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 Lab1,2:Y=6 Lab3:Y=8 Lab4,5:Y=4 Lab6:Y=5
SW-A
Lab-SW
10.0.Y.0/24
NAT/PAT FPT F0/0
4 5
VNN
F0/0 F0/0
VIETTEL
200.0.X.0/24
PAP NAT/PAT RIP ver2
CHAP
PAP
CHAP
PAP
CHAP
F0/0 MD1
2
MD2
3
F0/0 F0/0
4
MD3
172.16.X.0/24
Vlan2 Vlan3 Tasks: SW-B Multilink: use interface Multilink T F0/0 DHCP Load Balancing: enable Process Switching GATE DHCP RIP ver2: F0/1 5 Vlan4 MD1, MD2, MD3, GATE GATE: propagate subnets 172.16.X.0/24 only Change RIP timer SW-C distribute-list command: (config-router)# distribute-list {access-list} { in | out } [ interface ] Adjust static route: (config)# ip route static adjust-time {seconds} 21
LabS3- STP
Lab-SW
Tasks: Configuring VTP: VTP ver2 VTP domain: ccna VTP password: cisco123 SW1: server; SW2,SW3: clients Vlan10: teacher Vlan20: student Vlan30: admin Vlan99: management; 10.0.X.0/24 Configuring STP: SW1: root bridge PortFast UplinkFast BackboneFast Troubleshooting: show, debug
F0/9
SW1
F0/3
F0/1
F0/4 F0/2
T
F0/1 F0/2 F0/5 F0/5 F0/4
T
F0/3
SW3
F0/10 F0/6 F0/6
SW2 T
F0/10
22
LabS3- OpenLab1
VTP: Ver 2 Default route: Domain: ccna 200.200.200.0/24 Password: 1234 SW1: server; SW2,SW3: client 1 VLANs: Vlan20: teacher; 144.44.20.0/24 Vlan30: student; 144.44.30.0/24 Vlan99: management; 144.44.99.0/24 OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7 RIPv2 Authentication: key=2 key-string=blue123 MD5 EIGRP Authentication: key=3 key-string=red123 MD5
EIGRP,66 166.66.X..0/24
SITE1
10
SW1 (Server)
T
F0/0 S0/0 S0/1 11
T
F0/0 SITE3 S0/0 S0/1 8 5
EIGRP,55 155.55.X..0/24
SW3 (Client)
SW2 (Client)
30
SITE4 6
SW2:+9 SW3:+10
12 7
23
LabS3- OpenLab2
Ra:+1 Rb:+2 Rc:+3 Rd:+4 Re:+5 Rf:+6 Rg:+7 SW1:+8 SW2:+9 SW3:+10 SITE2
40
GATE
2 10
SITE1
4
3 T
SW1 (server)
20
5
6
30
BR1
WLAN Local IP:172.16.0.0/24 DNS: 203.162.0.181 210.245.0.11 Mode: Mixed SSID: CCNA Channel: 11 Authentication: Auto Encryption: WPA2 Access Restriction: - deny access to www.bbc.com website - deny Telnet traffics VLANs Vlan10: technic AP Vlan20: staff Vlan30: admin RIP ver2 133.33.X.0/24 VTP ver2 domain name: BKACAD password: cisco VLANs Vlan40: teacher Vlan50: student
SW2 (server)
OSPF Authentication: key-id=1 HIDDEN password=055A1C MD5 level 7 RIPv2 Authentication: key=2 key-string=blue123 MD5 EIGRP Authentication: key=3 key-string=red123 MD5
BR2
9
10
11
SITE3
12
24
LabS3- OpenLab4
ftp://121.100.48.11 WLAN Username:cisco Local IP:172.16.0.0/24 Password: sadikhov DNS: 203.162.0.181 Default route: Lab-SW 208.67.222.222 192.168.X.0/24 Mode: Mixed SSID: CCNA GATE Channel: 11 Authentication: Auto 5 6 Encryption: WPA Access Restrictions: - deny access to www.24h.com website SITE1 SITE2 - deny Telnet, FTP traffics 50 10 20 40 VLANs T Vlan10: student; 144.44.10.0/24 Vlan20: teacher; 144.44.20.0/24 SW1 SW2 Vlan30: sale; 144.44.30.0/24 (client) T (client) T Vlan99: management; 144.44.99.0/24 VTP ver2 SW3 Domain name: STUDENT 30 T (server) Password: cisco123 SW1: server; SW2,SW3: client BR STP SW1: the primary root for Vlan10 3 the secondary root for Vlan20 SW2: the primary root for Vlan20 2 4 the secondary root for Vlan30 SW3: the primary root for Vlan30 BackboneFast, UplinkFast, PortFast, udld, BPDU Guard SITE3
1
25
S0/0
PAP S0/0
Objectives: 1. Configuring PPP 2. Configuring PAP, CHAP authentication: the username must match the hostname 3. Verifying and Troubleshooting: - show - debug ppp authentication - debug ppp packet - ... 4. Other: - The hostname on one router dont match the username that the other router has configured. - The passwords dont match (PAP only)
26
SITE2
SITE4
SITE3
27
LabS4- NAT/PAT
Lab-SW SW1
10.0.Y.0/24 Y=[4,5,6,8]
F0/0 F0/0
F0/0
MD1
S0/0 1 S0/1 S0/0 2 S0/1
MD3
NAT Pool: 192.168.X.10 192.168.X.20/24
192.168.X.0/24
FW2
S0/1
FW1 172.16.X.0/24
F0/0
10
F0/0
20 30
F0/0
Notes: MD1,MD2,MD3: Enable PAT with the interface FW1,FW2,FW3: Enable dynamic NAT with the pool. Configure DHCP servers. SW2: Create Vlans 10,20,30 MD1,MD2,MD3: Interface F0/0 assigned an IP address automatically
28