CCNA Routing and Switching: Connecting Networks Instructor Lab Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Routing and Switching: Connecting Networks course as part of an official Cisco Networking Academy Program.
Design Hierarchy (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Identify the three layers of a hierarchical network and how they are used in network design. Instructor Note: This activity can be completed individually or in small groups. Scenario A network administrator is tasked with designing an expanded network for the company.
Design Hierarchy Step 4: Present the slides to a classmate, another group, or the class for discussion. Suggested Activity Example (no model numbers are given, as emphasis is on the hierarchical functions of the network devices shown): Slide 1: Graphic 1 Student or Group Notes as to why this graphic was chosen: Access layer shows basic switches, Spanning Tree options, redundancy to the Distribution layer, and security considerations.
Design Hierarchy Slide 2: Graphic 2 Student or Group Notes as to why this graphic was chosen: Access layer shows PCs, access switches, VPN gateways, printers, teleworker, home office, and wireless router. Also shown in this layer are redundant links to the distribution layer. The distribution layer shows several multilayer switches and link connections to the core layer. The core layer shows multilayer switches and connections to the distribution layer and the cloud.
Design Hierarchy switches would be located at this level of the two graphics. The number of network devices shown in both graphics at this level is smaller than the access layer, but larger than the core layer. As shown in the two previous graphics, the core layer has the most sophisticated equipment. There are fewer network devices at this layer, which seems to indicate that the devices are highly functioning and fast traffic processors.
Borderless Innovations – Everywhere (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Describe borderless networks components. Instructor Note: This activity can be completed individually or in small or large groups. Scenario You are the network administrator for your small- to medium-sized business. Borderless network services interest you as you plan your network’s future.
Borderless Innovations - Everywhere Step 3: Prepare an informational matrix listing the three borderless network services you selected. Include the video notes you completed in Steps 2a and b. Step 4: Share your matrix with another student, group, or the entire class. Note: As students listen to group presentations, they can take notes and submit them to the Instructor.
Borderless Innovations - Everywhere Multimedia performance – Medianet Video-ready Network with Cisco MediaNet A borderless network service which allows for easy wired and wireless configuration, media monitoring, and low-cost multimedia operations. Keeps track of multimedia traffic that flows on the network. Helps reduce operating costs with fast troubleshooting of video, voice, and data errors. Enables precise assessment of the impact that video, voice, and data have on the network.
Branching Out (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Describe WAN access technologies available to small-to-medium-sized business networks. Instructor Note: This activity is can be completed individually or in small groups – it can then be shared and discussed with another group of students, with the entire class, or with the instructor.
Branching Out Step 5: Discuss your research with a classmate, group, class, or your instructor.
Lab – Researching WAN Technologies (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objectives Part 1: Investigate Dedicated WAN Technologies and Providers Part 2: Investigate a Dedicated Leased Line Service Provider in Your Area Background / Scenario Today’s broadband Internet services are fast, affordable, and secure using VPN technologies.
Lab – Researching WAN Technologies Internet Service Provider T1/DS1/PRI T3/DS3 OC3 (SONET) Frame Relay ATM MPLS EPL Ethernet Private Line Comcast Integra x x tw telecom x x x x x x x AT&T Cbeyond Earthlink Level 3 Communications XO Communications Verizon Part 2: Investigate a Dedicated Leased Line Service Provider in Your Area In Part 2, you will research a local service provider that will provide a T1 dedicated leased line to the geographical area specified.
Lab – Researching WAN Technologies Step 2: Select the service type. Choose Internet T1 (1.5 MB) and scroll down to Step 3 on the webpage. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Researching WAN Technologies Step 3: Enter installation information. a. In the Installation BTN field, enter your sample business telephone number. This should be a landline number. b. Enter your address, city, state, and zip code. Step 4: Enter contact preferences. a. Do not click the first radio button (Please call me ASAP at), but do provide your contact telephone number. b. Click the I am just window shopping radio button. c. Click Continue. Step 5: Examine the results.
Lab – Researching WAN Technologies Reflection 1. What are the disadvantages to using a T1 leased line for personal home use? What would be a better solution? _______________________________________________________________________________________ A symmetrical service such as T1 would be more expensive and unnecessary for home use. Home users typically do much more downloading than uploading and an asymmetrical service such as DSL or Cable could provide faster downloads at a more affordable price. 2.
WAN Device Modules (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Select WAN access technologies to satisfy business requirements in a small-to-medium-sized business network. Instructor Note: This activity can be completed individually or in small groups – it can then be shared and discussed with another group of students, with the entire class, or with the instructor.
WAN Device Modules T1 and E1Trunk Voice and WAN Wireless LANs and WANs Step 3: In the matrix, record the interface module type you need to purchase for your ISRs for upgrade purposes. Step 4: Use the Internet to research pictures of the modules. Provide a screenshot of the module or a hyperlink to a picture of each module. Step 5: Share your matrix with a classmate, group, class, or your instructor.
WAN Device Modules WAN Access Type 2900 and 1900 Series Module Availability EHWIC 1-port dual mode SFP(100M/1G) or GE(10M/100M/1G)* 2-port 10/100 Routed-Port HWIC Multimode VDSL2/ADSL/2/2+ EHWIC Annex (A, B, and M variations)* Multimode EFM/ATM SHDSL EHWIC 4-pair G.SHDSL HWIC with 2-wire, 4-wire, and 8-wire support or 2-pair G.
WAN Device Modules (for use with 2900 series only) One-port clear-channel T3/E3 Service Module 4-port clear-channel T1/E1 HWIC 4-port serial HWI (for use with 2900 and 1900 series) Serial 1-Port 4-Wire 56/64 Kpbs CSU/DSU WAN Interface Card 1-Port T1/Fractional T1 DSU/CSU High-Speed WAN Interface Card* 1-Port Serial High-Speed WAN Interface Card 2-Port Serial High-Speed WAN Interface Card 1 T1/E1 Trunk Voice and WAN Wireless LANs and WAN 1-port T1/E1 Voice / WAN w/ D&I & unstr
WAN Device Modules SMS/GPS (MC8705) ATT HSPA+ R7 EHWIC with SMS/GPS based on MC8705 3.
PPP Persuasion (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objectives Describe the benefits of using PPP over HDLC in a WAN. This activity can be completed individually or in small groups of 2-3 students per group. Scenario Your network engineering supervisor recently attended a networking conference where Layer 2 protocols were discussed.
PPP Persuasion HDLC and PPP Comparison Chart Criteria HDLC PPP Ease of Configuration Standard or default for all Cisco equipment Can be simple or more involved, depending upon the PPP options chosen to implement Adaptability to Non-Proprietary Network Equipment Not adaptable to other non-Cisco devices Adaptable to other non-proprietary devices Security Options Not offered CHAP (encrypted and secure link passwords) or PAP (non-encrypted link passwords) Bandwidth Usage and Compression Standard TD
Lab – Configuring Basic PPP with Authentication (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Configuring Basic PPP with Authentication Addressing Table Device Branch1 Interface IP Address Subnet Mask Default Gateway G0/1 192.168.1.1 255.255.255.0 N/A S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A S0/0/0 10.1.1.2 255.255.255.252 N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A Lo0 209.165.200.225 255.255.255.224 N/A G0/1 192.168.3.1 255.255.255.0 N/A S0/0/1 10.2.2.1 255.255.255.252 N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 PC-C NIC 192.168.3.3 255.
Lab – Configuring Basic PPP with Authentication Part 1: Configure Basic Device Settings In Part 1, you will set up the network topology and configure basic router settings, such as the interface IP addresses, routing, device access, and passwords. Step 1: Cable the network as shown in the topology. Attach the devices as shown in the Topology, and cable as necessary. Step 2: Initialize and reload the routers and switches. Step 3: Configure basic settings for each router. a. Disable DNS lookup. b.
Lab – Configuring Basic PPP with Authentication O*E2 O O 0.0.0.0/0 [110/1] via 10.1.1.2, 00:04:10, Serial0/0/0 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks 10.2.2.0/30 [110/128] via 10.1.1.2, 00:04:20, Serial0/0/0 192.168.3.0/24 [110/129] via 10.1.1.2, 00:03:21, Serial0/0/0 Branch1# show ip ospf interface brief Interface Se0/0/0 Gi0/1 PID 1 1 Area 0 0 IP Address/Mask 10.1.1.1/30 192.168.1.1/24 Cost 64 1 State Nbrs F/C P2P 1/1 DR 0/0 Branch1# show ip ospf neighbor Neighbor ID Pri 209.165.200.
Lab – Configuring Basic PPP with Authentication ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is 10.2.2.2 to network 0.0.0.0 O*E2 O O 0.0.0.0/0 [110/1] via 10.2.2.2, 00:08:14, Serial0/0/1 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks 10.1.1.0/30 [110/128] via 10.2.2.2, 00:08:14, Serial0/0/1 192.168.1.0/24 [110/129] via 10.2.2.
Lab – Configuring Basic PPP with Authentication Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1003 packets input, 78348 bytes, 0 no buffer Received 527 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1090 packets output, 80262 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffe
Lab – Configuring Basic PPP with Authentication d. Verify that interface S0/0/0 on both Branch1 and Central routers is up/up and is configured with PPP encapsulation.
Lab – Configuring Basic PPP with Authentication 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 41 packets input, 2811 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 40 packets output, 2739 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions D
Lab – Configuring Basic PPP with Authentication Branch1(config)# interface s0/0/0 Branch1(config-if)# encapsulation hdlc d. Observe the debug PPP messages on the Branch1 router. The serial connection has terminated, and the line protocol is down. The route to 10.1.1.2 (Central) has been removed from the routing table. Jun 20 02:29:50.295: Se0/0/0 PPP DISC: Lower Layer disconnected Jun 20 02:29:50.295: PPP: NET STOP send to AAA. Jun 20 02:29:50.
Lab – Configuring Basic PPP with Authentication .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20
Lab – Configuring Basic PPP with Authentication .Jun 20 02:30:36.596: Se0/0/0 PPP: Session handle[34000005] Session id[5] .Jun 20 02:30:36.
Lab – Configuring Basic PPP with Authentication Jun 20 03:01:59.439: Se0/0/0 PPP: Outbound cdp packet dropped, line protocol not up Jun 20 03:01:59.439: Se0/0/0 PPP: Phase is UP Jun 20 03:01:59.439: Se0/0/0 IPCP: Protocol configured, start CP. state[Initial] Jun 20 03:01:59.439: Se0/0/0 IPCP: Event[OPEN] State[Initial to Starting] Jun 20 03:01:59.439: Se0/0/0 IPCP: O CONFREQ [Starting] id 1 len 10 Jun 20 03:01:59.439: Se0/0/0 IPCP: Address 10.1.1.1 (0x03060A010101) Jun 20 03:01:59.
Lab – Configuring Basic PPP with Authentication
Lab – Configuring Basic PPP with Authentication Jun 20 03:02:02.017: Se0/0/0 PPP: O pkt type 0x0021, datagramsize 68 Jun 20 03:02:02.897: Se0/0/0 PPP: I pkt type 0x0021, datagramsize 112 link[ip] Jun 20 03:02:03.
Lab – Configuring Basic PPP with Authentication Central(config-if)# encapsulation ppp Central(config-if)# Jun 20 03:17:15.933: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.3.1 on Serial0/0/1 from FULL to DOWN, Neighbor Down: Interface down or detached Jun 20 03:17:17.933: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to down Jun 20 03:17:23.741: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up Jun 20 03:17:23.825: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.
Lab – Configuring Basic PPP with Authentication Branch3(config-if)# Jun 20 04:25:02.079: Se0/0/1 PPP DISC: Authentication configuration changed Jun 20 04:25:02.079: PPP: NET STOP send to AAA. Jun 20 04:25:02.079: Se0/0/1 IPCP: Event[DOWN] State[Open to Starting] Jun 20 04:25:02.079: Se0/0/1 IPCP: Event[CLOSE] State[Starting to Initial] Jun 20 04:25:02.079: Se0/0/1 CDPCP: Event[DOWN] State[Open to Starting] Jun 20 04:25:02.079: Se0/0/1 CDPCP: Event[CLOSE] State[Starting to Initial] Jun 20 04:25:02.
Lab – Configuring Basic PPP with Authentication
Lab – Configuring Basic PPP with Authentication .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 .Jun 20 changed .Jun 20 LOADING 05:05:16.089: Se0/0/1 PPP: Received SENDAUTH Response PASS 05:05:16.089: Se0/0/1 CHAP: Using hostname from configured hostname 05:05:16.089: Se0/0/1 CHAP: Using password from AAA 05:05:16.089: Se0/0/1 CHAP: O RESPONSE id 1 len 28 from "Central" 05:05:16.093: Se0/0/1 CHAP: I RESPONSE id 1 len 28 from "Branch3" 05:05:16.
Lab – Configuring Basic PPP with Authentication .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun .Jun 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 05:25:26.229: 05:25:26.229: 05:25:26.229: 05:25:26.229: 05:25:26.229: 05:25:26.229: 05:25:26.229: 05:25:26.229: 05:25:26.229: 05:25:26.229: 05:25:26.229: 05:25:26.233: 05:25:26.233: 05:25:26.233: 05:25:26.233: 05:25:26.
Lab – Configuring Basic PPP with Authentication 2. What are the indicators that you may have an authentication mismatch on a serial link? _______________________________________________________________________________________ Some of the indicators are: the route is removed from the routing table and the line protocol goes up and down.
Lab – Configuring Basic PPP with Authentication ! no aaa new-model memory-size iomem 15 ! ip cef ! ! ! ! ! no ip domain lookup no ipv6 cef multilink bundle-name authenticated ! ! ! ! username Central password 7 1511021F0725 ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.1 255.
Lab – Configuring Basic PPP with Authentication router ospf 1 network 10.1.1.0 0.0.0.3 area 0 network 192.168.1.0 0.0.0.255 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! banner motd ^C Unauthorized Access Prohibited.
Lab – Configuring Basic PPP with Authentication version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Central ! boot-start-marker boot-end-marker ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring Basic PPP with Authentication interface Loopback0 ip address 209.165.200.225 255.255.255.224 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.2 255.255.255.252 encapsulation ppp ppp authentication chap ! interface Serial0/0/1 ip address 10.2.2.2 255.255.255.
Lab – Configuring Basic PPP with Authentication Unauthorized Access Prohibited.
Lab – Configuring Basic PPP with Authentication ip cef ! ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! username Central password 7 0822455D0A16 ! redundancy ! ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.3.1 255.255.255.
Lab – Configuring Basic PPP with Authentication router ospf 1 network 10.2.2.0 0.0.0.3 area 0 network 192.168.3.0 0.0.0.255 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! banner motd ^C Unauthorized Access Prohibited.
Lab – Troubleshooting Basic PPP with Authentication (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Troubleshooting Basic PPP with Authentication Addressing Table Device R1 Interface IP Address Subnet Mask Default Gateway G0/1 192.168.1.1 255.255.255.0 N/A S0/0/0 (DCE) 192.168.12.1 255.255.255.252 N/A S0/0/1 192.168.13.1 255.255.255.252 N/A Lo0 209.165.200.225 255.255.255.252 N/A S0/0/0 192.168.12.2 255.255.255.252 N/A S0/0/1 (DCE) 192.168.23.1 255.255.255.252 N/A G0/1 192.168.3.1 255.255.255.0 N/A S0/0/0 (DCE) 192.168.13.2 255.255.255.252 N/A S0/0/1 192.168.
Lab – Troubleshooting Basic PPP with Authentication Ethernet and serial cables as shown in the topology Part 1: Build the Network and Load Device Configurations In Part 1, you will set up the network topology, configure basic settings on the PC hosts, and load configurations on the routers. Step 1: Cable the network as shown in the topology. Step 2: Configure the PC hosts. Step 3: Load router configurations. Load the following configurations into the appropriate router.
Lab – Troubleshooting Basic PPP with Authentication exit line con 0 password cisco logging synchronous login line vty 0 4 password cisco login Router R2 Configuration: hostname R2 enable secret class no ip domain lookup banner motd #Unauthorized Access is Prohibited!# username R1 password chap123 username r3 password chap123 ! username R3 password chap123 ! no username r3 password chap123 interface lo0 ip address 209.165.200.225 255.255.255.252 interface s0/0/0 ip address 192.168.12.2 255.255.255.
Lab – Troubleshooting Basic PPP with Authentication Router R3 Configuration: hostname R3 enable secret class no ip domain lookup banner motd #Unauthorized Access is Prohibited!# username R2 password chap123 username R3 password chap123 !no username R3 password chap123 !username R1 password chap123 interface g0/1 ip address 192.168.3.1 255.255.255.0 no shutdown interface s0/0/0 ip address 192.168.13.2 255.255.255.
Lab – Troubleshooting Basic PPP with Authentication Step 1: Examine the R1 configuration. a. Use the show interfaces command to determine whether PPP has been established on both serial links. R1# show interfaces s0/0/0 Serial0/0/0 is administratively down, line protocol is down Hardware is GT96K Serial Internet address is 192.168.12.
Lab – Troubleshooting Basic PPP with Authentication 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=down DSR=up DTR=down RTS=down CTS=down From the show interfaces results for S0/0/0 and S0/0/1, what are possib
Lab – Troubleshooting Basic PPP with Authentication *Jun *Jun *Jun *Jun *Jun *Jun *Jun *Jun *Jun #18 12:01:23.947: Se0/0/0 PPP: Received SENDAUTH Response PASS 18 12:01:23.947: Se0/0/0 CHAP: Using hostname from configured hostname 18 12:01:23.947: Se0/0/0 CHAP: Using password from AAA 18 12:01:23.947: Se0/0/0 CHAP: O RESPONSE id 1 len 23 from "R1" 18 12:01:23.947: Se0/0/0 CHAP: I RESPONSE id 1 len 23 from "R2" 18 12:01:23.951: Se0/0/0 PPP: Sent CHAP LOGIN Request 18 12:01:23.
Lab – Troubleshooting Basic PPP with Authentication *Jun 18 12:14:01.851: *Jun 18 12:14:01.851: *Jun 18 12:14:01.851: R1(config-if)# *Jun 18 12:14:04.860: changed state to up *Jun 18 12:14:04.868: changed state to down *Jun 18 12:14:06.
Lab – Troubleshooting Basic PPP with Authentication Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 52 packets output, 2772 bytes, 0 underruns 0 output errors, 0 collisions, 34 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 1 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R2# show interfaces s0/0/1 Serial0/0/1 is up, line protocol is down Hardware is GT96K Serial Internet address is
Lab – Troubleshooting Basic PPP with Authentication Current configuration : 89 bytes ! interface Serial0/0/1 ip address 192.168.23.1 255.255.255.252 clock rate 128000 end Resolve all problems found for the interfaces. Record the commands used to correct the configuration.
Lab – Troubleshooting Basic PPP with Authentication 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 507 packets output, 28030 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Has the link been established? _________ Yes Step 3: Examine the R3 configuration. a.
Lab – Troubleshooting Basic PPP with Authentication Keepalive set (10 sec) CRC checking enabled Last input 00:00:07, output 00:00:00, output hang never Last clearing of "show interface" counters 00:51:19 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 m
Lab – Troubleshooting Basic PPP with Authentication Resolve all problems found. Record the commands used to correct the configuration. ____________________________________________________________________________________ R3(config)# no username R3 password chap123 R3(config)# username R1 password chap123 d. Use the show interface command to verify that serial links have been established. R3# show interface s0/0/0 Serial0/0/0 is up, line protocol is up Hardware is GT96K Serial Internet address is 192.168.13.
Lab – Troubleshooting Basic PPP with Authentication Step 1: Verify that the interfaces listed in the Addressing Table are active and configured with the correct IP address information. Issue the show ip interface brief command on all routers to verify that the interfaces are in an up/up state. R1# show ip interface brief Interface Embedded-Service-Engine0/0 GigabitEthernet0/0 GigabitEthernet0/1 Serial0/0/0 Serial0/0/1 IP-Address unassigned unassigned 192.168.1.1 192.168.12.1 192.168.31.
Lab – Troubleshooting Basic PPP with Authentication 192.168.13.0 0.0.0.3 area 0 Passive Interface(s): GigabitEthernet0/1 Routing Information Sources: Gateway Distance 110 3.3.3.3 110 2.2.2.2 Distance: (default is 110) Last Update 00:01:46 00:01:46 R2# show ip protocols *** IP Routing is NSF aware *** Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 2.2.2.2 Number of areas in this router is 1.
Lab – Troubleshooting Basic PPP with Authentication ____________________________________________________________________________________ R3(config)# router ospf 1 R3(config-router)# network 192.168.3.0 0.0.0.255 area 0 Can PC-A ping PC-C? _______ Yes If connectivity does not exist between all hosts, then continue troubleshooting to resolve any remaining issues. Note: It may be necessary to disable the PC firewall for pings between the PCs to succeed.
Lab – Troubleshooting Basic PPP with Authentication boot-start-marker boot-end-marker ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Troubleshooting Basic PPP with Authentication ! ip forward-protocol nd ! no ip http server no ip http secure-server ! control-plane ! banner motd ^CUnauthorized Access is Prohibited!^C ! line con 0 password cisco logging synchronous login line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password cisco login transport input all ! scheduler allocate 20000 1000 ! end Router
Lab – Troubleshooting Basic PPP with Authentication no aaa new-model memory-size iomem 15 ! ip cef ! no ip domain lookup no ipv6 cef multilink bundle-name authenticated ! username R1 password 0 chap123 username R3 password 0 chap123 ! interface Loopback0 ip address 209.165.200.225 255.255.255.
Lab – Troubleshooting Basic PPP with Authentication ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.
Lab – Troubleshooting Basic PPP with Authentication no aaa new-model memory-size iomem 15 ! ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! username R2 password 0 chap123 username R1 password 0 chap123 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.3.1 255.255.255.0 duplex auto speed auto ! interface Serial0/0/0 ip address 192.168.13.
Lab – Troubleshooting Basic PPP with Authentication no ip http secure-server ! control-plane ! banner motd ^CUnauthorized Access is Prohibited!^C ! line con 0 password cisco logging synchronous login line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password cisco login transport input all ! scheduler allocate 20000 1000 ! end © 2013 Cisco and/or its affiliates.
PPP Validation (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Use show and debug commands to troubleshoot PPP. Instructor Note: This activity should be completed by groups of three students, but it can be completed by all individuals in a class at one time. Scenario Three friends who are enrolled in the Cisco Networking Academy want to check their knowledge of PPP network configuration.
PPP Validation Configure OSPF routing. Configure the clock to read today’s date. Change the OSPF router priorities on both serial interfaces. Scenario 2 Address the topology using IPv6. Configure PPP encapsulation with PAP. Configure EIGRP routing. Configure the clock to read the current time. Place a description on both connected serial interfaces. Scenario 3 Address the topology using IPv6. Configure a Message of the Day. Configure PPP with CHAP.
Emerging WAN Technologies (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Troubleshoot WAN issues that affect internetwork communications in a small- to medium-sized business network. Instructor Notes: This activity allows students to consider other options for WAN connectivity.
Emerging WAN Technologies Step 2: Create a matrix to record information about the two WAN technologies you chose. At a minimum, include: a. A short description of the technology b. Physical requirements to set up the technology 1) Cabling requirements 2) Network devices necessary to operate the WAN technology 3) Who provides the network devices necessary to operate the WAN technology c. Benefits of this type of WAN technology d. Disadvantages to implementing or changing to this form of WAN technology e.
Emerging WAN Technologies increased bandwidth availability (1 Gb/s; some sources currently list GigaMAN bandwidth capabilities at 10 Gb/s). Due to its branch-to-region operation, this type of technology is well-suited to companies with many branches, such as with educational systems. Disadvantages Currently limited to regional and branch use, as service providers are working to expand the distance limitations.
Lab – Configuring Frame Relay and Subinterfaces (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Configuring Frame Relay and Subinterfaces Addressing Table Device Interface IPv4 and IPv6 Address Default Gateway G0/0 192.168.1.1/24 2001:DB8:ACAD:A::1/64 FE80::1 link-local N/A S0/0/0 (DCE) 10.1.1.1/30 2001:DB8:ACAD:B::1/64 FE80::1 link-local N/A S0/0/0 N/A N/A S0/0/1 (DCE) N/A N/A G0/0 192.168.3.1/24 2001:DB8:ACAD:C::3/64 FE80::3 link-local N/A S0/0/1 10.1.1.2/30 2001:DB8:ACAD:B::3/64 FE80::3 link-local N/A PC-A NIC 192.168.1.3/24 2001:DB8:ACAD:A::A/64 192.168.1.
Lab – Configuring Frame Relay and Subinterfaces Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with Cisco IOS Release 15.2(4)M3 (universalk9 image). Other routers and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the correct interface identifiers.
Lab – Configuring Frame Relay and Subinterfaces Part 2: Configure a Frame Relay Switch In Part 2, you will configure a Frame Relay switch. You will create permanent virtual circuits (PVCs) and assign Data Link Connection Identifiers (DLCIs). This configuration creates two PVCs: one from R1 to R3 (DLCI 103), and one from R3 to R1 (DLCI 301). Step 1: Configure the FR router as a Frame Relay switch.
Lab – Configuring Frame Relay and Subinterfaces Local Switched Unused Active 0 0 0 Inactive 0 1 0 Deleted 0 0 0 Static 0 0 0 DLCI = 103, DLCI USAGE = SWITCHED, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0 input pkts 0 output pkts 0 in bytes 0 out bytes 0 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 30 second input rate 0 bits/sec, 0 packets/sec 30 sec
Lab – Configuring Frame Relay and Subinterfaces FR# show frame-relay route Input Intf Serial0/0/0 Serial0/0/1 Input Dlci 103 301 Output Intf Serial0/0/1 Serial0/0/0 Output Dlci 301 103 Status inactive inactive Part 3: Configure Basic Frame Relay In Part 3, you will configure Frame Relay on routers R1 and R3. After Frame Relay is configured, you will enable the EIGRP routing protocol to provide end-to-end connectivity. Step 1: Configure R1 for Frame Relay.
Lab – Configuring Frame Relay and Subinterfaces R3(config-if)# R3(config-if)# R3(config-if)# R3(config-if)# R3(config-if)# R3(config-if)# frame-relay frame-relay frame-relay frame-relay frame-relay no shutdown map map map map map ip 10.1.1.1 301 broadcast ipv6 2001:db8:acad:b::1 301 ipv6 fe80::1 301 broadcast ip 10.1.1.
Lab – Configuring Frame Relay and Subinterfaces Local Switched Unused 1 0 0 0 0 0 0 0 0 0 0 0 DLCI = 103, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 input pkts 22 output pkts 154 in bytes 2240 out bytes 10860 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 134 out bcast bytes 8780 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/s
Lab – Configuring Frame Relay and Subinterfaces Serial0/0/0 Serial0/0/0 Serial0/0/0 Serial0/0/0 CISCO, status defined, active (up): ipv6 2001:DB8:ACAD:B::1 dlci 103(0x67,0x1870), static, CISCO, status defined, active (up): ip 10.1.1.1 dlci 103(0x67,0x1870), static, CISCO, status defined, active (up): ipv6 2001:DB8:ACAD:B::3 dlci 103(0x67,0x1870), static, CISCO, status defined, active (up): ip 10.1.1.
Lab – Configuring Frame Relay and Subinterfaces R1(config-if)# ipv6 eigrp 1 R3(config)# router eigrp 1 R3(config-router)# no auto-summary R3(config-router)# eigrp router-id 3.3.3.3 R3(config-router)# network 10.1.1.0 0.0.0.3 R3(config-router)# network 192.168.3.0 R3(config-router)# ipv6 router eigrp 1 R3(config-rtr)# router-id 3.3.3.
Lab – Configuring Frame Relay and Subinterfaces R1# undebug all All possible debugging has been turned off Step 2: Remove the IPv4 frame map from R1. a. Issue the no frame-relay map command to remove the IPv4 frame map on R1. R1(config)# interface s0/0/0 R1(config-if)# no frame-relay map ip 10.1.1.2 103 broadcast b. Issue the debug ip icmp command on R1. R1# debug ip icmp ICMP packet debugging is on c. Ping R1 from R3. Pings should not be successful.
Lab – Configuring Frame Relay and Subinterfaces CISCO, status defined, active Serial0/0/0 (up): ip 10.1.1.1 dlci 103(0x67,0x1870), static, CISCO, status defined, active Serial0/0/0 (up): ipv6 2001:DB8:ACAD:B::3 dlci 103(0x67,0x1870), static, CISCO, status defined, active e. Issue the undebug all command to turn off debugging on R1. R1# undebug all All possible debugging has been turned off f. Re-apply the frame-relay map ip command to S0/0/0 on R1, but without using the broadcast keyword.
Lab – Configuring Frame Relay and Subinterfaces ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is not set C L C L D 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 10.1.1.0/30 is directly connected, Serial0/0/0 10.1.1.1/32 is directly connected, Serial0/0/0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks 192.168.1.
Lab – Configuring Frame Relay and Subinterfaces Step 4: Change the LMI type. a. Issue the frame-relay lmi-type ansi command on interface S0/0/1 on R3. R3(config-if)# frame-relay lmi-type ansi b. After at least 60 seconds, issue the show interfaces s0/0/1 command on R3. When 60 seconds have passed, the interface changes its state to up, then down, because R3 is expecting ANSI LMI, and FR is sending Cisco LMI.
Lab – Configuring Frame Relay and Subinterfaces *Jun *Jun *Jun *Jun 26 26 26 26 21:49:20.829: datagramstart = 0xC317554, datagramsize = 14 21:49:20.829: FR encap = 0x00010308 21:49:20.829: 00 75 95 01 01 00 03 02 69 00 21:49:20.829: e. Restore the LMI type back to Cisco on R3. Notice that the debug messages change after you issue this command. The LMI sequence number has been reset to 1. R3 began to understand the LMI messages coming in from FR.
Lab – Configuring Frame Relay and Subinterfaces Part 5: Configure a Frame Relay Subinterface Frame Relay supports two types of subinterfaces: point-to-point and point-to-multipoint. Point-to-multipoint subinterfaces support non-broadcast multiaccess topologies. For example, a hub and spoke topology would use a point-to-multipoint subinterface. In Part 5, you will create a point-to-point subinterface. Step 1: On the FR router, create new PVCs between R1 and R3.
Lab – Configuring Frame Relay and Subinterfaces Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms R3# ping 2001:db8:acad:d::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:ACAD:D::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms d. Issue the show frame-relay pvc command on R1 and R3 to display the PVC status.
Lab – Configuring Frame Relay and Subinterfaces DLCI = 301, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/1 input pkts 1406 output pkts 1176 in bytes 105143 out bytes 93110 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 1038 out bcast bytes 80878 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 07:51:07,
Lab – Configuring Frame Relay and Subinterfaces status defined, active R3# show frame-relay map Serial0/0/1 (up): ipv6 FE80::1 dlci 301(0x12D,0x48D0), static, broadcast, CISCO, status defined, active Serial0/0/1 (up): ipv6 2001:DB8:ACAD:B::3 dlci 301(0x12D,0x48D0), static, CISCO, status defined, active Serial0/0/1 (up): ip 10.1.1.
Lab – Configuring Frame Relay and Subinterfaces Subinterfaces address the limitations of Frame Relay networks by providing a way to subdivide a partially meshed Frame Relay network into a number of smaller, fully meshed, or point-to-point subnetworks. Each subnetwork is assigned its own network number and appears to the protocols as if it were reachable through a separate interface.
Lab – Configuring Frame Relay and Subinterfaces no aaa new-model memory-size iomem 15 ! ip cef ! no ip domain lookup no ipv6 cef multilink bundle-name authenticated ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ipv6 address FE80::1 link-local ipv6 address 2001:DB8:ACAD:A::1/64 ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.1 255.
Lab – Configuring Frame Relay and Subinterfaces login line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 094F471A1A0A login transport input all ! scheduler allocate 20000 1000 ! end Router FR (After Parts 1 and 2 of this lab) FR# show run Building configuration... Current configuration : 1671 bytes ! version 15.
Lab – Configuring Frame Relay and Subinterfaces no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address encapsulation frame-relay frame-relay intf-type dce frame-relay route 103 interface Serial0/0/1 301 ! interface Serial0/0/1 no ip address encapsulation frame-relay clock rate 128000 frame-relay intf-type dce frame-relay route 301 interface Serial0/0
Lab – Configuring Frame Relay and Subinterfaces line vty 0 4 password 7 01100F175804 login transport input all ! scheduler allocate 20000 1000 ! end Router R3 (After Parts 1 and 2 of this lab) R3# sh run Building configuration... Current configuration : 1674 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring Frame Relay and Subinterfaces no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 ip address 10.1.1.2 255.255.255.
Lab – Configuring Frame Relay and Subinterfaces Current configuration : 2055 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring Frame Relay and Subinterfaces clock rate 128000 frame-relay map ipv6 2001:DB8:ACAD:B::1 103 frame-relay map ip 10.1.1.1 103 frame-relay map ipv6 FE80::3 103 broadcast frame-relay map ipv6 2001:DB8:ACAD:B::3 103 frame-relay map ip 10.1.1.2 103 broadcast no frame-relay inverse-arp ! interface Serial0/0/1 no ip address shutdown ! ! router eigrp 1 network 10.1.1.0 0.0.0.3 network 192.168.1.0 eigrp router-id 1.1.1.
Lab – Configuring Frame Relay and Subinterfaces end Router FR (After Part 3 of this lab) FR# show run Building configuration... Current configuration : 1671 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname FR ! boot-start-marker boot-end-marker ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring Frame Relay and Subinterfaces interface Serial0/0/0 no ip address encapsulation frame-relay frame-relay intf-type dce frame-relay route 103 interface Serial0/0/1 301 ! interface Serial0/0/1 no ip address encapsulation frame-relay clock rate 128000 frame-relay intf-type dce frame-relay route 301 interface Serial0/0/0 103 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! control-plane ! banner motd ^C Unauthorized Access is Prohibited! ^C ! line con 0 password 7 094F471
Lab – Configuring Frame Relay and Subinterfaces version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring Frame Relay and Subinterfaces ipv6 address FE80::3 link-local ipv6 address 2001:DB8:ACAD:B::3/64 ipv6 eigrp 1 frame-relay map ipv6 2001:DB8:ACAD:B::3 301 frame-relay map ip 10.1.1.2 301 frame-relay map ipv6 FE80::1 301 broadcast frame-relay map ipv6 2001:DB8:ACAD:B::1 301 frame-relay map ip 10.1.1.1 301 broadcast no frame-relay inverse-arp ! router eigrp 1 network 10.1.1.0 0.0.0.3 network 192.168.3.0 eigrp router-id 3.3.3.
Lab – Configuring Frame Relay and Subinterfaces Router R1 - Final R1# show run Building configuration... Current configuration : 2296 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring Frame Relay and Subinterfaces interface Serial0/0/0 ip address 10.1.1.1 255.255.255.252 encapsulation frame-relay ipv6 address FE80::1 link-local ipv6 address 2001:DB8:ACAD:B::1/64 ipv6 eigrp 1 clock rate 128000 frame-relay map ip 10.1.1.2 103 broadcast frame-relay map ipv6 FE80::3 103 broadcast frame-relay map ipv6 2001:DB8:ACAD:B::1 103 frame-relay map ip 10.1.1.1 103 frame-relay map ipv6 2001:DB8:ACAD:B::3 103 no frame-relay inverse-arp ! interface Serial0/0/0.
Lab – Configuring Frame Relay and Subinterfaces transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 121A0C041104 login transport input all ! scheduler allocate 20000 1000 ! end Router FR (Final) FR# show run Building configuration... Current configuration : 1769 bytes ! version 15.
Lab – Configuring Frame Relay and Subinterfaces shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address encapsulation frame-relay frame-relay intf-type dce frame-relay route 103 interface Serial0/0/1 301 frame-relay route 113 interface Serial0/0/1 311 ! interface Serial0/0/1 no ip address encapsulation frame-relay clock rate 128000 frame-relay intf-type dce frame-relay route 301 interface Serial0/0/0 103 frame-relay r
Lab – Configuring Frame Relay and Subinterfaces transport input all ! scheduler allocate 20000 1000 ! end Router R3 (Final) R3# show run Building configuration... Current configuration : 2298 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring Frame Relay and Subinterfaces shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 ip address 10.1.1.2 255.255.255.252 encapsulation frame-relay ipv6 address FE80::3 link-local ipv6 address 2001:DB8:ACAD:B::3/64 ipv6 eigrp 1 frame-relay map ipv6 FE80::1 301 broadcast frame-relay map ipv6 2001:DB8:ACAD:B::3 301 frame-relay map ip 10.1.1.2 301 frame-relay map ipv6 2001:DB8:ACAD:B::1 301 frame-relay map ip 10.1.1.
Lab – Configuring Frame Relay and Subinterfaces logging synchronous login line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 030752180500 login transport input all ! scheduler allocate 20000 1000 ! end © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Troubleshooting Basic Frame Relay (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device R1 Interface IP Address Subnet Mask Default Gateway G0/0 192.168.1.1 255.255.255.0 N/A S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A S0/0/0 N/A N/A N/A S0/0/1 (DCE) N/A N/A N/A G0/0 192.168.3.1 255.255.255.0 N/A S0/0/1 10.1.1.2 255.255.255.252 N/A PC-A NIC 192.168.1.3 255.255.255.
Lab – Troubleshooting Basic Frame Relay Background / Scenario Frame Relay is a WAN protocol that operates at the physical and data link layers of the OSI reference model. Unlike leased lines, Frame Relay requires only a single-access circuit to the Frame Relay provider to communicate with multiple sites that are connected to the same provider. Configuring Frame Relay at the customer site is generally simple; however, configuration problems can occur.
Lab – Troubleshooting Basic Frame Relay clock rate 128000 frame-relay map ip 10.1.1.2 101 !frame-relay map ip 10.1.1.2 101 broadcast !frame-relay map ip 10.1.1.1 101 no frame-relay inverse-arp no shutdown router eigrp 1 network 10.1.0.0 0.0.0.3 !network 10.1.1.0 0.0.0.3 network 192.168.1.0 eigrp router-id 1.1.1.
Lab – Troubleshooting Basic Frame Relay password cisco login end Frame Relay Switch (router FR) Configuration: hostname FR frame-relay switching interface Serial0/0/0 no ip address encapsulation frame-relay frame-relay intf-type dce frame-relay route 101 interface Serial0/0/1 201 no shutdown interface Serial0/0/1 no ip address encapsulation frame-relay clock rate 2000000 frame-relay intf-type dce frame-relay route 201 interface Serial0/0/0 101 no shutdown end Step 4: Save your configuration.
Lab – Troubleshooting Basic Frame Relay Serial0/0/1 10.1.1.2 YES manual up up b. Issue the show run | section interface command to view all the commands related to interfaces. R1: R1# show run | section interface interface Embedded-Service-Engine0/0 no ip address shutdown interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 shutdown duplex auto speed auto interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto interface Serial0/0/0 ip address 10.1.1.5 255.255.255.
Lab – Troubleshooting Basic Frame Relay interface Serial0/0/1 ip address 10.1.1.2 255.255.255.252 encapsulation frame-relay frame-relay map ip 10.1.1.1 202 broadcast frame-relay map ip 10.1.1.2 201 no frame-relay inverse-arp c. Resolve all problems found. Record the commands used to correct the configuration.
Lab – Troubleshooting Basic Frame Relay Routing for Networks: 10.1.0.0/30 192.168.1.
Lab – Troubleshooting Basic Frame Relay R1# show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l
Lab – Troubleshooting Basic Frame Relay Active Router Interfaces Router R1 G0/0 R1 S0/0/0 R3 G0/0 R3 S0/0/1 R1 Yes No No No R3 No No Yes Yes Because IPv4 addressing and EIGRP configuration issues have been checked and corrected, the problems must exist with the Frame Relay configuration. Step 2: Verify Frame Relay configurations on R1 and R3. a. Issue the show frame-relay pvc command on R1 and R3.
Lab – Troubleshooting Basic Frame Relay out bcast pkts 0 out bcast bytes 0 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 04:16:10, last time pvc status changed 01:03:33 DLCI = 202, DLCI USAGE = LOCAL, PVC STATUS = DELETED, INTERFACE = Serial0/0/1 input pkts 0 output pkts 0 in bytes 0 out bytes 0 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out D
Lab – Troubleshooting Basic Frame Relay Invalid Status Message 0 Invalid Information ID 0 Invalid Report Request 0 Num Status Enq. Sent 6227 Num Update Status Rcvd 0 Last Full Status Req 00:00:56 Invalid Lock Shift 0 Invalid Report IE Len 0 Invalid Keep IE Len 0 Num Status msgs Rcvd 6228 Num Status Timeouts 0 Last Full Status Rcvd 00:00:56 d. Resolve all problems found. Record your answers below.
Lab – Troubleshooting Basic Frame Relay i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is not set D 192.168.1.0/24 [90/2172416] via 10.1.1.1, 00:27:32, Serial0/0/1 b. Issue a show frame-relay map command on both R1 and R3.
Lab – Troubleshooting Basic Frame Relay Router Interface Summary Table Router Interface Summary Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1
Lab – Troubleshooting Basic Frame Relay speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.1 255.255.255.252 encapsulation frame-relay clock rate 128000 frame-relay map ip 10.1.1.1 101 frame-relay map ip 10.1.1.2 101 broadcast no frame-relay inverse-arp ! interface Serial0/0/1 no ip address shutdown ! ! router eigrp 1 network 10.1.1.0 0.0.0.3 network 192.168.1.0 eigrp router-id 1.1.1.
Lab – Troubleshooting Basic Frame Relay transport input all ! scheduler allocate 20000 1000 ! end Router R3 R3#sh run Building configuration... Current configuration : 1448 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 ! no ip domain lookup ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 192.168.
Lab – Troubleshooting Basic Frame Relay ! router eigrp 1 network 10.1.1.0 0.0.0.3 network 192.168.3.0 eigrp router-id 3.3.3.
Frame Relay Budget Proposal (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Describe Frame Relay operation. Instructor Note: This activity can be completed singularly or in small groups and then shared between groups or with the class. Scenario It has been decided that your company will use Frame Relay technology to provide video connectivity between your main office location and two branch offices.
Frame Relay Budget Proposal Instructor: Students can choose to design more than one matrix for their cost proposal; however, one matrix will suffice to list all pricing or two can be designed to show one-time costs and monthly costs. Ensure that all students are aware that Frame Relay costs are approximate and vary per ISP carrier and that different ISPs charge different rates for different services. Step 4: Present the cost analysis to solicit comments and approval from the company administrators.
Frame Relay Budget Proposal Cost of Frame Relay Port(s) DLCI Virtual Circuit Costs Three T1 ports (one-time installation only) 3 x $375 $1,125 Monthly cost for three T1 ports 3 x $500 per month $1,500 Six DLCI virtual circuits (see Table 1) 6 x $15 each DLCI , monthly $90 Total One-Time Costs $3,027* *Does not include internetwork customer premises equipment costs, which could be charged by the ISP or purchased by the company for Frame Relay connectivity; for example, CSU/DSUs.
Conceptual NAT (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Describe NAT characteristics. This activity introduces students to the concept of network address translation. Scenario You work for a large university or school system. Because you are the network administrator, many professors, administrative workers, and other network administrators need your assistance with their networks on a daily basis.
Conceptual NAT c. If a student reports a fact to the class that you did not record, add it to your list. Instructor Resource Information It is suggested that you display the Web page used as a basis for this activity while comparing facts students report after reading the article. Make sure you correct any misunderstandings found in the reading of the web article before moving to the curriculum content.
Lab – Configuring Dynamic and Static NAT (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Gateway Interface IP Address Subnet Mask Default Gateway G0/1 192.168.1.1 255.255.255.0 N/A S0/0/1 209.165.201.18 255.255.255.252 N/A S0/0/0 (DCE) 209.165.201.17 255.255.255.252 N/A Lo0 192.31.7.1 255.255.255.255 N/A PC-A (Simulated Server) NIC 192.168.1.20 255.255.255.0 192.168.1.
Lab – Configuring Dynamic and Static NAT In this lab, an ISP has allocated the public IP address space of 209.165.200.224/27 to a company. This provides the company with 30 public IP addresses. The addresses, 209.165.200.225 to 209.165.200.241, are for static allocation and 209.165.200.242 to 209.165.200.254 are for dynamic allocation. A static route is used from the ISP to the gateway router, and a default route is used from the gateway to the ISP router.
Lab – Configuring Dynamic and Static NAT ISP(config)# username webuser privilege 15 secret webpass b. Enable the HTTP server service on ISP. ISP(config)# ip http server c. Configure the HTTP service to use the local user database. ISP(config)# ip http authentication local Step 6: Configure static routing. a. Create a static route from the ISP router to the Gateway router using the assigned public network address range 209.165.200.224/27. ISP(config)# ip route 209.165.200.224 255.255.255.224 209.165.201.
Lab – Configuring Dynamic and Static NAT What is the translation of the Inside local host address? 192.168.1.20 = _________________________________________________________ 209.165.200.225 The Inside global address is assigned by? ____________________________________________________________________________________ The router from the NAT pool. The Inside local address is assigned by? ____________________________________________________________________________________ The administrator for the workstation. b.
Lab – Configuring Dynamic and Static NAT Peak translations: 2, occurred 00:02:12 ago Outside interfaces: Serial0/0/1 Inside interfaces: GigabitEthernet0/1 Hits: 39 Misses: 0 CEF Translated packets: 39, CEF Punted packets: 0 Expired translations: 3 Dynamic mappings: Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 Note: This is only a sample output. Your output may not match exactly.
Lab – Configuring Dynamic and Static NAT Appl doors: 0 Normal doors: 0 Queued Packets: 0 Step 4: Define the pool of usable public IP addresses. Gateway(config)# ip nat pool public_access 209.165.200.242 209.165.200.254 netmask 255.255.255.224 Step 5: Define the NAT from the inside source list to the outside pool. Note: Remember that NAT pool names are case-sensitive and the pool name entered here must match that used in the previous step.
Lab – Configuring Dynamic and Static NAT --- 209.165.200.242 192.168.1.22 --- --- What protocol was used in this translation? ____________ tcp What port numbers were used? Inside: ________________ 1038 to 1052. Answers will vary outside: ________________ 80 What well-known port number and service was used? ________________ port 80, www or http d. Verify NAT statistics by using the show ip nat statistics command on the Gateway router.
Lab – Configuring Dynamic and Static NAT Inside interfaces: GigabitEthernet0/1 Hits: 16 Misses: 0 CEF Translated packets: 285, CEF Punted packets: 0 Expired translations: 11 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 pool public_access refcount 4 pool public_access: netmask 255.255.255.224 start 209.165.200.242 end 209.165.200.
Lab – Configuring Dynamic and Static NAT Router Interface Summary Table Router Interface Summary Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/
Lab – Configuring Dynamic and Static NAT ! ! ! ! ! no ip domain lookup ip cef no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.
Lab – Configuring Dynamic and Static NAT no ip http server no ip http secure-server ! ip nat inside source static 192.168.1.20 209.165.200.225 ip route 0.0.0.0 0.0.0.0 209.165.201.
Lab – Configuring Dynamic and Static NAT ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 ! no aaa new-model memory-size iomem 15 ! ! ! ! ! ! ! no ip domain lookup ip cef no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.
Lab – Configuring Dynamic and Static NAT ip address 209.165.201.18 255.255.255.252 ip nat outside ip virtual-reassembly in ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat pool public_access 209.165.200.242 209.165.200.254 netmask 255.255.255.224 ip nat inside source list 1 pool public_access ip route 0.0.0.0 0.0.0.0 209.165.201.17 ! access-list 1 permit 192.168.1.0 0.0.0.
Lab – Configuring Dynamic and Static NAT version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 ! no aaa new-model memory-size iomem 10 ! ! ! ! ! ! no ip domain lookup ip cef no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! username webuser privilege 15 secret 4 ZMYyKvmzVsyor8jHyP9ox.
Lab – Configuring Dynamic and Static NAT interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 209.165.201.17 255.255.255.252 clock rate 128000 ! interface Serial0/0/1 no ip address shutdown ! ip forward-protocol nd ! ip http server ip http authentication local no ip http secure-server ! ip route 209.165.200.224 255.255.255.224 209.165.201.
Lab – Configuring Port Address Translation (PAT) (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Gateway Interface IP Address Subnet Mask Default Gateway G0/1 192.168.1.1 255.255.255.0 N/A S0/0/1 209.165.201.18 255.255.255.252 N/A S0/0/0 (DCE) 209.165.201.17 255.255.255.252 N/A Lo0 192.31.7.1 255.255.255.255 N/A PC-A NIC 192.168.1.20 255.255.255.0 192.168.1.
Lab – Configuring Port Address Translation (PAT) connections using the IP address plus a unique port number. After the maximum number of translations for a single IP address have been reached on the router (platform and hardware specific), it uses the next IP address in the pool. NAT pool overload is a form port address translation (PAT) that overloads a group of public IPv4 addresses. In Part 2, the ISP has allocated a single IP address, 209.165.201.
Lab – Configuring Port Address Translation (PAT) Step 5: Configure static routing. a. Create a static route from the ISP router to the Gateway router. ISP(config)# ip route 209.165.200.224 255.255.255.248 209.165.201.18 b. Create a default route from the Gateway router to the ISP router. Gateway(config)# ip route 0.0.0.0 0.0.0.0 209.165.201.17 Step 6: Verify network connectivity. a. From the PC hosts, ping the G0/1 interface on the Gateway router. Troubleshoot if the pings are unsuccessful. b.
Lab – Configuring Port Address Translation (PAT) Hits: 24 Misses: 0 CEF Translated packets: 24, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 pool public_access refcount 3 pool public_access: netmask 255.255.255.248 start 209.165.200.225 end 209.165.200.230 type generic, total addresses 6, allocated 1 (16%), misses 0 Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 c. Display NATs on the Gateway router.
Lab – Configuring Port Address Translation (PAT) Gateway# show ip nat statistics Step 3: Remove the pool of useable public IP addresses. Gateway(config)# no ip nat pool public_access 209.165.200.225 209.165.200.230 netmask 255.255.255.248 Step 4: Remove the NAT translation from inside source list to outside pool. Gateway(config)# no ip nat inside source list 1 pool public_access overload Step 5: Associate the source list with the outside interface.
Lab – Configuring Port Address Translation (PAT) Router Interface Summary Table Router Interface Summary Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/
Lab – Configuring Port Address Translation (PAT) ! ! ! ! ! no ip domain lookup ip cef no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 ip address 209.
Lab – Configuring Port Address Translation (PAT) no ip http secure-server ! ip nat pool public_access 209.165.200.225 209.165.200.230 netmask 255.255.255.248 ip nat inside source list 1 pool public_access overload ip route 0.0.0.0 0.0.0.0 209.165.201.17 ! access-list 1 permit 192.168.1.0 0.0.0.
Lab – Configuring Port Address Translation (PAT) boot-end-marker ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 ! no aaa new-model memory-size iomem 15 ! ! ! ! ! ! ! no ip domain lookup ip cef no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.
Lab – Configuring Port Address Translation (PAT) interface Serial0/0/1 ip address 209.165.201.18 255.255.255.252 ip nat outside ip virtual-reassembly in ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source list 1 interface Serial0/0/1 overload ip route 0.0.0.0 0.0.0.0 209.165.201.17 ! access-list 1 permit 192.168.1.0 0.0.0.
Lab – Configuring Port Address Translation (PAT) service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 ! no aaa new-model memory-size iomem 10 ! ! ! ! ! ! ! no ip domain lookup ip cef no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.31.7.1 255.255.255.
Lab – Configuring Port Address Translation (PAT) no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 209.165.201.17 255.255.255.252 clock rate 128000 ! interface Serial0/0/1 no ip address shutdown ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 209.165.200.224 255.255.255.224 209.165.201.
Lab - Troubleshooting NAT Configurations (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Gateway Interface IP Address Subnet Mask Default Gateway G0/1 192.168.1.1 255.255.255.0 N/A S0/0/1 209.165.200.225 255.255.255.252 N/A S0/0/0 (DCE) 209.165.200.226 255.255.255.252 N/A Lo0 198.133.219.1 255.255.255.255 N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.
Lab - Troubleshooting NAT Configurations PC-B acts as a host computer and dynamically receives an IP address from the created pool of addresses called NAT_POOL, which uses the 209.165.200.240/29 range. Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco IOS Release 15.0(2) (lanbasek9 image). Other routers, switches and Cisco IOS versions can be used.
Lab - Troubleshooting NAT Configurations b. Create a default route from the Gateway router to the ISP router. Gateway(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1 Step 6: Load router configurations. The configurations for the routers are provided for you. There are errors with the configuration for the Gateway router. Identify and correct the configurations errors.
Lab - Troubleshooting NAT Configurations --- 209.165.200.254 192.168.2.3 --- --- Why are you seeing a NAT translation in the table, but none occurred when PC-A pinged the ISP loopback interface? What is needed to correct the issue? ____________________________________________________________________________________ The static translation is for an incorrect inside local address. d. Record any commands that are necessary to correct the static NAT configuration error.
Lab - Troubleshooting NAT Configurations Gateway# show running-config Building configuration... Current configuration : 1806 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Gateway ! boot-start-marker boot-end-marker ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab - Troubleshooting NAT Configurations ip address 209.165.200.225 255.255.255.252 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat pool NAT_POOL 209.165.200.241 209.165.200.246 netmask 255.255.255.248 ip nat inside source list NAT_ACL pool NATPOOL ip nat inside source static 192.168.1.3 209.165.200.254 ip route 0.0.0.0 0.0.0.0 Serial0/0/1 ! ip access-list standard NAT_ACL permit 192.168.10.0 0.0.0.
Lab - Troubleshooting NAT Configurations ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Gateway(config)# interface g0/1 Gateway(config-if)# no ip nat outside Gateway(config-if)# ip nat inside Gateway(config-if)# exit Gateway(config)# interface s0/0/0 Gateway(config-if)# no ip nat outside Gateway(config-
Lab - Troubleshooting NAT Configurations Part 3: Troubleshoot Dynamic NAT a. From PC-B, ping Lo0 on the ISP router. Do any NAT debug translations appear on the Gateway router? ________________ No b. On the Gateway router, enter the command that allows you to view the current configuration of the router. Are there any problems with the current configuration that prevent dynamic NAT from occurring? ____________________________________________________________________________________ Yes.
Lab - Troubleshooting NAT Configurations [Id: 2] access-list NAT_ACL pool NAT_POOL refcount 1 pool NAT_POOL: netmask 255.255.255.248 start 209.165.200.241 end 209.165.200.246 type generic, total addresses 6, allocated 1 (16%), misses 0 Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 Is the NAT occurring successfully? _______________ Yes What percentage of dynamic addresses has been allocated? __________ 16% f. Turn off all debugging using the undebug all command. Reflection 1.
Lab - Troubleshooting NAT Configurations Router Interface Summary Table Router Interface Summary Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/
Lab - Troubleshooting NAT Configurations ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! redundancy ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 ip address 209.165.200.225 255.255.255.
Lab - Troubleshooting NAT Configurations ! ! ! ! control-plane ! ! banner motd ^CAUTHORIZED ACCESS ONLY^C ! line con 0 password cisco logging synchronous login line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password cisco login transport input all ! scheduler allocate 20000 1000 ! end Router ISP ISP#show run Building configuration...
Lab - Troubleshooting NAT Configurations no aaa new-model memory-size iomem 15 ! no ip domain lookup ip cef ! ! ! ! ! ! no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! ! ! ! interface Loopback0 ip address 198.133.219.1 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 209.165.200.
Lab - Troubleshooting NAT Configurations ! no ip http server no ip http secure-server ! ip route 209.165.200.224 255.255.255.
NAT Check (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Configure, verify and analyze static NAT, dynamic NAT and NAT with overloading. Instructor Note: This activity can be completed individually or in small or large groups. Scenario Network address translation is not currently included in your company’s network design.
NAT Check Step 7: Explain the NAT design and output to another group or to the class. Suggested Activity Example (student designs will vary): NAT Topology Diagram R2# show ip nat translations Pro Inside global icmp 192.168.1.1:2 Inside local 192.168.1.2:2 Outside local 192.168.3.2:2 Outside global 192.168.3.
NAT Check 2. Operation 3. Troubleshooting © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Broadband Varieties (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Select broadband solutions to support remote connectivity in a small- to medium-sized business network. Instructor Note: This activity can be completed individually or in small groups. The three major types of broadband transmission as specified in the chapter content are the focus of this activity.
Broadband Varieties Step 3: Using the options from Step 2, create a matrix that lists the advantages and disadvantages of each broadband type. Step 4: Share your research with the class or another group. Suggested Activity Examples: Broadband Variations* Broadband Type DSL Advantages High-speed downloads of up to 1.5 Mb/s, which can be more or less depending on the ISP. Not every telephone line will work; the ISP may need to perform an analysis. Business-level DSL service offers guaranteed data rates.
Lab – Researching Broadband Internet Access Technologies (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objectives Part 1: Investigate Broadband Distribution Part 2: Research Broadband Access Options for Specific Scenarios Background / Scenario Although broadband Internet access options have increased dramatically in recent years, broadband access varies greatly depending on location.
Lab – Researching Broadband Internet Access Technologies ISP c. Connection Type Download Speed Time Warner Cable 10-25 Mb/s Frontier ADSL 6-10 Mb/s Click Show Wireless and Expand All. What, if any, wireless broadband Internet connections are available in this location? Complete the table below. Answers will vary. See table below for examples. ISP Connection Type Download Speed Omnicity Fixed Wireless 1.5-3 Mb/s Verizon Mobile Wireless 768 Kpbs-1.
Lab – Researching Broadband Internet Access Technologies For wired connections, order the wired broadband connections from least to greatest in terms of geographical area covered. List your answer in the space provided. ____________________________________________________________________________________ Fiber, cable, and DSL f. In the gallery of maps at the bottom of the web page, select Broadband Availability Across Demographic Characteristics.
Lab – Researching Broadband Internet Access Technologies ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Broadband access and speed is typically proportional to population density.
Lab – Researching Broadband Internet Access Technologies ISP Connection Type Cost per Month Download Speed Rural Broadband Fixed Wireless $40 3 Mb/s Hughes Net Satellite $60 5 Mb/s Choose one from the list of local ISPs that you selected. Give the reasons why you chose that particular ISP.
Lab – Researching Broadband Internet Access Technologies ISP Connection Type Cost per Month Download Speed Comcast Cable 369.95 100 Mb/s Windstream DSL 129.99 6 Mb/s Choose one from the list of local ISPs that you selected. Give the reasons why you chose that particular ISP.
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices. Required Resources 2 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable) 2 Switches (Cisco 2960 with Cisco IOS Release 15.
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity d. Assign the template to the PPPoE group. ISP(config)# bba-group pppoe global ISP(config-bba-group)# virtual-template 1 ISP(config-bba-group)# exit e. Associate the bba-group with the G0/1 physical interface. ISP(config)# interface g0/1 ISP(config-if# pppoe enable group global ISP(config-if)# no shutdown Part 3: Configure the Cust1 Router In Part 3, you will configure the Cust1 router with PPPoE parameters. a.
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 *Jul 30 changed *Jul 30 *Jul 30 f. 19:29:03.839: 19:29:03.839: 19:29:05.887: 19:29:05.887: 19:29:05.895: 19:29:05.895: 19:29:05.899: 19:29:05.899: 19:29:05.899: 19:29:05.899: 19:29:05.903: 19:29:05.911: 19:29:05.911: 19:29:05.911: 19:29:05.919: 19:29:05.939: 19:29:05.
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity + - replicated route, % - next hop override Gateway of last resort is 0.0.0.0 to network 0.0.0.0 S* 0.0.0.0/0 is directly connected, Dialer1 10.0.0.0/32 is subnetted, 2 subnets 10.0.0.1 is directly connected, Dialer1 10.0.0.254 is directly connected, Dialer1 C C h. Issue a show pppoe session on Cust1 router. Sample output is shown below. Cust1# show pppoe session 1 client session Uniq ID N/A i. PPPoE SID 1 RemMAC LocMAC 30f7.0da3.
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity Router Interface Summary Table Router Interface Summary Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown ! interface Dialer1 mtu 1492 ip address negotiated encapsulation ppp dialer pool 1 ppp authentication chap callin ppp cha
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity login line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 05080F1C2243 login transport input all ! scheduler allocate 20000 1000 ! end Router ISP ISP# show run Building configuration... Current configuration : 1485 bytes ! version 15.
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address duplex auto speed auto pppoe enable group global ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown ! interface Virtual-Template1 ip address 10.0.0.254 255.255.255.
Lab – Configuring a Router as a PPPoE Client for DSL Connectivity no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 05080F1C2243 login transport input all ! scheduler allocate 20000 1000 ! end © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Telework Proposal (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Describe the business requirements of teleworking. Instructor Note: This activity can be completed individually or in small groups. Scenario Your small- to medium-sized business has just been awarded a large marketing design contract.
Telework Proposal e. Field visits to clients f. Maintaining information and databases g. Project management 2. Proposed Employee Selection Characteristics a. Self-motivated and responsible b. Well organized and self-disciplined c. Results oriented d. Communicates effectively e. Adaptable f. Sensitive to program needs of co-workers and clients 3. Equipment needed a. Computer with Internet access b. Email account c. Software (client VPN) d. Technical support for teleworker 4.
VPNs at a Glance (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Explain the use of VPNs in securing site-to-site connectivity in a small- to medium-sized business network. Instructor Note: This is an individual, student-based activity which then moves into a small, group-based activity for discussion and design purposes.
Network Maintenance Development Step 3: Each group will design a four-slide presentation (one slide per topic) to deliver to the class for discussion. Instructor – Example Activity Solution (all group presentations will vary) Topic 1 - VPN Definition - How VPNs Work A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together.
Lab – Configuring a Point-to-Point GRE VPN Tunnel (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Configuring a Point-to-Point GRE VPN Tunnel Addressing Table Device WEST Interface IP Address Subnet Mask Default Gateway G0/1 172.16.1.1 255.255.255.0 N/A S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A Tunnel0 172.16.12.1 255.255.255.252 N/A S0/0/0 10.1.1.2 255.255.255.252 N/A S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A G0/1 172.16.2.1 255.255.255.0 N/A S0/0/1 10.2.2.1 255.255.255.252 N/A Tunnel0 172.16.12.2 255.255.255.252 N/A PC-A NIC 172.16.1.3 255.255.255.0 172.
Lab – Configuring a Point-to-Point GRE VPN Tunnel Required Resources 3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable) 2 Switches (Cisco 2960 with Cisco IOS Release 15.
Lab – Configuring a Point-to-Point GRE VPN Tunnel Step 7: Save your running configuration. Part 2: Configure a GRE Tunnel In Part 2, you will configure a GRE tunnel between the WEST and EAST routers. Step 1: Configure the GRE tunnel interface. a. Configure the tunnel interface on the WEST router. Use S0/0/0 on WEST as the tunnel source interface and 10.2.2.1 as the tunnel destination on the EAST router. WEST(config)# interface tunnel 0 WEST(config-if)# ip address 172.16.12.1 255.255.255.
Lab – Configuring a Point-to-Point GRE VPN Tunnel ____________________________________________________________________________________ The tunneling protocol used is GRE. For the WEST router, the tunnel source is 10.1.1.1 (Serial0/0/0), and the destination is 10.2.2.1. For the EAST router, the tunnel source is 10.2.2.1 and the destination is 10.1.1.1. WEST# show interfaces tunnel 0 Tunnel0 is up, line protocol is up Hardware is Tunnel Internet address is 172.16.12.
Lab – Configuring a Point-to-Point GRE VPN Tunnel Keepalive not set Tunnel source 10.2.2.1, destination 10.1.1.
Lab – Configuring a Point-to-Point GRE VPN Tunnel With which interfaces are these IP addresses associated? Why? ____________________________________________________________________________________ ____________________________________________________________________________________ The tunnel 0 interfaces on both WEST and EAST routers. The traffic is using the tunnel. f. The ping and traceroute commands should be successful. If not, troubleshoot before continuing to the next part.
Lab – Configuring a Point-to-Point GRE VPN Tunnel C L O C L 172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks 172.16.1.0/24 is directly connected, GigabitEthernet0/1 172.16.1.1/32 is directly connected, GigabitEthernet0/1 172.16.2.0/24 [110/1001] via 172.16.12.2, 00:00:07, Tunnel0 172.16.12.0/30 is directly connected, Tunnel0 172.16.12.1/32 is directly connected, Tunnel0 What is the exit interface and IP address to reach the 172.16.2.
Lab – Configuring a Point-to-Point GRE VPN Tunnel Reflection 1. What other configurations are needed to create a secured GRE tunnel? _______________________________________________________________________________________ IPsec can be configured to encrypt the data for a secured GRE tunnel. 2.
Lab – Configuring a Point-to-Point GRE VPN Tunnel ! boot-start-marker boot-end-marker ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 ! no aaa new-model memory-size iomem 15 ! ip cef ! ! ! ! ! ! no ip domain lookup no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! interface Tunnel0 ip address 172.16.12.1 255.255.255.252 tunnel source Serial0/0/0 tunnel destination 10.2.2.
Lab – Configuring a Point-to-Point GRE VPN Tunnel speed auto ! interface Serial0/0/0 ip address 10.1.1.1 255.255.255.252 clock rate 128000 ! interface Serial0/0/1 no ip address shutdown ! router ospf 1 network 172.16.1.0 0.0.0.255 area 0 network 172.16.12.0 0.0.0.3 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.1.1.2 ! ! ! ! control-plane ! ! banner motd ^C Unauthorized Access Prohibited.
Lab – Configuring a Point-to-Point GRE VPN Tunnel ! end Router ISP ISP# show run Building configuration... Current configuration : 1406 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring a Point-to-Point GRE VPN Tunnel ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.2 255.255.255.252 ! interface Serial0/0/1 ip address 10.2.2.2 255.255.255.
Lab – Configuring a Point-to-Point GRE VPN Tunnel logging synchronous login line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 045802150C2E login transport input all ! scheduler allocate 20000 1000 ! end Router EAST EAST# show run Building configuration... Current configuration : 1802 bytes ! version 15.
Lab – Configuring a Point-to-Point GRE VPN Tunnel no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Tunnel0 ip address 172.16.12.2 255.255.255.252 tunnel source 10.2.2.1 tunnel destination 10.1.1.1 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 172.16.2.1 255.255.255.
Lab – Configuring a Point-to-Point GRE VPN Tunnel interface Serial0/0/1 ip address 10.2.2.1 255.255.255.252 ! router ospf 1 network 172.16.2.0 0.0.0.255 area 0 network 172.16.12.0 0.0.0.3 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.2.2.2 ! ! ! ! control-plane ! ! banner motd ^C Unauthorized Access Prohibited.
VPN Planning Design (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Explain the use of VPNs in securing site-to-site connectivity in a small- to medium-sized business network. Instructor Note: This activity is best completed in small groups. It can then be shared with another group, the class, or the instructor (as a group project).
VPN Planning Design Step 4: Using a word processing software program, create a small VPN planning checklist based on your research from Step 1. Step 5: Share your work with the class, another group, or your instructor. Suggested Activity Example Solution: VPN Project Goals: (Write “1” beside the most important goal, “2” beside the next most-important goal, etc.
VPN Planning Design Network protocols to be used: _____EIGRP _____OSPF Technologies currently in use: _____Network Address Translation (NAT) _____Packet Filtering (ACLs) _____DHCP _____DNS Authentication to be used: _____Digital Certificates _____Shared Secrets _____SSL _____Passwords _____IPsec Encryption to be used: _____DES _____3DES _____AES HASH message method to be used: _____MD-5 _____SHA-1 Encryption key exchange method to be used: _____Internet Key Exchange (IKE) _____Manual Excha
Network Maintenance Development (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Describe the different levels of router log messages. Instructor Note: This activity is best completed in groups of two to three students. Scenario Currently, there are no formal policies or procedures for recording problems experienced on your company’s network.
Network Maintenance Development b. System and servers i. Applications utilization 1. Email 2. Web-based software ii. Errors with applications iii. Methods used to resolve errors Security a. Updates b. Authentication methods c. Encryption methods d. Error messages e. ACLs f. Wired and wireless security g. Methods to resolve errors III.
Lab – Configuring Syslog and NTP (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A R2 S0/0/0 10.1.1.2 255.255.255.252 N/A G0/0 172.16.2.1 255.255.255.0 N/A NIC 172.16.2.3 255.255.255.0 172.16.2.
Lab – Configuring Syslog and NTP Required Resources 2 Routers (Cisco 1941 with Cisco IOS Release 15.
Lab – Configuring Syslog and NTP Part 2: Configure NTP In Part 2, you will configure R1 as the NTP server and R2 as the NTP client of R1. Synchronized time is important for syslog and debug functions. If the time is not synchronized, it is difficult to determine what network event caused the message. Step 1: Display the current time. Issue the show clock command to display the current time on R1. R1# show clock *12:30:06.
Lab – Configuring Syslog and NTP Step 5: Verify NTP configuration. a. Use the show ntp associations command to verify that R2 has an NTP association with R1. R2# show ntp associations address ref clock st when poll reach delay offset disp *~10.1.1.1 127.127.1.1 5 11 64 177 11.312 -0.018 4.298 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured b. Issue show clock on R1 and R2 to compare the timestamp.
Lab – Configuring Syslog and NTP Step 3: Verify that the timestamp service is enabled on R2. Use the show run command to verify that the timestamp service is enabled for logging on R2. R2# show run | include timestamp service timestamps debug datetime msec service timestamps log datetime msec If the timestamp service is not enabled, use the following command to enable it. R2(config)# service timestamps log datetime msec Step 4: Configure R2 to log messages to the syslog server.
Lab – Configuring Syslog and NTP What is the IP address of the syslog server? ____________________________________ 172.16.2.3 What protocol and port is syslog using? ____________________________________ UDP port 514 At what level is trap logging enabled? ____________________________________ informational Step 6: Configure and observe the effect of logging severity levels on R2. a. Use the logging trap ? command to determine the various trap levels availability.
Lab – Configuring Syslog and NTP d. Remove the Loopback 0 interface on R2 and observe the log messages. R2(config-if)# no interface lo 0 R2(config)# Jul 5 10:02:58.910: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down Jul 5 10:02:59.910: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down At severity level 4, are there any log messages on the syslog server? If any log messages appeared, explain what appeared and why.
Lab – Configuring Syslog and NTP R2(config-if)# Jul 5 10:08:29.742: %LINK-5-CHANGED: Interface Loopback1, changed state to administratively down Jul 5 10:08:30.742: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down i. Observe the syslog server output. Compare this result with the results at trapping level 4.
Lab – Configuring Syslog and NTP Router Interface Summary Table Router Interface Summary Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 28
Lab – Configuring Syslog and NTP ! ! ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.1 255.255.255.252 © 2013 Cisco and/or its affiliates. All rights reserved.
Lab – Configuring Syslog and NTP clock rate 128000 ! interface Serial0/0/1 no ip address shutdown ! router ospf 1 network 10.1.1.0 0.0.0.3 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! banner motd ^CUnauthorized access is prohibited.
Lab – Configuring Syslog and NTP ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring Syslog and NTP ! interface GigabitEthernet0/0 ip address 172.16.2.1 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.2 255.255.255.252 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! router ospf 1 network 10.1.1.0 0.0.0.3 area 0 network 172.16.2.0 0.0.0.3 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! logging host 172.16.2.
Lab – Configuring Syslog and NTP transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 01100F175804 login transport input all ! scheduler allocate 20000 1000 ntp update-calendar ntp server 10.1.1.1 ! end © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Researching Network Monitoring Software (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objectives Part 1: Survey Your Understanding of Network Monitoring Part 2: Research Network Monitoring Tools Part 3: Select a Network Monitoring Tool Background / Scenario Network monitoring is needed for any sized network.
Lab – Researching Network Monitoring Software _______________________________________________________________________________________ _______________________________________________________________________________________ _______________________________________________________________________________________ Answers will vary. Solar Winds, PRTG, and Nagios are some examples. Step 2: Complete the following form for the network monitoring tools selected. Vendor Solar Winds: www.solarwinds.
Lab – Researching Network Monitoring Software _______________________________________________________________________________________ _______________________________________________________________________________________ Answers will vary. PRTG has comprehensive network monitoring with support for more than 170 sensor types. It also has flexible alerting including: Email, syslog, pager, alarm sound files and multiple condition alerts.
Lab – Configuring SNMP (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device R1 Interface IP Address Subnet Mask Default Gateway G0/1 192.168.1.1 255.255.255.0 N/A S0/0/0 192.168.2.1 255.255.255.252 N/A R2 S0/0/0 192.168.2.2 255.255.255.252 N/A S1 VLAN 1 192.168.1.2 255.255.255.0 N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.
Lab – Configuring SNMP Depending on the model and Cisco IOS version, the commands available and output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers. Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure, contact your instructor. Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Lab – Configuring SNMP e. Assign class as the encrypted privileged EXEC mode password. f. Configure logging synchronous to prevent console messages from interrupting command entry. g. Verify successful connectivity between the LAN devices by issuing the ping command. h. Copy the running configuration to the startup configuration. Part 2: Configure SNMP Manager and Agents In Part 2, SNMP management software will be installed and configured on PC-A, and R1 and S1 will be configured as SNMP agents.
Lab – Configuring SNMP Note: If prompted to discover available SNMP agents, click No and continue to next part of the lab. Step 2: Configure an SNMP agent. a. On R1, enter the following commands from the global configuration mode to configure the router as an SNMP agent. In line 1 below, the SNMP community string is ciscolab, with read-only privileges, and the named access list SNMP_ACL defines which hosts are allowed to get SNMP information from R1.
Lab – Configuring SNMP b. At this point, you may notice that the PowerSNMP Free Manager is receiving notifications from R1. If it is not, you can try to force a SNMP notification to be sent by entering a copy run start command on R1. Continue to the next step if it is unsuccessful. Step 3: Discover SNMP agents. a. From the PowerSNMP Free Manager on PC-A, open the Discover > SNMP Agents window. Enter the IP address 192.168.1.255.
Lab – Configuring SNMP © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Configuring SNMP b. In the PowerSNMP Free Manager, R1 is added to the list of available SNMPv2 agents. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Configuring SNMP c. Configure S1 as an SNMP agent. You can use the same snmp-server commands that you used to configure R1. S1(config)# snmp-server community ciscolab ro SNMP_ACL S1(config)# snmp-server location snmp_manager S1(config)# snmp-server contact ciscolab_admin S1(config)# snmp-server host 192.168.1.3 version 2c ciscolab S1(config)# snmp-server enable traps S1(config)# ip access-list standard SNMP_ACL S1(config-std-nacl)# permit 192.168.1.3 d.
Lab – Configuring SNMP Step 3: Decode SNMP MIB/OID messages. From a computer with Internet access, open a web browser and go to http://www.cisco.com. a. Using the search tool at the top of the window, search for SNMP Object Navigator. b. Choose SNMP Object Navigator MIB Download MIBs OID OIDs from the results. c. Navigate to the MIB Locator page. Click the SNMP Object Navigator. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Configuring SNMP d. Using the SNMP Object Navigator page, decode the OID code number from the PowerSNMP Free Manager generated in Part 3, Step 2. Enter the OID code number and click Translate. e. Record the OID code numbers and their corresponding message translations below. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Lab – Configuring SNMP ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ For example, the description for OID 1.3.6.1.6.3.1.1.5.
Lab – Configuring SNMP Router Interface Summary Table Router Interface Summary Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 2811 Fast E
Lab – Configuring SNMP ! multilink bundle-name authenticated ! redundancy ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface Serial0/0/0 ip address 192.168.2.1 255.255.255.
Lab – Configuring SNMP snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server enable traps snmp-server en
Lab – Configuring SNMP snmp-server enable traps hsrp snmp-server enable traps ipmulticast snmp-server enable traps msdp snmp-server enable traps mvpn snmp-server enable traps nhrp nhs snmp-server enable traps nhrp nhc snmp-server enable traps nhrp nhp snmp-server enable traps nhrp quota-exceeded snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps pppoe snmp-server enable traps cpu threshold snmp-server enable traps rsvp snmp-server enable traps syslog
Lab – Configuring SNMP password cisco logging synchronous line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password cisco login transport input all ! scheduler allocate 20000 1000 ! end Router R2 R2#show run Building configuration... Current configuration : 1251 bytes ! version 15.
Lab – Configuring SNMP interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 192.168.2.2 255.255.255.
Lab – Configuring SNMP Switch S1 S1#show run Building configuration... Current configuration : 4618 bytes ! ! version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname S1 ! boot-start-marker boot-end-marker ! enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.
Lab – Configuring SNMP ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip
Lab – Configuring SNMP snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan noguest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enab
Lab – Collecting and Analyzing NetFlow Data (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device R1 Interface IP Address Default Gateway G0/0 192.168.1.1/24 N/A S0/0/0 (DCE) 192.168.12.1/30 N/A G0/0 192.168.2.1/24 N/A S0/0/0 192.168.12.2/30 N/A S0/0/1 (DCE) 192.168.23.1/30 N/A G0/0 192.168.3.1/24 N/A S0/0/1 192.168.23.2/30 N/A PC-A NIC 192.168.1.3 192.168.1.
Lab – Collecting and Analyzing NetFlow Data Background / Scenario NetFlow is a Cisco IOS technology that provides statistics on packets flowing through a Cisco router or multilayer switch. NetFlow enables network and security monitoring, network planning, traffic analysis, and IP accounting. It is important not to confuse NetFlow’s purpose and results with that of packet capture hardware and software.
Lab – Collecting and Analyzing NetFlow Data i. Configure the IP addresses as listed in the Addressing Table. j. Configure OSPF using Process ID 1 and advertise all networks. Ethernet interfaces should be passive. k. Create a local database on R3 with the username admin and password cisco with the privilege level at 15. l. On R3, enable the HTTP service and authenticate HTTP users by using the local database. m. Copy the running configuration to the startup configuration. Step 4: Configure PC hosts.
Lab – Collecting and Analyzing NetFlow Data ip flow ingress ip flow egress Serial0/0/1 ip flow ingress ip flow egress b. Issue the show ip flow export command to review the NetFlow data export information. R2# show ip flow export Flow export v9 is enabled for main cache Export source and destination details : VRF ID : Default Destination(1) 192.168.2.
Lab – Collecting and Analyzing NetFlow Data 2 active, 4094 inactive, 114 added 1546 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 34056 bytes 0 active, 1024 inactive, 112 added, 112 added to flow 0 alloc failures, 0 force free 1 chunk, 1 chunk added last clearing of statistics 00:07:35 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 4 0.0 27 43 0.2 5.0 15.
Lab – Collecting and Analyzing NetFlow Data 2 active, 1022 inactive, 2 added, 2 added to flow 0 alloc failures, 0 force free 1 chunk, 0 chunks added last clearing of statistics 00:09:48 Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) Flows /Sec /Flow /Pkt /Sec /Flow /Flow -------2 0.0 193 79 0.6 1794.8 5.7 IP-other Total: 2 0.0 193 79 0.6 1794.8 5.7 SrcIf Se0/0/0 SrcIPaddress 192.168.12.1 DstIf Null DstIPaddress 224.0.0.
Lab – Collecting and Analyzing NetFlow Data Source IP address, Destination IP address, Source port number, Destination port number, Layer 3 protocol type, Type of Service (TOS) marking, Input logical interface.
Lab – Collecting and Analyzing NetFlow Data memory-size iomem 15 ! ip cef ! no ip domain lookup no ipv6 cef multilink bundle-name authenticated ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 192.168.12.1 255.255.255.
Lab – Collecting and Analyzing NetFlow Data line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 02050D480809 login transport input all ! scheduler allocate 20000 1000 ! end Router R2 R2# show run Building configuration... Current configuration : 1808 bytes ! version 15.
Lab – Collecting and Analyzing NetFlow Data interface GigabitEthernet0/0 ip address 192.168.2.1 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 192.168.12.2 255.255.255.252 ip flow ingress ip flow egress ! interface Serial0/0/1 ip address 192.168.23.1 255.255.255.252 ip flow ingress ip flow egress clock rate 128000 ! router ospf 1 passive-interface GigabitEthernet0/0 network 192.168.2.0 0.0.0.
Lab – Collecting and Analyzing NetFlow Data transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 060506324F41 login transport input all ! scheduler allocate 20000 1000 ! End Router R3 R3# show run Building configuration... Current configuration : 1769 bytes ! version 15.
Lab – Collecting and Analyzing NetFlow Data ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 ip address 192.168.23.2 255.255.255.252 ! router ospf 1 passive-interface GigabitEthernet0/0 network 192.168.3.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.
Lab – Collecting and Analyzing NetFlow Data ! end © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
A Network Administrator’s Toolbox for Monitoring (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Explain different resources that can be used to receive router log messages. Instructor Note: This activity can be completed individually or in small groups and then shared with the class.
A Network Administrator’s Toolbox for Monitoring Suggested Activity Example: CLI Monitoring Tool Scenarios Scenario CLI Network Monitoring Tool to Use A new VoIP system has been installed on the network. You want to keep records of the network load for a week to see if traffic should be redistributed or balanced. Net Flow Certain employees are reporting sporadic network availability on a daily basis.
Network Breakdown (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Troubleshoot IP connectivity using basic commands. Instructor Note: This activity is best completed by groups of two students – it can then be shared and discussed with another group of students, with the entire class or with the instructor. Scenario You have just moved in to your new office, and your network is very small.
Network Breakdown show vlan Step 4: Share the results of the activity with the class or your instructor. How did the groups fix the problems? Suggested Activity Example Solution: Instructor Notes: All student files, problems, and fixes will vary. Students must be able to show how they used basic troubleshooting commands to identify the network problems.
Documentation Development (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Objective Using a systematic approach, troubleshoot issues in a small- to medium-sized business network. Instructor Note: This activity is best completed in small groups. It can then be shared with another group, the class, or the instructor (as a group project).
Documentation Development 4) VLAN addresses c. Network device configuration information 1) Location of backup file (TFTP server, USB, text file) 2) Text-formatted, configuration script per router and switch devices Step 3: Share your Packet Tracer file and network documentation with a classmate, another group, the class, or your Instructor according to the instructions provided. Discuss how this information could be useful to any network administrator.
Documentation Development Logical Network Topology Diagram Network Documentation Information Physical Network Documentation Type of Device Router Model Name Cisco 1941 (modular router) Network Hostname R1-MDF Physical Network Location Main Distribution Facility (MDF) Interface Type(s) and Link Connections GigabitEthernet0/0 Link to S1-MDF GigabitEthernet1/1 GigabitEthernet0/1 Link to S2-1151 GigabitEthernet0/1 Logical Topology and Information IOS and System Image file name or workstation OS versi
Documentation Development 0001.63b1.2702 (bia 0001.63b1.2702 GigabitEthernet0/1 none VLAN address(es) Network Device Configuration Information Backup File Location External USB (see network administrator) TFTP server space on Server 2-MDF R1-MDF# show running-config Building configuration... Current configuration : 667 bytes ! version 15.
Documentation Development Physical network topology Logical network topology © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.