CCNA Lab 1
CCNA Lab 1
CCNA Lab 1
1
SW1
ena
config t
hostname sw1
ip domain-name kh
vlan 2
vlan 3
vlan 4
int vlan 1
ip add 1.0.0.50 255.0.0.0
no sh
exit
ip default-gateway 1.0.0.1
int f0/24
sw mo tr
int f0/2
sw acc vlan 2
int f0/3
sw acc vlan 3
int f0/4
sw acc vlan 4
SW2
ena
config t
hostname sw2
ip domain-name kh
vlan 2
vlan 3
vlan 4
int vlan 2
ip add 2.0.0.50 255.0.0.0
no sh
exit
ip default-gateway 2.0.0.1
int f0/2
sw acc vlan 2
int f0/3
sw acc vlan 3
int f0/4
sw acc vlan 4
9-configure message of the day banner for SW1 & SW2 with message This is SW# where # is the
id of the switch , banner should show to users whatever they connected with SSH or console
10-configure interfaces f0/2 , f0/3 and f0/4 with following requirements:
Should move to forward state once cable connected to it
Should not accept any BPDU frames
Disable cisco proprietary discovery protocol
Make sure Traffic coming only from one MAC address which should be saved in the
switches even after reload , if violation happens interfaces should go to err-disable
states
11-Console connection should be secured with same username and password we created
in step 7
12-Disable exec Timeout for console and ssh
13- Prevents every logging output from immediately interrupting your console session.
14- Change the size of the history buffer for that session to 256 lines
SW1
ena
config t
banner motd # This is SW1 #
SW2
ena
config t
banner motd # This is SW2 #
line con 0
motd-banner
login local
exec-timeout 0
logging synchronous
history size 256
line vty 0 4
motd-banner
exec-timeout 0
logging synchronous
history size 256
Part2 R1
1-Assign R1 f0/1 to IP address 40.40.40.1/24
2-Configure R1 to support routing between VLAN 1,2,3,4 for SW1 &SW2 using the following
requirements:
For VLAN 1 , R1 IP address will be 1.0.0.1
For VLAN 2 , R1 IP address will be 2.0.0.1
For VLAN 3 , R1 IP address will be 3.0.0.1
For VLAN 4 , R1 IP address will be 4.0.0.1
3-Configure R1 as DHCP server for any machine connected to VLAN 1 , 2 , 3 ,4 in SW1 & SW2
using the following requirements :
For VLAN 1 , R1 DHCP IP address range will be from 1.0.0.100 to 1.0.0.200 ONLY
For VLAN 2 , R1 DHCP IP address range will be from 2.0.0.100 to 2.0.0.200 ONLY
For VLAN 3 , R1 DHCP IP address range will be from 3.0.0.100 to 3.0.0.200 ONLY
For VLAN 4 , R1 DHCP IP address range will be from 4.0.0.100 to 4.0.0.200 ONLY
R1
ena
config t
ip dhcp excluded-address 1.0.0.1 1.0.0.99
ip dhcp excluded-address 1.0.0.201 1.255.255.255
ip dhcp excluded-address 2.0.0.1 2.0.0.99
ip dhcp excluded-address 2.0.0.201 2.255.255.255
ip dhcp excluded-address 3.0.0.1 3.0.0.99
ip dhcp excluded-address 3.0.0.201 3.255.255.255
ip dhcp excluded-address 4.0.0.1 4.0.0.99
ip dhcp excluded-address 4.0.0.201 4.255.255.255
int f0/0
no ip add
no sh
int f0/0.1
encap dot 1
ip add 1.0.0.1 255.0.0.0
int f0/0.2
encap dot 2
ip add 2.0.0.1 255.0.0.0
int f0/0.3
encap dot 3
ip add 3.0.0.1 255.0.0.0
int f0/1
ip add 40.40.40.1 255.255.255.0
no sh
Part 3 MLS
1-Configure Multilayer Switch hostname to MLS
2-Enable Routing capabilities in MLS
3-Create VLAN 100 with name Sales_dept, VLAN 200 with name IT_dept
4- Assign interface f0/4 to VLAN 100 , f0/5 to VLAN 200
5- Enable routing between VLAN 100 & VLAN 200 using MLS SVI (Switch Virtual Interface)
with following requirements:
VLAN 100 IP address 100.0.0.50 /8
VLAN 200 IP address 200.0.0.50/24
6-Change interfaces f0/1 , f0/2 and f0/3 to Layer 3 interfaces with following requirements:
F0/1 IP address 11.0.0.50/8
F0/2 IP address 12.0.0.50/8
F0/3 IP address 40.40.40.50/24
MLS
ena
config t
valn 100
name Sales_dept
vlan 200
name IT_dept
ip routing
hostname MLS
int f0/1
no sw
ip add 11.0.0.50 255.0.0.0
no sh
int f0/2
no sw
ip add 12.0.0.50 255.0.0.0
no sh
int f0/3
no sw
ip add 40.40.40.50 255.255.255.0
no sh
int vlan 100
ip add 100.0.0.50 255.0.0.0
no sh
int vlan 200
ip add 200.0.0.50 255.255.255.0
no sh
int f0/4
sw acc vlan 100
int f0/5
sw acc vlan 200
Part 4 R2 & R3
1-Configure R2 interface f0/0 Ip address to 10.0.0.2/8 and f0/1 to 11.0.0.2/8
2-Configure R3 interface f0/0 Ip address to 10.0.0.3/8 and f0/1 to
12.0.0.3/8
3-Configure Cisco High availability protocol that normally use multicast address 224.0.0.102 for
R2 & R3 with following requirements:
Use group number 1
Make sure R2 is the Primary Router while R3 is the secondary
R2 will need to preempt R3 when it come back from down state
Virtual IP should be 10.0.0.1
R2 should track his interface connected to external networks
R2
ena
config t
int f0/1
ip add 11.0.0.2 255.0.0.0
no sh
int f0/0
ip add 10.0.0.2 255.0.0.0
no sh
standby 1 ip 10.0.0.1
standby 1 priority 120
standby 1 preempt
standby 1 track fastEthernet 0/1
R3
ena
config t
int f0/1
ip add 12.0.0.3 255.0.0.0
no sh
int f0/0
ip add 10.0.0.3 255.0.0.0
no sh
standby 1 ip 10.0.0.1
Part 5 Routing Protocol EIGRP
Configure EIGRP AS number 100 in R1 , R2 , R3 and MLS
Verify by making Server connected to R2 & R3 subnet 10.0.0.0/8 to SSH SW1 and SW2
R1
ena
config t
router eigrp 100
no auto
network 1.0.0.0 0.255.255.255
network 2.0.0.0 0.255.255.255
network 3.0.0.0 0.255.255.255
network 4.0.0.0 0.255.255.255
network 40.40.40.0 0.0.0.255
MLS
ena
config t
router eigrp 100
no auto
network 11.0.0.0 0.255.255.255
network 12.0.0.0 0.255.255.255
network 100.0.0.0 0.255.255.255
network 40.40.40.0 0.0.0.255
network 200.0.0.0 0.0.0.255
R2
ena
config t
router eigrp 100
no auto
network 11.0.0.0 0.255.255.255
network 10.0.0.0 0.255.255.255
R3
ena
config t
router eigrp 100
no auto
network 12.0.0.0 0.255.255.255
network 10.0.0.0 0.255.255.255
Part 6 ACL
1-Configure SW2 to accept SSH connections from Server 10.0.0.100 and PC 2.0.0.100
ONLY 2-Configure PC 2.0.0.100 to be the only machine in VLAN 2 allowed to access Web
server 10.0.0.100
3-Configure R2 & R3 to be able to ping any machine but never respond to ping requests coming
from any machine.
SW2
ena
config t
access-list 1 permit host 10.0.0.100
access-list 1 permit host 2.0.0.100
line vty 0 4
access-class 1 in
R1
ena
config t
access-list 100 permit tcp host 2.0.0.100 host 10.0.0.100 eq 80
access-list 100 deny tcp 2.0.0.0 0.255.255.255 host 10.0.0.100 eq
80 access-list 100 permit ip any any
interface FastEthernet0/0.2
ip access-group 100 in
R2 & R3
ena
config t
access-list 100 permit icmp host 10.0.0.100 any echo
access-list 100 deny icmp host 10.0.0.100 any echo-reply
access-list 100 permit ip any any
int f0/0
ip access-group 100 in
Part 7 GRE
1-Create loopback interface 1 in R1 with IP address 192.168.101.1/24
2-Create loopback interface 3 in R3 with IP address 192.168.103.3/24
3-make sure R1&R3 will advertise these loopbacks to each other’s using RIPv2
4-RIPv2 should be running in R1 & R3 ONLY
5-IP address if using tunnels should 200.200.200.#/24 where # is the router id
6-use extended ping to verify that R1 loopback can ping R2 loopback
R1
ena
config t
int loop 1
ip add 192.168.101.1 255.255.255.0
int tunnel 1
ip add 200.200.200.1 255.255.255.0
tunnel source f0/1
tunnel destination 12.0.0.3
router rip
ver 2
no auto
network 192.168.101.0
network 200.200.200.0
R3
ena
config t
int loop 3
ip add 192.168.103.3 255.255.255.0
int tunnel 1
ip add 200.200.200.3 255.255.255.0
tunnel source f0/1
tunnel destination 40.40.40.1
router rip
ver 2
no auto
network 192.168.103.0
network 200.200.200.0
Extended ping
Protocol [ip]:
Target IP address: 192.168.103.3
Extended commands [n]: y
Source address or interface: 192.168.101.1
Part 8 network management
1-Configure R1 ,R2 ,R3 & MLS to use server 10.0.0.100 as secure NTP server using key 1 “cisco”
& Syslog server
2-Enable SNMP in R2 & R3 using password “cisco” for set and get messages
3-Enable telnet in R3 using server 10.0.0.100 as AAA server as first authentication method and in
case it down R3 should use local username and password
4-Configure R2 to use server 10.0.0.100 as FTP server using username “cisco” &
password “cisco”
5-Send copy of R2 running configuration to server 10.0.0.100 using FTP protocol
6-Send copy of R3 running configuration to server 10.0.0.100 using TFTP
protocol 7-Make sure you do not use any boot system commands in R3
8-Make sure R2 can ping or telnet R3 using name “standby”
9-Change local username in R3 to “Yasser” instead of “kh” using password recovery procedures
logging on
logging host 10.0.0.100
service timestamps log datetime msec
service timestamps debug datetime msec
R2 & R3
ena
config t
snmp-server community cisco rw
R3
ena
config t
username kh sec cisco
ena cisco
line vty 0 4
login authentication default
exit
aaa new-model
aaa authentication log default group radius local
radius-server host 10.0.0.100
R2
ip ftp username cisco
ip ftp password cisco
ip host standby 10.0.0.3
R3
1-connect your router using console cable
2-turn off turn on your router
3-press ctrl+pause break
4-confreg to 0x2142
5-reset
6-n
7-ena
8-copy start run
9-config t
10- no username kh secret cisco
11- username Yasser secret cisco
12-confgire-register 0x2102
13-exit
14-copy run start
Good Luck
CCIE & CCSI: Yasser Auda
https://www.facebook.com/YasserRamzyAuda
https://learningnetwork.cisco.com/people/yasserramzy/content
https://www.youtube.com/user/yasserramzyauda