CCNA LAB GUIDE V3.pdf
CCNA Routing & Switching v3 LAB Guide 1 CCNA RnS, CCNA Sec, CCNP RnS, CCNP Sec, CCIE Sec (written) Ashish Halder (CCN
Views 168 Downloads 9 File size 6MB
Recommend stories
- Author / Uploaded
- Darío Reategui
Citation preview
CCNA Routing & Switching v3 LAB Guide
1
CCNA RnS, CCNA Sec, CCNP RnS, CCNP Sec, CCIE Sec (written)
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
2 Contents 1. Cisco CLI mode
-----------------------------------------------------------------------------
4
2. Basic Configuration of Router and Switch -------------------------------------------------------
6
3. Configuring SSH Access to Cisco Device
-------------------------------------------------------- 13
4. Backup and restoring your configuration ------------------------------------------------------- 17 5. VLAN, Access and Trunk Port Configuration ----------------------------------------------------- 19 6. VTP Configuration
------------------------------------------------------------------------------ 26
7. Etherchannel Configuration ------------------------------------------------------------------------ 29 8. VLAN, VTP, Etherchannel and Inter-VLAN Routing configuration----------------------------- 32 9. Inter-Vlan Routing Configuration on L3 Switch (SVI) -------------------------------------------- 43 10. Configure Port Security ----------------------------------------------------------------------------- 47 11. Configure portfast
---------------------------------------------------------------------------------- 53
12. Configure BPDU Guard on Cisco Switch ------------------------------------------------------------ 54 13. Configure Root Guard on Cisco Switch ------------------------------------------------------------- 55 14. Spanning tree behavior - mode , priority value, root bridge ---------------------------------- 59 15. Static route and Static default route configuration --------------------------------------------- 61
16. Static default route configuration --------------------------------------------- ----------------- 65 17. RIPv2 Basic configuration ----------------------------------------------------------------------------- 73 18. RIP Passive Interface
-------------------------------------------------------------------------------- 74
19. Configure RIP Authentication ------------------------------------------------------------- 76 20. EIGRP configuration (EIGRP Neighbor Adjacency) -------------------------------------------- 84 21. EIGRP Passive Interface ---------------------------------------------------------------------- 85 22. EIGRP Authentication -------------------------------------------------------------------------- 89 23. EIGRP Hold time and Hello time
----------------------------------------------------------- 91
24. EIGRP Summarization ------------------------------------------------------------------------- 93 25. EIGRP Project LAB ---------------------------------------------------------------------------------- 96
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
26. OSPF Configuration --------------------------------------------------------------------------------- 108 27. OSPF Virtual LAB ------------------------------------------------------------------------------------- 110 28. OSPF Authentication --------------------------------------------------------------------------------- 112 29. OSPF summarization --------------------------------------------------------------------------------- 114 30. PPP and HDLC ---------------------------------------------------------------------------------------- 115 31. BGP Basic Configuration -----------------------------------------------------------------------------120 32. BGP Single Homed Design ---------------------------------------------------------------------------123 33. HSRP Configuration ----------------------------------------------------------------------------------125 34. Standard ACL -----------------------------------------------------------------------------------------133 35. Extended ACL -----------------------------------------------------------------------------------------136 36. Named ACL --------------------------------------------------------------------------------------------140 37. Staci NAT --------------------------------------------------------------------------------------------- 142 38. Dynamic NAT -----------------------------------------------------------------------------------------146 39. Static PAT ---------------------------------------------------------------------------------------------148 40. Dynamic PAT -----------------------------------------------------------------------------------------152 41. Configure GRE Tunnel ------------------------------------------------------------------------------153 42. AAA configuration 43. Syslog Server
----------------------------------------------------------------------------- 156
---------------------------------------------------------------------------------------162
44. SNMPv3 Configurtion ---------------------------------------------------------------------------------166 45. Password Recovery ---------------------------------------------------------------------------------- 168 46. Final Project
--------------------------------------------------------------------------------------170
47. Configure IPv6 --------------------------------------------------------------------------------------
186
48. Configure IPv6 Static Route ----------------------------------------------------------------------- 190 49. Configure RIPNG on Cisco Router ----------------------------------------------------------------- 193 50. Dual-Stack Example ---------------------------------------------------------------------------------195
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
3
CCNA Routing & Switching v3 LAB Guide
4
LAB 1: CISCO CLI MODE Cisco routers have different configuration modes based on the model. Mainly two modes : EXEC Mode
Prompt
Typical Use
User
ccna>
Check the router status
Privileged
ccna #
Accessing the router
From privileged Mode we enter into the Global Configuration mode with "config ternminal" command. To be access either User Exec or Privileged mode a password is needed if we set password. From Global Configuration Mode (password is not needed here) we can configure interfaces, routing protocols, access lists and many more. Some of the specific configuration modes can be entered from Global Configuration Mode and other from Privileged mode:
User Exec Mode ( ">" prompt) : It is used to get statistics from router, see which version IOS you're running, check memory resources and a few more things.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
5
Privileged Mode ( "#" prompt): Here you can enable or disable interfaces on the router, get more
detailed information on the router, for example, view the running configuration of the router, copy the configuration, load a new configuration to the router, backup or delete the configuration, backup or delete the IOS and a lot more. Global Configuration Mode ("config# " prompt): It is accessible via Privileged Mode. In this mode we can configure each interface individually, setup banners and passwords, enable secrets (encrypted passwords), enable and configure routing protocols and a lot more. Every time we want to configure or change something on the router, we will need to be in this mode. Examples :
Router>------------------------- User Exec Mode Router>enable ----------------- Enter Privileged Mode Router#-------------------------- Privileged Mode Router#disable ---------------- Enter User Exec Mode Router>-------------------------- User Exec Mode Router#conf ig terminal------ Enter Global Configuration Mode
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
Router(config)#----------------- Global Configuration Mode Router(config)#interface fastEthernet 0/0---- Enter Interface Configuration Mode Router(config-if)#-------------------------------- Interface Configuration Mode Router(config)#interface fastEthernet 0/0.10-- Enter Sub-Interface Configuration Mode Router(config-subif)#------------------------------ Sub-Interface Configuration Mode Router(config)#line vty 0 4----------------------- Enter Line Mode Router(config-line)#------------------------------- Line Mode
================================================================================ LAB 2. BASIC CONFIGURTION OF ROUTER AND SWITCH
Objective: 1. Configure the Switch as follows:
hostname login banner enable password for accessing privilege mode assign console password to prevent console login assign IP for vlan 1 (Management VLAN) configure virtual terminal for telnet session set default gateway for the switch
2. Configure The Router as follows:
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
6
CCNA Routing & Switching v3 LAB Guide
7 hostname login banner enable password for accessing privilege mode assign console password to prevent console login configure virtual terminal for telnet session Assign IP Address on Router Interface
3. Assign IP for the PC 4. Save all configuration 5. Verification
Configuration of a switch: 1. First check the startup-config and running-config ..if there any configuration is exist When you type a command in the global configuration mode it is stored in the running configuration. A running configuration resides in a device’s RAM, so if a device loses power, all configured commands will be lost. So you need to copy your current configuration into a startup configuration. A startup configuration is stored in the NVRAM of a device, Now all configurations are saved even if the device loses power.
There are two ways to save your configuration: Switch#copy running-config startup-config or Switch# write memory
Check the startup-config and running-config Switch#show startup-config startup-config is not present Switch#show running-config
2. Enter global configuration mode and configure Hostname as DU Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname DU DU(config)#
3. Assign password cisco123
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
8
Enable password will restrict one's access to privilege mode which is like a root user's password. We can set it in two ways : enable password / enable secret command. enable secret password provides encryption automatically using MD5 hash algorithm. The enable password password does not encrypt the password and can be view in clear text in the running-config. In order to encrypt the enable password password , use the service passwordencryption command. Actually, the enable secret password command provides stronger encryption than the service password-encryption command. DU(config)#enable secret cisco123
4. Configure login banner A login banner is displayed whenever someone connects to the router by telnet or console connections DU(config)#banner motd "Unauthorized Users are highly Prohibited to login here" DU(config)#
5. Console Password We can protect console port of Cisco devices using console port password. DU(config)#line console 0 DU(config-line)#password ashish123 DU(config-line)#login DU(config-line)#exit DU(config)#
6. Telnet configuration for remote access Telnet is a user command and an underlying TCP/IP protocol for accessing remote devices. The VTY lines are the Virtual Terminal lines of the router. They are virtual, in the sense that they are a function of software - there is no hardware associated with them. They appear in the configuration as line vty 0 4. DU#conf t Enter configuration commands, one per line. End with CNTL/Z. DU(config)#line vty 0 4 DU(config-line)#password ashish@123# DU(config-line)#login DU(config-line)#exit DU(config)#
7. Configure management vlan for remotely access on the switch
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
By default, all switch ports are part of VLAN 1. VLAN 1 contains control plane traffic and can contain user traffic. By default, VLAN 1 is the management VLAN. Management VLAN is used for purposes such as telnet, SNMP, and syslog. DU(config)#interface vlan 1 DU(config-if)#ip address 192.168.10.10 255.255.255.0 DU(config-if)#no shutdown DU(config-if)#exit DU(config)#
8. Configure default-gateway for the switch The switch should be configured with a default gateway if the switch will be managed remotely from networks not directly connected. The default gateway is the first Layer 3 device (such as a router) on the same management VLAN network to which the switch connects. The switch will forward IP packets with destination IP addresses outside the local network to the default gateway. DU(config)#ip default-gateway 192.168.10.1 ----------------------------------------------------------------------------------------------------------------------------
Configure The Router 1. First check the startup-config and running-config Switch#show startup-config startup-config is not present Switch#show running-config
2. Configure Hostname as BUET Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname BUET BUET(config)#
3. Assign enable secret password cisco123 BUET(config)#enable secret cisco123 BUET(config)#
4. Configure login banner BUET(config)#banner motd "Do not try to access here"
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
9
CCNA Routing & Switching v3 LAB Guide
10
5. Console password BUET(config)#line console 0 BUET(config-line)#password ashish123 BUET(config-line)#login BUET(config-line)#exit BUET(config)#
6. Enter Virtual Terminal lines and give a password ashish@123#, to login remotely BUET(config)#line vty 0 4 BUET(config-line)#password ashish@123# BUET(config-line)#login BUET(config-line)#exit BUET(config)#
7. Configure IP Address Router's on Interface Enter global configuration mode BUET# config terminal Enter configuration commands, one per line.
End with CNTL/Z.
BUET(config)#
Enter FastEthernet 0/0 interface configuration mode : BUET(config)#interface fastEthernet 0/0 BUET(config-if)# Enter IP address and subnet mask: BUET(config-if)#ip address 192.168.10.1 255.255.255.0
By default, all interfaces on a Cisco router are “Administratively Down”. To bring an interface up, issue the no shutdown command. BUET(config-if)#no shutdown BUET(config-if)#exit BUET(config)# 8. Save Configuration BUET#write memory Building configuration... [OK] BUET# DU#write memory Building configuration... [OK]
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
11 you can also save configuration using BUET# copy running-config start-up config But be sure about the command, cannot be reversed as : copy start-up config
running-config
then all your configuration will be lost or backup from NVRAM.
9. Assign IP to all hosts
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
12
11. Now ping to all devices from any PC C:\>ping 192.168.10.2 Pinging 192.168.10.2 with 32 bytes of data: Reply Reply Reply Reply
from from from from
192.168.10.2: 192.168.10.2: 192.168.10.2: 192.168.10.2:
bytes=32 bytes=32 bytes=32 bytes=32
time=1ms timeen Router#conf t Router(config)#hostname Venus Venus(config)#interface fastEthernet 0/0 Venus(config-if)#ip address 192.168.10.1 255.255.255.0 Venus(config-if)#no shutdown Venus(config-if)#exit Venus(config)#ip domain-name cisco.com Venus(config)#username ashish privilege 15 password cisco123 Venus(config)#crypto key generate rsa The name for the keys will be: Venus.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
Venus(config)# *Mar 1 0:34:31.790: %SSH-5-ENABLED: SSH 1.99 has been enabled Venus(config)#ip ssh version 2 Venus(config)#enable secret cisco Venus(config)#line console 0 Venus(config-line)#logging synchronous Venus(config-line)#login local Venus(config-line)#exit Venus(config)#line vty 0 4 Venus(config-line)#transport input ssh Venus(config-line)#login local Venus#show ip ssh SSH Enabled - version 2.0 Authentication timeout: 120 secs; Authentication retries: 3 Venus# C:\>ssh -l ashish 192.168.10.1 Open Password: Venus#conf t Venus(config)#
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
17 Key Note: ----------------------------------------------------------------------------
"logging synchronous" prevents every logging output from immediately interrupting your console session. Say for example when you tried to telnet your Router or switch you will see lot of log messages before you logged in with username and password. --------------------------------------------------------------------------------------------------------------------------------RSA is algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of them can be given to everyone. ============================================================================
LAB 4: BACKUP AND RESTORING CONFIGURATION
Configure tftp server (In your physical Lab you can download tftp server in your PC then configure it. And rest of the configurations are same)
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
18
Verify configuration file is saved in NVRAM Denver#show startup-config DU#show startup-config
Now backup configuration file to tftp server (From Switch) Denver#copy startup-config tftp Address or name of remote host []? 192.168.10.4 (TFTP Server IP) Destination filename [Denver-confg]? (Press Enter to save it as default name) Writing startup-config...!! [OK - 653 bytes] 653 bytes copied in 0.012 secs (54416 bytes/sec) Denver#
Now backup configuration file to tftp server (From Router) DU#copy startup-config tftp: Address or name of remote host []? 192.168.10.4 Destination filename [DU-confg]? Writing startup-config...!! [OK - 1178 bytes] 1178 bytes copied in 0.032 secs (36812 bytes/sec) DU#
Erase startup-configuration file and reboot or reload the router and switch DU#erase startup-config
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
19 Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram DU# DU#reload Proceed with reload? [confirm] Denver#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram BUET# Denver #reload Proceed with reload? [confirm]
Configure IP address to router and switch Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastEthernet 0/0 Router(config-if)#ip address 192.168.10.1 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface vlan 1 Switch(config-if)#ip address 192.168.10.10 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)#ip default-gateway 192.168.10.1
Now restore configuration from tftp server to switch and router Switch#copy tftp running-config Address or name of remote host []? 192.168.10.4 (TFTP Server IP) Source filename []? Denver-confg
(Backup file name on tftp server)
Destination filename [running-config]? (Press enter) Denver#write
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
20 Building configuration... [OK] Denver# Router#copy tftp running-config Address or name of remote host []? 192.168.10.4 (TFTP Server IP) Source filename []? DU-confg (Backup file name on tftp server) Destination filename [running-config]? (Press enter)
Now save the configuration to NVRAM Switch# write memory Router# write memory ============================================================================
LAB 5: Configure VLAN, Access and Trunk Port The design of layer-2 switched network is a flat network. Each and every device on the Network can see the transmission of every broadcast packet even if it does not need to receive the data. But we can create multiple/ separate broadcast domain logically in a L2 switch. This is possible with VLAN technology. VLAN means Virtual LAN. The segregation of vlan is only to reduce the broadcast domain. Every vlan means you are using one subnet for each vlan. The VLANs makes network management easy with number of ways: The VLAN can categorize many broadcast domains into number of logical subnets. The network needs to configure a port into the suitable VLAN in order to achieve change, add or move. In the VLAN a group of users with the demand of high security can be included so that the external users out the VLAN cannot interact with them. When it comes to logical classification of users in terms of function, we can consider VLAN as independent from their geographic or physical locations. Even the security of network can be enhanced by VLAN. The number of broadcast domains are increased with VLANs while the size decreases.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
Trunk Ports: Between switches we are going to create a trunk. A trunk connection is an interface carries multiple VLANs. Access Ports : Carries data, generally connected to hosts or Servers There are two trunking protocols we can use: 1. IEEE 802.1Q: Open standard, support switch of any vendor. 2. Cisco ISL (Inter-Switch Link): Cisco proprietary protocol that is only supported on some Cisco switches. On a Cisco switch, VLAN 1 is by default. 802.1Q will not tag the native VLAN while ISL does tag the native VLAN. By default all switch ports are on VLAN1. VLAN information is not saved in the running-config or startup-config but in separate file vlan.dat on flash memory. To delete the VLAN information , delete the file by delete flash:vlan.dat command.
Objective 1. Basic configuration of switch 2. Create VLANs
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
21
CCNA Routing & Switching v3 LAB Guide
22
3. configuration of trunk ports 4. Configuration of Access ports 5. Assign IP to hosts 6. Verification Data sheet
VLAN ID 10 20
VLAN Name Cisco Solaris
Ports F0/1 - f0/9 F 0/10 - F 0/20
Switch DU BUET
Subnet 192.168.10.0/24 172.16.20.0/24
1. Basic configuration of switch Switch(config)#hostname DU DU(config)#enable secret cisco DU(config)#line console 0 DU(config-line)#password cisco DU(config-line)#login DU(config-line)#exit Switch(config)#hostname BUET BUET(config)#enable secret cisco BUET(config)#line console 0 BUET(config-line)#password cisco BUET(config-line)#login BUET(config-line)#exit
2. Create VLANs DU(config)#vlan 10 DU(config-vlan)#name cisco DU(config-vlan)#exit DU(config)#vlan 20 DU(config-vlan)#name solaris DU(config-vlan)#exit DU(config)# BUET(config)#vlan 10 BUET(config-vlan)#name cisco
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
23 BUET(config-vlan)#exit BUET(config)#vlan 20 BUET(config-vlan)#name solaris BUET(config-vlan)#exit BUET(config)#
3. configuration of trunk ports DU(config)#interface gigabitEthernet 0/1 DU(config-if)#switchport mode trunk DU(config-if)#no shutdown DU(config-if)#exit BUET(config)#interface gigabitEthernet 0/1 BUET(config-if)#switchport mode trunk BUET(config-if)#no shutdown DU#show interfaces gigabitEthernet 0/1 switchport Name: Gig0/1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
24
4. Configuration of Access ports BUET#conf t BUET(config)#interface range fastEthernet 0/1 - 9 BUET(config-if-range)#switchport mode access BUET(config-if-range)#switchport access vlan 10 BUET(config-if-range)#exit BUET(config)#interface range fastEthernet 0/10 - 20 BUET(config-if-range)#switchport mode access BUET(config-if-range)#switchport access vlan 20 BUET(config-if-range)#exit BUET(config)#exit BUET# DU#conf t Enter configuration commands, one per line. End with CNTL/Z. DU(config)#interface range fastEthernet 0/1 - 9 DU(config-if-range)#switchport mode access DU(config-if-range)#switchport access vlan 10 DU(config-if-range)#exit DU(config)#interface range fastEthernet 0/10 - 20 DU(config-if-range)#switchport mode access DU(config-if-range)#switchport access vlan 20 DU(config-if-range)#end DU#
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
25
5. Assign IP to hosts
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
26
Ping to same VLAN..............PC0 to PC2 C:\>ping 192.168.10.3 Pinging 192.168.10.3 with 32 bytes of data: Reply Reply Reply Reply
from from from from
192.168.10.3: 192.168.10.3: 192.168.10.3: 192.168.10.3:
C:\>ping 172.16.20.3
bytes=32 bytes=32 bytes=32 bytes=32
time=11ms TTL=128 timeping 192.168.30.2 Pinging 192.168.30.2 with 32 bytes of data: Reply Reply Reply Reply
from from from from
192.168.10.1: 192.168.10.1: 192.168.10.1: 192.168.10.1:
Destination Destination Destination Destination
host host host host
unreachable. unreachable. unreachable. unreachable.
Ping statistics for 192.168.30.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\>
Thus we need routing either static or dynamic, right ? Let us start with static routing............... DU Router DU(config)#ip route 192.168.30.0 255.255.255.0 192.168.20.2
BUET Router BUET(config)#ip route 192.168.10.0 255.255.255.0 192.168.20.1
Rules of Static route Router(config)# ip route [destination_network] [subnet_mask] [next-hop]
On point-to-point links, an exit-interface can be specified instead of a next-hop address. Router(config)# ip route [destination_network] [subnet_mask] [Exit-Interface ]
So for the previous example instead of IP Address we can write exit-interface as follows but if the 2 routers are connected point-to-point DU(config)#ip route 192.168.30.0 255.255.255.0 fastEthernet 0/0 BUET(config)#ip route 192.168.10.0 255.255.255.0 fastEthernet 0/0
Now ping again, C:\>ping 192.168.30.2 Reply Reply Reply Reply
from from from from
192.168.30.2: 192.168.30.2: 192.168.30.2: 192.168.30.2:
bytes=32 bytes=32 bytes=32 bytes=32
timeen Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname ISP ISP(config)#interface fastEthernet 0/0 ISP(config-if)#description Connectivity to CUSTOMER ROUTER ISP(config-if)#ip address 103.13.148.2 255.255.255.248 ISP(config-if)#no shutdown ISP(config-if)#exit ISP(config)#interface fastEthernet 1/0 ISP(config-if)#description Connectivity to INTERNET ISP(config-if)#ip address 100.100.100.1 255.255.255.0 ISP(config-if)#no shutdown ISP(config-if)#end
default route to INTERNET on CUSTOMER Router CUSTOMER(config)#ip route 0.0.0.0 0.0.0.0 103.13.148.2 Static route to CUSTOMER LAN on ISP Router ISP(config)#ip route 192.168.10.0 255.255.255.0 103.13.148.1 Assign IP Address to hosts.............................
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
70
Verification Apply Ping from PC0 to PC1 C:\>ping 100.100.100.2 Reply Reply Reply Reply
from from from from
100.100.100.2: 100.100.100.2: 100.100.100.2: 100.100.100.2:
bytes=32 bytes=32 bytes=32 bytes=32
time=1ms timeping 100.100.100.100 Pinging 100.100.100.100 with 32 bytes of data: Reply Reply Reply Reply
from from from from
100.100.100.100: 100.100.100.100: 100.100.100.100: 100.100.100.100:
bytes=32 bytes=32 bytes=32 bytes=32
time=2ms timeping 192.168.20.2 Reply from 192.168.20.2: bytes=32 time=1ms TTL=126 Reply from 192.168.20.2: bytes=32 time=1ms TTL=126 Reply from 192.168.20.2: bytes=32 time=1ms TTL=126 Reply from 192.168.20.2: bytes=32 time=1ms TTL=126
The clock rate will set the speed. It doesn’t matter much what clock speed we use. We can use a command to verify that the DTE router has received the clock rate: Ashish# show controllers serial 0/1/0 Interface Serial0/1/0 Hardware is PowerQUICC MPC860 DTE V.35 TX and RX clocks detected idb at 0x81081AC4, driver data structure at 0x81084AC0
In the example above Ashish is the DTE side and it has received a clock rate. Show controllers is a useful command when you don’t have physical access to your hardware so you don’t know which side of the cable is DTE or DCE
LAB 31: BGP Basic Configuration BGP is an external gateway protocol, It is used between different networks. It is the protocol used between Internet service providers (ISPs) and also can be used between an Enterprise and an ISP. BGP was built for reliability, scalability, and control, not speed. BGP stands for Border Gateway Protocol. Routers running BGP are termed BGP speakers.
BGP uses the concept of autonomous systems (AS). An autonomous system is a group of networks under a common administration. The Internet Assigned Numbers Authority (IANA) assigns AS numbers: 1 to 64511 are public AS numbers and 64512 to 65535 are private AS numbers.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
121 Autonomous systems run Interior Gateway Protocols (IGP) within the system. They run an Exterior Gateway Protocol (EGP) between them. BGP version 4 is the only EGP currently in use.
Routing between autonomous systems is called interdomain routing.
The administrative distance for EBGP routes is 20. The administrative distance for IBGP routes is 200.
BGP neighbors are called peers and must be statically configured.
BGP uses TCP port 179. BGP peers exchange incremental, triggered route updates and periodic keepalives.
Routers can run only one instance of BGP at a time.
BGP is a path-vector protocol.
BGP neighbors can be of two types:
IBGP neighbors – when two neighbors are in the same AS;
EBGP neighbors – when two neighbors belong to different AS.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
122
Basic Configuration ISP1 Router#conf t Router(config)#hostname ISP1 ISP1(config)#interface fastEthernet 0/0 ISP1(config-if)#ip address 192.168.10.1 255.255.255.0 ISP1(config-if)#no shutdown ISP1(config-if)#exit ISP1(config)#interface fastEthernet 0/1 ISP1(config-if)#ip address 10.10.10.1 255.255.255.0 ISP1(config-if)#no shutdown ISP1(config-if)#exit
ISP2 Router(config)#hostname ISP2 ISP2(config)#interface fastEthernet 0/0 ISP2(config-if)#ip address 192.168.10.2 255.255.255.0 ISP2(config-if)#no shutdown ISP2(config-if)#exit ISP2(config)#interface fastEthernet 0/1 ISP2(config-if)#ip address 11.11.11.1 255.255.255.0 ISP2(config-if)#no shutdown
BGP Configuration ISP1(config)#router bgp 100
*100 is the AS Number of ISP1*
ISP1(config-router)#neighbor 192.168.10.2 remote-as 200
* Declare neighbor,
200 is the AS of ISP2, 192.168.10.2 is the IP Address of ISP2's F0/0 Interface* ISP1(config-router)#network 10.10.10.0 mask 255.255.255.0
* advertise
network* ISP1(config-router)#exit ISP2(config)#router bgp 200 ISP2(config-router)#neighbor 192.168.10.1 remote-as 100 ISP2(config-router)#%BGP-5-ADJCHANGE: neighbor 192.168.10.1 Up ISP2(config-router)#network 11.11.11.0 mask 255.255.255.0 ISP2(config-router)#
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
Verification Show ip bgp summary command shows if the neighborship is formed
We can see the bgp route with show ip bgp command
LAB 32: BGP Single Homed Design
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
123
CCNA Routing & Switching v3 LAB Guide
124
R1 is in our enterprise core and has OSPF as its IGP. R1#conf t Enter configuration commands, one per line.
End with CNTL/Z.
R1(config)#interface fastEthernet 0/1 R1(config-if)#ip address 192.168.10.2 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#router ospf 1 R1(config-router)#network 192.168.10.0 0.0.0.255 area 0 R1(config-router)#exit R1(config)#
R2 is in our enterprise edge and has OSPF for IGP and BGP for EGP. R2#conf t R2(config)#interface fastEthernet 0/1 R2(config-if)#ip address 192.168.10.1 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface fastEthernet 0/0 R2(config-if)#ip address 192.168.20.1 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#router ospf 1 R2(config-router)#network 192.168.10.0 0.0.0.255 area 0 R2(config-router)#exit R2(config)#router ospf 1 R2(config-router)#default-information originate R2(config-router)#exit R2(config)#router bgp 100 R2(config-router)#neighbor 192.168.20.2 remote-as 200 R2(config-router)#network 1.1.1.0 mask 255.255.255.0 R2(config-router)#exit R2(config)#ip route 1.1.1.0 255.255.255.0 null 0
R2 is in the service provider edge. R2 has a couple of static routes to advertise into BGP and is advertising a default route to R1 which will then get propagated throughout the enterprise core.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
125 R3#conf t R3(config)#interface fastEthernet 0/0 R3(config-if)#ip address 192.168.20.2 255.255.255.0 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#ip route 0.0.0.0 0.0.0.0 null 0 R3(config)#ip route 2.2.2.0 255.255.255.0 null 0 R3(config)#router bgp 200 R3(config-router)#neighbor 192.168.20.1 remote-as 100 R3(config-router)#network 2.2.2.0 mask 255.255.255.0 R3(config-router)#neighbor 192.168.20.1 default-originate R3(config-router)#exit
Verification R3#show ip bgp summary Neighbor
V
192.168.20.1
4
AS MsgRcvd MsgSent 100
23
TblVer
24
3
InQ OutQ Up/Down 0
0 00:19:33
State/PfxRcd 1
R3#
R2#show ip route ..................................... 1.0.0.0/24 is subnetted, 1 subnets S
1.1.1.0 is directly connected, Null0 2.0.0.0/24 is subnetted, 1 subnets
B
2.2.2.0 [20/0] via 192.168.20.2, 00:17:59 ** BGP learned route **
C
192.168.10.0/24 is directly connected, FastEthernet0/1
C
192.168.20.0/24 is directly connected, FastEthernet0/0
B*
0.0.0.0/0 [20/0] via 192.168.20.2, 00:20:18 ** default route from BGP
because of the default originate command in R3 **
R2#show ip bgp -------------------......................... Network
Next Hop
Metric LocPrf Weight Path
*> 0.0.0.0
192.168.20.2
0
0 200 i
*> 1.1.1.0/24
0.0.0.0
0
32768 i
*> 2.2.2.0/24
192.168.20.2
0
0 200 i
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
126 R1#show ip ospf neighbor Neighbor ID 192.168.20.1
Pri 1
State
Dead Time
Address
Interface
FULL/BDR
00:00:31
192.168.10.1
FastEthernet0/1
R1#show ip route -------------------------------Gateway of last resort is 192.168.10.1 to network 0.0.0.0 C
192.168.10.0/24 is directly connected, FastEthernet0/1
O*E2 0.0.0.0/0 [110/1] via 192.168.10.1, 00:06:16, FastEthernet0/1
Here we can see R2 is BGP (Single homed) with R3 advertising a /24 (1.1.1.0/24) and R2 is advertising a default to the enterprise core (R1). Explaination default-information originate, the router is going to Redistribute a default route it got from another Router (OSPF) neighbor x.x.x.x default-originate (BGP) If you want to advertise default route to a specific peer, this is the method for that requirement.
Add ‘neighbor x.x.x.x default-originate’ under router bgp
It does not even check for the existence of a default route in the IP routing table
The ‘default-information originate’ command should not be configured with the ‘neighbor x.x.x.x default-originate’ command on the same router
The Null interface is typically used for preventing routing loops. Also prevent DoS Aattack. An example of where this traffic to unused IP addresses might come from could be denial of service attacks, scanning of IP blocks to find vulnerable hosts, etc
LAB 33 : HSRP (Hot Standby Router Protocol) Configuration HSRP provides layer 3 redundancy in our network through active and standby router assignment, interface tracking, and load balancing. A group of physical routers, acting as a single virtual router, advertise a single IP address and MAC address into our network. By tracking interfaces and managing multiple groups, we can optimize speed as well as add
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
127 redundancy to our networks. And we can use VRRP or GLBP based on our individual network needs. The services that HSRP provides are a great addition to any network. Characteristics
HSRP is Cisco proprietary
HSRP has 5 states: Initial, listen, speak, standby and active.
HSRP allows multiple routers to share a virtual IP and MAC address so that the enduser hosts do not realize when a failure occurs.
The active (or Master) router uses the virtual IP and MAC addresses.
Standby routers listen for Hellos from the Active router. A hello packet is sent every 3 seconds by default. The hold time (dead interval) is 10 seconds.
Virtual MAC of 0000.0C07.ACxx , where xx is the hexadecimal number of HSRP group.
The group numbers of HSRP version 1 range from 0 to 255. HSRP does support group number of 0 (we do check it and in fact, it is the default group number if you don’t enter group number in the configuration) so HSRP version 1 supports up to 256 group numbers. HSRP version 2 supports 4096 group numbers.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
128
Assign IP Address to Venus =============================== Switch>en Switch#conf t Switch(config)#hostname venus venus(config)#int fastEthernet 0/10 venus(config-if)#no switchport venus(config-if)#ip address 192.168.1.1 255.255.255.0 venus(config-if)#no shutdown venus(config-if)#exit venus(config)#int fastEthernet 0/1 venus(config-if)#no switchport venus(config-if)#ip address 192.168.30.2 255.255.255.0 venus(config-if)#no shutdown venus(config-if)#
Assign IP Address to Denver =============================== Switch>en Switch#conf t Switch(config)#hostname Denver Denver(config)#int fastEthernet 0/11 Denver(config-if)#no switchport Denver(config-if)#ip address 192.168.1.2 255.255.255.0 Denver(config-if)#no shutdown Denver(config-if)#exit Denver(config)#int fastEthernet 0/1 Denver(config-if)#no switchport
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
129 Denver(config-if)#ip address 192.168.40.2 255.255.255.0 Denver(config-if)#no shutdown Denver(config-if)#end
Assign IP Address to Toronto ============================= Router>en Router#conf t Router(config)#hostname Toronto Toronto(config)#interface fastEthernet 0/0 Toronto(config-if)#ip address 192.168.30.1 255.255.255.0 Toronto(config-if)#no shutdown Toronto(config-if)#exit Toronto(config)#int fastEthernet 0/1 Toronto(config-if)#ip add Toronto(config-if)#ip address 192.168.40.1 255.255.255.0 Toronto(config-if)#no shutdown Toronto(config-if)#exit Toronto(config)#int loopback 1 Toronto(config-if)#ip address 1.1.1.1 255.255.255.0 Toronto(config-if)#exit Toronto(config)#int loopback 1 Toronto(config-if)#ip address 1.1.1.1 255.255.255.0 Toronto(config-if)#exit
Create static route to 1.1.1.0/24 network from Venus and Denver ===================================================================== venus(config)#ip route 1.1.1.0 255.255.255.0 192.168.30.1
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
130 Denver(config)#ip route 1.1.1.0 255.255.255.0 192.168.40.1
Create static route to 192.168.1.0/24 network from Toronto ================================================================ Toronto(config)#ip route 192.168.1.0 255.255.255.0 192.168.30.2 Toronto(config)#ip route 192.168.1.0 255.255.255.0 192.168.40.2
Apply ip routing command on venus and Denver ================================================= venus(config)#ip routing Denver(config)#ip routing
Assign IP address to host with default Gateway 192.168.1.1 and 192.168.1.2 and apply ping command to 1.1.1.0 Network ====================================================================== C:\>ping 1.1.1.1 Reply from 1.1.1.1: bytes=32 time=1ms TTL=254 Reply from 1.1.1.1: bytes=32 timeping 1.1.1.1 Reply from 1.1.1.1: bytes=32 time ping 12.12.12.12 84 bytes from 12.12.12.12 icmp_seq=1 ttl=254 time=31.200 ms 84 bytes from 12.12.12.12 icmp_seq=2 ttl=254 time=31.200 ms 84 bytes from 12.12.12.12 icmp_seq=3 ttl=254 time=31.200 ms 84 bytes from 12.12.12.12 icmp_seq=4 ttl=254 time=31.200 ms R2#show access-lists Standard IP access list 50 10 permit 192.168.10.0, wildcard bits 0.0.0.255 (27 matches)
LAB 35 : EXTENDED IP ACCESS-LIST Extended IP access-lists block based upon the source IP address, destination IP address, and TCP or UDP port number. Extended access-lists should be placed closest to the source network.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
Objective: We will configure Extended ACL so that PC0 can only posseses Telnet service PC2 can only posseses HTTP Service and PC1 can only posseses Mail service
IP Configuration Router(config)#hostname LOCAL LOCAL(config)#interface fastEthernet 0/1 LOCAL(config-if)#ip address 192.168.10.1 255.255.255.0 LOCAL(config-if)#no shutdown LOCAL(config-if)#exit LOCAL(config)#interface fastEthernet 0/0 LOCAL(config-if)#ip address 103.13.148.1 255.255.255.240 LOCAL(config-if)#no shutdown LOCAL(config-if)#exit
Static Default Route LOCAL(config)#ip route 0.0.0.0 0.0.0.0 103.13.148.2
Telnet Access LOCAL(config)#line vty 0 5 LOCAL(config-line)#password cisco LOCAL(config-line)#login LOCAL(config-line)#exit LOCAL(config)#enable secret cisco
IP Configuration Router(config)#hostname ISP ISP(config)#interface fastEthernet 0/0 ISP(config-if)#ip address 103.13.148.2 255.255.255.240 ISP(config-if)#no shutdown ISP(config-if)#exit ISP(config)#interface fastEthernet 0/1 ISP(config-if)#ip address 100.100.100.1 255.255.255.0 ISP(config-if)#no shutdown ISP(config-if)#exit
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
138
CCNA Routing & Switching v3 LAB Guide
139
Static Route ISP(config)#ip route 192.168.10.0 255.255.255.0 103.13.148.1 Switch(config)#ip default-gateway 100.100.100.1
Extended ACL Configuration ISP(config)#access-list 101 permit tcp host 100.100.100.2 any eq telnet ISP(config)#access-list 101 permit tcp host 100.100.100.4 any eq www ISP(config)#access-list 101 permit tcp host 100.100.100.3 any eq smtp
Apply it to its Inside Interface ISP(config)#interface fastEthernet 0/1 ISP(config-if)#ip access-group 101 in
ISP#show ip interface fastEthernet 0/1 FastEthernet0/1 is up, line protocol is up (connected) Internet address is 100.100.100.1/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 101
ISP#show access-lists 101 Extended IP access list 101 permit tcp host 100.100.100.2 any eq telnet (37 match(es)) permit tcp host 100.100.100.4 any eq www (11 match(es)) permit tcp host 100.100.100.3 any eq smtp (2 match(es))
From PC0 login to Router LOCAL using telnet is possible
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
140 But from others PC it is not possible
From PC2 we can browse ....................
But PC0 or PC1 cannot browse to HTTP Server
From PC1 we can see that SMTP service is open but others PC not...
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
141
LAB 36: Named IP Access List This allows standard and extended ACLs to be given names instead of numbers
Objective: We will configure Named ACL to ensure that only PC0 can be logged in throughTelnet to router BUET but PC1 can not.......... Basic Configuration of Router and Switch: Router>en Router#conf t Router(config)#hostname DU DU(config)#interface fastEthernet 0/0 DU(config-if)#ip address 192.168.10.1 255.255.255.0
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
142 DU(config-if)#no shutdown DU(config-if)#exit DU(config)#interface fastEthernet 0/1 DU(config-if)#ip address 172.16.10.1 255.255.255.0 DU(config-if)#no shutdown DU(config)#router eigrp 10 DU(config-router)#network 192.168.10.0 DU(config-router)#network 172.16.10.0 DU(config-router)#no auto-summary DU(config-router)#exit DU(config-if)#exit Router(config)#hostname BUET BUET(config)#interface fastEthernet 0/0 BUET(config-if)#ip address 192.168.10.2 255.255.255.0 BUET(config-if)#no shutdown BUET(config-if)#exit BUET(config)#router eigrp 10 BUET(config-router)#network 192.168.10.0 BUET(config-router)#no auto-summary BUET(config-router)#exit BUET(config)#no ip domain-lookup BUET(config)#line vty 0 4 BUET(config-line)#password cisco BUET(config-line)#login BUET(config-line)#exit BUET(config)#enable secret cisco BUET(config)#exit DEFINE NAMED ACL DU(config)#ip access-list extended venus DU(config-ext-nacl)#permit tcp host 172.16.10.2 any eq telnet DU(config-ext-nacl)#deny tcp host 172.16.10.3 any eq telnet DU(config-ext-nacl)#permit ip any any DU(config-ext-nacl)#exit
Apply ACL to Router's Interface
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
143 DU(config)#interface fastEthernet 0/0 DU(config-if)#ip access-group venus out DU(config-if)#end Switch(config)#ip default-gateway 172.16.10.1
From PC0 C:\>ping 192.168.10.2 Reply Reply Reply Reply
from from from from
192.168.10.2: 192.168.10.2: 192.168.10.2: 192.168.10.2:
bytes=32 bytes=32 bytes=32 bytes=32
timeen Router#conf t
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
145 Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname ISP ISP(config)#interface fastEthernet 0/0 ISP(config-if)#ip address 103.13.148.2 255.255.255.0 ISP(config-if)#no shutdown ISP(config-if)#exit ISP(config)#interface fastEthernet 0/1 ISP(config-if)#ip address 10.10.10.1 255.255.255.0 ISP(config-if)#no shutdown ISP(config-if)#exit
Configure default-route to Internet on Gateway Router Gateway(config)#ip route 0.0.0.0 0.0.0.0 103.13.148.2 Gateway(config)#exit
Configure static route to LAN on ISP ISP(config)#ip route 192.168.10.0 255.255.255.0 103.13.148.1
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
Specify default gateway on switch Switch(config)#ip default-gateway 192.168.10.1
Static NAT Configuration Gateway#conf t Gateway(config)#ip nat inside source static 192.168.10.2 103.13.148.10 Gateway(config)#interface fastEthernet 0/1 Gateway(config-if)#ip nat inside Gateway(config-if)#exit Gateway(config)#interface fastEthernet 0/0 Gateway(config-if)#ip nat outside Gateway(config-if)#end Gateway#
Verification Gateway# show ip route
ISP# show ip route
Ping from PC0 to Server PC
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
146
CCNA Routing & Switching v3 LAB Guide
147
On Server PC ---- Activate the http service ; From Internet PC (PC0 under ISP Router) browse using 103.13.148.10 IP (through Public IP that is assigned for static mapping)
LAB 38 : Dynamic NAT (Like many to many) (We will do Dynamic NAT Configuration following Static NAT , So all the configuration of previous LAB will remain same) When we have a pool of public IP addresses, Dynamic NAT is used.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
148 Never use dynamic NAT for servers or other devices that need to be accessible from the Internet. Suppose our internal network is 192.168.10.0/24. We also have the pool of public IP addresses from 103.13.148.20-103.13.148.30 and Net Mask is 255.255.255.0. The procedure will be as follows: Create an ACL for LAN traffic
------------------------------------Gateway(config)#access-list 1 permit 192.168.10.0 0.0.0.255
Create a nat pool which Public IP addresses are used for translations
----------------------------------------------------------------------------------------Gateway(config)#ip nat pool venus 103.13.148.20 103.13.148.30 netmask 255.255.255.0
Apply the NAT with ACL and nat pool
--------------------------------------------------Gateway(config)#ip nat inside source list 1 pool venus
Apply it to interface ---------------------------Gateway(config)#interface fastEthernet 0/1 Gateway(config-if)#ip nat inside Gateway(config-if)#exit Gateway(config)#interface fastEthernet 0/0 Gateway(config-if)#ip nat outside Gateway(config-if)#exit
Verification PING PC0 from PC1 / PC2.................
Gateway#show ip nat translations Dynamic NAT icmp 103.13.148.20:3 192.168.10.11:3 10.10.10.2:3 10.10.10.2:3 icmp 103.13.148.20:4 192.168.10.11:4 10.10.10.2:4 10.10.10.2:4 icmp 103.13.148.21:5 192.168.10.10:5 10.10.10.2:5 10.10.10.2:5 icmp 103.13.148.21:6 192.168.10.10:6 10.10.10.2:6 10.10.10.2:6 icmp 103.13.148.21:7 192.168.10.10:7 10.10.10.2:7 10.10.10.2:7
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
149
Static NAT --- 103.13.148.10 192.168.10.2 --- --tcp 103.13.148.10:80 192.168.10.2:80 10.10.10.2:1025 10.10.10.2:1025 tcp 103.13.148.10:80 192.168.10.2:80 10.10.10.2:1026 10.10.10.2:1026 tcp 103.13.148.10:80 192.168.10.2:80 10.10.10.2:1027 10.10.10.2:1027 tcp 103.13.148.10:80 192.168.10.2:80 10.10.10.2:1028 10.10.10.2:1028 tcp 103.13.148.10:80 192.168.10.2:80 10.10.10.2:1029 10.10.10.2:1029 tcp 103.13.148.10:80 192.168.10.2:80 10.10.10.2:1030 10.10.10.2:1030 tcp 103.13.148.10:80 192.168.10.2:80 10.10.10.2:1031 10.10.10.2:1031
An inside host makes a request to an outside host and the router dynamically assigns an available IP address from the pool for the translation of the private IP address. If there’s no public IP address available, the router rejects new connections until you clear the NAT mappings. However, you have as many public IP addresses as hosts in your network, you won’t be faced this problem. NAT Overload NAT Overload, also called PAT, probably the most used type of NAT. We can configure NAT overload in two ways, depending on how many public IP address we have.. LAB 39 : Static PAT Suppose, we have only one public IP address allocated by our ISP. Here we have to map all our inside hosts to the available IP address. The configuration is almost the same as for dynamic NAT, but in this case we specify the outside interface instead of a NAT pool.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
150 Router(config)#hostname GW GW(config)#int GW(config)#interface fastEthernet 0/0 GW(config-if)#ip address 103.13.148.1 255.255.255.240 GW(config-if)#no shutdown GW(config-if)#exit GW(config)#interface fastEthernet 0/1 GW(config-if)#ip address 192.168.10.1 255.255.255.0 GW(config-if)#no shutdown GW(config-if)#exit Router(config)#hostname ISP ISP(config)#interface fastEthernet 0/0 ISP(config-if)#ip address 103.13.148.2 255.255.255.240 ISP(config-if)#no shutdown ISP(config-if)#exit ISP(config)#interface fastEthernet 0/1 ISP(config-if)#ip address 100.100.100.1 255.255.255.0 ISP(config-if)#no shutdown ISP(config-if)#exit
Static default route to Internet on GW Router GW(config)#ip route 0.0.0.0 0.0.0.0 103.13.148.2
Static route to LAN on ISP Router ISP(config)#ip route 192.168.10.0 255.255.255.0 103.13.148.1
Assign IP address to Hosts and verify connectivity
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
151
C:\>ping 192.168.10.10 Reply Reply Reply Reply
from from from from
192.168.10.10: 192.168.10.10: 192.168.10.10: 192.168.10.10:
bytes=32 bytes=32 bytes=32 bytes=32
time=1ms TTL=126 time=10ms TTL=126 timeen Password: Tacacs#
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
163
LAB 43: Syslog Server
Cisco devices use the syslog protocol to manage system logs and alerts. Syslog Server collects all the logs in a central location and then we can use these logs for the troubleshooting devices. There are 8 levels of logs that is generated. these are called severity level. Lower severity level is more critical.
Message Logging Level Keywords Level Keyword Level
Description
Syslog Definition
emergencies
0
System unstable
LOG_EMERG
alerts
1
Immediate action needed
LOG_ALERT
critical
2
Critical conditions
LOG_CRIT
errors
3
Error conditions
LOG_ERR
warnings
4
Warning conditions
LOG_WARNING
notifications
5
Normal but significant condition LOG_NOTICE
informational
6
Informational messages only
LOG_INFO
debugging
7
Debugging messages
LOG_DEBUG
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
The software generates four other categories of messages:
164
Error messages about software or hardware malfunctions, displayed at levels warnings through emergencies: these types of messages mean that the functionality of the access point is affected. Output from the debug commands, displayed at the debugging level: debug commands are typically used only by the Technical Assistance Center (TAC). Interface up or down transitions and system restart messages, displayed at the notifications level: this message is only for information; access point functionality is not affected. Reload requests and low-process stack messages, displayed at the informational level: this message is only for information; access point functionality is not affected. Part of syslog messages
Timestamp
Log Message Name and Severity Level
Message Text
LAB :
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
165 Router> Router>enable Router#conf t Router(config)#hostname DU DU(config)#interface fastEthernet 0/0 DU(config-if)#ip address 192.168.10.1 255.255.255.0 DU(config-if)#no shutdown
Go to the service and be sure syslog service is on
Syslog configuration on DU Router We will use the logging host command to specify the Syslog server address on Cisco router. DU(config)#logging host 192.168.10.2
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
166 Then apply the logging trap command to specify the log types and category (called severity level). For example, use the debug log (severity level 7). We may use any other severity level that we wish to test. DU(config)#logging trap debugging
Then we will use the debug ip command to enable debugging for a protocol. In this case, we will use ICMP protocol. DU#debug ip icmp
Apply ping 192.168.1.100 command to generate some ICMP packets to test your configuration. C:\>ping 192.168.10.1 Pinging 192.168.10.1 with 32 bytes of data: Reply Reply Reply Reply
from from from from
192.168.10.1: 192.168.10.1: 192.168.10.1: 192.168.10.1:
bytes=32 bytes=32 bytes=32 bytes=32
time=1ms time prompt, type enable 9. At the Router# prompt, enter the configure memory command, and press Enter in order to copy the startup configuration to the running configuration. 10. Use the config t command in order to enter global configuration mode.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
11. Use this command in order to create a new user name and password:
170
router(config) #username cisco123 privilege 15 password cisco123 12. Use this command in order to change the boot statement: config-register 0x2102 13. Use this command in order to save the configuration: write memory 14. Reload the router, and then use your new user name and password to log in to the router.
Method 2 1. Connect a terminal or PC with terminal emulation to the console port of the router and ensure you have the correct terminal settings. They include no flow control, 1 stop bit, 8 data bits, no parity and 9600 baud rate. 2. If you are able to access the router, enter in show version at the prompt screen, and document the configuration register setting. 3. Next, turn off the router and wait about 5 seconds and turn it back on. 4. Press break on the terminal keyboard within 1 minute of power up in order to the router into ROMmon. 5. Enter in confreg 0x2142 at the rommon 1> prompot in order to boot the from Flash. 6. Type reset at the rommon 2> prompt. 7. Type no after each setup question or press Ctrl+C to bypass all questions. 8. Type enable at the Router> prompt 9. Type configure memory or copy startup-config running-config in order to copy NVRAM into memory. 10. Type show running-config 11. Type configure terminal 12. Type enable secret in order to change the enable secret password. 13. Issue the no shutdown command on every single interface that you use. 14. Type config-register . This typically is 0x2102. 15. Press Ctrl-z or end to leave config mode. 16. Type write memory or copy running-config startup-config to commit the modifications
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
171
LAB 46 : PROJECT 1
1. VLAN Information Switch
VLAN ID
VLAN Name
IP
Ports
DENVER
10
Cisco
172.16.10.0/24
F0/1-9
20
Solaris
172.16.20.0/24
F0/10 - 15
99
MGT
10.10.10.10/24
F0/24
30
Admin
172.16.30.0/24
F0/1 - 9
40
Accounts
172.16.40.0/24
F0/10 - 15
88
Management
11.11.11.11/24
F0/24
TORONTO
2. Router Information Router Name
Interface
IP Address
Description
LAN
F0/0 (.1)
192.168.10.0/24
To GWY Router
F0/1.10 (Sub interface)
172.16.10.1/24
To VLAN 10
F0/1.20 (Sub interface)
172.16.20.1/24
To VLAN 20
F0/1.99 (Sub interface)
10.10.10.10/24
To VLAN 99 (MGT)
F0/0 (.2)
192.168.20.0/24
To LAN Router
F0/1.30 (Sub interface)
172.16.30.1/24
To VLAN 30
GWY
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
172
ISP
F0/1.40 (Sub interface)
172.16.40.1/24
To VLAN 40
F0/1.88 (Sub interface)
11.11.11.11/24
To VLAN 88(Management)
F1/0 (.1)
192.168.30.0/24
To ISP Router
F0/0 (.2)
192.168.30.0/24
To GWY Router
F0/1 (.1)
172.16.50.0/24
To LAN Switch
2. DENVER a. hostname, enable password, telnet access & VLAN configuration b. Management VLAN Configuration
3. Router : LAN a. Interface, hostname, enable password, telnet access configuration b. Inter-Vlan Routing Configuration 4. TORONTO a. Hostname, enable password, telnet access configuration , VLAN & Access Port configuration b. Management VLAN Configuration
5. Router : GWY a. Interface, hostname, enable password, telnet access configuration b. Inter-Vlan Routing Configuration 6. EIGRP Configuration on LAN and GWY Router only 7. Router ISP a. Interface, hostname, enable password, telnet access configuration b. static route to LAN router 8. GWY Static default route to ISP 9. Redistribute static route into EIGRP 10. ACL Configuration Condition : for the Internet hosts the following service is disabled to Inside but http service is enabled a. Telnet, FTP, SMTP, SSH, ping 11. Static NAT Configuration condition : only Inside HTTP Server's private IP is translated to public IP : 103.13.148.20
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
12. Configure Inside Server as a HTTP Server
173
13. Verification
Configuration DENVER
Hostname, enable password, telnet access configuration , VLAN & Access Port configuration ================================================================================
Switch(config)#hostname DENVER DENVER(config)#enable secret cisco DENVER(config)#username admin password admin123 DENVER(config)#line vty 0 4 DENVER(config-line)#login local DENVER(config-line)#exit DENVER(config)# DENVER(config)#vlan 10 DENVER(config-vlan)#name cisco DENVER(config-vlan)#exit DENVER(config)#vlan 20 DENVER(config-vlan)#name solaris DENVER(config-vlan)#exit DENVER(config)#interface range fastEthernet 0/1 - 9 DENVER(config-if-range)#switchport mode access DENVER(config-if-range)#switchport access vlan 10 DENVER(config-if-range)#exit DENVER(config)#interface range fastEthernet 0/10 - 15 DENVER(config-if-range)#switchport mode access DENVER(config-if-range)#switchport access vlan 20 DENVER(config-if-range)#exit Management VLAN Configuration =============================
DENVER(config)#vlan 99 DENVER(config-vlan)#name MGT DENVER(config-vlan)#exit DENVER(config)#interface fastEthernet 0/24 DENVER(config-if)#switchport access vlan 99 DENVER(config-if)#exit DENVER(config)#interface vlan 99 DENVER(config-if)#ip address 10.10.10.10 255.255.255.0 DENVER(config-if)#no shutdown
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
174 Router : LAN ============= Interface, hostname, enable password, telnet access configuration =========================================================
Router(config)#hostname LAN LAN(config)#interface fastEthernet 0/1 LAN(config-if)#no shutdown LAN(config-if)#exit LAN(config)#interface fastEthernet 0/0 LAN(config-if)#ip address 192.168.10.1 255.255.255.0 LAN(config-if)#no shutdown LAN(config-if)#exit LAN(config)#enable password cisco LAN(config)#username admin password admin123 LAN(config)#line vty 0 4 LAN(config-line)#login local LAN(config-line)#exit Inter-Vlan Routing Configuration ==========================
LAN(config)#interface fastEthernet 0/1.10 LAN(config-subif)#encapsulation dot1Q 10 LAN(config-subif)#ip address 172.16.10.1 255.255.255.0 LAN(config-subif)#no shutdown LAN(config-subif)#exit LAN(config)#interface fastEthernet 0/1.20 LAN(config-subif)#encapsulation dot1Q 20 LAN(config-subif)#ip address 172.16.20.1 255.255.255.0 LAN(config-subif)#no shutdown LAN(config)#interface fastEthernet 0/1.99 LAN(config-subif)#encapsulation dot1Q 99 LAN(config-subif)#ip address 10.10.10.10 255.255.255.0 LAN(config-subif)#no shutdown LAN(config-subif)#exit LAN(config)# DENVER ======== DENVER(config)#interface fastEthernet 0/24 DENVER(config-if)#switchport mode trunk DENVER(config-if)#no shutdown DENVER(config-if)#exit Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
175
IP Assign to Hosts ==============
Verification ========== Ping : VLAN 10 host to VLAN 20 host
C:\>ping 172.16.20.2 Pinging 172.16.20.2 with 32 bytes of data: Reply from 172.16.20.2: bytes=32 timeping 172.16.40.2 Reply from 172.16.40.2: bytes=32 timeping 192.168.30.1 Pinging 192.168.30.1 with 32 bytes of data: Reply from 192.168.30.1: bytes=32 time=2ms TTL=255 Reply from 192.168.30.1: bytes=32 time=1ms TTL=255 Reply from 192.168.30.1: bytes=32 timeping 172.16.10.2
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
183
Pinging 172.16.10.2 with 32 bytes of data: Reply from 172.16.10.2: bytes=32 time=11ms TTL=125 Reply from 172.16.10.2: bytes=32 time=11ms TTL=125 Reply from 172.16.10.2: bytes=32 time=11ms TTL=125 Reply from 172.16.10.2: bytes=32 time=12ms TTL=125 C:\>
10. ACL Configuration Condition : for the Internet hosts the following service is disabled to Inside but http service is enabled a. Telnet, FTP, SMTP, SSH, ping
GWY(config)#access-list 101 deny tcp host 192.168.30.2 any eq telnet GWY(config)#access-list 101 deny tcp host 192.168.30.2 any eq ftp GWY(config)#access-list 101 deny tcp host 192.168.30.2 any eq smtp GWY(config)#access-list 101 deny tcp host 192.168.30.2 any eq pop3 GWY(config)#access-list 101 deny tcp host 192.168.30.2 any eq 22 GWY(config)#access-list 101 deny icmp host 192.168.30.2 any echo GWY(config)#access-list 101 deny icmp any host 192.168.30.2 echo-reply GWY(config)#access-list 101 permit ip any any GWY(config)#interface fastEthernet 1/0 GWY(config-if)#ip access-group 101 in
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
184
11. Static NAT Configuration condition : only Inside HTTP Server's private IP is translated to public IP : 103.13.148.20
ISP(config)#ip route 103.13.148.20 255.255.255.255 192.168.20.1
GWY(config)#interface fastEthernet 1/0 GWY(config-if)#ip nat outside GWY(config-if)#exit GWY(config)#interface fastEthernet 0/0 GWY(config-if)#ip nat inside GWY(config-if)#exit GWY(config)#ip nat inside source static 172.16.10.2 103.13.148.20 GWY(config)#
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
IPV6 Address
185
IPv6 uses 128-bit addresses, which means that for each person on the Earth there are 48,000,000,000,000,000,000,000,000,000 addresses ! Advantages:
Enhanced security
Header improvements
No need for NAT
Stateless address autoconfiguration
IPv6 uses eight groups of four hexadecimal digits separated by colons. For example, this is a valid IPv6 address: 1234:4523:EDBA:0A01:0056:5054:5ABC:ABBD
IPv6 address shortening 1. a leading zero can be omitted 1240:0023:CCBA:0A01:0065:5054:9ABC:ABB4 will be-----------1240:23:CCBA:A01:65:5054:9ABC:ABB4 2. String of of zero's can be represented as two colons (::) 1240:0000:0000:0000:0456:0000:CCCB:11DC can be written as 1240::456:0000:CCCB:11DC (But this can be for one time) Here the 0000 can be written as single zero, not double :: 1240::456:0:CCCB:11DC
Three categories of IPv6 addresses exist:
Unicast
Anycast
Multicast
There are three types of IPv6 unicast addresses
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
186 global unicast – similar to IPv4 public IP addresses. These addresses are assigned by the IANA and used on public networks. They have a prefix of 2000::/3, meaning all the addresses that begin with binary 001. unique local – similar to IPv4 private addresses. They are used in private networks and aren’t routable on the Internet. These addresses have a prefix of FD00::/8. link local – these addresses are used for sending packets over the local subnet. Routers do not forward packets with this addresses to other subnets. IPv6 requires a link-local address to be assigned to every network interface on which the IPv6 protocol is enabled. These addresses have a prefix of FE80::/10. Loopback Address Unspecified Address
::1/128 ::/0
IPv6 multicast addresses Multicast addresses in IPv6 are similar to multicast addresses in IPv4. They are used to communicate with dynamic groupings of hosts, for example all routers on the link (“one-tomany distribution”). IPv6 multicast addresses start with FF00::/8 Here is a table of some of the most common link local multicast addresses:
Here is a summary of the most common address prefixes in IPv6:
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
IPv6 transition options
187
IPv4 and IPv6 networks are not interoperable and the number of devices that use IPv4 number is still great. Some of these devices do not support IPv6 at all, so the migration process is necessary since IPv4 and IPv6 will likely coexist for some time. Many transition mechanisms have been proposes. We will introduce the main ones and describe them in the next sections: 1. IPv4/IPv6 Dual Stacks 2. NAT64 3. Tunneling
IPv6 supports the following routing protocols:
RIPng (RIP New Generation)
OSPFv3
EIGRP for IPv6
IS-IS for IPv6
MP-BGP4 (Multiprotocol BGP-4)
The following table summarizes the major differences between IPv4 and IPv6:
LAB 47: Configure IPv6 Cisco Routers do not have IPv6 routing enabled by default. To configure IPv6 on a Cisco DUs you need to do two things: 1. Apply "ipv6 unicast-routing" in global configuration command. 2. We can assign IP to Interface on different method. We will describe here the following methods:
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
188
With eui-64 parameter
Manually Assigned
Link-local Addressing
eui-64 Parameter BASIC Configuration DU#conf t Enter configuration commands, one per line. End with CNTL/Z. DU(config)#ipv6 unicast-routing DU(config)#interface fastEthernet 0/0 DU(config-if)#ipv6 address 2001:0BB9:AABB:1234::/64 eui-64 DU(config-if)#no shutdown DU(config-if)#end BUET>en BUET#conf t Enter configuration commands, one per line. End with CNTL/Z. BUET(config)#ipv6 unicast-routing BUET(config)#interface fastEthernet 0/0 BUET(config-if)#ipv6 address 2001:0BB9:AABB:1234::/64 eui-64 BUET(config-if)#no shutdown BUET(config-if)#end
Verification DU#show ipv6 interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::2E0:8FFF:FED5:BD01 No Virtual link-local address(es): Global unicast address(es): 2001:BB9:AABB:1234:2E0:8FFF:FED5:BD01, subnet is 2001:BB9:AABB:1234::/64 [EUI] Joined group address(es):
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
DU#show ipv6 route IPv6 Routing Table - 3 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route, M - MIPv6 I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 D - EIGRP, EX - EIGRP external C 2001:BB9:AABB:1234::/64 [0/0] via ::, FastEthernet0/0 L 2001:BB9:AABB:1234:2E0:8FFF:FED5:BD01/128 [0/0] via ::, FastEthernet0/0 L FF00::/8 [0/0] via ::, Null0 DU#
BUET#show ipv6 interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::202:4AFF:FEA8:2D01 No Virtual link-local address(es): Global unicast address(es): 2001:BB9:AABB:1234:202:4AFF:FEA8:2D01, subnet is 2001:BB9:AABB:1234::/64 [EUI] Joined group address(es): FF02::1 FF02::2 FF02::1:FFA8:2D01
Ping from BUET to DU BUET#ping
ipv6
2001:BB9:AABB:1234:2E0:8FFF:FED5:BD01
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:BB9:AABB:1234:2E0:8FFF:FED5:BD01, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/4/24 ms
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
189
CCNA Routing & Switching v3 LAB Guide
Manually Assigned and Link-local Addressing
190
Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname APECE APECE(config)#ipv6 unicast-routing APECE(config)#interface loopback 1 APECE(config-if)#ipv6 address 2001::2/128 APECE(config-if)#exit APECE(config)#interface fastEthernet 0/0 APECE(config-if)#ipv6 enable APECE(config-if)#no shutdown APECE(config-if)#exit
with "ipv6 enable" command we will get IP address automatically to the router's Interface Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname Ashish Ashish(config)#ipv6 unicast-routing Ashish(config)#interface loopback 1 Ashish(config-if)#ipv6 address 2001::1/128 Ashish(config-if)#exit Ashish(config)#interface fastEthernet 0/0 Ashish(config-if)#ipv6 enable Ashish(config-if)#no shutdown Ashish(config-if)#end Ashish#
Ashish#show ipv6 interface brief
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
191 FastEthernet0/0 [up/up] FE80::202:17FF:FE09:E901 (IP Address - link local Address, getting by ipv6 enable command) FastEthernet0/1 [administratively down/down] Loopback1 [up/up] FE80::210:11FF:FE65:7A37 2001::1 Vlan1 [administratively down/down] Ashish# APECE#ping ipv6 FE80::202:17FF:FE09:E901 Output Interface: fastethernet0/0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FE80::202:17FF:FE09:E901, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms
LAB 48 : Configure IPv6 Static Route
The configuration and syntax are same as IPv4 Static routing, Just we will find some minor differences than that of IPv4. DU Router Router>en Router#conf t
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
192 Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname DU DU(config)#ipv6 unicast-routing DU(config)#interface fastEthernet 0/0 DU(config-if)#ipv6 address 2001:AD8:23:45::1/64 DU(config-if)#no shutdown DU(config-if)#exit
BUET Router Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname BUET BUET(config)#ipv6 unicast-routing BUET(config)#interface fastEthernet 0/0 BUET(config-if)#ipv6 address 2001:AD8:23:45::2/64 BUET(config-if)#no shutdown BUET(config-if)#exit BUET#conf t Enter configuration commands, one per line. End with CNTL/Z. BUET(config)#interface fastEthernet 0/1 BUET(config-if)#ipv6 address 2001:BD55:1234:DC4::1/64 BUET(config-if)#no shutdown BUET(config-if)#end BUET#
Veirfication BUET#show ipv6 interface brief FastEthernet0/0 [up/up] FE80::260:3EFF:FEAE:5901 2001:AD8:23:45::2 FastEthernet0/1 [administratively down/down] Vlan1 [administratively down/down]
BUET#
Verify Connectivity using ping
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
193 DU#ping
ipv6
2001:AD8:23:45::2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:AD8:23:45::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/2 ms DU#
Assign IPv6 Address to host
Ping to Router BUET from host C:\>ping 2001:BD55:1234:DC4::1 Pinging 2001:BD55:1234:DC4::1 with 32 bytes of data: Reply from 2001:BD55:1234:DC4::1: bytes=32 time=1ms TTL=255 Reply from 2001:BD55:1234:DC4::1: bytes=32 time