Ccna Lab Guide v3_preview
CCNA Routing & Switching v3 LAB Guide 1 CCNA RnS, CCNA Sec, CCNP RnS, CCNP Sec, CCIE Sec (written) Ashish Halder (CCN
Views 236 Downloads 7 File size 898KB
Recommend stories
- Author / Uploaded
- Bienvenu Messanh
Citation preview
CCNA Routing & Switching v3 LAB Guide
1
CCNA RnS, CCNA Sec, CCNP RnS, CCNP Sec, CCIE Sec (written)
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
2 Contents 1. Cisco CLI mode
-----------------------------------------------------------------------------
4
2. Basic Configuration of Router and Switch -------------------------------------------------------
6
3. Configuring SSH Access to Cisco Device
-------------------------------------------------------- 13
4. Backup and restoring your configuration ------------------------------------------------------- 17 5. VLAN, Access and Trunk Port Configuration ----------------------------------------------------- 19 6. VTP Configuration
------------------------------------------------------------------------------ 26
7. Etherchannel Configuration ------------------------------------------------------------------------ 29 8. VLAN, VTP, Etherchannel and Inter-VLAN Routing configuration----------------------------- 32 9. Inter-Vlan Routing Configuration on L3 Switch (SVI) -------------------------------------------- 43 10. Configure Port Security ----------------------------------------------------------------------------- 47 11. Configure portfast
---------------------------------------------------------------------------------- 53
12. Configure BPDU Guard on Cisco Switch ------------------------------------------------------------ 54 13. Configure Root Guard on Cisco Switch ------------------------------------------------------------- 55 14. Spanning tree behavior - mode , priority value, root bridge ---------------------------------- 59 15. Static route and Static default route configuration --------------------------------------------- 61
16. Static default route configuration --------------------------------------------- ----------------- 65 17. RIPv2 Basic configuration ----------------------------------------------------------------------------- 73 18. RIP Passive Interface
-------------------------------------------------------------------------------- 74
19. Configure RIP Authentication ------------------------------------------------------------- 76 20. EIGRP configuration (EIGRP Neighbor Adjacency) -------------------------------------------- 84 21. EIGRP Passive Interface ---------------------------------------------------------------------- 85 22. EIGRP Authentication -------------------------------------------------------------------------- 89 23. EIGRP Hold time and Hello time
----------------------------------------------------------- 91
24. EIGRP Summarization ------------------------------------------------------------------------- 93 25. EIGRP Project LAB ---------------------------------------------------------------------------------- 96 26. OSPF Configuration --------------------------------------------------------------------------------- 108
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
3 27. OSPF Virtual LAB ------------------------------------------------------------------------------------- 110 28. OSPF Authentication --------------------------------------------------------------------------------- 112 29. OSPF summarization --------------------------------------------------------------------------------- 114 30. PPP and HDLC ---------------------------------------------------------------------------------------- 115 31. BGP Basic Configuration -----------------------------------------------------------------------------120 32. BGP Single Homed Design ---------------------------------------------------------------------------123 33. HSRP Configuration ----------------------------------------------------------------------------------125 34. Standard ACL -----------------------------------------------------------------------------------------133 35. Extended ACL -----------------------------------------------------------------------------------------136 36. Named ACL --------------------------------------------------------------------------------------------140 37. Staci NAT --------------------------------------------------------------------------------------------- 142 38. Dynamic NAT -----------------------------------------------------------------------------------------146 39. Static PAT ---------------------------------------------------------------------------------------------148 40. Dynamic PAT -----------------------------------------------------------------------------------------152 41. Configure GRE Tunnel ------------------------------------------------------------------------------153 42. AAA configuration 43. Syslog Server
----------------------------------------------------------------------------- 156
---------------------------------------------------------------------------------------162
44. SNMPv3 Configurtion ---------------------------------------------------------------------------------166 45. Password Recovery ---------------------------------------------------------------------------------- 168
Final Project
--------------------------------------------------------------------------------------170
PRIVATE USE ONLY
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
4 LAB 1: CISCO CLI MODE Cisco routers have different configuration modes based on the model. Mainly two modes : EXEC Mode
Prompt
Typical Use
User
ccna>
Check the router status
Privileged
ccna #
Accessing the router
From privileged Mode we enter into the Global Configuration mode with "config ternminal" command. To be access either User Exec or Privileged mode a password is needed if we set password. From Global Configuration Mode (password is not needed here) we can configure interfaces, routing protocols, access lists and many more. Some of the specific configuration modes can be entered from Global Configuration Mode and other from Privileged mode:
User Exec Mode ( ">" prompt) : It is used to get statistics from router, see which version IOS you're running, check memory resources and a few more things. Privileged Mode ( "#" prompt): Here you can enable or disable interfaces on the router, get more detailed information on the router, for example, view the running configuration of the router, copy the
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
5 configuration, load a new configuration to the router, backup or delete the configuration, backup or delete the IOS and a lot more. Global Configuration Mode ("config# " prompt): It is accessible via Privileged Mode. In this mode we can configure each interface individually, setup banners and passwords, enable secrets (encrypted passwords), enable and configure routing protocols and a lot more. Every time we want to configure or change something on the router, we will need to be in this mode. Examples :
Router>------------------------- User Exec Mode Router>enable ----------------- Enter Privileged Mode Router#-------------------------- Privileged Mode Router#disable ---------------- Enter User Exec Mode Router>-------------------------- User Exec Mode Router#conf ig terminal------ Enter Global Configuration Mode Router(config)#----------------- Global Configuration Mode Router(config)#interface fastEthernet 0/0---- Enter Interface Configuration Mode
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
6 Router(config-if)#-------------------------------- Interface Configuration Mode Router(config)#interface fastEthernet 0/0.10-- Enter Sub-Interface Configuration Mode Router(config-subif)#------------------------------ Sub-Interface Configuration Mode Router(config)#line vty 0 4----------------------- Enter Line Mode Router(config-line)#------------------------------- Line Mode
================================================================================ LAB 2. BASIC CONFIGURTION OF ROUTER AND SWITCH
Objective: 1. Configure the Switch as follows:
hostname login banner enable password for accessing privilege mode assign console password to prevent console login assign IP for vlan 1 (Management VLAN) configure virtual terminal for telnet session set default gateway for the switch
2. Configure The Router as follows:
hostname login banner
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
7
enable password for accessing privilege mode assign console password to prevent console login configure virtual terminal for telnet session Assign IP Address on Router Interface
3. Assign IP for the PC 4. Save all configuration 5. Verification
Configuration of a switch: 1. First check the startup-config and running-config ..if there any configuration is exist When you type a command in the global configuration mode it is stored in the running configuration. A running configuration resides in a device’s RAM, so if a device loses power, all configured commands will be lost. So you need to copy your current configuration into a startup configuration. A startup configuration is stored in the NVRAM of a device, Now all configurations are saved even if the device loses power.
There are two ways to save your configuration: Switch#copy running-config startup-config or Switch# write memory
Check the startup-config and running-config Switch#show startup-config startup-config is not present Switch#show running-config
2. Enter global configuration mode and configure Hostname as DU Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname DU DU(config)#
3. Assign password cisco123 Enable password will restrict one's access to privilege mode which is like a root user's password. We can set it in two ways : enable password / enable secret command.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
8 enable secret password provides encryption automatically using MD5 hash algorithm. The enable password password does not encrypt the password and can be view in clear text in the running-config. In order to encrypt the enable password password , use the service passwordencryption command. Actually, the enable secret password command provides stronger encryption than the service password-encryption command. DU(config)#enable secret cisco123
4. Configure login banner A login banner is displayed whenever someone connects to the router by telnet or console connections DU(config)#banner motd "Unauthorized Users are highly Prohibited to login here" DU(config)#
5. Console Password We can protect console port of Cisco devices using console port password. DU(config)#line console 0 DU(config-line)#password ashish123 DU(config-line)#login DU(config-line)#exit DU(config)#
6. Telnet configuration for remote access Telnet is a user command and an underlying TCP/IP protocol for accessing remote devices. The VTY lines are the Virtual Terminal lines of the router. They are virtual, in the sense that they are a function of software - there is no hardware associated with them. They appear in the configuration as line vty 0 4. DU#conf t Enter configuration commands, one per line. End with CNTL/Z. DU(config)#line vty 0 4 DU(config-line)#password ashish@123# DU(config-line)#login DU(config-line)#exit DU(config)#
7. Configure management vlan for remotely access on the switch By default, all switch ports are part of VLAN 1. VLAN 1 contains control plane traffic and can contain user traffic.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
9 By default, VLAN 1 is the management VLAN. Management VLAN is used for purposes such as telnet, SNMP, and syslog. DU(config)#interface vlan 1 DU(config-if)#ip address 192.168.10.10 255.255.255.0 DU(config-if)#no shutdown DU(config-if)#exit DU(config)#
8. Configure default-gateway for the switch The switch should be configured with a default gateway if the switch will be managed remotely from networks not directly connected. The default gateway is the first Layer 3 device (such as a router) on the same management VLAN network to which the switch connects. The switch will forward IP packets with destination IP addresses outside the local network to the default gateway. DU(config)#ip default-gateway 192.168.10.1 ----------------------------------------------------------------------------------------------------------------------------
Configure The Router 1. First check the startup-config and running-config Switch#show startup-config startup-config is not present Switch#show running-config
2. Configure Hostname as BUET Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname BUET BUET(config)#
3. Assign enable secret password cisco123 BUET(config)#enable secret cisco123 BUET(config)#
4. Configure login banner BUET(config)#banner motd "Do not try to access here"
5. Console password
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
10 BUET(config)#line console 0 BUET(config-line)#password ashish123 BUET(config-line)#login BUET(config-line)#exit BUET(config)#
6. Enter Virtual Terminal lines and give a password ashish@123#, to login remotely BUET(config)#line vty 0 4 BUET(config-line)#password ashish@123# BUET(config-line)#login BUET(config-line)#exit BUET(config)#
7. Configure IP Address Router's on Interface Enter global configuration mode BUET# config terminal Enter configuration commands, one per line.
End with CNTL/Z.
BUET(config)#
Enter FastEthernet 0/0 interface configuration mode : BUET(config)#interface fastEthernet 0/0 BUET(config-if)# Enter IP address and subnet mask: BUET(config-if)#ip address 192.168.10.1 255.255.255.0
By default, all interfaces on a Cisco router are “Administratively Down”. To bring an interface up, issue the no shutdown command. BUET(config-if)#no shutdown BUET(config-if)#exit BUET(config)# 8. Save Configuration BUET#write memory Building configuration... [OK] BUET# DU#write memory Building configuration... [OK] you can also save configuration using
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
11 BUET# copy running-config start-up config But be sure about the command, cannot be reversed as : copy start-up config
running-config
then all your configuration will be lost or backup from NVRAM.
9. Assign IP to all hosts
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
12
11. Now ping to all devices from any PC C:\>ping 192.168.10.2 Pinging 192.168.10.2 with 32 bytes of data: Reply Reply Reply Reply
from from from from
192.168.10.2: 192.168.10.2: 192.168.10.2: 192.168.10.2:
bytes=32 bytes=32 bytes=32 bytes=32
time=1ms timeen Router#conf t Router(config)#hostname Venus Venus(config)#interface fastEthernet 0/0 Venus(config-if)#ip address 192.168.10.1 255.255.255.0 Venus(config-if)#no shutdown Venus(config-if)#exit Venus(config)#ip domain-name cisco.com Venus(config)#username ashish privilege 15 password cisco123 Venus(config)#crypto key generate rsa The name for the keys will be: Venus.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
16 General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
Venus(config)# *Mar 1 0:34:31.790: %SSH-5-ENABLED: SSH 1.99 has been enabled Venus(config)#ip ssh version 2 Venus(config)#enable secret cisco Venus(config)#line console 0 Venus(config-line)#logging synchronous Venus(config-line)#login local Venus(config-line)#exit Venus(config)#line vty 0 4 Venus(config-line)#transport input ssh Venus(config-line)#login local Venus#show ip ssh SSH Enabled - version 2.0 Authentication timeout: 120 secs; Authentication retries: 3 Venus# C:\>ssh -l ashish 192.168.10.1 Open Password: Venus#conf t Venus(config)# Key Note: ----------------------------------------------------------------------------
"logging synchronous" prevents every logging output from immediately interrupting your console session. Say for example when you tried to telnet your Router or switch you will see lot of log messages before you logged in with username and password. --------------------------------------------------------------------------------------------------------------------------------RSA is algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of them can be given to everyone. ============================================================================
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
17 -----------------------------------------------------------------------------------------
LAB 41 : Configure GRE Tunnel Generic Routing Encapsulation (GRE) is developed by Cisco is a simple IP packet encapsulation protocol. GRE encapsulates the original IP packet with a new IP header also appending an additional GRE header. A GRE tunnel creates a point-to-point link between two routers that are otherwise not directly connected to each other. When packets require to be sent from one network to another over the Internet or an insecure network, We can use GRE Tunnel. A virtual tunnel is created between the two Cisco routers and packets are sent through the tunnel. GRE tunnels allow multicast packets but IPSec VPN does not support multicast packets. In large networks where routing protocols such as OSPF, EIGRP are necessary, GRE tunnels are the best to utilize. Configuring GRE Tunnel: Configuring a GRE tunnel involves creating a tunnel interface, which is a logical interface. Then you must configure the tunnel endpoints for the tunnel interface.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
18
Configuring Router Interface : R1(config)#interface fastEthernet 0/0 R1(config-if)#ip address 192.168.20.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface fastEthernet 0/1 R1(config-if)#ip address 192.168.10.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)# R2(config)#interface fastEthernet 0/0 R2(config-if)#ip address 192.168.20.2 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface fastEthernet 0/1 R2(config-if)#ip address 192.168.30.1 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit
Creating a Cisco GRE Tunnel GRE tunnel uses a tunnel interface – a logical interface configured on the router with an IP address where packets are encapsulated and de encapsulated as they enter or exit the GRE tunnel. First step is to create our tunnel interface on R1: R1(config)# interface Tunnel0 R1(config-if)# ip address 172.16.10.1 255.255.255.0 R1(config-if)# ip mtu 1400 R1(config-if)# ip tcp adjust-mss 1360 R1(config-if)# tunnel source 192.168.20.1 R1(config-if)# tunnel destination 192.168.20.2 R2(config)# interface Tunnel0 R2(config-if)# ip address 172.16.10.2 255.255.255.0 R2(config-if)# ip mtu 1400 R2(config-if)# ip tcp adjust-mss 1360
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
19 R2(config-if)# tunnel source 192.168.20.2 R2(config-if)# tunnel destination 192.168.20.1
All Tunnel interfaces must be configured with an IP address. Each Tunnel interface is configured with an IP address within the same subnet(172.16.10.0/24). Since GRE is an encapsulating protocol, we adjust the maximum transfer unit (mtu) to 1400 bytes and maximum segment size (mss) to 1360 bytes. Because most transport MTUs are 1500 bytes and we have an added overhead because of GRE, we must reduce the MTU to account for the extra overhead. A setting of 1400 is a common practice and will ensure unnecessary packet fragmentation is kept to a minimum.
Now we will configure static route to make the reachability of two hosts:
Here next hope will be the tunnel Interface IP R1(config)# ip route 192.168.30.0 255.255.255.0 172.16.10.2 R2(config)# ip route 192.168.10.0 255.255.255.0 172.16.10.1
n.b. We can also write tunnel source as an interface like # tunnel source fastEthernet 0/0 R1#show interfaces tunnel 0 Tunnel0 is up, line protocol is up Hardware is Tunnel Internet address is 172.16.10.1/24 MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 192.168.20.1, destination 192.168.20.2 Tunnel protocol/transport GRE/IP PC1#ping 192.168.30.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/34/44 ms
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)
CCNA Routing & Switching v3 LAB Guide
20
ASHISH HALDER EMAIL [email protected] skype: ashish.halder312
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written)