Baixe o app para aproveitar ainda mais
Prévia do material em texto
CCNA Routing & Switching v3 LAB Guide 1 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved CCNA RnS, CCNA Sec, CCNP RnS, CCNP Sec, CCIE Sec (written) CCNA Routing & Switching v3 LAB Guide 2 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Contents 1. Cisco CLI mode ----------------------------------------------------------------------------- 4 2. Basic Configuration of Router and Switch ------------------------------------------------------- 6 3. Configuring SSH Access to Cisco Device -------------------------------------------------------- 13 4. Backup and restoring your configuration ------------------------------------------------------- 17 5. VLAN, Access and Trunk Port Configuration ----------------------------------------------------- 19 6. VTP Configuration ------------------------------------------------------------------------------ 26 7. Etherchannel Configuration ------------------------------------------------------------------------ 29 8. VLAN, VTP, Etherchannel and Inter-VLAN Routing configuration----------------------------- 32 9. Inter-Vlan Routing Configuration on L3 Switch (SVI) -------------------------------------------- 43 10. Configure Port Security ----------------------------------------------------------------------------- 47 11. Configure portfast ---------------------------------------------------------------------------------- 53 12. Configure BPDU Guard on Cisco Switch ------------------------------------------------------------ 54 13. Configure Root Guard on Cisco Switch ------------------------------------------------------------- 55 14. Spanning tree behavior - mode , priority value, root bridge ---------------------------------- 59 15. Static route and Static default route configuration --------------------------------------------- 61 16. Static default route configuration --------------------------------------------- ----------------- 65 17. RIPv2 Basic configuration ----------------------------------------------------------------------------- 73 18. RIP Passive Interface -------------------------------------------------------------------------------- 74 19. Configure RIP Authentication ------------------------------------------------------------- 76 20. EIGRP configuration (EIGRP Neighbor Adjacency) -------------------------------------------- 84 21. EIGRP Passive Interface ---------------------------------------------------------------------- 85 22. EIGRP Authentication -------------------------------------------------------------------------- 89 23. EIGRP Hold time and Hello time ----------------------------------------------------------- 91 24. EIGRP Summarization ------------------------------------------------------------------------- 93 25. EIGRP Project LAB ---------------------------------------------------------------------------------- 96 https://networklessons.com/cisco/ccnp-route/detailed-look-of-eigrp-neighbor-adjacency/ CCNA Routing & Switching v3 LAB Guide 3 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 26. OSPF Configuration --------------------------------------------------------------------------------- 108 27. OSPF Virtual LAB ------------------------------------------------------------------------------------- 110 28. OSPF Authentication --------------------------------------------------------------------------------- 112 29. OSPF summarization --------------------------------------------------------------------------------- 114 30. PPP and HDLC ---------------------------------------------------------------------------------------- 115 31. BGP Basic Configuration -----------------------------------------------------------------------------120 32. BGP Single Homed Design ---------------------------------------------------------------------------123 33. HSRP Configuration ----------------------------------------------------------------------------------125 34. Standard ACL -----------------------------------------------------------------------------------------133 35. Extended ACL -----------------------------------------------------------------------------------------136 36. Named ACL --------------------------------------------------------------------------------------------140 37. Staci NAT ---------------------------------------------------------------------------------------------142 38. Dynamic NAT -----------------------------------------------------------------------------------------146 39. Static PAT ---------------------------------------------------------------------------------------------148 40. Dynamic PAT -----------------------------------------------------------------------------------------152 41. Configure GRE Tunnel ------------------------------------------------------------------------------153 42. AAA configuration ----------------------------------------------------------------------------- 156 43. Syslog Server ---------------------------------------------------------------------------------------162 44. SNMPv3 Configurtion ---------------------------------------------------------------------------------166 45. Password Recovery ---------------------------------------------------------------------------------- 168 46. Final Project --------------------------------------------------------------------------------------170 47. Configure IPv6 -------------------------------------------------------------------------------------- 186 48. Configure IPv6 Static Route ----------------------------------------------------------------------- 190 49. Configure RIPNG on Cisco Router ----------------------------------------------------------------- 193 50. Dual-Stack Example ---------------------------------------------------------------------------------195 CCNA Routing & Switching v3 LAB Guide 4 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved LAB 1: CISCO CLI MODE Cisco routers have different configuration modes based on the model. Mainly two modes : EXEC Mode Prompt Typical Use User ccna> Check the router status Privileged ccna # Accessing the router From privileged Mode we enter into the Global Configuration mode with "config ternminal" command. To be access either User Exec or Privileged mode a password is needed if we set password. From Global Configuration Mode (password is not needed here) we can configure interfaces, routing protocols, access lists and many more. Some of the specific configuration modes can be entered from Global Configuration Mode and other from Privileged mode: User Exec Mode ( ">" prompt) : It is used to get statistics from router, see which version IOS you're running, check memory resources and a few more things. CCNA Routing & Switching v3 LAB Guide 5 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Privileged Mode ( "#" prompt): Here you can enable or disable interfaces on the router, get more detailed information on the router, for example, view the running configuration of the router, copy the configuration, load a new configuration to the router, backup or delete the configuration, backup or delete the IOS and a lot more. Global Configuration Mode ("config# " prompt): It is accessible via Privileged Mode. In this mode we can configure each interface individually, setup banners and passwords, enable secrets (encrypted passwords), enable and configure routing protocols and a lot more. Every time we want to configure or change something on the router, we will need to be inthis mode. Examples : Router>------------------------- User Exec Mode Router>enable ----------------- Enter Privileged Mode Router#-------------------------- Privileged Mode Router#disable ---------------- Enter User Exec Mode Router>-------------------------- User Exec Mode Router#conf ig terminal------ Enter Global Configuration Mode CCNA Routing & Switching v3 LAB Guide 6 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Router(config)#----------------- Global Configuration Mode Router(config)#interface fastEthernet 0/0---- Enter Interface Configuration Mode Router(config-if)#-------------------------------- Interface Configuration Mode Router(config)#interface fastEthernet 0/0.10-- Enter Sub-Interface Configuration Mode Router(config-subif)#------------------------------ Sub-Interface Configuration Mode Router(config)#line vty 0 4----------------------- Enter Line Mode Router(config-line)#------------------------------- Line Mode ================================================================================ LAB 2. BASIC CONFIGURTION OF ROUTER AND SWITCH Objective: 1. Configure the Switch as follows: hostname login banner enable password for accessing privilege mode assign console password to prevent console login assign IP for vlan 1 (Management VLAN) configure virtual terminal for telnet session set default gateway for the switch 2. Configure The Router as follows: CCNA Routing & Switching v3 LAB Guide 7 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved hostname login banner enable password for accessing privilege mode assign console password to prevent console login configure virtual terminal for telnet session Assign IP Address on Router Interface 3. Assign IP for the PC 4. Save all configuration 5. Verification Configuration of a switch: 1. First check the startup-config and running-config ..if there any configuration is exist When you type a command in the global configuration mode it is stored in the running configuration. A running configuration resides in a device’s RAM, so if a device loses power, all configured commands will be lost. So you need to copy your current configuration into a startup configuration. A startup configuration is stored in the NVRAM of a device, Now all configurations are saved even if the device loses power. There are two ways to save your configuration: Switch#copy running-config startup-config or Switch# write memory Check the startup-config and running-config Switch#show startup-config startup-config is not present Switch#show running-config 2. Enter global configuration mode and configure Hostname as DU Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname DU DU(config)# 3. Assign password cisco123 CCNA Routing & Switching v3 LAB Guide 8 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Enable password will restrict one's access to privilege mode which is like a root user's password. We can set it in two ways : enable password / enable secret command. enable secret password provides encryption automatically using MD5 hash algorithm. The enable password password does not encrypt the password and can be view in clear text in the running-config. In order to encrypt the enable password password , use the service password- encryption command. Actually, the enable secret password command provides stronger encryption than the service password-encryption command. DU(config)#enable secret cisco123 4. Configure login banner A login banner is displayed whenever someone connects to the router by telnet or console connections DU(config)#banner motd "Unauthorized Users are highly Prohibited to login here" DU(config)# 5. Console Password We can protect console port of Cisco devices using console port password. DU(config)#line console 0 DU(config-line)#password ashish123 DU(config-line)#login DU(config-line)#exit DU(config)# 6. Telnet configuration for remote access Telnet is a user command and an underlying TCP/IP protocol for accessing remote devices. The VTY lines are the Virtual Terminal lines of the router. They are virtual, in the sense that they are a function of software - there is no hardware associated with them. They appear in the configuration as line vty 0 4. DU#conf t Enter configuration commands, one per line. End with CNTL/Z. DU(config)#line vty 0 4 DU(config-line)#password ashish@123# DU(config-line)#login DU(config-line)#exit DU(config)# 7. Configure management vlan for remotely access on the switch CCNA Routing & Switching v3 LAB Guide 9 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved By default, all switch ports are part of VLAN 1. VLAN 1 contains control plane traffic and can contain user traffic. By default, VLAN 1 is the management VLAN. Management VLAN is used for purposes such as telnet, SNMP, and syslog. DU(config)#interface vlan 1 DU(config-if)#ip address 192.168.10.10 255.255.255.0 DU(config-if)#no shutdown DU(config-if)#exit DU(config)# 8. Configure default-gateway for the switch The switch should be configured with a default gateway if the switch will be managed remotely from networks not directly connected. The default gateway is the first Layer 3 device (such as a router) on the same management VLAN network to which the switch connects. The switch will forward IP packets with destination IP addresses outside the local network to the default gateway. DU(config)#ip default-gateway 192.168.10.1 ---------------------------------------------------------------------------------------------------------------------------- Configure The Router 1. First check the startup-config and running-config Switch#show startup-config startup-config is not present Switch#show running-config 2. Configure Hostname as BUET Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname BUET BUET(config)# 3. Assign enable secret password cisco123 BUET(config)#enable secret cisco123 BUET(config)# 4. Configure login banner BUET(config)#banner motd "Do not try to access here" CCNA Routing & Switching v3 LAB Guide 10 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 5. Console password BUET(config)#line console 0 BUET(config-line)#password ashish123 BUET(config-line)#login BUET(config-line)#exit BUET(config)# 6. Enter Virtual Terminal lines and give a password ashish@123#, to login remotely BUET(config)#line vty 0 4 BUET(config-line)#password ashish@123# BUET(config-line)#login BUET(config-line)#exit BUET(config)# 7. Configure IP Address Router's on Interface Enter global configuration mode BUET# config terminal Enter configuration commands, one per line. End with CNTL/Z. BUET(config)# Enter FastEthernet 0/0 interface configuration mode : BUET(config)#interface fastEthernet 0/0 BUET(config-if)# Enter IP address and subnet mask: BUET(config-if)#ip address 192.168.10.1 255.255.255.0 By default, all interfaces on a Cisco router are “Administratively Down”. To bring an interface up, issue the no shutdown command. BUET(config-if)#no shutdown BUET(config-if)#exit BUET(config)# 8. Save Configuration BUET#write memory Building configuration... [OK] BUET# DU#write memory Building configuration... [OK] CCNA Routing & Switching v3 LAB Guide 11 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reservedyou can also save configuration using BUET# copy running-config start-up config But be sure about the command, cannot be reversed as : copy start-up config running-config then all your configuration will be lost or backup from NVRAM. 9. Assign IP to all hosts CCNA Routing & Switching v3 LAB Guide 12 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 11. Now ping to all devices from any PC C:\>ping 192.168.10.2 Pinging 192.168.10.2 with 32 bytes of data: Reply from 192.168.10.2: bytes=32 time=1ms TTL=128 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 C:\>ping 192.168.10.3 Pinging 192.168.10.3 with 32 bytes of data: Reply from 192.168.10.3: bytes=32 time=1ms TTL=128 Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 C:\>ping 192.168.10.1 Pinging 192.168.10.1 with 32 bytes of data: Reply from 192.168.10.1: bytes=32 time=1ms TTL=255 Reply from 192.168.10.1: bytes=32 time<1ms TTL=255 Reply from 192.168.10.1: bytes=32 time<1ms TTL=255 Reply from 192.168.10.1: bytes=32 time=1ms TTL=255 14. Now logon to the router remotely C:\>telnet 192.168.10.1 Trying 192.168.10.1 ...Open Do not try to access here User Access Verification CCNA Routing & Switching v3 LAB Guide 13 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Password: Password: BUET> 16. Now logon to the switch remotely C:\>telnet 192.168.10.10 Trying 192.168.10.10 ...Open Unauthorized Users are highly Prohibited to login here User Access Verification Password: DU> N.B. if the switch is L3 you can assign IP address to its interfaces as follows: DU(config)#interface fastEthernet 0/2 DU(config-if)# no switchport DU(config-if)# ip address 192.168.10.10 255.255.255.0 DU(config-if)# no shutdown For routing capabilities you can also follow the rules DU(config)# ip routing =============================================================================== LAB 3: CONFIGURING SSH ON CISCO SWITCH AND ROUTER Telnet was designed to work within a private network and not across a public network where threats can appear. Because of this, all the data is transmitted in plain text, including passwords. This is a major security issue and the developers of SSH used encryptions to make it harder for other people to sniff the password and other relevant information. Secure Shell (SSH) is a protocol which provides a secure remote access connection to network devices. Communication between the client and server is encrypted in SSH. To do this, it uses a RSA public/private keypair. There are two versions: version 1 and 2. Version 2 is more secure and commonly used. CCNA Routing & Switching v3 LAB Guide 14 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Enable SSH on Cisco Switch Step 1: Configure Management IP Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface vlan 1 Switch(config-if)#ip address 192.168.10.10 255.255.255.0 Switch(config-if)#no shutdown Step 2 : Configure default gateway points to the router Switch(config)#ip default-gateway 192.168.10.1 Step 3: Configure hostname and domain name The name of the RSA keypair will be the hostname and domain name of the router. Switch(config)#hostname ASHISH-SW ASHISH-SW(config)#ip domain-name ashish.com Step 4 :Generate the RSA Keys ASHISH-SW(config)#crypto key generate rsa The name for the keys will be: ASHISH-SW.ashish.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 CCNA Routing & Switching v3 LAB Guide 15 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved % Generating 2048 bit RSA keys, keys will be non-exportable...[OK] ASHISH-SW(config)# Key sizes of 1024 or smaller should be avoided. Larger key sizes take longer time to calculate and enhance more security Step 5: SSH version 1 is the default version. So change it to version 2 ASHISH-SW(config)#ip ssh version 2 Step 6 : Setup the Line VTY configurations ASHISH-SW(config)#line vty 0 4 ASHISH-SW(config-line)#transport input ssh ASHISH-SW(config-line)#login local Step 7: Create the username password ASHISH-SW(config)#username ashish privilege 15 password cisco123 Step 8: Create enable password ASHISH-SW(config)#enable secret cisco123 Step 9: create console password ASHISH-SW(config)#line console 0 ASHISH-SW(config-line)#logging synchronous ASHISH-SW(config-line)#login local Step 10: Verify SSH C:\>ssh -l ashish 192.168.10.10 Open Password: ASHISH-SW#conf t ASHISH-SW(config)# Enable SSH on Router (same as before) CCNA Routing & Switching v3 LAB Guide 16 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Router>en Router#conf t Router(config)#hostname Venus Venus(config)#interface fastEthernet 0/0 Venus(config-if)#ip address 192.168.10.1 255.255.255.0 Venus(config-if)#no shutdown Venus(config-if)#exit Venus(config)#ip domain-name cisco.com Venus(config)#username ashish privilege 15 password cisco123 Venus(config)#crypto key generate rsa The name for the keys will be: Venus.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys, keys will be non-exportable...[OK] Venus(config)# *Mar 1 0:34:31.790: %SSH-5-ENABLED: SSH 1.99 has been enabled Venus(config)#ip ssh version 2 Venus(config)#enable secret cisco Venus(config)#line console 0 Venus(config-line)#logging synchronous Venus(config-line)#login local Venus(config-line)#exit Venus(config)#line vty 0 4 Venus(config-line)#transport input ssh Venus(config-line)#login local Venus#show ip ssh SSH Enabled - version 2.0 Authentication timeout: 120 secs; Authentication retries: 3 Venus# C:\>ssh -l ashish 192.168.10.1 Open Password: Venus#conf t Venus(config)# CCNA Routing & Switching v3 LAB Guide 17 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Key Note: ---------------------------------------------------------------------------- "logging synchronous" prevents every logging output from immediately interrupting your console session. Say for example when you tried to telnet your Router or switch you will see lot of log messages before you logged in with username and password. --------------------------------------------------------------------------------------------------------------------------------- RSA is algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of them can be given to everyone. ============================================================================ LAB 4: BACKUP AND RESTORING CONFIGURATION Configure tftp server (In your physical Lab you can download tftp server in your PC then configure it. And rest of the configurations are same) CCNA Routing & Switching v3 LAB Guide 18 Ashish Halder (CCNA RnS, CCNPRnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Verify configuration file is saved in NVRAM Denver#show startup-config DU#show startup-config Now backup configuration file to tftp server (From Switch) Denver#copy startup-config tftp Address or name of remote host []? 192.168.10.4 (TFTP Server IP) Destination filename [Denver-confg]? (Press Enter to save it as default name) Writing startup-config...!! [OK - 653 bytes] 653 bytes copied in 0.012 secs (54416 bytes/sec) Denver# Now backup configuration file to tftp server (From Router) DU#copy startup-config tftp: Address or name of remote host []? 192.168.10.4 Destination filename [DU-confg]? Writing startup-config...!! [OK - 1178 bytes] 1178 bytes copied in 0.032 secs (36812 bytes/sec) DU# Erase startup-configuration file and reboot or reload the router and switch DU#erase startup-config CCNA Routing & Switching v3 LAB Guide 19 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram DU# DU#reload Proceed with reload? [confirm] Denver#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram BUET# Denver #reload Proceed with reload? [confirm] Configure IP address to router and switch Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastEthernet 0/0 Router(config-if)#ip address 192.168.10.1 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface vlan 1 Switch(config-if)#ip address 192.168.10.10 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)#ip default-gateway 192.168.10.1 Now restore configuration from tftp server to switch and router Switch#copy tftp running-config Address or name of remote host []? 192.168.10.4 (TFTP Server IP) Source filename []? Denver-confg (Backup file name on tftp server) Destination filename [running-config]? (Press enter) Denver#write CCNA Routing & Switching v3 LAB Guide 20 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Building configuration... [OK] Denver# Router#copy tftp running-config Address or name of remote host []? 192.168.10.4 (TFTP Server IP) Source filename []? DU-confg (Backup file name on tftp server) Destination filename [running-config]? (Press enter) Now save the configuration to NVRAM Switch# write memory Router# write memory ============================================================================ LAB 5: Configure VLAN, Access and Trunk Port The design of layer-2 switched network is a flat network. Each and every device on the Network can see the transmission of every broadcast packet even if it does not need to receive the data. But we can create multiple/ separate broadcast domain logically in a L2 switch. This is possible with VLAN technology. VLAN means Virtual LAN. The segregation of vlan is only to reduce the broadcast domain. Every vlan means you are using one subnet for each vlan. The VLANs makes network management easy with number of ways: The VLAN can categorize many broadcast domains into number of logical subnets. The network needs to configure a port into the suitable VLAN in order to achieve change, add or move. In the VLAN a group of users with the demand of high security can be included so that the external users out the VLAN cannot interact with them. When it comes to logical classification of users in terms of function, we can consider VLAN as independent from their geographic or physical locations. Even the security of network can be enhanced by VLAN. The number of broadcast domains are increased with VLANs while the size decreases. CCNA Routing & Switching v3 LAB Guide 21 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Trunk Ports: Between switches we are going to create a trunk. A trunk connection is an interface carries multiple VLANs. Access Ports : Carries data, generally connected to hosts or Servers There are two trunking protocols we can use: 1. IEEE 802.1Q: Open standard, support switch of any vendor. 2. Cisco ISL (Inter-Switch Link): Cisco proprietary protocol that is only supported on some Cisco switches. On a Cisco switch, VLAN 1 is by default. 802.1Q will not tag the native VLAN while ISL does tag the native VLAN. By default all switch ports are on VLAN1. VLAN information is not saved in the running-config or startup-config but in separate file vlan.dat on flash memory. To delete the VLAN information , delete the file by delete flash:vlan.dat command. Objective 1. Basic configuration of switch 2. Create VLANs CCNA Routing & Switching v3 LAB Guide 22 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 3. configuration of trunk ports 4. Configuration of Access ports 5. Assign IP to hosts 6. Verification Data sheet VLAN ID VLAN Name Ports Switch Subnet 10 Cisco F0/1 - f0/9 DU 192.168.10.0/24 20 Solaris F 0/10 - F 0/20 BUET 172.16.20.0/24 1. Basic configuration of switch Switch(config)#hostname DU DU(config)#enable secret cisco DU(config)#line console 0 DU(config-line)#password cisco DU(config-line)#login DU(config-line)#exit Switch(config)#hostname BUET BUET(config)#enable secret cisco BUET(config)#line console 0 BUET(config-line)#password cisco BUET(config-line)#login BUET(config-line)#exit 2. Create VLANs DU(config)#vlan 10 DU(config-vlan)#name cisco DU(config-vlan)#exit DU(config)#vlan 20 DU(config-vlan)#name solaris DU(config-vlan)#exit DU(config)# BUET(config)#vlan 10 BUET(config-vlan)#name cisco CCNA Routing & Switching v3 LAB Guide 23 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved BUET(config-vlan)#exit BUET(config)#vlan 20 BUET(config-vlan)#name solaris BUET(config-vlan)#exit BUET(config)# 3. configuration of trunk ports DU(config)#interface gigabitEthernet 0/1 DU(config-if)#switchport mode trunk DU(config-if)#no shutdown DU(config-if)#exit BUET(config)#interface gigabitEthernet 0/1 BUET(config-if)#switchport mode trunk BUET(config-if)#no shutdown DU#show interfaces gigabitEthernet 0/1 switchport Name: Gig0/1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false CCNA Routing & Switching v3 LAB Guide 24 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 4. Configuration of Access ports BUET#conf t BUET(config)#interface range fastEthernet0/1 - 9 BUET(config-if-range)#switchport mode access BUET(config-if-range)#switchport access vlan 10 BUET(config-if-range)#exit BUET(config)#interface range fastEthernet 0/10 - 20 BUET(config-if-range)#switchport mode access BUET(config-if-range)#switchport access vlan 20 BUET(config-if-range)#exit BUET(config)#exit BUET# DU#conf t Enter configuration commands, one per line. End with CNTL/Z. DU(config)#interface range fastEthernet 0/1 - 9 DU(config-if-range)#switchport mode access DU(config-if-range)#switchport access vlan 10 DU(config-if-range)#exit DU(config)#interface range fastEthernet 0/10 - 20 DU(config-if-range)#switchport mode access DU(config-if-range)#switchport access vlan 20 DU(config-if-range)#end DU# CCNA Routing & Switching v3 LAB Guide 25 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 5. Assign IP to hosts CCNA Routing & Switching v3 LAB Guide 26 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Ping to same VLAN..............PC0 to PC2 C:\>ping 192.168.10.3 Pinging 192.168.10.3 with 32 bytes of data: Reply from 192.168.10.3: bytes=32 time=11ms TTL=128 Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 C:\>ping 172.16.20.3 (PC1 to PC 3) Pinging 172.16.20.3 with 32 bytes of data: Reply from 172.16.20.3: bytes=32 time=11ms TTL=128 Reply from 172.16.20.3: bytes=32 time<1ms TTL=128 Reply from 172.16.20.3: bytes=32 time<1ms TTL=128 Reply from 172.16.20.3: bytes=32 time=1ms TTL=128 Ping to different VLAN......................... (PC1 to PC0) C:\>ping 192.168.10.2 Pinging 192.168.10.2 with 32 bytes of data: Request timed out. CCNA Routing & Switching v3 LAB Guide 27 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Request timed out. Request timed out. Request timed out. LAB 6: VTP Configuration VTP (VLAN Trunking Protocol) is a Cisco proprietary protocol used by Cisco switches to exchange VLAN information. VTP replicates configured VLANs to all participating switches. Consider a network with 50 switches. Without VTP, if you want to create a VLAN on each switch, you would have to manually enter commands to create the VLAN on each switch! VTP enables you to create the VLAN only on one switch. That switch can then propagate information about that VLAN to each switch on a network and cause other switches to create that VLAN too. If you want to delete a VLAN, you only need to delete it on one switch, and the change is automatically propagated to every other switch inside the same VTP domain. Cisco switches can be configured in one of three VTP modes: Server Client Transparent Server mode is the default for Cisco switches. Client mode takes VLAN configuration from the Server. It doesn’t place the VLANs in a vlan.dat file. Switches in Transparent mode never updated themselves. If they receive VTP advertisements they will forward them along. In Transparent mode you can configure VLANs normally as you would on a Server switch. Be careful, if a switch is deployed with a higher VTP revision number than the rest of the VTP switches. Because of that, switches in Client mode will download whatever VLAN configuration that switch has, remove your current configuration. So before use them in a production network , configure them as Transparent mode. You can also omit VTP Configuration to avoid these situation. CCNA Routing & Switching v3 LAB Guide 28 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Objective: 1. Create VTP Server and VTP Client 2. Configure Trunk port 3. Create VLAN on Server 4. Verify 1. Create VTP Server and VTP Client Switch(config)#hostname SERVER SERVER(config)#vtp domain cisco.com SERVER(config)#vtp mode server SERVER(config)#vtp password cisco SERVER(config)#vtp version 2 SERVER(config)# Switch(config)#hostname Client Client(config)#vtp domain cisco.com Client(config)#vtp version 2 Client(config)#vtp mode client Client(config)#vtp password cisco NOTES The VTP domain name must match and it is case sensitive. Make sure that If any password is set, the password is the same on both sides. Every switch in the VTP domain must use the same VTP version. VTP V1 and VTP V2 are not compatible on switches in the same VTP domain. But VTP v2 and v3 are compatible. 2. Configure Trunk port SERVER(config)#interface gigabitEthernet 0/1 SERVER(config-if)#switchport mode trunk SERVER(config-if)#no shut Client(config)#interface gigabitEthernet 0/1 Client(config-if)#switchport mode trunk CCNA Routing & Switching v3 LAB Guide 29 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Client(config-if)# no shut 3. Create VLAN on Server only SERVER(config)#vlan 100 SERVER(config-vlan)#name cisco SERVER(config-vlan)#exit SERVER(config)#vlan 200 SERVER(config-vlan)#name solaris SERVER(config-vlan)#end 4. Verify the VLANs are propagated on Client Switch Here we can see that we have created VLAN on Server switch and it has been seen on Client Switch Vlan 100 and Vlan 200. Other Verification Command of VTP ================================ CCNA Routing & Switching v3 LAB Guide 30 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved From here we can check the VTP Mode, VTP Domain Name and revision Number. Revision number must be same. If not same, Updates are not considered propagated successfully. LAB 7 : ETHERCHANNEL Configuration EtherChannel is a port link aggregation technology or port-channel architecture which is a bundle of multiple physical links into a single logical link. Etherchannel is great for improving redundancy in your network. In this way you can increase the bandwidth of a particular connection. With EtherChannel the links that are aggregated are not blocked by STP. Link aggregation is very common and is usually seen in the following scenarios: Switch to switch connectivity in an access block (non-stackable) Access switch connectivity to distribution switches. Server connectivity to the data center LAN fabric If you are going to create an etherchannel you need to make sure that all ports have the same configuration: Duplex has to be the same. Speed has to be there same. Same native AND allowed VLANs. Same switchport mode (access or trunk). CCNA Routing & Switching v3 LAB Guide 31 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved There’s a maximum to the number of links you can use: 8 physical interfaces. If you want to configure an Etherchannel there are two protocols you can choose from: PAGP – port aggregation protocol Developed by Cisco The port modes are defined as either auto or desirable LACP – link aggregation control protocol Open standard as defined by IEEE 802.3ad standard The port modes are either passive or active. Passive is the equivalent of the PAGP auto and active is the equivalent of PAGP desirable mode. S1(config)#int range fa0/7-12 S1(config-if-range)##channel-group 1 mode desirable or S1(config-if-range)##channel-group 1 mode active We can use desirable so that the switch will actively negotiate to form a PAgP link(Cisco Proprietary EtherChannel). or we can use active so that the switch will actively negotiate to form a LACP link(open standard EtherChannel). To verify the configuration,you can use show etherchannel summary. CCNA Routing & Switching v3 LAB Guide 32 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Objective 1. Create Etherchannel 2. Configure Trunk 3. Verification Create Etherchannel Switch(config)#hostname DU DU(config)#interface range gigabitEthernet 0/1 - 2 DU(config-if-range)#channel-group 1 mode active Creating a port-channel interface Port-channel 1 DU(config-if-range)#exit Switch(config)#hostname ASHISH ASHISH(config)#interface range gigabitEthernet 0/1 - 2 ASHISH(config-if-range)#channel-group 1 mode passive ASHISH(config-if-range)# Configure Trunk DU(config)#interface port-channel 1 DU(config-if)#switchport mode trunk DU(config-if)# no shut ASHISH(config)#interface port-channel 1 ASHISH(config-if)#switchport mode trunk ASHISH(config-if)# no shutdown CCNA Routing & Switching v3 LAB Guide 33 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Verification Po1 = Port channel 1 , Channel group must be same for both switch S = Capital S means L2 U = in Use LACP = which Etherchannel Protol is used P = in port Channel if these appears, be sure your configuration is correct 8. VLAN, VTP, Etherchannel and Inter-VLAN Routing configuration Inter-VLAN Routing In our previous lab, we only can communicate with same VLAN. For example, PCs within VLAN 10 or VLAN 20. In order to communicate with different VLAN we must need routing with different VLAN as each VLAN is now a separate broadcast domain. So we need a L3 switch or Router for Routing. Here we will use a Router. CCNA Routing & Switching v3 LAB Guide 34 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved SWITCH VLAN ID VLAN NAME SWITCH PORTS SUBNET DU 100 CISCO F 0/3 - 15 192.168.100.0/24 200 SOLARIS F 0/16 - 21 172.16.200.0/24 BUET 100 CISCO F 0/ 6 - 10 192.168.100.0/24 200 SOLARIS F 0/14 - 20 172.16.200.0/24 OBJECTIVE: BASIC CONFIGURATION OF SWITCH AND ROUTER ETHER-CHANNEL & TRUNK PORT CONFIGUARTION VTP CONFIGURATION CONFIGURATION OF VLAN VERIFY VTP, TRUNK PORTS AND ETHERCHANNEL CONFIGURATION CONFIGURE ACCESS-PORTS CONFIGURE IP TO HOSTS VERIFICATION CONFIGURE INTER-VLAN ROUTING VERIFY CONFIGURATION BASIC CONFIGURATION OF SWITCH AND ROUTER ========================================== Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname DU CCNA Routing & Switching v3 LAB Guide 35 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved DU(config)#banner motd "Do not try to login my Switch" DU(config)#enable secret cisco123 DU(config)#line console 0 DU(config-line)#password cisco123 DU(config-line)#login DU(config-line)#exit DU(config)# ======================================== Switch#conf t Switch(config)#hostname BUET BUET(config)#hostname BUET BUET(config)#banner motd "This is the switch of BUET" BUET(config)#enable secret cisco123 BUET(config)#line console 0 BUET(config-line)#password cisco123 BUET(config-line)#login BUET(config-line)#end BUET# ===================================================== Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname DENVER DENVER(config)#enable secret cisco123 DENVER(config)#banner motd "This Router belongs to VENUS TELECOM LTD" DENVER(config)#line console 0 DENVER(config-line)#password cisco123 DENVER(config-line)#login DENVER(config-line)#end DENVER# ETHER-CHANNEL & TRUNK PORT CONFIGUARTION =============================================== DU(config)#interface range fastEthernet 0/1 - 2 DU(config-if-range)#channel-group 1 mode active DU(config-if-range)#no shutdown DU(config-if-range)#exit CCNA Routing & Switching v3 LAB Guide 36 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved TRUNK PORT CONFIGUARTION =========================== DU(config)#interface port-channel 1 DU(config-if)#sw DU(config-if)#switchport mo DU(config-if)#switchport mode trunk DU(config-if)#no shutdown ==================================================== BUET(config)#interface range fastEthernet 0/1 - 2 BUET(config-if-range)#channel-group 1 mode passive BUET(config-if-range)#no shutdown BUET(config-if-range)#exit TRUNK PORT CONFIGUARTION BUET(config)#interface port-channel 1 BUET(config-if)#switchport mode trunk BUET(config-if)#no shutdown ' VTP CONFIGURATION ============================ DU(config)#vtp domain cisco.com Changing VTP domain name from NULL to cisco.com DU(config)#vtp mo DU(config)#vtp mode ser DU(config)#vtp mode server Device mode already VTP SERVER. DU(config)#vtp v DU(config)#vtp version 2 DU(config)#vtp pass DU(config)#vtp password cisco Setting device VLAN database password to cisco DU(config)#exit ----------------------------------------------------------------------------- BUET(config)#vtp domain cisco.com CCNA Routing & Switching v3 LAB Guide 37 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Domain name already set to cisco.com. BUET(config)#vtp mo BUET(config)#vtp mode cl BUET(config)#vtp mode client Setting device to VTP CLIENT mode. BUET(config)#vtp ve BUET(config)#vtp version 2 Cannot modify version in VTP client mode BUET(config)#vtp pass BUET(config)#vtp password cisco Setting device VLAN database password to cisco BUET(config)# CONFIGURATION OF VLAN ======================== DU#conf t Enter configuration commands, one per line. End with CNTL/Z. DU(config)#vlan 100 DU(config-vlan)#name CISCO DU(config-vlan)#EXIT DU(config)#VLan 200 DU(config-vlan)#NAMe SOLARIS DU(config-vlan)#exit VERIFY ========== CCNA Routing & Switching v3 LAB Guide 38 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved DU#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+------ 1 Po1(SU) LACP Fa0/1(P) Fa0/2(P) DU# CONFIGURE ACCESS-PORTS DU#conf t DU(config)#interface range fastEthernet 0/3 - 15 DU(config-if-range)#switchport mode access DU(config-if-range)#switchport access vlan 100 DU(config-if-range)#exit DU(config)#interface range fastEthernet 0/16 - 21 DU(config-if-range)#switchport mode access DU(config-if-range)#switchport access vlan 200 DU(config-if-range)#exit DU(config)# --------------------------------------------------------------------------- BUET#conf t BUET(config)#interface range fastEthernet 0/6 - 10 BUET(config-if-range)#switchport mode access BUET(config-if-range)#switchport access vlan 100 BUET(config-if-range)#exit BUET(config)#interface range fastEthernet 0/14 - 20 BUET(config-if-range)#switchport mode access BUET(config-if-range)#switchport access vlan 200 BUET(config-if-range)#end BUET# CCNA Routing & Switching v3 LAB Guide 39 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved CONFIGURE IP TO HOSTS CCNA Routing & Switching v3 LAB Guide 40 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reservedVerify ========= ping to same VLAN C:\>ping 192.168.100.3 Pinging 192.168.100.3 with 32 bytes of data: Reply from 192.168.100.3: bytes=32 time=1ms TTL=128 Reply from 192.168.100.3: bytes=32 time=1ms TTL=128 Reply from 192.168.100.3: bytes=32 time<1ms TTL=128 Reply from 192.168.100.3: bytes=32 time<1ms TTL=128 C:\>ping 172.16.200.3 Pinging 172.16.200.3 with 32 bytes of data: Reply from 172.16.200.3: bytes=32 time=12ms TTL=128 Reply from 172.16.200.3: bytes=32 time=1ms TTL=128 Reply from 172.16.200.3: bytes=32 time=1ms TTL=128 Reply from 172.16.200.3: bytes=32 time<1ms TTL=128 PING to different VLAN C:\>ping 192.168.100.2 Pinging 192.168.100.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Not successful, Right ? So we will now configure Inter-Vlan Routing to get access to different VLAN. CONFIGURE INTER-VLAN ROUTING ========================= BUET#conf t Enter configuration commands, one per line. End with CNTL/Z. BUET(config)#interface gigabitEthernet 0/1 BUET(config-if)#no shutdown BUET(config-if)#switchport mode trunk BUET(config-if)#exit CCNA Routing & Switching v3 LAB Guide 41 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved ------------------------------------------------------------------------ DENVER#conf t DENVER(config)#interface fastEthernet 0/0 DENVER(config-if)#no shutdown DENVER(config-if)#exit DENVER(config)#interface fastEthernet 0/0.100 DENVER(config-subif)#encapsulation dot1Q 100 DENVER(config-subif)#ip address 192.168.100.1 255.255.255.0 DENVER(config-subif)#no shutdown DENVER(config-subif)#exit DENVER(config)#interface fastEthernet 0/0.200 DENVER(config-subif)#encapsulation dot1Q 200 DENVER(config-subif)#ip address 172.16.200.1 255.255.255.0 DENVER(config-subif)#no shutdown DENVER(config-subif)#exit Here we have created two sub-interface 0/0.100 and 0/0.200 for respective VLANs. For encapsulation dot1Q is used. Verify =========== Now ping to different VLAN C:\>ping 172.16.200.2 Pinging 172.16.200.2 with 32 bytes of data: Reply from 172.16.200.2: bytes=32 time=1ms TTL=127 Reply from 172.16.200.2: bytes=32 time=12ms TTL=127 Reply from 172.16.200.2: bytes=32 time=11ms TTL=127 Reply from 172.16.200.2: bytes=32 time=10ms TTL=127 C:\>ping 192.168.100.2 Pinging 192.168.100.2 with 32 bytes of data: Reply from 192.168.100.2: bytes=32 time=11ms TTL=127 Reply from 192.168.100.2: bytes=32 time=11ms TTL=127 Reply from 192.168.100.2: bytes=32 time=1ms TTL=127 Reply from 192.168.100.2: bytes=32 time=10ms TTL=127 ==================================================================== CCNA Routing & Switching v3 LAB Guide 42 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved TELNET ACCESS to Switch ====================== VTP SERVER ============ DU#conf t DU(config)#vlan 99 DU(config-vlan)#name admin DU(config-vlan)#exit DU(config)#vlan 199 DU(config-vlan)#name admin2 DU(config)#interface fastEthernet 0/23 DU(config-if)#switchport mode access DU(config-if)#switchport access vlan 99 DU(config-if)#exit DU(config)#interface vlan 99 DU(config-if)#ip address 192.168.10.1 255.255.255.0 DU(config-if)#no shutdown DU(config-if)#exit ------------------------------------------------- Telnet Configuration =================== DU(config)#line vty 0 4 DU(config-line)#password cisco123 DU(config-line)#login DU(config-line)#exit ================================================================ BUET#conf t Enter configuration commands, one per line. End with CNTL/Z. BUET(config)#interface fastEthernet 0/23 BUET(config-if)#switchport mode access BUET(config-if)#switchport access vlan 199 BUET(config-if)#exit ------------------------------------------- BUET(config)#interface vlan 199 BUET(config-if)#ip address 192.168.20.1 255.255.255.0 BUET(config-if)#no shutdown CCNA Routing & Switching v3 LAB Guide 43 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Telnet Configuration BUET(config)#line vty 0 4 BUET(config-line)#password cisco123 BUET(config-line)#login BUET(config-line)#exit DENVER(config)#line vty 0 4 DENVER(config-line)#password cisco123 DENVER(config-line)#login DENVER(config-line)#exit DENVER(config)#interface fastEthernet 0/0.99 DENVER(config-subif)#encapsulation dot1Q 99 DENVER(config-subif)#ip address 192.168.10.1 255.255.255.0 DENVER(config-subif)#no shutdown DENVER(config-subif)#end DENVER#ping 192.168.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/8 ms ================================================================ DENVER#telnet 192.168.10.1 Trying 192.168.10.1 ...OpenThis Router belongs to VENUS TELECOM LTD User Access Verification Password: % Password: timeout expired! [Connection to 192.168.10.1 closed by foreign host] ============================================================== DENVER#conf t DENVER(config)#interface fastEthernet 0/0.199 DENVER(config-subif)#encapsulation dot1Q 199 DENVER(config-subif)#ip address 192.168.20.1 255.255.255.0 DENVER(config-subif)#no shutdown DENVER(config-subif)#exit DENVER(config)#end ======================================================= CCNA Routing & Switching v3 LAB Guide 44 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved DENVER#ping 192.168.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/9 ms DENVER#telnet 192.168.20.1 Trying 192.168.10.1 ...OpenThis Router belongs to VENUS TELECOM LTD User Access Verification Password: LAB 9 : Inter-Vlan Routing Configuration on L3 Switch SVI - Switched Virtual Interface. There is no physical interface for the VLAN, hence it is virtual. Technique is, Assign IP address of each VLAN Interface (suppose Interface vlan 10), then issue the " ip routing " command on global configuration mode. Generally, routers do the routing between different broadcast domains that is, Different VLANs. But SVI provides the routing capabilities of different VLANs. Example switch models that support layer 3 routing are the 3550, 3750, 3560 etc. CCNA Routing & Switching v3 LAB Guide 45 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Our Tasks (All configuration is only on L3 switch here) 1. Creating vlan 10 and vlan 20 2. Naming these two vlans: vlan 10 = cisco vlan 20 = solaris 3. Configuration of Access ports 4. Assigning IP to Hosts 5. Assigning IP to Vlan Interface 6. Verification CREATE VLAN Switch>en Switch#conf t Switch(config)#vlan 10 Switch(config-vlan)#name cisco Switch(config-vlan)#exit Switch(config)#vlan 20 Switch(config-vlan)#name solaris Switch(config-vlan)#exit Switch(config)#exit ACCESS-PORT CONFIGURATION Switch#conf t Switch(config)#interface range fastEthernet 0/3 - 9 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 10 Switch(config-if-range)#exit Switch(config)#interface range fastEthernet 0/10 - 15 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20 Switch(config-if-range)#exit Switch(config)# CCNA Routing & Switching v3 LAB Guide 46 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written),All rights are reserved ASSIGN IP TO VLAN INTERFACE Switch(config)#interface vlan 10 Switch(config-if)#ip address 192.168.10.1 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)#interface vlan 20 Switch(config-if)#ip address 192.168.20.1 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit ENABLE ROUTING Switch(config)#ip routing Switch(config)#exit ASSIGN IP TO HOSTS CCNA Routing & Switching v3 LAB Guide 47 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved VERIFICATION Ping to different vlan CCNA Routing & Switching v3 LAB Guide 48 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved LAB 10 : Port Security Port Security One can access unsecure network resources by plugging his laptop into one of our available switch ports. He can also change his physical location in LAN network without telling the admin. But you can secure layer two accesses by using port security. First in our LAB we will plug one PC, and other PC will remain unplugged as shown in figure: Assign IP to hosts CCNA Routing & Switching v3 LAB Guide 49 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Switch(config)#interface fastEthernet 0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 1 Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security maximum 1 Switch(config-if)#switchport port-security violation shutdown Switch(config-if)#switchport port-security mac-address sticky Switch(config-if)#exit Port security is disabled by default. switchport port-security command enables it. According to our requirements we can limit hosts that can be associated with an interface. We can set this limit anywhere from 1 to 132. Maximum number of devices that can be associated with the interface is 132. By default it is set to 1. switchport port-security maximum value command will set the maximum number of hosts. We have two options static and dynamic to associate mac address with interface. In static method we have to manually define exact host mac address with switchport port- security mac-address MAC_address command. In dynamic mode we use sticky feature that allows interface to learn mac address automatically We need to specify what action; it should take in security violation. Three possible modes are available: Protect: - This mode only work with sticky option. In this mode frames from non-allowed address would be dropped. CCNA Routing & Switching v3 LAB Guide 50 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Restrict: - In restrict mode frames from non-allowed address would be dropped. But in this mode, switch will make a log entry and generate a security violation alert. Shutdown: - In this mode switch will generate the violation alert and disable the port. Only way to re-enable the port is to manually enter no shutdown command. This is the default violation mode. Switchport port security explained Command Description Switch>enable Move in privilege exec mode Switch#configure terminal Move in global configuration mode Switch(config)#interface fastethernet 0/1 Move in interface mode Switch(config-if)#switchport mode access Assign port as host port Switch(config-if)#switchport port- security Enable port security feature on this port Switch(config-if)#switchport port- security maximum 1 Set limit for hosts that can be associated with interface. Default value is 1. Skip this command to use default value. Switch(config-if)#switchport port- security violation shutdown Set security violation mode. Default mode is shutdown. Skip this command to use default mode. Switch(config-if)#switchport port- security mac-address sticky Enable sticky feature. We have secured F0/1 port of switch. We used dynamic address learning feature. Switch will remember first learned mac address (on interface F0/1) with this port. We can check MAC Address table for currently associated address. CCNA Routing & Switching v3 LAB Guide 51 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved No mac address is associated with F0/1 port. Switch learns mac address from incoming frames. We need to generate frame from PC0 that would be receive on F0/1 port of switch. We can use ping to generate frames from PC0 to Server. Switch learns this address dynamically but it is showing as STATIC. Sticky option automatically converts dynamically learned address in static address. Switchport port security testing Now we unplugged the Ethernet cable from pc (PC0) and plugged in his pc (PC1). CCNA Routing & Switching v3 LAB Guide 52 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Now try to ping from PC1 to Server Why ping is not success ? Because switch detected the mac address change and shutdown the port. Verify port security We have three commands to verify the port security show port-security This command displays port security information about all the interfaces on switch. CCNA Routing & Switching v3 LAB Guide 53 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved show port-security address Display statically defined or dynamically learned address with port security. show port-security interface interface Display port security information about the specific interface. Here is a useful command to check your port security configuration. Use show port-security interface to see the port security details per interface. We can see the violation mode is shutdown and that the last violation was caused by MAC address 0002.1622.CB46:1 The aging time is 0 mins which means it will stay in err-disable state forever. How to reset an interface that is disabled due to violation of port security Manually restart the interface. Unplugged cable from PC1 and plugged back it to PC0 Run following commands on switch and test connectivity from pc CCNA Routing & Switching v3 LAB Guide 54 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved First go to the interface, shutdown and then apply no shutdown. LAB 11: Configure Portfast Advantages Interfaces which is portfast enabled will go to forwarding mode immediately, the interface will skip the listening and learning state. A switch will never generate a topology change notification. CCNA Routing & Switching v3 LAB Guide 55 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved The PortFast feature will only have effect when the interface is in a non-trunking mode. So, enabling the PortFast feature on a trunk port is useless. Only in access mode. Configure PortFast on Cisco Switch (First unplug the two PCs as shown in figure) Next, execute the following command on Switch to enable the PortFast feature on the Fa0/1 interface. Switch(config)#interface fa0/1 Switch(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode. Switch(config-if)#Now, connect PC0 to the fa0/1 interface and PC1 to the fa0/2 interface, as shown in the following figure. CCNA Routing & Switching v3 LAB Guide 56 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved We notice that the Fa0/1 interface will be activated within 5 seconds because it will not participate in the STP convergence process. LAB 12 : Configure BPDU Guard on Cisco Switch The BPDU Guard is used to protect the Spanning Tree domain from external influence. BPDU Guard is disabled by default. But it is recommended to apply BPDU guard enable for all ports on which the Port Fast is enabled. BPDU guard should be applied toward user-facing ports to prevent rogue switch network extensions by an attacker. BPDU Guard can be configured either in Global mode or Interface mode On an interface BPDU guard will put the port into err disable state if a BPDU is received In global configuration mode BPDU guard will disable port fast on any interface if a BPDU is received. SW2(config)# spanning-tree portfast bpduguard default SW2(config-if)# spanning-tree bpduguard enable CCNA Routing & Switching v3 LAB Guide 57 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Switch(config)#interface fastEthernet 0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 1 Switch(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode. Switch(config-if)#spanning-tree bpduguard enable Switch(config-if)#exit Switch#show spanning-tree interface fastEthernet 0/1 portfast VLAN0001 enabled LAB 13: Configure Root Guard on Cisco Switch Root-guard will stop a superior bpdu from becoming the root. Note: Root guard is best deployed towards ports that connect to switches which should not be the root bridge CCNA Routing & Switching v3 LAB Guide 58 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved For example, a port on the distribution layer switch which is connected to an access layer switch can be Root Guard enabled, because the access layer switch should never become the Root Bridge. Switch#conf t Switch(config)#hostname DU Switch#conf t Switch(config)#hostname ASHISH Now check which switch is the root bridge http://www.omnisecu.com/cisco-certified-network-associate-ccna/three-tier-hierarchical-network-model.php http://www.omnisecu.com/cisco-certified-network-associate-ccna/three-tier-hierarchical-network-model.php http://www.omnisecu.com/cisco-certified-network-associate-ccna/three-tier-hierarchical-network-model.php http://www.omnisecu.com/cisco-certified-network-associate-ccna/three-tier-hierarchical-network-model.php http://www.omnisecu.com/cisco-certified-network-associate-ccna/what-is-a-root-bridge-switch.php CCNA Routing & Switching v3 LAB Guide 59 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Switch DU becomes the root bridge...right ? Now we will enable root guard on switch DU on port G 0/1 so that if the Switch ASHISH want to become root bridge then the port G0/1 of DU switch will shutdown. DU(config)#interface gigabitEthernet 0/1 DU(config-if)#spanning-tree guard root Now apply ping to PC1 to PC2 to verify connectivity C:\>ping 192.168.10.2 Reply from 192.168.10.2: bytes=32 time=12ms TTL=128 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 Now we will change the priority value of Switch ASHISH ....to check what happen !! ASHISH(config)#spanning-tree vlan 1 priority 4096 CCNA Routing & Switching v3 LAB Guide 60 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved now ping.... C:\>ping 192.168.10.2 Request timed out. Request timed out. Request timed out. Request timed out. The port beomes red colored......taht indicates the port is shutdown when switch ASHISH wants to root bridge %SPANTREE-2-ROOTGUARDBLOCK: Port 0/1 tried to become non-designated in VLAN 1. Moved to root-inconsistent state --------------------------------- And the above message is generated on switch DU------------------------------- To recover from this .............. Reset the priority value of switch ASHISH ASHISH(config)#spanning-tree vlan 1 priority 32768 On DU switch DU(config)#interface gigabitEthernet 0/1 DU(config-if)#shutdown DU(config-if)#no shutdown Now apply ping to PC1 to PC2 to verify connectivity C:\>ping 192.168.10.2 Reply from 192.168.10.2: bytes=32 time=12ms TTL=128 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 CCNA Routing & Switching v3 LAB Guide 61 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved LAB 14 : Spanning tree behavior - mode , priority value, root bridge Here Switch DU is the root bridge as its all the ports are forwarding mode. (Indicates green signal) By default Cisco switches run a separate STP instance for every VLAN configured on the switch; this mode is called PVST. We will configure Switch ASHISH as a root switch for the default VLAN (1) using one method then DU switch in another method : Method 1 (Switch ASHISH will be the root bridge ) First verify switch ASHISH if it is root or not.................. The switch is not the roor bridge CCNA Routing & Switching v3 LAB Guide 62 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Now we will make it root bridge by using the following command: spanning-tree vlan [list] root [primary | secondary] Using this command will automatically lower the priority of the switch to a very significant value in order to make sure that the switch is elected as a root switch. ASHISH#conf t Enter configuration commands, one per line. End with CNTL/Z. ASHISH(config)#spanning-tree vlan 1 root primary ASHISH(config)#exit We can see that the switch is now the root bridge. Method2 (Switch DU will be the root bridge now): Setting the Bridge priority using the command spanning-tree vlan [list] priority [value]. DU(config)#spanning-tree vlan 1 priority 4096 CCNA Routing & Switching v3 LAB Guide 63 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved DU is now the root switch. LAB 15: Static route configuration Overview of Static Routing Routes are configured Manually Administrative distance value 0 Reducing CPU/RAM overhead and saving bandwidth. Static routes are not advertised over the network Not fault-tolerant Initial configuration and maintenance is time-consuming. Not appropriate for complex topologies CCNA Routing & Switching v3 LAB Guide 64 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved DU Router (Basic Configuration) Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname DU DU(config)#enable secret cisco123 DU(config)#line console 0 DU(config-line)#password cisco DU(config-line)#loginDU(config-line)#exit DU(config)#line vty 0 5 DU(config-line)#password cisco DU(config-line)#login DU(config-line)#exit DU(config)#interface fastEthernet 0/0 DU(config-if)#description conectivity from DU to BUET DU(config-if)#ip address 192.168.20.1 255.255.255.0 DU(config-if)#no shutdown DU(config-if)#exit DU(config)#interface fastEthernet 0/1 DU(config-if)#description connectivity to Local Network DU(config-if)#ip address 192.168.10.1 255.255.255.0 DU(config-if)#no shutdown DU(config-if)#exit BUET Router (Basic Configuration) Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname BUET BUET(config)#enable secret cisco123 BUET(config)#line console 0 BUET(config-line)#password cisco BUET(config-line)#login BUET(config-line)#exit CCNA Routing & Switching v3 LAB Guide 65 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved BUET(config)#line vty 0 5 BUET(config-line)#password cisco BUET(config-line)#login BUET(config-line)#exit BUET(config)#interface fastEthernet 0/0 BUET(config-if)#description Connectivity from BUET to DU BUET(config-if)#ip address 192.168.20.2 255.255.255.0 BUET(config-if)#no shutdown BUET(config-if)#exit BUET(config)#interface fastEthernet 0/1 BUET(config-if)#description connectivity from BUET to it's Local Network BUET(config-if)#ip address 192.168.30.1 255.255.255.0 BUET(config-if)#no shutdown BUET(config-if)#exit Now Assign IP Address to Hosts CCNA Routing & Switching v3 LAB Guide 66 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Try to Ping from PC0 to PC1 C:\>ping 192.168.30.2 Pinging 192.168.30.2 with 32 bytes of data: Reply from 192.168.10.1: Destination host unreachable. Reply from 192.168.10.1: Destination host unreachable. Reply from 192.168.10.1: Destination host unreachable. Reply from 192.168.10.1: Destination host unreachable. Ping statistics for 192.168.30.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\> Thus we need routing either static or dynamic, right ? Let us start with static routing............... DU Router DU(config)#ip route 192.168.30.0 255.255.255.0 192.168.20.2 BUET Router BUET(config)#ip route 192.168.10.0 255.255.255.0 192.168.20.1 Rules of Static route Router(config)# ip route [destination_network] [subnet_mask] [next-hop] On point-to-point links, an exit-interface can be specified instead of a next-hop address. Router(config)# ip route [destination_network] [subnet_mask] [Exit-Interface ] So for the previous example instead of IP Address we can write exit-interface as follows but if the 2 routers are connected point-to-point DU(config)#ip route 192.168.30.0 255.255.255.0 fastEthernet 0/0 BUET(config)#ip route 192.168.10.0 255.255.255.0 fastEthernet 0/0 Now ping again, C:\>ping 192.168.30.2 Reply from 192.168.30.2: bytes=32 time<1ms TTL=126 Reply from 192.168.30.2: bytes=32 time<1ms TTL=126 Reply from 192.168.30.2: bytes=32 time<1ms TTL=126 Reply from 192.168.30.2: bytes=32 time<1ms TTL=126 Telnet to BUET Router.............. CCNA Routing & Switching v3 LAB Guide 67 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved C:\>telnet 192.168.20.2 Trying 192.168.20.2 ...Open User Access Verification Password: Password: BUET> Success...right .. Other verification command BUET#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set S 192.168.10.0/24 [1/0] via 192.168.20.1 C 192.168.20.0/24 is directly connected, FastEthernet0/0 C 192.168.30.0/24 is directly connected, FastEthernet0/1 BUET# S ----- represent Static route C------Directly connected route LAB 16: Static Default Routing It is a special type of static route. Default routing is used in stub networks. The stub network has only one way for the traffic to go, to reach several different networks. A DEFAULT ROUTE is sometime called Zero/Zero Route because the network and subnet we are specifying as the destination for the traffic that it would match are all zeros. A DEFAULT ROUTE says "for any traffic that DOES NOT match a specific route in the routing table ,then forward that traffic to this destination (next-hop-router-IP Address)".Other words default route is a "CATCH ALL" On default route, both the network and subnet mask will be zero (0.0.0.0 0.0.0.0). ip route 0.0.0.0 0.0.0.0 next-hop-router-IP address CCNA Routing & Switching v3 LAB Guide 68 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Normally Customer route to ISP is default route and ISP route to Customer is normal static route as shown below : Objective: Basic Configuration on Router CUSTOMER and ISP Static default route to INTERNET on CUSTOMER Router Static route to CUSTOMER LAN on ISP Router Verification Configuration Basic Configuration on Router CUSTOMER and ISP CUSTOMER Router Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname CUSTOMER CUSTOMER(config)#interface fastEthernet 0/1 CUSTOMER(config-if)#description CUSTOMER LAN CUSTOMER(config-if)#ip address 192.168.10.1 255.255.255.0 CUSTOMER(config-if)#no shutdown CUSTOMER(config-if)#exit CUSTOMER(config)#interface fastEthernet 0/0 CCNA Routing & Switching v3 LAB Guide 69 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved CUSTOMER(config-if)#description Connectivity to ISP CUSTOMER(config-if)#ip address 103.13.148.1 255.255.255.248 CUSTOMER(config-if)#no shutdown CUSTOMER(config-if)#exit ISP ROUTER Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname ISP ISP(config)#interface fastEthernet 0/0 ISP(config-if)#description Connectivity to CUSTOMER ROUTER ISP(config-if)#ip address 103.13.148.2 255.255.255.248 ISP(config-if)#no shutdown ISP(config-if)#exit ISP(config)#interface fastEthernet 1/0 ISP(config-if)#description Connectivity to INTERNET ISP(config-if)#ip address 100.100.100.1 255.255.255.0 ISP(config-if)#no shutdown ISP(config-if)#end default route to INTERNET on CUSTOMER Router CUSTOMER(config)#ip route 0.0.0.0 0.0.0.0 103.13.148.2 Static route to CUSTOMER LAN on ISP Router ISP(config)#ip route 192.168.10.0 255.255.255.0 103.13.148.1 Assign IP Address to hosts............................. CCNA Routing & Switching v3 LAB Guide 70 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved Verification Apply Ping from PC0 to PC1 C:\>ping 100.100.100.2 Reply from 100.100.100.2: bytes=32 time=1ms TTL=126 Reply from 100.100.100.2: bytes=32 time<1ms TTL=126 Reply from 100.100.100.2: bytes=32 time<1ms TTL=126 Reply from 100.100.100.2: bytes=32 time<1ms TTL=126 Successfull..................... Now on Customer Router S* indicates default route CCNA Routing & Switching v3 LAB Guide 71 Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved On ISP Router ..................S indicates Static route
Compartilhar