419272298-CCNA-LAB-GUIDE-V3-pdf

Prévia do material em texto

CCNA Routing & Switching v3 LAB Guide 
1 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
 
 
 
 
 CCNA RnS, CCNA Sec, CCNP RnS, CCNP Sec, CCIE Sec (written) 
 
 
 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
2 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
Contents 
 
1. Cisco CLI mode ----------------------------------------------------------------------------- 4 
2. Basic Configuration of Router and Switch ------------------------------------------------------- 6 
3. Configuring SSH Access to Cisco Device -------------------------------------------------------- 13 
4. Backup and restoring your configuration ------------------------------------------------------- 17 
5. VLAN, Access and Trunk Port Configuration ----------------------------------------------------- 19 
6. VTP Configuration ------------------------------------------------------------------------------ 26 
7. Etherchannel Configuration ------------------------------------------------------------------------ 29 
8. VLAN, VTP, Etherchannel and Inter-VLAN Routing configuration----------------------------- 32 
9. Inter-Vlan Routing Configuration on L3 Switch (SVI) -------------------------------------------- 43 
10. Configure Port Security ----------------------------------------------------------------------------- 47 
11. Configure portfast ---------------------------------------------------------------------------------- 53 
12. Configure BPDU Guard on Cisco Switch ------------------------------------------------------------ 54 
13. Configure Root Guard on Cisco Switch ------------------------------------------------------------- 55 
14. Spanning tree behavior - mode , priority value, root bridge ---------------------------------- 59 
15. Static route and Static default route configuration --------------------------------------------- 61 
16. Static default route configuration --------------------------------------------- ----------------- 65 
17. RIPv2 Basic configuration ----------------------------------------------------------------------------- 73 
18. RIP Passive Interface -------------------------------------------------------------------------------- 74 
19. Configure RIP Authentication ------------------------------------------------------------- 76 
20. EIGRP configuration (EIGRP Neighbor Adjacency) -------------------------------------------- 84 
21. EIGRP Passive Interface ---------------------------------------------------------------------- 85 
22. EIGRP Authentication -------------------------------------------------------------------------- 89 
23. EIGRP Hold time and Hello time ----------------------------------------------------------- 91 
24. EIGRP Summarization ------------------------------------------------------------------------- 93 
25. EIGRP Project LAB ---------------------------------------------------------------------------------- 96 
https://networklessons.com/cisco/ccnp-route/detailed-look-of-eigrp-neighbor-adjacency/
 
CCNA Routing & Switching v3 LAB Guide 
3 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
26. OSPF Configuration --------------------------------------------------------------------------------- 108 
27. OSPF Virtual LAB ------------------------------------------------------------------------------------- 110 
28. OSPF Authentication --------------------------------------------------------------------------------- 112 
29. OSPF summarization --------------------------------------------------------------------------------- 114 
30. PPP and HDLC ---------------------------------------------------------------------------------------- 115 
31. BGP Basic Configuration -----------------------------------------------------------------------------120 
32. BGP Single Homed Design ---------------------------------------------------------------------------123 
33. HSRP Configuration ----------------------------------------------------------------------------------125 
34. Standard ACL -----------------------------------------------------------------------------------------133 
35. Extended ACL -----------------------------------------------------------------------------------------136 
36. Named ACL --------------------------------------------------------------------------------------------140 
37. Staci NAT ---------------------------------------------------------------------------------------------142 
38. Dynamic NAT -----------------------------------------------------------------------------------------146 
39. Static PAT ---------------------------------------------------------------------------------------------148 
40. Dynamic PAT -----------------------------------------------------------------------------------------152 
41. Configure GRE Tunnel ------------------------------------------------------------------------------153 
42. AAA configuration ----------------------------------------------------------------------------- 156 
43. Syslog Server ---------------------------------------------------------------------------------------162 
44. SNMPv3 Configurtion ---------------------------------------------------------------------------------166 
45. Password Recovery ---------------------------------------------------------------------------------- 168 
46. Final Project --------------------------------------------------------------------------------------170 
47. Configure IPv6 -------------------------------------------------------------------------------------- 186 
48. Configure IPv6 Static Route ----------------------------------------------------------------------- 190 
49. Configure RIPNG on Cisco Router ----------------------------------------------------------------- 193 
50. Dual-Stack Example ---------------------------------------------------------------------------------195 
 
 
CCNA Routing & Switching v3 LAB Guide 
4 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
LAB 1: CISCO CLI MODE 
Cisco routers have different configuration modes based on the model. Mainly two modes : 
 
EXEC Mode Prompt Typical Use 
User ccna> Check the router status 
Privileged ccna # Accessing the router 
 
From privileged Mode we enter into the Global Configuration mode with "config ternminal" command. 
 
To be access either User Exec or Privileged mode a password is needed if we set password. From Global 
Configuration Mode (password is not needed here) we can configure interfaces, routing protocols, 
access lists and many more. 
 
Some of the specific configuration modes can be entered from Global Configuration Mode and other 
from Privileged mode: 
 
User Exec Mode ( ">" prompt) : It is used to get statistics from router, see which version IOS you're 
running, check memory resources and a few more things. 
 
 
CCNA Routing & Switching v3 LAB Guide 
5 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Privileged Mode ( "#" prompt): Here you can enable or disable interfaces on the router, get more 
detailed information on the router, for example, view the running configuration of the router, copy the 
configuration, load a new configuration to the router, backup or delete the configuration, backup or 
delete the IOS and a lot more. 
 
Global Configuration Mode ("config# " prompt): It is accessible via Privileged Mode. In this mode we 
can configure each interface individually, setup banners and passwords, enable secrets (encrypted 
passwords), enable and configure routing protocols and a lot more. Every time we want to configure or 
change something on the router, we will need to be inthis mode. 
 
Examples : 
 
 
 
Router>------------------------- User Exec Mode 
 
Router>enable ----------------- Enter Privileged Mode 
Router#-------------------------- Privileged Mode 
 
Router#disable ---------------- Enter User Exec Mode 
Router>-------------------------- User Exec Mode 
 
Router#conf ig terminal------ Enter Global Configuration Mode 
 
CCNA Routing & Switching v3 LAB Guide 
6 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Router(config)#----------------- Global Configuration Mode 
 
Router(config)#interface fastEthernet 0/0---- Enter Interface Configuration Mode 
Router(config-if)#-------------------------------- Interface Configuration Mode 
 
Router(config)#interface fastEthernet 0/0.10-- Enter Sub-Interface Configuration Mode 
Router(config-subif)#------------------------------ Sub-Interface Configuration Mode 
 
Router(config)#line vty 0 4----------------------- Enter Line Mode 
Router(config-line)#------------------------------- Line Mode 
 
================================================================================ 
 
LAB 2. BASIC CONFIGURTION OF ROUTER AND SWITCH 
 
 
Objective: 
1. Configure the Switch as follows: 
 hostname 
 login banner 
 enable password for accessing privilege mode 
 assign console password to prevent console login 
 assign IP for vlan 1 (Management VLAN) 
 configure virtual terminal for telnet session 
 set default gateway for the switch 
2. Configure The Router as follows: 
 
CCNA Routing & Switching v3 LAB Guide 
7 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 hostname 
 login banner 
 enable password for accessing privilege mode 
 assign console password to prevent console login 
 configure virtual terminal for telnet session 
 Assign IP Address on Router Interface 
3. Assign IP for the PC 
4. Save all configuration 
5. Verification 
 
Configuration of a switch: 
 
1. First check the startup-config and running-config ..if there any configuration is exist 
When you type a command in the global configuration mode it is stored in the running configuration. A 
running configuration resides in a device’s RAM, so if a device loses power, all configured commands 
will be lost. 
So you need to copy your current configuration into a startup configuration. A startup configuration is 
stored in the NVRAM of a device, Now all configurations are saved even if the device loses power. 
There are two ways to save your configuration: 
Switch#copy running-config startup-config 
or 
Switch# write memory 
Check the startup-config and running-config 
Switch#show startup-config 
startup-config is not present 
Switch#show running-config 
 
2. Enter global configuration mode and configure Hostname as DU 
Switch#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Switch(config)#hostname DU 
DU(config)# 
 
3. Assign password cisco123 
 
CCNA Routing & Switching v3 LAB Guide 
8 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Enable password will restrict one's access to privilege mode which is like a root user's password. We can 
set it in two ways : enable password / enable secret command. 
enable secret password provides encryption automatically using MD5 hash algorithm. 
 
The enable password password does not encrypt the password and can be view in clear text in the 
running-config. In order to encrypt the enable password password , use the service password-
encryption command. Actually, the enable secret password command provides stronger encryption 
than the service password-encryption command. 
 
DU(config)#enable secret cisco123 
 
4. Configure login banner 
A login banner is displayed whenever someone connects to the router by telnet or console connections 
DU(config)#banner motd "Unauthorized Users are highly Prohibited to login 
here" 
DU(config)# 
5. Console Password 
We can protect console port of Cisco devices using console port password. 
DU(config)#line console 0 
DU(config-line)#password ashish123 
DU(config-line)#login 
DU(config-line)#exit 
DU(config)# 
6. Telnet configuration for remote access 
Telnet is a user command and an underlying TCP/IP protocol for accessing remote devices. 
 
The VTY lines are the Virtual Terminal lines of the router. They are virtual, in the sense that they are a 
function of software - there is no hardware associated with them. They appear in the configuration as 
line vty 0 4. 
 
DU#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
DU(config)#line vty 0 4 
DU(config-line)#password ashish@123# 
DU(config-line)#login 
DU(config-line)#exit 
DU(config)# 
7. Configure management vlan for remotely access on the switch 
 
 
CCNA Routing & Switching v3 LAB Guide 
9 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
By default, all switch ports are part of VLAN 1. VLAN 1 contains control plane traffic and can contain 
user traffic. 
By default, VLAN 1 is the management VLAN. Management VLAN is used for purposes such as telnet, 
SNMP, and syslog. 
 
DU(config)#interface vlan 1 
DU(config-if)#ip address 192.168.10.10 255.255.255.0 
DU(config-if)#no shutdown 
DU(config-if)#exit 
DU(config)# 
 
8. Configure default-gateway for the switch 
 
The switch should be configured with a default gateway if the switch will be managed remotely from 
networks not directly connected. The default gateway is the first Layer 3 device (such as a router) on 
the same management VLAN network to which the switch connects. The switch will forward IP packets 
with destination IP addresses outside the local network to the default gateway. 
 
DU(config)#ip default-gateway 192.168.10.1 
---------------------------------------------------------------------------------------------------------------------------- 
Configure The Router 
 
1. First check the startup-config and running-config 
Switch#show startup-config 
startup-config is not present 
Switch#show running-config 
2. Configure Hostname as BUET 
Switch#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Switch(config)#hostname BUET 
BUET(config)# 
3. Assign enable secret password cisco123 
BUET(config)#enable secret cisco123 
BUET(config)# 
4. Configure login banner 
BUET(config)#banner motd "Do not try to access here" 
 
CCNA Routing & Switching v3 LAB Guide 
10 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
5. Console password 
BUET(config)#line console 0 
BUET(config-line)#password ashish123 
BUET(config-line)#login 
BUET(config-line)#exit 
BUET(config)# 
6. Enter Virtual Terminal lines and give a password ashish@123#, to login remotely 
BUET(config)#line vty 0 4 
BUET(config-line)#password ashish@123# 
BUET(config-line)#login 
BUET(config-line)#exit 
BUET(config)# 
7. Configure IP Address Router's on Interface 
 
Enter global configuration mode 
BUET# config terminal 
Enter configuration commands, one per line. End with CNTL/Z. 
BUET(config)# 
Enter FastEthernet 0/0 interface configuration mode : 
BUET(config)#interface fastEthernet 0/0 
BUET(config-if)# 
 
Enter IP address and subnet mask: 
 
BUET(config-if)#ip address 192.168.10.1 255.255.255.0 
 
By default, all interfaces on a Cisco router are “Administratively Down”. To bring an interface up, issue 
the no shutdown command. 
 
BUET(config-if)#no shutdown 
BUET(config-if)#exit 
BUET(config)# 
8. Save Configuration 
BUET#write memory 
 
Building configuration... 
[OK] 
BUET# 
DU#write memory 
 
Building configuration... 
[OK] 
 
CCNA Routing & Switching v3 LAB Guide 
11 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reservedyou can also save configuration using 
BUET# copy running-config start-up config 
But be sure about the command, cannot be reversed as : 
copy start-up config running-config 
then all your configuration will be lost or backup from NVRAM. 
 
9. Assign IP to all hosts 
 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
12 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
11. Now ping to all devices from any PC 
C:\>ping 192.168.10.2 
 
Pinging 192.168.10.2 with 32 bytes of data: 
 
Reply from 192.168.10.2: bytes=32 time=1ms TTL=128 
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 
 
 
C:\>ping 192.168.10.3 
 
Pinging 192.168.10.3 with 32 bytes of data: 
 
Reply from 192.168.10.3: bytes=32 time=1ms TTL=128 
Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 
 
 
C:\>ping 192.168.10.1 
 
Pinging 192.168.10.1 with 32 bytes of data: 
 
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255 
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255 
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255 
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255 
 
14. Now logon to the router remotely 
C:\>telnet 192.168.10.1 
 
Trying 192.168.10.1 ...Open 
 
Do not try to access here 
 
User Access Verification 
 
CCNA Routing & Switching v3 LAB Guide 
13 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
Password: 
Password: 
BUET> 
16. Now logon to the switch remotely 
C:\>telnet 192.168.10.10 
 
Trying 192.168.10.10 ...Open 
 
Unauthorized Users are highly Prohibited to login here 
 
User Access Verification 
 
Password: 
DU> 
N.B. if the switch is L3 you can assign IP address to its interfaces as follows: 
 
DU(config)#interface fastEthernet 0/2 
DU(config-if)# no switchport 
DU(config-if)# ip address 192.168.10.10 255.255.255.0 
DU(config-if)# no shutdown 
For routing capabilities you can also follow the rules 
DU(config)# ip routing 
=============================================================================== 
LAB 3: CONFIGURING SSH ON CISCO SWITCH AND ROUTER 
 
Telnet was designed to work within a private network and not across a public network where 
threats can appear. Because of this, all the data is transmitted in plain text, including 
passwords. This is a major security issue and the developers of SSH used encryptions to make 
it harder for other people to sniff the password and other relevant information. 
 
Secure Shell (SSH) is a protocol which provides a secure remote access connection to network 
devices. Communication between the client and server is encrypted in SSH. To do this, it uses 
a RSA public/private keypair. 
 
There are two versions: version 1 and 2. Version 2 is more secure and commonly used. 
 
 
CCNA Routing & Switching v3 LAB Guide 
14 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
Enable SSH on Cisco Switch 
 
Step 1: Configure Management IP 
 
Switch#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Switch(config)#interface vlan 1 
Switch(config-if)#ip address 192.168.10.10 255.255.255.0 
Switch(config-if)#no shutdown 
 
Step 2 : Configure default gateway points to the router 
 
Switch(config)#ip default-gateway 192.168.10.1 
 
Step 3: Configure hostname and domain name 
 
The name of the RSA keypair will be the hostname and domain name of the router. 
 
Switch(config)#hostname ASHISH-SW 
ASHISH-SW(config)#ip domain-name ashish.com 
 
Step 4 :Generate the RSA Keys 
 
ASHISH-SW(config)#crypto key generate rsa 
The name for the keys will be: ASHISH-SW.ashish.com 
Choose the size of the key modulus in the range of 360 to 2048 for your 
General Purpose Keys. Choosing a key modulus greater than 512 may take 
a few minutes. 
How many bits in the modulus [512]: 2048 
 
CCNA Routing & Switching v3 LAB Guide 
15 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK] 
ASHISH-SW(config)# 
 
Key sizes of 1024 or smaller should be avoided. Larger key sizes take longer time to calculate 
and enhance more security 
 
Step 5: SSH version 1 is the default version. So change it to version 2 
 
ASHISH-SW(config)#ip ssh version 2 
 
Step 6 : Setup the Line VTY configurations 
 
ASHISH-SW(config)#line vty 0 4 
ASHISH-SW(config-line)#transport input ssh 
ASHISH-SW(config-line)#login local 
Step 7: Create the username password 
ASHISH-SW(config)#username ashish privilege 15 password cisco123 
 
Step 8: Create enable password 
 
ASHISH-SW(config)#enable secret cisco123 
 
Step 9: create console password 
 
ASHISH-SW(config)#line console 0 
ASHISH-SW(config-line)#logging synchronous 
ASHISH-SW(config-line)#login local 
 
Step 10: Verify SSH 
C:\>ssh -l ashish 192.168.10.10 Open 
Password: 
ASHISH-SW#conf t 
ASHISH-SW(config)# 
 
 
 
Enable SSH on Router (same as before) 
 
CCNA Routing & Switching v3 LAB Guide 
16 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
Router>en 
Router#conf t 
Router(config)#hostname Venus 
Venus(config)#interface fastEthernet 0/0 
Venus(config-if)#ip address 192.168.10.1 255.255.255.0 
Venus(config-if)#no shutdown 
Venus(config-if)#exit 
Venus(config)#ip domain-name cisco.com 
Venus(config)#username ashish privilege 15 password cisco123 
Venus(config)#crypto key generate rsa 
 
The name for the keys will be: Venus.cisco.com 
Choose the size of the key modulus in the range of 360 to 2048 for your 
General Purpose Keys. Choosing a key modulus greater than 512 may take 
a few minutes. 
How many bits in the modulus [512]: 2048 
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK] 
Venus(config)# 
*Mar 1 0:34:31.790: %SSH-5-ENABLED: SSH 1.99 has been enabled 
Venus(config)#ip ssh version 2 
Venus(config)#enable secret cisco 
Venus(config)#line console 0 
Venus(config-line)#logging synchronous 
Venus(config-line)#login local 
Venus(config-line)#exit 
Venus(config)#line vty 0 4 
Venus(config-line)#transport input ssh 
Venus(config-line)#login local 
 
Venus#show ip ssh 
SSH Enabled - version 2.0 
Authentication timeout: 120 secs; Authentication retries: 3 
Venus# 
 
C:\>ssh -l ashish 192.168.10.1 Open 
Password: 
Venus#conf t 
Venus(config)# 
 
 
CCNA Routing & Switching v3 LAB Guide 
17 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Key Note: 
---------------------------------------------------------------------------- 
"logging synchronous" prevents every logging output from immediately interrupting your console 
session. 
Say for example when you tried to telnet your Router or switch you will see lot of log messages before 
you logged in with username and password. 
--------------------------------------------------------------------------------------------------------------------------------- 
RSA is algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric 
cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public 
key cryptography, because one of them can be given to everyone. 
============================================================================ 
 
LAB 4: BACKUP AND RESTORING CONFIGURATION 
 
 
Configure tftp server (In your physical Lab you can download tftp server in your PC then 
configure it. And rest of the configurations are same) 
 
 
CCNA Routing & Switching v3 LAB Guide 
18 
 
Ashish Halder (CCNA RnS, CCNPRnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
Verify configuration file is saved in NVRAM 
Denver#show startup-config 
DU#show startup-config 
Now backup configuration file to tftp server (From Switch) 
Denver#copy startup-config tftp 
 
Address or name of remote host []? 192.168.10.4 (TFTP Server IP) 
Destination filename [Denver-confg]? (Press Enter to save it as default name) 
 
Writing startup-config...!! 
[OK - 653 bytes] 
 
653 bytes copied in 0.012 secs (54416 bytes/sec) 
Denver# 
Now backup configuration file to tftp server (From Router) 
DU#copy startup-config tftp: 
 
Address or name of remote host []? 192.168.10.4 
Destination filename [DU-confg]? 
 
Writing startup-config...!! 
[OK - 1178 bytes] 
 
1178 bytes copied in 0.032 secs (36812 bytes/sec) 
DU# 
Erase startup-configuration file and reboot or reload the router and switch 
DU#erase startup-config 
 
CCNA Routing & Switching v3 LAB Guide 
19 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
Erasing the nvram filesystem will remove all configuration files! Continue? 
[confirm] 
[OK] 
Erase of nvram: complete 
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram 
DU# 
DU#reload 
 
Proceed with reload? [confirm] 
Denver#erase startup-config 
 
Erasing the nvram filesystem will remove all configuration files! Continue? 
[confirm] 
[OK] 
Erase of nvram: complete 
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram 
BUET# 
Denver #reload 
Proceed with reload? [confirm] 
Configure IP address to router and switch 
Router#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Router(config)#interface fastEthernet 0/0 
Router(config-if)#ip address 192.168.10.1 255.255.255.0 
Router(config-if)#no shutdown 
Router(config-if)#exit 
Switch#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Switch(config)#interface vlan 1 
Switch(config-if)#ip address 192.168.10.10 255.255.255.0 
Switch(config-if)#no shutdown 
Switch(config-if)#exit 
Switch(config)#ip default-gateway 192.168.10.1 
 
Now restore configuration from tftp server to switch and router 
Switch#copy tftp running-config 
 
Address or name of remote host []? 192.168.10.4 (TFTP Server IP) 
Source filename []? Denver-confg (Backup file name on tftp server) 
Destination filename [running-config]? (Press enter) 
Denver#write 
 
CCNA Routing & Switching v3 LAB Guide 
20 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Building configuration... 
[OK] 
Denver# 
 
Router#copy tftp running-config 
 
 
Address or name of remote host []? 192.168.10.4 (TFTP Server IP) 
Source filename []? DU-confg (Backup file name on tftp server) 
Destination filename [running-config]? (Press enter) 
 
Now save the configuration to NVRAM 
 
Switch# write memory 
Router# write memory 
============================================================================ 
LAB 5: Configure VLAN, Access and Trunk Port 
 
The design of layer-2 switched network is a flat network. Each and every device on the 
Network can see the transmission of every broadcast packet even if it does not need to 
receive the data. But we can create multiple/ separate broadcast domain logically in a L2 
switch. This is possible with VLAN technology. VLAN means Virtual LAN. 
 
The segregation of vlan is only to reduce the broadcast domain. Every vlan means you are 
using one subnet for each vlan. 
 
The VLANs makes network management easy with number of ways: 
 
 The VLAN can categorize many broadcast domains into number of logical subnets. 
 The network needs to configure a port into the suitable VLAN in order to achieve 
change, add or move. 
 In the VLAN a group of users with the demand of high security can be included so that 
the external users out the VLAN cannot interact with them. 
 When it comes to logical classification of users in terms of function, we can consider 
VLAN as independent from their geographic or physical locations. 
 Even the security of network can be enhanced by VLAN. 
 The number of broadcast domains are increased with VLANs while the size decreases. 
 
 
CCNA Routing & Switching v3 LAB Guide 
21 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Trunk Ports: Between switches we are going to create a trunk. A trunk connection is an 
interface carries multiple VLANs. 
 
Access Ports : Carries data, generally connected to hosts or Servers 
 
There are two trunking protocols we can use: 
 
1. IEEE 802.1Q: Open standard, support switch of any vendor. 
2. Cisco ISL (Inter-Switch Link): Cisco proprietary protocol that is only supported on 
some Cisco switches. 
 
On a Cisco switch, VLAN 1 is by default. 802.1Q will not tag the native VLAN while ISL does 
tag the native VLAN. 
By default all switch ports are on VLAN1. 
 
VLAN information is not saved in the running-config or startup-config but in separate file 
vlan.dat on flash memory. To delete the VLAN information , delete the file by delete 
flash:vlan.dat command. 
 
 
 
Objective 
1. Basic configuration of switch 
2. Create VLANs 
 
CCNA Routing & Switching v3 LAB Guide 
22 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
3. configuration of trunk ports 
4. Configuration of Access ports 
5. Assign IP to hosts 
6. Verification 
Data sheet 
 
VLAN ID VLAN Name Ports Switch Subnet 
10 Cisco F0/1 - f0/9 DU 192.168.10.0/24 
20 Solaris F 0/10 - F 0/20 BUET 172.16.20.0/24 
 
1. Basic configuration of switch 
Switch(config)#hostname DU 
DU(config)#enable secret cisco 
DU(config)#line console 0 
DU(config-line)#password cisco 
DU(config-line)#login 
DU(config-line)#exit 
Switch(config)#hostname BUET 
BUET(config)#enable secret cisco 
BUET(config)#line console 0 
BUET(config-line)#password cisco 
BUET(config-line)#login 
BUET(config-line)#exit 
 
2. Create VLANs 
DU(config)#vlan 10 
DU(config-vlan)#name cisco 
DU(config-vlan)#exit 
DU(config)#vlan 20 
DU(config-vlan)#name solaris 
DU(config-vlan)#exit 
DU(config)# 
 
BUET(config)#vlan 10 
BUET(config-vlan)#name cisco 
 
CCNA Routing & Switching v3 LAB Guide 
23 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
BUET(config-vlan)#exit 
BUET(config)#vlan 20 
BUET(config-vlan)#name solaris 
BUET(config-vlan)#exit 
BUET(config)# 
 
3. configuration of trunk ports 
DU(config)#interface gigabitEthernet 0/1 
DU(config-if)#switchport mode trunk 
DU(config-if)#no shutdown 
DU(config-if)#exit 
 
BUET(config)#interface gigabitEthernet 0/1 
BUET(config-if)#switchport mode trunk 
BUET(config-if)#no shutdown 
 
DU#show interfaces gigabitEthernet 0/1 switchport 
 
Name: Gig0/1 
Switchport: Enabled 
Administrative Mode: trunk 
Operational Mode: trunk 
Administrative Trunking Encapsulation: dot1q 
Operational Trunking Encapsulation: dot1q 
Negotiation of Trunking: On 
Access Mode VLAN: 1 (default) 
Trunking Native Mode VLAN: 1 (default) 
Voice VLAN: none 
Administrative private-vlan host-association: none 
Administrative private-vlan mapping: none 
Administrative private-vlan trunk native VLAN: none 
Administrative private-vlan trunk encapsulation: dot1q 
Administrative private-vlan trunk normal VLANs: none 
Administrative private-vlan trunk private VLANs: none 
Operational private-vlan: none 
Trunking VLANs Enabled: ALL 
Pruning VLANs Enabled: 2-1001 
Capture Mode Disabled 
Capture VLANs Allowed: ALL 
Protected: false 
 
CCNA Routing & Switching v3 LAB Guide 
24 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
4. Configuration of Access ports 
BUET#conf t 
BUET(config)#interface range fastEthernet0/1 - 9 
BUET(config-if-range)#switchport mode access 
BUET(config-if-range)#switchport access vlan 10 
BUET(config-if-range)#exit 
BUET(config)#interface range fastEthernet 0/10 - 20 
BUET(config-if-range)#switchport mode access 
BUET(config-if-range)#switchport access vlan 20 
BUET(config-if-range)#exit 
BUET(config)#exit 
BUET# 
 
DU#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
DU(config)#interface range fastEthernet 0/1 - 9 
DU(config-if-range)#switchport mode access 
DU(config-if-range)#switchport access vlan 10 
DU(config-if-range)#exit 
DU(config)#interface range fastEthernet 0/10 - 20 
DU(config-if-range)#switchport mode access 
DU(config-if-range)#switchport access vlan 20 
DU(config-if-range)#end 
DU# 
 
CCNA Routing & Switching v3 LAB Guide 
25 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
5. Assign IP to hosts 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
26 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
Ping to same VLAN..............PC0 to PC2 
 
C:\>ping 192.168.10.3 
 
Pinging 192.168.10.3 with 32 bytes of data: 
 
Reply from 192.168.10.3: bytes=32 time=11ms TTL=128 
Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 
C:\>ping 172.16.20.3 (PC1 to PC 3) 
 
Pinging 172.16.20.3 with 32 bytes of data: 
 
Reply from 172.16.20.3: bytes=32 time=11ms TTL=128 
Reply from 172.16.20.3: bytes=32 time<1ms TTL=128 
Reply from 172.16.20.3: bytes=32 time<1ms TTL=128 
Reply from 172.16.20.3: bytes=32 time=1ms TTL=128 
Ping to different VLAN......................... (PC1 to PC0) 
C:\>ping 192.168.10.2 
 
Pinging 192.168.10.2 with 32 bytes of data: 
 
Request timed out. 
 
CCNA Routing & Switching v3 LAB Guide 
27 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Request timed out. 
Request timed out. 
Request timed out. 
 
LAB 6: VTP Configuration 
 
VTP (VLAN Trunking Protocol) is a Cisco proprietary protocol used by Cisco switches to 
exchange VLAN information. VTP replicates configured VLANs to all participating switches. 
 
Consider a network with 50 switches. Without VTP, if you want to create a VLAN on each 
switch, you would have to manually enter commands to create the VLAN on each switch! VTP 
enables you to create the VLAN only on one switch. That switch can then propagate 
information about that VLAN to each switch on a network and cause other switches to create 
that VLAN too. If you want to delete a VLAN, you only need to delete it on one switch, and 
the change is automatically propagated to every other switch inside the same VTP domain. 
 
Cisco switches can be configured in one of three VTP modes: 
 Server 
 Client 
 Transparent 
 
Server mode is the default for Cisco switches. 
 
Client mode takes VLAN configuration from the Server. It doesn’t place the VLANs in a 
vlan.dat file. 
 
Switches in Transparent mode never updated themselves. If they receive VTP advertisements 
they will forward them along. In Transparent mode you can configure VLANs normally as you 
would on a Server switch. 
 
Be careful, if a switch is deployed with a higher VTP revision number than the rest of the VTP 
switches. Because of that, switches in Client mode will download whatever VLAN 
configuration that switch has, remove your current configuration. So before use them in a 
production network , configure them as Transparent mode. You can also omit VTP 
Configuration to avoid these situation. 
 
 
CCNA Routing & Switching v3 LAB Guide 
28 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
Objective: 
 
1. Create VTP Server and VTP Client 
2. Configure Trunk port 
3. Create VLAN on Server 
4. Verify 
 
1. Create VTP Server and VTP Client 
 
Switch(config)#hostname SERVER 
SERVER(config)#vtp domain cisco.com 
SERVER(config)#vtp mode server 
SERVER(config)#vtp password cisco 
SERVER(config)#vtp version 2 
SERVER(config)# 
 
Switch(config)#hostname Client 
Client(config)#vtp domain cisco.com 
Client(config)#vtp version 2 
Client(config)#vtp mode client 
Client(config)#vtp password cisco 
 
NOTES 
 
 The VTP domain name must match and it is case sensitive. 
 Make sure that If any password is set, the password is the same on both sides. 
 Every switch in the VTP domain must use the same VTP version. VTP V1 and VTP V2 are not 
compatible on switches in the same VTP domain. But VTP v2 and v3 are compatible. 
 
2. Configure Trunk port 
 
SERVER(config)#interface gigabitEthernet 0/1 
SERVER(config-if)#switchport mode trunk 
SERVER(config-if)#no shut 
 
Client(config)#interface gigabitEthernet 0/1 
Client(config-if)#switchport mode trunk 
 
CCNA Routing & Switching v3 LAB Guide 
29 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Client(config-if)# no shut 
 
3. Create VLAN on Server only 
 
SERVER(config)#vlan 100 
SERVER(config-vlan)#name cisco 
SERVER(config-vlan)#exit 
SERVER(config)#vlan 200 
SERVER(config-vlan)#name solaris 
SERVER(config-vlan)#end 
 
4. Verify the VLANs are propagated on Client Switch 
 
 
 
Here we can see that we have created VLAN on Server switch and it has been seen on Client 
Switch Vlan 100 and Vlan 200. 
 
Other Verification Command of VTP 
================================ 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
30 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
 
From here we can check the VTP Mode, VTP Domain Name and revision Number. Revision 
number must be same. If not same, Updates are not considered propagated successfully. 
 
 
LAB 7 : ETHERCHANNEL Configuration 
 
 
 EtherChannel is a port link aggregation technology or port-channel architecture which 
is a bundle of multiple physical links into a single logical link. 
 Etherchannel is great for improving redundancy in your network. 
 In this way you can increase the bandwidth of a particular connection. 
 With EtherChannel the links that are aggregated are not blocked by STP. 
 
Link aggregation is very common and is usually seen in the following scenarios: 
 
 Switch to switch connectivity in an access block (non-stackable) 
 Access switch connectivity to distribution switches. 
 Server connectivity to the data center LAN fabric 
If you are going to create an etherchannel you need to make sure that all ports have the same 
configuration: 
 Duplex has to be the same. 
 Speed has to be there same. 
 Same native AND allowed VLANs. 
 Same switchport mode (access or trunk). 
 
CCNA Routing & Switching v3 LAB Guide 
31 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
There’s a maximum to the number of links you can use: 8 physical interfaces. 
If you want to configure an Etherchannel there are two protocols you can choose from: 
PAGP – port aggregation protocol 
 Developed by Cisco 
 The port modes are defined as either auto or desirable 
LACP – link aggregation control protocol 
 Open standard as defined by IEEE 802.3ad standard 
 The port modes are either passive or active. Passive is the equivalent of the PAGP auto 
and active is the equivalent of PAGP desirable mode. 
 
S1(config)#int range fa0/7-12 
S1(config-if-range)##channel-group 1 mode desirable 
or 
S1(config-if-range)##channel-group 1 mode active 
 
We can use desirable so that the switch will actively negotiate to form a PAgP link(Cisco 
Proprietary EtherChannel). 
or we can use active so that the switch will actively negotiate to form a LACP link(open 
standard EtherChannel). 
 
To verify the configuration,you can use show etherchannel summary. 
 
CCNA Routing & Switching v3 LAB Guide 
32 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
Objective 
 
1. Create Etherchannel 
2. Configure Trunk 
3. Verification 
 
Create Etherchannel 
 
Switch(config)#hostname DU 
DU(config)#interface range gigabitEthernet 0/1 - 2 
DU(config-if-range)#channel-group 1 mode active 
Creating a port-channel interface Port-channel 1 
DU(config-if-range)#exit 
 
Switch(config)#hostname ASHISH 
ASHISH(config)#interface range gigabitEthernet 0/1 - 2 
ASHISH(config-if-range)#channel-group 1 mode passive 
ASHISH(config-if-range)# 
 
Configure Trunk 
 
DU(config)#interface port-channel 1 
DU(config-if)#switchport mode trunk 
DU(config-if)# no shut 
 
ASHISH(config)#interface port-channel 1 
ASHISH(config-if)#switchport mode trunk 
ASHISH(config-if)# no shutdown 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
33 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Verification 
 
Po1 = Port channel 1 , Channel group must be same for both switch 
S = Capital S means L2 
U = in Use 
LACP = which Etherchannel Protol is used 
P = in port Channel 
if these appears, be sure your configuration is correct 
 
8. VLAN, VTP, Etherchannel and Inter-VLAN Routing configuration 
 
Inter-VLAN Routing 
In our previous lab, we only can communicate with same VLAN. For example, PCs within VLAN 
10 or VLAN 20. In order to communicate with different VLAN we must need routing with 
different VLAN as each VLAN is now a separate broadcast domain. So we need a L3 switch or 
Router for Routing. Here we will use a Router. 
 
CCNA Routing & Switching v3 LAB Guide 
34 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
SWITCH VLAN ID VLAN NAME SWITCH PORTS SUBNET 
DU 100 CISCO F 0/3 - 15 192.168.100.0/24 
 200 SOLARIS F 0/16 - 21 172.16.200.0/24 
BUET 100 CISCO F 0/ 6 - 10 192.168.100.0/24 
 200 SOLARIS F 0/14 - 20 172.16.200.0/24 
 
OBJECTIVE: 
 BASIC CONFIGURATION OF SWITCH AND ROUTER 
 ETHER-CHANNEL & TRUNK PORT CONFIGUARTION 
 VTP CONFIGURATION 
 CONFIGURATION OF VLAN 
 VERIFY VTP, TRUNK PORTS AND ETHERCHANNEL CONFIGURATION 
 CONFIGURE ACCESS-PORTS 
 CONFIGURE IP TO HOSTS 
 VERIFICATION 
 CONFIGURE INTER-VLAN ROUTING 
 VERIFY CONFIGURATION 
BASIC CONFIGURATION OF SWITCH AND ROUTER 
========================================== 
Switch>en 
Switch#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Switch(config)#hostname DU 
 
CCNA Routing & Switching v3 LAB Guide 
35 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
DU(config)#banner motd "Do not try to login my Switch" 
DU(config)#enable secret cisco123 
DU(config)#line console 0 
DU(config-line)#password cisco123 
DU(config-line)#login 
DU(config-line)#exit 
DU(config)# 
======================================== 
Switch#conf t 
Switch(config)#hostname BUET 
BUET(config)#hostname BUET 
BUET(config)#banner motd "This is the switch of BUET" 
BUET(config)#enable secret cisco123 
BUET(config)#line console 0 
BUET(config-line)#password cisco123 
BUET(config-line)#login 
BUET(config-line)#end 
BUET# 
===================================================== 
Router>en 
Router#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Router(config)#hostname DENVER 
DENVER(config)#enable secret cisco123 
DENVER(config)#banner motd "This Router belongs to VENUS TELECOM LTD" 
DENVER(config)#line console 0 
DENVER(config-line)#password cisco123 
DENVER(config-line)#login 
DENVER(config-line)#end 
DENVER# 
 
ETHER-CHANNEL & TRUNK PORT CONFIGUARTION 
=============================================== 
 
DU(config)#interface range fastEthernet 0/1 - 2 
DU(config-if-range)#channel-group 1 mode active 
DU(config-if-range)#no shutdown 
DU(config-if-range)#exit 
 
CCNA Routing & Switching v3 LAB Guide 
36 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
TRUNK PORT CONFIGUARTION 
=========================== 
 
DU(config)#interface port-channel 1 
DU(config-if)#sw 
DU(config-if)#switchport mo 
DU(config-if)#switchport mode trunk 
DU(config-if)#no shutdown 
==================================================== 
BUET(config)#interface range fastEthernet 0/1 - 2 
BUET(config-if-range)#channel-group 1 mode passive 
BUET(config-if-range)#no shutdown 
BUET(config-if-range)#exit 
 
TRUNK PORT CONFIGUARTION 
 
BUET(config)#interface port-channel 1 
BUET(config-if)#switchport mode trunk 
BUET(config-if)#no shutdown ' 
 
VTP CONFIGURATION 
============================ 
 
DU(config)#vtp domain cisco.com 
Changing VTP domain name from NULL to cisco.com 
DU(config)#vtp mo 
DU(config)#vtp mode ser 
DU(config)#vtp mode server 
Device mode already VTP SERVER. 
DU(config)#vtp v 
DU(config)#vtp version 2 
DU(config)#vtp pass 
DU(config)#vtp password cisco 
Setting device VLAN database password to cisco 
DU(config)#exit 
----------------------------------------------------------------------------- 
BUET(config)#vtp domain cisco.com 
 
CCNA Routing & Switching v3 LAB Guide 
37 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Domain name already set to cisco.com. 
BUET(config)#vtp mo 
BUET(config)#vtp mode cl 
BUET(config)#vtp mode client 
Setting device to VTP CLIENT mode. 
BUET(config)#vtp ve 
BUET(config)#vtp version 2 
Cannot modify version in VTP client mode 
BUET(config)#vtp pass 
BUET(config)#vtp password cisco 
Setting device VLAN database password to cisco 
BUET(config)# 
 
CONFIGURATION OF VLAN 
======================== 
 
DU#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
DU(config)#vlan 100 
DU(config-vlan)#name CISCO 
DU(config-vlan)#EXIT 
DU(config)#VLan 200 
DU(config-vlan)#NAMe SOLARIS 
DU(config-vlan)#exit 
 
VERIFY 
========== 
 
 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
38 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
DU#show etherchannel summary 
 
Flags: D - down P - in port-channel 
I - stand-alone s - suspended 
H - Hot-standby (LACP only) 
R - Layer3 S - Layer2 
U - in use f - failed to allocate aggregator 
u - unsuitable for bundling 
w - waiting to be aggregated 
d - default port 
 
 
Number of channel-groups in use: 1 
Number of aggregators: 1 
 
Group Port-channel Protocol Ports 
------+-------------+-----------+------ 
 
1 Po1(SU) LACP Fa0/1(P) Fa0/2(P) 
 
DU# 
 
 CONFIGURE ACCESS-PORTS 
DU#conf t 
DU(config)#interface range fastEthernet 0/3 - 15 
DU(config-if-range)#switchport mode access 
DU(config-if-range)#switchport access vlan 100 
DU(config-if-range)#exit 
 
DU(config)#interface range fastEthernet 0/16 - 21 
DU(config-if-range)#switchport mode access 
DU(config-if-range)#switchport access vlan 200 
DU(config-if-range)#exit 
DU(config)# 
--------------------------------------------------------------------------- 
BUET#conf t 
BUET(config)#interface range fastEthernet 0/6 - 10 
BUET(config-if-range)#switchport mode access 
BUET(config-if-range)#switchport access vlan 100 
BUET(config-if-range)#exit 
 
BUET(config)#interface range fastEthernet 0/14 - 20 
BUET(config-if-range)#switchport mode access 
BUET(config-if-range)#switchport access vlan 200 
BUET(config-if-range)#end 
BUET# 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
39 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 CONFIGURE IP TO HOSTS 
 
 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
40 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reservedVerify 
========= 
ping to same VLAN 
 
C:\>ping 192.168.100.3 
 
Pinging 192.168.100.3 with 32 bytes of data: 
 
Reply from 192.168.100.3: bytes=32 time=1ms TTL=128 
Reply from 192.168.100.3: bytes=32 time=1ms TTL=128 
Reply from 192.168.100.3: bytes=32 time<1ms TTL=128 
Reply from 192.168.100.3: bytes=32 time<1ms TTL=128 
 
C:\>ping 172.16.200.3 
 
Pinging 172.16.200.3 with 32 bytes of data: 
 
Reply from 172.16.200.3: bytes=32 time=12ms TTL=128 
Reply from 172.16.200.3: bytes=32 time=1ms TTL=128 
Reply from 172.16.200.3: bytes=32 time=1ms TTL=128 
Reply from 172.16.200.3: bytes=32 time<1ms TTL=128 
 
 
PING to different VLAN 
 
C:\>ping 192.168.100.2 
 
Pinging 192.168.100.2 with 32 bytes of data: 
 
Request timed out. 
Request timed out. 
Request timed out. 
Request timed out. 
 
Not successful, Right ? So we will now configure Inter-Vlan Routing to get access to different 
VLAN. 
 
CONFIGURE INTER-VLAN ROUTING 
========================= 
 
BUET#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
BUET(config)#interface gigabitEthernet 0/1 
BUET(config-if)#no shutdown 
BUET(config-if)#switchport mode trunk 
BUET(config-if)#exit 
 
CCNA Routing & Switching v3 LAB Guide 
41 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
------------------------------------------------------------------------ 
 
DENVER#conf t 
DENVER(config)#interface fastEthernet 0/0 
DENVER(config-if)#no shutdown 
DENVER(config-if)#exit 
DENVER(config)#interface fastEthernet 0/0.100 
DENVER(config-subif)#encapsulation dot1Q 100 
DENVER(config-subif)#ip address 192.168.100.1 255.255.255.0 
DENVER(config-subif)#no shutdown 
DENVER(config-subif)#exit 
DENVER(config)#interface fastEthernet 0/0.200 
DENVER(config-subif)#encapsulation dot1Q 200 
DENVER(config-subif)#ip address 172.16.200.1 255.255.255.0 
DENVER(config-subif)#no shutdown 
DENVER(config-subif)#exit 
 
Here we have created two sub-interface 0/0.100 and 0/0.200 for respective VLANs. For 
encapsulation dot1Q is used. 
 
Verify 
=========== 
 
Now ping to different VLAN 
 
C:\>ping 172.16.200.2 
 
Pinging 172.16.200.2 with 32 bytes of data: 
 
Reply from 172.16.200.2: bytes=32 time=1ms TTL=127 
Reply from 172.16.200.2: bytes=32 time=12ms TTL=127 
Reply from 172.16.200.2: bytes=32 time=11ms TTL=127 
Reply from 172.16.200.2: bytes=32 time=10ms TTL=127 
 
C:\>ping 192.168.100.2 
 
Pinging 192.168.100.2 with 32 bytes of data: 
 
Reply from 192.168.100.2: bytes=32 time=11ms TTL=127 
Reply from 192.168.100.2: bytes=32 time=11ms TTL=127 
Reply from 192.168.100.2: bytes=32 time=1ms TTL=127 
Reply from 192.168.100.2: bytes=32 time=10ms TTL=127 
 
==================================================================== 
 
CCNA Routing & Switching v3 LAB Guide 
42 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
TELNET ACCESS to Switch 
====================== 
 
VTP SERVER 
============ 
 
DU#conf t 
DU(config)#vlan 99 
DU(config-vlan)#name admin 
DU(config-vlan)#exit 
DU(config)#vlan 199 
DU(config-vlan)#name admin2 
DU(config)#interface fastEthernet 0/23 
DU(config-if)#switchport mode access 
DU(config-if)#switchport access vlan 99 
DU(config-if)#exit 
DU(config)#interface vlan 99 
DU(config-if)#ip address 192.168.10.1 255.255.255.0 
DU(config-if)#no shutdown 
DU(config-if)#exit 
------------------------------------------------- 
Telnet Configuration 
=================== 
DU(config)#line vty 0 4 
DU(config-line)#password cisco123 
DU(config-line)#login 
DU(config-line)#exit 
 
================================================================ 
BUET#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
BUET(config)#interface fastEthernet 0/23 
BUET(config-if)#switchport mode access 
BUET(config-if)#switchport access vlan 199 
BUET(config-if)#exit 
------------------------------------------- 
BUET(config)#interface vlan 199 
BUET(config-if)#ip address 192.168.20.1 255.255.255.0 
BUET(config-if)#no shutdown 
 
CCNA Routing & Switching v3 LAB Guide 
43 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Telnet Configuration 
 
BUET(config)#line vty 0 4 
BUET(config-line)#password cisco123 
BUET(config-line)#login 
BUET(config-line)#exit 
 
DENVER(config)#line vty 0 4 
DENVER(config-line)#password cisco123 
DENVER(config-line)#login 
DENVER(config-line)#exit 
DENVER(config)#interface fastEthernet 0/0.99 
DENVER(config-subif)#encapsulation dot1Q 99 
DENVER(config-subif)#ip address 192.168.10.1 255.255.255.0 
DENVER(config-subif)#no shutdown 
DENVER(config-subif)#end 
 
DENVER#ping 192.168.10.1 
 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: 
!!!!! 
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/8 ms 
================================================================ 
DENVER#telnet 192.168.10.1 
 
Trying 192.168.10.1 ...OpenThis Router belongs to VENUS TELECOM LTD 
User Access Verification 
Password: 
% Password: timeout expired! 
[Connection to 192.168.10.1 closed by foreign host] 
============================================================== 
 
DENVER#conf t 
DENVER(config)#interface fastEthernet 0/0.199 
DENVER(config-subif)#encapsulation dot1Q 199 
DENVER(config-subif)#ip address 192.168.20.1 255.255.255.0 
DENVER(config-subif)#no shutdown 
DENVER(config-subif)#exit 
DENVER(config)#end 
======================================================= 
 
 
CCNA Routing & Switching v3 LAB Guide 
44 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
DENVER#ping 192.168.20.1 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds: 
!!!!! 
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/9 ms 
 
DENVER#telnet 192.168.20.1 
 
Trying 192.168.10.1 ...OpenThis Router belongs to VENUS TELECOM LTD 
User Access Verification 
Password: 
 
LAB 9 : Inter-Vlan Routing Configuration on L3 Switch 
 
SVI - Switched Virtual Interface. There is no physical interface for the VLAN, hence it is 
virtual. 
Technique is, Assign IP address of each VLAN Interface (suppose Interface vlan 10), then 
issue the " ip routing " command on global configuration mode. 
 
Generally, routers do the routing between different broadcast domains that is, Different 
VLANs. But SVI provides the routing capabilities of different VLANs. 
 
Example switch models that support layer 3 routing are the 3550, 3750, 3560 etc. 
 
 
CCNA Routing & Switching v3 LAB Guide 
45 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Our Tasks (All configuration is only on L3 switch here) 
 
1. Creating vlan 10 and vlan 20 
2. Naming these two vlans: 
vlan 10 = cisco 
vlan 20 = solaris 
3. Configuration of Access ports 
4. Assigning IP to Hosts 
5. Assigning IP to Vlan Interface 
6. Verification 
 
CREATE VLAN 
 
Switch>en 
Switch#conf t 
Switch(config)#vlan 10 
Switch(config-vlan)#name cisco 
Switch(config-vlan)#exit 
Switch(config)#vlan 20 
Switch(config-vlan)#name solaris 
Switch(config-vlan)#exit 
Switch(config)#exit 
 
ACCESS-PORT CONFIGURATION 
 
Switch#conf t 
Switch(config)#interface range fastEthernet 0/3 - 9 
Switch(config-if-range)#switchport mode access 
Switch(config-if-range)#switchport access vlan 10 
Switch(config-if-range)#exit 
Switch(config)#interface range fastEthernet 0/10 - 15 
Switch(config-if-range)#switchport mode access 
Switch(config-if-range)#switchport access vlan 20 
Switch(config-if-range)#exit 
Switch(config)# 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
46 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written),All rights are reserved 
ASSIGN IP TO VLAN INTERFACE 
 
Switch(config)#interface vlan 10 
Switch(config-if)#ip address 192.168.10.1 255.255.255.0 
Switch(config-if)#no shutdown 
Switch(config-if)#exit 
Switch(config)#interface vlan 20 
Switch(config-if)#ip address 192.168.20.1 255.255.255.0 
Switch(config-if)#no shutdown 
Switch(config-if)#exit 
 
 
ENABLE ROUTING 
 
Switch(config)#ip routing 
Switch(config)#exit 
 
 
ASSIGN IP TO HOSTS 
 
 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
47 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
VERIFICATION 
 
 
 
Ping to different vlan 
 
 
 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
48 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
LAB 10 : Port Security 
 
Port Security 
One can access unsecure network resources by plugging his laptop into one of our available 
switch ports. He can also change his physical location in LAN network without telling the admin. 
But you can secure layer two accesses by using port security. 
 
First in our LAB we will plug one PC, and other PC will remain unplugged as shown in figure: 
 
Assign IP to hosts 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
49 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
Switch(config)#interface fastEthernet 0/1 
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport access vlan 1 
Switch(config-if)#switchport port-security 
Switch(config-if)#switchport port-security maximum 1 
Switch(config-if)#switchport port-security violation shutdown 
Switch(config-if)#switchport port-security mac-address sticky 
Switch(config-if)#exit 
 
 
Port security is disabled by default. switchport port-security command enables it. 
According to our requirements we can limit hosts that can be associated with an interface. 
We can set this limit anywhere from 1 to 132. Maximum number of devices that can be 
associated with the interface is 132. By default it is set to 1. switchport port-security 
maximum value command will set the maximum number of hosts. 
 
We have two options static and dynamic to associate mac address with interface. 
In static method we have to manually define exact host mac address with switchport port-
security mac-address MAC_address command. 
 
In dynamic mode we use sticky feature that allows interface to learn mac address 
automatically 
 
We need to specify what action; it should take in security violation. Three possible modes are 
available: 
 
Protect: - This mode only work with sticky option. In this mode frames from non-allowed 
address would be dropped. 
 
 
CCNA Routing & Switching v3 LAB Guide 
50 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Restrict: - In restrict mode frames from non-allowed address would be dropped. But in this 
mode, switch will make a log entry and generate a security violation alert. 
 
Shutdown: - In this mode switch will generate the violation alert and disable the port. Only 
way to re-enable the port is to manually enter no shutdown command. This is the default 
violation mode. 
 
 
Switchport port security explained 
 
Command Description 
Switch>enable Move in privilege exec mode 
Switch#configure terminal Move in global configuration mode 
Switch(config)#interface fastethernet 
0/1 
Move in interface mode 
Switch(config-if)#switchport mode 
access 
Assign port as host port 
Switch(config-if)#switchport port-
security 
Enable port security feature on this port 
Switch(config-if)#switchport port-
security maximum 1 
Set limit for hosts that can be associated with 
interface. Default value is 1. Skip this command to 
use default value. 
Switch(config-if)#switchport port-
security violation shutdown 
Set security violation mode. Default mode is 
shutdown. Skip this command to use default mode. 
Switch(config-if)#switchport port-
security mac-address sticky 
Enable sticky feature. 
 
We have secured F0/1 port of switch. We used dynamic address learning feature. Switch will 
remember first learned mac address (on interface F0/1) with this port. We can check MAC 
Address table for currently associated address. 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
51 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
No mac address is associated with F0/1 port. Switch learns mac address from incoming 
frames. 
 
We need to generate frame from PC0 that would be receive on F0/1 port of switch. We can 
use ping to generate frames from PC0 to Server. 
 
 
 
Switch learns this address dynamically but it is showing as STATIC. Sticky option automatically 
converts dynamically learned address in static address. 
 
Switchport port security testing 
 
Now we unplugged the Ethernet cable from pc (PC0) and plugged in his pc (PC1). 
 
CCNA Routing & Switching v3 LAB Guide 
52 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
Now try to ping from PC1 to Server 
 
 
 
Why ping is not success ? Because switch detected the mac address change and shutdown the 
port. 
 
 
Verify port security 
 
We have three commands to verify the port security 
 
show port-security 
 
This command displays port security information about all the interfaces on switch. 
 
CCNA Routing & Switching v3 LAB Guide 
53 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
show port-security address 
Display statically defined or dynamically learned address with port security. 
 
 
show port-security interface interface 
 
Display port security information about the specific interface. 
 
 
Here is a useful command to check your port security configuration. Use show port-security 
interface to see the port security details per interface. We can see the violation mode is 
shutdown and that the last violation was caused by MAC address 0002.1622.CB46:1 The 
aging time is 0 mins which means it will stay in err-disable state forever. 
 
How to reset an interface that is disabled due to violation of port security 
Manually restart the interface. Unplugged cable from PC1 and plugged back it to PC0 
Run following commands on switch and test connectivity from pc 
 
CCNA Routing & Switching v3 LAB Guide 
54 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
 
First go to the interface, shutdown and then apply no shutdown. 
 
 
 
 
 
LAB 11: Configure Portfast 
 
Advantages 
 
 Interfaces which is portfast enabled will go to forwarding mode immediately, the 
interface will skip the listening and learning state. 
 A switch will never generate a topology change notification. 
 
CCNA Routing & Switching v3 LAB Guide 
55 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 The PortFast feature will only have effect when the interface is in a non-trunking mode. 
So, enabling the PortFast feature on a trunk port is useless. Only in access mode. 
Configure PortFast on Cisco Switch (First unplug the two PCs as shown in figure) 
 
Next, execute the following command on Switch to enable the PortFast feature on the Fa0/1 
interface. 
 
Switch(config)#interface fa0/1 
Switch(config-if)#spanning-tree portfast 
 
%Warning: portfast should only be enabled on ports connected to a single 
host. Connecting hubs, concentrators, switches, bridges, etc... to this 
interface when portfast is enabled, can cause temporary bridging loops. 
Use with CAUTION 
 
%Portfast has been configured on FastEthernet0/1 but will only 
have effect when the interface is in a non-trunking mode. 
Switch(config-if)#Now, connect PC0 to the fa0/1 interface and PC1 to the fa0/2 interface, as shown in the 
following figure. 
 
CCNA Routing & Switching v3 LAB Guide 
56 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
We notice that the Fa0/1 interface will be activated within 5 seconds because it will not 
participate in the STP convergence process. 
LAB 12 : Configure BPDU Guard on Cisco Switch 
 The BPDU Guard is used to protect the Spanning Tree domain from external influence. 
BPDU Guard is disabled by default. But it is recommended to apply BPDU guard enable 
for all ports on which the Port Fast is enabled. 
 BPDU guard should be applied toward user-facing ports to prevent rogue switch 
network extensions by an attacker. 
 BPDU Guard can be configured either in Global mode or Interface mode 
 On an interface BPDU guard will put the port into err disable state if a BPDU is 
received 
 
In global configuration mode BPDU guard will disable port fast on any interface if a BPDU is 
received. 
 
SW2(config)# spanning-tree portfast bpduguard default 
SW2(config-if)# spanning-tree bpduguard enable 
 
CCNA Routing & Switching v3 LAB Guide 
57 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
Switch(config)#interface fastEthernet 0/1 
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport access vlan 1 
Switch(config-if)#spanning-tree portfast 
 
%Warning: portfast should only be enabled on ports connected to a single 
host. Connecting hubs, concentrators, switches, bridges, etc... to this 
interface when portfast is enabled, can cause temporary bridging loops. 
Use with CAUTION 
 
%Portfast has been configured on FastEthernet0/1 but will only 
have effect when the interface is in a non-trunking mode. 
 
Switch(config-if)#spanning-tree bpduguard enable 
Switch(config-if)#exit 
 
Switch#show spanning-tree interface fastEthernet 0/1 portfast 
 
VLAN0001 enabled 
 
 
LAB 13: Configure Root Guard on Cisco Switch 
Root-guard will stop a superior bpdu from becoming the root. 
 
Note: Root guard is best deployed towards ports that connect to switches which should 
not be the root bridge 
 
CCNA Routing & Switching v3 LAB Guide 
58 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
For example, a port on the distribution layer switch which is connected to an access layer 
switch can be Root Guard enabled, because the access layer switch should never become the 
Root Bridge. 
 
Switch#conf t 
Switch(config)#hostname DU 
 
Switch#conf t 
Switch(config)#hostname ASHISH 
 
Now check which switch is the root bridge 
 
http://www.omnisecu.com/cisco-certified-network-associate-ccna/three-tier-hierarchical-network-model.php
http://www.omnisecu.com/cisco-certified-network-associate-ccna/three-tier-hierarchical-network-model.php
http://www.omnisecu.com/cisco-certified-network-associate-ccna/three-tier-hierarchical-network-model.php
http://www.omnisecu.com/cisco-certified-network-associate-ccna/three-tier-hierarchical-network-model.php
http://www.omnisecu.com/cisco-certified-network-associate-ccna/what-is-a-root-bridge-switch.php
 
CCNA Routing & Switching v3 LAB Guide 
59 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
Switch DU becomes the root bridge...right ? 
 
Now we will enable root guard on switch DU on port G 0/1 so that if the Switch ASHISH want 
to become root bridge then the port G0/1 of DU switch will shutdown. 
 
DU(config)#interface gigabitEthernet 0/1 
DU(config-if)#spanning-tree guard root 
 
Now apply ping to PC1 to PC2 to verify connectivity 
C:\>ping 192.168.10.2 
 
Reply from 192.168.10.2: bytes=32 time=12ms TTL=128 
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 
 
Now we will change the priority value of Switch ASHISH ....to check what happen !! 
 
ASHISH(config)#spanning-tree vlan 1 priority 4096 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
60 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
now ping.... 
 
C:\>ping 192.168.10.2 
 
Request timed out. 
Request timed out. 
Request timed out. 
Request timed out. 
 
The port beomes red colored......taht indicates the port is shutdown when switch ASHISH 
wants to root bridge 
 
%SPANTREE-2-ROOTGUARDBLOCK: Port 0/1 tried to become non-designated in VLAN 1. 
 
Moved to root-inconsistent state 
--------------------------------- And the above message is generated on switch DU------------------------------- 
 
To recover from this .............. 
Reset the priority value of switch ASHISH 
ASHISH(config)#spanning-tree vlan 1 priority 32768 
 
On DU switch 
 
DU(config)#interface gigabitEthernet 0/1 
DU(config-if)#shutdown 
DU(config-if)#no shutdown 
 
Now apply ping to PC1 to PC2 to verify connectivity 
 
C:\>ping 192.168.10.2 
 
Reply from 192.168.10.2: bytes=32 time=12ms TTL=128 
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128 
 
 
CCNA Routing & Switching v3 LAB Guide 
61 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
LAB 14 : Spanning tree behavior - mode , priority value, root bridge 
 
Here Switch DU is the root bridge as its all the ports are forwarding mode. (Indicates green 
signal) 
By default Cisco switches run a separate STP instance for every VLAN configured on the 
switch; this mode is called PVST. 
 
We will configure Switch ASHISH as a root switch for the default VLAN (1) using one method 
then DU switch in another method : 
 
Method 1 (Switch ASHISH will be the root bridge ) 
 
First verify switch ASHISH if it is root or not.................. 
 
 
The switch is not the roor bridge 
 
CCNA Routing & Switching v3 LAB Guide 
62 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Now we will make it root bridge by using the following command: 
 
spanning-tree vlan [list] root [primary | secondary] 
 
Using this command will automatically lower the priority of the switch to a very significant 
value in order to make sure that the switch is elected as a root switch. 
 
ASHISH#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
ASHISH(config)#spanning-tree vlan 1 root primary 
ASHISH(config)#exit 
 
 
 
We can see that the switch is now the root bridge. 
 
Method2 (Switch DU will be the root bridge now): 
 
Setting the Bridge priority using the command spanning-tree vlan [list] priority 
[value]. 
 
DU(config)#spanning-tree vlan 1 priority 4096 
 
CCNA Routing & Switching v3 LAB Guide 
63 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
DU is now the root switch. 
 
LAB 15: Static route configuration 
 
Overview of Static Routing 
 Routes are configured Manually 
 Administrative distance value 0 
 Reducing CPU/RAM overhead and saving bandwidth. 
 Static routes are not advertised over the network 
 Not fault-tolerant 
 Initial configuration and maintenance is time-consuming. 
 Not appropriate for complex topologies 
 
 
CCNA Routing & Switching v3 LAB Guide 
64 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
DU Router (Basic Configuration) 
 
Router>enable 
Router#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z. 
Router(config)#hostname DU 
DU(config)#enable secret cisco123 
 
DU(config)#line console 0 
DU(config-line)#password cisco 
DU(config-line)#loginDU(config-line)#exit 
DU(config)#line vty 0 5 
DU(config-line)#password cisco 
DU(config-line)#login 
DU(config-line)#exit 
 
DU(config)#interface fastEthernet 0/0 
DU(config-if)#description conectivity from DU to BUET 
DU(config-if)#ip address 192.168.20.1 255.255.255.0 
DU(config-if)#no shutdown 
DU(config-if)#exit 
 
DU(config)#interface fastEthernet 0/1 
DU(config-if)#description connectivity to Local Network 
DU(config-if)#ip address 192.168.10.1 255.255.255.0 
DU(config-if)#no shutdown 
DU(config-if)#exit 
 
BUET Router (Basic Configuration) 
Router>en 
Router#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Router(config)#hostname BUET 
BUET(config)#enable secret cisco123 
 
BUET(config)#line console 0 
BUET(config-line)#password cisco 
BUET(config-line)#login 
BUET(config-line)#exit 
 
CCNA Routing & Switching v3 LAB Guide 
65 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
BUET(config)#line vty 0 5 
BUET(config-line)#password cisco 
BUET(config-line)#login 
BUET(config-line)#exit 
 
BUET(config)#interface fastEthernet 0/0 
BUET(config-if)#description Connectivity from BUET to DU 
BUET(config-if)#ip address 192.168.20.2 255.255.255.0 
BUET(config-if)#no shutdown 
BUET(config-if)#exit 
 
BUET(config)#interface fastEthernet 0/1 
BUET(config-if)#description connectivity from BUET to it's Local Network 
BUET(config-if)#ip address 192.168.30.1 255.255.255.0 
BUET(config-if)#no shutdown 
BUET(config-if)#exit 
 
Now Assign IP Address to Hosts 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
66 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Try to Ping from PC0 to PC1 
C:\>ping 192.168.30.2 
 
Pinging 192.168.30.2 with 32 bytes of data: 
 
Reply from 192.168.10.1: Destination host unreachable. 
Reply from 192.168.10.1: Destination host unreachable. 
Reply from 192.168.10.1: Destination host unreachable. 
Reply from 192.168.10.1: Destination host unreachable. 
 
Ping statistics for 192.168.30.2: 
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), 
 
C:\> 
Thus we need routing either static or dynamic, right ? 
Let us start with static routing............... 
DU Router 
DU(config)#ip route 192.168.30.0 255.255.255.0 192.168.20.2 
BUET Router 
BUET(config)#ip route 192.168.10.0 255.255.255.0 192.168.20.1 
Rules of Static route 
Router(config)# ip route [destination_network] [subnet_mask] [next-hop] 
 
On point-to-point links, an exit-interface can be specified instead of a next-hop address. 
 
Router(config)# ip route [destination_network] [subnet_mask] [Exit-Interface ] 
 
So for the previous example instead of IP Address we can write exit-interface as follows but if 
the 2 routers are connected point-to-point 
 
DU(config)#ip route 192.168.30.0 255.255.255.0 fastEthernet 0/0 
BUET(config)#ip route 192.168.10.0 255.255.255.0 fastEthernet 0/0 
 
Now ping again, 
C:\>ping 192.168.30.2 
 
Reply from 192.168.30.2: bytes=32 time<1ms TTL=126 
Reply from 192.168.30.2: bytes=32 time<1ms TTL=126 
Reply from 192.168.30.2: bytes=32 time<1ms TTL=126 
Reply from 192.168.30.2: bytes=32 time<1ms TTL=126 
 
 
Telnet to BUET Router.............. 
 
 
CCNA Routing & Switching v3 LAB Guide 
67 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
C:\>telnet 192.168.20.2 
Trying 192.168.20.2 ...Open 
 
User Access Verification 
 
Password: 
Password: 
BUET> 
Success...right .. 
Other verification command 
BUET#show ip route 
 
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 
* - candidate default, U - per-user static route, o - ODR 
P - periodic downloaded static route 
 
Gateway of last resort is not set 
 
S 192.168.10.0/24 [1/0] via 192.168.20.1 
 
C 192.168.20.0/24 is directly connected, FastEthernet0/0 
C 192.168.30.0/24 is directly connected, FastEthernet0/1 
 
BUET# 
S ----- represent Static route 
C------Directly connected route 
 
LAB 16: Static Default Routing 
 
It is a special type of static route. Default routing is used in stub networks. The stub network 
has only one way for the traffic to go, to reach several different networks. 
 
A DEFAULT ROUTE is sometime called Zero/Zero Route because the network and subnet we 
are specifying as the destination for the traffic that it would match are all zeros. 
 
A DEFAULT ROUTE says "for any traffic that DOES NOT match a specific route in the routing 
table ,then forward that traffic to this destination (next-hop-router-IP Address)".Other 
words default route is a "CATCH ALL" 
 
On default route, both the network and subnet mask will be zero (0.0.0.0 0.0.0.0). 
ip route 0.0.0.0 0.0.0.0 next-hop-router-IP address 
 
CCNA Routing & Switching v3 LAB Guide 
68 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
Normally Customer route to ISP is default route and ISP route to Customer is normal static 
route as shown below : 
 
Objective: 
 Basic Configuration on Router CUSTOMER and ISP 
 Static default route to INTERNET on CUSTOMER Router 
 Static route to CUSTOMER LAN on ISP Router 
 Verification 
 
Configuration 
Basic Configuration on Router CUSTOMER and ISP 
 
CUSTOMER Router 
 
Router>en 
Router#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Router(config)#hostname CUSTOMER 
CUSTOMER(config)#interface fastEthernet 0/1 
CUSTOMER(config-if)#description CUSTOMER LAN 
CUSTOMER(config-if)#ip address 192.168.10.1 255.255.255.0 
CUSTOMER(config-if)#no shutdown 
CUSTOMER(config-if)#exit 
CUSTOMER(config)#interface fastEthernet 0/0 
 
CCNA Routing & Switching v3 LAB Guide 
69 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
CUSTOMER(config-if)#description Connectivity to ISP 
CUSTOMER(config-if)#ip address 103.13.148.1 255.255.255.248 
CUSTOMER(config-if)#no shutdown 
CUSTOMER(config-if)#exit 
 
ISP ROUTER 
 
Router>en 
Router#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Router(config)#hostname ISP 
ISP(config)#interface fastEthernet 0/0 
ISP(config-if)#description Connectivity to CUSTOMER ROUTER 
ISP(config-if)#ip address 103.13.148.2 255.255.255.248 
ISP(config-if)#no shutdown 
ISP(config-if)#exit 
ISP(config)#interface fastEthernet 1/0 
ISP(config-if)#description Connectivity to INTERNET 
ISP(config-if)#ip address 100.100.100.1 255.255.255.0 
ISP(config-if)#no shutdown 
ISP(config-if)#end 
 
default route to INTERNET on CUSTOMER Router 
 
CUSTOMER(config)#ip route 0.0.0.0 0.0.0.0 103.13.148.2 
 
Static route to CUSTOMER LAN on ISP Router 
 
ISP(config)#ip route 192.168.10.0 255.255.255.0 103.13.148.1 
 
Assign IP Address to hosts............................. 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
70 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
 
 
Verification 
 
Apply Ping from PC0 to PC1 
C:\>ping 100.100.100.2 
 
Reply from 100.100.100.2: bytes=32 time=1ms TTL=126 
Reply from 100.100.100.2: bytes=32 time<1ms TTL=126 
Reply from 100.100.100.2: bytes=32 time<1ms TTL=126 
Reply from 100.100.100.2: bytes=32 time<1ms TTL=126 
 
Successfull..................... 
 
Now on Customer Router 
 
 
 
S* indicates default route 
 
 
 
 
 
CCNA Routing & Switching v3 LAB Guide 
71 
 
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved 
On ISP Router 
 
 
 
..................S indicates Static route