Computer Network labs – Based on CCNA curriculum. -  March 17, 2006

 

Physical cabling and PC configuration.  (CCNA 1)

  1. Be able to install and/or identify a nic in a pc and check its status and properties.  Enable and disable it.  Install and configure tcp/ip (or another protocol), install file and print sharing and MS client. Commands:  Ipconfig (winipcfg), ping, tracert, Also try arp –a, print route, net stat but we will not use them until later.  Find and change protocol bindings.  Check BIOS settings, especially nic and boot sequence.
  2. After discussing IEEE-568a and b, make a crossover cable and test it.  Know wire maps and crossed and split pairs.  Recognize fiber st and sc, rj-11, rj45, bnc, aui, 9/25 pin, 60 pin. ( and cisco serial when we get them) connectors.  Recognize utp, stp, fiber, coax and twinax cable.  Understand the role of jacks, horizontal cable runs, patch panels, closets, trunks and cut sheet documentation.
  3. Connect 2 pc’s with a crossover cable, address and ping.  Understand DTE and DCE ports, which ones are on nics? Routers, switches? Hubs?  Connect with hub address and ping.  Connect with a switch, address and ping.  Use Class C 192.168.x.x addresses.  Could you address with class B? Class A?

Basic Router and Switch Configuration. (CCNA 2)

  1. After learning basic router/switch architecture, setup a router and a switch with basic commands, save and reload it.  Connect a console cable and use teraterm (or hyperterm or putty) to configure your device.  Name your device and configure logins, passwords and a banner message for console, aux and telnet access.  Configure privledged mode (secret and enable) passwords. Save your configuration and reboot.  Is your config reloaded?  Erase your config.  Reload and enter setup mode.  Answer one or two questions and ^C out.  Type setup and enter it again.  Why would you use this mode?  We won’t use it in this class again.
    1. > Enable
    2. #Config t,
    3. (conf)#Line con 0 or aux ( then use - login, pass, logging sync)
    4. (conf)#Line vty 0 4, 0 15 (then use - login, pass) 
    5. (conf)#Hostname
    6. (conf)#Banner motd
    7. (conf)#Enable secret
    8. (conf)#Enable password
    9. (conf)#exit
    10. #Copy (run start)
    11. #sh (run start)
    12. #Erase start (please avoid erase flash)
    13. #reload
    14. #Setup (script) mode (after erase start/reload and using the setup command)
  2. For both a router and a switch, configure your device with the basic commands from step 5 again and save them.  Practice using history commands (and tab, ^z, exit) to navigate.  Find ram, flash, nvram, interfaces, IOS version and filename.  What else can you learn from the show commands?  Reload your router or switch and bypass the password.  The bold ones are most important now – we will look at the others more later.
    1. #Show (ver, run, start, arp, protocol, flash, int, ip int brief) 
    2. ^Z, up arrow, ^p, show history
  3. After learning basic router/switch architecture, setup a router and a switch with basic commands, save and reload.  Do password recovery on one.  What command do or show you?  Note that not all commands are available on all routers and all switches.  Can you find the procedures on cisco.com for various routers and switches?
    1. (conf)#Config-reg 0x2102
    2. In monitor mode > (o/r ox42, boot, delete, dir flash:)
    3. boot system

Connecting Routers and Switches to the lan network (Interface configuration, remote configuration and connectivity) – CCNA2

  1. Configure IP interfaces for Ethernet and token ring  networks. (int, int range).  Bring up a network with a pc and a router on it using a crossover, hub or switcfh.  Ping from the pc to the router.  Set speed and duplex if the router permits.  Pull the cable on the router.  What happens to the interface?  Use the no keep command (Ethernet only) to bring the interface back up.  Bring a pc up on a token ring and ping the router.
    1. (conf-if)#Ip address
    2. (conf-if)#Desc
    3. (conf-if)#Shut, no shut
    4. (conf-if)#Keep/ no keep, ringspeed
    5. (conf-if)#Speed, full-duplex or duplex full
  2. After discussing serial cables, physically connect 2 routers serially and 2 routers to an Ethernet switch.  Explore cdp.  What can you learn?
    1. #Cdp run
    2. #Sh int, clear counters
    3. #Sh cdp (int, nei, nei detail)
  3. No lab at this time – considering adding arp, protocol and network inspector labs.
  4. Connect 2 routers with a token ring, Ethernet or serial connection, address and verify ping.  Telnet from one to the other, show who is on each router. What happens if you configure Telnet (vty with login, but no password)?  Exit the session.  Setup an IP host table and telnet using the name not the address. Exit.  telnet again, but mistype the name.  What happens.  Disable domain name lookup. Use ping –t.  What does it do?  Stop it with ^c.
    1. #Telnet
    2. #Ping.  Ping –t. And try extended ping (ping, enter, then answer the prompts). Understand ICMP versus IP
    3. #No ip domain-lookup
    4. (conf)#Ip host, (know what ip name_server does)
    5. #Sh users
    6. #Sh vty 0 4
  5. Copy your saved config and the ios to a pc using tftp.  Copy them back to the router.  Copy the config to a pc using capture (log).  Copy and paste it back to the router.  Enable web services on the router or switch.  Browse to it from the pc (IE).  What can you see?  Disable web services?  What happens?
    1. #Copy (tftp flash)
    2. Teraterm and hyperterm commands (copy, paste, capture, log)
    3. Tftp server commands (options)
    4. #ip http server
  6.   Create a “paste” configuration to start future configs with.  Include enable secret passwords, ip classless, ip subnet-zero, no ip domain-lookup, ip http server, and line, aux and vty configurations.  You may use this all future labs and tests, but need to know what each command does.  Notepad and paste is commonly used for ACL, routing protocol and sometimes interface configurations.

Introduction to Switches

  1. Basic switch configuration.  Review the following commands and try them on a switch:  en, conf t, hostname, line con 0 (login, pass, logging sync), line vty 0 15 (login, pass), no ip domain-lookup, ip host, banner motd, en secret, copy run start, erase start, exit, sh (run, start, ip int brief, ver,  int, flash, cdp nei det, users), reload, en cdp, ip http server.  To completely “erase” a switch we must erase the config (start) like router, but vlan information is also contained in a separate file in flash called vlan.dat.  Erase that file, clear the config and reboot.
  2. Switch ports.  Configure a switch port.  It does not have an ip address like a router.  Why not?  Set speed, duplex, access mode and description on the port.  What would you put in a typical description?  Why?  Shut the port down, view its status.  Bring it back up
    1. (conf-if)#Sw mode acc
  3. Management address and intro to vlans.  Switches can participate in an ip network (only 1, not 1 per port, why?).  This is done with a virtual interface called a management vlan (more on vlans later).  By default vlan 1 is the management vlan so by adding an ip address to that vlan, we can make the switch an ip host for ping, telnet, tftp and other traffic.  With a router and/or pc plugged into the switch and addressed on the same network, assign an ip address and default gateway to the switch. Do a sh ip int brief.  Ping the switch.  Telnet to it (you must have a telnet password). Web browse to it.  Turn off the web server in it and web browse to it again.  The switch needs a layer 2 (mac) address to communicate.  What address is it using?
    1. (conf)# Int vlan 1 (ip address, desc)
    2. (conf)# Ip default-gateway
    3. #Sh mac-address-table
  4. Reload a switch IOS and bypass the password.  To “break” the password on a switch, power off and on while holding the mode button to enter rom monitor mode.  Rename the config.text file in flash and boot the IOS.  You should be able to enter enable mode, rename the config.text file back to its correct name, load the configuration, change the password and resave the config.  Look at a list of the files in flash on the switch.  Notice the directories and change to the html directory look at the files in it.  Delete everything in the html directory (this will wipe out the web server pages).  Download a new IOS tar file (get this from me)from a tftp server.  This should recreate the html pages.  Look at it and test it.  Save your config to the tftp server.
    1. #Delete flash:html/*
    2. #Tar /x tftp://ip/file
    3. >flash_int, load_helper, dir, rename, boot
    4. #Rename, cd, dir flash:

Switching (Ethernet, vtp, vlans, spanning tree, trunking, dhcp)

  1. Mac Tables and port security.  Set up an Ethernet with 2-3 pc’s on it.  Ping from each to the switch.  Look at the arp tables on the pc’s and the switch.  Look at the Mac table on the switch.  Check the mac table every 15 seconds until it clears.  How long did it take?  Check a pc’s arp table every 15 seconds until it clears.  How long did it take?  Ping again.  Clear the switch mac table and verify it.  Set a static mac address for a pc on one switch port. Turn on port security. Test that pc.  Test another.  What happens?  Set the port security to “sticky”.  Retest that pc and another.  What changed?  Set the max count to 1 and action violation to shutdown.  Test both pc’s again.  Now what happens?
    1. #Clear mac-address-table dynamic
    2. (conf)#Mac-address-table static x.x.x int fa0/x vlan y
    3. #Sh port-sec
    4. (conf-if)# Sw port-sec mac-addr sticky
    5. (conf-if)# Sw Port-sec max-mac-count 1
    6. (conf-if)# Sw-sec action violation shut (or port sec action shut)
  2. Spanning Tree.  (Note for next time – add load balancing across parallel trunks by vlan (pvst or mstp), portfast, uplinkfast and backbonefast and/or rstp).  Connect 3 switches in a loop.  Determine the root bridge.  Force the root bridge to a different switch. Verify.  Determine forwarding and blocking ports on each switch.  Remove and replace cables on new ports.  How long did it take to “stabilize” the network?
    1. #Sh span brief
    2. (conf)# Span tree pri 1 or sp tree vlan 1 pr 4096 (8192, etc…)
  3.   Vlans.  Create and name 2 vlans on a switch.  Assign 2 ports to each vlan and connect a pc to each.  Address them on different networks and ping.  (It should also fail. Why?)  Address them on the same network and ping.  (It should fail.  Why?)   Connect them to the same vlan and ping.  Why did it work?

                        a.  # vlan dat (vlan 2 name x, no vlan x)

b.      (conf-if)# sw acc vlan 2

  1.  Trunking and vtp.  Connect 2 switches.  Create vlan 10 and vlan 99 on both.  Put a pc on a port on vlan 99 on each switch and address them on the same network.  They shouldn’t ping.  Why not?  Configure the ports on the switch to switch connection as dot1q trunks (you could do this exercise a second time and try isl instead of dot1q).  Now test connectivity between pc’s.  Erase the vlan configurations on both switches and disconnect the cable between them.  On one switch, configure it as a vtp server in the “carroll” domain.  Configure vlans 10 and 99 again.  On the second switch, configure it as a vtp client in the “carroll” domain (no vlans).  Connect the trunk.  What happens to vlans on the second switch?  View the vtp statistics.  Pay particular attention to vtp db revision number.  Why is that important?  Assign the pcs to ports and test if needed. 
    1. (conf-if)# sw mode trunk
    2. (conf-if)# sw trunk encap dot1q
    3. # sh int fa0/x sw
    4. # vlan dat (vtp server/client, vtp dom x)
    5. # sh vtp stat, sh vtp sum
  2. Intervlan routing.  (2600 class routers only – 2500 and 1600 don’t support it)  To direct traffic between vlans we need routing.  Configure a sw with vlans 10 and 20 and a pc on each, addressed correctly.  They should not ping.  Add a router on a trunk port.  Configure the router port as a trunk.  Ping between the pc’s.  Why does this work?  Why is it required?  Int fa0/x.2 (Ip address, encap dot1q 2)
  3. Intervlan routing (3550).  Create 2 vlans and address them (this is the vlan gateway).  Put 2 pcs on different vlan ports on the 3550 and address as such including entering the gateway.  Turn on Ip routing (conf t – ip routing).  Use sh ip int brief to verify the ports and vlans are up and the addresses are correct.  Use sh ip route to verify the switch is routing and the networks are listed.  Ping between the pcs.  Turn off ip routing.  Verify the pc’s fail to ping.  Move the 2 pcs to a 29xx switch on the same 2 vlans.  Verify they can’t ping.  Trunk between the switches.  Turn ip routing back on and verify they can ping now throught the 3550.  (Use tracert instead of ping and it shows the 3550 address.)
  4. Practice Hands on test demo - midterm spring 2006
  5. DHCP.(CCNP1 lab 2.10.3)  Configure a router as a dhcp server.  Configure a pc on the same network to query for dhcp services.  On the pc, release and renew the ip address.  Verify it gets an address, mask, dns server and gateway (ipconfig /release /renew).  Exclude the address on the router.  Release and renew the pc again.  What address did it get?  Show the dhcp address leases that the router has (bindings).  This configuration only works on local networks.  What command would you use if the router with the pool was remote to this lan?  Why?
    1. (conf)# Ip dhcp pool xyz (net x.x.x.x y.y.y.y, default-router x.x.x.x, dns-server x.x.x.x domain-name abc, net-bios-name-server abc)
    2. (conf)# Ip dhcp excluded address
    3. (conf-if)# Ip helper-address
    4. #Sh ip dhcp bindings

Layer 2 Framing (Configuring serial with HDLC and PPP) – use page 484-485, Companion Guide CCNA 3-4 handouts.

  1. Serial point to point connections.  Connect a synchronous serial cable between 2 routers (using DTE and DCE V.35 cables and noting which end is which).  Configure the serial interfaces on each router with an ip address, description and with hdlc framing (encap).  Put the clockrate (56000) on the DCE end and bring the interface up.  Ping from one to the other.  Do the same exercise, but use 2 DTE’s cables, 2 Adtran CSU/DSU’s  and the “T1 rollover” cable.  We don’t need clockrate.  Why not?
    1. (conf #) Int s0 (ip addr, desc, encap hdlc, clockrate 56000, shut, no shut)
  2.  PPP serial point to point connections.  Use either CSU/DSU’s or DCE/DTE cables like in the exercise above, but use PPP encapsulation.  PPP allows link authentication, compression,  callback, address assignment, multiple network protocols, multiple link multiplexing and error detection.  Bring the link up and ping.  Add security to the link using Pap.  Bring it up and Ping.  Change the authentication to CHAP.   Use and incorrect password on one end.  What happens?  Fix the password and add compression on the link.  We will do more with PPP address assignment, callback and multiple link multiplexing when we do WAN dialup technologies.
    1. Encap hdlc or ppp
    2. Compress predictor/stack
    3. Ppp multilink (don’t use on this lab yet)
    4. Ppp auth pap/chap
    5. Username x pass y
    6. Sh int
    7. Debug ppp auth, u all, debug serial int, debug ppp event, debug ppp negotiation

Routing – Static Routes, Rip setup, addressing and loop issues with rip (CCNA2, CCNP1 mod 1)

  1. Static routes and Routing commands.  Set up a 2 router network with lans on either end using 3 class C networks.  Put a PC on each lan.  Test connectivity.  What devices can ping what other devices?  Why?  Turn off ip routing.  Add a default-gateway. Ping to the pc on the far lan.  Why does it work now?  Remove the ip default-gateway and turn ip routing back on.  Add the ip classless and no ip subnet-zero commands.  What do they do?  Verify that pings to the far lans fail.  Add a static route on each router to the Ethernet on the far router.  Verify that all pings work.  Look at the routing table.  Why? Remove the static routes and verify that everything fails.   Add a default static route (quad zero) to one router.  Can you ping the remote lan now? Why?  Add it to the other router.  Can everyone ping everyone else?  Why does each work?  Check the routing table.  Learn to recognize the existence (or not) of a default route.  If you had 3 routers in your network, what default route could you put on the middle router?  What would the problems of using static and default routes in this network?(This sets you up for the next exercise.)
    1. Ip routing
    2. Ip classless, no ip subnet-zero
    3. Ip default-gateway
    4. Ip route (static) net mask interface (and the “no ip route” version of the command)
    5. Sh ip route
  2.  Set up a 3 router network.  Since default routes are difficult to maintain in this topology, use rip on all 3 routers to establish reach ability.  Ping from one of the end pcs to all other devices in the network.  Use tracert on the end pc to view all “hops” across the network.  Look at the routing table.  Are all networks reachable from all routers? Why?  Are there any default routes?  Look at sh ip prot and sh prot.  What can you learn?  What osi layer is this information? Look at sh int and sh arp. What do they tell you?  What osi layer is this information?  This represents a classic, simple, functioning, fully reachable, routed network.  Repeat this exercise with 3 class B networks (172.16.0.0/16)?  Could you do it with class A networks?  How about just using class A private networks (10.x.x.x)?  How ?
    1. Router rip (eigrp, ospf, igrp, is-is, bgp, etc..)
    2. network
    3. Trace
    4. sh (ip int, ip prot, prot, arp, int, ip int brief, ip route)
    5. no ip route-cache (not needed on our routers), sh ip route-cache
    6. debug ip packet
    7. terminal monitor (if trying to view debug output via a telnet connection rather than a console)
  3. Config a 3 router network with a loop using rip ver 1.  Look at the routing table.  Look at sh ip prot.  Make a topology change to an Ethernet and see how long it takes the routing table to correct itself.    Ping to verify connectivity and the loss of connectivity.  Watch the process with debug ip rip on, Watch the pings with debug ip packet. Then try the same exercise using: router timing commands a-c below (from CCNA2). What changed in network behavior?  In sh ip prot?  ( you can use clear IP router *) to force a router to clear routes.
    1. Default-metric 10
    2. Timers basic 30 60 150 30
    3. Ip split-horizon (on the int)
    4. Clear ip route *
    5. Use debug ?, debug ip rip (events, database), debug ip packet   (if using debug through a telnet session you need the terminal monitor command)
  4. Address the 3 router network from #13 with subnets of the 10.0.0.0/8 network.  In particular, use networks with different masks on the 2 end networks. Use IP unnumbered on at least 1 serial link.  Use rip for the routing table.  Test.  View the routing tables.  This should not work.  Convert to rip version 2.  Test.  View the routing tables.  This should work.  Why did we us ip unnumbered?  Did we need to?  Why did we use ver 2?  Did we need to?  Why did we use no auto summary?  Did we need that?  Move one router back to rip v1.  Look at the routing tables.  What happened?  Which direction do updates still occur?  Use the ip rip receive command to fix it so that updates still occur both ways.  Put both routers back on ver 2 and configure authentication on one router.  Did you lose updates both ways?  Configure it on the other router.  Did you restore updates?
    1. ver 2
    2. ip unnumbered fa0/0
    3. no auto-summary
    4. ip rip receive ver1
    5. key chain private (key 1, key-string xyz)
    6. ip rip auth key-chain private
    7. ip rip auth mode md5
  5. Optional – set up the lab from #13 and have the instructor “break it”.  Troubleshoot.

Default Gateways and Address Translation (NAT)

  1. NAT/PAT.  Set up a 2 router network and connect it to an instructor configured “ISP” router (please do not erase or change it).  It will use cisco for a password.  The ISP router will have loopback addresses of 1.1.1.1  and 2.2.2.2 to represent the internet   The web server will be turned on. You should not use any specific routes to get to either network. (If other networks were added they should still be reachable from your network without any changes.)  The ISP router will have 2 serial and an Ethernet interface.  The s0 interface will use 200.0.0.1/24, the s1 will use 200.1.0.1/24 and the e0 will use 200.2.0.1/24 for addresses.  There will be not clockrate or other commands on the interfaces.  The ISP router will be configures to return traffic to any address configured on that interface.  (For example, the reply to any packet received from 200.0.x.x will be sent out the s0 interface.)

Add an ethernet and a pc to each of your routers.  Address with an appropriate private network scheme and use rip v1 or v2.  All devices in your private network should successfully ping each other.  Add a 0.0.0.0 default gateway to each router. Configure NAT using the appropriate addresses for the NAT pool.  Where do you place the NAT translations?  Which addresses do you use?  Can you ping the 1.1.1.1 and 2.2.2.2 addresses from anywhere?  What does your routing table look like (does it have routes to the ISP? How?  Look at the nat translation table.  Can you explain what you see?  Erase it.  Turn on nat translation debugging and ping the “internet”.  What do you see from the debugger?  What appears in the translation table?

a)      ip nat pool mypool x.x.x.x x.x.x.x netmask y.y.y.y

b)      ip nat inside source list x pool mypool (overload)

c)      ip nat inside source list x int s0 (overload)

d)      ip nat inside

e)      ip nat outside

f)        sh ip nat trans * (Note that NAT* indicates the packet is fast switched.  What is that?)

g)      sh ip nat trans verbose

h)      sh ip nat stat

i)        debug ip nat trans

j)        access-list 1 permit x.x.x.x z.z.z.z (z means use a wildcard or reverse mask)

  1.  Static Nat and Pat.  Use the NAT/PAT setup above.  Put a pc on the ISP Ethernet network. Verify you can not ping from the ISP router to one of your PC’s, but can ping everywhere within your private network.  Enter a static translation for one of your pc’s.  Can you ping it now?  What about other devices in your network?  Turn the web server on on your internal router.  Verify the outside pc web browser connects to the ISP router.  Verify that it fails to connect to your internal a router (your internal router should be “browsable” from inside pc’s).  Configure a static pat translation on the NAT router and verify that the isp pc can now browse to your internal router.
    1. Ip nat inside source static tcp x.x.x.x x.x.x.x ip 80 extendable (the first address is the inside ip, the second is the “outside”)
    2. ip nat inside source static x.x.x.x y.y.y.y
  2. Gateways.  Remove the 0.0.0.0 default route on your router which is not attached to the ISP.  Does it reach the ISP now?  Does the one with the 0.0.0.0 route.  The problem with a 0.0.0.0 on all routers is having to remember and add it to all your routers in a private network (and reconfigure them when it changes).  Use Rip v1 and redistribute static routes on the ISP connected router.  That should fix the problem.  What do you see in both routing tables now?  Remove the redistribution and convert to rip v2.  Use the default info-orig command on the ISP router (it does not work on rip v1).  This should also fix the problem.  What do you see in the routing tables now?  What would be the advantage of each technique for default routing?
    1. Redistribute static
    2. Ip route 0.0.0.0 0.0.0.0 s0 (or ip address)
    3. Default info-originate

 

Routing – EIGRP

  1. Igrp/Eigrp.  Note this exercise is similar to the second (equal cost load balancing) rip exercise, but is unequal cost rather than equal.  Create a 3 router network with rip. Use trace to verify equal cost load balancing. Use fast switching to send all traffic one way to the unconnected network.  Look at the fast switching cache (from CCNP1).  Remove fast switching. Change the protocol to IGRP.  Verify it works. Change the routing protocol to EIGRP and put different bandwidths on 2 links.  Check the cost using each link and use trace to verify unequal cost load balancing.   Use an Acl to limit “debug ip packet info”. 
    1. Router igrp 1 (network x.x.x.x)
    2. Router eigrp 1
    3. Ip route-cache
    4. sh ip route-cache
    5. Band
    6. variance
    7. Debug Ip packet (info)
  2. Look at the eigrp topology.  Look at the routing table on each router.  What happens to the routes?  Verify eigrp neighbors.  Look at eigrp traffic.
    1. Sh ip eigrp int
    2. Sh ip eigrp topo (active, pending, all-links)
    3. Sh ip eigrp traffic
    4. Eigrp log-neighbor-changes (recommended by cisco)
    5. Ip bandwidth-percent (recommended by cisco on slow links to control what eigrp can use on a link – based on band value)
    6. Debug eigrp packet