Professional Documents
Culture Documents
com
www.ccieuniversity.com
www.ccieuniversity.com
www.ccieuniversity.com
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Config RIPV2 on the 3 routers.
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 172.16.0.0
R1(config-router)# network 10.0.0.0
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)# network 10.0.0.0
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)# network 172.16.0.0
R3(config-router)# network 10.0.0.0
Step 3: Use show ip route to check whether there is auto summarize
Step 4: Disable auto summarize to see the changes
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
Step 5: change the 4 timers on R1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#timers basic 20 120 120 160
The above 4 value are update, Invalid, hold down, flushed
Tips:RIPV2 is based on UDP port 520 and using multicast to send
triggered update.
By www.ccieuniversity.com
www.ccieuniversity.com
www.ccieuniversity.com
R3(config-keychain)#exit
R4(config)#key chain www.ccieuniversity.com
R4(config-keychain)#key 1
R4(config-keychain-key)#key-string cisco
R4(config-keychain-key)#exit
R4(config-keychain)#exit
Enable rip md5 authentication on interface
R3(config)#interface s0
R3(config-if)#ip rip authentication mode md5
R3(config-if)#ip rip authentication key-chain www.ccieuniversity.com
R4(config)#interface s0
R4(config-if)#ip rip authentication mode md5
R4(config-if)#ip rip authentication key-chain www.ccieuniversity.com
Step 6:config route summarize on R4.
R4(config)#interface s0
R4(config-if)#ip summary-address rip 172.16.0.0 255.255.252.0
Step 7: disable split horizon on R4 s0, and use debug ip rip to
check it.
R4(config)#interface s0
R4(config-if)#no ip split-horizon
R4(config-if)#end
By www.ccieuniversity.com
www.ccieuniversity.com
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)# network 23.0.0.0
R2(config-router)# network 12.0.0.0
R2(config-router)# network 2.2.2.0
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)# network 13.0.0.0
R3(config-router)# network 23.0.0.0
Step 3: Check route table of R2 to see whether there are 2 routes
for network 13.0.0.0
Step 4: If you want to enable packet based load balance, You need to
disable Cisco CEF first.
R2(config)#interface s1
R2(config-if)#no ip cef
R2(config-if)#no ip route-cache
R2(config)#interface s0
R2(config-if)#no ip cef
R2(config-if)#no ip route-cache
Step 5: "ping 13.0.0.1 source 2.2.2.2" and "debug ip packet" to
check RIP Equal Cost Load Balancing feature.
Step 6: Change the maximum load balancing number of RIP to 6
Use show ip protocols we can see Maximum path: 4
Change the number to 6
R2(config)#router rip
R2(config-router)#maximum-paths 6
Tips: Before IOS 12.3 the maximum number is 6, after 12.3 it could
be up to 16.
By www.ccieuniversity.com
Lab Purpose:
Master EIGRP basic configuration
Observe EIGRP auto summary
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Enable EIGRP on the 3 routers
R1(config)#router eigrp 100 //EIGRP Autonomous System
R1(config-router)#network 172.16.1.0 0.0.0.255
R1(config-router)#network 10.1.1.0 0.0.0.3
www.ccieuniversity.com
R2(config)#router eigrp 100
R2(config-router)#network 10.1.1.64 0.0.0.3
R2(config-router)#network 10.1.1.0 0.0.0.3
R3(config)#router eigrp 100
R3(config-router)#network 172.16.1.0 0.0.0.255
R3(config-router)#network 10.1.1.64 0.0.0.3
Step 3:Use "show ip route" to observe the auto summary feature
Step 4:Disable auto summary then "show ip route" again
R1(config)#router eigrp 100
R1(config-router)#no auto-summary
R2(config)#router eigrp 100
R2(config-router)#no auto-summary
R3(config)#router eigrp 100
R3(config-router)#no auto-summary
By www.ccieuniversity.com
Lab Purpose:
Master EIGRP basic configuration
Master EIGRP MD5 Authentication Configuration
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Enable EIGRP on the 3 routers
R1(config)#router eigrp 100 //EIGRP Autonomous System
R1(config-router)#network 172.16.1.0 0.0.0.255
R1(config-router)#network 10.1.1.0 0.0.0.3
R2(config)#router eigrp 100
R2(config-router)#network 10.1.1.64 0.0.0.3
R2(config-router)#network 10.1.1.0 0.0.0.3
R3(config)#router eigrp 100
R3(config-router)#network 172.16.1.0 0.0.0.255
R3(config-router)#network 10.1.1.64 0.0.0.3
Step 3:Use "show ip route" to observe the auto summary feature
Step 4:enable MD5 authentication on 3 routers
R1(config)#key chain www.ccieuniversity.com
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco
R1(config)#interface s0
R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100
www.ccieuniversity.com
R2(config)#key chain www.ccieuniversity.com
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string cisco
www.ccieuniversity.com
R2(config)#interface s0
R2(config-if)#ip authentication
R2(config-if)#ip authentication
www.ccieuniversity.com
R2(config)#interface s1
R2(config-if)#ip authentication
R2(config-if)#ip authentication
www.ccieuniversity.com
www.ccieuniversity.com
R1(config)#interface lo0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config)#router ospf 100
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.1.0 0.0.0.3 area 1
R2(config)#interface lo0
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R2(config)#router ospf 100
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.1.1.0 0.0.0.3 area 1
R2(config-router)#network 10.2.2.0 0.0.0.255 area 0
R3(config)#interface lo0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config)#router ospf 100
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 10.2.2.0 0.0.0.255 area 0
R4(config)#interface lo0
R4(config-if)#ip address 4.4.4.4 255.255.255.0
R4(config)#router ospf 100
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 10.1.1.64 0.0.0.3 area 2
R4(config-router)#network 10.2.2.0 0.0.0.255 area 0
Step 3: Use "show ip ospf neighbors" to see the DR BDR selection
result.
Step 4: Modify R4 E0 interface priority to 0 then it will not
participate in the DR BDR selection.
R4(config)#int E0
R4(config-if)#ip ospf priority 0
Tips: The default ospf interface priority is 1, so R2 and R3 should
compare RID to decide who will be DR, as 3.3.3.3 is greater than
2.2.2.2, so R3 would be DR.
By www.ccieuniversity.com
Lab Purpose:
Master OSPF area summarization configuration.
Master OSPF simple password and MD5 authentication configuration.
www.ccieuniversity.com
Learn how to modify OSPF hello interval, dead interval, and cost
value.
Lab Requirement:
Enable route summary from area 1 to area 0.
Enable simple password authentication between R1 and R2.
Enable MD5 authentication between R2 and R3.
Modify hello interval to 5 and dead interval to 10 between R3 and R4.
Modify R4 s0 cost to 80.
Enable OSPF neighbor log on all Routers.
Lab Steps:
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Enable OSPF on all routers
R1(config)#router ospf 100
R1(config-router)#network 172.16.1.0 0.0.0.255 area 1
R1(config-router)#network 172.16.2.0 0.0.0.255 area 1
R1(config-router)#network 172.16.3.0 0.0.0.255 area 1
R1(config-router)#network 172.16.4.0 0.0.0.255 area 1
R1(config-router)#network 12.1.1.0 0.0.0.255 area 1
R1(config-router)#log-adjacency-changes //enable OSPF neighbor log
R2(config)#router ospf 100
R2(config-router)#network 12.1.1.0 0.0.0.255 area 1
R2(config-router)#network 23.1.1.0 0.0.0.255 area 0
R2(config-router)#log-adjacency-changes
R3(config)#router ospf 100
R3(config-router)#network 23.1.1.0 0.0.0.255 area 0
R3(config-router)#network 34.1.1.0 0.0.0.255 area 2
R3(config-router)#log-adjacency-changes
R4(config)#router ospf 100
R4(config-router)#network 34.1.1.0 0.0.0.255 area 2
R4(config-router)#log-adjacency-changes
Step 3: Enable area 1 route summary on R2
R2(config)#router ospf 100
R2(config-router)#area 1 range 172.16.0.0 255.255.248.0
Step 4:Enable MD5 authentication between R2 and R3
R2(config)#int s1
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
R2(config-if)#ip ospf authentication message-digest
R3(config)#int s1
R3(config-if)#ip ospf message-digest-key 1 md5 cisco
R3(config-if)#ip ospf authentication message-digest
Step 5: enable simple password authentication between R1 and R2
R1(config)#int s0
R1(config-if)#ip ospf authentication-key cisco
R1(config-if)#ip ospf authentication
R2(config)#int s0
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#ip ospf authentication
Step 6:Modify hellodead interval
R3(config)#int s0
R3(config-if)#ip ospf hello-interval 5
R3(config-if)#ip ospf dead-interval 20
R4(config)#int s0
R4(config-if)#ip ospf hello-interval 5
R4(config-if)#ip ospf dead-interval 20
Step 7: Modify R4 interface s0 cost
R4(config)#int s0
R4(config-if)#ip ospf cost 80
www.ccieuniversity.com
Use "show ip ospf interface so" to see all the modify value
including RID, priority, area, timer, cost, etc.
By www.ccieuniversity.com
www.ccieuniversity.com
R2(config-router)#redistribute eigrp 100 metric 2
R2(config-router)#redistribute ospf 100 metric 2
R2(config)#router eigrp 100
R2(config-router)#redistribute rip metric 2000 1 255 1 1500
//EIGRP combine metric
R2(config-router)#redistribute ospf 100 metric 2000 1 255 1500
R2(conf t)#router ospf 100
R2(config-router)#redistribute rip metric 64 subnets
R2(config-router)#redistribute eigrp 100 metric 64 subnets
Tips: Command "subnets" in OSPF redistribution is to allow
subnets prefix join the OSPF route table.
By www.ccieuniversity.com
Lab Purpose:
Master switch basic configuration.
Master switch port security configuration.
Lab Requirement: finish basic configuration including ip address, default gateway.
Enable port security on Fa0/3 to allow maximum 10 mac address to be learn, others
will be dropped.
Lab Steps:
Step 1: basic configuration
Switch(config)#ip default-gateway 192.168.1.1
//If without default gateway you can not access the switch from
different network.
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.1.2 255.255.255.0
Switch(config-if)#no shutdown
//set up switch management ip address.
Switch(config)#int fa0/1
www.ccieuniversity.com
Switch(config-if)#duplex full
Switch(config-if)#speed 100
Step 2:enable port security.
Switch(config-if)#int fa0/3
Switch(config-if)#switchport mode access
//only access mode can enable port security
Switch(config-if)#switchport port-security maximum 10
//set the maximum learned mac address number to 10
Switch(config-if)#switchport port-security violation protect
//drop the exceeded frames
By www.ccieuniversity.com
Lab Purpose:
Master vlan basic configuration.
Master interface assign vlan configuration.
Lab Requirement: create vlan2 and vlan3vlan name is HRENG
Assign pc1 in vlan2, assign pc2 in vlan3
Lab Steps:
Step 1:create VLAN2 and VLAN3
Switch#conf t
Switch(config)#vlan 2
Switch(config-vlan)#name HR
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#name ENG
Step 2: assign the 2 PC connected interfaces to the 2 vlan.
Switch(config)#int fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#end
Switch(config)#int fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#end
Step 3:Use "show vlan brif" to check the vlan table.
By www.ccieuniversity.com
www.ccieuniversity.com
www.ccieuniversity.com
Switch VTP Configuration Lab
Topology
www.ccieuniversity.com
Step 5: Check SwitchB vlan information to see whether there are
automatically created vlan10 and vlan20.
Step 6: Check whether SwitchB and SwitchC could create vlans.
By www.ccieuniversity.com
Lab Purpose:
Observed STP working principal, learn how to change STP common
parameters such as STP priority, STP interface cost, STP interface
priority.
Learn how to modify a switch to a primary root or a secondary root.
Learn how to enable rapid STP.
Lab Requirement: SW1 should become the primary rootSW2 will be the
secondary root.
Modify SW3 Fa0/24 interface priority to 64.
Modify SW3 and SW4 Fa0/20 interface cost to 5.
Lab Steps:
Step 1: Use "show spanning-tree" command to see the default
PVST+(Per Vlan Spanning Tree)
Step 2: enable or disable STP for specific vlan.
Switch(config)#spanning-tree vlan 2 //enable STP for vlan2,the
default is enable.
Switch(config)#no spanning-tree vlan 2 //disable STP for vlan2
Step 3: Modify STP priority to make SW1 be primary rootSW2 be
secondary root.
SW1(config)#spanning-tree vlan 1 priority 24576
SW2(config)#spanning-tree vlan 1 priority 28672
Tips: Switch STP priority must be multiple of 4096
Also you could use the following command to decide who is
primary root and who is secondary root.
SW1(config)#spanning-tree vlan 1 root primary
Tips: Sw1 will set it's STP priority lower than all others' in the network.
www.ccieuniversity.com
SW2(config)#spanning-tree vlan 1 root secondary
Tips: Sw2 will set it's STP priority only higher than SW1 and lower than all others in the
network.
Step 4: Modify SW3 Fa0/24 STP priority to 64
SW3(config)#int fa0/24
SW3(config-if)#spanning-tree vlan 1 port-priority 64
Tips: STP interface priority should be multiple of 16
Step 5: Modify SW3SW4 Fa0/20 cost to 5
SW3(config)#int fa0/20
SW3(config-if)#spanning-tree vlan 1 cost 5
SW4(config)#int fa0/20
SW4(config-if)#spanning-tree vlan 1 cost 5
Step 6: enable rapid STP.
SW1(config)#spanning-tree mode rapid-pvst
SW2(config)#spanning-tree mode rapid-pvst
SW3(config)#spanning-tree mode rapid-pvst
SW4(config)#spanning-tree mode rapid-pvst
By www.ccieuniversity.com
www.ccieuniversity.com
R1(config)#ip default-gateway 192.168.1.1 //set default
gateway
R1(config)#int fa0/0
R1(config-if)#ip add 192.168.1.2 255.255.255.0
R1(config-if)#no shutdown
R2(config)#no ip routing
R2(config)#ip default-gateway 192.168.2.1
R2(config)#int fa0/0
R2(config-if)#ip add 192.168.2.2 255.255.255.0
R2(config-if)#no shutdown
Step 2: Create and assign vlans on SW1.
SW1#conf t
SW1(config)#vlan 5
SW1(config-vlan)#exit
SW1(config)#vlan 10
SW1(config-vlan)#exit
SW1(config)#int fa1/5
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 5 SW1(config-if)#exit
SW1(config)#int fa1/10
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10 SW1(configif)#exit
Step 3: Create trunk between SW1 and R3.
SW1(config)#int fa1/2
SW1(config-if)#switchport mod trunk
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#no shutdown
SW1(config-if)#exit
Step 4: Encapsulate vlans on R3.
R3(config)#ip routing
R3(config)#int fa0/0
R3(config-if)#no shutdown
R3(config)#int fa0/0.5
R3(config-subif)#encapsulation dot1q 5
R3(config-subif)#ip add 192.168.1.1 255.255.255.0
R3(config-subif)#no shutdown
R3(config-subif)#exit
R3(config)#int fa0/0.10
R3(config-subif)#encapsulation dot1q 10
R3(config-subif)#ip add 192.168.2.1 255.255.255.0
R3(config-subif)#no shutdown
R3(config-subif)#exit
Step 5: Ping between R1 and R2 to make sure the router on a stick is
working properly.
By www.ccieuniversity.com
www.ccieuniversity.com
www.ccieuniversity.com
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R2(config)#int s0
R2(config-if)#encapsulation frame-relay ietf
R2(config-if)#frame-relay lmi-type ansi
R2(config-if)#ip add 10.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R3(config)#int s0
R3(config-if)#encapsulation frame-relay ietf
R3(config-if)#frame-relay lmi-type ansi
R3(config-if)#ip add 10.1.1.3 255.255.255.0
R3(config-if)#no shutdown
Step 3:ping between clients to check the FR connectivity.
By www.ccieuniversity.com
create static IP
www.ccieuniversity.com
R1(config-if)#frame-relay
R2(config)#int s0
R2(config-if)#frame-relay
R2(config-if)#frame-relay
R3(config)#int s0
R3(config-if)#frame-relay
R3(config-if)#frame-relay
www.ccieuniversity.com
www.ccieuniversity.com
Frame-Relay Point to Point Sub-interface Configuration Lab
Topology
www.ccieuniversity.com
Frame-Relay Multi-Point Sub-interface Configuration Lab
Topology
www.ccieuniversity.com
Lab Purpose: Master ppp one way authentication configuration for pap.
Lab Requirement: R2 is the ppp authentication server, R1 and R3 are
clients.
Lab Steps:
Step 1: PPP sever configuration on R2.
R2(config)#username R1 password cisco
R2(config)#username R3 password cisco
R2(config)#int s1
R2(config-if)#encapsulation ppp
R2(config-if)ppp authentication pap
R2(config)#int s0
R2(config-if)#encapsulation ppp
R2(config-if)# ppp authentication pap
Step 2: PPP client configuration on R1 and R3.
R1(config)#int s0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp pap send-username R1 password cisco
R3(config)#int s1
R3(config-if)#encapsulation ppp
R3(config-if)# ppp pap send-username R3 password cisco
By www.ccieuniversity.com
www.ccieuniversity.com
PPP CHAP Authentication Basic Lab Configuration
Topology
Lab Purpose: Master ppp one way authentication configuration for pap.
Lab Steps: Enable ppp chap authentication on all routers interfaces.
R1(config)#username R2 password www.ccieuniversity.com
R1(config)#int s0
R1(config-if)#encapsulation ppp
R1(config-if)# ppp authentication chap
R2(config)#username R1 password www.ccieuniversity.com
R2(config)#username R3 password www.ccieuniversity.com
R2(config)#int s0
R2(config-if)#encapsulation ppp
R2(config-if)# ppp authentication chap
R2(config)#int s1
R2(config-if)#encapsulation ppp
R2(config-if)# ppp authentication chap
R3(config)#username R2 password www.ccieuniversity.com
R3(config)#int s1
R3(config-if)#encapsulation ppp
R3(config-if)# ppp authentication chap
By www.ccieuniversity.com
www.ccieuniversity.com
Step 1: Finish the basic IP configuration according to the diagram,
and test connectivity.
Step 2: Add a default route on router NAT.
NAT(config)#ip route 0.0.0.0 0.0.0.0 200.200.100.2
Step 3: Create static translation for host 192.168.1.2 and
192.168.1.5
NAT(config)#ip nat inside source static 192.168.1.2 200.200.100.129
NAT(config)#ip nat inside source static 192.168.1.5 200.200.100.130
Step 4: Create dynamic translation for network 192.168.1.0/24
NAT(config)#access-list 1 permit 192.168.1.0 0.0.0.255
NAT(config)#ip nat pool public 200.200.100.129 200.200.100.254
netmask 255.255.255.128
NAT(cinfig)#ip nat inside source list 1 pool public
Step 5: Assign inside and outside interface for router NAT.
NAT(config)#int f0/0
NAT(config-if)#ip nat inside
NAT(config)#int s0/0
NAT(config-if)#ip nat outside
By www.ccieuniversity.com
www.ccieuniversity.com
Basic Extended ACL Configuration Lab
Topology
www.ccieuniversity.com
Named Extended ACL Configuration Lab
Topology
www.ccieuniversity.com
ACL Working on VTY Line Configuration Lab
Topology
www.ccieuniversity.com
R1(config-if)#exit
R1(config)#interface s1/1
R1(config-if)#ipv6 address 2001:aaaa:2::1/64
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown
R1(config-if)#end
R2(config)#interface s1/0
R2(config-if)#ipv6 address 2001:aaaa:2::1/64
R2(config-if)#clock rate 64000
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface lo0
R2(config-if)#ipv6 address 2001:aaaa:3::1/64
R2(config-if)#end
Step 2: Enable IPV6 routing on R1 and R2.
R1#conf t
R1(config)#ipv6 unicast-routing
R2#conf t
R2(config)#ipv6 unicast-routing
Step 3: Add static IPV6 route on R1 and R2.
R1(config)#ipv6 route 2001:aaaa:3::/64 s1/1
R2(config)#ipv6 route 2001:aaaa:1::/64 s1/0
By www.ccieuniversity.com