Académique Documents
Professionnel Documents
Culture Documents
6.0 Bridging
Instructor Lab Manual
Topology
Addressing Table
Objectives
Part 1: Identify the Problem
Part 2: Implement Network Changes
Part 3: Verify Full Functionality
Part 4: Document Findings and Configuration Changes
Background / Scenario
In this lab, the company that you work for is experiencing problems with their Local Area Network (LAN). You
have been asked to troubleshoot and resolve the network issues. In Part 1, you will connect to devices on the
LAN and use troubleshooting tools to identify the network issues, establish a theory of probable cause, and
test that theory. In Part 2, you will establish a plan of action to resolve and implement a solution. In Part 3, you
will verify full functionality has been restored. Part 4 provides space for you to document your troubleshooting
findings along with the configuration changes that you made to the LAN devices.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions may be used.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 19
Lab - Troubleshooting Connectivity Issues
Depending on the model and Cisco IOS version, the commands available and the output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Required Resources
• 2 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• 1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
• 1 PC (Windows 7 or 8 with terminal emulation program, such as Tera Term)
• Ethernet and Serial cables as shown in the topology
Troubleshooting Configurations
The following settings must be configured on the devices shown in the topology. Paste the configurations onto
the specified devices prior to starting the lab.
PC:
IP Address: 192.168.1.10
Subnet Mask: 255.255.255.0
Default Gateway: (leave blank)
Instructor: You may choose to configure the PC settings; otherwise, student will know that the missing
default gateway setting is a problem.
S1:
no ip domain-lookup
hostname S1
ip domain-name ccna-lab.com
username admin01 privilege 15 secret cisco12345
interface FastEthernet0/1
shutdown
interface FastEthernet0/2
shutdown
interface FastEthernet0/3
shutdown
interface FastEthernet0/4
shutdown
interface FastEthernet0/5
duplex full
interface Vlan1
ip address 192.168.1.2 255.255.255.0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
crypto key generate rsa general-keys modulus 1024
end
R1:
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 19
Lab - Troubleshooting Connectivity Issues
hostname R1
no ip domain-lookup
ip domain-name ccna-lab.com
username admin01 privilege 15 secret cisco12345
interface GigabitEthernet0/0
shutdown
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex half
speed auto
no shutdown
interface Serial0/0/0
ip address 10.1.2.1 255.255.255.252
no shutdown
interface Serial0/0/1
no ip address
shutdown
line vty 0 4
login local
transport input ssh
crypto key generate rsa general-keys modulus 1024
end
ISP:
hostname ISP
no ip domain-lookup
interface Serial0/0/0
ip address 10.1.1.2 255.255.255.252
no shut
interface Lo0
ip address 209.165.200.226 255.255.255.255
ip route 0.0.0.0 0.0.0.0 10.1.1.1
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 19
Lab - Troubleshooting Connectivity Issues
b. Use the ipconfig command to determine the network settings on the PC.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 19
Lab - Troubleshooting Connectivity Issues
a. SSH to S1 using its IP Address of 192.168.1.2 and log into the switch using admin01 for the user name
and cisco12345 for the password.
b. Issue the terminal monitor command on S1 to allow log messages to be sent to the VTY line of your
SSH session. After a few seconds you notice the following error message being displayed in your SSH
window.
S1# terminal monitor
S1#
*Mar 1 02:08:11.338: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on
FastEthernet0/5 (not half duplex), with R1.ccna-lab.com GigabitEthernet0/1
(half duplex).
S1#
c. On S1, issue the show interface f0/5 command to view the duplex setting of the interface.
S1# show interface f0/5
FastEthernet0/5 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0cd9.96e8.8a05 (bia 0cd9.96e8.8a05)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:35, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
849 packets input, 104642 bytes, 0 no buffer
Received 123 broadcasts (122 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 19
Lab - Troubleshooting Connectivity Issues
b. Issue the terminal monitor command on R1 to allow log messages to be sent to the VTY line of your
SSH session for R1. After a few seconds the duplex mismatch message appears on R1’s SSH session.
R1# terminal monitor
R1#
*Nov 23 16:12:36.623: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on
GigabitEthernet0/1 (not full duplex), with S1.ccna-lab.com FastEthernet0/5 (full
duplex).
R1#
c. Issue the show interface G0/1 command on R1 to display the duplex setting.
R1# show interfaces g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is d48c.b5ce.a0c1 (bia d48c.b5ce.a0c1)
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half Duplex, 100Mbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 19
Lab - Troubleshooting Connectivity Issues
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 19
Lab - Troubleshooting Connectivity Issues
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 19
Lab - Troubleshooting Connectivity Issues
Step 2: Set the duplex setting for interface G0/1 on R1 to full duplex.
R1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
*Nov 23 17:23:36.879: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on
GigabitEthernet0/1 (not full duplex), with S1.ccna-lab.com FastEthernet0/5
(full duplex).
R1(config)#
R1(config)# interface g0/1
R1(config-if)# duplex full
R1(config-if)# exit
*Nov 23 17:24:08.039: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to
down
R1(config)#
*Nov 23 17:24:10.363: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to
up
*Nov 23 17:24:10.459: %SYS-5-CONFIG_I: Configured from console by console
R1(config)#
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 19
Lab - Troubleshooting Connectivity Issues
Step 4: Configure the Gateway of last resort on R1 with a 10.1.1.2 default route.
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2
R1(config)# end
Step 1: Verify that all interfaces and routes have been set correctly and that routing has been
restored on R1.
a. Issue the show ip route command to verify that the default gateway has been set correctly.
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 19
Lab - Troubleshooting Connectivity Issues
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 19
Lab - Troubleshooting Connectivity Issues
b. Issue the ping 209.165.200.226 command from the CMD window on the PC
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 19
Lab - Troubleshooting Connectivity Issues
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Documentation will vary but should include the date when troubleshooting was conducted, devices that were
tested, commands used along with the output generated by those commands, issues found, and configuration
changes made to resolve those issues.
Reflection
This lab had you troubleshoot all devices before making any changes. Is there another way to apply the
troubleshooting methodology?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers may vary. Another way the troubleshooting methodology could be applied would be to complete all 6
steps on a device before moving on to another device. e.g. After you determined that the default gateway was
not set on the PC, you would add the default gateway setting and verify functionality. If network issues still
exist, you would then move on to the next device, S1 in this example. When the troubleshooting process had
been completed on S1 and issues still exist, you would then move on to R1. This process would continue until
full network functionality was achieved.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 19
Lab - Troubleshooting Connectivity Issues
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
(F0/0) (F0/1)
2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
2900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Router R1
R1# show run
Building configuration...
Current configuration : 1531 bytes
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 15
!
no ip domain lookup
ip domain name ccna-lab.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 14 of 19
Lab - Troubleshooting Connectivity Issues
!
cts logging verbose
!
username admin01 privilege 15 secret 9
$9$8a4jGjbPPpeeoE$WyPsIiOaYT4ATlJzrR6T9E6vIdESOGF.NYX53arPmtA
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex full
speed auto
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 15 of 19
Lab - Troubleshooting Connectivity Issues
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end
Switch S1
S1# show run
Building configuration...
Current configuration : 1585 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
username admin01 privilege 15 secret 9
$9$lJgfiLCHj.Xp/q$hA2w.oyQPTMhBGPeR.FZo3NZRJ9T1FdqvgRCFyBYnNs
no aaa new-model
system mtu routing 1500
!
no ip domain-lookup
ip domain-name ccna-lab.com
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
shutdown
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 19
Lab - Troubleshooting Connectivity Issues
duplex full
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip http server
ip http secure-server
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 17 of 19
Lab - Troubleshooting Connectivity Issues
!
line con 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
end
Router ISP
ISP# show run
Building configuration...
Current configuration : 1390 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 15
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 209.165.200.226 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 18 of 19
Lab - Troubleshooting Connectivity Issues
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.1.1.2 255.255.255.252
!
interface Serial0/0/1
no ip address
shutdown
clock rate 125000
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 19 of 19
Lab - Configure CDP and LLDP (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Objectives
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Network Discovery with CDP
Part 3: Network Discovery with LLDP
Background / Scenario
Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol for network discovery on the data link layer. It
can share information such as device names and IOS versions, with other physically connected Cisco
devices. Link Layer Discovery Protocol (LLDP) is vendor-neutral protocol using on the data link layer for
network discovery. It is mainly used with network devices in the local area network (LAN). The network
devices advertise information, such as their identities and capabilities to their neighbors.
In this lab, you must document the ports that are connected to other switches using CDP and LLDP. You will
document your findings in a network topology diagram. You will also enable or disable these discovery
protocols as necessary.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 20
Lab – Configure CDP and LLDP
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and the output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
• 1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• 3 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet cables as shown in the topology
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 20
Lab – Configure CDP and LLDP
Gateway:
hostname Gateway
no ip domain lookup
interface GigabitEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside
no shutdown
interface Serial0/0/1
ip address 209.165.200.226 255.255.255.252
ip nat outside
no shutdown
ip nat inside source list 1 interface Serial0/0/1 overload
access-list 1 permit 192.168.1.0 0.0.0.255
d. Save the running configuration to the startup configuration file.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 20
Lab – Configure CDP and LLDP
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial0/0/0 is administratively down, line protocol is down
Encapsulation HDLC
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial0/0/1 is up, line protocol is up
Encapsulation HDLC
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Version :
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M2,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 06-Feb-15 17:01 by prod_rel_team
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 20
Lab – Configure CDP and LLDP
advertisement version: 2
Management address(es):
IP address: 209.165.200.225
-------------------------
Device ID: S3
Entry address(es):
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): FastEthernet0/5
Holdtime : 158 sec
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7,
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 23-Oct-14 14:49 by prod_rel_team
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27,
value=00000000FFFFFFFF010221FF0000000000000CD996E87400FF0000
VTP Management Domain: ''
Native VLAN: 1
Duplex: full
e. What can you learn about ISP and S3 from the outputs of the show cdp neighbors detail command?
____________________________________________________________________________________
____________________________________________________________________________________
The output displays the IOS version, device model, and the IP Address on S0/0/1 interface for ISP. On
S3, the output shows information, such as the IOS version, VTP management domain, and native VLAN,
duplex.
f. Configure the SVI on S3. Use an available IP address in 192.168.1.0 / 24 network. Configure
192.168.1.254 as the default gateway.
S3(config)# interface vlan 1
S3(config-if)# ip address 192.168.1.3 255.255.255.0
S3(config-if)# no shutdown
S3(config-if)# exit
S3(config)# ip default-gateway 192.168.1.254
g. Issue the show cdp neighbors detail command on Gateway. What additional information is available?
____________________________________________________________________________________
The output includes the IP address for SVI on S3 that was just configured.
Gateway# show cdp neighbors detail | begin S3
Device ID: S3
Entry address(es):
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 20
Lab – Configure CDP and LLDP
IP address: 192.168.1.3
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): FastEthernet0/5
Holdtime : 163 sec
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7,
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 23-Oct-14 14:49 by prod_rel_team
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27,
value=00000000FFFFFFFF010221FF0000000000000CD996E87400FF0000
VTP Management Domain: ''
Native VLAN: 1
Duplex: full
Management address(es):
IP address: 192.168.1.3
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 20
Lab – Configure CDP and LLDP
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 20
Lab – Configure CDP and LLDP
System Description:
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 20
Lab – Configure CDP and LLDP
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 20
Lab – Configure CDP and LLDP
Reflection
Within a network, on which interfaces should you not use discovery protocols? Explain.
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Discovery protocols should not be used on interfaces that are facing the external networks because these
protocols provide insights about the internal network. This information allows attackers to gain valuable
information about the internal network and exploit the network.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 20
Lab – Configure CDP and LLDP
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
(F0/0) (F0/1)
2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
2900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Router ISP
ISP# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 20
Lab – Configure CDP and LLDP
!
cts logging verbose
!
redundancy
!
lldp run
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
ip address 209.165.200.225 255.255.255.252
clock rate 125000
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 20
Lab – Configure CDP and LLDP
!
scheduler allocate 20000 1000
!
end
Router Gateway
Gateway# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 20
Lab – Configure CDP and LLDP
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 125000
!
interface Serial0/0/1
ip address 209.165.200.226 255.255.255.252
ip nat outside
ip virtual-reassembly in
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Serial0/0/1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
Switch S1
S1# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 14 of 20
Lab – Configure CDP and LLDP
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
lldp run
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 15 of 20
Lab – Configure CDP and LLDP
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
ip http server
ip http secure-server
!
line con 0
line vty 5 15
!
end
Switch S2
S2# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 20
Lab – Configure CDP and LLDP
!
no aaa new-model
system mtu routing 1500
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
lldp run
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 17 of 20
Lab – Configure CDP and LLDP
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
ip http server
ip http secure-server
!
line con 0
line vty 5 15
!
end
Switch S3
S3# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 18 of 20
Lab – Configure CDP and LLDP
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 19 of 20
Lab – Configure CDP and LLDP
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
ip http server
ip http secure-server
!
line con 0
line vty 5 15
!
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 20 of 20
Lab - Configure Extended VLANs, VTP and DTP (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Objectives
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Use Dynamic Trunking Protocol (DTP) to Form Trunk Links
Part 3: Configure VLAN Trunking Protocol (VTP)
Part 4: Create extended VLAN
Background / Scenario
In this lab you will configure a switched environment where trunks are negotiated and formed via DTP, and
VLAN information is propagated automatically through a VTP domain. You will create an extended VLAN and
to add it to the VTP domain.
Scalability and management are two critical considerations when creating a large network. VTP and DTP are
protocols that improve management and scalability. Extended VLANs enable better scalability in large
environments by extending the number of VLANs that can be configured in a switch. VLAN Trunking Protocol
(VTP) allows the switches to automatically communicate VLAN information, improving management and
scalability. Dynamic Trunking Protocol (DTP) allows the switches to automatically negotiate and establish
trunk links. DTP also improves scalability.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
• 3 Switches (Cisco Catalyst 2960)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet cables as shown in the topology
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 14
Lab – Configure Extended VLANs, VTP and DTP
e. Disable DNS lookup to prevent the switches from attempting to translate incorrectly entered commands
as though they were host names.
f. Configure the hostnames according to the topology.
g. Save the running configuration to the startup configuration file.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 14
Lab – Configure Extended VLANs, VTP and DTP
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
What portion of the output above shows the DTP configuration of AS1 port F0/1?
____________________________________________________________________________________
The third line, Administrative Mode: dynamic auto
What portion of the output above shows the current status of AS1 port F0/1?
____________________________________________________________________________________
The fourth line, Operational Mode: trunk.
If AS1 F0/1 was not configured as DTP auto, what commands should be used to do so?
____________________________________________________________________________________
____________________________________________________________________________________
AS1(config)# int F0/1
AS1(config-if)# swtichport mode dynamic auto
c. Similarly, verify and configure AS2 port F0/3 as DTP auto if it is not already configured as such:
AS2(config)# interface range F0/3
AS2(config-if-range)# switchport mode dynamic auto
AS2# show interfaces F0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
<output omitted>
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 14
Lab – Configure Extended VLANs, VTP and DTP
d. Verify the domain was properly created with show vtp status:
DS1# show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : CCNA-LAB
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 001e.4914.6980
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
Configuration Revision : 0
MD5 digest : 0xFE 0x1A 0x4F 0xF2 0xF3 0x21 0x57 0xC5
0x01 0xDC 0x3C 0x4A 0xB1 0xCB 0x4A 0x54
Based on the output above, what is the revision number of the CCNA-LAB domain? What does that
mean?
____________________________________________________________________________________
____________________________________________________________________________________
Based on the output above, the revision number is 0. This means that if another VTP server is added to
the domain (with correct domain name and password) and this new server has a higher revision number,
its VLAN configuration will overwrite the current domain configuration.
What portion of the output above indicates a VTP password has been configured for the domain?
____________________________________________________________________________________
____________________________________________________________________________________
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 14
Lab – Configure Extended VLANs, VTP and DTP
The MD5 hash field. In the case above, 0xFE 0x1A 0x4F 0xF2 0xF3 0x21 0x57 0xC5 0x01 0xDC 0x3C
0x4A 0xB1 0xCB 0x4A 0x54 represents the domain password.
e. Use DS1, the VTP server, to add five VLANs to domain:
DS1(config)# vlan 10
DS1(config-vlan)# vlan 20
DS1(config-vlan)# vlan 30
DS1(config-vlan)# vlan 40
DS1(config-vlan)# vlan 100
DS1(config-vlan)# end
DS1#
f. Add the access layer switches AS1 and AS2 to the domain as VTP clients:
Note: It is important to set a new switch to VTP client before adding it to an existing domain. If the new
switch contains any leftover VTP configuration, setting it as VTP client minimizes the risk of the new
switch modifying the VLANs already present in the domain.
AS1(config)# vtp mode client
Setting device to VTP Client mode for VLANS.
AS1(config)# vtp domain CCNA-LAB
Changing VTP domain name from NULL to CCNA-LAB
AS1(config)#
*Mar 1 01:36:06.161: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to CCNA-
LAB.vtp pass
AS1(config)# vtp password cisco12345
Setting device VTP password to cisco12345
AS1(config)# end
g. Verify that AS1 has learned the VLANs added to the domain by DS1:
AS1# show vlan
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 14
Lab – Configure Extended VLANs, VTP and DTP
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
h. Verify that AS2 has learned the VLANs added to the domain by DS1:
AS2# show vlan
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 14
Lab – Configure Extended VLANs, VTP and DTP
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Feature VLAN:
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 14
Lab – Configure Extended VLANs, VTP and DTP
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 255
Number of existing VLANs : 10
Configuration Revision : 0
MD5 digest : 0x38 0x18 0xBA 0x48 0x7F 0x7B 0x4C 0xBB
0x03 0x52 0x07 0x2B 0x33 0xC1 0xC9 0xE6
<output omitted>
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 14
Lab – Configure Extended VLANs, VTP and DTP
No.AS1 is in transparent mode and as such, it doesn’t make changes to the VTP domain. However, even
if AS1 was configured to VTP server, DS1, AS1 and AS2 are members of a VTP version 1 domain; VTP
version 1 doesn’t support extended VLANs.
f. For verification purposes only, attempt to change AS1 from VTP transparent mode to VTP server mode:
AS1(config)# vtp mode server
Device mode cannot be VTP Server for VLANS because extended VLAN(s) exist
AS1(config)#
As expected, AS1 can not be made a VTP version 1 server while it hosts extended VLANs.
What is the solution if the network design requires extended VLANs to be added to a VTP domain?
____________________________________________________________________________________
VTP version 3 should be deployed. VTP version 3 adds support to extended VLANs.
Switch DS1
DS1# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 14
Lab – Configure Extended VLANs, VTP and DTP
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 14
Lab – Configure Extended VLANs, VTP and DTP
!
ip http server
ip http secure-server
!
line con 0
line vty 5 15
!
end
Switch AS1
AS1# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 14
Lab – Configure Extended VLANs, VTP and DTP
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
ip http server
ip http secure-server
!
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 14
Lab – Configure Extended VLANs, VTP and DTP
!
line con 0
line vty 5 15
!
end
Switch AS2
AS2#show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 14
Lab – Configure Extended VLANs, VTP and DTP
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
ip http server
ip http secure-server
!
line con 0
line vty 5 15
!
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 14 of 14
Lab - Configuring HSRP (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 18
Lab – Configuring HSRP
Addressing Table
Objectives
Part 1: Build the Network and Verify Connectivity
Part 2: Configure First Hop Redundancy using HSRP
Background / Scenario
Spanning tree provides loop-free redundancy between switches within a LAN. However, it does not provide
redundant default gateways for end-user devices within the network if one of the routers fails. First Hop
Redundancy Protocols (FHRPs) provide redundant default gateways for end devices with no end-user
configuration necessary. In this lab, you will configure Cisco’s Hot Standby Routing Protocol (HSRP), a First
Hop Redundancy Protocol (FHRP).
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
• 3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• 2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
• 2 PCs (Windows 8, 7, or Vista with terminal emulation program, such as Tera Term)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet and serial cables as shown in the topology
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 18
Lab – Configuring HSRP
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 18
Lab – Configuring HSRP
Step 1: Determine the path for Internet traffic for PC-A and PC-C.
a. From a command prompt on PC-A, issue a tracert command to the 209.165.200.225 loopback address
of R2.
C:\ tracert 209.165.200.225
Tracing route to 209.165.200.225 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 192.168.1.1
2 13 ms 13 ms 13 ms 209.165.200.225
Trace complete.
What path did the packets take from PC-A to 209.165.200.225?
______________________________________ PC-A to R1 to R2
b. From a command prompt on PC-C, issue a tracert command to the 209.165.200.225 loopback address
of R2.
What path did the packets take from PC-C to 209.165.200.225?
______________________________________ PC-C to R3 to R2
Step 2: Start a ping session on PC-A, and break the connection between S1 and R1.
a. From a command prompt on PC-A, issue a ping –t command to the 209.165.200.225 address on R2.
Make sure you leave the command prompt window open.
Note: The pings continue until you press Ctrl+C, or until you close the command prompt window.
C:\ ping –t 209.165.200.225
Pinging 209.165.200.225 with 32 bytes of data:
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 18
Lab – Configuring HSRP
<output omitted>
b. As the ping continues, disconnect the Ethernet cable from F0/5 on S1. You can also shut down the S1
F0/5 interface, which creates the same result.
What happened to the ping traffic?
____________________________________________________________________________________
After the cable was disconnected from F0/5 on S1 (or the interface was shut down), pings failed. Sample
output is below.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
<output omitted>
c. Would be the results if you repeat Steps 2a and 2b on PC-C and S3?
____________________________________________________________________________________
The results were the same as on PC-A. After the Ethernet cable was disconnected from F0/5 on S3, the
pings failed.
d. Reconnect the Ethernet cables to F0/5 or enable the F0/5 interface on both S1 and S3, respectively. Re-
issue pings to 209.165.200.225 from both PC-A and PC-C to make sure connectivity is re-established.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 18
Lab – Configuring HSRP
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 18
Lab – Configuring HSRP
f. Verify the new settings. Issue a ping from both PC-A and PC-C to the loopback address of R2. Are the
pings successful? __________ Yes
Step 4: Start a ping session on PC-A and break the connection between the switch that is
connected to the Active HSRP router (R1).
a. From a command prompt on PC-A, issue a ping –t command to the 209.165.200.225 address on R2.
Ensure that you leave the command prompt window open.
b. As the ping continues, disconnect the Ethernet cable from F0/5 on S1 or shut down the F0/5 interface.
What happened to the ping traffic?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
A few packets may be dropped while the Standby router takes over. Sample output is shown below:
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
Request timed out.
Request timed out.
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
<output Omitted>
Reflection
Why would there be a need for redundancy in a LAN?
_______________________________________________________________________________________
_______________________________________________________________________________________
In today’s networks, down time can be a critical issue affecting sales, productivity, and general connectivity
(IP Telephony phones for example).
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 18
Lab – Configuring HSRP
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
(F0/0) (F0/1)
2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
2900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router R1
R1# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 18
Lab – Configuring HSRP
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
standby version 2
standby 1 ip 192.168.1.254
standby 1 priority 150
standby 1 preempt
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
clock rate 128000
!
interface Serial0/0/1
no ip address
shutdown
!
!
router rip
network 10.1.1.0
network 192.168.1.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 18
Lab – Configuring HSRP
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input all
!
scheduler allocate 20000 1000
!
end
Router R2
R2# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 18
Lab – Configuring HSRP
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.1.1.2 255.255.255.252
!
interface Serial0/0/1
ip address 10.2.2.2 255.255.255.252
clock rate 128000
!
!
router rip
network 10.1.1.0
network 10.2.2.0
default-information originate
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Loopback1
!
!
control-plane
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 18
Lab – Configuring HSRP
Router R3
R3# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 18
Lab – Configuring HSRP
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
ip address 10.2.2.1 255.255.255.252
!
!
router rip
network 10.2.2.0
network 192.168.1.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input all
!
scheduler allocate 20000 1000
!
end
Switch S1
S1# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 18
Lab – Configuring HSRP
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 14 of 18
Lab – Configuring HSRP
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.11 255.255.255.0
!
ip default-gateway 192.168.1.254
ip http server
ip http secure-server
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 15 of 18
Lab – Configuring HSRP
password cisco
login
line vty 5 15
password cisco
login
!
end
Switch S3
S3# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 18
Lab – Configuring HSRP
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 17 of 18
Lab – Configuring HSRP
!
interface Vlan1
ip address 192.168.1.13 255.255.255.0
!
ip default-gateway 192.168.1.254
ip http server
ip http secure-server
!
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 18 of 18
Lab – Troubleshoot PPPoE (Instructor Version)
Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Cust1 G0/1 Learned via PPP Learned via PPP Learned via PPP
ISP G0/1 N/A N/A N/A
Objectives
Part 1: Build the Network
Part 2: Troubleshoot PPPoE on Cust1
Background / Scenario
ISPs sometimes use Point-to-Point Protocol over Ethernet (PPPoE) on DSL links to their customers. PPP
supports the assignment of IP address information to a device at the remote end of a PPP link. More
importantly, PPP supports CHAP authentication. ISPs can check accounting records to see if a customer’s bill
has been paid, before letting them connect to the Internet.
In this lab, you will troubleshoot the Cust1 router for PPPoE configuration problems.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Ensure that the routers and switches have been erased and have no startup configurations. If you are
unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
• 2 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• 2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
• Console cables to configure the Cisco IOS devices via the console ports
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 11
Lab – Troubleshoot PPPoE
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 11
Lab – Troubleshoot PPPoE
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 11
Lab – Troubleshoot PPPoE
Step 1: Verify that IPv4 Address is assigned to the Cust1 Dialer interface.
The Dialer virtual interface did not receive an IP address.
Cust1# show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet0/1 unassigned YES unset up up
Serial0/0/0 unassigned YES unset administratively down down
Serial0/0/1 unassigned YES unset administratively down down
Dialer1 unassigned YES IPCP up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset down down
Step 3: Verify that the PPPoE username and password matches what was given by the ISP.
a. Display the running configuration; apply a filter to display only the Dialer section. Verify that the username
and password matches what was provided by the ISP.
Cust1# show run | section Dialer
interface Dialer1
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 11
Lab – Troubleshoot PPPoE
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname Cust1
ppp chap password 0 ciscoppp
ip route 0.0.0.0 0.0.0.0 Dialer1
b. The problem appears to be with the password. Enter Global configuration mode and fix the ppp
password.
Cust1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cust1(config)# interface Dialer1
Cust1(config-if)# ppp chap password 0 ciscopppoe
Cust1(config-if)# end
Cust1#
*Nov 5 23:42:07.343: %SYS-5-CONFIG_I: Configured from console by console
Cust1#
*Nov 5 23:42:25.039: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Nov 5 23:42:25.043: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
Cust1#
*Nov 5 23:42:25.063: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2,
changed state to up
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 11
Lab – Troubleshoot PPPoE
Reflection
Explain why the TCP segment size needs to be adjusted for PPPoE.
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 11
Lab – Troubleshoot PPPoE
Answers will vary. The default segment size for Ethernet is 1500. The header information takes up 40 bytes of
the segment, leaving 1460 bytes for payload (data). PPPoE requires an additional 8 bytes for its header, so
the payload needs to be reduced by 8 bytes to accommodate for the PPPoE header, bringing the optimum
maximum segment size down to 1452 bytes.
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
(F0/0) (F0/1)
2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
2900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router Cust1
Cust1# show run
Building configuration...
Current configuration : 1433 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cust1
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
!
no ip domain lookup
ip cef
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 11
Lab – Troubleshoot PPPoE
no ipv6 cef
multilink bundle-name authenticated
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
!
interface Dialer1
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname Cust1
ppp chap password 0 ciscopppoe
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
control-plane
!
banner motd ^C
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 11
Lab – Troubleshoot PPPoE
Router ISP
ISP# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 11
Lab – Troubleshoot PPPoE
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 11
Lab – Troubleshoot PPPoE
!
line con 0
password 7 14141B180F0B
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 05080F1C2243
login
transport input all
!
scheduler allocate 20000 1000
!
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 11
Lab - Configure and Verify eBGP (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Objectives
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure eBGP on R1
Part 3: Verify eBGP Configuration
Background / Scenario
In this lab you will configure eBGP for the Company. The ISP will provide the default route to the Internet.
Once configuration is complete you will use various show commands to verify that the eBGP configuration is
working as expected.
Required Resources
• 3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• Console cables to configure the Cisco IOS devices via the console ports
• Serial cables as shown in the topology
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 10
Lab – Configure and Verify eBGP
Step 1: Enable BGP and identify the AS number for the Company.
R2(config)# router bgp 65000
Step 2: Use the neighbor command to identify ISP-1 as the BGP peer.
R2(config-router)# neighbor 209.165.200.1 remote-as 65001
Step 3: Add the Company’s network to the BGP table so it is advertised to ISP-1.
R2(config-router)# network 198.133.219.0 mask 255.255.255.248
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 10
Lab – Configure and Verify eBGP
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 10
Lab – Configure and Verify eBGP
Reflection
The topology used in this lab was created to demonstrate how to configure the BGP routing protocol.
However, the BGP protocol would not normally be configured for a topology like this in the real world. Why?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers may vary. BGP is normally not needed for a Single-honed network. The ISP would provide a IP
Subnet range of IP addresses for the Company to use for Internet Access and the ISP would be responsible
for routing the Company traffic to R2. So, only the ISP would need to have BGP configured.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 10
Lab – Configure and Verify eBGP
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
(F0/0) (F0/1)
2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
2900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router R1
R1# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 10
Lab – Configure and Verify eBGP
!
cts logging verbose
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 198.133.219.1 255.255.255.248
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 10
Lab – Configure and Verify eBGP
!
end
Router R2
R2# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 10
Lab – Configure and Verify eBGP
Router ISP-1
ISP-1# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 10
Lab – Configure and Verify eBGP
!
no aaa new-model
memory-size iomem 15
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
ip address 209.165.200.1 255.255.255.252
!
router bgp 65001
bgp log-neighbor-changes
network 0.0.0.0
neighbor 209.165.200.2 remote-as 65000
!
ip forward-protocol nd
!
no ip http server
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 10
Lab – Configure and Verify eBGP
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Loopback0
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 10
Lab – Implement Local SPAN (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Objectives
Part 1: Build the Network and Verify Connectivity
Part 2: Configure Local SPAN and Capture Copied Traffic with Wireshark
Background / Scenario
As the network administrator you want to analyze traffic entering and exiting the local network. To do this, you
will set up port mirroring on the switchport connected to the router and mirror all traffic to another switchport.
The goal is to send all mirrored traffic to an intrusion detection system (IDS) for analysis. In this initial
implementation, you will send all mirrored traffic to a PC which will capture the traffic for analysis using a port
sniffing program. To set up port mirroring you will use the Switched Port Analyzer (SPAN) feature on the
Cisco switch. SPAN is a type of port mirroring that sends copies of a frame entering a port, out another port
on the same switch. It is common to find a device running a packet sniffer or Intrusion Detection System (IDS)
connected to the mirrored port.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 12
Lab – Implement Local SPAN
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
• 1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• 2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
• 2 PCs (Windows 8, 7, or Vista with terminal emulation program, such as Tera Term)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet and serial cables as shown in the topology
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 12
Lab – Implement Local SPAN
Part 2: Configure Local SPAN and Capture Copied Traffic with Wireshark
To configure Local SPAN you need to configure one or more source ports called monitored ports and a single
destination port also called a monitored port for copied or mirrored traffic to be sent out of. SPAN source ports
can be configured to monitor traffic in either ingress or egress, or both directions (default).
The SPAN source port will need to be configured on the port that connects to the router on S1 switchport
F0/5. This way all traffic entering or exiting the LAN will be monitored. The SPAN destination port will be
configured on S1 switchport F0/6 which is connected to PC-A running Wireshark.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 12
Lab – Implement Local SPAN
Password:
R1>
b. From privileged mode, ping PC-C, S1 and S3.
R1> enable
Password:
R1# ping 192.168.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1# ping 192.168.1.2
<Output omitted>
R1# ping 192.168.1.3
<Output omitted>
Step 4: Stop the Wireshark Capture on PC-A and Filter for ICMP.
a. Return to PC-A and stop the running Wireshark capture on PC-A.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 12
Lab – Implement Local SPAN
d. Were the pings from R1 to PC-C, S1 and S3 successfully copied and forwarded out f0/6 to PC-A?
________________ Yes
e. Was the traffic monitored and copied in both directions? ________________ Yes
Reflection
In this scenario, instead of using PC-A, and a packet sniffer, would an IDS or an IPS be more appropriate?
_______________________________________________________________________________________
_______________________________________________________________________________________
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 12
Lab – Implement Local SPAN
This scenario is designed for an IDS since copying traffic to a mirrored port is useful for analysis and
detection but not prevention since undesirable traffic is allowed to reach its intended destination.
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
(F0/0) (F0/1)
2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
2900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router R1
R1#show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 12
Lab – Implement Local SPAN
!
no aaa new-model
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1941/K9 sn FTX163283RA
license accept end user agreement
license boot module c1900 technology-package securityk9
!
!
redundancy
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 12
Lab – Implement Local SPAN
!
control-plane
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input telnet
!
scheduler allocate 20000 1000
!
end
Switch S1
S1#show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 12
Lab – Implement Local SPAN
no ip domain-lookup
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 12
Lab – Implement Local SPAN
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
!
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
monitor session 1 source interface Fa0/5
monitor session 1 destination interface Fa0/6
end
Switch S3
S3#show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 12
Lab – Implement Local SPAN
!
hostname S3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$YRtb$6k0fixPDtcRtjKATQH5Op1
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 12
Lab – Implement Local SPAN
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.3 255.255.255.0
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
!
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 12
Lab – Troubleshoot LAN Traffic Using SPAN (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Objectives
Part 1: Build the Network and Verify Connectivity
Part 2: Configure Local SPAN and Capture Copied Traffic with Wireshark
Background / Scenario
As the network administrator you decide to analyze the internal local area network for suspicious network
traffic and possible DoS or reconnaissance attacks. To do this, you will set up port mirroring on all active
switchports and mirror/copy all traffic to a designated switchport where a PC running Wireshark can analyze
the captured traffic. The goal is to identify the source of suspicious traffic. To set up port mirroring you will use
the Switched Port Analyzer (SPAN) feature on the Cisco switch.. It is common to find a device running a
packet sniffer or Intrusion Detection System (IDS) connected to the mirrored port.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
• 1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
• 2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
• 2 PCs (Windows 8, 7, or Vista with a terminal emulation program, such as Tera Term or PuTTY,
Wireshark, and Zenmap)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet and serial cables as shown in the topology
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
Part 2: Configure Local SPAN and Capture Copied Traffic with Wireshark
To configure Local SPAN, you need to configure one or more source ports called monitored ports, and a
single destination port, also called a monitored port, for copied or mirrored traffic to be sent out of. SPAN
source ports can be configured to monitor traffic in either ingress, or egress, or both directions (default).
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
b. The hypothetical attacker can now issue an intense scan on R1 at 192.168.1.1 (nmap –T4 –A –v
192.168.1.1). The scan result identifies an open port 23/Telnet.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
Step 4: From PC-A Stop the Wireshark Capture and Examine the Captured SPAN Packets.
a. Return to PC-A, and stop the Wireshark capture. Notice the non-standard traffic patterns between PC-C
at 192.168.1.10 and R1 at 192.168.1.1. It is filled with Out-Of-Order segments and Connection resets
(RST). This packet capture identifies PC-C as sending suspicious traffic to router R1.
b. The attacker on PC-C knowing that the router has an open port on 23 could attempt an additional brute
force attack or DoS style attack, like a LAND attack. A LAND attack is a TCP SYN packet with the same
source and destination IP address and port number. Using Zenmap, the command nmap –sS
192.168.1.1 –S 192.168.1.1 –p23 –g23 –e eth0 is an example. Notice how the LAND attack sets both the
source and destination IP addresses to 192.168.1.1 and both the source and destination port numbers to
the open port at 23. Although R1 with IOS15 is not vulnerable to this older type of DoS attack, many older
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
systems and servers are still vulnerable. This attack will crash vulnerable systems, by setting them into an
infinite loop.
Reflection
In this scenario, SPAN was used to troubleshoot and identify the source of suspicious activity on the network?
What other troubleshooting scenarios might SPAN be useful for?
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary. Examples: Identifying the source of excessive broadcasts on the network. Identifying hosts
infected with malware that attempt to call out to command and control servers, etc.
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
(F0/0) (F0/1)
2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
2900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router R1
R1#show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$9VIJ$vAdKomdXQ9N4SieMoFxeD1
!
no aaa new-model
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1941/K9 sn FTX163283RA
license accept end user agreement
license boot module c1900 technology-package securityk9
!
!
redundancy
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
!
interface Serial0/0/1
no ip address
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input telnet
!
scheduler allocate 20000 1000
!
end
Switch S1
S1#show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
!
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
monitor session 1 source interface Fa0/4 - 5
monitor session 1 destination interface Fa0/6
end
Switch S3
S3#show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.3 255.255.255.0
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
!
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 13
Lab – Troubleshoot LAN Traffic Using SPAN
login
!
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 13
Lab – Configure IP SLA ICMP Echo (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Objectives
Part 1: Build the Network and Verify Connectivity
Part 2: Configure IP SLA ICMP Echo on R1
Part 3: Test and Monitor the IP SLA Operation
Background / Scenario
An outside vendor has been contracted to provide web services for your company. As the network
administrator, you have been asked to monitor the vendor’s service. You decide to configure IP SLA to help
with that task.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
• 2 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 9
Lab – Configure IP SLA ICMP Echo
• Console cables to configure the Cisco IOS devices via the console ports
• Serial cable as shown in the topology
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 9
Lab – Configure IP SLA ICMP Echo
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 9
Lab – Configure IP SLA ICMP Echo
Step 3: Issue the command used to display the IP SLA operation statistics on R1.
R1# show ip sla statistics
IPSLAs Latest Operation Statistics
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 9
Lab – Configure IP SLA ICMP Echo
The IP SLA configured in Part 2 will run forever. How would you stop the IP SLA from running but still leave
the IP SLA configured to use at a future time?
_______________________________________________________________________________________
R1(config)# no ip sla schedule 22
Reflection
Using the lab’s show ip sla statistics example, what does the failure count indicate about the Web Server?
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
Answers will vary, but this number shows that the IP SLA ICMP Echo operation was not able to reach the
Web Server 10 times since the start of the IP SLA monitoring operation. This can be interpreted that there has
been approximately 3 minutes’ of interruptions in web services since Jan 28, 2016 6:45pm. However, it is not
known if this was one long incident (approximately 3 minutes) or if it was multiple shorter incidents.
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
1900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
(F0/0) (F0/1)
2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(F0/0) (F0/1)
2900 Gigabit Ethernet 0/0 Gigabit Ethernet 0/1 Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
(G0/0) (G0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
Device Configs
Router R1
R1#show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 9
Lab – Configure IP SLA ICMP Echo
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 9
Lab – Configure IP SLA ICMP Echo
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 209.165.200.10
!
ip sla 22
icmp-echo 198.133.219.1
frequency 20
ip sla schedule 22 life forever start-time now
!
control-plane
!
line con 0
password cisco
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input none
!
scheduler allocate 20000 1000
!
end
Router ISP
ISP# show run
Building configuration...
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 9
Lab – Configure IP SLA ICMP Echo
!
!
no aaa new-model
memory-size iomem 15
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 198.133.219.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 209.165.200.10 255.255.255.252
!
interface Serial0/0/1
no ip address
shutdown
clock rate 125000
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 9
Lab – Configure IP SLA ICMP Echo
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 9