LAB MANUAL

For
Computer Network

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

S.No Experiment
Study of different types of Network cables and Practically implement
1 the cross-wired cable and straight through cable using clamping tool.
2 Study of Network Devices in Detail.
3 Study of network IP.
4 Connect the computers in Local Area Network.
Study of basic network command and Network configuration
5 commands.
6 Performing an Initial Switch Configuration.
7 Performing an Initial Router Configuration.
8 Configuring and Trouble shooting a Switched Network.
9 Connecting a Switch.
10 Configuring WEP on a Wireless Router.
11 Using the Cisco IOS Show Commands.
12 Examining WAN Connections.
13 Interpreting Ping and Tracer outer Output.
14 Demonstrating Distribution Layer Functions.
15 Placing ACLs.
16 Exploring Different LAN Switch Options.
17 Implementing an IP Addressing Scheme.
18 Examining Network Address Translation(NAT).
19 Observing Static and Dynamic Routing.
20 Configuring Ethernet and Serial Interfaces.
21 Configuring a Default Route.
22 Configuring Static and Default Routes.
23 Configuring RIP.
24 Planning Network-based Firewalls.
25 Configuring a Cisco Router asa DHCP Server.
 Experiment-1
Aim: Study of different types of Network cables and Practically implement the cross-wired
cable and straight through cable using clamping tool.

Apparatus (Components):-RJ-45connector, Crimping Tool, Twisted pair Cable.

Procedure:-To do these practical following steps should be done:

1. Start by stripping off about 2 inches of the plastic jacket off the end of the cable. Be very
careful at this point, as to not nick or cut into the wires, which are inside. Doing so could
alterthecharacteristicsofyourcable,orevenworserenderisuseless.Checkthewires,onemoretime for
nicks or cuts. If there are any, just whack the whole end off, and start over.

2. Spread the wires apart, but be sure to hold onto the base of the jacket with your other hand.
You do not want the wires to become untwisted down inside the jacket. Category 5 cable must
only have 1/2 of an inch of 'untwisted' wire at the end; otherwise it will be 'out of spec'. At this
point, you obviously have ALOT more than 1/2 of an inch of un-twisted wire.

3. You have 2 end jacks, which must be installed on your cable. If you are using a pre-made
cable, with one of the ends whacked off, you only have one end to install -the crossed over end.
Below are two diagrams, which show how you need to arrange the cables for each type of cable
end. Decide at this point which end you are making and examine the associated picture below.

Diagrams hows you how to prepare Cross wired connection

Diagrams hows you how to prepare straig htt hrough wired connection
 Experiment- 2
Aim:-Study of following Network Devices in Detail.
• Repeater
• Hub
• Switch
• Bridge
• Router
• Gate Way

Apparatus (Software):-No software or hardware needed.

Procedure-: - Following should be done to understand this practical.

1. Repeater:-Functioning at Physical Layer .A Repeater is an electronic device that receives a

signal and retransmits it at a higher level and/or higher power, or onto the other side of an
obstruction, so that the signal can cover longer distances. Repeater have two ports ,so cannot be
use to connect for more than two devices

2. Hub:-An Ethernet hub, active hub, network hub, repeater hub, hub or concentrator
is a device for connecting multiple twisted pair or fiber optic Ethernet devices together and
making them act as a single network segment. Hubs work at the physical layer (layer 1) of the
OSI model. The device is a form of multiport repeater. Repeater hubs also participate in collision
detection, forwarding a jam signal to all ports if it detects a collision.

3. Switch:-A network switch or switching hub is a computer networking device that connects
network segments. The term commonly refers to a network bridge that processes and routes data
at the data link layer (layer 2) of the OSI model. Switches that additionally process data at the
network layer (layer 3 and above) are often referred to as Layer 3 switches or multilayer
switches.

4. Bridge-: A network bridge connects multiple network segments at the data link layer (Layer
2) of the OSI model. In Ethernet networks, the term bridge formally means a device that behaves
according to the IEEE 802.1Dstandard. A bridge and switch are very much a like; a switch being
a bridge with numerous ports. Switch or Layer 2 switch is often used interchangeably with
bridge .Bridges can analyze incoming data packets to determine if the bridge is able to send the
given packet to another segment of the network.

5. Router: A router is an electronic device that interconnects two or more computer networks,
and selectively interchanges packets of data between them. Each data packet contains address
information that a router can use to determine if the source and destination are on the same
network, or if the data packet must be transferred from one network to another. Where multiple
routers are used in a large collection of interconnected networks, the routers exchange
information about target system addresses, so that each router can build up a table showing the
preferred paths between any two systems on the interconnected networks.

6. GateWay:Inacommunicationsnetwork,anetworknodeequippedforinterfacing with
Another network that uses different protocols.
• A gateway may contain devices such as protocol translators, impedance matching
devices, rate converters, fault isolators, or signal translators as necessary to provide
system interoperability. It also requires the establishment of mutually acceptable
administrative procedures between both networks.
• A protocol translation/mapping gateway interconnects networks with different network
protocol technologies by performing the required protocol conversions.
 Experiment- 3
Aim:-Study of network IP.

• Classification of IP address
• Sub netting
• Super netting

Apparatus (Software):-NA

Procedure:-Following is required to be study under this practical.

• Classification of IP address.

As showing figure we teach how the ip addresses are classified and when they are used.

Class Address Range Supports

Class A 1.0.0.1to126.255.255.254 Supports16millionhostsoneachof127networks.
Class B 128.1.0.1to191.255.255.254 Supports65,000hostsoneachof16,000networks.
Class C 192.0.1.1to223.255.254.254 Supports254hostsoneachof2millionnetworks.
Class D 224.0.0.0to239.255.255.255 Reserved for multi cast groups.
Class E 240.0.0.0to254.255.255.254 Reserved.

• Sub netting
Why we Develop sub netting and How to calculate sub net mask and how to identify subnet address.

• Super netting
Why we develop super netting and How to calculate super net mask and how to identify super net
address.
 Experiment-4
Aim:- Connect the computers in Local Area Network.

Procedure:-On the host computer

On the host computer, follow these steps to share the Internet connection:
1. Log on to the host computer as Administrator or as Owner.
2. Click Start, and the click Control Panel.
3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-clicktheconnectionthatyouusetoconnecttotheInternet.Forexample,ifyou connect
totheInternetbyusingamodem,right-clicktheconnectionthatyouwantunderDial-up
/other network available.
6. Click Properties.
7. Click the Advanced tab.

8. Under Internet Connection Sharing, select the Allow other network users to connect
through this computer's Internet connection check box.

9. If you are sharing a dial-up Internet connection, select the Establish a dial-up connection
whenever a computer on my network attempts to access the Internet check box if you
Want to permit your computer to automatically connect to the Internet.

10. Click OK .You receive the following message:

When Internet Connection Sharing is enabled, your LAN adapter will be set to use IP address
192.168.0.1. Your computer may lose connectivity with other computers on your network. If
these other computers have static IP addresses, it is a good idea to set them to obtain their IP
addresses automatically. Are you sure you want to enable Internet Connection Sharing?

11. Click Yes.

The connection of the Internet is shared to other computers on the local area network (LAN).

The network adapter that is connected to the LAN is configured with a static IP address of
192.168.0.1andasubnetmaskof 255.255.255.0

On the client computer

To connect to the Internet by using the shared connection, you must confirm the LAN adapter IP
configuration, and then configure the client computer. To confirm the LAN adapter IP
configuration, follow these steps:

1. Log on to the client computer as Administrator or as Owner.

2. Click Start, and then click Control Panel.
 3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-click Local Area Connection and then click Properties.
6. Click the General tab, click Internet Protocol (TCP/IP) in the connection uses the following
items list, and then click Properties.

7. In the Internet Protocol (TCP/IP) Properties dialog box , click Obtain an IP

address automatically (if it is not already selected), and then click OK.

Note:-You can also assign a unique static IP address in the range of 192.168.0.2to
254.For example, you can assign the following static IP address, sub net mask, and default gateway:

8. IPAddress192.168.31.202
9. Subnetmask255.255.255.0
10. Defaultgateway192.168.31.1

11. In the Local Area Connection Properties dialog box , click OK.

12. Quit Control Panel.

 Experiment-5
Aim:-Study of basic network command and Network configuration commands.

Apparatus (Software):-Command Prompt And Packet Tracer.

Procedure:-To do this experiment, follow these steps:

In this experiment- students have to understand basic networking commands e .g ping, tracer etc.

All commands related to Network configuration which include show to switch to privilege mode and
normal mode and how to configure router interface and how to save this configuration to flash
memory or permanent memory.

This commands includes

• Configuring the Router commands

• General Commands to configure network
• Privileged Mode commands of a router
• Router Processes & Statistics
• IP Commands
• Other IP Commands e.g. show Ip route etc.

ping:
ping(8)sendsanICMPECHO_REQUESTpackettothespecifiedhost.Ifthehostresponds,you
getanICMPpacketback.Soundstrange?Well,youcan“ping”anIPaddresstoseeifamachine is alive. If
there is no response, you know something is wrong.
Traceroute:

Tracert is a command which can show you the path a packet of information takes from your
computer to one you specify. It will list all the routers it passes through until it reaches its
destination, or fails to and is discarded. In addition to this, it will tell you how long each 'hop'
from router to router takes.
Ns look up:

Display sin formation from Domain Name System(DNS) name servers.

NOTE:-If you write the command as above its hows as default your pc's server name firstly.

Pat hping:

A better version of tacert that gives you statics about packet lostand latency.

Getting Help

In any command mode, you can get a list of available commands by entering a question mark (?).

Router-
To obtain a list of commands that begin with a particular character sequence, type in those
characters followed immediately by the question mark (?).

Router#co?
Configure connect copy
Tolistkeywordsorarguments,enteraquestionmarkinplaceofakeywordorargument. Include a
space before the question mark.

Router#configure?

Memory Configure from NV memory network Configure from a TFTP network host terminal
Configure from the terminal
You can also abbreviate command sand key words by entering just enough characters to make
the command unique from other commands. For example, you can abbreviate the show
command to sh.

Configuration Files

Any time you make changes to the router configuration, you must save the changes to memory
because if you do not they will be lost if there is a system reload or power outage,. There are two
types of configuration files: the running (current operating) configuration and the startup
configuration.
Use the following privileged mode commands to work with configuration files.
 Experiment-6

Performing an Initial Switch Configuration

Topology Diagram

Objectives
 PerformaninitialconfigurationofaCiscoCatalyst2960switch.

Background/Preparation
Inthisactivity,youwillconfigurethesesettingsonthecustomerCiscoCatalyst2960switch:
 Host name
 Console pass word
 Vty password
 Privileged EXEC mode password
 Privileged EXEC mode secret
 IPaddressonVLAN1interface
 Default gateway
Note:-Not all commands are graded by Packet Tracer.

Step1:Configure the switch host name.

a. From the Customer PC, use a console cable and terminal emulations of the ware to connect to the
console of the customer Cisco Catalyst 2960 switch.
b. Set the host name on the switch to Customer Switch using the se commands.

Switch>enable Switch#
configure terminal
 Switch(config)#hostnameCustomerSwitch

Step2:Configure the privileged mode password and secret.

a. From global configuration mode, configure the pass word a scisco.

Customer Switch (config)#enablepasswordcisco

b. From global configuration mode, configure these cretascisco123.

Customer Switch (config)#enablesecretcisco123

Step3:-Configure the console password.

a. From global configuration mode, switch to configuration mode to configure the console line.
Customer Switch(config)#lineconsole0

b. From line configuration mode ,setthep a sswordto cisco and require the password to be enteredat
login.

CustomerSwitch(config-line)#passwordcisco
CustomerSwitch(config-line)#login
CustomerSwitch(config-line)#exit

Step4-:Configure the vty password.

a. From global configuration mode, switchtotheconfigurationmodeforthevtylines0through 15.

Customer Switch(config)#linevty015

b. From line configuration mode, set the password cisco and require the password to be entered at
login.

CustomerSwitch(config-line)#passwordcisco
CustomerSwitch(config-line)#login
CustomerSwitch(config-line)#exit

Step5:ConfigureanIP addressoninterfaceVLAN1.
Fromglobalconfigurationmode,switchtointerfaceconfigurationmodeforVLAN1,andassigntheIPaddress
192.168.1.5 with the subnet mask of 255.255.255.0.

CustomerSwitch(config)#interfacevlan1
CustomerSwitch(config-if)#ipaddress192.168.1.5255.255.255.0
CustomerSwitch(config-if)#noshutdown
CustomerSwitch(config-if)#exit

Step6:Configurethedefaultgateway.
a. Fromglobalconfigurationmode,assignthedefaultgatewayto192.168.1.1.

CustomerSwitch(config)#ipdefault-gateway192.168.1.1
 b. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.

Step7:Verifytheconfiguration.
TheCustomerSwitchshould nowbeabletopingtheISPServerat 209.165.201.10.Thefirstoneortwopings may fail
while ARP converges.

CustomerSwitch(config)#end
CustomerSwitch#ping209.165.201.10

Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto209.165.201.10,timeoutis2seconds:
..!!!
Successrateis60percent(3/5),round-tripmin/avg/max=181/189/197msCustomerSwitch#

Reflection
a. WhatisthesignificanceofassigningtheIPaddresstotheVLAN1interfaceinsteadofanyoftheFast Ethernet
interfaces?

b. Whatcommandisnecessarytoenforcepasswordauthenticationontheconsoleandvtylines?

c. HowmanygigabitportsareavailableontheCiscoCatalyst2960switchthatyouusedintheactivity?
 Experiment-7

Performing an Initial Router Configuration

TopologyDiagram

Objectives
 Configuretherouterhostname.
 Configurepasswords.
 Configurebannermessages.
 Verifytherouterconfiguration.

Background/Preparation
Inthisactivity, youwillusetheCiscoIOSCLItoapplyaninitialconfigurationtoarouter,includinghost name,
passwords, a message-of-the-day (MOTD) banner, and other basic settings.
Note:Someofthestepsare notgradedbyPacketTracer.

Step1:Configuretherouterhostname.
a. OnCustomerPC,usetheterminalemulationsoftwaretoconnecttotheconsoleofthe customer Cisco 1841
ISR.
SetthehostnameontheroutertoCustomerRouterbyusingthesecommands.

Router>enable
Router#configureterminal
Router(config)#hostnameCustomerRouter

Step2:Configuretheprivilegedmodeandsecret passwords.
a. Inglobalconfigurationmode,setthepasswordto cisco.
 CustomerRouter(config)#enablepasswordcisco

Setanencryptedprivilegedpasswordtocisco123usingthesecretcommand.

CustomerRouter(config)#enablesecretcisco123

Step3:Configuretheconsole password.
a. Inglobalconfigurationmode,switchtolineconfigurationmodetospecifytheconsoleline.

CustomerRouter(config)#lineconsole0

Setthepasswordtocisco123,requirethatthepasswordbeenteredatlogin,andthenexitlineconfigurationmode.

CustomerRouter(config-line)#passwordcisco123
CustomerRouter(config-line)#login
CustomerRouter(config-line)#exit
CustomerRouter(config)#

Step4:Configurethevtypasswordtoallow Telnetaccesstotherouter.
a.Inglobalconfigurationmode,switchto lineconfigurationmodetospecifythevtylines.

CustomerRouter(config)#linevty04

Setthepasswordtocisco123,requirethatthepasswordbeenteredatlogin,exitlineconfigurationmode,andthen
exittheconfigurationsession.

CustomerRouter(config-line)#passwordcisco123
CustomerRouter(config-line)#login
CustomerRouter(config-line)#exit
CustomerRouter(config)#

Step5:Configurepasswordencryption,aMOTDbanner,andturnoffdomainserver lookup.
a. Currently,thelinepasswords andtheenablepasswordareshownincleartextwhenyoushowthe running
configuration. Verify this now by entering the show running-configcommand.

Toavoidthesecurityriskofsomeonelookingoveryourshoulderandreadingthepasswords,encrypt all clear

text passwords.

CustomerRouter(config)#servicepassword-encryption

Usetheshowrunning-configcommandagaintoverifythatthepasswordsareencrypted.
Toprovideawarningwhensomeoneattemptstologintotherouter,configureaMOTDbanner.

CustomerRouter(config)#bannermotd$AuthorizedAccessOnly!$
Testthebannerandpasswords.Logoutoftherouterbytypingthe exitcommandtwice.Thebannerdisplaysbefore the prompt
for a password. Enter the password to log back into the router.
YoumayhavenoticedthatwhenyouenteracommandincorrectlyattheuserorprivilegedEXECprompt,therouter pauses
while trying to locate an IP address for the mistyped word you entered. For example, this output shows what
happens when the enable command is mistyped.

CustomerRouter>emable
Translating"emable"...domainserver(255.255.255.255)

Topreventthisfromhappening,usethefollowingcommandtostopallDNSlookupsfromtherouter CLI.

CustomerRouter(config)#noipdomain-lookup

Savetherunningconfigurationtothestartupconfiguration.

CustomerRouter(config)#end
CustomerRouter#copyrunstart

Step6:Verifytheconfiguration.
a. LogoutofyourterminalsessionwiththeCisco1841customerrouter.
b. LogintotheCisco1841CustomerRouter.Entertheconsolepasswordwhenprompted.
c. NavigatetoprivilegedEXECmode.EntertheprivilegedEXECpasswordwhenprompted.
d. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.

Reflection
WhichCiscoIOSCLIcommandsdidyouusemost?

Howcanyoumakethecustomerrouterpasswordsmoresecure?
 Experiment-8

Configuring and Troubleshooting a Switched Network

Topology Diagram

Objectives
 Establishconsoleconnectiontotheswitch.
 Configurethehostnameand VLAN1.
 Usethehelpfeaturetoconfiguretheclock.
 Configurepasswordsandconsole/Telnetaccess.
 Configureloginbanners.
 Configuretherouter.
 Solveduplexandspeedmismatchproblems.
 Configureportsecurity.
 Secureunusedports.
 Managetheswitchconfigurationfile.

Background/Preparation
InthisPacketTracerSkillsIntegrationChallengeactivity,youwillconfigurebasicswitchmanagement, including
general maintenance commands, passwords, and port security. This activity provides you an opportunity to
review previously acquired skills.
AddressingTable
Device Interface IP Address SubnetMask
R1 Fa0/0 172.17.99.1 255.255.255.0
S1 Fa0/1 172.17.99.11 255.255.255.0
PC1 NIC 172.17.99.21 255.255.255.0
PC2 NIC 172.17.99.22 255.255.255.0
Server NIC 172.17.99.31 255.255.255.0

Step1:Establishaconsoleconnectiontoa switch.
Forthisactivity,directaccesstotheS1ConfigandCLItabsisdisabled.Youmustestablishaconsolesession through
PC1.
a. ConnectaconsolecablefromPC1toS1.
b. FromPC1,openaterminalwindowandusethedefaultterminalconfiguration.Youshould nowhave access
to the CLI for S1.
c. Checkresults.
Yourcompletionpercentageshouldbe8%.Ifnot,click CheckResultstosee whichrequiredcomponentsare not yet
completed.

Step2:ConfigurethehostnameandVLAN1.
a. Configuretheswitchhostnameas S1.
b. ConfigureportFa0/1.SetthemodeonFastEthernet0/1toaccess mode.

i. S1(config)#interfacefastethernet0/1
ii. S1(config-if)#switchportmodeaccess

c. ConfigureIPconnectivityonS1usingVLAN1.

i. S1(config)#interfacevlan1
ii. S1(config-if)#ipaddress172.17.99.11255.255.255.0
iii. S1(config-if)#noshutdown

d. ConfigurethedefaultgatewayforS1andthentestconnectivity.S1shouldbeabletoping R1.
e. Checkresults.
Yourcompletionpercentageshouldbe31%.Ifnot,click CheckResultstoseewhichrequiredcomponentsare not yet
completed. Also, make sure that interface VLAN 1 is active.

Step3:Configurethecurrenttimeusing Help.
a. Configuretheclocktothecurrenttime.AttheprivilegedEXECprompt,enterclock?.
b. UseHelptodiscoverthestepsrequiredtosetthecurrent time.
c. Usethe showclockcommand toverifythattheclockisnowsettothecurrenttime.PacketTracer may not
correctly simulate the time you entered.
PacketTracerdoesnotgradethiscommand,sothecompletionpercentagedoesnotchange.
Step4:Configurepasswords.
a. UsetheencryptedformoftheprivilegedEXECmodepasswordandsetthepasswordtoclass.
b. ConfigurethepasswordsforconsoleandTelnet.Setboththeconsoleandvtypasswordtocisco and
require users to log in.
c. ViewthecurrentconfigurationonS1.Noticethatthelinepasswordsareshownincleartext.Enter the
command to encrypt these passwords.
d. Checkresults.
Yourcompletionpercentageshouldbe42%.Ifnot,click CheckResultstoseewhichrequiredcomponentsare not yet
completed.

Step5:Configuretheloginbanner.
If youdo not enter the banner text exactlyasspecified, Packet Tracer doesnot grade your command correctly.
Thesecommandsarecase-sensitive.Also makesurethatyoudonotincludeanyspacesbeforeorafterthetext.
a. Configurethemessage-of-the-daybanneronS1todisplayasAuthorizedAccessOnly.(Donot include
the period.)
b. Checkresults.
Yourcompletionpercentageshouldbe46%.Ifnot,click CheckResultstoseewhichrequiredcomponentsare not yet
completed.

Step6:Configurethe router.
Routersandswitchessharemanyofthesamecommands.Configuretherouterwiththesamebasiccommands you used
on S1.
a. AccesstheCLIforR1byclickingthedevice.
b. DothefollowingonR1:
 ConfigurethehostnameoftherouterasR1.
 ConfiguretheencryptedformoftheprivilegedEXECmodepasswordandsetthepasswordto class.
 Settheconsoleandvtypasswordtociscoandrequireuserstologin.
 Encrypttheconsoleandvtypasswords.
 Configurethemessage-of-the-dayasAuthorizedAccessOnly.(Donotincludetheperiod.)
c. Checkresults.
Yourcompletionpercentageshouldbe65%.Ifnot,click CheckResultstoseewhichrequiredcomponentsare not yet
completed.

Step7:Solveamismatchbetweenduplexandspeed.
a. PC1andServercurrentlydonothaveaccessthroughS1becausetheduplexandspeedaremismatched. Enter
commands on S1 to solve this problem.
b. Verifyconnectivity.
c. BothPC1andServershould nowbeabletopingS1,R1,andeachother.
d. Checkresults.
Yourcompletionpercentageshouldbe73%.Ifnot,click CheckResultstoseewhichrequiredcomponentsare not yet
completed.
Step8:Configureportsecurity.
a. Usethe followingpolicytoestablishportsecurityontheportusedbyPC1:
 Enableportsecurity
 AllowonlyoneMACaddress
 ConfigurethefirstlearnedMACaddressto"stick"totheconfiguration
Note:OnlyenablingportsecurityisgradedbyPacketTracerandcountedtowardthecompletionpercentage. However,
all the port security tasks listed above are required to complete this activity successfully.
b. Verifythat port security is enabled for Fa0/18. Your output should look like the following output.
NoticethatS1hasnotyetlearnedaMACaddressforthisinterface.Whatcommandgeneratedthis output?

S1#

PortSecurity :Enabled
Port Status : Secure-up
Violation Mode :Shutdown
Aging Time :0mins
Aging Type : Absolute
SecureStaticAddressAging:Disabled
Maximum MAC Addresses 1
TotalMAC Addresses 0
ConfiguredMAC Addresses 0
StickyMACAddresses 0
LastSourceAddress:Vlan:0000.0000.0000:0
Security Violation Count 0

c. ForceS1tolearntheMACaddressforPC1.SendapingfromPC1toS1.ThenverifythatS1added the MAC

address for PC1 to the running configuration.

!
interfaceFastEthernet0/18
<output omitted>
switchportport-securitymac-addresssticky0060.3EE6.1659
<output omitted>
!

d. Testportsecurity.RemovetheFastEthernetconnectionbetweenS1 and PC1.ConnectPC2 to Fa0/18.

Waitforthelinklightstoturngreen.Ifnecessary,sendapingfromPC2toS1tocausethe porttoshut down. Port
security should show the following results: (the Last Source Address may be different)

PortSecurity :Enabled
Port Status :Secure-shutdown
Violation Mode : Shutdown
Aging Time :0mins
Aging Type : Absolute
SecureStaticAddressAging:Disabled
Maximum MAC Addresses 1
TotalMAC Addresses 1
 ConfiguredMACAddresses:1
Sticky MAC Addresses 0
LastSourceAddress:Vlan:00D0.BAD6.5193:99
Security Violation Count 1

e. ViewingtheFa0/18interfaceshowsthatlineprotocolisdown(err-disabled),whichalsoindicatesa security
violation.

S1#showinterfacefa0/18
FastEthernet0/18isdown,lineprotocolisdown(err-disabled)
<output omitted>

f. Reconnect PC1 and re-enable the port. To re-enable the port, disconnect PC2 from Fa0/18 and
reconnectPC1.InterfaceFa0/18mustbemanuallyreenabledwiththenoshutdowncommandbefore
returning to the active state.
g. Checkresults.
Yourcompletionpercentageshouldbe77%.Ifnot,clickCheckResultstosee whichrequiredcomponentsare not yet
completed.

Step9:Secureunusedports.
a. DisableallportsthatarecurrentlynotusedonS1.PacketTracergradesthestatusofthe following ports:
Fa0/2, Fa0/3, Fa0/4, Gig 1/1, and Gig 1/2.
b. Checkresults.
Yourcompletionpercentageshouldbe96%.Ifnot,click CheckResultstoseewhichrequiredcomponentsare not yet
completed.

Step10:Managetheswitchconfigurationfile.
a. Savethecurrentconfigurationfor S1andR1toNVRAM.
b. BackupthestartupconfigurationfileonS1andR1byuploadingthemtoServer.VerifythatServer has the
R1-confg and S1-confg files.
c. Checkresults.
Yourcompletionpercentageshouldbe100%.Ifnot,click CheckResultstosee whichrequiredcomponentsare not yet
completed.
 Experiment-9

Connecting a Switch
Topology Diagram

Objectives
 Connectaswitchtothe network.
 Verifytheconfigurationontheswitch.

Background/Preparation
In this activity, you will verify the configuration on the customer Cisco Catalyst 2960 switch. The switch is
alreadyconfiguredwithallthebasicnecessaryinformationforconnectingtotheLANatthecustomersite.The switch is
currently not connected to the network. You will connect the switch to the customer workstation, the customer
server, and customer router. You will verify that the switch has been connected and configured successfully by
pinging the LAN interface of the customer router.

Step1:ConnecttheswitchtotheLAN.
a. Usingthepropercable,connecttheFastEthernet0/0onCustomerRoutertotheFastEthernet0/1on
Customer Switch.
b. Usingthepropercable,connecttheCustomerPCtotheCustomerSwitchonportFastEthernet0/2.
c. Usingthepropercable,connecttheLocalServertotheCustomerSwitchonportFastEthernet0/3.

Step2:Verifytheswitchconfiguration.
a. FromtheCustomerPC,usetheterminalemulationsoftwaretoconnecttotheconsoleofthe
customer Cisco Catalyst 2960 switch.
b. UsetheconsoleconnectionandterminalutilityontheCustomerPCtoverifytheconfigurations. Use
cisco as the console password.
c. EnterprivilegedEXECmodeandusetheshowrunning-configcommandtoverifythefollowing
configurations. The password is cisco123.
a. VLAN1IPaddress=192.168.1.5
b. Subnetmask=255.255.255.0
 c. Passwordrequiredforconsoleaccess
d. Passwordrequiredforvtyaccess
e. PasswordenabledforprivilegedEXEC mode
f. SecretenabledforprivilegedEXECmode
d. VerifyIPconnectivitybetweentheCiscoCatalyst2960switchandtheCisco1841routerbyinitiating a ping
to 192.168.1.1 from the switch CLI.
e. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.

Reflection

a. Whatisthesignificanceoftheenablesecretcommandcomparedtotheenablepassword?

b. Ifyouwanttoremovetherequirementtoenterapasswordtoaccesstheconsole,whatcommands do you
issue from your starting point in privileged EXEC mode?
 Experiment-10

Configuring WEP on a Wireless Router

Topology Diagram

Objectives
 ConfigureWEPsecuritybetweenaworkstationandaLinksyswirelessrouter.

Background/Preparation
You have been asked to go back to a business customer and install a new Linksys wireless router for the
customeroffice.Thecompanyhassomenewpersonnelwhowillbeusingwirelesscomputerstosave moneyon adding
additional wired connections to the building. The business is concerned about the security of the network
because they have financial and highly classified data being transmitted over the network. Your job is to
configure the security on the router to protect the data.
Inthisactivity,youwillconfigureWEPsecurityonbothaLinksyswirelessrouterandaworkstation.

Step1:ConfiguretheLinksyswirelessroutertorequireWEP.
a. ClicktheCustomerWirelessRoutericon.Then,clickthe GUItabtoaccesstherouterweb
management interface.
b. ClicktheWirelessmenuoptionandchangetheNetworkName(SSID)fromDefaultto
CustomerWireless.Leavetheothersettingswiththeirdefaultoptions.
c. ClicktheSaveSettingsbuttonatthebottomoftheBasicWirelessSettings window.
d. ClicktheWirelessSecuritysubmenuundertheWirelessmenutodisplaythecurrentwireless
security parameters.
e. FromtheSecurityModedrop-downmenu,selectWEP.
f. IntheKey1textbox,type1a2b3c4d5e.Thiswillbethe newWEPpre-sharedkeytoaccessthe wireless
network.
g. ClicktheSaveSettingsbuttonatthebottomoftheWirelessSecuritywindow.
Step2:ConfigureWEP onthecustomerwirelessworkstation.
a. ClicktheCustomerWirelessWorkstation.
b. ClicktheConfigtab.
c. ClicktheWirelessbuttontodisplaythecurrentwirelessconfigurationsettingsontheworkstation.
d. ChangetheSSIDtoCustomerWireless.
e. ChangetheSecurityModetoWEP.Enter1a2b3c4d5eintheKeytextbox,andthenclosethe window.

Step3:Verifytheconfiguration.
AfteryouconfigurethecorrectWEP keyandSSIDonthecustomerwirelessworkstation,noticethatthereisa wireless
connection between the workstation and the wireless router.
a. ClicktheCustomerWirelessWorkstation.
b. ClicktheDesktoptabtoviewtheapplicationsthatareavailable.
c. ClickontheCommandPromptapplicationtobringupthecommandprompt.
d. Typeipconfig/allandpressEntertoviewthecurrentnetworkconfigurationsettings.
e. Typeping192.168.2.1toverifyconnectivitytotheLANinterfaceofthecustomerwirelessrouter.
f. Closethecommandpromptwindow.
g. Openawebbrowser.
h. Intheaddressbarofthewebbrowserwindow,type http://192.168.1.10.PressEnter.TheIntranet web
page that is running on the customer server appears. You have just verified that the customer
wireless workstation has connectivity to the rest of the customer network.
i. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.

Reflection
a. WhatisthepurposeofusingWEPona wirelessnetwork?

b. WhatisthesignificanceofthekeythatyouusedtosecureWEP?

c. IsWEPthebestchoiceforwirelesssecurity?
 Experiment-11

Using the Cisco IOS Show Commands

Topology Diagram

Objectives
 UsetheCiscoIOSshowcommands.

Background/Preparation
TheCiscoIOSshowcommandsareusedextensivelywhenworkingwithCiscoequipment.Inthisactivity,you will use the
show commands on a router that is located at an ISP.
Note:Thisactivitybeginsbyshowing100%completion,becausethepurposeisonlytoexploretheCiscoIOS
showcommands.Thisactivityisnotgraded.

Step1:ConnecttotheISPCisco1841router.
Use the terminal emulationsoftware onISP PCto connect to the Cisco 1841 router.The ISPRouter>prompt
indicatesthatyouareinuser EXECmode.Nowtype enableattheprompt.TheISPRouter#promptindicates that you
are in privileged EXEC mode.

Step2:Exploretheshow commands.
Usetheinformationdisplayed bythese showcommandstoanswerthequestionsintheReflectionsection.
a. Typeshowarp.
b. Typeshowflash.
c. Typeshow iproute.
d. Typeshowinterfaces.
e. Typeshowprotocols.
f. Typeshowusers.
g. Typeshowversion.
Reflection

a. WhydoyouneedtobeinprivilegedEXECmodetoexploretheCiscoIOS showcommands that

were used in this activity?

Howmuchflashmemoryisreported?

Which of the following is

subnetted?
 209.165.201.0
 209.165.201.1
 209.165.201.10
Whichinterfaceisupandrunning?
 Serial0/1/0
 FastEthernet0/1
 FastEthernet0/0
 VLAN1
 Experiment-12

Examining WAN Connections

Objective

Theshowcommandsareverypowerfulcommandsfortroubleshootingandmonitoringnetworks.They give
a static image of the network at a given time.The use of a variety of show commands will give a
clear picture of how the networking is communicating and transferring data.

Background/ Preparation

ThephysicaltopologyofthenetworkhasbeendesignedusingFrameRelay.Totestthenetwork
connectivity, use a variety of show commands.

Requiredfile:ExaminingWANConnections.pka

Step1:ExaminetheconfigurationofBranch1andBranch2.

a. ClickonBranch1andusevarious show commandstoviewtheconnectivitytothenetwork.

b. Usetheshowrunning-configurationcommandtoviewtherouter configuration.
c. Usetheshowipinterfacebrief commandtoviewthestatusoftheinterfaces.
d. Usethevariousshowframe-relaymap,showframe-relaypvc,andshowframe-relaylmi
commandstoseethestatusoftheFrame-relaycircuit.
e. ClickonBranch2andusevariousshow commandstoviewtheconnectivitytothenetwork.
f. Usetheshowrunning-configurationcommandtoviewtherouter configuration.
g. Usetheshowipinterfacebrief commandtoviewthestatusoftheinterfaces.
h. Usethevariousshowframe-relaymap,showframe-relaypvc,andshowframe-relaylmi
commandstoseethestatusoftheFrame-relaycircuit.
Step2:ExaminetheconfigurationofMain.

a. ClickonMainanduseavarietyofshow commandstoviewtheconnectivitytothenetwork.
b. Usetheshowrunning-configurationcommandtoviewtherouter configuration.
c. Usetheshowipinterfacebrief commandtoviewthestatusoftheinterfaces.
d. Toviewthestatusoftheframe-relayconfigurationsusetheshowframe-relaylmi,showframe- relay
map, and show frame-relay pvccommands.

Reflection

a. Inwhatsituationswoulditbebeneficialtousethevariousshow commands?

b. Whatbeneficialinformationcanbeobtainedfromthevariousshow commands?
 Experirment-13

Interpreting Ping and Trace route Output

Topology Diagram

Objectives
 Distinguishthedifferencebetweensuccessfulandunsuccessfulpingattempts.
 Distinguishthedifferencebetweensuccessfulandunsuccessfultracerouteattempts.

Background/Preparation
Inthisactivity, youwilltestend-to-endconnectivityusingpingandtraceroute.Attheendofthisactivity, you will be
able to distinguish the difference between successful and unsuccessful ping and traceroute attempts.
Note:Beforebeginningthisactivity,makesurethatthenetworkisconverged.Toconvergethenetwork quickly,
switch between Simulation mode and Realtime mode until all the link lights turn green.

Step1:Testconnectivityusingpingfromahostcomputerandarouter.
ClickN-Host,clicktheDesktoptab,andthenclickCommandPrompt.FromtheCommandPromptwindow,ping the Cisco
server at www.cisco.com.
PacketTracerPCCommandLine1.0
PC>ping www.cisco.com

Pinging64.100.1.185with32bytesofdata:

Request timed out.

 Replyfrom64.100.1.185:bytes=32time=185msTTL=123
Replyfrom64.100.1.185:bytes=32time=281msTTL=123
Replyfrom64.100.1.185:bytes=32time=287msTTL=123

Pingstatisticsfor 64.100.1.185:
Packets:Sent=4,Received=3,Lost=1(25%loss),
Approximate round trip times in milli-seconds:
Minimum=185ms,Maximum=287ms,Average=251ms PC>

Fromtheoutput, youcanseethatN-HostwasabletoobtainanIPaddressfortheCiscoserver. TheIPaddresswas obtained

using (DNS). Also notice that the first ping failed. This failure is most likely due to lack of ARP convergence
between the source and destination. If you repeat the ping, you will notice that all pings succeed.
Fromthe CommandPromptwindowonN-Host,pingE-Hostat192.168.4.10.Thepingsfail.Ifyoudonotwantto wait for all
four unsuccessful ping attempts, press Ctrl+Cto abort the command, as shown below.
PC>ping192.168.4.10

Pinging192.168.4.10with32bytesofdata:

Requesttimedout.
Requesttimedout.

Pingstatisticsfor 192.168.4.10:
Packets:Sent=3,Received =0,Lost=3(100%loss),

Control-C
^C
PC>

ClicktheN-Branchrouter,andthenclickthe CLItab.PressEntertogettherouterprompt.Fromtherouterprompt, ping the

Cisco server at www.cisco.com.
N-Branch>pingwww.cisco.com
Translating"www.cisco.com"...domainserver(64.100.1.242)
Type escape sequence to abort.
Sending5,100-byteICMPEchosto64.100.1.185,timeoutis2 seconds:
.!!!!
Successrateis80percent(4/5),round-tripmin/avg/max=210/211/213msN-

Branch>

As youcansee,thepingoutputonarouterisdifferentfromaPChost.NoticethattheN-Branchrouterresolvedthe
domainnametothesameIPaddressthatN-Hostusedtosenditspings. Alsonoticethatthefirstpingfails, whichis indicated
by a period (.), and that the next four pings succeed, as shown with an exclamation point (!).
Fromthe CLItabonN-Branch,pingE-Hostat192.168.4.10.Again,thepingsfail.Tonotwaitforallthe failures, press
Ctrl+C.
N-Branch>ping192.168.4.10

Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto192.168.4.10,timeoutis2 seconds:
...
Successrateis0percent(0/4)

N-Branch>
Step2:Testconnectivityusingtraceroutefromahostcomputerandarouter.
a. ClickN-Host,clicktheDesktoptab,andthenclickCommandPrompt.Fromthe CommandPrompt
window, trace the route to the Cisco server at www.cisco.com.

PC>tracertwww.cisco.com

Tracingrouteto64.100.1.185overamaximumof30hops:

192 ms 77 ms 86 ms 192.168.1.1
291 ms 164 ms 84 ms 64.100.1.101
3135 ms 168 ms 151 ms 64.100.1.6
4185 ms 261 ms 161 ms 64.100.1.34
5257 ms 280 ms 224 ms 64.100.1.62
6310 ms 375 ms 298 ms 64.100.1.185

Tracecomplete.

PC>

Theaboveoutputshowsthatyoucansuccessfullytracearouteallthe waytotheCiscoserverat64.100.1.185.Each hop in the

path is a router responding three times to trace messages from N-Host. The trace continues until the destination for
the trace (64.100.1.185) responds three times.
Fromthe CommandPromptwindowonN-Host,tracearoutetoE-Hostat192.168.4.10.Thetracefails,butnotice that the
tracertcommand traces up to 30 hops. If you do not want to wait for all 30 attempts to time out, press Ctrl+C.

PC>tracert192.168.4.10

Tracingrouteto192.168.4.10overamaximumof30hops:

1103 ms 45 ms 91 ms 192.168.1.1
256 ms 110 ms 125 ms 64.100.1.101
3174 ms 195 ms 134 ms 64.100.1.6
4246 ms 183 ms 179 ms 64.100.1.34
5217 ms 285 ms 226 ms 64.100.1.62
6246 ms 276 ms 245 ms 64.100.1.154
7 * * * Requesttimedout.
8 * * * Requesttimedout.
9 * * * Requesttimedout.
10
Control-C
^C
PC>

The tracertcommand can be helpful in finding the potential source ofa problem. The last device to
respond was 64.100.1.154, so you would start troubleshooting by determining which device is
configuredwiththeIPaddress64.100.1.154.Thesourceoftheproblemmightnotbethatdevice,but the trace
has given you a starting point, whereas a ping simply tells you that the destination is either reachable
or unreachable.
ClicktheN-Branchrouter,andthenclickthe CLItab.PressEntertogettherouterprompt.Fromtherouterprompt, trace the
route to the Cisco server at www.cisco.com.
 N-Branch>traceroutewww.cisco.com
Translating"www.cisco.com"...domainserver(64.100.1.242)
Type escape sequence to abort.
Tracingtherouteto64.100.1.185

164.100.1.101 60msec32msec59 msec

264.100.1.6 98msec65msec65msec
364.100.1.34 138msec147msec147msec
464.100.1.62 189msec148msec145msec
564.100.1.185 219msec229msec293msec
N-Branch>

Asyoucansee,tracerouteoutputonarouterisverysimilar totheoutputonaPChost.Theonly difference is

that on a PC host, the IP address is listed after the three millisecond outputs.
FromtheCLItabonN-Branch,tracetheroutetoE-Hostat192.168.4.10.ThetracefailsatthesameIP addressasit failed when
tracing from N-Host. Again, you can use Ctrl+Cto abort the command.

N-Branch>traceroute192.168.4.10
Type escape sequence to abort.
Tracingtherouteto192.168.4.10

164.100.1.101 41msec19msec32 msec

264.100.1.6 33msec92msec117msec
364.100.1.34 98msec102msec102msec
464.100.1.62 166msec172msec156msec
564.100.1.154 157msec223msec240msec
6* * *
7* * *
8* * *
9
N-Branch>

Step3:Practicethepingandtraceroutecommands.
Throughoutthiscourse,youwilloftenusepingandtraceroutetotestconnectivityandtroubleshootproblems.
Topracticethesecommands, pingandtracefromW-HostandS-Hosttoanyotherdestinationinthenetwork. You can
also ping and trace from N-Branch to other locations.
 Experirment-14

Demonstrating Distribution Layer Functions

Objective

 DemonstratethefunctionsperformedbytheDistributionLayerdevices.

Background/ Preparation

VLANs can be addedto a network for security purposes andtraffic control. Devices on separate VLANs
areunabletocommunicateunlessarouterhasbeenconfiguredtohelpwiththiscommunication.Observe how
packet filtering and route summarization traverse the network using simulation mode.

Requiredfile:DemonstratingDistributionLayer Functions

Step1:SetupSimulationfilterstocaptureroutingprotocols

a. EntersimulationmodeinPacketTracer.
b. Clickontheeditfiltersbutton.
c. Select EIGRP
d. ClickontheResetSimulation button.
e. ClickAutoCapture/Play
f. ObservetheEIGRPupdates
Step2:TestconnectivitybetweenthenetworkdevicesusingRealtimemode.

a. FromPC0 pingPC1, PC2,PC3, and PC4.

b. FromPC1 pingPC0, PC2,PC4, PC3

Step3:TestconnectivitybetweenthenetworkdevicesusingSimulationmode

a. SwitchfromRealtimemodetoSimulationmode.
b. CreateasimplePDUfromPC0toPC1.ClickCapture/ForwarduntilthePDUhasmadethe
complete trip to PC1 and back.
c. Intheeventlist viewthePDU events.
d. CreateanotherPDUfromPC0toPC2.

Reflection

c. Whycan’tPC0communicatewithPC1butPC1cancommunicatewithPC0’sdefaultgateway?

d. Whateffectonconnectivitywouldremovingthesubinterfaces have?

e. WhymustarouterbeinthetopologytohavecommunicationbetweentheVLANs?
 Experirment-15

Placing ACLs

Objectives
 Verifynetworkconnectivity
 ExaminetheAccessControlLists(ACLs)thatareconfiguredontherouters
 DeterminetheappropriateinterfacetoapplytheACLs
 ExaminetheaffectsoftheACL
Background/Preparation
This activity demonstrates how the flow of network traffic is affected by applying an ACL to permit
or deny traffic in the network. The network administrator has decided that all external web traffic
goes only
totheWebserver.Also,inordertoprotectthedataotheiremployees,theHRserverisonlyaccessibleto HR
employees.Therefore, ACLs will need to be implemented on the network.Another network
technician has already configured the necessary ACLs on both the Gateway and Distribution2
routers.
However,theACLshavenotbeenappliedtoaninterface.YouhavebeenaskedtoapplytheACLsand verify
that the appropriate traffic is permitted or denied.

Requiredfile:PlacingACLs

Step1:Verifynetworkconnectivity

a. VerifythatallofthePCscancommunicatewitheachotherandwiththeservers.
b. VerifythattheInternetHostcanaccesstheWebserver(192.168.0.3),Salesserver(192.168.10.2) and
HR server (192.168.40.2) using the browser.

Step2:ExaminetheAccessControlListsthatareconfiguredontherouters

a. AccesstheDistribution1router.UsethefollowingcommandstoviewtheACLthathasbeen
configured on the Distribution1 router:
 showrunning-config
 showaccess-lists1
b. AccesstheGatewayrouter.Usethefollowingcommandstoviewthe ACLthathasbeen
configured on the Gateway router:
 showrunning-config
 showaccess-lists100

Step3:DeterminetheappropriateinterfacetoapplytheACLs

a. AfterexaminingtheACLsdetermineonwhichinterfacetheACLsshouldbe applied
b. TheACLmustbeappliedtoaninterfaceorsubinterfacebeforeitwillaffectthenetworktraffic
c. TheextendedACLshouldbeplacedclosesttothesourceandthestandardACLshouldbeclosest to the
destination.
d. RememberthatonlyoneACLperport,perprotocol,perdirectionisallowed.
e. ApplytheACLtotheappropriateinterfaceorsubinterface.

Step4:ExaminetheaffectsoftheACL

a. InternetHostshouldbeabletopinganydeviceinthenetwork,except HR1orHR server.

b. InternetHostshouldbeabletoaccessWebserver(192.168.0.3)usingthebrowser.
c. InternetHostshouldnotbeabletoaccesseithertheHRserver(192.168.40.1)orSalesserver
(192.168.10.2) using the browser.
d. HR2shouldbeabletoaccessHRserver(192.168.40.1)usingpingorthebrowser.
e. RandD2shouldnot beabletoaccessHRserver(192.168.40.1)usingpingorthebrowser.
Reflection

1. HowcanACLsbeusedtocontroltheflowofnetwork traffic?

2. Bydefault,whatisalwaysthelaststatementinanACL?
 Experirment-16

Exploring Different LAN Switch Options

Topology Diagram

Objectives
 Determinethecabletypestousetoconnectalldevicestotheswitch.
 Addappropriatemodulestoswitchesandrouters.
 Connectthedevicestotheswitchusingtheappropriatecabletypes.

Background/Preparation
Theresultsofasitesurveyfor anISPcustomerindicatethatthecustomer needstoupgrade theLANtoinclude a new
standalone switch. The network has an existing router (Router0) and a Linksys 300N router. It is
necessarytodetermine whichinterfacesareneededonthe newswitchtoprovideconnectivitytotherouter,the Linksys
device, and the customer PCs. The customer wants to use copper cabling.
Note:Linkscreatedwiththeswitchmaytakeaminutetochangefromambertogreen.Switchbetween Simulation
mode and Realtime mode to speed up this process.

Step1:Determinetherequiredconnectivity options.
a. ClickRouter0.UsingtheinformationinthePhysicalDevice ViewwindowonthePhysicaltab,
determine what type of interface is available on the router to connect to the new switch.
Hint:Placethemousepointerontheinterfacetodisplaytheinterfacetype.Clickontheinterfacetype to display
a description of the interface.
Whichinterfaceisavailableontheroutertoconnecttothe newswitch?Whattypeofcableisrequired?

Clickthe Linksys300N.Usingthepictureonthe Physicaltab,determine whattypeofcableisnecessarytoconnect to the

new switch.
Whichinterfaceisavailableonthe Linksys300Ntoconnecttothenewswitch?Whattypeofcableisrequired?
Step2:Configurethenew switchwiththerequiredoptions.
a. ClickSwitch0.
OnthePhysicaltab,exploreeachswitchmoduleavailableunderthe Modulesoption. Choose the
appropriate interfacesto connect to Router0 and the Linksys300N router. Choose the
appropriate interfaces to connect to the existing PCs.
Powerdowntheswitchusingthepowerbuttoninthe PhysicalDeviceView windowonthePhysicaltab. Choose the
appropriate modules for the switch. Add the four necessary interfaces to the switch.
Poweruptheswitchusingthe powerbuttonshowninthe PhysicalDeviceView windowonthePhysicaltab. Click the
Configtab. Select each interface and ensure that the Onbox is checked.

Step3:Connecttheroutertotheswitch.
a. Usingtheappropriatecable,connecttherouterporttothefirstavailableswitchport.ClicktheConfig
tabontherouter.SelecttheinterfaceandensurethattheOnboxischecked.
b. Verifyconnectivity. Agreenlightappearsoneachendofthelinkifthecablingiscorrect.

Step4:ConnecttheLinksys300Ntotheswitch.
a. Usingtheappropriatecable,connecttheLinksys300Ntothesecondavailableportonthenewswi
tch. Verify connectivity. A green light appears on each end of the link if the cabling is correct.

Step5:ConnectthePCstotheswitch.
a. Usingtheappropriatecable,connecttheexistingPCstothenewswitch.
b. Verifyconnectivity. Agreenlightappearsoneachendofthelinksifthecablingiscorrect.
c. Clickthe CheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.
 Experirment-17

Implementing an IP Addressing Scheme

Topology Diagram

Objectives
 Subnetanaddressspacebasedonthehostrequirements.
 Assignhostaddressestodevices.
 ConfiguredeviceswithIPaddressing.
 Verifytheaddressingconfiguration.

Background/Preparation
Inthisactivity,youwillsubnettheprivateaddressspace192.168.1.0/24toprovideenoughhostaddressesfor thetwo
LANsattached to the router.You willthenassign valid hostaddressesto theappropriatedevicesand interfaces.
Finally, you will test connectivity to verify your IP address implementation.

Step1:Subnetanaddressspacebasedonthehost requirements.
a. Youaregiventheprivateaddressspace192.168.1.0/24.Subnetthisaddressspacebasedonthe
following requirements:
 LAN-Aneedsenoughaddressesfor50hosts.
 LAN-
Bneedsenoughaddressesfor40hosts. How many bits
must be left for host addresses?
How many bits can now be taken from the host portion to make a subnet?
How many hosts does each subnet support?
Howmanysubnetsarecreated?
What isthe newsubnet mask?
Step2:Assignhostaddressestodevices.
What is the subnet address for subnet 0?
What is the subnet address for subnet 1?
Assign subnet 0 to LAN-A, and assign subnet 1 to LAN-B.
What is the first address in subnet 0?
Thisaddressisassigned the FastEthernet0/0 interface onCustomer Router.
What is the first address in subnet 1?
Thisaddressisassigned theFastEthernet0/1 interfaceonCustomer Router.
What is the last address in subnet 0?
This address is assigned to HostA.
What is the last address in subnet 1?
This address is assigned to HostB.
What is the default gateway for HostA?
Whatisthedefaultgatewayfor HostB?

Step3:ConfiguredeviceswithIP addressing.
ConfigureHostAandHostBwithIPaddressing,includingthesubnetmaskanddefaultgateway.
a. ClickHostA.OntheDesktoptab,chooseIPConfiguration.EnterthecorrectaddressingforHostA
according to your answers in Step 1 and Step 2.
b. ClickHostB.OntheDesktoptab,chooseIPConfiguration.EnterthecorrectaddressingforHostB
according to your answers in Step 1 and Step 2.
c. Checkresults.OntheAssessmentItemstab,yourconfigurationsforHostAandHostBshouldhave green
checkmarks. If not, read the provided feedback for a hint on how to correct the problem.
Note:Ifyoucannotseeallthe feedback,place your mousepointerovertherightsideoftheActivity Results
window. When the cursor turns into a double-headed arrow, click and drag to resize the window until
you can see all the feedback text.)
ConfiguretheLANinterfacesonCustomerRouterwithIPaddressesandasubnet mask.
a. ClickCustomerRouter.ClicktheConfigtab.
b. OntheleftsideunderInterface,clickFastEthernet0/0.EntertheIPaddressandsubnetmask,andthen set the
Port Status to On.
c. OntheleftsideunderInterface,clickFastEthernet0/1.EntertheIP addressandsubnetmask,andthen set the
Port Status to On.
d. NoticeintheEquivalentIOSCommandswindowthatyouractionsproducedactualcommands.You can
scroll through the command window. In the next chapter, you will learn how to enter these
commands directly into the router instead of using the Config tab.

For a better view of the commands, you can increase the size of the window. To resize the window,
placeyour mousepointerover thebottomborderofthe window.Whenthecursorturnsintoadouble- headed
arrow, click and drag.
Checkresults.OntheAssessmentItemstab,yourconfigurationsforCustomerRoutershouldhavegreen checkmarks. If
not, read the provided feedback for a hint on how to correct the problem.
Step4:Verifytheaddressing configuration.
a. Test connectivity between HostA, HostB, ISP Workstation, and ISP Server. You can use the Add
Simple PDU tool to create pings between the devices. You can also click HostA or HostB, then the
Desktoptab,andthenCommandPrompt.Usethepingcommandtotestconnectivitytootherdevices. To
obtain the IP address of another device, place your mouse pointer over the device.
b. Checkresults.OntheConnectivityTeststab,thestatusofeachtestshouldbesuccessful.

Reflection
a. Howmanysubnetsarestillavailableforfutureexpansion?
b. Whatwouldbethetwosubnetaddressesifthehostrequirementwas80hostsperLAN?
c. Challenge: Create your own Packet Tracer network using the same topology, but implement an
addressingschemebasedon80hostsperLAN.Haveanotherstudentoryourinstructorcheckyour work.
 Experirment-18

Examining Network Address Translation (NAT)

Topology Diagram

Objectives
 ExamineNATprocessesastraffictraversesaNATborderrouter.

Background/Preparation
Inthisactivity, youwillusePacketTracerSimulationmode toexaminethecontentsofthe IPheaderastraffic crosses the
NAT border router.

Step1:PreparethenetworkforSimulationmode.
Verify that the network is ready to send and receive traffic. All the link lights should be green. If some link
lightsarestillamber, youcanswitchbetweenSimulationandRealtime modeseveraltimestoforcethelightsto turn
green faster. Switch to Simulation mode before going to the next step.

Step2:SendanHTTPrequestfromaninsidehosttoanoutsidewebserver.
Click Customer PC. Click the Desktop tab and then Web Browser. In the URL field, type the web
addressfortheISPserver(www.ispserver.com).MakesurethatyouareinSimulationmode,andthen click Go.
Intheeventlist,noticethatCustomerPCqueuesaDNSrequestandsendsoutanARPrequest.Youcanviewthe
contentsofthe ARPrequestbyeitherclickingonthepacketinthetopologyorclickingonthepacketcolorunder
Info in the Event List window.
InthePDUInformationatDevice:CustomerPCwindow, whichIPaddressisCustomerPCattemptingtofinda
MAC address for?
IntheEventListwindow,clickCapture/Forward twice.WhichdeviceanswerstheARPrequestfromCustomerPC?
Which MAC address is placed inside the ARP reply?
In the Event List window, click Capture/Forward twice. Customer PC accepts the ARP replay and then builds
anotherpacket.Whatistheprotocolforthisnewpacket? IfyouclickOutboundPDUDetailsforthispacket, you can see
the details of the protocol.
In the Event List window, click Capture/Forward twice. Click the packet at the www.customerserver.com server.
ThenclicktheOutboundPDUDetailstab.Scrolldowntothebottomtoseethe ApplicationLayerdata.Whatisthe IP address
for the ISP server?

IntheEventListwindow,clickCapture/Forwardtwice.CustomerPCnowformulatesanotherARPrequest.Why?

IntheEventListwindow,clickCapture/Forward10timesuntilCustomerPCformulatesanHTTPrequestpacket. Customer
PC finally has enough information to request a web page from the ISP server.
In the Event List window, click Capture/Forward three times. Click the packet at Customer Router to examine the
contents.CustomerRouterisaNAT borderrouter.Whatis theinsidelocaladdressandtheinsideglobaladdressfor Customer
PC?

In the Event List window, click Capture/Forward seven times until the HTTP reply reaches Customer Router.
ExaminethecontentsoftheHTTPreplyandnoticethattheinsidelocalandglobaladdresseshavechangedagainas the packet
is forwarded on to Customer PC.

Step3:SendanHTTPrequestfromanoutsidehosttoaninsidewebserver.
Customer Server provides web services to the public (outside addresses) through the domain name
www.customerserver.com.FollowaprocesssimilartoStep2toobserveanHTTPrequestonISPWorkstation.
a. Click ISP Workstation. Click the Desktop tab, and then Web Browser. In the URL field, type the
CustomerServerwebaddress(www.customerserver.com).MakesurethatyouareinSimulationmode, and
then click Go.
b. You can either clickAuto Capture/Play or Capture/Forward to step through each stage of the
process.ThesameARPandDNSprocessesoccurbeforetheISPWorkstationcanformulateanHTTP request.
c. WhentheHTTPrequestarrivesatCustomerRouter,checkthepacketcontents. Whatistheinside local
address? What is the inside global address?
 Experirment-19

Observing Static and Dynamic Routing

Objective
Observethenetworkbehaviorusingstaticanddefaultroutingonlyandcompareittothebehaviorof dynamic
routing.

Background/Preparation
Inthisexercise,youwillobservewhattheadaptabilityofdynamicroutingcomparedtostaticanddefault routing.
The Ticket Sales Office network is currently configured using static and default routing.

Requiredfile:ObservingStaticandDynamicRouting.pka

Step1:TestConnectivityUsingStaticandDefaultRouting.
OpenaCommandPromptonPC0.
Trace(tracert)aconnectiontotheEdge1FastEthernet0/0address.Thisshouldbe successful.

Step2:BringdownFrameRelayNetworkandObserveRouting.
OntheBR2router,shutdownthelinktotheFrameRelaynetwork.
 PerformatracefromPC0againtotheEdge1FastEthernet0/0address.Whathappens this time?

Step3:ConfigureDynamicRoutingandObserve Routing

a. ConfigureEIGRP(AS10)ontheBR2andISP2routers.Besuretoincludealldirectlyconnected networks
and turn off auto-summary.
b. DoathirdtracefromPC0totheEdge1FastEthernet0/0interface.(Itshouldbesuccessful again.)
c. Didthepathchange?Ifso,how?

Reflection

Whataretheadvantagesofusingdynamicrouting?Staticanddefaultrouting?

Thestaticroutesinthislabweresetwithan administrativedistanceof130.What would

have happened if they were set at 30? At 230?
 Experiment-20

Configuring Ethernet and Serial Interfaces

Topology Diagram

Objectives
 ConfigureaLANEthernetinterface.
 ConfigureaWANserialinterface.
 Verifytheinterfaceconfigurations.

Background/Preparation
Inthisactivity,youwillconfiguretheLANEthernetinterfaceandtheWANserialinterfaceontheCustomer Cisco 1841
router.

Step1:ConfiguretheLANEthernet interface.
a. UsetheterminalemulationsoftwareontheCustomerPCtoconnecttotheCisco1841Customer Router.
Enter cisco for the console password.
b. EnterprivilegedEXECmodeusingcisco123fortheprivilegedEXECpassword.The
CustomerRouter# prompt indicates that you are in privileged EXEC mode.
c. Enterglobalconfigurationmode.TheCustomerRouter(config)#promptindicatesthatyouareinglobal
configuration mode.
d. IdentifywhichLANinterfacetoconfigurewithanIPaddress.ToconfiguretheFastEthernetinterface, use this
command.

CustomerRouter(config)#interfaceFastEthernet0/0

Addadescriptiontotheinterface.

CustomerRouter(config-if)#descriptionConnectedtoCustomerSwitch
SpecifytheIPaddressandsubnetmaskfortheinterface.

CustomerRouter(config-if)#ipaddress192.168.1.1255.255.255.0

Ensurethattheinterfaceisenabled.

CustomerRouter(config-if)#noshutdown

Exitinterfaceconfigurationmode.

CustomerRouter(config-if)#end

Step2:VerifytheLANinterfaceconfiguration.

Usetheshowiproutecommandtoverifyyourconfiguration.Thisisapartialexampleoftheoutput.

CustomerRouter#showiproute

<outputomitted>

Gatewayoflastresortisnotset

C 192.168.1.0/24isdirectlyconnected,FastEthernet0/0

Step3:ConfiguretheWANserial interface.
RefertothediagraminthePacketTracerworkspaceareaandthecommandsusedinStep1toconfigurethe WAN
serial interface on Customer Router.
Tip:RemembertheCiscoIOSCLIHelpcommandstoconfiguretheinterface.

a. Enterglobalconfigurationmode.
b. Identifytheserialinterfaceto configure.
c. Describetheinterface.(Connectedto ISP)
d. SpecifytheinterfaceIPaddressandsubnetmask.(209.165.200.225255.255.255.224)
e. Ensurethattheinterfaceisenabled.
f. Endinterfaceconfigurationmode.

Step4:Verifytheinterfaceconfigurations.
Usetheshowruncommandtoverifyyourconfiguration.Thisisapartialexampleoftheoutput.

CustomerRouter#showrun
...
!
interfaceFastEthernet0/0
descriptionConnectedtoCustomerSwitchi
p address 192.168.1.1 255.255.255.0
duplexauto
speed auto
 !
interfaceFastEthernet0/1
no ip address
duplexauto
speed auto
shutdown
!
interface Serial0/1/0
descriptionConnectedtoISP
ipaddress209.165.200.225255.255.255.224
!

UsethepingcommandtoverifyconnectivitytotheWANinterfaceontheISProuter.Thisisapartialexample of the
output.

CustomerRouter#ping209.165.200.226

Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto209.165.200.226,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),round-tripmin/avg/max=35/37/47ms

Usethepingcommandtoverifyconnectivitytothecustomerswitch.Thisisapartialexampleoftheoutput.

CustomerRouter#ping192.168.1.1

Typeescapesequenceto abort.
Sending5,100-byteICMPEchosto192.168.1.1,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),round-tripmin/avg/max=0/5/12ms

Step5:Savethe configuration.
a. InprivilegedEXECmode,savetherunningconfigurationtothestartupconfiguration.

CustomerRouter#copyrunstart

b. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.

Reflection

a. WhenyoupingtheLANIPaddressoftheISProuter,whathappensandwhy?

b. Whichofthe followingCisco ISOCLI modesdoyouneedtobeintoconfigurethedescriptionof an

interface?
 CustomerRouter#
 CustomerRouter>
 CustomerRouter(config)#
 CustomerRouter(config-if)#
c. YouconfiguredtheFastEthernet0/0interfacewiththe noshutdowncommandand
verified the configuration. However, when you rebooted the router, the interface was
shutdown. You reconfigured the Fast Ethernet 0/0 interface and verified that the
configuration works. Explain what most likely happened.
 Experiment-21

Configuring a Default Route

Topology Diagram

Objectives
 Configureadefaultrouteonarouter.

Background/Preparation
In this activity, you will configure a default route on the Cisco 1841 Customer router. The default route
configurationusestheWANIPaddressontheCisco1841ISProuter.Thisisthe next-hop routerfromthe Cisco 1841
Customer router.

Step1:VerifyreachabilityfromCustomerRoutertotheLANIP addressontheISP router.

a. UseterminalemulationsoftwareontheCustomerPCtoconnect tothecustomerCisco1841 router.
Use cisco123 for the console password.
b. UsethepingcommandtoverifyiftheLANIPaddress209.165.201.1ontheISProuteris
reachable from the CustomerRouter

CustomerRouter>ping209.165.201.1

Typeescapesequenceto abort.
Sending5,100-byteICMPEchosto209.165.201.1,timeoutis2seconds:
.....
Successrateis0percent(0/5)

Step2:Configurethedefaultroute.
a. EnterprivilegedEXECmodeusingthepassword cisco.TheCustomerRouter#promptindicates that
you are in privileged EXEC mode.
b. Enterglobalconfigurationmode.TheCustomerRouter(config)#promptindicatesthatyouarein global
configuration mode.
c. ConfigureadefaultrouteusingtheISPWANIPaddressasthenexthopIP address.
 CustomerRouter(config)#iproute0.0.0.00.0.0.0209.165.200.226
CustomerRouter(config)#end

Step3:Verifythedefaultrouteconfiguration.
a. Usethe show iproutecommandtoverifytheconfigurationofthedefaultroute.Thisisapartialexample of the
output.

CustomerRouter#showiproute
Codes:C-connected,S-static,...

Gatewayoflastresortis209.165.200.226tonetwork0.0.0.0 C

192.168.1.0/24 is directly connected, FastEthernet0/0

209.165.200.0/27issubnetted,1subnets
C 209.165.200.224isdirectlyconnected,Serial0/1/0
S*0.0.0.0/0 [1/0] via 209.165.200.226

b. UsethepingcommandtoverifyconnectivitytotheLANIPaddressontheISProuter

CustomerRouter#ping209.165.201.1

Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto209.165.201.1,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),round-tripmin/avg/max=22/25/34ms

Step4:Savethe configuration.
a. FromprivilegedEXECmode,savetherunningconfigurationtothestartupconfiguration.

i. CustomerRouter#copyrunstart

b. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.

Reflection
Youcannowaccesstheentire ISPnetwork.Writedownsomeissuesandconsiderationstodiscusswithyour classmates
about this configuration. Here are two questions to begin with:
 IsthistypeofaccesstotheISP LANlikelytohappenintherealworld?

 Whyhasthestudentactivitybeenconfiguredtoallowthistypeofaccess?
 Experirment-22

Configuring Static and Default Routes

Topology Diagram

Objectives
 Configurestaticroutesoneachroutertoallowcommunicationbetweenallclients.
 Testconnectivitytoensurethateachdevicecanfullycommunicatewithallother devices.

Background/Preparation
This topology represents a small WAN. Each device in this network has been configured with IP addresses;
however,noroutinghasbeenconfigured.Thecompanymanagementwantstousestaticroutestoconnectthe multiple
networks.

Step1:TestconnectivitybetweenthePCsandthedefaultgateway.
TodetermineifthereisconnectivityfromeachPCtoitsconfiguredgateway,firstuseasimplepingtest.
a. ClickBOpcandgotoDesktop>CommandPrompt.
b. Fromthecommandprompt,typethe ipconfigcommand.NotetheIPaddressfor BOpcandthedefault
gateway address. The default gateway address is the IP address for the Fast Ethernet interface on
BranchOffice.
c. Ping192.168.1.1,thedefaultgatewayaddressfortheBranchOfficeLAN,fromthecommandprompt on
BOpc. This ping should be successful.
d. ClickPNpcandgoto Desktop>CommandPrompt.
e. Fromthecommandprompt,typethe ipconfigcommand.NotetheIPaddressfor PNpcandthedefault
gateway address. The default gateway address is the IP address for the Fast Ethernet interface on
PartnerNet.
f. Ping192.168.3.1,thedefaultgatewayaddressforthePartnerNetLAN,fromthecommand prompton PNpc.
This ping should be successful.
g. Repeatstepsa,b,andcfor MOpcanditsrespectivedefaultgateway,theFastEthernetinterfaceon
MainOffice. Each of these ping tests should be successful.

Step2:Pingbetweenrouterstotestconnectivity.
UseaconsolecableandterminalemulationsoftwareonBOpctoconnecttoBranchOffice.
 a. TestconnectivitywithMainOfficebypinging10.10.10.1,theIPaddressofthedirectlyconnected serial
3/0 interface. This ping should succeed.
b. TestconnectivitywithMainOfficebypinging10.10.10.5,theIPaddressoftheserial2/0interface. This
ping should fail.
c. Issuetheshow iproutecommand fromtheterminalwindowofBOpc.Notethatonlydirectly
connected routes are shown in the BranchOffice routing table. The ping to 10.10.10.5 failed
because the BranchOffice router has no routing table entry for 10.10.10.5.
d. RepeatstepsathroughdontheothertwoPCs.Thepingstodirectlyconnectednetworkswill succeed.
However, pings to remote networks will fail.
e. Whatstepsmustbetakentoreachallthe networksfromanyPCintheactivity?

Step3:Viewingtherouting tables.
YoucanviewroutingtablesinPacketTracerusingtheInspecttool.TheInspecttoolisintheCommonTools bar to the
right of the topology. The Inspect tool is the icon that appears as a magnifying glass.
a. IntheCommonToolsbar,clickontheInspecttool.
b. ClicktheMainOfficerouterandchooseRoutingTable.
c. ClicktheBranchOfficerouterandchooseRoutingTable.
d. ClickthePartnerNetrouterandchooseRoutingTable.
e. Movetheroutingtablewindowsaroundsothatyoucanseeallthreeatonce.
f. Whatnetworksdoeachoftheroutersalreadyknowabout?

g. Doeseachrouterknowhowto routetoallnetworksinthetopology? Aftercomparingtherouting tables,

close the windowfor eachroutingtable byclickingthe xinthe upper right corner ofeach window.

Step4:ConfiguredefaultroutesontheBranchOfficeandPartnerNet routers.
Toconfigurestaticroutesforeachrouter,firstdetermine whichroutesneedtobeaddedforeachdevice.Forthe
BranchOffice and the PartnerNet routers, a single default route allows these devices to route traffic for all
networks not directly connected. To configure a default route, you must identify the IP address of the next hop
router, which in this case is the MainOffice router.
a. FromtheCommontoolbar,clickthe Selecttool.
b. MovethecursorovertheredseriallinkbetweentheBranchOfficerouterandtheMainOffice router.
Notice that the interface of the next hop is S3/0.
c. MovethecursorovertheMainOfficerouterandnotethattheIPaddressforSerial3/0is
10.10.10.1.
d. Movethecursorovertheredseriallinkbetweenthe PartnerNetrouterandtheMainOffice router. Notice
that the interface of the next hop is S2/0.
e. MovethecursorovertheMainOfficerouterandnotethattheIPaddressforSerial2/0is
10.10.10.5.
f. ConfigurethestaticroutesonboththeBranchOfficeandPartnerNetroutersusingtheCLI.Click the
BranchOffice router, and click the CLI tab.
g. AttheBranchOffice>prompt,typeenabletoenterprivilegedEXECmode.
h. AttheBranchOffice#prompt,typeconfigureterminal.
 i. Thesyntaxforadefaultrouteisiproute0.0.0.00.0.0.0next_hop_ip_address.Typeiproute
0.0.0.00.0.0.010.10.10.1.
j. TypeendtogetbacktotheBranchOffice#prompt.
k. Typecopyrunstarttosavetheconfigurationchange.
l. Repeatstepsfthroughkonthe PartnerNetrouter,using10.10.10.5asthenexthopIPaddress.

Step5:ConfigurestaticroutesatMainOffice.
TheconfigurationofstaticroutesattheMainOfficeisabitmorecomplexbecausethe MainOfficerouteris responsible
for routing traffic to and from the Branch Office and PartnerNet LAN segments.
The MainOffice router knows only about routes to the 10.10.10.0/30, 10.10.10.4/30, and 192.168.2.0/24
networksbecausetheyaredirectlyconnected.Staticroutesto the192.168.1.0/24and 192.168.3.0/24networks
needtobeaddedsothattheMainOfficeroutercanroutetrafficbetweenthenetworksbehindthe BranchOffice and
PartnerNet routers.
a. ClicktheMainOfficerouter,andthenclicktheCLItab.
b. AttheMainOffice>prompt,typeenabletoenterprivilegedEXECmode.
c. AttheMainOffice#prompt,typeconfigureterminal.
d. Thesyntaxforastaticrouteis iproutenetworksubnet_masknext_hop_ip_address:

iproute192.168.1.0255.255.255.010.10.10.2
iproute192.168.3.0255.255.255.010.10.10.6

e. TypeendtoreturntotheMainOffice#prompt.
f. Typecopyrunstarttosavetheconfigurationchange.
g. RepeatstepsathroughefromStep3.Viewtheroutingtablesandnoticethedifferenceintherouting
tables.Theroutingtableforeachroutershouldhavean“S”foreachstaticroute.

Step6:Testconnectivity.
Nowthateachrouterinthetopologyhasstaticroutesconfigured,allhostsshouldhaveconnectivitytoallother hosts. Use ping
to verify connectivity.
a. ClickBOpcandclicktheDesktoptab.
b. ChoosetheCommandpromptoption.
c. Typeping192.168.3.2.Thepingshouldbesuccessful,verifyingthatthestaticroutesareconfiguredproperly
.
d. Typeping192.168.2.2.Noticethattheresultissuccessfuleventhoughyoudidnotspecificallyaddthe
192.168.2.0 network as a static route into any of the routers. Because a default route was used on the
BranchOffice and PartnerNet routers, a route for the 192.168.2.0 network was not needed. The default
route sends all traffic destined off network to the MainOffice router. The 192.168.2.0 network is
directly connected to the MainOffice router; therefore, no additional routes needed to be added to the
routing table
e. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.
 Experiment-23

Configuring RIP
Topology Diagram

Objectives
 Configureroutersusingbasicinterfaceconfigurationcommands.
 EnableRIP.
 VerifytheRIPconfiguration.

Background/Preparation
AsimpleroutednetworkhasbeensetuptoassistinreviewingRIProutingbehavior.Inthisactivity, youwill configure RIP
across the network and set up end devices to communicate on the network.

Step1:ConfiguretheSVC01routerandenableRIP.
a. FromtheCLI,configureinterfaceFastEthernet0/0usingtheIPaddress10.0.0.254/8.
b. Configureinterfaceserial0/0/0usingthefirstusableIPaddressinnetwork192.168.1.0/24to connect
to the RTR01 router. Set the clock rate at 64000.
c. Configureinterfaceserial0/0/1usingthefirstusableIPaddressinnetwork192.168.2.0/24witha clock
rate of 64000.
d. Usingthenoshutdowncommand,enabletheconfiguredinterfaces.
e. ConfigureRIPtoadvertisethenetworksfortheconfiguredinterfaces.
f. Configuretheenddevices.
 i. Server0usesthefirstusableIPaddressinnetwork10.0.0.0/8.Specifytheappropriatedefault
gateway and subnet mask.
ii. Printer0usesthesecondusableIPaddressinnetwork10.0.0.0/8.Specifytheappropriate default
gateway and subnet mask.

Step2:ConfiguretheRTR01routerandenableRIP.
a. ConfigureinterfaceFastEthernet0/0usingthefirstusableIPaddressinnetwork192.168.0.0/24 to
connect to the RTR02 router.
b. Configureinterfaceserial0/0/0usingthesecondusableIPaddressinnetwork192.168.1.0/24to connect
to the SVC01 router.
c. ConfigureinterfaceFastEthernet0/1usingtheIPaddress172.16.254.254/16.
d. Usingthenoshutdowncommand,enabletheconfiguredinterfaces.
e. ConfigureRIPtoadvertisethenetworksfortheconfiguredinterfaces.
f. Configuretheenddevices.
i. PC0usesthefirstusableIPaddressesinnetwork172.16.0.0/16.
ii. PC1usesthesecondusableIPaddressinnetwork172.16.0.0/16.
iii. Specifytheappropriatedefaultgatewayandsubnetmaskoneach PC.

Step3:ConfiguretheRTR02routerandenableRIP.
a. ConfigureinterfaceFastEthernet0/0usingthesecondusableIPaddressinnetwork192.168.0.0
/24toconnecttotheRTR01router.
b. Configureinterfaceserial0/0/0usingthesecondusableIPaddressinnetwork192.168.2.0/24to connect
to the SVC01 router.
c. ConfigureinterfaceFastEthernet0/1usingtheIPaddress172.17.254.254/16.
d. Usingthenoshutdowncommand,enabletheconfiguredinterfaces.
e. ConfigureRIPtoadvertisethenetworksfortheconfiguredinterfaces.
f. Configuretheenddevices.
i. PC2usesthefirstusableIPaddressesinnetwork172.17.0.0/16.
ii. PC3usesthesecondusableIPaddressinnetwork172.17.0.0/16.
iii. Specifytheappropriatedefaultgatewayand subnetmaskoneach PC.

Step4:VerifytheRIPconfigurationoneachrouter.
a. Atthecommandpromptforeachrouter,issuethecommands showipprotocolsandshowiprouteto verify
RIP routing is fully converged. The show ip protocols command displays the networks the router is
advertising and the addresses of other RIP routing neighbors. The show ip route command output
displays all routes know to the local router including the RIP routes which are indicated by an “R”.
b. Everydeviceshouldnowbeabletosuccessfullypinganyotherdeviceinthisactivity.
c. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.
 Experiment-24

Planning Network-based Firewalls

Topology Diagram

Objectives
 Placefirewallsinappropriatelocationstosatisfysecurityrequirements.

Background/Preparation
You are a technician who provides network support for a medium-sized business. The business has grown and
includesaresearchanddevelopmentdepartmentworkingonanew,veryconfidentialproject.Thelivelihoodof the
project depends on protecting the data used by the research and development team.
Your job is to install firewalls to help protect the network, based on specific requirements. The Packet Tracer
topologythatyouwilluseincludestwopreconfiguredfirewalls.Inthetwoscenariospresented,youwillreplace the
existing routers with the firewalls. The firewalls need to be configured with the appropriate IP address
configurations, and the firewalls should be tested to ensure that they are installed and configured correctly.

Scenario1:ProtectingtheNetworkfromHackers
Becausethecompanyisconcernedaboutsecurity,yourecommendafirewalltoprotectthenetworkfrom hackers on the
Internet. It is very important that access to the network from the Internet is restricted.
Firewall_1hasbeenpreconfiguredwiththeappropriaterulestoprovidethesecurityrequired.Youwillinstallit on the
network and confirm that it is functioning as expected.
Step1:ReplaceRouter_AwithFirewall_1.
a. RemoveRouter_AandreplaceitwithFirewall_1.
b. Connect the Fast Ethernet 0/0 interface on Firewall_1 to the Fast Ethernet 0/1 interface on
Switch_A.ConnecttheFastEthernet0/1interfaceonFirewall_1totheEthernet6interfaceofthe ISP
cloud. (Use straight-through cables for both connections.)
c. ConfirmthatthehostnameofFirewall_1isFirewall_1.
d. OnFirewall_1,configuretheWANIPaddressandsubnetmaskfortheFastEthernet0/1interface as
209.165.200.225 and 255.255.255.224.
e. ConfiguretheLANIPaddressandsubnetmaskfortheFastEthernet0/0interfaceon Firewall_1 as
192.168.1.1 and 255.255.255.0.

Step2:VerifytheFirewall_1configuration.
a. Usetheshowruncommandtoverifyyourconfiguration.Thisisapartialexampleoftheoutput.

Firewall_1#showrun
Buildingconfiguration...

hostnameFirewall_1
!
interfaceFastEthernet0/0
ipaddress192.168.1.1255.255.255.0
ipnatinside
duplexauto
speed auto
!
interfaceFastEthernet0/1
ipaddress209.165.200.225255.255.255.224
ipaccess-group100in
ipnat outside
duplexauto
speed auto
!
interfaceVlan1
no ip address
shutdown
!
ipnatinsidesourcelist1interfaceFastEthernet0/0overload ip
classless
iproute192.168.2.0255.255.255.0192.168.1.2
iproute192.168.3.0255.255.255.0192.168.1.3
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list100denyipanyhost209.165.200.225
<outputomitted>
!
end

b. FromPC_B,ping209.165.200.225toverifythattheinternalcomputercanaccesstheInternet.

PC>ping209.165.200.225

Pinging209.165.200.225with32bytesofdata:
 Replyfrom209.165.200.225:bytes=32time=107msTTL=120 Reply
from 209.165.200.225: bytes=32 time=98ms TTL=120
Replyfrom209.165.200.225:bytes=32time=104msTTL=120 Reply
from 209.165.200.225: bytes=32 time=95ms TTL=120

Pingstatisticsfor 209.165.200.225:
Packets:Sent=4,Received=4,Lost=0(0%loss), Approximate
round trip times in milli-seconds:
Minimum=95ms,Maximum=107ms,Average=101ms

c. FromprivilegedEXECmodeonFirewall_1,savetherunningconfigurationtothestartupconfiguration using
the copy run start command.

Scenario2:SecuringtheResearchandDevelopmentNetwork
Now that the entire network is secured from traffic originating from the Internet, secure the research and
development network, Subnet C, from potential breaches from inside the network. The research and
developmentteamneedsaccesstoboththeserveronSubnetBandtheInternettoconductresearch.Computers on Subnet
B should be denied access to the research and development subnet.
Firewall_2hasbeenpreconfiguredwiththeappropriaterulestoprovidethesecurityrequired.Youwillinstallit on the
network and confirm that it is functioning as expected.

Step1:ReplaceRouter_CwithFirewall_2.
a. RemoveRouter_CandreplaceitwithFirewall_2.
b. Connect the Fast Ethernet 0/1 interface on Firewall_2 to the Fast Ethernet 0/3 interface on
Switch_A.ConnecttheFastEthernet0/0interfaceonFirewall_2totheFastEthernet0/1interface on
Switch_C. (Use straight-through cables for both connections.)
c. ConfirmthatthehostnameofFirewall_2isFirewall_2.
d. OnFirewall_2,configuretheWANIPaddressandsubnetmaskfortheFastEthernet0/1 interface as
192.168.1.3 and 255.255.255.0.
e. ConfiguretheLANIPaddressandsubnetmaskfortheFastEthernet0/0interfaceof Firewall_2 as
192.168.3.1 and 255.255.255.0.

Step2:VerifytheFirewall_2configuration.
a. Usetheshowruncommandtoverifytheconfiguration.Thisisapartialexampleoftheoutput.

Firewall_2#showrun
Buildingconfiguration...
...
!
interfaceFastEthernet0/0
ipaddress192.168.3.1255.255.255.0
ipnatinside
duplexauto
speed auto
!
interfaceFastEthernet0/1
ipaddress192.168.1.3255.255.255.0
ipaccess-group100in
ipnat outside
duplexauto
 speed auto
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list100permitiphost192.168.2.10any
access-list 100 permit ip host 192.168.1.1 any
<outputomitted>
!
end

b. FromthecommandpromptonPC_B,usethe pingcommandtoverifythatthecomputersonSubnetB cannot

access the computers on Subnet C.

PC>ping192.168.3.10

Pinging192.168.3.10with32bytesofdata:

Requesttimedout.
Requesttimedout.
Requesttimedout.
Requesttimedout.

Pingstatisticsfor 192.168.3.10:
Packets:Sent=4,Received=0,Lost=4(100%loss),

c. FromthecommandpromptonPC_C,usethe pingcommandtoverifythatthecomputersonSubnetCcan access

the server on Subnet B.

PC>ping192.168.2.10

Pinging192.168.2.10with32bytesofdata:

Requesttimedout.
Replyfrom192.168.2.10:bytes=32time=164msTTL=120
Replyfrom192.168.2.10:bytes=32time=184msTTL=120
Replyfrom192.168.2.10:bytes=32time=142msTTL=120

Pingstatisticsfor 192.168.2.10:
Packets:Sent=4,Received=3,Lost=1(25%loss),
Approximate round trip times in milli-seconds:
Minimum=142ms,Maximum=184ms,Average=163ms

d. FromthecommandpromptonPC_C,usethe pingcommandtoverifythatthecomputersonSubnetCcan access

the Internet.

PC>ping209.165.200.225

Pinging209.165.200.225with32bytesofdata:

Reply from 209.165.200.225: bytes=32 time=97ms TTL=120

Replyfrom209.165.200.225:bytes=32time=118msTTL=120
Replyfrom209.165.200.225:bytes=32time=100msTTL=120
Replyfrom209.165.200.225:bytes=32time=110msTTL=120

Pingstatisticsfor 209.165.200.225:
Packets:Sent=4,Received=4,Lost=0(0% loss),
 Approximateroundtriptimesinmilli-seconds:
Minimum=97ms,Maximum=118ms,Average=106ms

e. FromprivilegedEXECmodeonFirewall_2,savetherunningconfigurationtothestartupconfiguration using
the copy run start command.
f. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.

Reflection
a. Whywouldyouinstallafirewallontheinternal network?

b. HowdoesarouterthatisconfiguredtouseNAT helpprotectcomputersystemsontheinsideoftheNAT router?

c. Examine the location of Firewall_1 and Firewall_2 in the completed network topology. Which networks
areconsideredtrustedanduntrustedforFirewall_1?Whichnetworksareconsideredtrustedanduntrusted for
Firewall_2?
 Experiment-25

Configuring a Cisco Router as a DHCP Server

Topology Diagram

Objectives
 ConfigurethecustomerCisco1841ISRasaDHCP server.

Background/Preparation
In this activity, you will continue to configure the Cisco 1841 ISR router for the customer network by
configuringtheDHCPservice.Thecustomerhasseveralworkstationsthatneedtobeautomaticallyconfigured with IP
addresses on the local subnet and appropriate DHCP options to allow access to the Internet.
TheDHCPpoolwillusethe192.168.1.0/24networkbutthefirst49addressesareexcluded.Thedefault gateway and
DNS server also need to be configured as 192.168.1.1 and 192.168.1.10.
Forthisactivity,boththeuserandprivilegedEXECpasswordsare cisco.
Note:PacketTracerdoesnotcurrentlysupportthedomainnameandleaseperiodoptions.Theseoptionsarenot used in this
activity.

Step1:ConfiguretheDHCP service.
a. Fromthecustomerworkstation,useaconsolecableandterminalemulationsoftwaretoconnecttothe console
of the customer Cisco1841 ISR.
b. LogintotheconsoleoftheCisco1841ISRandenterglobalconfigurationmode.
c. BeforecreatingaDHCPpool,configuretheaddressesthatareexcluded.Therangeisfrom192.168.1.1to
192.168.1.49.

CustomerRouter(config)#ipdhcpexcluded-address192.168.1.1192.168.1.49

d. CreateaDHCPpoolcalledpool1.

CustomerRouter(config)#ipdhcppoolpool1
 e. DefinethenetworkaddressrangefortheDHCP pool.

CustomerRouter(dhcp-config)#network192.168.1.0255.255.255.0

f. DefinetheDNSserveras192.168.1.10.

CustomerRouter(dhcp-config)#dns-server192.168.1.10

g. Definethedefaultgatewayas 192.168.1.1.

CustomerRouter(dhcp-config)#default-router192.168.1.1

h. Addanexclusionrangeof192.168.1.1to192.168.1.49totheDHCPpool.

CustomerRouter(dhcp-config)#exit
CustomerRouter(config)#ipdhcpexcluded-address192.168.1.1192.168.1.49

i. Exittheterminal.

Step2:VerifytheDHCPconfiguration.
a. Fromthecustomerworkstation,opentheCommandPromptwindow.
b. Typeipconfig/releasetoreleasethecurrentIPaddress.
c. Typeipconfig/renewtorequestanewIPaddressonthelocalnetwork.
d. VerifythattheIPaddresshasbeencorrectlyassignedbypingingthe LANIPaddressoftheCisco 1841
ISR.
e. ClicktheCheckResultsbuttonatthebottomofthisinstructionwindowtocheckyour work.

Reflection
a. WhatisthepurposeofDHCPonthecustomernetwork?

b. WhatIPaddressisassignedtotheworkstationafteritsIPaddressisrenewed?

c. WhatotherDHCPoptionscanbedefinedontheCisco1841 ISRrouterthatarenot
configured in this activity?
/*
ImplementationofBitstuffingUsingC
*/

#include<stdio
.h>
#include<
conio.h>
#include<s
tring.h>vo
id main() {
inti,j,count=0,nl
; char
str[100];
clrscr();
printf("enterthebitstring:");
gets(str);
for(i=0;i<strlen(str);i++){
count=0;
//thefollowingcodesearchthesixonesingivenstring
for (j=i;j<=(i+5);j++) {
if(str[j]==
'1'){
count
++;
}
}
//ifthereissixonesthenfollingcodeexecutetobitstuffingafterfiveones
if(count==6) {
nl=strlen(str)+2;
for(;nl>=(i+5);nl
--){
str[nl]=str[n
l-1];
}
str[i+5]='
0';
i=i+7;
}
}
puts(str);
getch
();
}
/*
Name:Dijkstra'sAlgorithmForShortestPaths
*/

#include "stdio.h"
#include "conio.h"
#defineinfinity 999
voiddij(intn,intv,intcost[10][10],intdist[])
{
inti,u,count,w,flag[10],min;
for(i=1;i<=n;i++)
flag[i]=0,dist[i]=cost[v][i];
count=2;
while(count<=n)
{
min=99;for(w=1;w<=n;w+
+) if(dist[w]<min && !
flag[w])
min=dist[w],u=w;flag[u]=1;
count++;
for(w=1;w<=n;w++)
if((dist[u]+cost[u][w]<dist[w])&&!flag[w])
dist[w]=dist[u]+cost[u][w];
}
}
voidmain()
{
intn,v,i,j,cost[10][10],dist[10];
clrscr();
printf("\nEnterthenumberofnodes:");
scanf("%d",&n);
printf("\nEnterthecostmatrix:\n");
for(i=1;i<=n;i++)
for(j=1;j<=n;j++)
{
scanf("%d",&cost[i][j]);
if(cost[i][j]==0) cost[i]
[j]=infinity;
}
printf("\nEnterthesourcematrix:");
scanf("%d",&v);
dij(n,v,cost,dist);
printf("\nShortestpath:\n");
for(i=1;i<=n;i++)
if(i!=v)printf("%d->%d,cost=%d\n",v,i,dist[i]);
getch();
}
/*
Name:DistanceVectorRoutinginthisprogramisimplementedusingBellmanFordAlgorithm:-
*/
#include<stdio.h>st
ruct node
{
unsigneddist[20];
unsignedfrom[20];
}rt[10];

intmain()
{
intcostmat[20]
[20];intnodes,i,j,k,cou
nt=0;
printf("\nEnterthenumberofnodes:");
scanf("%d",&nodes);//Enter the nodes printf("\
nEnter the cost matrix :\n"); for(i=0;i<nodes;i++)
{
for(j=0;j<nodes;j++)
{
scanf("%d",&costmat[i][j]);
costmat[i][i]=0;
rt[i].dist[j]=costmat[i][j];//initialisethedistanceequaltocostmatrix
rt[i].from[j]=j;
}
}
do
{
count=0;
for(i=0;i<nodes;i++)//Wechoosearbitaryvertexkandwecalculatethedirectdistancefromthe node i
to k using the cost matrix
//andaddthedistancefromktonodej
for(j=0;j<nodes;j++) for(k=0;k<nodes;k+
+)
if(rt[i].dist[j]>costmat[i][k]+rt[k].dist[j])
{//Wecalculatetheminimumdistance
rt[i].dist[j]=rt[i].dist[k]+rt[k].dist[j];
rt[i].from[j]=k;
count++;
}
}while(count!=0);
 for(i=0;i<nodes;i++)
{
printf("\n\nForrouter%d\n",i+1);
for(j=0;j<nodes;j++)
{
printf("\t\nnode%dvia%dDistance%d",j+1,rt[i].from[j]+1,rt[i].dist[j]);
}
}
printf("\n\n");
getch();
}
/*
CProgramtoimplementprimsalgorithmusinggreedymethodforminimumspanningtree
*/

#include<stdio.h>
#include<conio.h>

intn,cost[10][10];

void prim() {
inti,j,startVertex,endVertex;
intk,nr[10],temp,minimumCost=0,tree[10][3];

/*Forfirstsmallestedge*/ temp
= cost[0][0];
for (i = 0; i< n; i++)
{ for(j=0;j<n;j++){
if(temp>cost[i][j]){
temp=cost[i][j];
startVertex = i;
endVertex = j;
}
}
}
/*Nowwehavefistsmallestedgeingraph*/ tree[0]
[0] = startVertex;
tree[0][1]=endVertex; tree[0]
[2] = temp; minimumCost =
temp;

/*Nowwehavetofindmindisofeachvertexfromeither
startVertex or endVertex by initialisingnr[] array
*/

for(i=0; i<n;i++){
if(cost[i][startVertex]<cost[i][endVertex])
nr[i] = startVertex;
else
nr[i]=endVertex;
}

/*Toindicatevisitedvertexinitialisenr[]forthemto100*/
nr[startVertex] = 100;
nr[endVertex]= 100;

/*Nowfindoutremainingn-2edges*/
temp = 99;
for(i=1; i<n-1;i++){
 for(j=0;j<n;j++) {
if(nr[j]!=100&&cost[j][nr[j]]<temp){ temp =
cost[j][nr[j]];
k =j;
}
}
/*Nowihavegotnextvertex*/ tree[i][0]
= k;
tree[i][1] = nr[k]; tree[i]
[2]=cost[k][nr[k]];
minimumCost=minimumCost+cost[k][nr[k]];
nr[k] = 100;

/*Nowfindifkisnearesttoanyvertex than
its previous near value */

for(j=0;j<n;j++) {
if(nr[j]!=100&&cost[j][nr[j]]>cost[j][k]) nr[j]
= k;
}
temp= 99;
}
/*Nowihavetheanswer,justgoingtoprintit*/ printf("\
nThe min spanning tree is:- \n");
for(i=0;i<n-1;i++){ for (j
= 0; j < 3; j++)
printf("%d\t",tree[i][j]);
printf("\n");
}

printf("\nMincost:%d\t",minimumCost);
}

voidmain()
{ inti, j;
clrscr();

printf("\nEntertheno.ofvertices:");
scanf("%d", &n);

printf("\nEnterthecostsofedgesinmatrixform:\n"); for (i
= 0; i< n; i++)
for (j = 0; j < n; j++)
{ scanf("%d",&cost[i]
[j]);
}

printf("\nThematrixis:");
for (i = 0; i< n; i++) {
 for (j = 0; j < n; j++) {
printf("%d\t", cost[i][j]);
}
printf("\n");
}
prim();
getch();
}
/*
CProgramimplementKruskal'salgorithmforminimumspanningtree
*/

#include<stdio.h>
#include<conio.h>
#include<stdlib.h>
inti,j,k,a,b,u,v,n,ne=1;
intmin,mincost=0,cost[9][9],parent[9];
int find(int);
intuni(int,int);
void main()
{
clrscr();
printf("\n\n\tImplementationofKruskal'salgorithm\n\n");
printf("\nEnter the no. of vertices\n");
scanf("%d",&n);
printf("\nEnterthecostadjacencymatrix\n");
for(i=1;i<=n;i++)
{
for(j=1;j<=n;j++)
{
scanf("%d",&cost[i][j]); if(cost[i]
[j]==0)
cost[i][j]=999;
}
}
printf("\nTheedgesofMinimumCostSpanningTreeare\n\n");
while(ne<n)
{
for(i=1,min=999;i<=n;i++)
{
for(j=1;j<=n;j++)
{
if(cost[i][j]<min)
{
min=cost[i][j];
a=u=i;
b=v=j;
}
}
}
u=find(u);
v=find(v);
if(uni(u,v))
{
printf("\n%dedge(%d,%d)=%d\n",ne++,a,b,min);
mincost +=min;
 }
cost[a][b]=cost[b][a]=999;
}
printf("\n\tMinimumcost=%d\n",mincost);
getch();
}
intfind(inti)
{
while(parent[i])
i=parent[i];
return i;
}
intuni(inti,intj)
{
if(i!=j)
{
parent[j]=i;
return 1;
}
return0;
}