Expa

P age |1
CONTENTS
1. Basic Networks Lab. (Net-Meeting)
2. Basic Router Configurations
3. Configuration of Static Routing protocol
4. Configuration of Dynamic Routing Protocol
a. Configuration of Routing Information Protocol (RIP)

b. Configuration of Enhanced Interior Gateway Routing Protocol (EIGRP)
c. Configuration of Open Shortest Path First Protocol (OSPF)
5. Remote Accessing of Computers - Telnet

6. Configuration of Access Control List (ACL)
a. Configuration of Standard Access Control List

b. Configuration of Extended Access Control List
7. Configuration of Network Address Translation (NAT)
a. Configuration of Static Network Address Translation (S-NAT)

b. Configuration of Dynamic Network Address Translation (D-NAT)
c. Configuration of Port Address Translation (PAT)
8. Configuration of Dynamic Host Configuration Protocol (DHCP)
9. Configuration of Virtual Local Area Network (VLAN)
10. Configuration Inter-VLAN
11. Configuration of Virtual Trunking Protocol (VTP)
P age |2
12. Configuration of Switch-port security.

13. Port numbers
14. Sub-N0etting Questions
15. CCNA Interview Questions.
P age |3
BASIC NETWORKS LAB
NET MEETING
NETMEETING:
Net meeting is a built application in the windows OS, which is used for online presentation and
also for sharing files between two hosts (computers) with the help of internet. In other words,
NetMeeting enables real-time audio, video, and data communication over the Internet. Windows
installs NetMeeting in the \net meeting folder. NetMeeting works best with a fast Internet
connection, such as a 56 kilobytes per second (Kbps) or faster modem, or a local area network
(LAN). For best viewing results, use 800 by 600 resolution or higher. You can also use compact
mode. NetMeeting includes support for the H.323 audio and video conferencing standard and the
T.120 data conferencing standard. NetMeeting can be used to place calls to and receive calls
from products that are H.323 and T.120 compatible. With appropriate equipment and services
from third parties, NetMeeting can place a call to a telephone using an H.323 gateway.
NetMeeting also can place calls to H.323 multipoint control units (MCUs) and participate in
multipoint audio/video conferences.
NETMEETING APPLICATIONS
Placing a Call
You can place NetMeeting calls to multiple users. Microsoft maintains the Microsoft Internet
Directory, which you can use to find other NetMeeting users. To view the Microsoft Internet
Directory, click the Find Someone in a Directory button, and then in select a directory, click
Microsoft Internet Directory.
You cannot call people on the Internet that you have located on Web-based directory servers if
your Internet connection uses a proxy server that does not support NetMeeting.
Additionally, if you cannot connect to someone by using their computer name, try using their IP
address. If you have two active network connections using two separate network cards, you
might not be able to connect to a directory service.
P age |4
Receiving a Call
You are ready to receive incoming calls if you are running NetMeeting and have not selected Do
Not Disturb on the Call menu. You are limited in the number of simultaneous connections you
can make, depending on your in TCP/IP registry configuration.
Program Sharing
Any person in a meeting can share a program with the other participants. When you use the
program sharing feature, other people can see the program. When you allow control, other
people can both see and use the program.
When you share a program and decide to allow someone to control it, remote users can use the
File Open and File Save dialog boxes in your program to gain access to or delete files on your
computer or network. You cannot drag an object onto a shared program or drag an object from a
shared program to the desktop.
Whiteboard
NetMeeting users can draw simultaneously on the Whiteboard. Everyone in the meeting can see
what is drawn on the Whiteboard. When one person in a meeting runs Whiteboard, it appears on
everyone's screen.
The Whiteboard does not maximize to the full size if you are using an 1152 by 864 or larger
display.
Chat
Chat enables you to type messages for other users to see. When one person in a meeting runs
Chat, a chat window appears on everyone's screen if they are using NetMeeting 3.0 or later.
NetMeeting 2.11 Chat participants may not be able to close the Chat window if they are
participating in a meeting with a NetMeeting 3.0 or later chat participant. Chat files can be saved
with the .htm file extension, and then opened in an Internet browser.
P age |5
Audio
To use NetMeeting audio features, you need a sound card, speakers, and a microphone. Audio is
only supported with one other person. Sound quality can vary significantly depending on your
sound card, microphone, and connection.
If you modify your sound card device driver in any way, such as upgrading to a full-duplex
driver, you need to run the Audio Tuning Wizard again in order for NetMeeting to work
correctly.
Video
To send video with NetMeeting, you need either a video-capture card and camera, or a video
camera that connects through your computer's parallel (printer) port or USB port.
Cameras that have a video-capture card use less of your computer's processing resources than
cameras that connect through your computer's parallel port.
Video is only supported with one other person at a time.
The default setting for video over a 28.8 Kbps modem connection is Better quality. To change
this setting, click the Tools menu, click Options, click the Video tab, and then adjust the Video
quality option.
Remote Desktop Sharing
Using Remote Desktop Sharing, NetMeeting 3.0 or later can call an unattended computer (host)
running the Remote Desktop Sharing service, and then access that computers shared desktop.
Once you are connected, you can work in the hosts shared desktop and in any program that the
host computer has access to.
Administrators can give users the ability to access a computer via Remote Desktop Sharing
without giving them accounts with administrator privilege.
P age |6
Step 1: start Run conf click on OK
By default when the Microsoft Windows Operating System is installed in a place. The net
meeting application wont be enabled and also you cant see it anywhere in the start menu. But
you can activate/install the net meeting by following some simple steps.
The snapshot shows the first step of installation of Net-meeting. Click on Start in your desktop
task bar. Click on Run, the keyboard shortcut to get the run window is press start button and the
Letter R in your keyboard. After getting the Run window. Enter the word as conf and press
enter.
P age |7
Step 2: Click on Next
Once after pressing Enter, you will get the net meeting like the one shown in the above snapshot.
You have to click on Next tab to move to further installation of net meeting.
P age |8
Step 3: Enter the FirstnameLast name e-mail address Location and Click on next
Here comes the second window, were you have to spend some time to type some information,
before going to the further installation steps.
In the first name and Last name Tab, if it is a personal computer you can give your name or any
name of your interest, if it is a company or organization, it will be a good practice to give the
company or organization name in the place of First name and last name tab. In the third tab, you
have to enter the valid e-mail id address and it is optional to enter the information on location,
where you can give place where you are citied and comments of your interest.
Once after filling all the information, click on Next to continue with the next step of installation.
P age |9
Step 4: Dont check on any check box. Click on Next
The snapshot of the next window is shown above, dont check in any box, click on next to
proceed with the further installation.
P a g e | 10
Step 5: Click on the speed of your connection and click on Next
Spend few seconds to fill the some important information, in this step, in this step you have to
select the speed of your connection. Once after checking the relevant checkbox with respect to
your connection speed. You can click on the next tab and proceed with the further step of
installation.
P a g e | 11
Step 6: Check on both the check box and click on Next
P a g e | 12
Step 7:click on Next
P a g e | 13
Now the Net meeting has been installed successfully.
P a g e | 14
Step 8: Enter the IP address of the host to who you want to share the share the program, chat and
transfer the files. In addition to this you can also use a feature called whiteboard, were you can
conduct the seminar /presentation to many clients.
P a g e | 15
BASIC ROUTER CONFIGURATIONS

This session will start with introducing the IOS (Inter-Network Operating system). The IOS runs
in the Cisco router and Cisco switches and it allows configuring the devices. We use the
Command Line Interface (CLI) to configure the router. You can access the Cisco IOS through
the console port of a router, from a modem into the auxiliary (or aux) port, or even through
Telnet.
This Cisco IOS software is responsible for,

a. Carrying network protocols and functions.
b. Connecting high-speed traffic between devices.
c. Adding security to control access and stop unauthorized network use.
d. Providing scalability for ease of network growth and redundancy.
e. Supplying network reliability for connecting to network resources.
Figure 2.1: A Cisco Router
ROUTER CONFIGURATION MODES

The router has 4 configuration modes:
a. User mode
b. Privileged mode
c. Global configuration mode
d. Interface configuration mode.
P a g e | 16
a. USER MODE:
User mode is otherwise called as Authentication mode.
We can execute basic monitoring commands.
In short, we can view the configurations with restrictions.
Example:
Router > this syntax denotes that the router is in user configuration mode.
b. PREVILAGED MODE :
Here we can get access to all other router commands.
We can view the configurations without any restrictions.
Example:
Router# this syntax denotes that the router is in Privileged mode.
c. GLOBAL CONFIGURATION MODE:
What ever command is executed in this mode will affect the entire system.
In this mode you can modify the name of the router; you can implement the
authentication process and so on.
Example:
Router (config) # this syntax denotes that the router is in Global Configuration
mode.
d. INTERFACE / SPECIFIC CONFIGURATION MODE:
The commands executed in this mode will affect only the particular interfaces,
Routing process or Lines only.
In this mode you can assign the address to the particular interface, shutdown the
particular interface and so on.
Example:
Router (config-if) # this syntax denotes that the router is in particular
P a g e | 17
MOVING BETWEEN MODES

MODES
change from User mode to privileged
mode
Change from privileged mode to user
mode
Change to Global Configuration mode
from Privileged mode
Exit from any configuration mode to
privileged mode
SYNTAX
Router> enable
Router> disable
Router# configure terminal
Router (config) # exit
Enter into Interface configuration mode
Router(config)#interface <interface name>
from Global configuration mode
<interface number>
Enter router configuration mode from

Global configuration
Router (config) # router rip
HELP COMMANDS
COMMAND
MEANING
Router# ?
show all available commands
Router #c?
Shows all commands starting with the letter c
Router #clock ?
Shows all available commands for Clock

command
P a g e | 18
Example for Basic router configurations:
ROUTER1 BASIC INTERFACE CONFIGURATION

Router>enable
Router#configure terminal
Router(config)#hostname Router0
Router0(config)#interface fastethernet 0/0
Router0(config-if)#ip address 10.0.0.1 255.255.255.0
Router0(config-if)#no shutdown
Router0(config-if)#exit
Router0(config)#interface serial 0/1/0
Router0(config-if)#clock rate 64000
P a g e | 19
ROUTER2 BASIC INTERFACE CONFIGURATION

Router>enable
Router(config)#hostname Router1
Router1(config)#interface fastethernet 0/0
Router1(config)#interface serial 0/1/0
Router1(config-if)#clock rate 64000
Router1#(config-if)#exit
To view the interface details
For example to know the router0 interface details
Router0#show ip interface brief
Output:
Interface
FastEthernet0/0
Serial0/1/0
IP-Address
10.0.0.1
20.0.0.1
OK? Method Status
YES manual up
YES manual up
Protocol
up
up
P a g e | 20
CONFIGURATION OF STATIC ROUTING PROTOCOL
ROUTING BASICS
In an internetwork the router is used to route the traffic to all the networks connected to it. In
order to accomplish this task, at minimum a router must know the following:
The destination address.
The neighbor routers from which it ca. learn about remote networks
Possible routes to all remote networks.
The best route to each remote network.
How to maintain and verify routing information.
The router builds the routing table, which describes how to find the remote networks. If a
network is directly connected to the router then the router knows to connect to it, on the other
hand, if the network is not directly connected to the router, the router can know the remote
networks in 2 ways.
Static routing.
Dynamic routing.
In this session we will have a discussion about the Static routing and the later session we will be
discussing the dynamic routing.
STATIC ROUTING:
Static routing is the simple way to add the routing information to the routing table. Static routing
is done by adding the routes in each routers table.
Syntax
The syntax used to configure the static route information for a router to possible use in its routing
table is,
Route#(config)# ip route [Destination network address] [Subnet mask] [Next hop address or
forwarding address]
P a g e | 21
DEFAULT ROUTING:
Default routing is used to send packets with a remote destination network not in the routing table
to the next-hop router. Default routing is used only on stub networksthose with only one exit
path out of the network. A default route as a static route that uses wildcards instead of network
and mask information.
Syntax:
Router(config)#ip route [any network (0.0.0.0)] [any subnet mask (0.0.0.0)] [forwarding address
or interface name]
Example:
Router(config)#ip route 0.0.0.0 0.0.0.0 10.1.11.1
EXAMPLE--1
Router 0
Router 1
P a g e | 22
Assignment:
For the network diagram given below, update the routing table of each router by
implementing the static routing protocol using the Cisco packet tracer simulation
software?
P a g e | 23
CONFIGURATION OF DYNAMIC ROUTING PROTOCOL
A. ROUTING INFORMATION PROTOCOL (RIP):
RIP version 1
Routing Information Protocol (RIP) is a distance-vector routing protocol. RIP sends the complete
routing table to all active interfaces every 30 seconds. RIP uses the hop count only to determine
the best route to a remote network, but it has a maximum allowable hop count of 15 by default,
meaning that 16 is deemed unreachable.
RIP works well in small networks, but its inefficient on large networks with slow WAN links or
on networks with a large number of routers installed.
RIP version 2
RIP version 2 is mostly the same as RIP version. Both RIPv1 and RIPv2 are distance-vector
protocols, which mean each router running RIP sends its complete routing Tables out all active
interfaces at periodic time intervals. Both RIPv1 and RIPv2 are configured as classful addressing
(but RIPv2 is considered classless because subnet information is sent with each route update),
and both have the same administrative distance (120).
RIP V1
RIP V2
Distance vector
Distance vector
Maximum hop count 15
Maximum hop count 15
Classful
Classless
Broadcast based
Uses multicast 224.0.0.9
Not supports VLSM
Supports VLSM networks
No authentication
Allows MD5 authentication
P a g e | 24
Syntax:
Router (config)#router rip
Router(config-router)#Version <1-2>
Router(config-router)#network <connected network id>
Once after configuring thr RIP in an router, we can check the routing table whether the routes
information is updated. This can be done by the command.
Router#show ip route
To view the RIP updates being sent and received on a router, the following command is used,
Router#debug ip rip
EXAMPLE
ROUTER 0
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 10.0.0.0
P a g e | 25
ROUTER 1
ROUTER 2
ROUTER 3
ROUTER 4
P a g e | 26
ROUTER 5
OUTPUT:
In ROUTER5,
Router# show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 [120/3] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/3] via 101.0.0.2, 00:00:17, Serial0/1/1
20.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1
30.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1
40.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1
50.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1
60.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0
70.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0
80.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/2] via 101.0.0.2, 00:00:17, Serial0/1/1
90.0.0.0/30 is subnetted, 1 subnets
P a g e | 27
C
R
90.0.0.0 is directly connected, Serial0/1/0

100.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0
[120/1] via 101.0.0.2, 00:00:17, Serial0/1/1
In ROUTER 1,
Router#debug ip rip
RIP protocol debugging is on

router0#RIP: received v2 update from 30.0.0.2 on Serial0/1/0
20.0.0.0/8 via 0.0.0.0 in 1 hops
40.0.0.0/8 via 0.0.0.0 in 2 hops
50.0.0.0/8 via 0.0.0.0 in 1 hops
70.0.0.0/8 via 0.0.0.0 in 2 hops
80.0.0.0/8 via 0.0.0.0 in 1 hops
90.0.0.0/8 via 0.0.0.0 in 3 hops
100.0.0.0/8 via 0.0.0.0 in 2 hops
101.0.0.0/8 via 0.0.0.0 in 2 hops
RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (10.0.0.1)
RIP: build update entries
20.0.0.0/8 via 0.0.0.0, metric 2, tag 0
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
40.0.0.0/8 via 0.0.0.0, metric 3, tag 0
50.0.0.0/8 via 0.0.0.0, metric 2, tag 0
60.0.0.0/8 via 0.0.0.0, metric 1, tag 0
70.0.0.0/8 via 0.0.0.0, metric 2, tag 0
80.0.0.0/8 via 0.0.0.0, metric 2, tag 0
90.0.0.0/8 via 0.0.0.0, metric 3, tag 0
100.0.0.0/8 via 0.0.0.0, metric 3, tag 0
101.0.0.0/8 via 0.0.0.0, metric 3, tag 0
P a g e | 28
RIP: sending v2 update to 224.0.0.9 via Serial0/1/0 (30.0.0.1)

10.0.0.0/8 via 0.0.0.0, metric 1, tag 0
60.0.0.0/8 via 0.0.0.0, metric 1, tag 0
70.0.0.0/8 via 0.0.0.0, metric 2, tag 0
90.0.0.0/8 via 0.0.0.0, metric 3, tag 0
RIP: sending v2 update to 224.0.0.9 via Serial0/0/0 (60.0.0.1)
10.0.0.0/8 via 0.0.0.0, metric 1, tag 0
20.0.0.0/8 via 0.0.0.0, metric 2, tag 0
30.0.0.0/8 via 0.0.0.0, metric 1, tag 0
40.0.0.0/8 via 0.0.0.0, metric 3, tag 0
50.0.0.0/8 via 0.0.0.0, metric 2, tag 0
101.0.0.0/8 via 0.0.0.0, metric 3, tag 0
Click on a PC in any source network. (for eg. 10.0.0.2)
Click on command prompt.
Type ping <destination ip address>. (for eg. Ping 20.0.0.2)
PC>ping 20.0.0.2
Pinging 20.0.0.2 with 32 bytes of data:
Reply from 20.0.0.2: bytes=32 time=125ms TTL=126
Ping statistics for 20.0.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 141ms, Average = 129ms
P a g e | 29
Assignment :
For the below given network diagram update the routing table of each router in the network
by implanting the RIPV2 protocol using the cisco packet software simulation software?
P a g e | 30
B. ENHANCED INTERIOR GATEWAY PROTOCOL (EIGRP)

Enhanced Interior Gateway Routing Protocol (EIGRP) is a proprietary Cisco protocol that runs
on Cisco routers. It is important to understand EIGRP because it is probably one of the two most
popular routing protocols in use today. In this chapter, many features of EIGRP and it works,
with particular focus on the unique way it discovers, selects, and advertises routes will be
discussed.
The main features of EIGRP are listed here:
Support for IP and IPv6 (and some other useless routed protocols) via
protocol-dependent modules
Considered classless (same as RIPv2 and OSPF)
Support for VLSM/CIDR
Support for summaries and discontiguous networks
Efficient neighbor discovery
Communication via Reliable Transport Protocol (RTP)
Best path selection via Diffusing Update Algorithm (DUAL)
By default, EIGRP can provide equal-cost load balancing of up to four links (actually, all routing
protocols do this). However, EIGRP actually load balance across up to six links (equal or
unequal)
CONFIGURATION:
EIGRP commands can be configured in two modes:
Router configuration mode.
Interface configuration mode.
Router configuration mode enables the protocol, determines which networks will run EIGRP,
and sets global characteristics.
P a g e | 31
Interface configuration mode allows the customization of summaries, metrics, timers, and
bandwidth.
To start an EIGRP session on a router, use the router eigrp command followed by the
Autonomous system number of your network. Then enter the network numbers connected
To the router using the network command followed by the network number.
Syntax:
Router(config)#router eigrp < 1-65535>
Router(config-router)#network <network address of the connected network>
Router(config-router)#no auto-summary
By using the no auto-summary command, EIGRP will advertise all the subnets between
the two routers.
Router(config)#router eigrp <1-65535>

Router(config-router)#passive-interface <interface name> <interface number>
Doing this will prohibit the interface from sending or receiving hello packets and, as a
result, stop it from forming adjacencies. This means it wont send or receive route
information on this interface.
P a g e | 32
Example:
ROUTER 0
Router(config)#router eigrp 1
ROUTER 1
P a g e | 33
ROUTER 2
ROUTER 3
ROUTER 4
ROUTER 5
P a g e | 34
OUTPUT:
In ROUTER5,

10.0.0.0/8 [120/3] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/3] via 101.0.0.2, 00:00:17, Serial0/1/1
20.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1
30.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1
40.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1
50.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1
60.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0
70.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0
80.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/2] via 101.0.0.2, 00:00:17, Serial0/1/1
C
D

100.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0
[120/1] via 101.0.0.2, 00:00:17, Serial0/1/1
P a g e | 35
PC>ping 20.0.0.2
P a g e | 36
ASSIGNMENT:
For the below given network diagram, update all the routers in the network by implementing the
Enhanced Interior Gateway Routing Protocol (EIGRP), using the Cisco Packet tracer simulation
software?
Requirements:
1. The network 10.0.0.0 should not communicate to 40.0.0.0 and vice versa.
2. The network 10.0.0.0 can communicate to 20.0.0.0 and vice versa.
3. the network 40.0.0.0 can communicate to 20.0.0.0 and vice versa
Hint: the above simulation can be done, by implementing 2 EIGRP protocols in Router1 with
different autonomous value and one EIGRP in router0 and router 3.
P a g e | 37
C. OPEN SHORTEST PATH FAST (OSPF)

Open Shortest Path First (OSPF) is an open standards routing protocol that has been
implemented by a wide variety of network vendors, including Cisco. This works by using the
Dijikstra algorithm. First a shortest path tree is constructed, and then the routing table is
populated with the resulting best paths. OSPF converges quickly, although perhaps not as
quickly as EIGRP, and it supports multiple, equal-cost routes to the same destination. Like
EIGRP, it does support both IP and IPv6 routed protocols.
OSPF provides the following features:
Consists of areas and autonomous systems
Minimizes routing update traffic
Allows scalability
Supports VLSM/CIDR
Has unlimited hop count
Allows multivendor deployment (open standard)
OSPF is supposed to be designed in a hierarchical fashion, which basically means you can
separate the larger internetwork into smaller internetworks called areas. This is the best design
for OSPF.
CONFIGURATION:
Configuring basic OSPF isnt as simple as RIP, IGRP, and EIGRP, and it can get really complex
once you factor in the many options that are allowed within OSPF.
These two elements are the basic elements of OSPF configuration:
Enabling OSPF.
Configuring OSPF areas
P a g e | 38
ENABLING OSPF:
The easiest and also least scalable way to configure OSPF is to use just a single area.
Doing this requires a minimum of two commands. The command used to activate the OSPF
routing process is as follows:
Router(config)#router ospf <1-65535>
A value in the range 165,535 identifies the OSPF process ID. Its a unique number on this
router that groups a series of OSPF configuration commands under a specific running process.
Different OSPF routers dont have to use the same process ID in order to communicate. Its
purely a local value that essentially has little meaning, but it cannot start at 0. It has to start at a
minimum of 1.
CONFIGURING THE OSPF:

After identifying the OSPF process, identify the interfaces to activate OSPF communications on,
as well as the area in which each resides. This will also configure the networks youre going to
advertise to others. OSPF uses wildcards in the configuration.
Router(config)#router ospf 1
Router(config-router)#network <network id> <wild card mask> area <0-4294967295>
To view OSPF information for one or all OSPF processes running on the router,
Router#show ip ospf
To view the topological database used in ospf,

Router#show ip ospf database
To view all interfaces related to OSPF information,

Router#show ip ospf interface
To view the OSPF information regarding neighbors and adjacency states,

Router#show ip ospf neighbor
P a g e | 39
EXAMPLE:
ROUTER 0
Router(config-router)#network 10.0.0.0 0.255.255.255 area 0
ROUTER 1
P a g e | 40
ROUTER 2
ROUTER 3
ROUTER 4
ROUTER 5
P a g e | 41
OUTPUT:
In ROUTER5,

10.0.0.0/8 [120/3] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/3] via 101.0.0.2, 00:00:17, Serial0/1/1
20.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1
30.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1
40.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1
50.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1
60.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0
70.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0
80.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0

[120/2] via 101.0.0.2, 00:00:17, Serial0/1/1
C
O

100.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0
[120/1] via 101.0.0.2, 00:00:17, Serial0/1/1
P a g e | 42
PC>ping 20.0.0.2
P a g e | 43
ASSIGNMENT
For the given network diagram below, update the routing table of routers in the network, by
implementing the Open shortest Path first (OSPF) routing protocol, using the cisco packet tracer
simulation software and follow the requirements as given below,
Requirements:
1. Router 0, Router 1 and Router 2 should be in area 0
2. Router 3 and Router 4 should be in area 1.
P a g e | 44
REMOTE ACCESS OF COMPUTERS TELNET
Telnet is a protocol used on the Local Area Networks for the purpose of bidirectional
communications using the virtual terminal connection. The telnet is often thought as a simple
facility for remote logins to a computer in the remote location via Internet. It offers the users, the
capability of running programs remotely and facilitates remote administration. telnet is a third
level protocol the function of which is to make a
the system or a
terminal (or process) at a using site appear to
process at a serving site as logically equivalent to a terminal
"directly"
connected to the serving site.
In order to set up the router to allow Telnet access, issue the line vty command. This command
allows for the configuration of Virtual Terminal (VTY) lines for remote console access. You can
configure the router to accept one or more Telnet sessions. It is strongly suggested that you
configure password checking with the login and password line configuration commands. Telnet
may provide you with access to the the CLI (Command Line Interface) of your modem or router.
Telnet, part of the TCP/IP protocol suite, is a virtual terminal protocol that allows you to make
connections to remote devices, gather information, and run programs. After your routers and
switches are configured, you can use the Telnet program to reconfigure and/or check up on your
routers and switches without using a console cable. You run the Telnet program by typing telnet
from any command prompt (DOS or Cisco).
SYNTAX:
Router(config)#line vty <0-15 first line number> <1-15 last line number>
Router(config-line)#login
Router(config-line)#password <word>
P a g e | 45
EXAMPLE:
In this example, we will configure a network with 2 routers and we will implement telnet
protocol on both the routers to enable the remote accessing.
Cisco1:
Router>
Router>enable
Router(config)#hostname cisco1
cisco1(config)#enable password cisco
cisco1(config)#interface fastethernet0/0
cisco1(config-if)#ip addresss 10.0.0.1 255.0.0.0
cisco1(config-if)#no shutdown
cisco1(config-if)#interface serial0/1/0
cisco1(config-if)#ip address 30.0.0.1 255.255.255.252
cisco1(config-if)#clock rate 64000
cisco1(config-if)#no shutdown
cisco1(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.2
cisco1(config)#line vty 0 4
cisco1(config-line)#login
P a g e | 46
% Login disabled on line 66, until 'password' is set

cisco1(config-line)#password cisco
Cisco1:
Router>
Router>enable
Router(config)#hostname cisco2
Cisco2(config)#enable password cisco
Cisco2(config)#interface fastethernet0/0
Cisco2(config-if)#ip address 20.0.0.1 255.0.0.0
Cisco2(config-if)#no shutdown
Cisco2(config-if)#interface serial0/1/0
Cisco2(config-if)#ip address 30.0.0.2 255.255.255.252
Cisco2(config-if)#clock rate 64000
Cisco2(config-if)#no shutdown
Cisco2(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.1
cisco1(config)#line vty 0 4
cisco1(config-line)#login
cisco1(config-line)#password cisco
P a g e | 47
OUTPUT:
PC>telnet 10.0.0.1
Trying 10.0.0.1 ...
User Access Verification
Password: cisco
cisco1>enable
Password: cisco
cisco1#show ip interface brief
Interface
IP-Address
OK? Method Status
FastEthernet0/0
10.0.0.1
FastEthernet0/1
unassigned
Serial0/1/0
Vlan1
30.0.0.1
unassigned
Protocol
YES manual up
up
YES manual administratively down down
YES manual up
up
cisco1#show ip route
P a g e | 48

Gateway of last resort is 30.0.0.2 to network 0.0.0.0
10.0.0.0/8 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 30.0.0.2
cisco1#enable
cisco1#telnet 30.0.0.2
Trying 30.0.0.2 ...
User Access Verification
Password: cisco
cisco2>enable
Password: cisco
cisco2#show ip interface brief
Interface
IP-Address
OK? Method Status
FastEthernet0/0
20.0.0.1
FastEthernet0/1
unassigned
Serial0/1/0
30.0.0.2
Protocol
YES manual up
up
YES manual up
up
P a g e | 49
Vlan1
unassigned
cisco2#show ip route
Gateway of last resort is 30.0.0.1 to network 0.0.0.0
20.0.0.0/8 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 30.0.0.1

cisco2#exit
[Connection to 30.0.0.2 closed by foreign host]
cisco1#exit
[Connection to 10.0.0.1 closed by foreign host]
PC>
P a g e | 50
CONFIGURATION OF ACCESS CONTROL LIST (ACL)

Creating access lists is like programming a series of if-then statementsif a given condition is
met, then a given action is taken. If the specific condition isnt met, nothing happens, and the
next statement is evaluated. Applying an access list causes the router to analyze every packet
crossing that interface in the specified direction and take the appropriate action. There are two
types of access list,
a. Standard access list

b. Dynamic access list
A. CONFIGURATION OF STANDARD ACCESS CONTROL LIST
These use only the source IP address in an IP packet as the condition test. All decisions are made
based on the source IP address. This means standard access lists basically permit or deny an
entire suite of protocols. They dont distinguish between any of the many types of IP traffic such
as WWW, Telnet, UDP, and so on.
Standard IP access lists filter network traffic by examining the source IP address in a packet.
Standard IP access list are created by using the access-list numbers 199 or 13001999
(expanded range) or any word. Access-list types are generally differentiated using a number.
Based on the number used when the access list is created, the router knows which type of syntax
to expect as the list is entered. By using numbers 199 or 13001999, he router creates a
standard IP access list, so the router will expect syntax specifying only the source IP address in
the test lines.
CONFIGURATION:
1. Access-List: Configures a single access-list statement into a routers memory for use
in a complete access list that will be applied to an interface.
2. IP Access-group: Places an access list on a devices physical interface
3. <ID- number>: Identifies an access list by number as a standard or extended list.
Also allows the creation and separation of multiple access lists.
P a g e | 51
4. Permit or Deny: Specifies the effect of the access-list statement as allowing or

blocking the traffic specified.
5. Hostname or IP address: Specifies the hostname or devices IP address that will be
acted upon in the access-list statement.
6. Host: Specifies a single specific host for the statement
7. Any: Specifies that regardless of the host or device IP, it will match the statement.
SYNTAX:
Router(config)#ip access-list standard <1-99/word>
Router(config-std-nacl)#permit <address yto match / any source host /a single host
address >
Router(config-std-nacl)#deny <address yto match / any source host /a single host
address >
Router(config-std-nacl)#exit
Router(config)#interface fastEthernet <interface number>
Router(config-if)#ip access-group <1-99 / word> < in>
Router(config-if)#exit
Router(config)#interface serial <interface number>
Router(config-if)#ip access-group <1-99 / word> < out>
P a g e | 52
EXAMPLE:
In our example, we are going to specify the rules as, a host with IP 10.0.0.2 should not
communicate with the remote network 20.0.0.0. whereas another host with IP 10.0.0.3 can
communicate with 20.0.0.2 and 20.0.0.3
In Router 0,
Router(config)#ip access-list standard 1
Router(config-std-nacl)#deny 10.0.0.2
Router(config-std-nacl)#deny any
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip access-group 1 in
Router(config)#interface serial 0/1/0
P a g e | 53
Router(config-if)#ip access-group 1 out

Router(config)# ip route 0.0.0.0 0.0.0.0 30.0.0.2
In ROUTER 1,
OUTPUT:
To view the output, In PC with 10.0.0.2, click on the command prompt and do the
following,
PC>ping 20.0.0.2
Request timed out.

Request timed out.
Request timed out.
Request timed out.

PC>ping 20.0.0.3
Request timed out.

Request timed out.
Request timed out.
Request timed out.
P a g e | 54
In PC with IP 10.0.0.3, do the following,
PC>ping 20.0.0.2


PC>ping 20.0.0.3
Request timed out.


If the output are displayed in the screen, you have finished learning how to configure the
standard access-list. In the next section, we will discuss about the dynamic access list.
P a g e | 55
ASSIGNMENT:
Using the Cisco packet tracer simulation software, for the below given network diagram
configure the routing rules by implementing the Standard Access Control List with reference to
the below given requirement
Requirements are,
1. deny the host 10.0.0.3 to communicate with the network 40.0.0.0.0
2. deny the host 20.0.0.2 to communicate with the network 10.0.0.0
P a g e | 56
B. CONFIGURATION OF EXTENDED ACCESS CONTROL LIST:

With a standard IP access list, we cant allow users to get to one network service and not another.
Said another way, when decisions are to be based on both source and destination addresses, a
standard access list wont allow to do that since it makes decisions based on Source address
only.
But an extended access list is not like that. Thats because extended access lists allow to specify
source and destination addresses as well as the protocol and port number that identify the upperlayer protocol or application. By using extended access lists, one can effectively allow users
access to a physical LAN and stop them from accessing specific hostsor even specific services
on those hosts.
SYNTAX:
Router(config)#ip access-list extended <100-199/word>
Router(config-std-nacl)#deny <icmp / ip / tcp / udp> <source address / any source host /
a single source host> <wild card bits> <destination address / any destination host / a
single destination host> <wild card bits>
Router(config-std-nacl)#permit <icmp / ip / tcp / udp> <source address / any source host
/ a single source host> <wild card bits> <destination address / any destination host / a
single destination host> <wild card bits>
Router(config)#interface fastEthernet <interface number>
Router(config-if)#ip access-group <1-99 / word> < out>
Router(config-if)#ip access-group <1-99 / word> < in>
P a g e | 57
EXAMPLE:
In this example, we are going to fix the rule has, the host with IP 10.0.0.2 should not
communicate with 20.0.0.2. whereas, the host 10.0.0.2 can communicate with the host 10.0.0.3
and 20.0.0.2.
In Router 1,
Router(config)#ip access-list extended 100
Router(config-std-nacl)# deny ip host 10.0.0.2 host 20.0.0.2
Router(config-std-nacl)#permit ip any any
Router(config-if)#ip access-group 1 out
P a g e | 58
Router(config-if)#ip access-group 1 in
In ROUTER 0,
OUTPUT:
To view the output, In PC with 10.0.0.2, click on the command prompt and do the
following,
PC>ping 20.0.0.2
Request timed out.

Request timed out.
Request timed out.
Request timed out.

PC>ping 20.0.0.3

P a g e | 59

If the output are displayed in the screen, you have finished learning how to configure the
extended access-list.
ASSIGNMENT:
Using the Cisco packet tracer simulation software, for the below given network diagram
configure the routing rules by implementing the Extended Access Control List with reference to
the below given requirement
Requirements are,
1. deny the host 10.0.0.3 to communicate with the network 20.0.0.2 and 40.0.0.4
2. deny the host 20.0.0.2 to communicate with the network 10.0.0.2 and 40.0.0.2
3. deny the host 10.0.0.4 access of TCP application from 20.0.0.2
P a g e | 60
CONFIGURATION OF NETWORK ADDRESS TRANSLATION (NAT)
The original intention for NAT was to slow the depletion of available IP address space by
allowing many private IP addresses to be represented by some smaller number of public IP
addresses.NAT is typically used in the border router. Here are some situations when its best to
have NAT on your side:
You need to connect to the Internet, and your hosts dont have globally unique IP
addresses.
You change to a new ISP that requires you to renumber your network.
You need to merge two intranets with duplicate addresses.
Advantages:
a. Conserves legally registered addresses.
b. Reduces address overlap occurrence
c. Increases flexibility when connecting to Internet.
d. Eliminates address renumbering as network changes.
Disadvantages:
a. Translation introduces switching path delays.
b. Loss of end-to-end IP traceability.
c. Certain applications will not function with NAT enabled.
There are 3 different types of network address translation,
a. Static Network Address Translation (S-NAT).
b. Dynamic Network Address Translation (D-NAT).
c. Port Address Translation (PAT).
P a g e | 61
A.
CONFIGURATION OF STATIC NETWORK ADDRESS
TRANSLATION (S-NAT)
This type of NAT is designed to allow one-to-one mapping between local and global addresses.
The static version requires one real Internet IP address for every host on your network.
CONFIGURATION:
1. Inside Local: Name of inside source address before translation.
2. Outside Local: Name of destination host before translation.
3. Inside global: Name of inside host after translation.
4. Outside global: Name of outside destination host after translation.
5. ip nat inside source static inside_local inside_global: Statically maps a host with a
private IP address to a global Internet address.
6. ip nat inside: Sets the interface as an inside interface.
7. ip nat outside: Sets the interface as an outside interface.
SYNTAX:
Router(config)# ip nat <inside/pool> source static <inside Local IP address/TCP/UDP>
<inside Global Address>
Router(config)# interface fastethernet 0/0
Router(config)#ip nat inside
Router(config)# interface serial 0/1/0
Router(config)#ip nat outside
P a g e | 62
Example:
Router(config)#ip nat inside source static 10.0.0.2 192.168.0.2

Router(config-if)#ip nat inside
Router(config-if)#interface serial0/1/0
Router(config-if)#ip nat outside
OUTPUT:
To view the output, click on any PC in 20.0.0.0, say for example and ping the system 10.0.0.2
and 10.0.0.3, check whether the following output is displayed.
PC>ping 10.0.0.2

P a g e | 63

PC>ping 10.0.0.3


P a g e | 64
ASSIGNMENT:
For the below given network diagram, the clients needs to mask the hosts ip address by
implementing the static address translation, do the simulation using the cisco packet tracer
simulation software based on the below given requirement.
1. Host with the ip address 10.0.0.2 should be translated as 192.168.0.2
P a g e | 65
B. CONFIGURATION OF DYNAMIC NETWORK ADDRESS

TRANSLATION (D-NAT)
This version gives the ability to map an unregistered IP address to a registered IP address from
out of a pool of registered IP addresses. In dynamic NAT there is no need to statically configure
your router to map an inside to an outside address as using static NAT, but you need to have
enough real, bona fide IP addresses for everyone who is going to be sending packets to and
receiving them from the Internet.
CONFIGURATION:
1. ip nat pool pool_name starting_ address ending_address mask: Creates a pool of inside
global addresses for the inside local hosts to use
2. ip nat inside source list list_number pool pool_name: Sets the inside local hosts that
match the access-list number to use the pool of addresses configured by the ip nat pool
command.
3. access-list list_number permit network inverse_mask: Creates an access list that permits
the inside local hosts to use the global pool of addresses.
SYNTAX:
Router(config)# ip nat inside source list <1-199 / word> pool <word>
Router(config)# ip nat pool <word> <starting address> <ending address> netmask
<network mask>
Router(config)#ip access-list <standard/extended> <1-99/100-199/word>
Router(config-std-nacl)#permit any
Router(config)# interface fastethernet <interface number>
P a g e | 66
EXAMPLE:
In Router 0,
Router(config)#ip nat inside source list 1 pool cisco

Router(config)#ip nat pool cisco 192.168.0.1 192.168.0.20 netmask 255.255.255.0
P a g e | 67
OUTPUT:
PC>ping 10.0.0.2
Request timed out.


PC>PING 10.0.0.3
Request timed out.


P a g e | 68
ASSIGNMENT:
For the below given network diagram, the clients needs to mask the hosts ip address by
implementing the dynamic address translation, do the simulation using the cisco packet tracer
simulation software based on the below given requirement.
1. Host in the 10.0.0.0 network should be translated as 192.168.0.0 network
P a g e | 69
C. CONFIGURATION OF PORT ADDRESS TRANSLATION (PAT)
Port Address Translation (PAT) is the most popular type of NAT configuration. Overloading
really is a form of dynamic NAT that maps multiple unregistered IP addresses to a single
registered IP addressmany-to-oneby using different ports. By using PAT (NAT Overload),
you get to have thousands of users connect to the Internet using only one real global IP address.
NAT Overload is the real reason we havent run out of valid IP address on the Internet.
PAT (Overloading) Configuration

1. ip nat pool pool_name starting_ address ending_address mask: Creates a pool of inside
global addresses for the inside local hosts to use.
2. ip nat inside source list list_number pool pool_name overload: Sets the inside local hosts
that match the access-list number to use the pool of addresses configured by the ip nat
pool command. The Overload command configures PAT.
3. Show ip nat translation: Shows the basic translation table. This is probably one of the
most important NAT command for verification.
4. debug ip nat Shows the sending address, the translation, and the destination address on
each debug line.
5. show ip nat statistics:Shows a summary of your configuration, your active translations,
and the inside and outside interfaces that are being used.
Syntax:
Router(config)# ip nat inside source list <1-199 / word> pool <word> overload
Router(config)# ip nat pool <word> <starting address> <starting address> netmask
<network mask>
Router(config)#ip access-list <standard/extended> <1-99/100-199/word>
Router(config)# interface fastethernet <interface number>
P a g e | 70

Example:
In ROUTER 0,
Router(config)#ip nat inside source list 1 pool cisco overload
Router(config)#ip nat pool cisco 192.168.0.1 192.168.0.1 netmask 255.255.255.0
P a g e | 71
OUTPUT:
PC>ping 10.0.0.2


PC>ping 10.0.0.3
Request timed out.


P a g e | 72
To view the NAT translation, In Router0,
Router#show ip nat translations

Pro Inside global
Inside local
Outside local
Outside global
icmp 192.168.0.1:21
10.0.0.3:21
20.0.0.2:21
20.0.0.2:21
icmp 192.168.0.1:22
10.0.0.3:22
20.0.0.2:22
20.0.0.2:22
icmp 192.168.0.1:23
10.0.0.3:23
20.0.0.2:23
20.0.0.2:23
icmp 192.168.0.1:24
10.0.0.3:24
20.0.0.2:24
20.0.0.2:24
To view the NAT packets sent and received

Router#debug ip nat
IP NAT debugging is on
Router#
NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [8]
NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [9]
NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [10]
NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [11]
NAT: expiring 192.168.0.1 (10.0.0.3) icmp 25 (25)
To view the NAT statistics,

Router#show ip nat statistics
Total translations: 0 (0 static, 0 dynamic, 0 extended)
Outside Interfaces: Serial0/1/0
Inside Interfaces: FastEthernet0/0
Hits: 0 Misses: 39
Expired translations: 15
Dynamic mappings:
-- Inside Source
access-list 1 pool cisco refCount 0
pool cisco: netmask 255.255.255.0
P a g e | 73
start 192.168.0.1 end 192.168.0.1

type generic, total addresses 1 , allocated 0 (0%), misses 0
ASSIGNMENT:
For the below given network diagram, the client requests for an address translation for the
network, the client is having only 3 public IP, so he wants the design to be implemented with
Port address translation, below given are the private IP provided by the ISP to client,
1. 192.168.0.8 for 10.0.0.0 network
2. 172.50.1.20 for 20.0.0.0 network
3. 223.20.0.15 for 40.0.0.0 network
Show the simulation result using cisco packet tracer.
P a g e | 74
CONFIGURATION OF DYNAMIC HOST CONFIGURATION

PROTOCOL (DHCP)
Dynamic Host Configuration Protocol (DHCP) serves as a basic foundation of network
infrastructure. In all but the smallest networks, DHCP provides hosts with an Internet Protocol
(IP) configuration needed to communicate with other computers on the network. This
configuration includes, at a minimuman IP address and subnet mask. DHCP allows you to
automatically assign IP addresses, subnet masks, and other configuration information to client
computers on the local network. When a DHCP server is available, computers that are
configured to obtain an IP address automatically request and receive their IP configuration from
that DHCP server upon booting.
With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain
IP addresses and related configuration parameters each time they start and join your network.
DHCP servers provide this configuration in the form of an address lease offer to requesting
clients. One main advantage of using DHCP is that DHCP servers greatly reduce the time
required to configure and reconfigure computers on your network. DHCP simplifies
administration not only by supplying clients with IP addresses, but also (optionally) with the
addresses of the default gateway, DNS servers, WINS servers, and other servers useful to the
client. Another advantage of DHCP is that by assigning IP addresses automatically, it allows you
to avoid configuration errors resulting from entering IP address information manually at every
host.
CONFIGURATIONS
When defining the IP address range of a scope, you should use the consecutive addresses
that make up the subnet for which you are enabling the DHCP service. However, you should also
be sure to exclude from this defined range any addresses of statically configured computers
already existing on your network. To exclude predefined addresses, you can simply choose to
limit the scope range so that it does not include any statically assigned addresses. Alternatively,
you can configure a scope that makes up the entire subnet and then immediately define exclusion
ranges.
P a g e | 75
SYNTAX:
Router(config)#ip dhcp pool <word>
Router(dhcp-config)#default-router <ip address>
Router(dhcp-config)#dns-server <ip address>
Router(dhcp-config)#network <network address> <subnet mask>
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address <Low ip address> <High ip address>
EXAMPLE:
In ROUTER0,
Router(config)#ip dhcp pool cisco
Router(dhcp-config)#default-router 10.0.0.1
Router(dhcp-config)#dns-server 10.0.0.2
Router(dhcp-config)#network 10.0.0.0 255.0.0.0
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 10.0.0.1 10.0.0.10
P a g e | 76
OUTPUT:
To view the output, and, then
Click on the PC0
P a g e | 77
click on the IP configuration
Click on the DHCP.
P a g e | 78
ASSIGNMENT:
For the below given network diagram, assign IP address for all the hosts dynamically by
implementing Dynamic Host Configuration Protocol (DHCP), using Cisco Packet Tracer. In the
simulation addition to DHCP also implement the RIPV2 protocol in the entire router to update
the routing table.
P a g e | 79
CONFIGURATION OF VIRTUAL LOCAL AREA NETWORK (VLAN)

As a logical grouping of users by function, VLANs can be considered independent from their
physical or geographic locations. VLANs increase the number of broadcast domains while
decreasing their size Network adds, moves, and changes are achieved with ease by just
configuring a port into the appropriate VLAN.
BASIC VLAN CONFIGURATION

SYNTAX:
Switch(config)#hostname <word>
Switch(config)#vlan <2-1001>
Switch(config-vlan)#name <word>
Switch(config-vlan)#exit
Switch A(configure)#interface fastethernet <interface number>
Switch A(config-if)#switchport mode access
Switch A(config-if)# switchport access vlan <id:2-1001>
Switch A(config-if)#exit
Switch a(config)#interface fast ethetnet <interface number>
Switch A(config-if)# switchport mode access
Switch A(config-if)# switchport access vlan <id:2-1001>
EXAMPLE:
P a g e | 80
VLAN CREATION
Switch>
Switch#configure terminal
Switch(config)#hostname SWITCHA
SWITCHA(config)#vlan 2
SWITCHA(config-vlan)#name acc
SWITCHA(config-vlan)#exit
SWITCHA(config)#vlan 3
SWITCHA(config-vlan)#name sales
P a g e | 81
HOW TO VEIW THE VLAN DETAILS IN SWITCH

SWITCH#SHOW VLAN BRIEF
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
VLAN0003
active
1002 fddi-default
active
1003 token-ring-default
active
1004 fddinet-default
active
1005 trnet-default
active
VLAN ID ASSIGNING TO SWITCH PORT

SwitchA >enable
Switch A# configure terminal
Switch A(configure)#interface fastethernet 0/1
Switch A(config-if)#switchport mode access
Switch A(config-if)# switchport access vlan 2
Switch a(config)#interface fast ethetnet 0/2
Switch A(config-if)# switchport mode access
Switch A(config-if)# switchport access vlan 3.
P a g e | 82
HOW TO CHECK THE VLAN CREATION & VLAN ID ASSIGNING TO

SWITCH PORT
Switch #show vlan brief
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/3, Fa0/4, Fa0/5, Fa0/6

Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
ACC
sales
active
active
1002 fddi-default
active
1003 token-ring-de
active
active
1005 trnet-default
active
Fa0/1
Fa0/2
P a g e | 83
ASSIGNMENT
For the below given network diagram configure two VLANs viz., ECE and CSC, ECE departmet
should not communicate with the CSC department and vice versa. Show the simulation results
using Cisco packet tracer simulation software.
Hint: the ports connecting to the switch should be in TRUNK mode for VLAN Configuration.
P a g e | 84
CONFIGURATION INTER-VLAN
By default, only hosts that are members of the same VLAN can communicate. To change this
And allow inter-VLAN communication to be possible, you need a router or a layer-3 switch. To
support ISL or 802.1Q routing on a Fast Ethernet interface, the routers interface is divided into
logical interfacesone for each VLAN. These are called sub interfaces. Anyway, from a Fast
Ethernet or Gigabit interface, you can set the interface to trunk with the encapsulation command.
CONFIGURATION
SYNTAX:
Switch1(config)#vlan <2-1001>
Switch1(config-vlan)#name <WORD>
Switch1(config)#vlan <2-1001>
Switch1(config-vlan)#name <WORD>
Switch1(config)#interface fastethernet <interface number>
Switch1(config-if)#switchport access vlan <2-1001>
Router1(config)#interface fastEthernet <sub-interface number>
Router1(config-subif)#encapsulation dot1Q <2-1001>
Router1(config-subif)#ip address <sub-interface ip address> <subnet mask>
P a g e | 85
EXAMPLE:
Step 1:
Create VLAN 2 and VLAN 3 on switch1
Switch1#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)#vlan 2
Switch1(config-vlan)#name IT
Switch1(config-vlan)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch1#configure Terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)#vlan 3
Switch1(config-vlan)#name HR
Switch1(config-vlan)#^Z
Step 2:
Assign vlan to respective user connected port
Switch1(config)#interface fa0/10
Switch1(config-if)#switchport access vlan 2
Switch1(config-if)#switchport access vlan 3
Switch1(config-if)#^Z
Switch1#show vlan brief
P a g e | 86
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig1/1, Gig1/2
IT
HR
active
Fa0/10
active
1002 fddi-default
active
1005 trnet-default
Fa0/9
active
active
active
Step 3:
Configure the port as trunk in switch1,which is connected to the router1
Switch1(config-if)#switchport mode trunk
Step 4:
Configure subinterface configuration in router fastethernet port,which is connected to the
swich1
Router1#configure terminal
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#no ip address
Router1(config)#interface fastEthernet 0/0.1
Router1(config-subif)#encapsulation dot1Q 2
Router1(config-subif)#ip address 192.168.0.1 255.255.255.128
Router1(config)#interface fastEthernet 0/0.2
Router1(config-subif)#encapsulation dot1Q 3
P a g e | 87
Router1(config-subif)#ip address 192.168.0.129 255.255.255.128
Step 5:
Verify the communication between vlan 2 and vlan 3,using ping command.
ASSIGNMENT
For the below given network diagram, implement the Inter-VLAN such that the hosts connected
to the each switch belongs to individual vlan, ensure that you have to configure three VLANs
and all the three should communicate to each other.
P a g e | 88
CONFIGURATION OF VIRTUAL TRUNKING PROTOCOL (VTP)

All Cisco switches are configured to be VTP servers by default. To configure VTP, first you
Have to configure the domain name you want to use. And of course, once you configure the
VTP information on a switch, you need to verify it. When you create the VTP domain, you have
a bunch of options, including setting the domain name, password, operating mode, and pruning
capabilities of the switch. Use the vtp global configuration mode command to set all this
information. The VTP modes are,
1. VTP Server Mode
2. VTP Client Mode
3. VTP Transparent Mode
CONFIGURATION:
1. vtp mode server: Configures a switch to be a VTP server. In Server mode, the VLAN
database is allowed to be modified. VLANs can be added, deleted, modified or changed.
Server is the default vtp mode for a Cisco switch. Changing the server option to client or
transparent would configure the switch to that mode.
2. vtp domain: Configures the VTP domain name for a group of switches in the layer-2
switch fabric.
3. vtp password: Configures a password to be used by the switches in a VTP domain. The
password serves two purposes. It allows updates to be authenticated, ensuring the update
came from the correct server. With that authentication, it then adds a step in preventing
an incorrect server from joining the domain and wiping out the VLAN database.
4. Show vtp: status displays all the configured options for VTP on the current switch. This is
one of the most useful commands when troubleshooting VTP, because it allows the
domain name, revision number, and other settings to easily be verified.
P a g e | 89
SYNTAX:
Switch>enable
Switch#configure terminal
Switch (config) #vtp mode <server/client/transparent>
Switch (config) #vtp domain <word>
EXAMPLE:
Configure vtp between three switches:
Switch (config) #vtp domain cisco
Step 1.
Switches has to connect by cross over cable.
Step 2.
The link between switches should be a trunk link.
Step 3.
Take one switch as vtp server and other two switches as vtp client
Step 4.
Configure vtp domain name as cisco in vtp server mode switch
Step 5.
Configure vlan database on vtp server mode switch
Step 6.
Verify the vlan database has replicated to all clients switches.
P a g e | 90
CODING:
VTP Server switch>enable
VTP Server switch#configure terminal
VTP Server switch(config)#interface fa0/6
VTP Server switch(config-if)#switchport mode trunk
VTP Client switch1>enable

VTP Client switch1#configure terminal
VTP Client switch1(config)#interface fa0/11
VTP Client switch1(config-if)#switchport mode trunk



VTP Server switch(config )#vtp mode server

VTP Client switch1(config )vtp mode client

VTP Client switch2(config )vtp mode client
P a g e | 91

VTP Server switch(config-if)#vtp domain cisco

VTP Server switch(config)#vlan 2

VTP Server switch(config-vlan)#name IT

VTP Server switch(config-vlan)#name HR
VTP Server switch(config-vlan)#name FINANCE
Verify VLAN database on all VTP Client mode switches
VTP Client switch1#show vlan brief

VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig1/1
Gig1/2
IT
active
HR
active
P a g e | 92
FINANCE
active
1002 fddi-default
active
active
active
1005 trnet-default
active

VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig1/1
Gig1/2
IT
active
HR
active
FINANCE
active
1002 fddi-default
active
active
active
1005 trnet-default
active
P a g e | 93
CONFIGURATION OF SWITCH-PORT SECURITY

To stop someone from simply plugging a host into one of your switch portsor worse, adding a
hub, switch, or access point into the Ethernet jack in their office, we use the security on each
switch port. By Default, MAC addresses will just dynamically appear in your MAC
forward/filter database. You can stop them in their tracks by using port security.
CONFIGURATION:
1. switch port port-security :Configures access control of a switch port
2. Aging: Configures a timer for dynamically learned addresses to decay out of the
cache.
3. Mac-address: Configures a statically assigned secure hardware address for a given
ports table.
4. Maximum: Configures a max number of secure addresses for a given port.
5. Violation: Configures an action should a violation on the port occur. There are three
violation modes: protect, restrict, and shutdown.
SYNTAX:
Switch #configure terminal
Switch(config)#interface fast Ethernet <interface number>
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-secrity
Switch(config-if)# switchport port-secrity maximum <number>
Switch(config-if)# switchport port-secrity mac-address <mac-id>
Switch(config-if)# switchport port-secrity violation shutdown
P a g e | 94
EXAMPLE:
For example network admin want to secure the interface f0/1

Switch>
Switch #configure terminal
Switch(config)#interface fast Ethernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-secrity
Switch(config-if)# switchport port-secrity maximum 1
Switch(config-if)# switchport port-secrity mac-address 1110:a230:0000..
Switch(config-if)# switchport port-secrity violation shutdown
P a g e | 95
OUTPUT:
Switch#show port-security interface fastEthernet 0/1
Port Security
Port Status
: Enabled
: Secure-up
Violation Mode
: Shutdown
Aging Time
: 0 mins
Aging Type
: Absolute
SecureStatic Address Aging : Disabled

Maximum MAC Addresses
Total MAC Addresses
:1
:1
Configured MAC Addresses : 0

Sticky MAC Addresses
:0
Last Source Address:Vlan : 00D0.5848.A443:1

Security Violation Count : 0
P a g e | 96
ASSIGNMENT:
For the below given network diagram, implement the security on all the ports of the switch
connected to the hosts and verify the working of the switchport security. Do the simulation with
the Cisco packet tracer.
P a g e | 97
PORT NUMBERS
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and
the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.Well Known ports SHOULD NOT be
used without IANA registration.
The Registered Ports are those from 1024 through 49151. Registered ports SHOULD NOT be
used without IANA registration.
The Dynamic and/or Private Ports are those from 49152 through 65535. A value of 0 in the port
numbers registry below indicates that no port has been allocated.
WELL KNOWN PORT NUMBERS
The Well Known Ports are assigned by the IANA and on most systems can only be used by
system (or root) processes or by programs executed by privileged users.
Ports are used in the TCP to name the ends of logical connections which carry long term
conversations. For the purpose of providing services to unknown callers, a service contact port
is defined. This list specifies the port used by the server process as its contact port. The contact
port is sometimes called the "well-known port".
To the extent possible, these same port assignments are used with the UDP.
The range for well-known ports managed by the IANA is 0-1023.

REGISTERED PORT NUMBERS
The Registered Ports are listed by the IANA and on most systems can be used by ordinary user
processes or programs executed by ordinary users.
Ports are used in the TCP to name the ends of logical connections which carry long term
conversations. For the purpose of providing services to unknown callers, a service contact port
is defined. This list specifies the port used by the server process as its contact port.
P a g e | 98
The IANA registers uses of these ports as a convenience to the community.
The Registered Ports are in the range 1024-49151.
DYNAMIC AND/OR PRIVATE PORTS
The Dynamic and/or Private Ports are those from 49152 through 65535.
COMMON WELL KNOWN PORTS TO REMEMBER
PORT NUMBER
PROTOCOL
UDP/TCP
ECHO
TCP
13
DAY-TIME
UDP/TCP
19
CHARACTER GENERATOR
UDP/TCP
20
FTP-DATA (File Transfer Protocol)
TCP
21
FTP-CONTROL
TCP
23
TELNET (Terminal Network)
TCP
25
SMTP (Simple Mail Transfer Protocol)
TCP
37
TIME
UDP/TCP
67
BOOTP-SERVER
UDP
68
BOOTP-CLIENT
UDP
69
TFTP (Trivial File Transfer Protocol)
UDP
70
GOPHER
TCP
79
FINGER
TCP
80
HTTP (Hyper Text Transfer Protocol)
TCP
109
POP-2 (Post Office Protocol, version 2)
TCP
110
POP-3 (Post Office Protocol, version 3)
TCP
111
RPC
UDP/TCP
161
SNMP (Simple Network Management Protocol) UDP
162
SNMP-TRAP
UDP
179
BGP (Border Gateway Protocol)
TCP
520
RIP (Routing Information Protocol)
UDP
P a g e | 99
SUBNETTING QUESTIONS
1. How many subnets and hosts per subnet can you get from the network 10.0.0.0/20?
4096 subnets and 4094 hosts
2. What is the first valid host on the subnetwork that the node 172.24.66.63/23 belongs to?
172.24.66.1
4. What is the last valid host on the subnetwork 172.18.132.0 255.255.252.0?
172.18.135.254
5. How many subnets and hosts per subnet can you get from the network 172.23.0.0
255.255.252.0?
172.20.110.254
7. Which subnet does host 172.16.138.131 255.255.255.128 belong to?
172.16.138.128
P a g e | 100
8. What is the broadcast address of the network 172.24.109.0 255.255.255.128?

172.24.109.127
9. What valid host range is the IP address 10.214.175.187 255.255.240.0 a part of?
10.214.160.1 through to 10.214.175.254
10.255.80.0
11. What valid host range is the IP address 192.168.155.26/28 a part of?
192.168.155.17 through to 192.168.155.30
12. What is the last valid host on the subnetwork 172.24.244.96/28?
172.24.244.110
172.24.83.30
14. What is the first valid host on the subnetwork that the node 192.168.34.200/26 belongs
to?
192.168.34.193
172.27.136.0
P a g e | 101
16. What is the broadcast address of the network 192.168.32.192/27?
192.168.32.223
172.23.9.17 through to 172.23.9.30
18. What is the first valid host on the subnetwork that the node 172.18.54.231 255.255.254.0
belongs to?
172.18.54.1
19. What is the first valid host on the subnetwork that the node 172.22.99.49/21 belongs to?
172.22.96.1
172.19.37.255
255.255.254.0?
172.17.216.0
P a g e | 102
23. What valid host range is the IP address 172.17.227.85 255.255.252.0 a part of?
172.17.224.1 through to 172.17.227.254

10.7.48.0
belongs to?
172.21.38.1
255.255.248.0?
172.22.111.255
192.168.175.64
192.168.108.126
belongs to?
172.27.234.1
P a g e | 103
192.168.229.0
10.45.48.1 through to 10.45.63.254
192.168.156.254
34. What is the first valid host on the subnetwork that the node 192.168.122.138
255.255.255.240 belongs to?
192.168.122.129
172.23.66.62
192.168.45.255
172.29.96.1 through to 172.29.111.254
172.30.231.126
P a g e | 104
39. You are designing a subnet mask for the 172.16.0.0 network. You want 3200 subnets
with up to 8 hosts on each subnet. What subnet mask should you use?
255.255.255.240
255.255.255.224?
192.168.137.190
42. What is the first valid host on the subnetwork that the node 172.17.175.222
255.255.254.0 belongs to?
172.17.174.1
10.36.111.255
172.22.199.193 through to 172.22.199.254
255.255.255.224?
P a g e | 105
belongs to?
172.22.108.1
192.168.93.206
255.255.254.0?
172.19.120.1 through to 172.19.127.254
172.16.32.1 through to 172.16.47.254
P a g e | 106
CCNA QUESTIONS
1.
Is EIGRP a distance vector or a link state routing protocol?
EIGRP is a Hybrid routing protocol, it have features of both distance vector and link state
routing protocol.
2.
What is the maximum configured bandwidth EIGRP will use on a link? Can this
percentage be changed?
By default, EIGRP uses no more than 50% of the link's bandwidth, based on the bandwidth
configured on the router's interface. This percentage to be changed with the command ip
bandwidth-percent eigrp.
3.
How do EIGRP and IGRP differ in the way they calculate the composite metric?
EIGRP and IGRP use the same formula to calculate their composite metrics, but EIGRP scales
the metric by a factor of 256.
4.
In the context of EIGRP, what does the term reliable delivery mean? Which two
methods ensure reliable delivery of EIGRP packets?
Reliable delivery means EIGRP packets are guaranteed to be delivered, and they are delivered
in order. RTP uses a reliable multicast, in which received packets are acknowledged, to
guarantee delivery; sequence numbers are used to ensure that they are delivered in order.
5.
Which mechanism ensures that a router is accepting the most recent route entry?
Sequence numbers ensure that a router is receiving the most recent route entry.
6.
What is the multicast IP address used by EIGRP?
EIGRP uses the multicast address 224.0.0.10.
P a g e | 107
7.
At what interval, by default, are EIGRP Hello packets sent?
The default EIGRP Hello interval is 5 seconds, except on some slow-speed (T1 and below)
interfaces, where the default is 60 seconds.
8.
What is the default hold time?
The EIGRP default hold time is three times the Hello interval.
9.
What is the difference between the neighbor table and the topology table?
The neighbor table stores information about EIGRP-speaking neighbors; the topology table
lists all known routes that have feasible successors.
10.
What is the feasibility condition?
The feasibility condition is the rule by which feasible successors are chosen for a destination.
The feasibility condition is satisfied if a neighbor's advertised distance to a destination is lower
than the receiving router's feasible distance to the destination. In other words, a router's
neighbor meets the feasibility condition if the neighbor is metrically closer to the destination
than the router. Another way to describe this is that the neighbor is "downstream" relative to the
destination
11.
What information must be stored in the route table?
At a minimum, each entry of the routing table must include a destination address and the
address of a next-hop router or an indication that the destination address is directly connected.
12.
What does it mean when a route table says that an address is variably subnetted?
Variably subnetted means that the router knows of more than one subnet mask for subnets of the
same major IP address.
P a g e | 108
13.
What are discontiguous subnets?
Discontiguous subnets are two or more subnets of a major IP network address that are
separated by a different major IP address.
14.
What command is used to examine the route table in a Cisco router?
Show ip route is used to examine the routing table of a Cisco router.
15.
What are the two bracketed numbers associated with the non-directly connected
routes in the route table?
The first bracketed number is the administrative distance of the routing protocol by which the
route was learned. The second number is the metric of the route.
16.
When static routes are configured to reference an exit interface instead of a next-
hop address, in what way will the route table be different?
When a static route is configured to reference an exit interface instead of a next-hop address, the
destination address will be entered into the routing table as directly connected.
17.
What is a summary route? In the context of static routing, how are summary routes
useful?
A summary route is a single route entry that points to multiple subnets or major IP addresses. In
the context of static routes, summary routes can reduce the number of static routes that must be
configured.
18.
What is an administrative distance?
An administrative distance is a rating of preference for a routing protocol or a static route. Every
routing protocol and every static route has an administrative distance associated with it. When a
P a g e | 109
router learns of a destination via more than one routing protocol or static route, it will use the
route with the lowest administrative distance.
19.
What is a floating static route?
A floating static route is an alternative route to a destination. The administrative distance is set
high enough that the floating static route is used only if a more-preferred route becomes
unavailable.
20.
What is the difference between equal-cost and unequal-cost load sharing?
Equal-cost load sharing distributes traffic equally among multiple paths with equal metrics.
Unequal-cost load sharing distributes packets among multiple paths with different metrics. The
traffic will be distributed inversely proportional to the cost of the routes.
21.
Which command in OSPF shows the network LSA information?
The command show ip ospf [process-id area-id] database network displays the network linkstate information.
22.
What command would you use to create a totally stubby area?
The command area area-id stub no-summary will create a totally stubby area. This is a
subcommand to the router ospf process-id command. It is necessary only on the ABR, but all
the other routers in the area must be configured as stub routers.
23.
What is a virtual link, and what command would you use to create it?
A virtual link is a link that creates a tunnel through an area to the backbone (Area 0). This
allows an area that cannot connect directly to the backbone to do so virtually. The command to
create the link is area area-id virtual-link router-id. Note that the area-id that is supplied is that
of the transit area, and the router-id is that of the router at the other end of the link. The
command needs to be configured at both ends of the tunnel.
P a g e | 110
24.
Where would you issue the command to summarize IP subnets? State the command
that is used.
Summarization is done at area boundaries. The command to start summarization is the area
range command, with the syntax area area-id range address mask. To summarize external
routes, use the summary-address command on the ASBRs.
25.
How would you summarize external routes before injecting them into the OSPF
domain?
The command summary-address address mask is the command that you would use.
26.
When is a virtual link used?
A virtual link is used when an area is not directly attached to the backbone area (Area 0). This
may be due to poor design and a lack of understanding about the operation of OSPF, or it may
be due to a link failure. The most common cause of an area separating from the backbone is link
failure, which can also cause the backbone to be segmented. The virtual link is used in these
instances to join the two backbone areas together. Segmented backbone areas might also be the
result of two companies merging.
27.
Give the command for defining the cost of a default route propagated into an area.
The command to define the cost of a default route propagated into another area is area area-id
default-cost cost.
28.
Give an example of when it would be appropriate to define a default cost.
It is appropriate to define a default cost for the default route when a stub area has more than one
ABR. This command allows the ABR or exit point for the area to be determined by the network
administrator. If this link or the ABR fails, the other ABR will become the exit point for the
area.
P a g e | 111
29.
On which router is the area default cost defined?
The default cost for the default route is defined on the ABR. The ABR will then automatically
generate and advertise the route cost along with the default route.
30.
Give the command to configure a stub area and state on which router it is
configured.
The command syntax to configure a stub area is area area-id stub. This command is configured
on the ABR connecting to the area and on all the routers within the area. Once the configuration
is completed, the Hellos are generated with the E bit set to 0. All routers in the area will only
form adjacencies with other routers that have the E bit set.
31.
What is the purpose of the area range command, and why is it configured on the
ABR?
The area range command is configured on an ABR because it dictates the networks that will be
advertised out of the area. It is used to consolidate and summarize the routes at an area
boundary.
32.
Give the commands to configure a router to place subnets 144.111.248.0 through to
144.111.255.0 in Area 1 and to put all other interfaces into Area 0.
The commands are as follows:

network 144.111.248.0 0.0.7.255 area 1
network 0.0.0.0 255.255.255.255 area 0
33.
Give the syntax to summarize the subnets 144.111.248.0 to 144.111.254.255 into
another autonomous system.
The syntax is as follows:

summary-address 144.111.248.0 255.255.248.0
P a g e | 112
34.
Explain briefly the difference between the area range command and the summary-
address command.
The area range command is used to summarize networks between areas and is configured on
the ABR. The summary-address command is used to summarize networks between autonomous
systems and is configured on the ASBR.
35.
Explain the following syntax and what it will achieve: area 1 stub no-summary.
The command area 1 stub no-summary creates a totally stubby area. The number after the word
area indicates the area that is being defined as a totally stubby area. This is necessary because
the router might be an ABR with connections to many areas. Once this command is issued, it
prevents summarized and external routes from being propagated by the ABR into the area. To
reach the networks and hosts outside the area, routers must use the default route advertised by
the ABR into the area.
36.
Why would you configure the routing process to log adjacency changes as opposed
to turning on debug for the same trigger?
The reason to configure the router process to log adjacency changes to syslog as opposed to
running debug is an issue of resources. It takes fewer router and administrator resources to
report on a change of state as it happens than to have the debugger running constantly. The
debug process has the highest priority and thus everything waits for it.
37.
Give some of the common reasons that neighbors fail to form an adjacency.
Many OSPF problems stem from adjacency problems that propagate throughout the network.
Many problems are often traced back to neighbor discrepancies.
If a router configured for OSPF routing is not seeing an OSPF neighbor on an attached network,
do the following:
- Make sure that both routers are configured with the same IP mask, MTU, Interface Hello
timer, OSPF Hello interval, and OSPF dead interval.
P a g e | 113
- Make sure that both neighbors are part of the same area and area type.
- Use the debug and show commands to trace the problem.
38.
When configuring a virtual link, which routers are configured?
The configuration is between the ABRs, where one of the ABRs resides in Area 0 and the other
in the area that is disconnected from the backbone. Both of the ABRs are also members of the
transit area. Having created the virtual link, both ABRs are now members of Area 0, the
disconnected area, and the transit area.
39.
What does the command area 1 default-cost 15 achieve?
The command area 1 default-cost 15 will assign a cost of 15 to the default route that is to be
propagated into the stub area. This command is configured on the ABR attached to the stub
area.
40.
Explain what is placed in the parameters area-id and router-id for the command
area area-id virtual-link router-id.
The parameter area-id is the area ID of the transit area. So if the ABR in Area 0 is creating a
virtual link with the ABR in Area 3 through Area 2, the area ID stated in the command is Area
2. The router ID is the router ID of the router with whom the link is to be formed and a neighbor
relationship and adjacency established.
41.
What port does RIP use?
RIP uses UDP port 520.
42.
What metric does RIP use? How is the metric used to indicate an unreachable
network?
RIP uses a hop count metric. An unreachable network is indicated by setting the hop count to
16, which RIP interprets as an infinite distance.
P a g e | 114
43.
What is the update period for RIP?
RIP sends periodic updates every 30 seconds minus a small random variable to prevent the
updates of neighboring routers from becoming synchronized.
44.
How many updates must be missed before a route entry will be marked as
unreachable?
A route entry is marked as unreachable if six updates are missed.
45.
What is the purpose of the garbage collection timer?
The garbage collection timer, or flush timer, is set when a route is declared unreachable. When
the timer expires, the route is flushed from the route table. This process allows an unreachable
route to remain in the routing table long enough for neighbors to be notified of its status
46.
What is a VLAN? When is it used?
Answer: A VLAN is a group of devices on the same broadcast domain, such as a logical subnet
or segment. VLANs can span switch ports, switches within a switch block, or closets and
buildings. VLANs group users and devices into common workgroups across geographical areas.
VLANs help provide segmentation, security, and problem isolation.
47.
When a VLAN is configured on a Catalyst switch port, in how much of the campus
network will the VLAN number be unique and significant?
Answer: The VLAN number will be significant in the local switch. If trunking is enabled, the
VLAN number will be significant across the entire trunking domain. In other words, the VLAN
will be transported to every switch that has a trunk link supporting that VLAN.
P a g e | 115
48.
Name two types of VLANs in terms of spanning areas of the campus network.
Answer: Local VLAN

End-to-end VLAN
49.
Generally, what must be configured (both switch and end-user device) for a port-
based VLAN?
Answer: The switch port
50.
What is the default VLAN on all ports of a Catalyst switch?
Answer: VLAN 1
51.
What is a trunk link?
Answer: A trunk link is a connection between two switches that transports traffic from multiple
VLANs. Each frame is identified with its source VLAN during its trip across the trunk link.
52.
What methods of Ethernet VLAN frame identification can be used on a Catalyst
switch trunk?
Answer: 802.1Q
ISL
53.
What is the difference between the two trunking methods? How many bytes are
added to trunked frames for VLAN identification in each method?
Answer: ISL uses encapsulation and adds a 26-byte header and a 4-byte trailer. 802.1Q adds a
4-byte tag field within existing frames, without encapsulation.
P a g e | 116
54.
What is the purpose of the Dynamic Trunking Protocol (DTP)?
Answer: DTP allows negotiation of a common trunking method between endpoints of a trunk
link.
55.
What commands are needed to configure a Catalyst switch trunk port Gigabit 3/1
to transport only VLANs 100, 200 through 205, and 300 using IEEE 802.1Q? (Assume that
trunking is enabled and active on the port already. Also assume that the interface gigabit
3/1 command already has been entered.)
Answer: switchport trunk allowed vlan 100, 200-205, 300
56.
Two neighboring switch trunk ports are set to the auto mode with ISL trunking
encapsulation mode. What will the resulting trunk mode become?
Answer: Trunking will not be established. Both switches are in the passive auto state and are
waiting to be asked to start the trunking mode. The link will remain an access link on both
switches.
57.
Complete the following command to configure the switch port to use DTP to actively
ask the other end to become a trunk:

switchport mode _________________
Answer: switch port mode dynamic desirable
58.
Which command can set the native VLAN of a trunk port to VLAN 100 after the
interface has been selected?
Answer: switch port trunk native vlan 100
59.
What command can configure a trunk port to stop sending and receiving DTP
packets completely?
Answer: switch port no negotiate
P a g e | 117
60.
What command can be used on a Catalyst switch to verify exactly what VLANs will
be transported over trunk link giga bit ethernet 4/4?
Answer: show interface gigabitethernet 4/4 switch port

or
show interface giga bit ethernet 4/4 switchport trunk
61.
Suppose that a switch port is configured with the following commands. A PC with a
nontrunking NIC card then is connected to that port. What, if any, traffic will the PC
successfully send and receive?
interface fastethernet 0/12

switch port trunk encapsulation dot1q
switch port trunk native vlan 10
switchport trunk allowed vlan 1-1005
switchport mode trunk
Answer: The PC expects only a single network connection, using a single VLAN. In other
words, the PC can't participate in any form of trunking. Only untagged or unencapsulated
frames will be understood. Recall that an 802.1Q trunk's native VLAN is the only VLAN that
has untagged frames. Therefore, the PC will be capable of exchanging frames only on VLAN
10, the native VLAN.
62.
What is an OSPF neighbor?
From the perspective of an OSPF router, a neighbor is another OSPF router that is attached to
one of the first router's directly connected links.
63.
What is an OSPF adjacency?
An OSPF adjacency is a conceptual link to a neighbor over which LSAs can be sent.
P a g e | 118
64.
What is an LSA? How does an LSA differ from an OSPF Update packet?
A router originates a link state advertisement to describe one or more destinations. An OSPF
Update packet transports LSAs from one neighbor to another. Although LSAs are flooded
throughout an area or OSPF domain, Update packets never leave a data link.
65.
What is a link state database? What is link state database synchronization?
The link state database is where a router stores all the OSPF LSAs it knows of, including its
own. Database synchronization is the process of ensuring that all routers within an area have
identical link state databases.
66.
What is the default HelloInterval?
The default OSPF HelloInterval is 10 seconds.
67.
What is the default RouterDeadInterval?
The default RouterDeadInterval is four times the HelloInterval.
68.
What is a Router ID? How is a Router ID determined?
A Router ID is an address by which an OSPF router identifies itself. It is either the numerically
highest IP address of all the router's loopback interfaces, or if no loopback interfaces are
configured, it is the numerically highest IP address of all the router's LAN interfaces.
69.
What is an area?
An area is an OSPF sub-domain, within which all routers have an identical link state database.
P a g e | 119
70.
What is the significance of area 0?
Area 0 is the backbone area. All other areas must send their inter-area traffic through the
backbone.
71.
What is MaxAge?
MaxAge, 1 hour, is the age at which an LSA is considered to be obsolete.

Expa

Uploaded by

Copyright:

Available Formats

Expa

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Expa

Uploaded by

Copyright:

Available Formats

P age |1

2. Basic Router Configurations

3. Configuration of Static Routing protocol

4. Configuration of Dynamic Routing Protocol

a. Configuration of Routing Information Protocol (RIP)

5. Remote Accessing of Computers - Telnet

a. Configuration of Standard Access Control List

7. Configuration of Network Address Translation (NAT)

a. Configuration of Static Network Address Translation (S-NAT)

8. Configuration of Dynamic Host Configuration Protocol (DHCP)

9. Configuration of Virtual Local Area Network (VLAN)

10. Configuration Inter-VLAN

11. Configuration of Virtual Trunking Protocol (VTP)

12. Configuration of Switch-port security.

15. CCNA Interview Questions.

BASIC NETWORKS LAB

Step 1: start Run conf click on OK

Step 2: Click on Next

Step 4: Dont check on any check box. Click on Next

Step 5: Click on the speed of your connection and click on Next

Step 6: Check on both the check box and click on Next

Step 7:click on Next

Now the Net meeting has been installed successfully.

BASIC ROUTER CONFIGURATIONS

This Cisco IOS software is responsible for,

ROUTER CONFIGURATION MODES

User mode is otherwise called as Authentication mode.

We can execute basic monitoring commands.

In short, we can view the configurations with restrictions.

Here we can get access to all other router commands.

We can view the configurations without any restrictions.

c. GLOBAL CONFIGURATION MODE:

d. INTERFACE / SPECIFIC CONFIGURATION MODE:

MOVING BETWEEN MODES

Router# configure terminal

Router (config) # exit

Enter into Interface configuration mode

Router(config)#interface <interface name>

from Global configuration mode

Enter router configuration mode from

Router (config) # router rip

show all available commands

Shows all commands starting with the letter c

Shows all available commands for Clock

Example for Basic router configurations:

ROUTER1 BASIC INTERFACE CONFIGURATION

ROUTER2 BASIC INTERFACE CONFIGURATION

To view the interface details

For example to know the router0 interface details

Router0#show ip interface brief

OK? Method Status

CONFIGURATION OF STATIC ROUTING PROTOCOL

The destination address.

Possible routes to all remote networks.

The best route to each remote network.

How to maintain and verify routing information.

CONFIGURATION OF DYNAMIC ROUTING PROTOCOL

A. ROUTING INFORMATION PROTOCOL (RIP):

Maximum hop count 15