CCNAX Interconnecting Cisco Networking Devices: Accelerated Version 1.1 Lab Guide er: 97-298-02etfeales cisco ‘aereas Hensquarere ‘sleet Headauerers| Sree systame he Sate Syrtame hist Severe tn Sraipore [Gace rata aco. ope we radenario| Cuca Syrloms be orale alisarivfaUS an cer comes, Aeing ol Geese vadonara con lang Gi icncaconiaivscenara, nvapery Todo maris atte propery ol oirexpacive cure Thee he worse aoe tral a puirertiprooneapbameen Gis ox sty ar cargay 00088 |Gkapiics, O8 FORMATTING ERRORS, CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE |CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT OR ICOMMUNICATION BETWEEN CISCO AND YOU, CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A. ICOURSE OF DEALING, USAGE OR TRADE PRACTICE. This leaming product may coaaia ely release content and while Ciseo believes itt0 baccarat i fils ubject othe islam above Lab Guide {© 2010 Cisco andr is afats. Alright reservedTable of Contents Lab Guide 4 Overview 1 Outline 1 Lab 1-1: Using Windows Applications as Network Tools, 3 Activity Objective 3 Visual Objective 3 Required Resources 3 Command List 4 Job Aids 4 Task 1: Obtain the Current IP Address Information 4 ‘Task 2: View the Network Properties of the PC Ethernet Adapter 6 ‘Task 3: Test Connectivity to the Default Gateway Router 8 ‘Task 4: View the ARP Bindings of the IP Address to the MAC Address 9 Lab 1-2: Observing the TCP Three-Way Handshake 10 Activity Objective 10 Visual Objective 10 Required Resources 10 Command List " Job Aids 1" Task 1: Prepare the Sniffer Software to Capture a TCP Flow " ‘Task 2: Generate the TCP Flow to Be Captured 13 ‘Task 3: Inspect the TCP Initialization Sequence 5 Lab 1-3: Observing Extended PC Network Information 19 Activity Objective 19 Visual Objective 19 Required Resources 19 Command List 20 Job Aids 20 Task 1: Obtain the Complete Current IP Addressing Information 20 ‘Task 2: Test Connectivity to the DNS Server 24 Task 3: Tracing Connectivity to the DNS Server 22 Lab 2-1; Configuring Cisco Switches 24 Activity Objective 24 Visual Objective 25 Required Resources 28 Command List 26 Job Aids 28 ‘Task 1: Connect to Remote Console Server 29 Task 2: Connect to Remote VPN Router 33 ‘Task 3: Connect to Your Assigned Workgroup Switch 36 Task 4: Verify That Switch Is Unconfigured and Reload 37 Task 5: Use System Configuration Dialog to Produce an Initial Configuration 40 Task 6: Add a Default Gateway to the Initial Configuration 44 ‘Task 7: Explore Context-Sensitive Help 45 Task 8: Edit an Incorrect Command 46 ‘Task 9: Improve the Usability of the CLI 47 Lab 2-2: Configuring Switch Security 49 Activity Objective 49 Visual Objective 49 Required Resources 50 Command List 50 Job Aids 52 ‘Task 1: Add Password Protection to Console Port and Vly Lines 52 Task 2: Activate Password Encryption Service 54 Task 3: Apply a Login Banner 55 Task 4: Enable SSH Protocol for Remote Management 57 ‘Task 5: Configure Port Security on a Switch 59 ‘Task 6: Disable Unused Ports and Place All Ports in Access Mode 64Lab 2-3: Configuring Expanded Switched Networks Activity Objective Visual Objective Required Resources Command List Job Aids Lab Preparation Task 1: Configure VTP and VTP Domains ‘Task 2: Assign a Switch Port to Perform Trunking ‘Task 3: Configure VLANs and Port VLAN Memberships ‘Task 4: Configure the PC/Router as a Host Task 5: Configure the Rapid PVST Protocol ‘Task 6: Configure Primary and Secondary Root Bridges (Optional) Lab 2-4: Troubleshooting Switched Networks Activity Objective Visual Objective Required Resources Command List Job Aids ‘Task 1: Update Your Workgroup Configurations Lab 4-1: Converting Decimal to Binary and Binary to Decimal Activity Objective Visual Objective Required Resources Command List Job Aids Activity Preparation Task 1: Convert from Decimal Notation to Binary Format Task 2: Convert from Binary Notation to Decimal Format Lab 4-2: Classifying Network Addressing Activity Objective Visual Objective Required Resources Command List Job Aids Activity Preparation Task 1: Convert from Decimal IP Address to Binary Format ‘Task 2: Convert from Binary Format to Decimal IP Address ‘Task 3: Identify IP Address Classes ‘Task 4: Identify Valid and Invalid Host IP Addresses Lab 4-3: Computing Usable Subnetworks and Hosts Activity Objective Visual Objective Required Resources Command List Job Aids Activity Preparation Task 1: Determine the Number of Bits Required to Subnet a Class C Network ‘Task 2: Determine the Number of Bits Required to Subnet a Class B Network Task 3: Determine the Number of Bits Required to Subnet a Class A Network Lab 4-4; Calculating Subnet Masks Activity Objective Visual Objective Required Resources Command List Job Aids Activity Preparation Task 1: Determine the Number of Possible Network Addresses ‘Task 2: Given a Network Address, Define Subnets ‘Task 3: Given Another Network Address, Define Subnets Interconnecting Cisco Networking Devices: Accelerated (GGNAX) v1.1 (© 2010 Gisco Systems, Ine.Task 4: Given a Network Block and Classful Address, Define Subnets 98 Task 5: Given a Network Block and Classful Address, Define Subnets 99 ‘Task 6: Given a Network Block and Classful Address, Define Subnets 101 Lab 4-5: Performing Initial Router Startup 103 Activity Objective 103 Visual Objective 103 Required Resources 103 Command List 104 Job Aids 104 Lab Preparation 104 ‘Task 1: Remove Any Residual Configuration from Your Router 105 Task 2: Reload the Router and Observe the Startup Output 105 Lab 4-6: Performing Initial Router Configuration 109 Activity Objective 109 Visual Objective 109 Required Resources 109 Command List 110 Job Aids 110 Task 1: Enter the Initial Router Configuration 110 Task 2: Validate the Router Configuration 1 Lab 4-7: Enhancing the Security of Initial Router Configuration 112 Activity Objective 112 Visual Objective 112 Required Resources 112 Command List 113 Job Aids 114 ‘Task 1: Add Password Protection to Console Port 114 Task 2: Activate Password Encryption Service 116 Task 3: Apply a Login Banner 17 Task 4: Enable SSH Protocol for Remote Management 118 Lab 4-8: Using Cisco SDM to Configure DHCP Server Function 121 Activity Objective 121 Visual Objective 121 Required Resources 121 Command List 122 Job Aids 122 ‘Task 1: Configuring the Router to Support Web-Based Applications, a User with Privilege 15, and Telnet and SSH 123 Task 2: Use Cisco SDM to Configure a DHCP Poo! 123 Task 3: Using Tools to Correlate Network Information 128 Lab 5-1: Connecting to the Intemet 130 Activity Objective 130 Visual Objective 130 Required Resources 130 Command List 131 Job Aids 131 Lab Preparation 131 Task 1: Use Cisco SDM to Configure the Ethernet Connection to the Internet 132 ‘Task 2: Use the CLI to Verify and Observe the Operation of PAT on Your Workgroup Router 139 Lab 5-2: Connecting to the Main Office 141 Activity Objective 141 Visual Objective 141 Required Resources 141 Command List 142 Job Aids 142 ‘Task 1: Configure Your Workgroup Router Serial Interface 143 ‘Task 2: Test Connectivity to Your Assigned Remote Network 144 ‘Task 3: Add a Static Route Entry for Your Remote Network 146 '© 2010 Cisco Systoms, Ine. Interconnecting Cisco Networking Devices: Accelerated (CGNAX) v1.1 wLab 6-1: Managing Remote Access Sessions 148 Activity Objective 148 Visual Objective 148 Required Resources 148 Command List 149 Job Aids 149 Task 1: Improve the Usability of the Router CLI 150 ‘Task 2: Connect to Your Remote Workgroup via VPN Tunnel 151 ‘Task 3: Using the Cisco IOS CL! Commands to Control Telnet and SSH Sessions 152 Lab 6-2: Using Cisco Discovery Protocol 158 Activity Objective 158 Visual Objective 158 Required Resources 158 Command List 159 Job Aids 159 Task 1: Use and Control Cisco Discovery Protocol on Your Workgroup Router 159 ‘Task 2: Use and Control Cisco Discovery Protocol on Your Workgroup Switch 162 Lab 6-3: Managing Router Startup Options 165 Activity Objective 165 Visual Objective 165 Required Resources 166 Command List 166 Job Aids 167 Task 1: Modify the Configuration Register 167 ‘Task 2: Observe the Flash File System and Add Boot System Commands 169 Lab 6-4: Managing Cisco Devices. 174 Activity Objective 174 Visual Objective 174 Required Resources 174 Command List 178 Job Aids 176 Task 1: Copy Configuration Files 176 ‘Task 2: Use debug Commands 180 Lab 7-1: Enabling Dynamic Routing to the Main Office 182 Activity Objective 182 Visual Objective 182 Required Resources 182 Command List 183 Job Aids 183 Task 1: Configure RIP Routing Protocol on Your Workgroup Router 184 ‘Task 2: Replace the Existing Static Route and Test Connectivity 186 Lab 8-1: Implementing OSPF 188 Activity Objective 188 Visual Objective 188 Required Resources 188 Command List 189 Job Aids 190 Task 1: Disable LAN Connections to the Core 191 ‘Task 2: Enable Serial Connections on the Workgroup Router 193 Task 3: Enable Routing with OSPF 195 ‘Task 4: Enable OSPF Plaintext Authentication 196 ‘Task 5: Verify OSPF Routing and Plaintext Authentication 196 Lab 8-2: Troubleshooting OSPF 199 Activity Objective 199 Visual Objective 199 Required Resources 199 Command List 200 Job Aids 200 Task 1: Update Your Workgroup Configurations. 201 Iv __Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v1.1 (© 2010 Gisco Systems, Ine.Lab 9-1; Implementing EIGRP 203, Activity Objective 203, Visual Objective 203, Required Resources 203, Command List 204 Job Aids 204 Task 1: Enable Routing with EIGRP 205 Task 2: Enable EIGRP MDS Authentication 206 ‘Task 3: Verify EIGRP Routing and MDS Authentication 206 Task 4: Debug Routing with EIGRP. 208 Lab 9-2: Troubleshooting EIGRP 210 Activity Objective 210 Visual Objective 210 Required Resources 210 Command List 211 Job Aids 214 ‘Task 1: Create and Advertise Your LAN 212 Task 2: Test Connectivity 214 Lab 10-1: Implementing and Troubleshooting ACLs 27 Activity Objective 217 Visual Objective 217 Required Resources 218 Command List 218 Job Aids 219 Task 1: Create an Extended ACL to Block Telnet Traffic into Your Workgroup 219 Task 2: Edit an Extended ACL to Block TFTP Requests from Your Workgroup 220 ‘Task 3: Remove the ACLs from the Serial Interface 223, Lab 11-1: Configuring NAT and PAT 224 Activity Objective 224 Visual Objective 224 Required Resources 224 Command List 225 Job Aids 225 Task 1: Configure PAT 226 ‘Task 2: Verify PAT Using show and debug Commands 227 Lab 11-2: Implementing IPv6 228 Activity Objective 228, Visual Objective 228 Required Resources 228 Command List 229 Job Aids 229 Task 1: IPv6 Preparation 230 ‘Task 2: Configure IPv6 Addresses 231 Task 3: Enable RIP for IPvé 232 ‘Task 4: Configuring and Verifying a Dual-Stack Router 234 Lab 12-1: Establishing a Frame Relay WAN 235 Activity Objective 235 Visual Objective 235 Required Resources 236 Command List 236 Job Aids 237 Task 1: Enable a Frame Relay Connection 237 Task 2: Verify a Frame Relay Connection 238 ‘Task 3: Configure and Verify Frame Relay Subinterfaces 240 Lab 12-2: Troubleshooting Frame Relay WANs 242 Activity Objective 242 Visual Objective 242 Required Resources 243 Command List 243, Job Aids 243, '© 2010 Cisco Systoms, Ine. Interconnecting Cisco Networking Devices: Accelerated (GGNAX) v1.1 v‘Task 1: Update Your Workgroup Configurations. Lab Activity Answer Key Lab 2-1 Answer Key: Configuring Cisco Switches Lab 2-2 Answer Key: Configuring Switch Security Lab 2-3 Answer Key: Configuring Expanded Switched Networks Lab 4-1 Answer Key: Converting Decimal to Binary and Binary to Decimal Task 1: Convert from Decimal Notation to Binary Format ‘Task 2: Convert from Binary Notation to Decimal Format Lab 4-2 Answer Key: Classifying Network Addressing Task 1: Convert from Decimal IP Address to Binary Format ‘Task 2: Convert from Binary Format to Decimal IP Address ‘Task 3: Identity IP Address Classes Task 4: Identify Valid and Invalid Host IP Addresses Lab 4-3 Answer Key: Computing Usable Subnetworks and Hosts Task 1: Determine the Number of Bits Required to Subnet a Class C Network ‘Task 2: Determine the Number of Bits Required to Subnet a Class B Network ‘Task 3: Determine the Number of Bits Required to Subnet a Class A Network Lab 4-4 Answer Key: Calculating Subnet Masks ‘Task 1: Determine the Number of Possible Network Addresses Task 2: Given a Network Address, Define Subnets ‘Task 3: Given Another Network Address, Define Subnets Task 4: Given a Network Block and Classful Address, Define Subnets ‘Task 5: Given a Network Block and Classful Address, Define Subnets ‘Task 6: Given a Network Block and Classful Address, Define Subnets Lab 4-5 Answer Key: Performing Initial Router Startup Lab 4-6 Answer Key: Performing Initial Router Configuration Lab 4-7 Answer Key: Enhancing the Security of Initial Router Configuration Lab 4-8 Answer Key: Using Cisco SDM to Configure DHCP Server Function Lab 5-1 Answer Key: Connecting to the Internet Lab 5-2 Answer Key: Connecting to the Main Office Lab 6-1 Answer Key: Managing Remote Access Sessions Lab 6-2 Answer Key: Using Cisco Discovery Protocol Lab 6-3 Answer Key: Managing Router Startup Options Lab 7-1 Answer Key: Enabling Dynamic Routing to the Main Office Lab 8-1 Answer Key: Implementing OSPF Lab 8-2 Answer Key: Troubleshooting OSPF Lab 9-1 Answer Key: Implementing EIGRP Lab 9-2 Answer Key: Troubleshooting EIGRP- Lab 10-1 Answer Key: Implementing and Troubleshooting ACLs Lab 11-1 Answer Key: Configuring NAT and PAT Lab 11-2 Answer Key: Implementing IPv6 Lab 12-1 Answer Key: Establishing a Frame Relay WAN Lab 12.2 Answer Key: Troubleshooting Frame Relay WANs 244 246 246 248 252 257 257 257 258 258 259 260 260 261 261 261 261 262 262 262 263, 264 265 266 268 274 276 279 282 285 288 291 298 301 304 307 309 311 313 316 318 320 322 Interconnecting Cisco Networking Devices: Accelerated (GGNAX) v1.1 (© 2010 Gisco Systems, Ine.CCNAX Lab Guide Overview This guide presents instructions and other information concerning the lab activities for this course. You can find the solutions in the lab activity Answer Key Outline This guide includes these activities: Lab 1-1: Lab 1-2: Lab 1-3: Lab 2-1 Lab 2.2: Lab 2.3: Lab 2-4: Lab 4-1 Lab 4.2; Lab 4-3: Lab 4-4: Lab 4-5: Lab 4-6: Lab 4-7: Lab 4-8: Lab 5-1 Lab 5-2: Lab 6-1 Lab 6-2: Using Windows Applications as Network Tools Observing the TCP Three-Way Handshake Observing Extended PC Network Information Configuring Cisco Switches Configuring Switch Security Configuring Expanded Switched Networks Troubleshooting Switched Networks Converting Decimal to Binary and Binary to Decimal Classifying Network Addressing Computing Usable Subnetworks and Hosts Calculating Subnet Masks Performing Initial Router Startup Performing Initial Router Configuration Enhancing the Security of Initial Router Configuration Using Cisco SDM to Configure DHCP Server Function Connecting to the Internet Connecting to the Main Office Managing Remote Access Sessions Using Cisco Discovery ProtocolLab 6-3: Managing Router Startup Options Lab 6-4: Managing Cisco Devices Lab 7-1: Enabling Dynamic Routing to the Main Office Lab 8-1: Implementing OSPF Lab 8-2: Troubleshooting OSPF Lab 9-1: Implementing EIGRP Lab 9-2: Troubleshooting EIGRP Lab 10-1: Implementing and Troubleshooting ACLs Lab 11-1: Configuring NAT and PAT Lab 11-2: Implementing IPv6 Lab 12-1: Establishing a Frame Relay WAN Lab 12-2: Troubleshooting Frame Relay WANs m= Lab Activity Answer Key Intorconnecting Cisco Networking Devices: Accelerated (GCNAX) v1.1 (© 2010 Gisco Systems, Ine.Lab 1-1: Using Windows Applications as Network Tools Complete this lab activity to practice what you learned in the related module. Activity Objective In this activity, you will be able to use Windows applications and commands to investigate the IP configuration of your PC and your local network. After completing this activity, you will be able to meet these objectives: ‘= Using the Windows command ipconfig, determine the current network addressing information of a PC. = Using the Windows operating system Network Properties dialog window, determine the IP configuration = Using the Windows command ping, determine test connectivity to the default gateway router. Using the Windows command arp -a, view the ARP table of the local PC and determine the association between the IP address and the MAC address of the default gateway, Visual Objective This figure illustra Visual Objective for Lab 1-1 Using Windows Applications as Network Tools what you will accomplish in this activity. Required Resources These are the resources and equipment that are required to complete this activity: = APC connected to a functioning network, with connectivity to the Internet (© 2010 Cisco Systems, ne. Lab GuideCommand List This table describes the commands that are used in this activity. Windows Commands ‘Command Description arp -a ‘The arp command with the ~a parameter obtains the output of the ARP table, It should be remembered that the nities to the ARP table are removed attor 5 minutes of inactivity ipconfig This command outputs the current IP address, network mask, and default gateway IP address. ping “This command tests IP connectivity between hosts. Job Aids These job aids are available to help you complete the lab activity. = There are no job aids for this lab, Task 1: Obtain the Current IP Address Information In order to obtain the current IP address information, it is necessary to use the Windows ipconfig command. It is necessary to open a Command window to access Windows commands, Activity Procedure Complete these steps: Step1 From the Windows desktop, click start. Step2 Choose run, and enter emd in the Run window dialog box. Click OK to continue. Step3 From the Command window prompt, enter ipconfig, Step4 Your output should resemble one of the these four examples: Nonworking example 1: The output indicates no connectivity. The Ethernet cable is probably not physically connected. C:\Documents and Settings>ipeontig Windows IP Configuration hernet adapter Local Area Connection Media Stace Media disconnected Nonworking example 2: The output indicates that the PC is waiting to obtain its IP address, information automatically. This will be a transient output; it will either successfully get an address or retry the ipeonfig command periodically until it changes to one of these remaining examples: C:\Documents and Settinga>ipeontig 4 Interconnecting Cisco Networking Devices: Accelerated (CCNAX v1.1 (© 2010 Gisco Systems, Ine.Windows TP configuration chernet adapter Local Area Connection Connect ion-specific DNS suftix IP Address 0.0.0.0 Subnet. Mask 0.0.0.0 Default Gateway Nonworking example 3: The output indicates that the PC network adapter was unable to obtain an IP address automatically, so the PC will use a generated link-local address. Getting a link-local address may seem like success, but it really indicates that there is no connectivity to an IP address server. This address will not be useful for network connectivity. If you see an IP address beginning with 169.254.x.x, you do not have a valid address. C:\Documents and Settinga>ipeontig Windows TP Configuration lernet adapter Local Area Connection Connect ion-specific DNS suffix Autoconfiguration IP Address 165.254.249.221 Subnet Mask 255.255.0.0 Default Gateway Working example 1: The output indicates that either the PC has a preconfigured IP address or that it successfully obtained its IP address automatically. Your IP address, subnet mask, or default gateway will most likely be different from what is shown. C:\Documents and Settings>ipcontig Windows IP Configuration Behernet adapter Local Area Connection Connect ion-spe DNS Suffix . : cisco.com TP Address 192.168.1.105 Subnet. Mask 255.255.255.0 Default Gateway s2.168 1.1 Step1 Ifyou have a problem, ask your instructor for assistance. Continue only if you have a valid IP address. Step2 Write the values that you obtained from the ipconfig command in these spaces, because you will be using them in later tasks PC IP address, IP default gateway address Note ‘There might be more than one network adapter available on a PC. The output of the ipconfig command will show a different IP configuration for each network adapter. Activity Verification You have completed this task when you attain this result = You obtained valid IP address information from the ipconfig command, (© 2010 Cisco Systems, ne. Lab GuideTask 2: View the Network Properties of the PC Ethernet Adapter Use the Windows operating system Network Properties dialog window. In this task, you will only view the configuration, but the same process would be followed should it be necessary to modify or supply new IP network address values. Activity Procedure Complete these steps: Step1 From the Windows desktop, double-click the Local Area Connection shortcut on your desktop. a ceal area Gee Note ‘The icon can also be found on the Network Connections dialog box on the Windows desktop or in the Control Panal Step2 From the Local Area Connection status window, click the Properties button, eine 2358 amor sen 8) ec aee eat Cage aa 6 _Interconnecting Cisco Networking Devices: Accelerated (CCNAX v1.1 (© 2010 Gisco Systems, Ine.Step3 In the Local Area Connection Properties window, scroll to the bottom and click Internet Protocol (TCP/IP) to highlight it. Then click the Properties button. WA Cea Aavnage COP Pose Deer oP PaeePldocal IEEE BIZ 21S z 7 Tern Cried Poot Paco The deat ‘hdeten nik orl tl pomee commen Step4 In the Internet Protocol (TCP/IP) Properties window, you might find that the Obtain an IP Address Automatically radio button is already set, as shown here. © Obtain an IF adtrace automatically O Use te fling IP axes © Osta DNS server adress autonaticaly Step5 —_Altematively, you might see that the Use the Following IP Address radio button is chosen, and that the fields are configured with IP address information matching the ipconfig command. ‘output that you obtained from th Note This is an example only. Do not change your settings. © Use the following IP address: IP address: [182.168 1. 105 | Subnet nas [5.25250 | Default gateway 182168 Step 6 Close all the dialog boxes and return to the Windows desktop. Acti y Verification You have completed this task when you attain these results: = You used the Windows TCP/IP properties to view the current configuration for the local area connection. consistent with the information you m= The values that were set in the TCP/IP properties we obtained using the ipeonfig command, (© 2010 Cisco Systems, ne. Lab GuideTask Test Connectivity to the Default Gateway Router The Windows ping command allows you to test the connectivity of the network. Its output demonstrates success or failure, and gives an indication of the round-trip time taken, Activity Procedure Complete these steps: Stop1 From the Command window prompt, enter ping followed by the address of your default gateway that you obtained in Task 1 Step2 The first example below is an unsuccessful ping. Ifyou get this output, ask your instructor for assistance. Nonworking example: The output indicates that no reply was received from the target IP address. C:\Documents and Settings>ping 192.168.2.1 Pinging 192.168.1.1 with 32 bytes of data Request timed out Request timed out Request timed out Request timed out Ping statistics for 192.168.1.1 Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Working example: This output indicates successful receipt of replies from the target IP address, C:\Documents and Settings»ping 192.168.1.1 Pinging 192.168.1.1 with 22 bytes of data Reply from 192.268 Reply from 192.168.2 Reply from 192.168.1 Reply from 192.168 bytess32 timecins bytea=32 timecins bytes=32 timecima bytege32 timecims Ping statistics for 192.168.1.1 Packets: Sent = 4, Received Approximate round trip times in milli-seconds Minimum = Omg, Maximum - Oma, Average ~ ome Step3 Notice that, by default, the Windows command sends four ping packets (Internet Control Message Protocol echo requests). Activity Verification You have completed this task when you attain these results: = You used the Windows ping command to test the connectivity to your default gateway router. = The round-trip time should be less than 10 ms, 8 Interconnecting Cisco Networking Devices: Accelerated (CCNAX v1.1 (© 2010 Gisco Systems, Ine.Task 4: View the ARP Bindings of the IP Address to the MAC Address The Windows arp -a command allows you to view the binding of the logical IP address and the physical MA address Activity Procedure Complete these steps: Stop 1 From the Command window prompt, enter arp —a. It is necessary to use the —a parameter to receive the output of the ARP table, Ci\Docunents and Settingssarp -a Interface: 192.168.1125 --- ox2 Internet Address Physical Address type 392.168.2.1 90-00-0c-07-ac-04 dynamic Step2 Your output should resemble the output in Step 1. If you did not receive any values, it may be that the ARP table has timed out the entry and you need to repeat Step 1 of the previous task. Step3 Close your Command window by typing exit at the prompt. Activity Verification You have completed this task when you attain this result m= You were able to view the binding of the IP address to the MAC addres. (© 2010 Cisco Systems, ne. Lab GuideLab 1-2: Observing the TCP Three-Way Handshake Complete this lab activity to practice what you learned in the related module. Activity Objective In this activity, you will use a packet sniffer software application to view the TCP initial three- way handshake. After completing this activity, you will be able to meet these objectives: Start the packet sniffer software application, to monitor the appropriate Ethernet interface for recording the packet flow. m= Generate a TCP connection using a web browser. = Observe the initial packets of the TCP flow, especially the SYN packet, SYN ACK packet, and finally the ACK packet. Visual Objective ‘This figure illustrates what you will accomplish in this activity. Visual Objective for Lab 1-2: Observing the TCP Three-Way Handshake Required Resources ‘These are the resources and equipment that are required to complete this activity = APC with access to the Internet The Wireshark packet sniffer Windows application Student Guide Module 1, Lesson 1 10 Interconnecting Cisco Networking Devices: Accelerated (CGNAX) v1.1 (© 2010 Gisco Systems, Ine.Command List This table describes the applications that are used in this activity PC Applications ‘Windows Application Description Internet Explorer 'A web browser that provides access to rich media content| Wireshark ‘A packet sniffer application Caution Installing andlor using a packet sniffer application may be considered a breach of an ‘organization's security policy, leading to serious legal and financial consequences. It is recommended that before downloading, installing, or running such an application, you obtain permission to do so. Job Aids These job aids are available to help you complete the lab activity. = There are no job aids for this lab. Task 1: Prepare the Sniffer Software to Capture a TCP Flow In this task, you will open the Wireshark application and apply the packet capture to your active Ethernet interface. Activity Procedure Complete these steps: Step 1 Open the Wireshark application by doubl Wreshark & Step2 Choose Capture, and then choose Interfaces from the drop-down menu, clicking its icon on your desktop. Be Est sen REM she Es cu ERM, aia es 2 5 2 | cre [ sa sae 1 > Soren Sar ne ae « Z0-00003 Wf ciotuethers, PMCiscosc:7sroo RP 108.133, Dennaton Prec fe (© 2010 Cisco Systems, ne. LabGude 1Step 3 Choose your local network Ethernet interface adapter. If this process is unclear, ask the instructor for assistance. Click the Start button associated with the chosen interface. Make note of the IP address that is associated with your chosen Ethernet adapter, because you will look for this as the source IP address when you examine captured packets. ‘Note your IP address het Wireshark: Copture Interface esaeeon poses cies (eh Steger gunned ne espe oe eh cms cyanevenadamar doormat steatey mans tak ees mofion rah coresten ances ele hele) 9818.12 lesa ma cope cos eeeaue_(mtonsiotasease [armen cr) ROOD Png Coreen (howe oreate) Step 4 The capture windows are now active. ei tin goatee pe em Ea Beoaoe *%S|8*#% oF 2 BiB 2aqgoa ve rae es a Se aoUTeT Yet), sees Lankeyec.ectaad (oo:utssareseaeas) ce), ost? ao2-248-1-160 Gz iea 200) s Transmssion cantrot Protect, sre Pore! 3273 Gas), ost Fore: 8220 9220}, sea) 6, Lent © Vs RS RGR (STOO Step 5 You will look more closely at the capture windows after you have captured the TCP flow. Step You may see some packets filling up the uppermost window. This will depend on the level of background activity on the network to which you are attached, Activity Verification You have completed this task when you attain this result: m= You have an open packet-capture window, associated with the Ethernet interface connected to your default router 12 interconnecting Cisco Networking Devices: Accelerated (CGNAX) v1.1 (© 2010 Gisco Systems, Ine.Task 2: Generate the TCP Flow to Be Captured You will use the Internet Explorer web browser to connect to a web server. The actual web server that is chosen is not important. The HTTP data that is used to carry web page text and ‘graphics uses TCP transport for reliability. The alternative best-effort protocol is UDP. You are interested only in the initial exchange that is performed by TCP to set up the connection, Activity Procedure Complete these steps: Step 1 ‘On the PC desktop, double-click the Internet Explorer icon to launch the web browser. Stop2 Enter the destination name or address. The instructor may provide you with a name or address different from www cisco.com, If so, write down this information here: eee eit ow Formias Tous rp GO O- WAG Paes Yorn @ sate | immense Vise)? er @ @| Qn Retum to the already open Wireshark application and choose Capture > Stop from the drop-down menu. Stop 3 acon fle Edt View Go Help Bw w gbre 4 Bla e 8 Filter: BW Stat 7 2 ee Dethatin Rectal Step4 If you have many TCP packets that are unrelated to your TCP connection, you may need to use the filter capability of Wireshark. Step5 To use a preconfigured filter, click the Analyze tab. Then click Display Filters. {© 2010 Cisco Systems, Ine. Lab Gude 18Step6 In the Wireshark: Display Filter window, button. es [phener eaters cn OHIRNATS eet ye 000) tema cet Pony . click TCP only and then click the OK. ainsi 196168. dor so for ry ter ay Leepotinn soon, dota omer pat ean Perea ara Tay ort Step7 _ In the top window of the Wireshark appli ication, use the scroll bar to place the first captured TCP packet at the top of the window. This should be the first packet in the flow. m7 en Fle Edt View Go Capture Aralye ee Statistics Help GBweeaeaelomxs 8/8 perf Source | Desthation| 4 Intorconnecting Cisco Networking Devices: Accelerated (GGNAX) v1.1 (© 2010 Gisco Systems, Ine.Step8 Observe the Info column of the captured packets in the top window. Look for three packets similar to those shown here. Two groups of three packets are highlighted here as an example. Bweeew omree Be ees SH 2.aac|euexo ef ct Slogger op. S2is.g7 deh adeatur me rvevivivaba Flracket st2e Tpited curing capture Sd.odsie3 86.94.2291 67 192.168.4. 102 HTTr continuarton or ronenrre traffic ete HERE EEG eT ER ee ee wince are 3 dlasntl —66.84.228.67 ASEA68.2.062 rep) heey!» £982 Fenn ar] sege3252.ack-L080 win-eE035 Leno EE UE eg TE ee Re Mes i lot Siitaen ties Hp 0.550653 Bi4ueio.ze doe esedcide Tap” ety)» 198r [eee] segrdAckagu? winsoSS20 Lefed EQUREL EPEAT HEIEDIE ine TABS Den UnSL Ori sssithairaiting izieey Step® Note the first packet number in the sequence that you have identified in your capture window. There is no need to find more than one sequence of packets. In the previous example, packet | and packet 12 both begin a sequence. You will observe the contents of these packets in detail in the next task, ‘Write down the packet number of the first packet in the TCP sequence here: Fle edt view go Copue asics Help Step 10 To filter another protocol, return to Step 4 in this task. You have completed this task when you attain these results: = You have identified that you have captured the packet sequence described in Step 8, You have noted the first packet in the sequence to be inspected in detail. Task 3: Inspect the TCP Initialization Sequence You will use the Packet Details window of the Wireshark application to view the TCP parameters exchanged during the initial startup sequence. This exchange is often referred to as, the three-way handshake, {© 2010 Cisco Systems, Ine. Lab Gude 18Activity Procedure Complete these steps: Step1 In the top window of the Wireshark application, click anywhere on the line containing the first packet that was identified in the previous task. This will highlight the line and make the two lower windows display the decoded information from that packet. Step2 _ In the example that follows, the Wireshark windows were adjusted to allow the information to be viewed in a compact size. The second window contains the detailed decoding of the packet. Step3 Clicking the + icon to the left expands the view of the TCP information. The view is contracted by clicking the — icon. Te cLte FoRerren Salouaerd isidea.2.102 — Se.4.200007 Tee falersiva iseites:rito2 — Seral220007 Are fe Frame 1 (SS tyres on wire, 6 bytes comune |s ethernex 42, src: Foxconn 2f:aites coo%15:58:2F |i rncernet prococal, src: 192,168.1,102 (192.168.1.102), st |= transmission control protocol, src Fort: 1385 (1385), 0st Por Source port: 1985 C1685) pestinatton part: fers (80) Sesuence runbar ralacive sequence runer) eadar Jength: 28 bytes 2 Flags? @x02 hap (sya) secs 40.0000) 162.168.2102 Lanso 35-1360 fprovsn76 1624681402 Teg heee aa Ackan winseseze tt Hite Ger /qpeaha?uaLeacket size Timived during & f= Frame © (60 bytes on wine, 60 bytes captured) > Ethernet 11, Sre: Linksys e6:aszad CO0:04: 05 Coors: ssrztiz1se5) fe internet pravacol, srcz 06.04.229,67 (65.04.229,67), Ost: 102-163,1.a02 (192, 168.4,102) Fancmisstan contre! protacal, sfc Port: Heep (Bd), Ost Pore: 1985 (2985), Seq: , ack? 2, Lent o Source port: rep (30) Destinztion part: 1985 1985) Sequence rugber! o heep [sys] Saue0 Le oo gleats Ge 3 3c 6 362-188-1202 ineep > asus Cevn, ack] Seq. an G vel atl ce ane HTTe GET /qp.ohp'ug[Pachat size Timited during fa Frane 3 (4 bytes on vire, $4 bytes captured) la ethernet 12, srez Foxconn 2f:24;e8 (o0:15:58:2F:21:08), ust: LinksysG_o6:48:ad (og:0475az06:48:a8) las ancernet eracocel, sre: 192.168.1.102 (192.168.1.102), Ost: 66.94.229.97 (66. 98.229.67) |= Transmission conttol protocol, sre Part: 1985 (1985), Ost Port: htp (Bd), seg: 4, ack: 4, Len: 0 Seurce port: 1985 C1585) Destination port: http (30) Sequence nimber: 1 (relative sequence number) Acknowledgement nunber: 1 (relative ack number) eager length: 20 bytes = Flags: og (ack) Congestion window Reduced (Ovk): Nat set = ELN-Echo: Not set legen: kor set = Acknowledgment: set Push New sat = synt Not set window Side: 65520 3 Checksum: ex0s7# [earrect] {© 2010 Cisco Systems, Ine. Lab Gude 17Stop8 In the third and final packet in the exchange, the forward sequence number is now set to 1. The acknowledgment number is set to 1. In the Flags field, only the acknowledgment bit is set to 1. At this point, the TCP connection is said to be established, because both ends have synchronized their sequence and acknowledgment numbers, as well as other parameters, Step9 Close the Wireshark application and all other open windows, Activity Verification You have completed this task when you attain this result = You have selected and decoded your three identified captured packets, and the values ‘match those shown and discussed in the examples within the task. 18 interconnecting Cisco Networking Devices: Accelerated (CGNAX) v1.1 (© 2010 Gisco Systems, Ine.Lab 1-3: Observing Extended PC Network Information Complete this lab activity to practice what you learned in the related module. Activity Objective In this activity, you will use PC tools to gather network-related information, After completing this activity, you will be able to mect these objectives: = Using the Windows ipconfig /all command, determine the IP addresses of the DNS servers that are available to your PC. Using the IP address of one of the DNS servers from Task I, test the connectivity to the DNS servers by using the Windows ping command, m= Using the Windows tracert /d command, obtain the IP addresses of the routers that were traversed to reach the DNS server that was tested in Task 2. Visual Objective This figure illustra a Visual Objective for Lab 1-3: Observing Extended PC Network Information what you will accomplish in this activity Required Resources These are the resources and equipment that are required to complete this activity: m= APC connected to a functioning network, with connectivity to the Internet. (© 2010 Cisco Systems, ne. Lab Gude 19Command List This table describes the commands that are used in this activity. Windows Commands ‘Command Description ipconfig /all ‘This command outputs all the current IP network information ping This command tests IP connectivity between hosts, tracert /d This command displays the IP address ofthe router at each hop as a packet traverses the network toward the destination IP address, Job Aids These job aids are available to help you complete the lab activity. There are no job aids for this lab, Task 1: Obtain the Complete Current IP Addressing Information In order to obtain the complete current IP address information on your PC, itis necessary to use the Windows ipconfig /all command. To access Windows commands, it is necessary to open a Command window. Activity Procedure Complete these steps: Step1 From the Windows desktop, click start. Step 2 Choose run, and enter emd in the Run window dialog box. Click OK to continue. Stop 3 From the Command window prompt, enter ipconfig /all. The /all parameter is used to show the complete output. 20 Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v1.1 (© 2010 Gisco Systems, Ine.Stop4 You will sce from your own output that some extra, useful information is now visible. Step5 From this output, note the IP address of the first DNS server here: Activity Verification You have completed this task when you attain this result = You have obtained the IP address of a DNS server from the output of the ipconfig /all command on your PC. Task 2: Test Connectivity to the DNS Server In this task, you will use the ping command to test the connectivity, Activity Procedure Complete these steps: Stop 1 From the Command window prompt, enter ping DNS JP Address. Your output should be similar to the example here, which uses a fictitious IP address. Seer eo [x Stop2 A successful ping indicates that both that the packets are being received and that the return packets are being routed back to your PC successfully Step3 The implications of an unsuccessful ping sequence require more investigation, Ifit is assumed that the ping attempts are unsuccessful, the next step is to try to sce where in the network the problem is occurring, Activity Verification You have completed this task when you attain this result: You have used the Windows ping command to successfully test connectivity to the IP address of the DNS server that you noted in Task 1 (© 2010 Cisco Systems, ne. Lab Gude 2Task Tracing Connectivity to the DNS Server In this task, you will use the tracert /d command to trace the path to the DNS server that you noted in the previous task. The /d parameter in the command stops the attempt to use DNS to ook up the IP addresses that were discovered along the path and put them in the output. In this, rio, DNS is not working, so attempting a lookup would waste time. You will use tracert without /d to see what the output would look like when DNS is able to resolve some or all of the IP addresses. Activity Procedure Complete these steps: Step1 This is an example of an unsuccessful trace attempt to the DNS server. The sequence would have continued until 30 hops had been tried. You will see that pressing Ctrl- (C was used to terminate the command earlier than the default number. Step2 From the Command window prompt, enter tracert /d DNS IP Address. Your output should be similar to the example here, which uses fictitious IP addresses. res [Je] 22 Inlrconnecting Cisco Networking Devices: Accelerated (CCNAX) v1.1 (© 2010 Gisco Systems, Ine.Step3 Now that you have seen that the route to the DNS server is working, use the tracert command without the /d parameter to sce what the output looks like when symbolic names are available. Your output should be similar to the example here, which uses fictitious IP addresses Stop 4 Close the Command window. Activity Verification You have completed this task when you attain these results: You have used the tracert /d command on your PC to suppress DNS lookup during the trace to the destination addres m= You have used the tracert command without the /d parameter on your PC to display the symbolic names that were associated with specific IP addresses that were discovered during the trace to the destination address. (© 2010 Cisco Systems, ne. Lab Gude 23Lab 2-1: Configuring Cisco Switches Acti Complete this lab activity to test administrative connectivity to your pod equipment, using methods for both connecting to the Cisco router and switch console ports via a console server and connecting via @ VPN client. You will also complete the initial switch configuration and practice the usage of the CLI features. ty Objective In this activity, you will begin preparations for subsequent labs by testing and practicing, administrative connectivity to your assigned workgroup equipment, which you will use for the remaining lab practice exercises in the course. You will also complete the initial switch configuration, as well as demonstrate and practice the use of the CLI features of your workgroup switch, After completing this activity, you will be able to meet these objectives: m= Connect to your assigned workgroup equipment by using a console (terminal) server so that switches and routers may be configured via the console ports, m= Connect to your assigned workgroup switch using the Cisco VPN Client software so that your PC will be connected through a network interface on your workgroup switch. = Restart the switch, and verify the initial configuration messages m= Use the erase startup-config command to ensure that the switch has no prior configuration saved to the startup-config file that is stored in NVRAM Use the system configuration dialog to perform the initial configuration of the Cisco Catalyst switeh = Configure a default gateway on the Cisco Catalyst switch m= Explore context-sensitive help m= Edit incorrect CLI commands on the switch m= Enter commands to improve the usability of the CLL. 24 Intorconnecting Cisco Networking Devices: Accelerated (GGNAX) v1.1 (© 2010 Gisco Systems, Ine.Visual Objective ‘The figure illustrates what you will accomplish in this activity Visual Objective for Lab 2-1: Configuring Cisco Switches rkgroup | Switch IP Hostname _| Add SwitchA 10.22.11 255.255.255.0 SwitchB 10.33.11 255.255.255.0 Switch 10.4.4.11 255.255.255.0 Bl SwitchD 10.5.5.11 255.255.255.0 SwitchE — 10.6.6.11 255.255.255.0 — SwitchF — 10,7.7.11 255.255.255.0 SwitchG — 10.8.8.11 255.255.255.0 SwitchH 10.9.9.11 255.255.255.0 i Your lab equipment is located remotely and you will acces tin two distinct ways: For the first method, you will access the remote routers and switches using their console ports. To do this, you will connect to a remote console server (also known as a terminal server) that provides serial connections to the console ports of the lab routers and switches, ‘You can accomplish this through either an SSH session or a web link to the console server = For the second method, you will connect to the remote routers and switches using a VPN tunnel. This provides access via a VPN router to the same network to which your workgroup switch connects. This second method sends packets via an encrypted tunnel across the Internet. Required Resources ‘These are the resources and equipment that are required to complete this activity: Lab topology configured for this course = Student pod consisting of one Cisco Catalyst 2960 switch and one Cisco 2811 router (or functionally equivalent Cisco devices) APC with connectivity to the remote lab ‘An SSH-capable terminal emulation application or web browser ‘Your assigned pod information Classroom reference materials as follows: = Lab Guide m= Student PC or workstation with SSH or web browser and VPN client access to workstation pod devices {© 2010 Cisco Systems, Ine. Lab Gude 2.Command List The table describes the commands that are used in this activity, The commands are listed in alphabetical order so that you can easily locate the information that you need. Refer to this list if you need configuration command assistance during the lab activity. Switch Cisco 10S Commands Command Description 2 or help. In user mode, Cisco IOS Software lists a subset of the available commands ‘After you enter enable and enter your enable password for privileged mode, a much larger list of available commands is displayed, clock set. Manages the system clock. configure terminal Activates the configuration mode from the terminal copy running-config destination Copies the switch running configuration file to another destination. A typical destination isthe startup configuration. enable ‘Activates the privileged EXEC mode. In privileged EXEC. mode, more commands are available, This command requires you to enter the enable password ian enable password is configured, enable password passwo! The enable password protects access to the enable mode. However, this password is stored in cleartext in the configuration. enable secret gecret_pasaword The encrypted enable password protects access to the enable mode. An enable secrot password overrides the cleartext enable password should both be configured, end, “This configuration command terminates the configuration mode. erase startup-config Erases the startup configuration that is stored in nonvolatile momary. exec time-out ‘Ses the inactivity time that is allowed before a session will be automatically logged out history size ‘Sets the number of ines that are held in the history butfer for recal. Two separate buffers are used—one for EXEC mode commands and the other for configuration mode commands. hostname hostname ‘Sets the system name, which forms part of the prompt. interface vlan 2 Enters the interface configuration mode for VLAN 1 to set the switch management IP address. ip address ip-address mask Sets the IP address and mask of the interface. Ap default-gateway ip-address ‘Sets the default gateway of the switch. The default gateway isthe router, which will foward IP packets that are ot destined forthe local network [ne] ip domain-lookup The commanet-line interpreter by default res, when receiving a command it does nat recognize, to interpret it as a symbolic name for an IP address. The no form of this command turns off this default action, thus speeding up the interpretaton of erroneous entries. 26 Intorconnecting Cisco Networking Devices: Accelerated (GGNAX) v1.1 (© 2010 Gisco Systems, Ine.‘Command Description Line console 0 Enters the line console 0 configuration moda, Line vty 015 Enters the vly configuration mode. VIy ines allow access to the switch for remote network management, The number of vty lines that are available depends on the Cisco IOS Software version. Typical values are 0-4 and 0-15, (inclusive). legging synchronous ‘Synchronizes unsolicited messages and debug privileged EXEC command output with solicited device output and romps for a specife console port line or viy line. login This configuration line command applies a login process requiring a username and password for access. password line password ‘Assigns a password to the console or vty ports. reload Restaris the switch and reloads the Cisco 10S operating system and configuration, show interface vlan 1 Displays the switch IP address information (Cisco Catalyst 2980), how clock Displays the system clock show history Displays recently entered commands. how interface: Displays information on all the switch interfaces, ‘show running-config Displays the active configuration, ‘show terminal Displays the current settings for the terminal ‘show version Displays the configuration of the switch hardware and the various software versions. [no] shutdown, Use the shutdown interface configuration command to disable an interface, Use the no form of this command to restart a disabled interface. terminal history size Sets the command history buffer size. PC Application Windows Applications Description PuTTY (SSH/TeInet client) Terminal emulation application that supports SSH and Telnet protecols Cisco VPN client VPN client software application Windows Command ipconfig /all Command that outputs all the current IP network information (© 2010 Cisco Systems, ne. Lab Gude 27Job Aids These job aids are available to help you complete this activity: ‘= Fill in this table of class-dependent network and connection information, using the values that are provided by your instructor. Table 1: Network and Connect n Information Information Instructor-Assigned Value ‘Your assigned workgroup (letter) IP address of the console server or remote lab web age address Usemame and password for the console server or emote web page IP address of the VPN-RTR (ifrequired or if different from above) VPN client connection entry name (if required) Username and password for VPN (if required or if different from the console server) ‘SSH terminal emulation application to access the Console server (if required). = These tables contain the required information to be entered during initial switch configuration Table 2: TFTP Server IP Address Information TETP Server IP Address Workgroup 1022.4 103.34 1044.1 cfolal> 1055.41 1066.1 107.74 108841 z}o|a|m 10.9981 28 Intorconnecting Cisco Networking Devices: Accelerated (GGNAX) v1.1 (© 2010 Gisco Systems, Ine.Switch IP Address Information Workgroup Hostname ‘Switch IP Address. Mask A ‘Switch 10.2.2.11 255,255,255.0 8 ‘Switch 10.3.3.11 255,255,255.0 c ‘Switch 10.4.4,11 255,255,255.0 D ‘Switch 10.5.5.11 255,255,255.0 E ‘Switch 1066.11 255.255.255.0 F SwitehF 10.77.41 255.255.255.0 6 SwitehG 10.8.8.11 255.255.255.0 4 ‘Switch 10.99.11 255.255.255.0 Task 1: Connect to Remote Console Server Internet Option 1: If Using SSH to Access Console Server If instructed, in this task, you will use an SSH-capable terminal emulation application to connect to a console server and use a series of menu choices to reach your lab equipment, This, terminal emulator enables you to configure and control the Cisco remote network devices via their console port Console Server Console port {© 2010 Cisco Systems, Ine. Lab Gude 29Activity Procedure Complete these steps: Step1 From the desktop of your PC, double-click the icon of the terminal emulator. In this example, PuTTY is being used. Step 2 Ensure that the SSH radio button is chosen, Enter the IP address of the console server in the Host Name field, and click Open. satinie Bast Star Sta Orman Oss Osea! sea” Ca (=a Step3 Enter the SSH login name and password at the prompts, using those that you have noted in the Network and Connection Information table. You may see a Pul TY security warning if PUTTY does not have the host key cached; answer Yes to proceed 30 Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v1.1 (© 2010 Gisco Systems, Ine.Step4 A banner message is displayed, followed by a table showing item numbers that are used to connect to the workgroups. Read the information regarding the escape sequence that is used to return from a switch or router connection to the menus. To perform this escape sequence, briefly hold down the keys 6, release and press x (lowercase). 407,245,124 Duly To exit seh session and return to the wen press scTRLsecePTescé> chen . To cleat s connection vo begia, a saw console cesaien eye clef (vaere # = the mort stem nomer| iru detion 6 Contect ve JorKGrowp Step$ Choose your workgroup by entering its associated item number. {© 2010 Cisco Systems, Ine. Lab Guide 3tStep6 You are now at the Workgroup menu, Your choices are to choose 1 to connect to the router, 2 to connect to the switch type, or exit to return to the previous menu. In this, case, type exit to retum to the previous menu, Press Enter to confirm your choice. fa neu cougo1e saosion tive clo# [uuare Y- che menu tex number) Step7 Now type exit followed by the Enter key to end the SSH session, nav conzo1e cesaicn cpye cis# (vacre # = che menu item aumer) rons Action Connect te dorkoronp Connect ve Jorxoroup xtc zat I le ete eeie ete et ee Stop8 Depending on the terminal emulator that is used, the window may close, go blank, or appear unchanged. However, the session has ended, and any keystrokes will be ignored. Stop® Close the terminal emulation application, ifit did not close automatically. 32 Inlerconnecting Cisco Networking Devices: Accelerated (CCNAX) v1.1 (© 2010 Gisco Systems, Ine.Option 2: If Using an Alternative Method to Access the Console Server There are different methods of accessing the console server other than an SSH session. For example, you may be asked to access the console server via web access with a web browser providing a means of terminal access. In this case, the instructor will provide you with information about how to proceed with this activity. Activity Verification You have completed this task when you attain these results: ‘= Using the information that is provided in Table I, you are able to connect with the remote console server to configure your workgroup devices via their console ports. Task 2: Connect to Remote VPN Router In this task, you will use the Cisco VPN client software to access the remote lab. Once there, ‘you will observe the changes to your local PC IP addressing and discuss the changes to the packet-forwarding behavior. Acti 'y Procedure Complete these steps: Step1 From your PC desktop, open the Cisco VPN client by clicking the VPN Client icon, a nom en pena UMC Step 2 Choose the connection entry that is associated with your assigned workgroup. (© 2010 Cisco Systems, ne. Lab Gude 3Stop 3 Click the Conneet icon on top left of the application window. g s & bx se en Step 4 Step 5 ‘The Connect icon changes and a User Authentication window appears. Enter the VPN username and password that you recorded in Table 1 and press Enter. After a momentary pause, the VPN windows will close. The Padlock icon that appears in the system tray at the bottom right side of the screen will change from an open padlock to a closed padlock. If the window does not close, manually minimize it ' to the IP addressing of the PC, open a Command window and Stop 7 ‘When you perform this task, you will observe that a second Ethemet adapter has an IP address and mask. Your output may be different; however, this address and mask are specific to the workgroup addressing used in the labs that follow. The VPN adapter does not have a default gateway that is specified because the packe forwarding behavior has been modified so that networks that have been configured on the VPN router will be forwarded through the tunnel. This situation will occur automatically, and any packets that do not match will be sent to the configured default gateway associated with the other Ethernet adapter Pa Intorconnecting Cisco Networking Devices: Accelerated (GGNAX) v1.1 (© 2010 Gisco Systems, Ine.Stop8 You should be able to successfully ping the address 10.x.x.100, where x=2 for WG A, 3 for WG B, and so forth, and. x= 9 for WG H. If you are unsuccessful, you should ask your instructor for assistance, Your output should be similar to the following example: C:\Documents and Settings>ping 10.10.10.100 Pinging 10.10.10.1 with 32 bytes of data Reply from 10.10.10.100: bytes=32 time=sme TTL=127 Reply from 10,10,10,100: bytese32 times8ms TTL=127 Reply from 10.10.10.100: bytese32 timedms TTL-127 Reply from 10.10.10.100: bytes=22 rr=227 Ping statistics for 10,10.10,100 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds Minimum = tne, Maximim = Sms, Average - &me Note In later labs, you will use the VPN tunnel to allow the connection of a browser to your workgroup router, Step9 To terminate your VPN connection, double-click the system tray Padlock icon, which will open the VPN application window. You can also right-click the padlock icon and choose Disconnect. ‘S82 8% idl Wore Mealy Cormeen Emin | Cees | Los | Tobe saiior ast actor inowee, senor stat IPSeeaIDP InoweD anion 28121 IFseeaine ino wee yar 2s 121 Irseeaine iower vapor asi2i IFSe0toe Inowes apr 121 IFse0tloe Inowes ae 107 121 IFes0toe Connect ICN YS eoneced Tne: 042s) 0035.25 _¥) Step 10 Click the Disconnect icon in the top right of the VPN application window. This will close the tunnel connection and remove the IP addressing changes to the PC, Step 11. Close the VPN application window. {© 2010 Cisco Systems, Ine. Lab Gude 35Step 12 Confirm that the PC has its original network IP address by using the ipconfig command in the command window Step 13 Confirmed that the connection information has been removed, close any remaining Windows applications. Activity Verification You have completed this task when you attain these results: You were able to access the remote lab network using the Cisco VPN Client application, and the information that is recorded in Table 1. m= You were able to confirm connectivity to the remote equipment using the ping command. Task 3: Connect to Your Assigned Workgroup Switch In this task, you will connect to your procedure from Table | and Task I ‘signed workgroup by using the information and ity Procedure Complete these steps: Step1 Connect to your workgroup switch console via the console server by using the information from Table 1 and following the procedure shown in Task 1 Step2 Press Enter several times to get the switch to display a prompt. m= Ifyou see the prompt Switeh>, proceed to Task 4. = If your output resembles the following, answer the questions as the example indicates: Would you like to terminate autoinstall? [yes]: yes --- System Configuration log --~ Would you like to enter th [yes/no]: no initial configuration dialog? Switeh> switen> 36 Interconnecting Cisco Networking Devices: Accelerated (CCNAX v1.1 (© 2010 Gisco Systems, Ine.Activity Verification You have completed this task when you attain this result: You accessed your assigned workgroup switch on the remote lab network, using the information that was provided Task 4: Verify That Switch Is Unconfigured and Reload In this task, you will use the erase startup-config command to ensure thatthe switeh has no prior configuration saved to the startup-config file that is stored in NVRAM. You will then reload the switch software and observe the output that is generated during the reload. Activity Procedure Complete these steps: Step When the switch prompt displays Switch>, you are currently in user EXEC mode. To see the effect of entering a privileged command in the user EXEC mode, enter the command erase startup-config. Your display should be similar to the following example: Switchserage startup-contig ‘ nvalid input detected at '*! marker Stop2 The output is the response to entering a privileged EXEC command when in user mode, Enter the command enable. Your display should be similar to the following example: Switchsenable Switehi Note Ityou are prompted for an enable password, try the password sanfran. Ifthe sanfran password does not work, please consult with your instructor. Stop3 Notice that the switch prompt changed from Switch> to Switch. This indicates that you are in privileged EXEC or enable mode. When you now enter the erase startup- config command, itis accepted. Press the Enter key to confirm, and press Enter again to get the switch prompt. Your display should be similar to the following example: Switch#erase startup-config Erasing the nvran filesystem will remove all configuration files! Continue? confirm] OK] erage of nvvam: complete 00:18:46; $SYS-7-NV.BLOCK INIT: Initalized the geometry of nvram Switch# Step4 Enter the reload command. If you are prompted to save modifications, answer N. ‘When you are prompted to confirm reload, answer Y. You will then be presented with alot of output, giving the status of the switch during the reload process. Your display should be similar to the following example. (Some repeating text has been omitted to reduce the output length.) (© 2010 Cisco Systems, ne. Lab Gude 37Switchirelead Proceed with reload? [confirm] 00:21:00; ¥S¥S-5-RELOAD: Reload requested by console, Reload Reason: Reload Conmand Base ethernet MAC Address: 00:1a:6d:44:62:80 Xmoden file system is available The password-recovery mechanism is enabled Initializing Flash, flashfe(0]: 597 files, 19 directories Elash£e(0]: 0 orphaned files, 0 o:phaned directories flashfs [0]; Total bytes: 32514048 flashfs [0]: bytes used: 8208384 flashfe(0]: Bytes available: 24305664 flashfs[0]: flashfs fack took § seconds done Initializing Flash. Boot Sector Filesystem (bs) installed, feid: 3 gone Loading "flash:c2960-Lanbaseks-mz.122-25.82£2/c2960-Lanbasek9-mz.122- 25.SHE2-bin".. .aasasaaaaaenanes text omitted ossoessersssssess000s90e200020009000000039009 File "flash:c2960-lanbasekS-mz.122-25, S8B2/c2960~Lanbasek9-mz.122-25.SEE2.bin" uncompressed and installed, entry point: 0x3000 executing Restricted Rights Legend Use, duplication, or disclosure by the Governnent is subject to restrictions a set forth in subparagraph (c) of the Conmercial Computer Software - Restricted Rights clause at FAR aec. 52.227-19 and gubparagraph {c) (Q) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252,227-7013 cisco systems, Inc. 170 West Tasman Drive San Jose, California 95134-1705 Cleco 10S Software, C2960 Software (C2960-LANBASEKS-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fei) Copyright (c) 1985-2006 by Cisco systems, Inc. Compiled Fri 28-Jul-06 11:57 by yenanh Image text-bade: 000003000, data-hase: Oxo0BE7944 Initializing flashfs. flashfs [2]; 597 files, 19 directories Hlashts[1]: 0 orphaned files, 0 orphaned directories Hlashts [1]: Total bytes: 325ic048 flashfs [1]: Bytes used: 8208384 flashfs [3]; Bytes available: 24305664 Hlashts [1]: flashts fsck took 1 seconds flashfs[1]: Initialization complete....done Initializing flashfs. POST: CPU MIC register Teste + Begin POST: CPU MIC register Tests : End, Status Passed POST: PortASIC Memory Tests + Begin POST: PortASIC Memory Tests : End, Status Passed 38 Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v1.1 (© 2010 Gisco Systems, Ine.