ICND1 v2.0 Lab Guide

or help In user EXEC mode, lists the subset of commands that are available at that level configure terminal Activates the configuration mode from the terminal copy running-config destina

Trang 1

Interconnecting Cisco Networking Devices, Part 1

Version 2.0

ICND1

Lab Guide

Part Number: 97-3244-01

Trang 2

Americas Headquarters

Cisco Systems, Inc

San Jose, CA

Asia Pacific Headquarters

Cisco Systems (USA) Pte Ltd

Trang 3

Lab 2-1: Performing Initial Router Setup and Configuration L-19

Lab 3-1: Enhancing the Security of the Initial Configuration L-53

Trang 4

Task 1: Add Password Protection L-57

Trang 5

Task 1: Connect the Router to the WAN L-143

Lab 5-2: Configure and Verify Stateless Autoconfiguration L-153

Trang 6

Lab 4-2: Configuring DHCP Server L-242

Trang 7

Lab 1-1: Performing Switch Startup and Initial

Restart the switch and verify the initial configuration messages

Complete the initial configuration of the Cisco Catalyst switch

Explore context-sensitive help

Improve the usability of the CLI

Trang 8

Visual Objective

The figure illustrates what you will accomplish in this activity.

Visual Objective for Lab 1-1: Performing

Switch Startup and Initial Configuration

Detailed Visual Objective

Perform switch startup and initial configuration.

Trang 9

Cisco IOS Switch Commands

? or help In user EXEC mode, lists the subset of commands that are

available at that level

configure terminal Activates the configuration mode from the terminal

copy running-config destination Copies the switch running configuration file to another destination

A typical destination is the startup configuration

do command Executes user EXEC or privileged EXEC commands from global

configuration mode or other configuration modes or submodes, inany configuration mode

enable Activates privileged EXEC mode In privileged EXEC mode, more

commands are available This command requires you to enter theenable password if an enable password is configured

erase startup-config Erases the startup configuration that is stored in nonvolatile

memory

history size number Sets the number of lines that are held in the history buffer for

recall Two separate buffers are used: one for EXEC modecommands and the other for configuration mode commands

hostname hostname Sets the system name, which forms part of the prompt

interface vlan 1 Enters interface configuration mode for VLAN 1 to set the switch

management IP address

ip address ip-address subnet-mask Sets the IP address and mask of the interface

line console 0 Enters line console configuration mode

logging synchronous Synchronizes unsolicited messages and debugs privileged EXEC

command output with solicited device output and prompts for aspecific console port line or vty line

reload Restarts the switch and reloads the Cisco IOS operating system

and configuration

Trang 10

Command Description

show flash: Displays the layout and contents of a flash memory file system

show startup-config Displays the startup configuration settings that are saved in

NVRAM

show terminal Displays the current settings for the terminal

show version Displays the configuration of the switch hardware and the various

software versions

Job Aids

These job aids are available to help you complete the lab activity.

The table shows the hardware that is used in the lab and the operating system that is running on the devices.

SW1 Catalyst 2960 Series Switch c2960-lanbasek9-mz.150-1.SE3

There are no console or enable passwords set for the router and switch in the initial lab setup The table shows the username and password that are used to access PC1.

Trang 11

Devices are connected by Ethernet connections The figure illustrates the interface identification and IP addresses that are used in this lab setup.

Topology and IP Addressing

Fa0/1

The table shows the interface identification and IP addresses that are used in this lab setup.

PC1 Ethernet adapter local area

connection

Trang 12

Setting the IP Address on a PC

On a PC, click Start and choose Control Panel Click Change Adapter Settings and then right-click

Local Area Network Choose Properties When you are presented with the Local Area Connection

Properties dialog, click Internet Protocol version 4 (TCP/IPv4) and then click Properties In the Internet Protocol Version 4 (TCP/IPv4) Properties window, click the Use the Following IP Address radio button

and enter the appropriate IP address, subnet mask, and default gateway.

Task 1: Perform a Reload and Verify that the

Switch Is Unconfigured

In this task, you will use the erase startup-config command to ensure that the switch has no prior

configuration in the startup-config file You will then reload the switch software and observe the output that

is generated during the reload Finally, you will investigate the properties of the switch.

Activity Procedure

Complete the following steps:

Step 1

Trang 13

To see the effect of entering a privileged-level command in user EXEC mode, enter the command erase

startup-config.

What was the result of issuing the command in an incorrect EXEC mode?

Step 3

Enter privileged EXEC mode.

How do you know if you are in privileged EXEC mode and not user EXEC mode?

Step 4

Erase the startup configuration Because the switch also stores a small part of the configuration in the file, vlan.dat, stored in flash memory, delete it before performing a reload Observe the output during the reload.

Step 5

Press Enter when the switch boots and skip the initial configuration dialog You will know when the switch

has finished booting when you see "Press RETURN to get started!" in the console output.

How do you know that the startup configuration has been erased?

Step 6

Using the appropriate show command, investigate the switch model number, software version, and amount

of RAM and flash memory.

Activity Verification

You have completed this task when you attain these results:

You performed a switch reload.

You verified that the switch is unconfigured.

Trang 14

Task 2: Configure the Switch with a Hostname

Assign an IP address to the VLAN 1 interface on switch SW1 Be sure that you assign the correct IP

address, as described in the Job Aids section in the beginning of the lab document.

Step 3

Access the PC1 Use the username and password that is described in the Job Aids section in order to log in.

Trang 15

Assign the IP address of PC1, as listed in the Job Aids section Leave the default gateway empty.

Step 5

From PC1, ping the VLAN 1 IP address of SW1 to confirm Layer 3 connectivity.

You configured the switch with a hostname and a VLAN 1 IP address.

You configured PC1 with the correct IP address.

Your ping from PC1 to the VLAN 1 IP address of SW1 was successful.

Trang 16

Note Configuring the IP address on the switch is not mandatory to start the switch running, but it is necessary

for remote management access to the switch

Task 3: Explore Context-Sensitive Help

In this task, you will use context-sensitive help to locate commands and complete command syntax.

Using the ? command, set the clock on the switch to the current time and date.

Note Pressing the Tab key automatically completes the command if the characters that you have entered are

not ambiguous

Step 3

Verify the current date and time using the appropriate show command.

Step 4

Type the following comment line at the prompt and then press Enter:

!ths command changuw the clck sped for the swch

Note An exclamation point (!) at the beginning of the line indicates that you are entering a comment The

comment will not be part of the switch configuration Comments are a great help when you are working

on a configuration in a text editor and plan to upload it to a device

Step 5

Press Ctrl-P or press the Up Arrow key to see the previous line Use the editor commands Ctrl-A, Ctrl-F,

Ctrl-E, and Ctrl-B to move along the line, and use the Backspace key to delete unwanted characters.

Using the editing commands, correct the comment line to read:

!This command changes the clock speed for the switch.

Trang 17

Task 4: Improve the Usability of the CLI

In this task, you will enter commands to improve the usability of the CLI You will increase the number of lines in the history buffer, increase the inactivity timer on the console port, and stop the attempted name resolution of mistyped commands.

Step 1

Using the show terminal command, verify that history is enabled, and determine the current history size for

the console line.

Step 2

Change the history size to 100 for the console line and verify that the change has taken place.

Note Alternatively, you could use the begin keyword You will see the output beginning from the first match.

Step 3

The no ip domain lookup command disables the resolution of symbolic names If you mistype a command,

the system will not try to translate it into an IP address (it will take about 5 seconds to time out) Disable IP domain lookup.

Step 4

The default console access EXEC timeout is set to 10 minutes After 10 minutes of inactivity, the user is

disconnected from console access and is required to reconnect Change this timer to 60 minutes.

Note Make sure that you are in console line configuration mode To execute user EXEC or privileged EXEC

commands from global configuration mode or other configuration modes or submodes, use the do

command in any configuration mode

Step 5

The logging synchronous command synchronizes unsolicited messages and debugs privileged EXEC

command output with the input from the CLI If you are in the middle of typing a command, status

messages will appear where you are typing Enable synchronous logging on line console 0.

Step 6

Save your running configuration to the startup configuration.

Trang 18

You changed the history buffer size.

You disabled resolution of symbolic names.

You set the inactivity timeout on the console line to 60 minutes.

You enabled synchronous logging on the console line.

You saved the running configuration to the startup configuration file.

Trang 20

Visual Objective for Lab 1-2: Troubleshooting

Switch Media Issues

SW1PC1

Trang 21

Command List

The table describes the commands that are used in this activity The commands are listed in alphabetical order so that you can easily locate the information that you need Refer to this list if you need configuration command assistance during the lab activity.

Commands

configure terminal Enters global configuration mode

copy running-config startup-config Saves the running configuration into NVRAM as the startup

configuration

duplex full Enables full duplex on an interface

enable Enters the privileged EXEC mode command interpreter

interface FastEthernet 0/13 Specifies interface FastEthernet 0/13 and enters interface

configuration mode

shutdown/no shutdown Disables or enables an interface

ping ip-address Uses ICMP echo requests and ICMP echo replies to

determine whether a remote host is reachable

show interfaces FastEthernet 0/13 Displays information about interface FastEthernet 0/13

show ip interface brief Displays a brief summary of the interfaces on a device, which is useful

for quickly checking the status of the device

Job Aids

Branch Cisco 2901 Integrated Services Router c2900-universalk9-mz.SPA.152-4.M1

Topology and IP Addressing

Devices are connected with Ethernet connections The figure illustrates the interface identification and IP addresses that are used in this lab setup.

Trang 22

Fa0/1

Fa0/13 Gi0/0 10.1.1.1

PC1 Ethernet adapter local area connection 10.1.1.100/24

Task 1: Lab Setup

In this setup task, you will load the configuration from the switch flash drive.

Complete these steps:

Step 1

Access the CLI of switch SW1.

You will be provided with information about accessing the lab equipment.

Trang 23

Load the configuration file tshoot_media_issues_start.cfg from the flash drive of the switch.

SW1#copy flash:tshoot_sw_media.cfg run

At this point, you have loaded a configuration file that includes your trouble tickets, presented in Tasks 2 and 3.

You have completed this task when you attain this result:

You loaded a configuration file from the switch flash drive.

Task 2: Troubleshoot Connectivity Between

Computer PC1 and Switch SW1

In this task, you will troubleshoot connectivity problems between switch SW1 and computer PC1.

Trang 24

Step 3

Correct the issue so that John can continue his work.

Do not forget to verify Layer 3 connectivity between PC1 and SW1.

Step 4

Save the configuration of switch SW1.

Why is it important at this stage to save the configuration?

You have completed this task when you attain this result:

You identified and corrected the problem that was reported by the user on PC1.

Task 3: Troubleshoot Connectivity Between

Switch SW1 and the Branch Router

In this task, you will troubleshoot connectivity problems between the Branch router and switch SW1 You will correct the existing problem.

Using the appropriate show commands from the Command List section, identify the status of interface

FastEthernet0/13, which connects to the Branch router.

Step 2

Correct the issue that you identified Do not forget to save the changes that you made.

Trang 25

Lab 2-1: Performing Initial

Router Setup and

Inspect router hardware and software

Perform initial router configuration

Improve the usability of the CLI

Use Cisco Discovery Protocol to discover how devices are interconnected

Trang 26

Visual Objective for Lab 2-1: Performing Initial

Router Setup and Configuration

PC1

SW1

Branch Verify the router and its settings.

Perform router initial configuration.

Use Cisco Discovery Protocol to discover how devices are interconnected.

Trang 27

Command List

Cisco IOS Router Commands

configure terminal Activates the configuration mode from the terminal

copy running-config destination Copies the running configuration file to another destination A

typical destination is the startup configuration

description Adds a descriptive comment to the configuration of an interface

enable Activates privileged EXEC mode In privileged EXEC mode, more

commands are available

erase startup-config Erases the startup configuration that is stored in nonvolatile

memory

exec-timeout Sets the interval before the user session is disconnected when idle

hostname hostname Sets the system name, which forms part of the prompt

interface type module/slot/port Specifies an interface and enters interface configuration mode

ip address ip-address subnet-mask Sets the IP address and mask of the interface

[no] ip domain lookup Enables or disables DNS resolution of symbolic names

line console 0 Enters line console configuration mode

logging synchronous Synchronizes the display of router output messages with the

command-line prompt

ping ip_address Uses ICMP echo requests and ICMP echo replies to determine

whether a remote host is reachable

reload Restarts the router and reloads the Cisco IOS operating system

show cdp Displays global Cisco Discovery Protocol information

show cdp neighbors [detail] Displays brief information about discovered neighboring Cisco

devices If the keyword detail is used, detailed information about

discovered devices is displayed

show interfaces Displays information about all of the device interfaces

show startup-config Displays the startup configuration settings that are saved in

nonvolatile memory

show version Displays the configuration of the router hardware and the

various software versions

Job Aids

Trang 28

Devices are connected with Ethernet connections The figure illustrates the interface identification and IP addresses that are used in this lab setup.

Fa0/1

Fa0/13 Gi0/0 10.1.1.1

Trang 29

Task 1: Inspect the Router Hardware and

Software

In this task, you will first inspect the router hardware and software properties You will verify that a startup configuration exists and delete it You will then reload the router and observe the output that is generated during the reload.

Use command show version in privileged EXEC mode on the Branch router to display information about

the currently loaded software, along with hardware and device information.

Router#show version

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M1,

RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 26-Jul-12 20:54 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)

Router uptime is 15 minutes

System returned to ROM by reload at 17:06:50 UTC Thu Nov 22 2012

System restarted at 17:09:24 UTC Thu Nov 22 2012

System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M1.bin"

Last reload type: Normal Reload

Last reload reason: Reload Command

DRAM configuration is 64 bits wide with parity enabled

255K bytes of non-volatile configuration memory

250880K bytes of ATA System CompactFlash 0 (Read/Write)

Trang 30

Proceed with reload? [confirm]

Sep 11 11:31:16.663: %SYS-5-RELOAD: Reload requested by console Reload Reason: Reload Command

System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

Total memory size = 512 MB - On-board = 512 MB, DIMM0 = 0 MB

CISCO2901/K9 platform with 524288 Kbytes of main memory

Main memory is configured to 72/-1(On-board/DIMM0) bit mode with ECC enabled

Readonly ROMMON initialized

program load complete, entry point: 0x80803000, size: 0x1b340

IOS Image Load Test

You collected hardware and software device information.

You erased the startup configuration.

You reloaded the router and observed the startup output.

Trang 31

Return to the privileged EXEC command and verify GigabitEthernet0/0 interface status, interface

description, and correct IP address assignment by using a suitable verification command.

Branch#show interfaces GigabitEthernet 0/0

GigabitEthernet0/0 is up, line protocol is up

Hardware is CN Gigabit Ethernet, address is 5475.d08e.9ad8 (bia 5475.d08e.9ad8) Description: Link to LAN Switch

Internet address is 10.1.1.1/24

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full Duplex, 100Mbps, media type is RJ45

Trang 32

Step 2

You verified IP connectivity between router Branch and PC1 by using ICMP ping:

Branch#ping 10.1.1.100

Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 10.1.1.100, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms

The ping should be successful.

Note The ping might fail due to slow STP convergence on the SW1 switch If the ping fails, try to issue another

ping after a few seconds

Note The first ICMP packet could time out because ARP needs to obtain Layer 2 addressing before the

packet can be sent out of the interface

Task 3: Improve the Usability of the CLI

In this task, you will improve the CLI experience by increasing the inactivity timer on the console line and

by disabling the resolution of symbolic names.

Trang 33

Verify the EXEC timeout value on the Branch router:

Branch#show line console 0

Tty Line Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int

* 0 0 CTY 0 0 0/0 Line 0, Location: "", Type: ""

-Length: 24 lines, Width: 80 columns

Status: PSI Enabled, Ready, Active, Automore On

Capabilities: none

Modem state: Ready

RJ45 Console is in use

USB Console baud rate = 9600

Modem hardware state: CTS* noDSR DTR RTS

Special Chars: Escape Hold Stop Start Disconnect Activation

^^x none - - none

Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch

01:00:00 never none not set

Idle Session Disconnect Warning

You have set the inactivity timeout on the console line to 60 minutes.

You have enabled synchronous logging on the console line.

You have disabled resolution of symbolic names.

Trang 34

Task 4: Discover Connected Neighbors with

Cisco Discovery Protocol

In this task, you will use Cisco Discovery Protocol to obtain information about directly connected Cisco devices You will gather information about neighbor capabilities and IP addresses and discover how devices are interconnected.

Step 1

On the Branch router, issue the show cdp command to verify that Cisco Discovery Protocol is enabled and

to display its global information.

Branch#show cdp

Global CDP information:

Sending CDP packets every 60 seconds

Sending a holdtime value of 180 seconds

Sending CDPv2 advertisements is enabled

Trang 35

Enter the Cisco Discovery Protocol verification command to display all known neighboring Cisco devices Write down the information about the discovered neighbors in the table:

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID

SW1 Gig 0/0 158 S I WS-C2960- Fas 0/13

Use the Cisco Discovery Protocol verification command with the keyword detail to display additional

information about other Cisco devices Write down the IP address of a neighboring switch, with exact information about its platform and software version.

Branch#show cdp neighbors detail

-Device ID: SW1

Entry address(es):

IP address: 10.1.1.11

Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP

Interface: GigabitEthernet0/0, Port ID (outgoing port): FastEthernet0/13

Holdtime : 146 sec

Version :

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(1)SE3, RELEASE SOFTWARE (fc1)

Compiled Wed 30-May-12 14:26 by prod_rel_team

Trang 36

You observed Cisco Discovery Protocol output for directly attached Cisco neighbors.

You gathered detailed information about a neighbor switch.

Trang 37

Lab 2-2: Connecting to the

Configure a static default route

Enable DHCP on a public interface

Configure NAT using a pool

Configure NAT with PAT

Trang 38

Visual Objective for Lab 2-2: Connecting to the

Trang 39

Command List

access-list acl_id permit network

wildcard_mask

Configures a standard ACL that permits a network

configure terminal Enters global configuration mode

debug ip icmp Enables debugging of ICMP packets

interface interface Enters interface configuration mode

ip address dhcp Configures an interface to obtain an IP address using DHCP

ip address ip_address network_mask Configures an IP address manually on an interface

ip nat inside Configures an interface as NAT inside interface

ip nat inside source list acl_id pool

pool_name

Configures a dynamic source NAT rule that translates addresses into

IP addresses defined in the pool

ip nat inside source list acl_id interface

interface_name overload

Configures a dynamic source NAT or PAT rule that translatesaddresses into the IP address of an interface

ip nat outside Configures an interface as a NAT outside interface

ip nat pool pool_name start_IP end_IP

netmask mask

Configures a NAT pool

ip route network network_mask

next_hop_address

Configures a static route

show ip interface brief Displays the status and IP addresses of interfaces

show ip nat translations Displays active NAT translations

show ip route Displays the routing table

show users Displays information about the active lines on a router

telnet ip_address Establishes a Telnet session to an IP address

terminal monitor Redirects debugging output to a Telnet session

Job Aids

Trang 40

Device Hardware Operating System

HQ Cisco 2901 Integrated Services Router c2900-universalk9-mz.SPA.152-4.M1

There are no console or enable passwords set for the routers and switches in the initial lab setup The table shows the username and password that are used to access PC1 and PC2.

Devices are connected with Ethernet links The figure illustrates the interface identification and IP

addresses that are used in this lab setup.

Gi0/1 209.165.201.2

Định dạng
Số trang	262
Dung lượng	2,81 MB