Cisco routing and switching practice setup


0. Overview

1. Basic security and settings

2. IP addressing

3. NAT and PAT

4. PPP and CHAP

5. GRE tunnel

6. Multi Area OSPFv2 and v3

7. HSRP

8. DHCP

9. VLAN and VTP

10. Etherchannels

11. Access Ports, trunks and BlackHole/Native

12. BPDUGuard and PortFast

13. Rapid Spanning Tree


0. Overview



Address Table:

Device

Interface

IP-Address

Subnet Mask

Default Gateway

Link Local

R1

Lo0

192.168.1.1

255.255.255.255


2001:DB8:192:1::1/64



S0/0/0

10.0.2.1

255.255.255.252


2001:DB8:10:2::1/64


FE80::1

S0/0/1

10.0.3.1

255.255.255.252


2001:DB8:10:3::1/64


FE80::1

S0/1/0

192.0.2.2

255.255.255.252


2001:DB8:FFFF:FFFF::2/64


FE80::2

R2

Lo0

192.168.2.1

255.255.255.255


2001:DB8:192:2::1/64



S0/0/0

10.0.2.2

255.255.255.252


2001:DB8:10:2::2/64


FE80::2

G0/0.10

192.168.10.2

255.255.255.0


2001:DB8:192:10::2/64


FE80::2

G0/0.20

192.168.20.2

255.255.255.0


2001:DB8:192:20::2/64


FE80::2

G0/0.30

192.168.30.2

255.255.255.0


2001:DB8:192:30::2/64


FE80::2

G0/0.40

192.168.40.2

255.255.255.0


2001:DB8:192:40::2/64


FE80::2

G0/0.50

192.168.50.2

255.255.255.0


2001:DB8:192:50::2/64


FE80::2

G0/0.99

192.168.99.2

255.255.255.0


2001:DB8:192:99::2/64


FE80::2

Tunnel 0

172.16.0.1

255.255.255.252


2001:DB8:172::1/64


FE80::2

R3

Lo0

192.168.3.1

255.255.255.255


2001:DB8:192:3::1/64



S0/0/1

10.0.3.2

255.255.255.252


2001:DB8:10:3::2/64


FE80::3

G0/0.10

192.168.10.3

255.255.255.0


2001:DB8:192:10::3/64


FE80::3

G0/0.20

192.168.20.3

255.255.255.0


2001:DB8:192:20::3/64


FE80::3

G0/0.30

192.168.30.3

255.255.255.0


2001:DB8:192:30::3/64


FE80::3

G0/0.40

192.168.40.3

255.255.255.0


2001:DB8:192:40::3/64


FE80::3

G0/0.50

192.168.50.3

255.255.255.0


2001:DB8:192:50::3/64


FE80::3

G0/0.99

192.168.99.3

255.255.255.0


2001:DB8:192:99::3/64


FE80::3

Tunnel 0

172.16.0.2

255.255.255.252


2001:DB8:172::2/64


FE80::3

SW1

VLAN 99

192.168.99.11

255.255.255.0

192.168.99.1

SW2

VLAN 99

192.168.99.12

255.255.255.0

192.168.99.1

SW3

VLAN 99

192.168.99.13

255.255.255.0

192.168.99.1

DC1

NIC

192.168.30.11

255.255.255.0

192.168.30.1

2001:DB8:192:30::11/64


FE80::11

DC2

NIC

192.168.30.12

255.255.255.0

192.168.30.1

2001:DB8:192:30::12/64


FE80::12

Printer1

NIC

192.168.30.21

255.255.255.0

192.168.30.1

2001:DB8:192:30::21/64


FE80::21

Web Server

NIC

192.168.40.11

255.255.255.0

192.168.40.1

2001:DB8:192:40::11/64


FE80::11

Guest PC

NIC

DHCP

SLAAC

PC1

NIC

DHCP

SLAAC

PC2

NIC

DHCP

SLAAC


Switch-port table:

Device

Interface

Mode

SW1

Po1

Trunk

SW1

Po3

Trunk

SW1

Fa0/7

Access VLAN50

SW1

Fa0/9

Access VLAN10

SW1

Fa0/17

Access VLAN20

SW2

Po1

Trunk

SW2

Po2

Trunk

SW2

Fa0/10

Access VLAN30

SW2

Fa0/11

Access VLAN30

SW2

Gi0/1

Trunk

SW3

Po2

Trunk

SW3

Po3

Trunk

SW3

Fa0/10

Access VLAN30

SW3

Fa0/20

Access VLAN40

SW3

Gi0/1

Trunk


Packet Tracer files: Cisco_Do_it_yourself.pkt - Cisco_All_done.pkt


1. Basic security and settings

R1

enable

configure terminal


hostname R1

R2

enable

configure terminal


hostname R2

R3

enable

configure terminal


hostname R3

SW1

enable

configure terminal


hostname SW1

SW2

enable

configure terminal


hostname SW2

SW3

enable

configure terminal


hostname SW3

R1, R2, R3, SW1, SW2, SW3

banner motd "Unauthorized access is prohibited!"

enable secret cisco

ip domain-name yddet.dk

ip ssh version 2

ip ssh time-out 30

ip ssh authentication-retries 3

crypto key generate rsa

1024

username Admin privilege 15 secret cisco

service password-encryption


line con 0

password cisco

login

logging synchronous


line vty 0 15

transport input ssh

login local

logging synchronous

exit


no ip domain-lookup


2. IP addressing

R1

interface lo 0

description Loopback on Router 1

ip address 192.168.1.1 255.255.255.255

ipv6 address 2001:DB8:192:1::1/64

no shutdown


interface se 0/0/0

description Connection to Router 2

ip address 10.0.2.1 255.255.255.252

ipv6 address 2001:DB8:10:2::1/64

ipv6 address FE80::1 link-local

no shutdown


interface se 0/0/1

description Connection to Router 3

ip address 10.0.3.1 255.255.255.252

ipv6 address 2001:DB8:10:3::1/64

ipv6 address FE80::1 link-local

no shutdown


interface se 0/1/0

description Connection to ISP

ip address 192.0.2.2 255.255.255.252

ipv6 address 2001:DB8:FFFF:FFFF::2/64

ipv6 address FE80::2 link-local

no shutdown

exit


ipv6 unicast-routing

R2

interface lo 0

description Loopback on Router 2

ip address 192.168.2.1 255.255.255.255

ipv6 address 2001:DB8:192:2::1/64

no shutdown


interface gi 0/0

description Connection to Switch 2

no shutdown


interface gi 0/0.10

description Trunk 10 connection to Switch 2

encapsulation dot1Q 10

ip address 192.168.10.2 255.255.255.0

ipv6 address 2001:DB8:192:10::2/64

ipv6 address FE80::2 link-local


interface gi 0/0.20

description Trunk 20 connection to Switch 2

encapsulation dot1Q 20

ip address 192.168.20.2 255.255.255.0

ipv6 address 2001:DB8:192:20::2/64

ipv6 address FE80::2 link-local


interface gi 0/0.30

description Trunk 30 connection to Switch 2

encapsulation dot1Q 30

ip address 192.168.30.2 255.255.255.0

ipv6 address 2001:DB8:192:30::2/64

ipv6 address FE80::2 link-local


interface gi 0/0.40

description Trunk 40 connection to Switch 2

encapsulation dot1Q 40

ip address 192.168.40.2 255.255.255.0

ipv6 address 2001:DB8:192:40::2/64

ipv6 address FE80::2 link-local


interface gi 0/0.50

description Trunk 50 connection to Switch 2

encapsulation dot1Q 50

ip address 192.168.50.2 255.255.255.0

ipv6 address 2001:DB8:192:50::2/64

ipv6 address FE80::2 link-local


interface gi 0/0.99

description Trunk 99 connection to Switch 2

encapsulation dot1Q 99

ip address 192.168.99.2 255.255.255.0

ipv6 address 2001:DB8:192:99::2/64

ipv6 address FE80::2 link-local


interface se 0/0/0

description Connection to Router 1

ip address 10.0.2.2 255.255.255.252

ipv6 address 2001:DB8:10:2::2/64

ipv6 address FE80::2 link-local

clock rate 200000

no shutdown

exit


ipv6 unicast-routing

R3

interface lo 0

description Loopback on Router 2

ip address 192.168.3.1 255.255.255.255

ipv6 address 2001:DB8:192:3::1/64

no shutdown


interface gi 0/0

description Connection to Switch 3

no shutdown


interface gi 0/0.10

description Trunk 10 connection to Switch 3

encapsulation dot1Q 10

ip address 192.168.10.3 255.255.255.0

ipv6 address 2001:DB8:192:10::3/64

ipv6 address FE80::3 link-local


interface gi 0/0.20

description Trunk 20 connection to Switch 3

encapsulation dot1Q 20

ip address 192.168.20.3 255.255.255.0

ipv6 address 2001:DB8:192:20::3/64

ipv6 address FE80::3 link-local


interface gi 0/0.30

description Trunk 30 connection to Switch 3

encapsulation dot1Q 30

ip address 192.168.30.3 255.255.255.0

ipv6 address 2001:DB8:192:30::3/64

ipv6 address FE80::3 link-local


interface gi 0/0.40

description Trunk 40 connection to Switch 3

encapsulation dot1Q 40

ip address 192.168.40.3 255.255.255.0

ipv6 address 2001:DB8:192:40::3/64

ipv6 address FE80::3 link-local


interface gi 0/0.50

description Trunk 50 connection to Switch 3

encapsulation dot1Q 50

ip address 192.168.50.3 255.255.255.0

ipv6 address 2001:DB8:192:50::3/64

ipv6 address FE80::3 link-local


interface gi 0/0.99

description Trunk 99 connection to Switch 3

encapsulation dot1Q 99

ip address 192.168.99.3 255.255.255.0

ipv6 address 2001:DB8:192:99::3/64

ipv6 address FE80::3 link-local


interface se 0/0/1

description Connection to Router 1

ip address 10.0.3.2 255.255.255.252

ipv6 address 2001:DB8:10:3::2/64

ipv6 address FE80::3 link-local

clock rate 200000

no shutdown

exit


ipv6 unicast-routing

SW1

interface vlan 99

ip address 192.168.99.11 255.255.255.0

no shutdown

exit

SW2

interface vlan 99

ip address 192.168.99.12 255.255.255.0

no shutdown

exit

SW3

interface vlan 99

ip address 192.168.99.13 255.255.255.0

no shutdown

exit

SW1, SW2, SW3

ip default-gateway 192.168.99.1


3. NAT and PAT

R1

Access-list 1 permit 192.168.0.0 0.0.255.255

Access-list 1 permit 10.0.2.0 0.0.0.3

Access-list 1 permit 10.0.3.0 0.0.0.3

ip nat inside source list 1 interface se 0/1/0 overload

ip nat inside source static tcp 192.168.40.11 80 192.0.2.2 80

ip nat inside source static tcp 192.168.40.11 443 192.0.2.2 443


int se 0/0/0

ip nat inside


int se 0/0/1

ip nat inside


int se 0/1/0

ip nat outside

exit


4. PPP and CHAP

R1

username R2 password cisco

username R3 password cisco


interface se 0/0/0

encapsulation ppp

ppp authentication chap


interface se 0/0/1

encapsulation ppp

ppp authentication chap

exit

R2

username R1 password cisco


interface se 0/0/0

encapsulation ppp

ppp authentication chap

exit

R3

username R1 password cisco


interface se 0/0/1

encapsulation ppp

ppp authentication chap

exit


5. GRE tunnel

R2

interface Tunnel 0

tunnel mode gre ip

ip address 172.16.0.1 255.255.255.252

tunnel source se 0/0/0

tunnel destination 10.0.3.2

exit

R3

interface Tunnel 0

tunnel mode gre ip

ip address 172.16.0.2 255.255.255.252

tunnel source se 0/0/1

tunnel destination 10.0.2.2

exit


6. Multi Area OSPFv2 and v3

R1

ip route 0.0.0.0 0.0.0.0 se 0/1/0


router ospf 1

router-id 1.1.1.1

network 10.0.2.0 0.0.0.3 area 0

network 10.0.3.0 0.0.0.3 area 0

network 192.168.1.1 0.0.0.0 area 11

default-information originate

passive-interface se 0/1/0

exit


ipv6 route ::/0 se 0/1/0


ipv6 router ospf 10

router-id 1.1.1.1

default-information originate

redistribute static

exit


interface se 0/0/0

ipv6 ospf 10 area 0


interface se 0/0/1

ipv6 ospf 10 area 0


interface lo 0

ipv6 ospf 10 area 11

exit

R2

router ospf 1

router-id 2.2.2.2

network 10.0.2.0 0.0.0.3 area 0

network 172.16.0.0 0.0.0.3 area 0

network 192.168.10.0 0.0.0.255 area 55

network 192.168.20.0 0.0.0.255 area 55

network 192.168.30.0 0.0.0.255 area 55

network 192.168.40.0 0.0.0.255 area 55

network 192.168.50.0 0.0.0.255 area 55

network 192.168.99.0 0.0.0.255 area 55

network 192.168.2.1 0.0.0.0 area 22

passive-interface gi 0/0.10

passive-interface gi 0/0.20

passive-interface gi 0/0.30

passive-interface gi 0/0.40

passive-interface gi 0/0.50

passive-interface gi 0/0.99

exit


ipv6 router ospf 10

router-id 2.2.2.2

passive-interface gi 0/0.10

passive-interface gi 0/0.20

passive-interface gi 0/0.30

passive-interface gi 0/0.40

passive-interface gi 0/0.50

passive-interface gi 0/0.99

exit


interface se 0/0/0

ipv6 ospf 10 area 0


interface gi 0/0.10

ipv6 ospf 10 area 55


interface gi 0/0.20

ipv6 ospf 10 area 55


interface gi 0/0.30

ipv6 ospf 10 area 55


interface gi 0/0.40

ipv6 ospf 10 area 55


interface gi 0/0.50

ipv6 ospf 10 area 55


interface gi 0/0.99

ipv6 ospf 10 area 55


interface lo 0

ipv6 ospf 10 area 22

exit

R3

router ospf 1

router-id 3.3.3.3

network 10.0.3.0 0.0.0.3 area 0

network 172.16.0.0 0.0.0.3 area 0

network 192.168.10.0 0.0.0.255 area 55

network 192.168.20.0 0.0.0.255 area 55

network 192.168.30.0 0.0.0.255 area 55

network 192.168.40.0 0.0.0.255 area 55

network 192.168.50.0 0.0.0.255 area 55

network 192.168.99.0 0.0.0.255 area 55

network 192.168.3.1 0.0.0.0 area 33

passive-interface gi 0/0.10

passive-interface gi 0/0.20

passive-interface gi 0/0.30

passive-interface gi 0/0.40

passive-interface gi 0/0.50

passive-interface gi 0/0.99

exit


ipv6 router ospf 10

router-id 3.3.3.3

passive-interface gi 0/0.10

passive-interface gi 0/0.20

passive-interface gi 0/0.30

passive-interface gi 0/0.40

passive-interface gi 0/0.50

passive-interface gi 0/0.99

exit


interface se 0/0/1

ipv6 ospf 10 area 0


interface gi 0/0.10

ipv6 ospf 10 area 55


interface gi 0/0.20

ipv6 ospf 10 area 55


interface gi 0/0.30

ipv6 ospf 10 area 55


interface gi 0/0.40

ipv6 ospf 10 area 55


interface gi 0/0.50

ipv6 ospf 10 area 55


interface gi 0/0.99

ipv6 ospf 10 area 55


interface lo 0

ipv6 ospf 10 area 33

exit


7. HSRP

R2

interface gi 0/0.10

standby 1 ip 192.168.10.1

standby 1 priority 150

standby 1 preempt


interface gi 0/0.20

standby 1 ip 192.168.20.1

standby 1 priority 150

standby 1 preempt


interface gi 0/0.30

standby 1 ip 192.168.30.1

standby 1 priority 150

standby 1 preempt


interface gi 0/0.40

standby 1 ip 192.168.40.1


interface gi 0/0.50

standby 1 ip 192.168.50.1


interface gi 0/0.99

standby 1 ip 192.168.99.1

exit

R3

interface gi 0/0.10

standby 1 ip 192.168.10.1


interface gi 0/0.20

standby 1 ip 192.168.20.1


interface gi 0/0.30

standby 1 ip 192.168.30.1


interface gi 0/0.40

standby 1 ip 192.168.40.1

standby 1 priority 150

standby 1 preempt


interface gi 0/0.50

standby 1 ip 192.168.50.1

standby 1 priority 150

standby 1 preempt


interface gi 0/0.99

standby 1 ip 192.168.99.1

standby 1 priority 150

standby 1 preempt

exit


8. DHCP

R1

ip dhcp pool LAN10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

domain-name yddet.dk

dns-server 8.8.8.8

exit

ip dhcp excluded-address 192.168.10.1 192.168.10.10


ip dhcp pool LAN20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

domain-name yddet.dk

dns-server 8.8.8.8

exit

ip dhcp excluded-address 192.168.20.1 192.168.20.10


ip dhcp pool LAN50

network 192.168.50.0 255.255.255.0

default-router 192.168.50.1

domain-name yddet.dk

dns-server 8.8.8.8

exit

ip dhcp excluded-address 192.168.50.1 192.168.50.10

R2

interface gi 0/0.10

ip helper-address 192.168.30.11

ip helper-address 192.168.30.12

ip helper-address 10.0.2.1


interface gi 0/0.20

ip helper-address 192.168.30.11

ip helper-address 192.168.30.12

ip helper-address 10.0.2.1


interface gi 0/0.50

ip helper-address 192.168.30.11

ip helper-address 192.168.30.12

ip helper-address 10.0.2.1

exit

R3

interface gi 0/0.10

ip helper-address 192.168.30.11

ip helper-address 192.168.30.12

ip helper-address 10.0.3.1


interface gi 0/0.20

ip helper-address 192.168.30.11

ip helper-address 192.168.30.12

ip helper-address 10.0.3.1


interface gi 0/0.50

ip helper-address 192.168.30.11

ip helper-address 192.168.30.12

ip helper-address 10.0.3.1

exit


9. VLAN and VTP

SW1

vlan 10

name Clients10


vlan 20

name Clients20


vlan 30

name DCs


vlan 40

name Servers


vlan 50

name Guests


vlan 99

name Management


vlan 666

name BlackHole/Native

exit


vtp domain yddet.dk

vtp mode server

SW2, SW3

vtp domain yddet.dk

vtp mode client


10. Etherchannels

SW1

interface range fa 0/1 - 3

channel-group 1 mode desirable


interface range fa 0/4 - 6

channel-group 3 mode auto


interface port-channel 1

no shutdown


interface port-channel 3

no shutdown

exit

SW2

interface range fa 0/1 - 3

channel-group 2 mode desirable

interface range fa 0/4 - 6

channel-group 1 mode auto


interface port-channel 1

no shutdown


interface port-channel 2

no shutdown

exit

SW3

interface range fa 0/1 - 3

channel-group 3 mode desirable


interface range fa 0/4 - 6

channel-group 2 mode auto


interface port-channel 2

no shutdown


interface port-channel 3

no shutdown

exit


11. Access Ports, trunks and BlackHole/Native

SW1, SW2, SW3

interface range fa 0/7 - 24 , gi 0/1 - 2

switchport mode access

switchport access vlan 666

shutdown

SW1

interface port-channel 1

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,50,99

switchport trunk native vlan 666

switchport nonegotiate


interface port-channel 3

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,50,99

switchport trunk native vlan 666

switchport nonegotiate


interface fa 0/7

switchport access vlan 50

no shutdown


interface fa 0/9

switchport access vlan 10

no shutdown


interface fa 0/17

switchport access vlan 20

no shutdown

exit

SW2

interface gi 0/1

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,50,99

switchport trunk native vlan 666

switchport nonegotiate

no shutdown


interface port-channel 1

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,50,99

switchport trunk native vlan 666

switchport nonegotiate


interface port-channel 2

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,50,99

switchport trunk native vlan 666

switchport nonegotiate


interface range fa 0/10 - 11

switchport access vlan 30

no shutdown

exit

SW3

interface gi 0/1

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,50,99

switchport trunk native vlan 666

switchport nonegotiate

no shutdown


interface port-channel 2

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,50,99

switchport trunk native vlan 666

switchport nonegotiate


interface port-channel 3

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,50,99

switchport trunk native vlan 666

switchport nonegotiate


interface fa 0/10

switchport access vlan 30

no shutdown


interface fa 0/20

switchport access vlan 40

no shutdown

exit


12. BPDUGuard and PortFast.

SW1

interface fa 0/7

spanning-tree bpduguard enable

spanning-tree portfast


interface fa 0/9

spanning-tree bpduguard enable

spanning-tree portfast


interface fa 0/17

spanning-tree bpduguard enable

spanning-tree portfast

exit

SW2

interface range fa 0/10 - 11

spanning-tree bpduguard enable

spanning-tree portfast

exit

SW3

interface fa 0/10

spanning-tree bpduguard enable

spanning-tree portfast


interface fa 0/20

spanning-tree bpduguard enable

spanning-tree portfast

exit


13. Rapid Spanning Tree

SW1

Spanning-tree mode rapid-pvst

spanning-tree vlan 10 root primary

spanning-tree vlan 20 root primary

spanning-tree vlan 50 root primary

SW2

Spanning-tree mode rapid-pvst

spanning-tree vlan 30 root primary

spanning-tree vlan 99 root primary

SW3

Spanning-tree mode rapid-pvst

spanning-tree vlan 30 root secondary

spanning-tree vlan 40 root primary

spanning-tree vlan 99 root secondary