CCNA Lab Ready To Start Studying!

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hey craigie,
I was wondering if you've noticed any limitations in packet tracer so far throughout your studies. I didn't even know about this software as the naming is very deceptive. I thought it was just a network analyzer, therefore I ignored it completely, and went ahead and purchased $600 worth of used equipment for the CCNA. I'm kind of kicking myself right now.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

From what I have seen so far, no issues with the CCNA, there most likely will be if I went further.

I have access to PIX's and ASA's at work just not routers, so this is the next best thing.

 

I have just added NAT to my running configuration as follows:

- NLR06 Interface FastEthernet 0/0 is using NAT Overload as the Primary Internet Link for IP ranges 10.1.0.0 0.0.31.255 & 192.168.0.0 0.0.31.255.

- NLR06 has static Port NAT on both FastEthernet 0/0 & 0/1 for SMTP, HTTPS & PPTP to Servers NLSR01 & NLSR02.

NLR06 Running Configuration

version 12.4
service password-encryption
!
hostname NLR06
!
!
enable secret 5 $1$mERr$IQQ/l9a/2Q9O1hJKk/cKB0
!
!
!
!
username craig password 7 082B494208115342
!
ip ssh version 2
no ip domain-lookup
ip domain-name netlab.com
!
!
interface FastEthernet0/0
description Internet
ip address 68.11.29.34 255.255.255.248
ip access-group INTERNET_INBOUND in
ip access-group INTERNET_OUTBOUND out
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 68.11.29.41 255.255.255.248
ip access-group INTERNET_INBOUND in
ip access-group INTERNET_OUTBOUND out
ip nat outside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/1/0
no ip address
shutdown
!
interface FastEthernet1/0
ip address 10.1.3.2 255.255.255.0
ip nat inside
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 6.6.6.6
log-adjacency-changes
area 0 authentication message-digest
network 10.1.3.0 0.0.0.255 area 0
default-information originate
!
ip nat inside source list NAT_ADDRESSES interface FastEthernet0/0 overload
ip nat inside source static tcp 10.1.10.20 25 68.11.29.34 25
ip nat inside source static tcp 10.1.10.20 443 68.11.29.34 443
ip nat inside source static tcp 10.1.10.20 1723 68.11.29.34 1723
ip nat inside source static tcp 192.168.10.20 25 68.11.29.41 25
ip nat inside source static tcp 192.168.10.20 443 68.11.29.41 443
ip nat inside source static tcp 192.168.10.20 443 68.11.29.41 1723
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 2
!
!
access-list 1 permit 10.1.10.0 0.0.0.255
ip access-list extended INTERNET_INBOUND
permit tcp any host 10.1.10.20 eq smtp
permit tcp any host 192.168.10.20 eq smtp
permit tcp any host 10.1.10.20 eq 443
permit tcp any host 192.168.10.20 eq 443
permit tcp any host 10.1.10.20 eq 1723
permit tcp any host 192.168.10.20 eq 1723
permit tcp any host 68.11.29.34 eq 22
permit tcp any host 68.11.29.41 eq 22
permit icmp any host 68.11.29.34 echo
permit icmp any host 68.11.29.34 echo-reply
permit icmp any host 68.11.29.34 ttl-exceeded
permit icmp any host 68.11.29.34 unreachable
permit icmp any host 68.11.29.41 echo
permit icmp any host 68.11.29.41 echo-reply
permit icmp any host 68.11.29.41 ttl-exceeded
permit icmp any host 68.11.29.41 unreachable
ip access-list extended INTERNET_OUTBOUND
permit tcp any any established
ip access-list standard NAT_ADDRESSES
permit 10.1.0.0 0.0.31.255
permit 192.168.0.0 0.0.31.255
!
!
!
line con 0
password 7 082B494208115342
login
line vty 0 4
access-class 1 in
password 7 082B494208115342
login
transport input ssh
line vty 5 15
access-class 1 in
password 7 082B494208115342
login
transport input ssh
!
!
end

 

Just put in place PPP authentication on NLR02, NLR03, NLR04, NLR05.

Pretty simple, just bash in the following commands:

In global config have a Username & Password, ensuring the password is the same on all routers e.g. Username Craig Password Cisco

Go under the interface e.g. Serial 0/0/0 and type encaspulation ppp then type ppp authentication chap and voila.

Time for a bit of frame relay I think.

 

I have implemented Point to Point Frame Relay across NLR02, NLR03, NLR04, NLR05.

I have chosen to use a Partially Meshed Network with one subnet per Permanant Virtual Circuit all running off sub interfaces on Serial 0/0/0.

Even though, I have learnt about Multipoint Configuration (having all the routers in the same subnet) it appears to be a poor design implementation for things such as Split Horizon.

Due, to the above changes, my network design has changed again. It now looks as follows:

 

Running Configuration NLR02

Current configuration : 1547 bytes
!
version 12.4
service password-encryption
!
hostname NLR02
!
!
enable secret 5 $1$mERr$IQQ/l9a/2Q9O1hJKk/cKB0
!
!
!
!
username craig password 7 082B494208115342
!
ip ssh version 2
no ip domain-lookup
ip domain-name netlab.com
!
!
interface FastEthernet0/0
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0/0.1 point-to-point
ip address 192.168.1.1 255.255.255.252
frame-relay interface-dlci 21
!
interface Serial0/0/0.2 point-to-point
ip address 192.168.1.5 255.255.255.252
frame-relay interface-dlci 25
!
interface Serial0/0/0.3 point-to-point
ip address 192.168.1.9 255.255.255.252
frame-relay interface-dlci 29
!
interface Serial0/1/0
no ip address
encapsulation frame-relay
!
interface Serial0/2/0
no ip address
!
interface Serial0/3/0
no ip address
!
interface FastEthernet1/0
ip address 10.1.3.1 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip classless
!
!
ip access-list standard ALLOW_REMOTE_ACCESS
permit 10.1.10.0 0.0.0.255
permit 192.168.10.0 0.0.0.255
!
!
!
line con 0
password 7 082B494208115342
login
line vty 0 4
access-class ALLOW_REMOTE_ACCESS in
password 7 082B494208115342
login
transport input ssh
line vty 5 15
access-class ALLOW_REMOTE_ACCESS in
password 7 082B494208115342
login
transport input ssh
!
!
end

 

Started to study IPv6 and woah, maybe I wasn't in the best frame of mind (get the pun)!

Anways, it seems pretty cool having two routers with the same IP address which is great for redundancy without any extra configuration.

Think I will need to go back over this again a couple of times before it sinks in a little more.