CCNALabWorkbook

7/29/2019 CCNALabWorkbook

1/106

The UltimateCCNA Lab Workbook

Labs Designed For CCNA Rack Rentals

At www.thebryantadvantage.com

Chris BryantCCIE #12933

www.thebryantadvantage.com

Chris Bryant, CCIE #12933www.thebryantadvantage.com

2005 The Bryant Advantage


2/106

Copyright Information:

Cisco, Cisco Systems, CCIE, Cisco Certified Internetwork Expert,Cisco Certified Network Associate, and Cisco Certified Network

Professional are registered trademarks of Cisco Systems, Inc.,

and/or its affiliates in the U.S. and certain countries.

All other products and company names are the trademarks, registeredtrademarks, and service marks of the respective owners. Throughout

this ebook, The Bryant Advantage has used its best efforts todistinguish proprietary trademarks from descriptive names byfollowing the capitalization styles used by the manufacturer.

Disclaimer:

This publication, T h e Br y a n t A d v a n t a g e CCNA L ab W o r k b o o k , is

designed and intended to assist candidates in preparation for the examfor the Cisco Certified Network Associate and Cisco Certified

Network Professional certifications. All efforts have been made bythe author to make this book as accurate and complete as possible,

but no guarantee, warranty, or fitness are implied, expressly orimplicitly. The enclosed material is presented on an as is basis.

Neither the author, Bryant Instructional Services, or the parent

company assume any liability or responsibility to any person or entitywith respect to loss or damages incurred from the informationcontained in this workbook.

Copyright 2005, The Bryant Advantage.




3/106

Welcome to The Bryant Advantage CCNA Lab Workbook! Used incombination with my CCNA / CCNP Rack Rentals, this book will help

you master all the skills youll need to pass the CCNA exams, and giveyou a solid foundation for your future Cisco studies.

The best way to learn about Cisco technologies is to use them. Youvegot to read to learn the theory, but its vital to see the theory in

action. With that in mind, lets take a look at the network topology

youll use in this lab workbook.

There are two additional Cisco routers in your pod that are not shownhere. The first is a 2500 router acting as a frame relay switch, whichmakes it possible to have a frame relay cloud in a practice lab. Your

frame relay switch is preconfigured. (If youd like to see theconfiguration of a frame relay switch, visit my website and check the

Tutorials section, or write me at [email protected] andIll be glad to email you a copy.)


The second router is the access server; thats the router you willactually be using Telnet to communicate with. There is no need tochange the configuration of this device.



4/106

Please Read The Following Rules Carefully.Theyre Not The Usual mumbo jumboLegalities.

By connecting to my remote labs, you agree to abide by the

following rules.

1. Do not change the configuration of the access server inany way. Doing so may end your session, and a refund

will not be given. You will also be prohibited from rentingthe pods in the future.

2. Do not change the configuration register of any router orswitch.

3. You are more than welcome to practice your enablesecret, enable password, console password, and telnet

passwords. However, you MUST use the passwordscisco or ccna, without the quotation marks. Uppercase or lower case is fine.

Thank you!

Connecting To Your Remote Pod

Getting started with your pod of Cisco routers and 2950 switches iseasy! First, youll need to Telnet to your access server. The IPaddress, username, and password for your session was sent to you in

a separate email. (The phone numbers for your ISDN connection isalso in that email.)

You can use any Telnet version to connect to your access server. Youcan use HyperTerminal if you like, but Ive seen some versions have

trouble with Telnet. If you use HyperTerminal and have troubleauthenticating, use Telnet by going out to your C: prompt.

From your C: prompt, you can type telnet to go into Microsoft telnet,

or type telnet x.x.x.x, with the IP address in place of the xs.




5/106

C:\> telnet

Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+]'

Microsoft Telnet> open 100.100.100.100 (put the IP address

you were sent in email in place of the 100.100.100.100)

User Access Verification

Username:

Password:

OR:

C:\>telnet 100.100.100.100


Username:

Password:

A few tips for logging in:

1. You will be prompted for a username, then a password.

2. Do not hit the space bar at the end of entering either; this willsend a null space and you will not be authenticated.

3. The cursor WILL NOT MOVE when you enter yourusername and password. Thats a Cisco default. You will

not see asterisks, as you do when logging in to most Microsoftproducts.

After entering your username and password, youll be put intoprivileged exec mode on the access server:




6/106


Password:

BRYANT_POD_ONE#

Your three routers and two Cisco 2950 switches are all connected to

this access server. Heres how to access each device.

First, clear the lines leading to the other devices.

BRYANT_POD_ONE#clear line 01[confirm]

[OK]BRYANT_POD_ONE#clear line 02

[confirm][OK]

BRYANT_POD_ONE#clear line 03[confirm]

[OK]BRYANT_POD_ONE#clear line 04

[confirm][OK]BRYANT_POD_ONE#clear line 05

[confirm]

[OK]BRYANT_POD_ONE#

When you see the [confirm] choice, just hit your enter key to accept it.

Now that the lines are cleared, youre going to connect to each devicefrom your access server. This reads like a long process, but it will only

take you a minute or two.

Type R1 at the prompt:




7/106

BRYANT_POD_ONE#r1

Trying R1 (100.1.1.1, 2001)... Open

R1#

Note: When you see the word Open, hit the Enter key again. Youllthen see the prompt for R1.

Now, you need to learn the big keystroke that youll be using to goback from the access server. Here it is:

< X>

This keystroke is a little awkward at first, but before long youll be

doing it without thinking about it. You hit ctrl-shift-6 the same wayyoud enter ctrl-alt-delete (we all know that one!), then release those

keys and hit x. Then youre right back at the access server. Repeatthe process for R2, R3, SW1, and SW2.

R1# < Use above keystroke to go back to access server >BRYANT_POD_ONE#r2

Trying R2 (100.1.1.1, 2002)... Open

R2# < Use above keystroke to go back to access server >BRYANT_POD_ONE#r3

Trying R3 (100.1.1.1, 2003)... Open

R3# < Use above keystroke to go back to access server >

BRYANT_POD_ONE#sw1Trying SW1 (100.1.1.1, 2004)... Open

sw1# < Use above keystroke to go back to access server >BRYANT_POD_ONE#sw2

Trying SW2 (100.1.1.1, 2005)... Open

sw2# < Use above keystroke to go back to access server >

BRYANT_POD_ONE#

Remember, youre always coming back to the access server to getfrom one router to another. Before long, youll be using that

keystroke without even thinking about it.




8/106

Now that youve created those connections, you will use only thenumber of the connection to go back to each device. At the access

server, just type these numbers to get to each device:

1: R1

2: R23: R3

4: SW1

5: SW2

Dont type the entire name of the device again; just type the numbersyou see here on the access server, as shown below.

BRYANT_POD_ONE#1[Resuming connection 1 to r1 ... ]

R1#


R2#


R3#

BRYANT_POD_ONE#4

[Resuming connection 4 to sw1 ... ]

sw1#

BRYANT_POD_ONE#5[Resuming connection 5 to sw2 ... ]

sw2#BRYANT_POD_ONE#

Dont forget to hit enter again after you see the resuming

connection message. That will get you to the enable prompt.

Thats all there is to it!




9/106

Table Of Contents

IP Addressing: Page 1

LAN Switching: Page 6

Frame Relay: Page 17

ISDN / Point-To-Point: Page 25

Passwords And Services: Page 38

Static Routing: Page 43

Distance Vector Protocols: Page 47

OSPF: Page 61

EIGRP: Page 78

Advanced TCP/IP Features: Page 85

Starting From Scratch: Page 94




10/106

Your Bryant Advantage Rack Rental Cisco pod is ready! Youll bespending time working with real Cisco 2500 routers, all running IOS

12.2, and real Cisco 2950 switches.

Your CCNA Lab Workbook is attached. To get the most out of your

rack time:

Repeat the tasks as often as you can. Repetition is the mother of skill.

Run debugs and show commands often. I suggest many throughout

the lab workbook that you should be very familiar with before takingthe CCNA exams.

Dont feel limited to running only these labs. Run all the IOS Helpcommands you like and explore command options.

Should you choose to do so, you can erase the config on these devices

with write erase and then reload them with reload. If you do, allyour configs are gone and youre really starting from scratch! Feel

free to do this, but I do recommend you configure these extracommands when they come back up (theyre already configured on

your routers and switches when you log in).

Line con 0Logging synchronous

Exec-timeout 0 0

The IP address to Telnet to is 65.37.154.163 . For tips on connecting,read the opening pages of the lab workbook.

Your password is leader724 . There is no username.

Your ISDN phone numbers:

R1: 5553333R2: 5554444

Your time begins: March 8, 8 AM Eastern Standard Time

Your time ends: March 9, 7 AM Eastern Standard Time

Read the warnings at the beginning of the ebook carefully. Changingthe configuration register of any router or switch will result in you

losing rack rental privileges. Do not change the configuration of theaccess server.


11/106

Connection information is found at the beginning of the lab workbook.

Ricardo, thanks for your purchase, and enjoy your rack time! Send

me an email if you have any problems connecting, or any questions

regarding the labs. Thanks again!

Chris Bryant

CCIE #12933


12/106

IP Addressing Lab

Youve got to know how to assign IP addresses to pass the CCNA

exams, and youre about to get a lot of practice. Were going to

configure physical interfaces, logical interfaces, and loopbackinterfaces.

You also need to know how to name a router. We do this with thehostname command. Change the names of the routes to whatever

you like, but after practicing this command, change the names back toR1, R2, R3, SW1, and SW2. Those are the names youll see through

the lab workbook.

R1#conf tEnter configuration commands, one per line. End with CNTL/Z.

R1(config)#hostname Router1Router1(config)#hostname R1R1(config)#^Z

R1#

The ^Z youll see on the screen is what ctrl-z sends to the console,and of course, you know from your CCNA reading that ctrl-z brings you

back out to the enable prompt.

Notice that the hostname command took effect immediately, as all

global commands do.

Lets take a look at the networks well be configuring.

Network Type Network / SubnetMask

Ethernet (R2, R3) 172.23.23.0 /27

ISDN (R1, R2) 172.12.21.0 /30

Serial to Frame Relay Cloud (All) 172.12.123.0 /24

Directly Connected Serial Interfaces(R1, R3)

172.12.13.0 /24

Router 1 Loopback Address 1.1.1.1 / 32

Router 2 Loopback Address 2.2.2.2 /32

Router 3 Loopback Address 3.3.3.3 / 32


1



13/106

Lets start with R1. DO NOT OPEN THE SERIAL 0 INTERFACES.

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#interface serial0

R1(config-if)#ip address 172.12.123.1 255.255.255.0R1(config-if)#interface serial1R1(config-if)#ip address 172.12.13.1 255.255.255.0

R1(config-if)#no shut

R1(config-if)#

00:18:34: %LINK-3-UPDOWN: Interface Serial1, changed state to downR1(config-if)#interface loopback0R1(config-if)#ip address 1.1.1.1 255.255.255.255

R1(config-if)#interface bri0R1(config-if)#ip address 172.12.21.1 255.255.255.252


R1(config-if)#00:19:11: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

00:19:11: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down

00:19:11: %LINK-3-UPDOWN: Interface BRI0, changed state to up00:19:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed

state

to down

00:19:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changedstate

to down

R1(config-if)#wr

Building configuration.

Dont worry about the line protocols being down; other labs will take

care of that. All were doing right now is setting the IP addresses andopening the interfaces. Get used to saving your work as often as

possible with wr, short for write. Use IOS Help to see the optionsand the defaults. (Remember, IOS Help is the question mark symbol.)

Dont forget to open the interfaces! If youre having a connectivity

problem and run a command such as show interface ethernet 0,

and you see the following, it means the interface is manually closedand needs to be opened with the no shut command.

R2#show interface ethernet0

Ethernet0 is administratively down, line protocol is down

Now configure R2s interfaces. Do not open interface serial0.


2



14/106


R2(config-if)#encap frameR2(config-if)#no frame inverse-arpR2(config-if)#interface serial 0.123 multipoint

R2(config-subif)#ip address 172.12.123.2 255.255.255.0R2(config-subif)#interface bri0R2(config-if)#ip address 172.12.21.2 255.255.255.252R2(config-if)#no shut

R2(config-if)#

00:27:23: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down00:27:23: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down

00:27:23: %LINK-3-UPDOWN: Interface BRI0, changed state to up

R2(config-if)#i

00:27:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changedstate to down

00:27:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changedstate to downR2(config-if)#interface ethernet0

R2(config-if)#ip address 172.23.23.2 255.255.255.224

R2(config-if)#no shut00:28:45: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up

00:28:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed

state to up

R2(config-if)#interface loopback0R2(config-if)#ip address 2.2.2.2 255.255.255.255

R2(config-if)#^Z

R2#

Note that you configured frame relay on R2. That allows us to create

the multipoint subinterface. Frame Relay will be covered completely ina later lab, but you cannot create that multipoint interface until youve

enable frame relay.

Also notice that you dont have to run no shut on a loopbackinterface. (Its not wrong if you do, but you dont have to.

Lets configure R3s interfaces. Do not open interface serial0.

R3#conf t


R3(config)#interface serial 0R3(config-if)#encap frame

R3(config-if)#no frame inverse-arp

R3(config-if)#interface serial0.31 point-to-point


3



15/106

R3(config-subif)#ip address 172.12.123.3 255.255.255.0

R3(config-subif)#interface serial 1R3(config-if)#ip address 172.12.13.3 255.255.255.0


00:33:32: %LINK-3-UPDOWN: Interface Serial1, changed state to up

00:33:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changedstate to up

R3(config-if)#interface ethernet0

R3(config-if)#ip address 172.23.23.3 255.255.255.224R3(config-if)#no shut

00:33:46: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up

00:33:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changedsta te to up

R3(config-if)#interface loopback0

00:33:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed

state to down

R3(config-if)#ip address 3.3.3.3 255.255.255.0

Again, note that you configured frame relay on the serial0 physical

interface, then created a point-to-point subinterface. The Serial0physical interface then had to be opened.

I urge you to not just walk through these labs, but to use the show

and debug commands youll read about in this book, in my UltimateCCNA Study Guide PDF, and to use IOS Help often to see the otheroptions. Take advantage of the fact that youre working with real

Cisco routers and switches, not toys like simulator programs.

You do not need to configure IP addresses on the switches.

Theres another command Id like to introduce you to, since we all

mistype from time to time. Notice what happens when you mistype acommand on a Cisco router:

R3#hudjgmg

Translating "hudjgmg"...domain server (255.255.255.255)

% Unknown command or computer name, or unable to find computer address

By default, a Cisco router or switch is going to attempt to resolve a

mistyped command via DNS. Thats what the domain server is thatits looking for, and of course you know that 255.255.255.255 is a

layer 3 broadcast.


4



16/106

This only takes about 15 seconds to come back with the unknowncommand line in a practice lab, but it can take much longer in a

production network. To disable this default behavior, use the globalcommand no ip domain-lookup on each device in your pod. Notice

that immediately after using this command, the router tries to resolve

the command locally but does not send the broadcast out.

R3#conf t


R3(config)#no ip domain-lookupR3(config)#^Z

R3#jfujjke

00:50:24: %SYS-5-CONFIG_I: Configured from console by consoleR3#jfujjke

Translating "jfujjke"

% Unknown command or computer name, or unable to find computer address

As with all commands you read about and practice with in my books,do not run a command on a production network unless you aresure of the result. VERY sure. This is particularly true ofthe debugs youll be using in my labs.

Congratulations! Youve now configured plenty of IP addresses. If

youre confronted with that task on one of your CCNA exams, youremore than ready. Just dont forget to open the interfaces on exam

day!


5



17/106

LAN Switching Lab

With the command vtp domain, place both switches in the vtpdomain CCNA. Enable pruning with the vtp pruning command. You

can also set a password of CISCO for VTP.

SW1#conf tSW1(config)#vtp domain CCNA

Changing VTP domain name from NULL to CCNA

SW1(config)#vtp password CISCOSetting device VLAN database password to CISCO

SW1(config)#vtp pruning

Pruning switched on

SW2#conf t

SW2(config)#vtp domain CCNAChanging VTP domain name from NULL to CCNASW2(config)#vtp password CISCO

Setting device VLAN database password to CISCO

SW2(config)#vtp pruningPruning switched on

The VTP domain name changes from null, indicating that there wasno VTP domain previously set.

Run show vtp status on both routers to ensure they belong to the

correct VTP domain.

SW1#show vtp statusVTP Version : 2

Configuration Revision : 1

Maximum VLANs supported locally : 1005Number of existing VLANs : 5

VTP Operating Mode : ServerVTP Domain Name : CCNA

VTP Pruning Mode : Enabled

SW2#show vtp statusVTP Version : 2Configuration Revision : 1

Maximum VLANs supported locally : 1005

Number of existing VLANs : 5

VTP Operating Mode : Server

VTP Domain Name : CCNA


6



18/106

VTP Pruning Mode : Enabled

By default, both switches are in VTP Server mode. With the vtp mode

client command, put SW2 in vtp client mode. All VLANs created inthis lab will now have to be created on SW1, the VTP Server. Verify

the change with show vtp status.

SW2#conf t

Enter configuration commands, one per line. End with CNTL/Z.SW2(config)#vtp

01:10:41: %SYS-5-CONFIG_I: Configured from console by console

SW2(config)#vtp mode clientSetting device to VTP CLIENT mode.

SW2(config)#^Z

01:10:47: %SYS-5-CONFIG_I: Configured from console by console

SW2#show vtp statusVTP Version : 2

Configuration Revision : 1Maximum VLANs supported locally : 64Number of existing VLANs : 5

VTP Operating Mode : ClientVTP Domain Name : CCNAVTP Pruning Mode : Enabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0xB2 0xD2 0xE9 0x70 0xF1 0x6B 0xA1 0x04Configuration last modified by 0.0.0.0 at 3-1-93 01:10:14

Run show cdp neighbors on the switches to see what devices aredirectly connected to the switches.

SW1#show cdp neighbor

Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port IDSW2 Fas 0/12 152 S I WS-C2950-1 Fas 0/12

SW2 Fas 0/11 152 S I WS-C2950-1 Fas 0/11

R2 Fas 0/2 129 R 2520 Eth 0

SW2#show cdp neighbor

Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port IDSW1 Fas 0/12 150 S I WS-C2950-2 Fas 0/12


7

SW1 Fas 0/11 150 S I WS-C2950-2 Fas 0/11



19/106

R3 Fas 0/3 138 R 2500 Eth 0

You can see in the output ofshow cdp neighbors that the two

switches are connected at fast 0/11 and fast 0/12. Show interfacetrunk shows that the trunk has already been created dynamically,

with no additional configuration.

SW2#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/11 desirable 802.1q trunking 1

Fa0/12 desirable 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/11 1-4094

Fa0/12 1-4094

Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1

Port Vlans in spanning tree forwarding state and not prunedFa0/11 1

Fa0/12 none

Show vlan briefreinforces the theory that by default, all switch portsare placed into VLAN 1 (except the trunk ports).

SW2#show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10

R2 and R3s Ethernet addresses have already been configured, the

trunk line is operational, and both ports are in VLAN 1. Ping R2sEthernet interface from R3, and then R3s Ethernet interface from R2to verify IP connectivity.


8



20/106

R2#ping 172.23.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:

!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

R3#ping 172.23.23.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

With pings, exclamation points indicate good connectivity, and periods

indicate no connectivity.

Now, create VLAN 23. Try creating this vlan on SW2 first.

SW2#conf t


SW2(config)#vlan 23

VTP VLAN configuration not allowed when device is in CLIENT mode.

As you can see, you cannot create, delete, or modify VLANs on VTPclients. This VLAN will have to be created on SW1, the VTP server.

After doing so, the VTP client should see VLAN 23 as well.

SW1#conf tEnter configuration commands, one per line. End with CNTL/Z.

SW1(config)#vlan 23

SW1(config-vlan)#^Z

01:23:34: %SYS-5-CONFIG_I: Configured from console by consoleSW1#show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22Fa0/23, Fa0/24

23 VLAN0023 active


9



21/106

SW2#show vlan br

01:23:55: %SYS-5-CONFIG_I: Configured from console by consoleSW2#show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- ------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/1023 VLAN0023 active

On sw1, put port fast 0/2 into VLAN 23. (Thats the port connected toR2.) Verify with show vlan brief.

SW1#conf t


SW1(config)#int fast 0/2SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 23

SW1(config-if)#^Z

SW1#show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5

Fa0/6, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/2423 VLAN0023 active Fa0/2


10



22/106

Now that R2 and R3 are in separate VLANs, can they still send pingsback and forth?

R2#ping 172.23.23.3Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:.....

Success rate is 0 percent (0/5)

R3#ping 172.23.23.2



.....

No, they cant. The difference is that theyre now in separate VLANs,and devices in different VLANs cant communicate unless routing is

taking place somewhere. Here, no routing is taking place, so thepings dont go through.

Put R3s switch port into VLAN 23, and try the ping again.

SW2#conf t


SW2(config)#interface fast0/3

SW2(config-if)#switchport mode access

SW2(config-if)#switchport access vlan 23SW2(config-if)#^Z01:31:57: %SYS-5-CONFIG_I: Configured from console by console

SW2#show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------

1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5Fa0/6, Fa0/7, Fa0/8, Fa0/9

Fa0/10

23 VLAN0023 active Fa0/3

R3#ping 172.23.23.2


!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms


11



23/106

R2#ping 172.23.23.3


Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:!!!!!

Now that R2 and R3 are in the same VLAN, pings can go through.

On SW1, view the spanning tree information for VLAN 23 with the

show spanning tree vlan 23 command. Do the same on SW2.

SW1#show spanning vlan 23

VLAN0023Spanning tree enabled protocol ieee

Root ID Priority 32791Address 000e.d7f5.a040

This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)

Address 000e.d7f5.a040

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------Fa0/2 Desg FWD 100 128.2 Shr

Fa0/11 Desg FWD 19 128.11 P2p

Fa0/12 Desg FWD 19 128.12 P2p


VLAN0023

Spanning tree enabled protocol ieee

Root ID Priority 32791

Address 000e.d7f5.a040

Cost 19Port 11 (FastEthernet0/11)


Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)

Address 000f.90e2.14c0Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300


12



24/106


---------------- ---- --- --------- -------- --------------------------------

Fa0/3 Desg FWD 100 128.3 ShrFa0/11 Root FWD 19 128.11 P2p

Fa0/12 Altn BLK 19 128.12 P2p

Your root bridge may be SW2 at this point. The important point hereis that you know how to identify the root bridge for a vlan.

Recall that the lowest BID will win the root bridge election. Both

bridges have the same priority; since the BID is a concatenation of thepriority and MAC address, the device with the lowest MAC address will

be the root bridge.

Look under the BridgeID on both switches. The highlighted address is

that switchs MAC address. In this example, the first four bits of theMAC address on SW1 are 0009, where the first four bits of SW2s MAC

are 000a. MAC addresses are expressed in hex, and since a in hex

represents 10, SW1 will have the lower MAC address and is thereforeelected the root bridge.

The default behavior of the root bridge is that all ports will be inforwarding mode, which is exactly what is happening on SW1. On

SW2, one port is the root port and is in forwarding mode. The otherport is placed into blocking mode.

The root bridge can be changed with one simple command. This

command will adjust the numeric priority of the switch its configuredon to a low enough value so its BID will be the lowest for that VLAN,making it the root bridge. Run the command spanning-tree vlan 23

root primary on your non-root bridge. Then run show spanningvlan 23 to verify that your non-root bridge has indeed become the

root bridge.


13



25/106

SW2#conf t


SW2(config)#spanning-tree vlan 23 root primarySW2(config)#^Z




Address 000f.90e2.14c0

This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24599 (priority 24576 sys-id-ext 23)Address 000f.90e2.14c0


Aging Time 15


---------------- ---- --- --------- -------- --------------------------Fa0/3 Desg FWD 100 128.3 Shr

Fa0/11 Desg FWD 19 128.11 P2p

Fa0/12 Desg FWD 19 128.12 P2p

On SW1, configure PortFast on the port leading to R2 with spanning

portfast, and note the warning the router displays. Remove PortFastwith no spanning portfast.

SW1#conf t


SW1(config)#int fast 0/2SW1(config-if)#spanning portfast

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface when portfast is enabled, can cause temporary bridging loops.Use with CAUTION

%Portfast has been configured on FastEthernet0/2 but will onlyhave effect when the interface is in a non-trunking mode.

SW1(config-if)#no spanning portfast

SW1(config-if)#^Z


SW1#

14



26/106

Combine the two physical connections between the two switches intoone logical connection by creating an EtherChannel. On each of the

ports physically connected to the other switch, run channel-group 1mode on.

SW1#conf t

SW1(config)#interface fast 0/11

SW1(config-if)#channel-group 1 mode on

Creating a port-channel interface Port-channel 1

03:37:59: %LINK-3-UPDOWN: Interface Port-channel1, changed state to upSW1(config)#interface fast 0/12


SW2#conf tSW2(config)#interface fast 0/11SW2(config-if)#channel-group 1 mode on

Creating a port-channel interface Port-channel 1

03:38:11: %LINK-3-UPDOWN: Interface Port-channel1, changed state to upSW2(config-if)#interface fast 0/12


One benefit of EtherChannels is that the bandwidth of both physicalchannels is now being used. (STP put one of the ports in blocking

mode; only one physical path was being used.) Another benefit is thatSTP considers the Etherchannel to be one single connection; if one of

the two lines went down, the STP algorithm would not run, and therewould be no break in transmission, since STP is only concerned with

the logical portchannel, not the physical interfaces:




Address 000a.8a4b.fb00

Cost 12Port 65 (Port-channel1)


Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)Address 0009.b738.9180


Aging Time 300


15



27/106


---------------- ---- --- --------- -------- -----------------------------

Po1 Root FWD 12 128.65 P2p


16



28/106

Frame Relay Lab

A hub-and-spoke Frame Relay network will now be configured, with R1

serving as the hub and R2 and R3 as the spokes. First, configure

Frame Relay on R1s Serial0 interface with encapsulation frame-relay, and disable dynamic mapping with no frame-relay inverse-arp. After doing so, run show frame map on R1; no mappings

should appear.

R1#conf t


R1(config-if)#encapsulation frame-relayR1(config-if)#no frame-relay inverse-arp

R1#show frame map

R1#If nothing appears after running show frame map, as shown here, no maps exist.

Configure two Permanent Virtual Circuits (PVC) on R1 with two frame

map statements, mapping DLCI 122 to R2 and DLCI 123 to R3.Ensure that broadcasts will be sent over these virtual circuits with thebroadcast keyword. Run show frame map after doing so.

Configuring frame map statements on the hub router.

R1#conf t

R1(config)#interface serial0R1(config-if)#frame map ip 172.12.123.2 122 broadcast

R1(config-if)#frame map ip 172.12.123.3 123 broadcast

R1(config-if)#int s0R1(config-if)#no shut

R1(config-if)#

03:05:51: %LINK-3-UPDOWN: Interface Serial0, changed state to up

03:05:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changedstate to up

R1#show frame map

Serial0 (up): ip 172.12.123.2 dlci 122(0x7A,0x1CA0), static,

broadcast,CISCO, status defined, inactive

Serial0 (up): ip 172.12.123.3 dlci 123(0x7B,0x1CB0), static,

broadcast,

CISCO, status defined, inactive


17

The mappings are inactive because frame-relay has not yet been configured on the remote

routers R2 and R3.



29/106

With show frame map, if you see the PVC is inactive, theres aproblem on the other end. If you see deleted, theres a problem on

the local end. (A problem with the mapping or the interface is stillshut.)

R2s serial0.123 interface was configured as multipoint. Configure S0and S0.123 as follows:

R2#conf t

R2(config)#interface serial0R2(config-if)#encapsulation frame-relay

R2(config-if)#no frame inverse-arp

R2(config-if)#interface s0.123 multipoint

R2(config-subif)#frame map ip 172.12.123.1 221 broadcastR2(config-subif)#frame map ip 172.12.123.3 221

R2(config-subif)#int s0R2(config-if)#no shut

R2(config-if)#

03:06:56: %LINK-3-UPDOWN: Interface Serial0, changed state to up03:06:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,

changed state to up

A logical Serial interface can be either multipoint or point-to-point. When using a

multipoint interface on a frame relay network, frame map statements are used just as they

are on a physical interface. Enabling frame relay and disabling or enabling Inverse ARP

are still done on the physical interface.

Note that the frame map statement for 172.12.123.3 does not include a broadcast

statement. Routers do not forward broadcasts, so R1 would not forward a broadcast

from R2 to R3. Therefore, there is no reason to send them. (Its not wrong to do so, but

you will be sending unnecessary broadcasts.)

Run show frame map on R2:

R2#show frame map

Serial0.123 (up): ip 172.12.123.1 dlci 221(0xDD,0x34D0), static,broadcast,

CISCO, status defined, activeSerial0.123 (up): ip 172.12.123.3 dlci 221(0xDD,0x34D0), static,

CISCO, status defined, active


18



30/106

You configured a point-to-point interface on R3 in the previous lab.

The command for frame relay is a little different in this situation:

R3#conf t

R3(config)#interface serial0R3(config-if)#encapsulation frame-relayR3(config-if)#no frame-relay inverse-arp

R3(config-if)#interface serial 0.31 point-to-point

R3(config-subif)#frame-relay interface-dlci 321

R3(config-subif)#int s0

R3(config-if)#no shut03:06:52: %LINK-3-UPDOWN: Interface Serial0, changed state to up

03:06:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,

changed state to up

Point-to-point Serial interfaces on a frame relay network do not use dynamic or staticmappings. A point-to-point interface has only one possible destination the other end of

the point-to-point connection. With only one possibly destination, no mapping is

necessary. Instead, the commandframe-relay interface-dlci indicates the single DLCI

that will be used by this interface.

R3#show frame map

Serial0.31 (up): point-to-point dlci, dlci 321(0x141,0x5010), broadcast

status defined, active

From each router, ping the other two routers Serial interfaces on the

frame relay network. All pings will be successful. Run show frame lmiand show frame map on each router as well. Notice that the LMI

counters are incrementing, and the frame map commands show allmaps as active. (Only R1 is shown here, but send pings and run your

show commands on all three routers.)

R1#ping 172.12.123.2


Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2 seconds:!!!!!


R1#ping 172.12.123.3


!!!!!


19




31/106

R1#show frame lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO

Invalid Unnumbered info 0 Invalid Prot Disc 0Invalid dummy Call Ref 0 Invalid Msg Type 0

Invalid Status Message 0 Invalid Lock Shift 0Invalid Information ID 0 Invalid Report IE Len 0

Invalid Report Request 0 Invalid Keep IE Len 0

Num Status Enq. Sent 121 Num Status msgs Rcvd 123Num Update Status Rcvd 0 Num Status Timeouts 0

On R1, change the frame LMI type to ANSI with the frame-relay lmi-type command. After about 30 seconds, the line will go down.

R1#conf tR1(config)#interface serial0

R1(config-if)#frame-relay lmi-type ansi

00:46:40: %SYS-5-CONFIG_I: Configured from console by consoleR1#

00:47:12: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 122 state changed to

INACTIVE

00:47:12: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 123 state changed toINACTIVE


DELETED00:47:12: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 123 state changed to

DELETED

00:47:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changedstate to down

The LMI mismatch leads to the line going down and the DLCIs going inactive.

Run show frame lmi on R1. Wait a few seconds, then run it again,then again. Notice that the timeouts are incrementing. Once it hit 3,

the line protocol came down.


20



32/106

R1#show frame lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = ANSI

Invalid Unnumbered info 0 Invalid Prot Disc 0Invalid dummy Call Ref 0 Invalid Msg Type 0Invalid Status Message 0 Invalid Lock Shift 0

Invalid Information ID 0 Invalid Report IE Len 0

Invalid Report Request 0 Invalid Keep IE Len 0

Num Status Enq. Sent 256 Num Status msgs Rcvd 240Num Update Status Rcvd 0 Num Status Timeouts 16

The router is receiving LMI status messages, but when the LMI type was changed, the

Status Timeouts began to accrue. This command gives an indication that there is a

problem with the LMIs. The LMIs are the heartbeat of frame relay; without the right

LMIs, the frame connection dies.

Run debug frame lmi on R1.

R1#debug frame lmi

Frame Relay LMI debugging is onDisplaying all Frame Relay LMI data

00:52:12: Serial0(out): StEnq, myseq 31, yourseen 0, DTE down

00:52:12: datagramstart = 0xE0183C, datagramsize = 1400:52:12: FR encap = 0x00010308

00:52:12: 00 75 95 01 01 00 03 02 1F 00

00:52:12:00:52:22: Serial0(out): StEnq, myseq 32, yourseen 0, DTE down00:52:22: datagramstart = 0xE0183C, datagramsize = 14

00:52:22: FR encap = 0x00010308

00:52:22: 00 75 95 01 01 00 03 02 20 0000:52:22:


00:52:32: datagramstart = 0xE0183C, datagramsize = 1400:52:32: FR encap = 0x00010308

00:52:32: 00 75 95 01 01 00 03 02 21 00

The myseq value continues to increase, but the yourseen value remains at 0.Between debug frame lmi and show frame lmi, it can be seen that LMI messages are

being received from the DCE, but not accepted another indicator of an LMI mismatch.

Leave that debug command on, and change the LMI default back toCisco. (You must know all three LMI types before taking the CCNA

exams!)


21



33/106

R1#debug frame lmiFrame Relay LMI debugging is on

Displaying all Frame Relay LMI data

R1#conf t

R1(config)#interface serial0R1(config-if)#frame-relay lmi-type cisco


00:56:22: datagramstart = 0xE0183C, datagramsize = 13

00:56:22: FR encap = 0xFCF1030900:56:22: 00 75 01 01 00 03 02 01 00

00:56:22: Serial0(in): Status, myseq 100:56:22: RT IE 1, length 1, type 0

00:56:22: KA IE 3, length 2, yourseq 1 , myseq 100:56:22: PVC IE 0x7 , length 0x6 , dlci 122, status 0x2 , bw 0

00:56:22: PVC IE 0x7 , length 0x6 , dlci 123, status 0x2 , bw 000:56:32: Serial0(out): StEnq, myseq 2, yourseen 1, DTE down00:56:32: datagramstart = 0xE0183C, datagramsize = 13

00:56:32: FR encap = 0xFCF10309

00:56:32: 00 75 01 01 01 03 02 02 01


00:56:32: KA IE 3, length 2, yourseq 2 , myseq 2

00:56:32: PVC IE 0x7 , length 0x6 , dlci 122, status 0x2 , bw 000:56:32: PVC IE 0x7 , length 0x6 , dlci 123, status 0x2 , bw 0

00:56:42: Serial0(out): StEnq, myseq 3, yourseen 2, DTE up

00:56:42: datagramstart = 0xE0183C, datagramsize = 1300:56:42: FR encap = 0xFCF10309

00:56:42: 00 75 01 01 01 03 02 03 02


00:56:42: KA IE 3, length 2, yourseq 3 , myseq 300:56:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed

state to up

00:57:22: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 122 state changed toACTIVE


ACTIVE

The incoming myseq packets are now being accepted, and the outgoing messages see

the yourseen value begin to accrue. The DTE end of the connection goes up, the line

protocol goes up soon after that, and finally the previously deleted DLCIs are again

active.


22



34/106

Use IOS Help to see what the LMI options are.

R1#conf t


R1(config)#int serial 0R1(config-if)#frame lmi-type ?

cisco

ansi

q933a

Run show frame pvc on R1. Note the status for each DLCI, and theuptime.

R1#show frame pvc

PVC Statistics for interface Serial0 (Frame Relay DTE)

Active Inactive Deleted Static

Local 2 0 0 0Switched 0 0 0 0

Unused 0 0 0 0

DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =Serial0

input pkts 5 output pkts 5 in bytes 520

out bytes 520 dropped pkts 0 in pkts dropped 0out pkts dropped 0 out bytes dropped 0

in FECN pkts 0 in BECN pkts 0 out FECN pkts 0out BECN pkts 0 in DE pkts 0 out DE pkts 0

out bcast pkts 0 out bcast bytes 0

pvc create time 00:49:19, last time pvc status changed 00:01:15

DLCI = 123, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =

Serial0

input pkts 17 output pkts 5 in bytes 4024

out bytes 520 dropped pkts 0 in pkts dropped 0out pkts dropped 0 out bytes dropped 0in FECN pkts 0 in BECN pkts 0 out FECN pkts 0

out BECN pkts 0 in DE pkts 0 out DE pkts 0

out bcast pkts 0 out bcast bytes 0pvc create time 00:49:12, last time pvc status changed 00:01:17


23



35/106

Before you take your CCNA exams, be very familiar with what each ofthese commands show you, and what the letters FECN, BECN, and DE

mean:

FECN: Congestion was experienced in the direction in which this

packet was traveling.

BECN: Congestion was experienced in the opposite direction in which

this packet was traveling.

DE: Packet was marked discard eligible.


24



36/106

ISDN / Point-To-Point Lab

R1 and R3 are directly connected via their S1 interfaces by a DTE/DCE

cable. Before taking your CCNA exams, you MUST know what

command will tell you whether the DTE or DCE end of the cable isconnected to a router. Heres how you do it:

show controller displays the DTE and DCE ends of the connection. The output of

these commands has been truncated for clarity.

R1#show controller serial 1

HD unit 1, idb = 0x107114, driver structure at 0x10C590buffer size 1524 HD unit 1, V.35 DTE cable

R3#show controller serial 1

HD unit 1, idb = 0xC7D1C, driver structure at 0xCCAA0buffer size 1524 HD unit 1, V.35 DCE cable

Ping R1s serial interface from R3.

R3#ping 172.12.13.1


.....


The escape sequence for pings is CTRL-SHIFT-6 performed twice in succession.

The ping fails. Run show interface serial1 to see why.

R3#show interface serial1

Serial1 is up, line protocol is downHardware is HD64570

Internet address is 172.12.13.3/24

The truncated output of show interface serial1 shows the physical interface is up, but

the line protocol is down.


25



37/106

The line protocol is down because the DCE end of the cable mustsupply a clock rate to the DTE end. To resolve this, configure clock

rate 56000 on R3s Serial interface. Once the line protocol is up, runshow interface serial1 again to verify, and ping R1s Serial interface

again. The ping will succeed.

R3#conf tR3(config)#interface serial1

R3(config-if)#clock rate 56000

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to up

R3#show interface serial1

Serial1 is up, line protocol is upHardware is HD64570

Internet address is 172.12.13.3/24

Once the DCE supplies a clock rate to the DTE, the line comes up.



!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 msThe ping is successful.

The two BRI interfaces will now be configured with PPP PAP

authentication. You assigned IP addresses to these interfaces in the IPaddressing lab. You will use the phone numbers sent with your

authentication information. Configure the ISDN switchtype with theglobal isdn switch-type command, and run show isdn status to

verify. Layer 1 will be ACTIVE and Layer 2 will show a TEI assigned.

Note that while only R1 is shown here, isdn switch-type must

be configured on R1 AND R2; this command is necessary on any

Cisco router running ISDN if you leave it out, everything elsecan be perfect and the connection will not work.


26



38/106

R1#conf t

R1(config)#isdn switch-type basic-niR1(config)#^Z

R1#show isdn status

Global ISDN Switchtype = basic-ni

ISDN BRI0 interfacedsl 0, interface ISDN Switchtype = basic-ni

Layer 1 Status:

ACTIVELayer 2 Status:

TEI = 66, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED

Layer 3 Status:0 Active Layer 3 Call(s)

Configure dialer map statements on R1 and R2, each mapping to theother routers BRI interface. Ping R1s BRI interface from R2. Put the

phone numbers you were sent in email in place of the xxxxxxx you see

below.

NOTE: If you changed the names of R1 and R2, change themback to those names with the hostname command. The

hostnames R1 and R2 will be used for authentication in thislab, as youll soon see.

R1#conf tR1(config)#interface bri0

R1(config-if)#dialer map ip 172.12.21.2 name R2 broadcast xxxxxxx

R2#conf tR2(config)#interface bri0

R2(config-if)#dialer map ip 172.12.21.1 name R1 broadcast xxxxxxx

R2#ping 172.12.21.1


Sending 5, 100-byte ICMP Echos to 172.12.21.1, timeout is 2 seconds:.....


The dialer map configuration is correct, but the pings do not go through.

The ping fails because there is no interesting traffic defined that will

bring the line up. Using the dialer-list and dialer-group commands,allow any IP traffic to bring up the line. Ping R1 from R2. After the

ping goes through, run show dialer to see what packets brought theline up.


27



39/106

All IP traffic is defined as interesting traffic by thedialer-list command, and that list is

called by thedialer-group command. The ping packets bring the line up.

R1#conf t

R1(config)#dialer-list 1 protocol ip permit

R1(config)#interface bri0R1(config-if)#dialer-group 1

R2#conf tR2(config)#dialer-list 1 protocol ip permit

R2(config)#interface bri0

R2(config-if)#dialer-group 1

R2#ping 172.12.21.1



.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 36/37/40 ms

%LINK-3-UPDOWN: Interface BRI0:1, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up

R2#

%ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358661 R1

Its normal for a ping to be 80 percent successful the first time youping a destination. After that, youll see 100 percent connectivity.

R2#show dialer

BRI0 - dialer type = ISDN

Dial String Successes Failures Last called Last status

8358661 2 0 00:00:04 successful

0 incoming call(s) have been screened.

BRI0:1 - dialer type = ISDN

Idle timer (120 secs), Fast idle timer (20 secs)

Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is data link layer up

Dial reason: ip (s=172.12.21.2, d=172.12.21.1)

Time until disconnect 117 secsConnected to 8358661 (R1)

The dial reason in the output of show dialer clearly shows the source (s) and

destination (d) of the packet that caused the line to dial. While it was obvious here why

the line went up, routing protocols send multicasts and broadcasts that can cause such a

line to dial and stay dialed for days, weeks, or even months at a time, which costs a great


28



40/106

deal of money. This command is vital in diagnosing any issue involving an ISDN line

that dials and stays up.The routers will now authenticate each other with PAP over the ISDNlink. Configure the global command username / password on each

router, naming the remote router as the username and the passwordthe remote router will be sending as the password. Use

encapsulation ppp and ppp authentication pap to enable eachrouter to authenticate the other. Have R1 send a password of CCNA

and R2 to send a password of CISCO. Use the ppp pap sent-username command as shown in the following illustration.

Note that you have to manually configure PPP. The default

encapsulation for a Serial or BRI interface is HDLC. Youll also see theTEI go down and then come back up; thats normal when you change

the encapsulation.

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.R1(config)#username R2 password CISCO

R1(config)#int bri0

R1(config-if)#encapsulation ppp

03:45:46: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed todown

03:45:48: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up

R1(config-if)#ppp authentication papR1(config-if)#ppp pap sent-username R1 password CCNA

R1(config-if)#^ZR1#

R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.R2(config)#username R1 password CCNA

R2(config)#int bri0R2(config-if)#encapsulation ppp

03:47:36: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to

down


R2(config-if)#ppp pap sent-username R2 password CISCOR2(config-if)#^Z

R2#


29



41/106

Run debug ppp negotiation on R2 and ping R1s BRI interface.

R2#debug ppp negotiation

PPP protocol negotiation debugging is on



.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 36/37/40 ms%LINK-3-UPDOWN: Interface BRI0:1, changed state to up

BR0:1 PPP: Phase is AUTHENTICATING, by both< Both routers are authenticating the other. >

BR0:1 PAP: O AUTH-REQ id 1 len 13 from "R2"< R2 is sending an authentication request to R1. >

BR0:1 PAP: I AUTH-ACK id 1 len 5

< The I indicates an incoming packet; the remote route is acknowledging theauthentication request. >

BR0:1 PAP: I AUTH-REQ id 1 len 12 from "R1"< A PAP authentication request has been received from R1. >

BR0:1 PAP: Authenticating peer R1< R1 is being authenticated. >

BR0:1 PAP: O AUTH-ACK id 1 len 5

Notice that with PAP, there is authentication, but there are no

challenge/responses shown in the debug. That will change when you

configure CHAP.

Before configuring CHAP, do the following:

1. Run no encapsulation ppp under both BRI interfaces.

2. Remove the username/password statements simply byrepeating the earlier commands with the word no in front of thecommand, as shown below.

A tip: When you need to remove a command from a Cisco router,youll usually do it just by running the command by putting the word

no in front of it.

Also, anytime you want to look at the running configuration of therouter, run show config. Hit the enter key to go down one line at atime, and the space bar to go down a full screen. When you see what

you wanted to see, hit ESC to back to the prompt.


30



42/106

R1#conf t

R1(config)#no username R2 password CISCOR1(config)#int bri0

R1(config-if)#no encapsulation ppp

R1(config-if)#^Z

R1#03:56:01: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to

down


R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.R2(config)#no username R1 password CCNA



R2(config-if)#^Z

03:56:58: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed todown


Configure the routers for CHAP authentication. The switch-type, dialermap statements, and dialer-lists have already been configured. On

both R1 and R2, configure a username / password statement withthe password CCNA. Configure both routers for PPP encapsulation andCHAP authentication with the encapsulation ppp and ppp

authentication chap commands.

R1#conf tR1(config)#username R2 password CCNAR1(config)#interface bri0


03:58:58: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to do

03:58:59: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to upR1(config-if)#ppp authentication chap

R1(config-if)#^Z

R1#

R2#conf t

R2(config)#username R1 password CCNAR2(config)#interface bri0


04:00:00: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to

down04:00:01: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up

R2(config-if)#ppp authentication chap

R2(config-if)#^Z


31



43/106

With CHAP, the passwords must be the same. Note that there is nosent-password command, as there was with PAP.

Run debug ppp negotiation, and ping R1 from R2.

R2#debug ppp negotiationPPP protocol negotiation debugging is on

R2#ping 172.12.21.1



04:01:30: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

04:01:30: BR0:1 PPP: Using dialer call direction

04:01:30: BR0:1 PPP: Treating connection as a callout04:01:30: BR0:1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 0 load]

04:01:30: BR0:1 LCP: O CONFREQ [Closed] id 1 len 1504:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)

04:01:30: BR0:1 LCP: MagicNumber 0x1158551A (0x05061158551A)04:01:30: BR0:1 LCP: I CONFREQ [REQsent] id 1 len 15

04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)

04:01:30: BR0:1 LCP: MagicNumber 0x1158F056 (0x05061158F056)04:01:30: BR0:1 LCP: O CONFACK [REQsent] id 1 len 15


04:01:30: BR0:1 LCP: MagicNumber 0x1158F056 (0x05061158F056)04:01:30: BR0:1 LCP: I CONFACK [ACKsent] id 1 len 15


04:01:30: BR0:1 LCP: MagicNumber 0x1158551A (0x05061158551A)04:01:30: BR0:1 LCP: State is Open04:01:30: BR0:1 PPP: P.!hase is AUTHENTICATING, by both [0 sess, 0 load]

04:01:30: BR0:1 CHAP: O CHALLENGE id 1 len 23 from "R2"

04:01:30: BR0:1 CHAP: I CHALLENGE id 1 len 23 from "R1"04:01:30: BR0:1 CHAP: O RESPONSE id 1 len 23 from "R2"

04:01:30: BR0:1 CHAP: I SUCCESS id 1 len 4

04:01:30: BR0:1 CHAP: I RESPONSE id 1 len 23 from "R1"04:01:30: BR0:1 CHAP: O SUCCESS id 1 len 4

04:01:30: BR0:1 PPP: Phase is UP [0 sess, 0 load]

04:01:30: BR0:1 IPCP: O CONFREQ [Closed] id 1 len 10

04:01:30: BR0:1 IPCP: Address 172.12.21.2 (0x0306AC0C1502)04:01:30: BR0:1 CDPCP: O CONFREQ [Closed] id 1 len 4

04:01:30: BR0:1 IPCP: I CONFREQ [REQsent] id 1 len 10

04:01:30: BR0:1 IPCP: Address 172.12.21.1 (0x0306AC0C1501)04:01:30: BR0:1 IPCP: O CONFACK [REQsent] id 1 len 10

04:01:30: BR0:1 IPCP: Address 172.12.21.1 (0x0306AC0C1501)04:01:30: BR0:1 CDPCP: I CONFREQ [REQsent] id 1 len 4

04:01:30: BR0:1 CDPCP: O CONFACK [REQsent] id 1 len 4


32



44/106

04:01:30: BR0:1 IPCP: I CONFACK [ACKsent] id 1 len 10

04:01:30: BR0:1 IPCP: Addr!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 36/49/88 ms

R2#ess 172.12.21.2 (0x0306AC0C1502)

04:01:30: BR0:1 IPCP: State is Open

04:01:30: BR0:1 CDPCP: I CONFACK [ACKsent] id 1 len 404:01:30: BR0:1 CDPCP: State is Open

04:01:30: BR0 IPCP: Install route to 172.12.21.1

04:01:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changedstate to up

R2#

04:01:36: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551111 R1

As before, run show dialer to see what interesting traffic brought the link up.

R2#show dialer

BRI0 - dialer type = ISDN

Dial String Successes Failures Last called Last statu8358661 4 0 00:00:12 successfu

0 incoming call(s) have been screened.




Dial reason: ip (s=172.12.21.2, d=172.12.21.1)

Time until disconnect 109 secsConnected to 8358661 (R1)



Wait for carrier (30 secs), Re-enable (15 secs)

Dialer state is idle

The ping packet from R2 was the cause of the line dialing.

Obviously, theres a lot more going on here. Notice the challengesand responses being sent by both sides.

I recommend you run CHAP by using mismatched passwords, and run

this same debug so you can see what it looks like when theres aproblem with passwords.

Turn your debugs off with undebug all .


33



45/106

Using ppp multilink and dialer load-threshold, configure the ISDNinterface on R1 to bring up the second B-channel when the first B-

channel reaches 50% of its outbound capacity. You can also changethe dialer idle-timeout default of 120 seconds as shown below.

(Remember that only interesting traffic resets the idle-timeout.)


R1(config)#interface bri0R1(config)#dialer idle-timeout 30 (This value is in seconds, not minutes!)

R1(config-if)#ppp multilinkR1(config-if)#dialer load-thresh 127 ?

either Threshold decision based on max of inbound and outbound traffic

inbound Threshold decision based on inbound traffic onlyoutbound Threshold decision based on outbound traffic only

R1(config-if)#dialer load-thresh 127 outbound

Its very important that you realize that the value you enter withdialer load-threshold is a ratio of 255, not 100. If you wanted tohave the second b-channel come up when the first one reaches 75%

capacity, youd need to enter the number that is 75% of 255, NOT

100.

Also, you must configure ppp multilink to have the second link comeup at the specified capacity level.

The following dialer profile lab is a bonus. Its doubtful youll beasked anything about dialer profiles on the CCNA exams, but the

chance is there. Make sure youre proficient with PAP, CHAP, and thedifferent ISDN show and debug commands covered earlier before

spending time configuring dialer profiles.

On the BRI interface, remove the following: the PPP encapsulationtype, the dialer-map statement, the dialer-group statement, the

dialer-load statement, the IP address, and any commands referencingPAP or CHAP authentication.

The ISDN switch-type command and username / password

command should remain.


34



46/106

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface bri0


R1(config-if)#no dialer map ip 172.12.21.2 name R2 broadcast 8358662

R1(config-if)#no dialer-group 1R1(config-if)#no dialer load-threshold 127 outbound

R1(config-if)#no ip address

Make sure the TEI comes back up after going down. If it does not, shut and reopen the

BRI interface.

After removing these statements, the running config should show this for the BRI

interface:

interface BRI0

no ip addressisdn switch-type basic-ni

Configure a dialer profile with the command interface dialer 1 on R1.The IP address that was on the BRI interface will be placed on this

logical interface. Use dialer remote-name to indicate the name ofthe remote router to be dialed, and dialer string to configure the

number to be dialed.

R1#conf t

R1(config)#interface dialer 1

R1(config-if)#ip address 172.12.21.1 255.255.255.252R1(config-if)#dialer remote-name R2

R1(config-if)#dialer string xxxxxxx

R1#conf t

R1(config)#interface dialer1

R1(config-if)#dialer-group 1

The physical BRI interface and logical Dialer interface must now belinked. Configure Dialer1 with the dialer pool 1 command, then

make the BRI interface a member of that pool with the dialer pool-

member 1 command.

R1#conf t


R1(config-if)#dialer pool 1


35



47/106

R1#conf t

R1(config)#interface bri0R1(config-if)#dialer pool-member 1

R2 is still using PPP encapsulation and CHAP authentication; R1 mustalso. On both the physical and logical interfaces, configure

encapsulation ppp and ppp authentication chap.

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface bri0


R1(config-if)#ppp authentication chap


R1(config-if)#encapsulation pppR1(config-if)#ppp authentication chap

When the encapsulation type is changed on the physical interface, the TEI goes up and

down.. If the TEI doesnt come back up, open and shut the physical interface. No such

up / down behavior will occur when the encapsulation type is configured on the

logical interface.

Run debug ppp negotiation and ping R2s BRI interface.

R1#debug ppp negotiation

PPP protocol negotiation debugging is onR1#ping 172.12.21.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.21.2, timeout is 2 seconds:.!!!!


22:12:07: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

22:12:07: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer122:12:07: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358662

22:12:07: BR0:1 PPP: Phase is AUTHENTICATING, by both

22:12:07: BR0:1 CHAP: O CHALLENGE id 3 len 23 from "R1"22:12:07: BR0:1 CHAP: I CHALLENGE id 3 len 23 from "R2"

22:12:07: BR0:1 CHAP: O RESPONSE id 3 len 23 from "R1"22:12:07: BR0:1 CHAP: I SUCCESS id 3 len 422:12:07: BR0:1 CHAP: I RESPONSE id 3 len 23 from "R2"

22:12:07: BR0:1 CHAP: O SUCCESS id 3 len 4

22:12:07: BR0:1 PPP: Phase is UP


36



48/106

< The expected series of challenges, responses, and successes occur. >

R1#show dialer




Dial reason: ip (s=172.12.21.1, d=172.12.21.2)

Interface bound to profile Dialer1Time until disconnect 112 secs

Current call connected 00:00:10Connected to 8358662 (R2)

Dialer1 - dialer type = DIALER PROFILEIdle timer (120 secs), Fast idle timer (20 secs)Wait for carrier (30 secs), Re-enable (15 secs)

Dialer state is data link layer up

The BRI physical interface is bound to Dialer1, the logical interface, and the status of the

Dialer Profile is up as well.

NOTE: If you keep the dialer profile on this routerduring the protocol labs, make sure to substi tute dialer0 or dialer1 , whichever you named thisinterface, for bri0 in the passive-interface command in

the following labs.


37



49/106

Passwords and Services Lab

REMINDER: Please use only the words cisco and ccna for

passwords, without the quotation marks. Thank you!

Co n f i g u r i n g R o u t e r P a ss w o r d s

The first two passwords to configure are the enable secret andenable password. If the names sound alike, thats because they

have the same function. The user will be prompted to enter thispassword when entering privileged exec mode. The enable password

is for older routers, also referred to as legacy routers. The enablesecretpassword will be used by the majority of the users.

If both passwords are in effect, the enable secret password

takes precedence.

R3#conf tR3(config)#enable password cisco

R3(config)#^Z

R3#logout

The enable password has been set. Users will be prompted for this password when

attempting to enter privileged exec mode. To test this, log out with the logout command

as shown, and use the password cisco to get back in.

R3 con0 is now availablePress RETURN to get started.

R3>en

Password:R3#The user was prompted for the enable password before being allowed into privileged

exec mode. The password does not appear as it is being keyed in.

Now set an enable secret password of ccna. Log out, and try the

enable password cisco. You wont be allowed access, since the enablesecret of ccna is taking precedence. The enable secret passwordalways has precedence over the enable password.


38



50/106

R3#conf t

R3(config)#enable secret ccnaR3(config)#^Z

R3#logout

The enable secretpassword has been set. Users will be prompted for this password whenattempting to enter privileged exec mode.

R3 con0 is now availablePress RETURN to get started.

R3>en

Password:R3#The user was prompted for the enable secret password before being allowed into

privileged exec mode. The password does not appear as it is being keyed in. Thepreviously set enable password of cisco no longer works.

A password can also be set for the console. Enter line configurationmode with the command line console 0, enter login to have the user

prompted for a password when logging on to the console, and thepassword command is used to set the password.


R3(config)#line console 0

R3(config-line)#loginR3(config-line)#password cisco

R3(config-line)#^Z

R3(config)#logout

R3 con0 is now available

Press RETURN to get started.


Password: < cisco was entered here >

R3>enablePassword: < ccna was entered here. >

R3#

The user is now prompted for the console password before user exec mode can be

accessed. After entering that password, the user is prompted for the enable secretpassword to enter privileged exec mode.


39



51/106

Now youve set an enable password, an enable secret password, and aconsole password. The final password you need to set is the

password that will be used to authentication telnet users. (By default,a Cisco router can support five simultaneous telnet sessions. This

configuration will apply the same password to all five sessions.)


R3(config)#line vty 0 4

R3(config-line)#login

% Login disabled on line 2, until 'password' is set% Login disabled on line 3, until 'password' is set

% Login disabled on line 4, until 'password' is set

% Login disabled on line 5, until 'password' is set% Login disabled on line 6, until 'password' is set

R3(config-line)#password cisco

It really doesnt matter what order you enter the login command and

the password; as you can see, if you enable login first, yourereminded that no one can log in until a password is set. By default, aCisco router will not allow anyone to connect to it via Telnet

unless a password has been configured on the vty lines.

Encrypting All Router Passwords In The Running Configuration

After configuring a console password and a telnet password, the

passwords appear in the running configuration in clear-text.

R3#show config< output truncated for clarity >

!

line con 0password cisco

login

line aux 0

line vty 0 4password cisco

login


40



52/106

By default, only the enable secret password will be encrypted in therunning configuration. To encrypt all passwords in the running config,

use the global command service password-encryption.

R3#conf t

R3(config)#service password-encryption

R3#show config

service password-encryption!

line con 0

password 7 10692C2D3C3827392F27040Alogin

line aux 0

line vty 0 4

password 7 14343B382F2B

login!

end

The number you see is the level of encryption, which can range from 0 7. The command service password-encryption gives the

strongest possible encryption level on the router.

Cisco Discovery Protocol

Cisco Discovery Protocol (CDP) runs by default between all directly

connected Cisco devices.

Show cdp neighbor displays all directly connected Cisco routers and

switches. CDP is Cisco-proprietary, so it will not display non-Ciscodevices.

CDP can be disabled at both the global and interface level. To disableCDP at the interface level, run no cdp enable on the interface, and

cdp enable to turn it back on.

By default, the cdp timer defines how often CDP packets aretransmitted, and cdp holdtime defines how long a device will hold a

received packet.

To turn CDP off for the entire router, run no cdp run. To view the

current global status of CDP, run show cdp.


41



53/106

Run each of these commands on all five of your devices. Practiceturning CDP off and on at the global level and the interface level until

youre very confident that you know which command is which.

R2#show cdp

Global CDP information:Sending CDP packets every 45 seconds

Sending a holdtime value of 100 seconds

The CDP values have been successfully changed. show cdp interface will give the

timer information for each interface on the router.

R2#conf t


R2(config-if)#no cdp enable

CDP is disabled on the BRI interface. This does NOT have to be done to keep the linefrom dialing, as will be shown.

R2#conf t

R2(config)#no cdp run

CDP is disabled globally.

R2#show cdp% CDP is not enabled

CDP has been successfully disabled.

Knowing which password does what is vital to passing the CCNAexams. Know how to configure and spot a correctly configured console

password, enable password, and telnet password. And you REALLYneed to know CDP inside and out! Theres not much there, but yougotta know it!


42



54/106

Static Routing Lab

Create a static route on R3 and one on R1 that will allow R3 to

successfully ping R2s loopback interface, 2.2.2.2. The route should

only consider traffic destined for 2.2.2.2. Use show ip route todisplay the static routes.

R3#conf t

R3(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.1R3#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets

S 2.2.2.2 [1/0] via 172.12.123.13.0.0.0/27 is subnetted, 1 subnets

C 3.3.3.0 is directly connected, Loopback0


C 172.12.13.0 is directly connected, Serial1C 172.12.123.0 is directly connected, Serial0.31

172.23.0.0/27 is subnetted, 1 subnetsC 172.23.23.0 is directly connected, Ethernet0

R1#conf t

R1(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.2

R1#show ip route

< codes deleted for clarity >

Gateway of last resort is not set

1.0.0.0/27 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0


S 2.2.2.2 [1/0] via 172.12.123.2172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks

C 172.12.13.0/24 is directly connected, Serial1

C 172.12.21.0/30 is directly connected, BRI0

C 172.12.123.0/24 is directly connected, Serial0


43



55/106

Examining the syntax of the ip route commands used in this lab:

R3(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.1

ip route: The command.

2.2.2.2 : The destination address.255.255.255.255: The wildcard mask. This particular mask means that only traffic

destined for 2.2.2.2 will use this static route.

172.12.123.1: The next-hop IP address used to reach the destination.

R1(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.2

ip route: The command.2.2.2.2: The destination address.

255.255.255.255. The wildcard mask. Again, only traffic destined for 2.2.2.2 will use this

static route.

172.12.123.2: The next-hop IP address used to reach this destination.

On R3, run debug ip packet, then ping 2.2.2.2. The pings willreturn successfully, and the packets can be seen leaving and entering

the router. Turn all debugs off with undebug all.

R3#debug ip packet

IP packet debugging is onR3#ping 2.2.2.2



!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 132/136/144 m

R3#

IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending

IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending

IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3

IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending



IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3

R3#undebug allAll possible debugging has been turned off


44



56/106

Remove the static routes with the command no ip route. Replacethem with a static route with a destination and wildcard mask of

0.0.0.0. This route will serve as a default route; to verify this, run

show ip route after configuring these default static routes.

Notice that with static routes, you can configure either a next-hopaddress or an exit interface on the end of the static route command.

Here, youll configure both.

R3#conf tR3(config)#no ip route 2.2.2.2 255.255.255.255 172.12.123.1

R3(config)#ip route 0.0.0.0 0.0.0.0 serial0.31

R1#conf t

R1(config)#no ip route 2.2.2.2 255.255.255.255 172.12.123.2R1(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.2

A static route configured with a destination and subnet mask of 0.0.0.0 will serve as a

default route.

Examining the routing table of R3 after configuring the default static route.

R3#show ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

3.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback0


C 172.12.13.0 is directly connected, Serial1

C 172.12.123.0 is directly connected, Serial0.31172.23.0.0/24 is subnetted, 1 subnets

C 172.23.23.0 is directly connected, Ethernet0

S* 0.0.0.0/0 is directly connected, Serial0.31

The static route appears on R3 as a candidate default route, and isthen used as the default route. The gateway of last resort is now

set to 0.0.0.0. This is a result of using an exit interface to configurethe static default route, rather than a next-hop IP address.


45



57/106

Examining R1s routing table after configuring the static default route.

R1#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is 172.12.123.2 to network 0.0.0.0


C 1.1.1.0 is directly connected, Loopback0

172.12.0.0/16 is variably subnetted, 3 subnets, 2 masksC 172.12.13.0/24 is directly connected, Ser

Documents

CCNALabWorkbook