Our contacts :-

FB Fanpage :
www.facebook.com/tawfikfans

-FB profile
www.facebook.com/ahmedtawfik1987

-YT channel
www.youtube.com/@ahmedtawfik1

-whatsapp
https://wa.me/201094246444

010-9-42-46-444

-‫سابقه اعمالنا‬
https://bit.ly/3wOCBHy
Guideline
This is a lab item in which tasks will be performed on virtual devices
1-refer to the tasks tab to view the tasks for this lab item
2-refer to the topology tab to access the device console and perform the tasks
3-console success is available for all required devices by clicking the device icon or
using the tab above the console window
4-all necessary pre-configuration have been applied
5-do not change the enable password or hostname for any device
6-save your configuration to NVRAM before moving to next tab
7-click next at the bottom of the screen to submit This lab and move to next question
8-when next is clicked the lab closes and cannot be reopened
LAB#1
Tasks

Physical connectivity is implemented between the two layer 2 switches

and the network connectivity between them must be configured

1-configure an lacp etherchannel and number it as 44

Configure it between SW1 and SW2 using interfaces ethernet 0/0 and ethernet 0/1
on both sides

The lacp mode must match on both ends

2-configure the etherchannel as trunk link

3-configure the trunk link with 802.1q tag

4-configure VLAN ” MONITORING” as untagged VLAN of the EtherChannel

 SW1

e0/0 e0/1

e0/0 e0/1

SW2
SW1(conf)#interface range e0/0 – 1 SW2(conf)#interface range e0/0 – 1
SW1(conf-if-range)#channel-group 44 mode active SW2(conf-if-range)#channel-group 44 mode active
SW1(conf-if-range)#exit SW2(conf-if-range)#exit

SW1(conf)#interface po 44 SW2(conf)#interface po 44
SW1(conf-if)#shutdown SW2(conf-if)#shutdown
SW1(conf-if)#switchport trunk encapsulation dot1q SW2(conf-if)#switchport trunk encapsulation dot1q
SW1(conf-if)#switchport mode trunk SW2(conf-if)#switchport mode trunk

SW1(conf-if)#switchport trunk native vlan 746 SW2(conf-if)#switchport trunk native vlan 746
SW1(conf-if)#no shutdown SW2(conf-if)#no shutdown
SW1(conf-if)#exit SW2(conf-if)#exit
SW1(conf)#exit SW2(conf)#exit
SW1#write SW2#write
LAB#2
Tasks

configure IPv4 and IPv6 connectivity between two routers for IPv4 use /28 network from 192.168.180.0/24 private range
For IPv6 use the first /64 subnet from the 2001:0db8:acca::/48 subnet

1-using ethernet 0/1on routers R1and R2 configure the next usable /28from the 192.168.180.0/24 range
The network 192.168.180.0/28 is un available
2-for the IPv4 /28 subnet router R1 must be configured with the first usable host address
3-for the IPv4 /28 subnet router R2 must be configured with the last usable host address
4-for the IPv6 /64 subnet configure the routers with the ip addressing provided from the topology
5-a ping must work between the routers on the IPv4 and IPv6 address range

R1 R2
e0/1 e0/1

192.168.180.x/28 192.168.180.x/28
2001:db8:acca::1/64 2001:db8:acca::2/64
R1>en
R1#configure t
R1(config)#int e0/1
R1(config-if)#ip address 192.168.180.17 255.255.255.240
R1(config-if)#ipv6 enable
R1(config-if)#ipv6 address 2001:db8:acca::1/64
R1(config-if)#no shutdown
R1(config-if)#exit
R1#write
R2>en
R2#configure t
R2(config)#int e0/1
R2(config-if)#ip address 192.168.180.30 255.255.255.240
R2(config-if)#ipv6 enable
R2(config-if)#ipv6 address 2001:db8:acca::2/64
R2(config-if)#no shutdown
R2(config-if)#exit
R2#write
LAB#3
Tasks

Ip connectivity and ospf are pre-configured on all devices where necessary ,

don’t make any changes to the ip addressing or ospf . The company policy uses connected interfaces
and next hops when configuring static route except for load balancing or redundancy without floating static
Connectivity must be established between subnet 172.20.20.128/25 on the internet and the lan at 192.168.0.0/24
Connected to SW1

1-configure reachability to the switch SW1 lan subnet in router R2

2-configure default reachability to the internet subnet in router R1
3-configure single static route on router R2 to reach the internet subnet consider both redundant links
Between R1and R2 , default route is not allowed in R2
4-configure static route on R1 toward SW1 lan subnet where the primary link must be through e0/1
And the backup link must be through e0/2 using floating route use the minimum admin distance value when required
 Internet
172.20.20.128/25

.254
10.10.254.0/24 192.168.0.0/24
E0/1
E0/1

R3 SW1
E0/0 E0/0
.1
10.10.13.0/24 .3 10.10. 31.0/24
.1 .129 .2
E0/0 10.10.12.128/25 .130 E0/0
E0/2 E0/2
Lo:0
10.10.1.1/32 R1 R2
E0/1 10.10.12.0/25 E0/1
.1 .2
R1>en
R1#configure terminal
R1(conf)#ip route 0.0.0.0 0.0.0.0 e0/0 10.10.13.3
R1(conf)#ip route192 .168.0.0 255.255.255.0 e0/1 10.10.12.2
R1(conf)#ip route192 .168.0.0 255.255.255.0 e0/2 10.10.12.130 2
R1(conf)#exit
R1#write

R2>en
R2#configure terminal
R2(conf)#ip route 192.168.0.0 255.255.255.0 e0/0 10.10.31.1
R2(conf)#ip route 172.20.20.128 255.255.255.128 10.10.1.1
R2(conf)#exit
R2#write
LAB#4
Tasks

Three switches must be configured for Layer 2 connectivity.

The company requires only the designated VLANs to be configured on their respective switches
and permitted a cross any links between switches for security purposes.
Do not modify or delete VTP configurations
The network needs two user-defined VLANs configured

VLAN 110: MARKETING

VLAN 210: FINANCE

1- Configure the VLANs on the designated switches

and assign them as access ports to the interfaces connected to the PCs.2.
2-Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks
with only the required VLANs permitted
3-Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the required VLANs permitted.
 SW1 SW2 SW3

E0/2 E0/2 E0/3 E0/3

E0/1 E0/1 E0/0 E0/1

PC 5 PC 3 PC 4 PC 6

VLAN 202 VLAN 303

VLAN 303 VLAN 202
10.10.2.2 10.10.3.2
10.10.3.1 10.10.2.1
SW2>enable
SW2#configure terminal
SW2(conf)#vlan 202
SW2(conf-vlan)#name MARKETING
SW2(conf-vlan )#vlan 303
SW2(conf-vlan)#name FINANCE
SW2(conf-vlan)#interface e0/2
SW2(conf-if)#switchport trunk encapsulation dot1q
SW2(conf-if)#switchport mode trunk
SW2(conf-if)#switchport trunk allowed vlan 303
SW2(conf-vlan)#interface e0/3
SW2(conf-if)#switchport trunk encapsulation dot1q
SW2(conf-if)#switchport mode trunk
SW2(conf-if)#switchport trunk allowed vlan 202 , 303
SW2(conf-vlan)#interface e0/1
SW2(conf-if)#switchport mode access
SW2(conf-if)#switchport access vlan 202
SW3>enable
SW3#configure terminal
SW3(conf)#vlan 202
SW3(conf-vlan)#name MARKETING
SW3(conf-vlan )#vlan 303
SW3(conf-vlan)#name FINANCE
SW2(conf-vlan)#interface e0/3
SW2(conf-if)#switchport trunk encapsulation dot1q
SW2(conf-if)#switchport mode trunk
SW2(conf-if)#switchport trunk allowed vlan 202 , 303
SW2(conf-vlan)#interface e0/0
SW2(conf-if)#switchport mode access
SW2(conf-if)#switchport access vlan 202
SW2(conf-vlan)#interface e0/1
SW2(conf-if)#switchport mode access
SW2(conf-if)#switchport access vlan 303
SW1>enable
SW1#configure terminal
SW1(conf)#vlan 202
SW1(conf-vlan)#name MARKETING
SW1(conf-vlan )#vlan 303
SW1(conf-vlan)#name FINANCE

SW1(conf-vlan)#interface e0/2
SW1(conf-if)#switchport trunk encapsulation dot1q
SW1(conf-if)#switchport mode trunk
SW1(conf-if)#switchport trunk allowed vlan 303

SW1(conf-vlan)#interface e0/1
SW1(conf-if)#switchport mode access
SW1(conf-if)#switchport access vlan 303

SW1,SW2,SW3#write
LAB#5
Tasks

Connectivity between four routers has been established , ip connectivity must be configured in the order presented
To complete the implementation , no dynamic routing protocol are included

1-configure static routing using host routes to establish connectivity from router R3 to router R1 loopback address
Using the source ip of 209.165.200.230

2-configure an ipv4 default route on router R2 destined to router R4

3-configure an ipv6 default route on router R2 destined to router R4

Loopback 1 Loopback 1 Loopback 1
192.168.1.1 192.168.2.1 192.168.3.1
209.165.200.224/30 209.165.200.228/30

R1 E0/0 E0/0 R2 E0/1 E0/1 R3

.225 .226 .229 .230
E0/2
.129
2001:db8:abcd::1
209.165.202.128/22
2001:db0:abcd::0/64
.130
2001:db8:abcd::2
E0/2

R4
Task 1

R3(conf)#ip route 192.168.1.1 255.255.255.255 209.165.200.229

R2(conf)#ip route 192.168.1.1 255.255.255.255 209.165.200.225

R1(conf)#ip route 209.165.200.230 255.255.255.255 209.165.200.226

Task 2
R2(conf)#ip route 0.0.0.0 0.0.0.0 209.165.202.130

Task 3
R2(conf)#ipv6 route ::/0 2001:db8:abcd::2

R1,R2,R3#copy run start

LAB#6
Tasks
All physical cabling between the two switches is installed .
Configure the network connectivity between the switches using the designated VLANs and interfaces .

1. Configure VLAN 12 named Compute and VLAN 34 named Telephony where required for each task .
2. Configure Ethernet 0/1 on SW2 to use the existing VLAN named Available.
3. Configure the connection between the switches using access ports .
4. Configure Ethernet 0/1 on SW1 using data and voice VLANs.
5. Configure Ethernet 0/1 on SW2 so that the Cisco Proprietary neighbor discovery protocol

is turned off for the designated interface only.

 SW1 SW2
E0/0 VLAN 12 E0/0

E0/1 E0/1

VLAN
VLAN 12 avilable
VLAN 34
SW1> enable SW2> enable

SW1 # config t SW2 # conf t

SW1 (config) # vlan 12 SW2 (config) # vlan 12

SW1 (config-vlan) # name Compute SW2 (config-vlan) # name Compute

SW1 (config-vlan) # vlan 34 SW2 (config-vlan) # vlan 34

SW1 (config-vlan) # name Telephone SW2 (config-vlan) # name Telephone

SW1 (config-vlan) # int e0/0 SW2 (config-vlan) # int e0/0

SW1 ( config - if) # switchport mode access SW2 ( config - if) # switchport mode access

SW1 ( config - if) # switchport access vlan 12 SW2 ( config - if) # switchport access vlan 12

SW1 ( config - if) # int e0/1 SW2 ( config - if) # int e0/1

SW1 ( config - if) # switchport mode access SW2 ( config - if) # switchport mode access

SW1 ( config - if) # switchport access vlan 12 SW2 ( config - if) # switchport access vlan 99

SW1 ( config - if) # switchport voice vlan 34 SW2 ( config - if) # no cdp enable

SW1 ( config - if) # end SW2 ( config - if) # end

SW1 # wr SW2 # wr
LAB#7
Tasks
Connectivity between three routers has been established,
and IP services must be configured in the order presented to complete the implementation .
Tasks assigned include configuration of NAT, NTP, DHCP and SSH services.

1. All traffic send from R3 to the R1 Loopback address must be configured for NAT on R2.
All source addresses must be translated from R3 to the IP address of Ethernet 0/0 on R2 ,
while using only a standard access list named NAT. To verify,
a ping must be successful to the R1 Loopback address sourced from R3. Do not use NVI NAT configuration.

2-Configure R1 as an NTP server and R2 as a client ,

not as a peer , using the IP address of the R1 Ethernet 0/2 interface .
Set the clock on the NTP server for midnight on January 1, 2019.

3-Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named NETPOOL.
Using a single command, exclude addresses 1 – 10 from the range .
Interface Ethernet 0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP.
4-Configure SSH connectivity from R1 to R3 , while excluding access via other remote connection protocols.
Access for user netadmin and password N3t4ccess must be set on router R3 using RSA and 1024 bits.
Verify connectivity using an SSH session from router R1 using a destination address of 10.1.3.11.
DO NOT modify console access or line numbers to accomplish this task

Lo:1 Lo:1
192.168.1.1 192.168.2.1
10.1.2.1 10.1.2.2
E0/0 E0/0
R1 R2
E0/2 E0/1
10.1.3.1 10.2.3.2

10.1.3.11 10.2.3.3
E0/2 E0/1
R3
Lo:1
192.168.3.1
Task 1 Task 2
R2(conf)#ip access-list standard NAT R1#clock set 00:00:00 1 jan 2019
R2(conf-std-nacl)#permit 10.2.3.3 R1#config terminal
R2(conf-std-nacl)#permit 192.168.3.1 R1(conf)#ntp master 1
R2(conf-std-nacl)#permit 10.1.3.11 R1(conf)#interface e0/2
R2(conf-std-nacl)#exit R1(conf-if)#ip address 10.1.3.1 255.255.255.0
R2(conf)#interface e0/1
R2(conf-if)#ip nat inside R2#configure terminal
R2(conf-if)#exit R2(conf)#ntp server 10.1.3.1
R2(conf)#interface e0/0
R2(conf-if)#ip nat outside
R2(conf-if)#exit
R2(conf)#ip nat inside source list NAT interface e0/0 overload

Verification
R3#ping 192.68.1.1
Task 3 Task 4
R1#config terminal R3#config terminal
R1(conf)#ip dhcp pool NETPOOL R3(conf)#line vty 0 4
R1(dhcp-conf)#network 10.1.3.0 255.255.255.0 R3(conf-line)#transport input ssh
R1(dhcp-conf)#exit R3(conf-line)#login local
R1(conf)#ip dhcp excluded-address 10.1.3.1 10.1.3.10 R3(conf-line)#exit
R3(conf)#username netadmin password N3t4ccess
R3(conf)#crypto key generate rsa module 1024
R3#conf terminal
R3(conf)#interface e0/2
R3(conf-if)#ip address dhcp Verification
R3#ssh –l netadmin 10.1.3.11

Verification R1,R2,R3#copy run start

R3#show ip interface brief
LAB#8
Tasks

Ip connectivity between the three routers is configured. OSPF adjacencies must be established.

1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared between them .
2. Configure the R2 links with a max value facing R1 and R3.R2 must become the DR.
R1 and R3 links facing R2 must remain with the default OSPF configuration for DR election .
Verify the configuration after clearing the OSPF Process.
3-Using a host wildcard mask, configure all three routers to advertise their respective Loopback 1 networks.

4-Configure the link between R1 and R3 to disable their ability to add other OSPF routers.
 L1 192.168.1.1/24
Lo:0 10.10.1.1/32

E0/0 R1 E0/1
10.10.12.0/24 10.10.13.0/24

E0/0 E0/1
10.10.23.0/24
R2 E0/2 E0/2 R3

L1 192.168.2.2/24 L1 192.168.3.3/24
Lo:0 10.10.2.2/32 Lo:0 10.10.3.3/32
 R2(config)# interface e0/0
R1# config t
R2(config-if)# ip ospf priority 255
R1(config)# interface e0/1
R2(config-if)# interface e0/2
R1(config-if)# ip ospf network point-to-point
R2(config-if)# ip ospf priority 255
R1(config-if)# exit
R2(config-if)# exit
R1(config)# router ospf 1
R2(config)# router ospf 1
R1(config-router)# router-id 10.10.12.1
R2(config-router)# router-id 10.10.12.2
R1(config-router)# network 10.10.12.0 0.0.0.255 area 0
R2(config-router)# network 10.10.12.0 0.0.0.255 area 0
R1(config-router)# network 10.10.13.0 0.0.0.255 area 0
R2(config-router)# network 10.10.23.0 0.0.0.255 area 0
R1(config-router)# network 192.168.1.1 0.0.0.0 area 0
R2(config-router)# network 192.168.2.2 0.0.0.0 area 0
R1(config-router)# end
R2(config-router)# end
R1# clear ip ospf process
R2# clear ip ospf process
Yes
Yes
R1# write
R3# config t

R3(config)# interface e0/1

R3(config-if)# ip ospf network point-to-point

R3(config-if)# exit

R3(config)# router ospf 1

R3(config-router)# network 10.10.13.0 0.0.0.255 area 0

R3(config-router)# network 10.10.23.0 0.0.0.255 area 0

R3(config-router)# network 192.168.3.3 0.0.0.0 area 0

R3(config-router)# end

R3# clear ip ospf process

yes
R3# write
LAB#9
Tasks

IP connectivity between the three routers is established.

IP services must be configured in the order presented to complete the implementation.

1. Configure dynamic one – to – one address mapping on R2 using a standard list named XLATE ,
which allows all traffic to translate the source address of R3 to a pool named test pool
using the 10.10.10.0/24 network for traffic sent from R3 to R1 .
Avoid using an NVI configuration. Verify reachability by sending a ping to 192.168.100.1 from R3.

2- Configure R3 to dynamically receive an Ip address on Ethernet 0/2 from the DHCP server.

3-Configure R1 as an NTP server and R2 as a client , not as a peer , using the IP address 10.1.2.1 .
4-Configure SSH access from R1 to R3 ,

while excluding access via other remote connection protocols using the user root and password s3cret on router R3

using RSA . Verify connectivity from router R1 to R3 using a destination address assigned to interface E0/2 on R3 .
 Lo:1 Lo:1
192.168.100.1 192.168.200.1
10.1.2.1 10.1.2.2
E0/0 E0/0
R1 R2
E0/2 E0/1
10.1.3.1 10.2.3.2

10.1.3.11 10.2.3.3
E0/2 E0/1
R3
Lo:1
192.168.3.1
R1>en R2# config t

R1# config t R2(config)# ntp server 10.1.2.1

R1(config)# ntp master 1 R2(config)# ip access-list standard XLATE

R1(config)# ntp source e0/0 R2(config-std-nacl)# permit 10.2.3.0 0.0.0.255

R1(config)# end R2(config-std-nacl)# permit 192.168.3.1 0.0.0.0

R1# wr R2(config-std-nacl)# exit

R2(config)# ip nat pool test_pool 10.10.10.1 10.10.10.254 netmask 255.255.255.0

R2(config)# ip nat inside source list XLATE pool test_pool

R2(config)# int e0/0

R2(config-if)# ip nat outside

R2(config-if)# int e0/1

R2(config-if)# ip nat inside

R2(config-if)# end
R2# wr
R3>en

R3# config t

R3(config)# interface e0/2

R3(config-if)# ip address dhcp

R3(config-if)# exit

R3(config)# username root password s3cret

R3(config)# crypto key generate rsa modulus 1024

R3(config)# line vty 0 4

R3 (config-line)# login local

R3(config-line)# transport input ssh

R3(config-line)# end

R3# wr
Verification
R1#ssh –l root 10.1.3.11
LAB#10
Tasks
Refer to the topology . All physical cabling is in place . Configure local users accounts , modify the Named ACL ( NACL)
, and configure DHCP Snooping . The current contents of the NACL must remain intact.
Task 1
Configure a local account on GW1 with telnet access only on virtual ports 0-4 . Use the following information .
1. Username: wheel
2. Password: lock3path
3. Algorithm type : Scrypt
4. Privilege level : Exec mode

Task 2
Configure and apply a NACL on GW1 to control netwok traffic from VLAN 10
1. Name : CORP_ ACL
2. Allow BOOTP and HTTPS
3. Restrict all other traffic and log the ingress interface , source mac address ,
the packet’s source and destination IP addresses , and ports.
Task 3
Configure SW1:
Internet
1. Enable DHCP Snooping for VLAN 10
209.165.201.0/30
2. Disable DHCP Option-82 data insertion
3. Enable DHCP Snooping MAC address verification
4. Enable trusted interfaces E0/2
DHCP
VLAN 10 server
GW1
E0/0 HOST D
VLAN 20
HOST C
E1/0
E0/0 E0/3
E0/2 VLAN 20

VLAN 10 HOST B
E0/2 SW3 E0/2
E0/0 E0/0
E0/1
HOST A E0/1
SW1 SW2
GW1
GW1> enable
GW1 # config t
GW1 ( config) # username wheel privilege 15 algorithm- type scrypt secret lock3path
GW1 ( config) # lin vty 0 4
GW1 ( config - line) # login local
GW1 ( config - line) # transport input telnet
GW1 ( config - line) # exit
GW1 ( config ) # ip access – list extended CORP_ACL
GW1 ( config – ext-nacl) # permit udp 10.10.0.0 0.0.0.255 any eq bootp
GW1 ( config – ext-nacl) # permit tcp 10.10.0.0 0.0.0.255 any eq 443
GW1 ( config – ext-nacl) # deny ip any any
GW1 ( config – ext-nacl) # int e0/0
GW1 ( config – if) # ip access-group CORP_ACL in
GW1 ( config – if ) # end
GW1# wr
SW1
SW1 >en
Sw1# config t
SW1 (confg)# ip dhcp snooping
SW1 (config )# ip dhcp snooping vlan 10
SW1 (config )# no ip dhcp snooping information option
SW1 (config )# ip dhcp snooping verify mac – address
SW1 ( config-if ) # int range e0/1-2
SW1 ( config-if - range) # ip dhcp snooping trust
SW1 ( config-if - range) # end
SW1 # wr
LAB#11
Tasks
VLANS 35 and 45 have been configured in all three switches . All Physical connectivity has been installed and verified
. All inter– switch links must be operational .
1. Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for 802.1q trunking allowing all VLANS.
2. Configure the inter-switch links on SW-1 e02 , SW-2 e0/2 , and SW-3 e0/0 and e0/1 to use native NLAN 35.
Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for link aggregaton . SW-1 should immediately negotiate LACP
and SW-2 must only respond to LACP requests
 SW1 Po12 SW2
E0/0 E0/0

E0/1 E0/1
E0/2 E0/2

E0/0 E0/1

SW3
SW1
SW1> en
SW1 # config t
SW1 ( config )# int range e0/0-2
SW1( config – if –range )#switchport trunk encapsulation dot1q
SW1( config – if –range )# switchport mode trunk
SW1( config – if –range )# int range e0/0-1
SW1( config – if –range )# channel-group 12 mode active
SW1( config – if –range )# int e0/2
SW1 ( config-if) # switchport trunk native vlan 35
SW1 (config –if )# end
SW1# wr
SW2 SW3
SW2> en SW1> en
SW2 # config t SW1 # config t
SW2 ( config )# int range e0/0-2 SW1 ( config )# int range e0/0-1
SW2( config – if –range )#switchport trunk encapsulation dot1q SW1( config – if –range )#switchport trunk encapsulation dot1q
SW2( config – if –range )# switchport mode trunk SW1( config – if –range )# switchport mode trunk
SW2( config – if –range )# int range e0/0-1 SW1 ( config-if) # switchport trunk native vlan 35
SW2( config – if –range )# channel-group 12 mode passive SW1 (config –if -range)# end
SW2( config – if –range )# int e0/2 SW1# wr
SW2 ( config-if) # switchport trunk native vlan 35
SW2 (config –if )# end
SW2# wr
LAB#12
Tasks
Refer to the topology . All physical cabling is in place . Configure local users accounts , modify the Named ACL ( NACL)
, and security.
Task1
Configure a local account on SW101 with telnet access only on virtual ports 0-4 . Use the following information .
1. Username: support
2. Password: max2learn
3. Privilege level : Exec mode
Task 2
Configure and apply a single NACL on SW101 using the following :
1. Name : ENT _ACL
2. Restrict only PC2 on VLAN 200 from pinging PC1
3. Allow only PC2 on VLAN 200 to telnet to SW 101
4. Prevent all other devices from telnetting from VLAN 200
5. Allow all other network traffic from VLAN 200
Task 3
Configure security on interface Ethernet 0/0 of SW 102
1. Set the maximum number of secure MAC addresses to four
2. Drop Packets with unknown source addresses until the number of secure MAC addresses
3. drops below the configured maximum value .No notification action is required .
Allow Secure MAC addresses to be learned dynamically
Internet

E0/1 209.165.201.0/30

R1
192.168.3.0/30 E0/0
E0/1
E0/2 E0/1
E0/0
VLAN 100 VLAN 200 E0/0
SW101 SW102

PC1 PC2
192.168.100.10 192.168.200.10
SW101> en
SW101# config t
SW101(config)# username support privilege 15 password max2learn
SW101(config)#line vty 0 4
SW101 (config-line)#login local
SW101(config-line )# transport input telnet
SW101(config-line)#exit
SW101(config)# ip access –list extended ENT_ACL
SW101(config-ext-nacl)#deny icmp host 192.168.200.10 host 192.168.100.10
SW101(config-ext-nacl)#permit tcp host 192.168.200.10 host 192.168.200.1 eq telnet
SW101 (config-ext-nacl)# deny tcp 192.168.200.0 0.0.0.255 any eq telnet
SW101 (config-ext-nacl)# permit ip any any
SW101 (config-ext-nacl)# exit
SW101 (config)# int vlan 200
SW101 (config-if)# ip access – group ENT_ACL in f
SW101 (config-if)# end
SW101 # wr
SW102 >en
SW102 # config
SW102 (config)#int e0/0
SW102 (config-if )# switchport port-security
SW102 (config-if )# switchport port-security maximum 4
SW102 (config-if )# switchport port-security violation protect
SW102 (config-if )# switchport port-security mac-address sticky
SW102 (config-if )# end
SW102# wr
LAB#13
Tasks
R1 and R2 are pre-configured with all necessary commands. All physical cabling is in place and verified . Connectivity
for PC1 and PC2 must be established to the switches , each port must only allow one VLAN and be operational.
1. Configure SW-1 with VLAN 15 and label it exactly as OPS
2. Configure SW-2 with VLAN 66 and label it exactly as ENGINEERING
3. Configure the switch port connecting to PC1
4. Configure the switch port connecting to PC2
5. Configure the E0/2 connections on SW-1 and SW-2 for neighbor discovery using the vendor- neutral standard
protocol and ensure that e0/0 on both switches uses the Cisco proprietary protocol.
 DEVICE VLAN IP ADDRESS
R1 R2 R1 15 172.16.15.1
E0/0 E0/0 R2 66 192.168.66.1

E0/2 E0/2

E0/0 E0/0
SW1 SW2

E0/1 E0/1

PC1 PC2
VLAN 15 VLAN 66
172.16.15.10 192.168.66.50
SW-1> en SW-2> en

SW-1 # config t SW-2 # config t

SW-1 (config) # lldp run SW-2 (config) # lldp run

SW-1 (config) # vlan 15 SW-2 (config) # vlan 66

SW-1 (config – vlan ) # name OPS SW-2 (config – vlan ) # name ENGINEERING

SW-1 (config-vlan ) # int e0/1 SW-2 (config-vlan ) # int e0/1

SW-1 (config-if) # switchport mode access SW-2 (config-if) # switchport mode access

SW-1 (config) # switchport access vlan 15 SW-2 (config) # switchport access vlan 66

SW-1 (config) # int e0/2 SW-2 (config) # int e0/2

SW-1(config - if) # no cdp enable SW-2(config - if) # no cdp enable

SW-1 (config - if) # lldp transmit SW-2 (config - if) # lldp transmit

SW-1 (config - if) #lldp receive SW-2 (config - if) #lldp receive

SW-1 (config - if) # int e0/0 SW-2 (config - if) # int e0/0

SW-1 (config - if) # switchport trunk encapsulation isl SW-2 (config - if) # switchport trunk encapsulation isl
SW-1 (config - if) # switchport mode trunk SW-2 (config - if) # switchport mode trunk

SW-1 (config - if) # end SW-2 (config - if) # end

SW1# wr SW2# wr
LAB#14
Tasks
Refer to the topology .All physical cabling is in place. Routers R3 and R4 are fully configured and inaccessible.
Configure static routes for various connectivity to the ISP and the LAN, which resides on R4.
1. Configure a default route on R2 to the ISP
2. Configure a default route on R1 to the ISP
3. Configure R2 with a route to the Server at 10.0.41.10
4. Configure R1 with a route to the LAN that prefers R3 as the primary path to the LAN
 ISP
209.165.200.224/27

E0/2
E0/0 10.0.12.0/30 E0/0
R1 R2
E0/1 E0/1

10.0.13.0/27 10.0.24.0/29

E0/0 E0/0
10.0.41.0/24
R3 E0/1 10.0.34.0/28 E0/1 R4

DEVICE INTERFACE IP ADDRESS

R2 E0/2 209.165.200.226
ISP E0/0 209.165.200.225 SERVER
SERVER E0/0 10.0.41.10
R1>en
R1#config t
R1(config )# ip route 0.0.0.0 0.0.0.0 209.165.200.225
R1(config )# ip route 10.0.41.0 255.255.255.0 e0/1
R1(config)#end
R1# wr

R2>en
R2#config t
R2(config )# ip route 0.0.0.0 0.0.0.0 209.165.200.225
R2(config )# ip route 10.0.41.10 255.255.255.255 e0/1
R2(config)#end
R2# wr
LAB#15
Tasks
R1 has been pre-configured with all the necessary commands .All physical cabling is in place and verified.
Connectivity for PC1 and PC2 must be established to the switches , and each port must only allow one VLAN.
1. Configure SW-1 with VLAN 35 and label it exactly as SALES
2. Configure SW-2 with VLAN 39 and label it exactly as MARKETING
3. Configure the switch port connecting to PC1.
4. Configure the switch port connecting to PC2.
5. Configure SW-1 and SW-2 for universal neighbor discovery using the industry standard protocol and disable it on
the interface connecting to PC1.
 INTERFACE VLAN IP ADDRESS
E0/0.35 35 10.35.1.1
E0/0.39 39 10.39.1.1
E0/1
E0/0 R1

E0/0 E0/0

E0/1 E0/1 SW2

SW1

E0/2 E0/2

PC2
PC1
VLAN:39
VLAN:35
10.39.1.99
10.35.1.99
SW-1 > en
SW-1 # config t
SW-1 (config )# no cdp run
SW-1 (config )# lldp run
SW-1 (config )# vlan 35
SW-1 (config-vlan )# name SALES
SW-1 (config-vlan )# int e0/2
SW-1 (config-if )# switchport mode access
SW-1 (config-if )# switchport access vlan 35
SW-1 (config-if )# no lldp transmit
SW-1 (config-if )# no lldp receive
SW-1 (config-if )# end
SW-1 # wr
SW-2 > en
SW-2 # config t
SW-2 (config )# no cdp run
SW-2 (config )# lldp run
SW-2 (config )# vlan 39
SW-2 (config-vlan )# name MARKETING
SW-2 (config-vlan )# int e0/2
SW-2 (config-if )# switchport mode access
SW-2 (config-if) # switchport access vlan 39
SW-2 (config-if )# end
SW-2 # wr