Professional Documents
Culture Documents
CCNA 200 301 Exam Lab
CCNA 200 301 Exam Lab
FB Fanpage :
www.facebook.com/tawfikfans
-FB profile
www.facebook.com/ahmedtawfik1987
-YT channel
www.youtube.com/@ahmedtawfik1
-whatsapp
https://wa.me/201094246444
010-9-42-46-444
-سابقه اعمالنا
https://bit.ly/3wOCBHy
Guideline
This is a lab item in which tasks will be performed on virtual devices
1-refer to the tasks tab to view the tasks for this lab item
2-refer to the topology tab to access the device console and perform the tasks
3-console success is available for all required devices by clicking the device icon or
using the tab above the console window
4-all necessary pre-configuration have been applied
5-do not change the enable password or hostname for any device
6-save your configuration to NVRAM before moving to next tab
7-click next at the bottom of the screen to submit This lab and move to next question
8-when next is clicked the lab closes and cannot be reopened
LAB#1
Tasks
e0/0 e0/1
e0/0 e0/1
SW2
SW1(conf)#interface range e0/0 – 1 SW2(conf)#interface range e0/0 – 1
SW1(conf-if-range)#channel-group 44 mode active SW2(conf-if-range)#channel-group 44 mode active
SW1(conf-if-range)#exit SW2(conf-if-range)#exit
SW1(conf)#interface po 44 SW2(conf)#interface po 44
SW1(conf-if)#shutdown SW2(conf-if)#shutdown
SW1(conf-if)#switchport trunk encapsulation dot1q SW2(conf-if)#switchport trunk encapsulation dot1q
SW1(conf-if)#switchport mode trunk SW2(conf-if)#switchport mode trunk
SW1(conf-if)#switchport trunk native vlan 746 SW2(conf-if)#switchport trunk native vlan 746
SW1(conf-if)#no shutdown SW2(conf-if)#no shutdown
SW1(conf-if)#exit SW2(conf-if)#exit
SW1(conf)#exit SW2(conf)#exit
SW1#write SW2#write
LAB#2
Tasks
configure IPv4 and IPv6 connectivity between two routers for IPv4 use /28 network from 192.168.180.0/24 private range
For IPv6 use the first /64 subnet from the 2001:0db8:acca::/48 subnet
1-using ethernet 0/1on routers R1and R2 configure the next usable /28from the 192.168.180.0/24 range
The network 192.168.180.0/28 is un available
2-for the IPv4 /28 subnet router R1 must be configured with the first usable host address
3-for the IPv4 /28 subnet router R2 must be configured with the last usable host address
4-for the IPv6 /64 subnet configure the routers with the ip addressing provided from the topology
5-a ping must work between the routers on the IPv4 and IPv6 address range
R1 R2
e0/1 e0/1
192.168.180.x/28 192.168.180.x/28
2001:db8:acca::1/64 2001:db8:acca::2/64
R1>en
R1#configure t
R1(config)#int e0/1
R1(config-if)#ip address 192.168.180.17 255.255.255.240
R1(config-if)#ipv6 enable
R1(config-if)#ipv6 address 2001:db8:acca::1/64
R1(config-if)#no shutdown
R1(config-if)#exit
R1#write
R2>en
R2#configure t
R2(config)#int e0/1
R2(config-if)#ip address 192.168.180.30 255.255.255.240
R2(config-if)#ipv6 enable
R2(config-if)#ipv6 address 2001:db8:acca::2/64
R2(config-if)#no shutdown
R2(config-if)#exit
R2#write
LAB#3
Tasks
.254
10.10.254.0/24 192.168.0.0/24
E0/1
E0/1
R3 SW1
E0/0 E0/0
.1
10.10.13.0/24 .3 10.10. 31.0/24
.1 .129 .2
E0/0 10.10.12.128/25 .130 E0/0
E0/2 E0/2
Lo:0
10.10.1.1/32 R1 R2
E0/1 10.10.12.0/25 E0/1
.1 .2
R1>en
R1#configure terminal
R1(conf)#ip route 0.0.0.0 0.0.0.0 e0/0 10.10.13.3
R1(conf)#ip route192 .168.0.0 255.255.255.0 e0/1 10.10.12.2
R1(conf)#ip route192 .168.0.0 255.255.255.0 e0/2 10.10.12.130 2
R1(conf)#exit
R1#write
R2>en
R2#configure terminal
R2(conf)#ip route 192.168.0.0 255.255.255.0 e0/0 10.10.31.1
R2(conf)#ip route 172.20.20.128 255.255.255.128 10.10.1.1
R2(conf)#exit
R2#write
LAB#4
Tasks
PC 5 PC 3 PC 4 PC 6
SW1(conf-vlan)#interface e0/2
SW1(conf-if)#switchport trunk encapsulation dot1q
SW1(conf-if)#switchport mode trunk
SW1(conf-if)#switchport trunk allowed vlan 303
SW1(conf-vlan)#interface e0/1
SW1(conf-if)#switchport mode access
SW1(conf-if)#switchport access vlan 303
SW1,SW2,SW3#write
LAB#5
Tasks
Connectivity between four routers has been established , ip connectivity must be configured in the order presented
To complete the implementation , no dynamic routing protocol are included
1-configure static routing using host routes to establish connectivity from router R3 to router R1 loopback address
Using the source ip of 209.165.200.230
R4
Task 1
Task 2
R2(conf)#ip route 0.0.0.0 0.0.0.0 209.165.202.130
Task 3
R2(conf)#ipv6 route ::/0 2001:db8:abcd::2
1. Configure VLAN 12 named Compute and VLAN 34 named Telephony where required for each task .
2. Configure Ethernet 0/1 on SW2 to use the existing VLAN named Available.
3. Configure the connection between the switches using access ports .
4. Configure Ethernet 0/1 on SW1 using data and voice VLANs.
5. Configure Ethernet 0/1 on SW2 so that the Cisco Proprietary neighbor discovery protocol
E0/1 E0/1
VLAN
VLAN 12 avilable
VLAN 34
SW1> enable SW2> enable
SW1 ( config - if) # switchport mode access SW2 ( config - if) # switchport mode access
SW1 ( config - if) # switchport access vlan 12 SW2 ( config - if) # switchport access vlan 12
SW1 ( config - if) # int e0/1 SW2 ( config - if) # int e0/1
SW1 ( config - if) # switchport mode access SW2 ( config - if) # switchport mode access
SW1 ( config - if) # switchport access vlan 12 SW2 ( config - if) # switchport access vlan 99
SW1 ( config - if) # switchport voice vlan 34 SW2 ( config - if) # no cdp enable
SW1 # wr SW2 # wr
LAB#7
Tasks
Connectivity between three routers has been established,
and IP services must be configured in the order presented to complete the implementation .
Tasks assigned include configuration of NAT, NTP, DHCP and SSH services.
1. All traffic send from R3 to the R1 Loopback address must be configured for NAT on R2.
All source addresses must be translated from R3 to the IP address of Ethernet 0/0 on R2 ,
while using only a standard access list named NAT. To verify,
a ping must be successful to the R1 Loopback address sourced from R3. Do not use NVI NAT configuration.
3-Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named NETPOOL.
Using a single command, exclude addresses 1 – 10 from the range .
Interface Ethernet 0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP.
4-Configure SSH connectivity from R1 to R3 , while excluding access via other remote connection protocols.
Access for user netadmin and password N3t4ccess must be set on router R3 using RSA and 1024 bits.
Verify connectivity using an SSH session from router R1 using a destination address of 10.1.3.11.
DO NOT modify console access or line numbers to accomplish this task
Lo:1 Lo:1
192.168.1.1 192.168.2.1
10.1.2.1 10.1.2.2
E0/0 E0/0
R1 R2
E0/2 E0/1
10.1.3.1 10.2.3.2
10.1.3.11 10.2.3.3
E0/2 E0/1
R3
Lo:1
192.168.3.1
Task 1 Task 2
R2(conf)#ip access-list standard NAT R1#clock set 00:00:00 1 jan 2019
R2(conf-std-nacl)#permit 10.2.3.3 R1#config terminal
R2(conf-std-nacl)#permit 192.168.3.1 R1(conf)#ntp master 1
R2(conf-std-nacl)#permit 10.1.3.11 R1(conf)#interface e0/2
R2(conf-std-nacl)#exit R1(conf-if)#ip address 10.1.3.1 255.255.255.0
R2(conf)#interface e0/1
R2(conf-if)#ip nat inside R2#configure terminal
R2(conf-if)#exit R2(conf)#ntp server 10.1.3.1
R2(conf)#interface e0/0
R2(conf-if)#ip nat outside
R2(conf-if)#exit
R2(conf)#ip nat inside source list NAT interface e0/0 overload
Verification
R3#ping 192.68.1.1
Task 3 Task 4
R1#config terminal R3#config terminal
R1(conf)#ip dhcp pool NETPOOL R3(conf)#line vty 0 4
R1(dhcp-conf)#network 10.1.3.0 255.255.255.0 R3(conf-line)#transport input ssh
R1(dhcp-conf)#exit R3(conf-line)#login local
R1(conf)#ip dhcp excluded-address 10.1.3.1 10.1.3.10 R3(conf-line)#exit
R3(conf)#username netadmin password N3t4ccess
R3(conf)#crypto key generate rsa module 1024
R3#conf terminal
R3(conf)#interface e0/2
R3(conf-if)#ip address dhcp Verification
R3#ssh –l netadmin 10.1.3.11
Ip connectivity between the three routers is configured. OSPF adjacencies must be established.
1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared between them .
2. Configure the R2 links with a max value facing R1 and R3.R2 must become the DR.
R1 and R3 links facing R2 must remain with the default OSPF configuration for DR election .
Verify the configuration after clearing the OSPF Process.
3-Using a host wildcard mask, configure all three routers to advertise their respective Loopback 1 networks.
4-Configure the link between R1 and R3 to disable their ability to add other OSPF routers.
L1 192.168.1.1/24
Lo:0 10.10.1.1/32
E0/0 R1 E0/1
10.10.12.0/24 10.10.13.0/24
E0/0 E0/1
10.10.23.0/24
R2 E0/2 E0/2 R3
L1 192.168.2.2/24 L1 192.168.3.3/24
Lo:0 10.10.2.2/32 Lo:0 10.10.3.3/32
R2(config)# interface e0/0
R1# config t
R2(config-if)# ip ospf priority 255
R1(config)# interface e0/1
R2(config-if)# interface e0/2
R1(config-if)# ip ospf network point-to-point
R2(config-if)# ip ospf priority 255
R1(config-if)# exit
R2(config-if)# exit
R1(config)# router ospf 1
R2(config)# router ospf 1
R1(config-router)# router-id 10.10.12.1
R2(config-router)# router-id 10.10.12.2
R1(config-router)# network 10.10.12.0 0.0.0.255 area 0
R2(config-router)# network 10.10.12.0 0.0.0.255 area 0
R1(config-router)# network 10.10.13.0 0.0.0.255 area 0
R2(config-router)# network 10.10.23.0 0.0.0.255 area 0
R1(config-router)# network 192.168.1.1 0.0.0.0 area 0
R2(config-router)# network 192.168.2.2 0.0.0.0 area 0
R1(config-router)# end
R2(config-router)# end
R1# clear ip ospf process
R2# clear ip ospf process
Yes
Yes
R1# write
R3# config t
R3(config-if)# exit
R3(config-router)# end
yes
R3# write
LAB#9
Tasks
1. Configure dynamic one – to – one address mapping on R2 using a standard list named XLATE ,
which allows all traffic to translate the source address of R3 to a pool named test pool
using the 10.10.10.0/24 network for traffic sent from R3 to R1 .
Avoid using an NVI configuration. Verify reachability by sending a ping to 192.168.100.1 from R3.
2- Configure R3 to dynamically receive an Ip address on Ethernet 0/2 from the DHCP server.
3-Configure R1 as an NTP server and R2 as a client , not as a peer , using the IP address 10.1.2.1 .
4-Configure SSH access from R1 to R3 ,
while excluding access via other remote connection protocols using the user root and password s3cret on router R3
using RSA . Verify connectivity from router R1 to R3 using a destination address assigned to interface E0/2 on R3 .
Lo:1 Lo:1
192.168.100.1 192.168.200.1
10.1.2.1 10.1.2.2
E0/0 E0/0
R1 R2
E0/2 E0/1
10.1.3.1 10.2.3.2
10.1.3.11 10.2.3.3
E0/2 E0/1
R3
Lo:1
192.168.3.1
R1>en R2# config t
R2(config-if)# end
R2# wr
R3>en
R3# config t
R3(config-if)# exit
R3(config-line)# end
R3# wr
Verification
R1#ssh –l root 10.1.3.11
LAB#10
Tasks
Refer to the topology . All physical cabling is in place . Configure local users accounts , modify the Named ACL ( NACL)
, and configure DHCP Snooping . The current contents of the NACL must remain intact.
Task 1
Configure a local account on GW1 with telnet access only on virtual ports 0-4 . Use the following information .
1. Username: wheel
2. Password: lock3path
3. Algorithm type : Scrypt
4. Privilege level : Exec mode
Task 2
Configure and apply a NACL on GW1 to control netwok traffic from VLAN 10
1. Name : CORP_ ACL
2. Allow BOOTP and HTTPS
3. Restrict all other traffic and log the ingress interface , source mac address ,
the packet’s source and destination IP addresses , and ports.
Task 3
Configure SW1:
Internet
1. Enable DHCP Snooping for VLAN 10
209.165.201.0/30
2. Disable DHCP Option-82 data insertion
3. Enable DHCP Snooping MAC address verification
4. Enable trusted interfaces E0/2
DHCP
VLAN 10 server
GW1
E0/0 HOST D
VLAN 20
HOST C
E1/0
E0/0 E0/3
E0/2 VLAN 20
VLAN 10 HOST B
E0/2 SW3 E0/2
E0/0 E0/0
E0/1
HOST A E0/1
SW1 SW2
GW1
GW1> enable
GW1 # config t
GW1 ( config) # username wheel privilege 15 algorithm- type scrypt secret lock3path
GW1 ( config) # lin vty 0 4
GW1 ( config - line) # login local
GW1 ( config - line) # transport input telnet
GW1 ( config - line) # exit
GW1 ( config ) # ip access – list extended CORP_ACL
GW1 ( config – ext-nacl) # permit udp 10.10.0.0 0.0.0.255 any eq bootp
GW1 ( config – ext-nacl) # permit tcp 10.10.0.0 0.0.0.255 any eq 443
GW1 ( config – ext-nacl) # deny ip any any
GW1 ( config – ext-nacl) # int e0/0
GW1 ( config – if) # ip access-group CORP_ACL in
GW1 ( config – if ) # end
GW1# wr
SW1
SW1 >en
Sw1# config t
SW1 (confg)# ip dhcp snooping
SW1 (config )# ip dhcp snooping vlan 10
SW1 (config )# no ip dhcp snooping information option
SW1 (config )# ip dhcp snooping verify mac – address
SW1 ( config-if ) # int range e0/1-2
SW1 ( config-if - range) # ip dhcp snooping trust
SW1 ( config-if - range) # end
SW1 # wr
LAB#11
Tasks
VLANS 35 and 45 have been configured in all three switches . All Physical connectivity has been installed and verified
. All inter– switch links must be operational .
1. Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for 802.1q trunking allowing all VLANS.
2. Configure the inter-switch links on SW-1 e02 , SW-2 e0/2 , and SW-3 e0/0 and e0/1 to use native NLAN 35.
Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for link aggregaton . SW-1 should immediately negotiate LACP
and SW-2 must only respond to LACP requests
SW1 Po12 SW2
E0/0 E0/0
E0/1 E0/1
E0/2 E0/2
E0/0 E0/1
SW3
SW1
SW1> en
SW1 # config t
SW1 ( config )# int range e0/0-2
SW1( config – if –range )#switchport trunk encapsulation dot1q
SW1( config – if –range )# switchport mode trunk
SW1( config – if –range )# int range e0/0-1
SW1( config – if –range )# channel-group 12 mode active
SW1( config – if –range )# int e0/2
SW1 ( config-if) # switchport trunk native vlan 35
SW1 (config –if )# end
SW1# wr
SW2 SW3
SW2> en SW1> en
SW2 # config t SW1 # config t
SW2 ( config )# int range e0/0-2 SW1 ( config )# int range e0/0-1
SW2( config – if –range )#switchport trunk encapsulation dot1q SW1( config – if –range )#switchport trunk encapsulation dot1q
SW2( config – if –range )# switchport mode trunk SW1( config – if –range )# switchport mode trunk
SW2( config – if –range )# int range e0/0-1 SW1 ( config-if) # switchport trunk native vlan 35
SW2( config – if –range )# channel-group 12 mode passive SW1 (config –if -range)# end
SW2( config – if –range )# int e0/2 SW1# wr
SW2 ( config-if) # switchport trunk native vlan 35
SW2 (config –if )# end
SW2# wr
LAB#12
Tasks
Refer to the topology . All physical cabling is in place . Configure local users accounts , modify the Named ACL ( NACL)
, and security.
Task1
Configure a local account on SW101 with telnet access only on virtual ports 0-4 . Use the following information .
1. Username: support
2. Password: max2learn
3. Privilege level : Exec mode
Task 2
Configure and apply a single NACL on SW101 using the following :
1. Name : ENT _ACL
2. Restrict only PC2 on VLAN 200 from pinging PC1
3. Allow only PC2 on VLAN 200 to telnet to SW 101
4. Prevent all other devices from telnetting from VLAN 200
5. Allow all other network traffic from VLAN 200
Task 3
Configure security on interface Ethernet 0/0 of SW 102
1. Set the maximum number of secure MAC addresses to four
2. Drop Packets with unknown source addresses until the number of secure MAC addresses
3. drops below the configured maximum value .No notification action is required .
Allow Secure MAC addresses to be learned dynamically
Internet
E0/1 209.165.201.0/30
R1
192.168.3.0/30 E0/0
E0/1
E0/2 E0/1
E0/0
VLAN 100 VLAN 200 E0/0
SW101 SW102
PC1 PC2
192.168.100.10 192.168.200.10
SW101> en
SW101# config t
SW101(config)# username support privilege 15 password max2learn
SW101(config)#line vty 0 4
SW101 (config-line)#login local
SW101(config-line )# transport input telnet
SW101(config-line)#exit
SW101(config)# ip access –list extended ENT_ACL
SW101(config-ext-nacl)#deny icmp host 192.168.200.10 host 192.168.100.10
SW101(config-ext-nacl)#permit tcp host 192.168.200.10 host 192.168.200.1 eq telnet
SW101 (config-ext-nacl)# deny tcp 192.168.200.0 0.0.0.255 any eq telnet
SW101 (config-ext-nacl)# permit ip any any
SW101 (config-ext-nacl)# exit
SW101 (config)# int vlan 200
SW101 (config-if)# ip access – group ENT_ACL in f
SW101 (config-if)# end
SW101 # wr
SW102 >en
SW102 # config
SW102 (config)#int e0/0
SW102 (config-if )# switchport port-security
SW102 (config-if )# switchport port-security maximum 4
SW102 (config-if )# switchport port-security violation protect
SW102 (config-if )# switchport port-security mac-address sticky
SW102 (config-if )# end
SW102# wr
LAB#13
Tasks
R1 and R2 are pre-configured with all necessary commands. All physical cabling is in place and verified . Connectivity
for PC1 and PC2 must be established to the switches , each port must only allow one VLAN and be operational.
1. Configure SW-1 with VLAN 15 and label it exactly as OPS
2. Configure SW-2 with VLAN 66 and label it exactly as ENGINEERING
3. Configure the switch port connecting to PC1
4. Configure the switch port connecting to PC2
5. Configure the E0/2 connections on SW-1 and SW-2 for neighbor discovery using the vendor- neutral standard
protocol and ensure that e0/0 on both switches uses the Cisco proprietary protocol.
DEVICE VLAN IP ADDRESS
R1 R2 R1 15 172.16.15.1
E0/0 E0/0 R2 66 192.168.66.1
E0/2 E0/2
E0/0 E0/0
SW1 SW2
E0/1 E0/1
PC1 PC2
VLAN 15 VLAN 66
172.16.15.10 192.168.66.50
SW-1> en SW-2> en
SW-1 (config – vlan ) # name OPS SW-2 (config – vlan ) # name ENGINEERING
SW-1 (config-if) # switchport mode access SW-2 (config-if) # switchport mode access
SW-1 (config) # switchport access vlan 15 SW-2 (config) # switchport access vlan 66
SW-1 (config - if) # lldp transmit SW-2 (config - if) # lldp transmit
SW-1 (config - if) #lldp receive SW-2 (config - if) #lldp receive
SW-1 (config - if) # int e0/0 SW-2 (config - if) # int e0/0
SW-1 (config - if) # switchport trunk encapsulation isl SW-2 (config - if) # switchport trunk encapsulation isl
SW-1 (config - if) # switchport mode trunk SW-2 (config - if) # switchport mode trunk
SW1# wr SW2# wr
LAB#14
Tasks
Refer to the topology .All physical cabling is in place. Routers R3 and R4 are fully configured and inaccessible.
Configure static routes for various connectivity to the ISP and the LAN, which resides on R4.
1. Configure a default route on R2 to the ISP
2. Configure a default route on R1 to the ISP
3. Configure R2 with a route to the Server at 10.0.41.10
4. Configure R1 with a route to the LAN that prefers R3 as the primary path to the LAN
ISP
209.165.200.224/27
E0/2
E0/0 10.0.12.0/30 E0/0
R1 R2
E0/1 E0/1
10.0.13.0/27 10.0.24.0/29
E0/0 E0/0
10.0.41.0/24
R3 E0/1 10.0.34.0/28 E0/1 R4
R2>en
R2#config t
R2(config )# ip route 0.0.0.0 0.0.0.0 209.165.200.225
R2(config )# ip route 10.0.41.10 255.255.255.255 e0/1
R2(config)#end
R2# wr
LAB#15
Tasks
R1 has been pre-configured with all the necessary commands .All physical cabling is in place and verified.
Connectivity for PC1 and PC2 must be established to the switches , and each port must only allow one VLAN.
1. Configure SW-1 with VLAN 35 and label it exactly as SALES
2. Configure SW-2 with VLAN 39 and label it exactly as MARKETING
3. Configure the switch port connecting to PC1.
4. Configure the switch port connecting to PC2.
5. Configure SW-1 and SW-2 for universal neighbor discovery using the industry standard protocol and disable it on
the interface connecting to PC1.
INTERFACE VLAN IP ADDRESS
E0/0.35 35 10.35.1.1
E0/0.39 39 10.39.1.1
E0/1
E0/0 R1
E0/0 E0/0
E0/2 E0/2
PC2
PC1
VLAN:39
VLAN:35
10.39.1.99
10.35.1.99
SW-1 > en SW-2 > en
SW-1 # config t SW-2 # config t
SW-1 (config )# no cdp run SW-2 (config )# no cdp run
SW-1 (config )# lldp run SW-2 (config )# lldp run
SW-1 (config )# vlan 35 SW-2 (config )# vlan 39
SW-1 (config-vlan )# name SALES SW-2 (config-vlan )# name MARKETING
SW-1 (config-vlan )# int e0/2 SW-2 (config-vlan )# int e0/2
SW-1 (config-if )# switchport mode access SW-2 (config-if )# switchport mode access
SW-1 (config-if )# switchport access vlan 35 SW-2 (config-if) # switchport access vlan 39
SW-1 (config-if )# no lldp transmit SW-2 (config-if )# end
SW-1 (config-if )# no lldp receive SW-2 # wr
SW-1 (config-if )# end
SW-1 # wr