CCENT Lab Notes, Part 3

This is a continuation of my previous notes on CCENT labs. These Ranet labs are significantly better-designed than the previous set of labs, though the evaluation at the end of the exam doesn’t always work.

These are my notes for all the labs that deal with ICND1 objectives, and I will save the ICND2 objectives for later when I review.

SPOILERS: DO NOT CONTINUE READING IF YOU PLAN ON DOING THE LABS

1.1 through 1.3 Basic Config

These were simple introductory labs. Set IPs, issue no shut on interfaces, and set passwords in global and line mode. As an example, 1.3 was IPv6 addressing, and was as simple as:

Ranet-HQ(config)#int s0/0/0
Ranet-HQ(config-if)#ipv6 address fec0:78:0:1::2/64
Ranet-HQ(config-if)#no shut
Ranet-HQ(config-if)#int s0/1/0
Ranet-HQ(config-if)#ipv6 address 2001:21::2/48
Ranet-HQ(config-if)#no shut
Ranet-HQ(config-if)#interface f0/0
Ranet-HQ(config-if)#ipv6 address fec0:78:0:2::/64 eui-64
Ranet-HQ(config-if)#ipv6 address 2001:22::/48 eui-64
Ranet-HQ(config-if)#no shut
Ranet-HQ(config-if)#exit
Ranet-HQ(config)#ipv6 unicast-routing

2.1, InterVLAN Routing

This was actually the first one I did, and I didn’t take notes. Basic trunking to a ROAS with tagging enabled, and access ports for the VLAN hosts.

2.2 VLAN Trunk Protocol

This is a great lab.

lab2.2

There’s limited privileges on Switch1, so you have to run informational commands from user mode:

Ranet-SW1>show vlan
Ranet-SW1>sh interfaces g0/1 switchPort
Ranet-SW1>sh vtp status

No changes are to be made to Switch2, except to configure trunks:

Ranet-SW2(config)#vtp mode transparent
Ranet-SW2(config)#int range g0/1-2
Ranet-SW2(config-if-range)#switchport mode trunk
Ranet-SW2(config-if-range)#switchport trunk native vlan 1
Ranet-SW2(config-if-range)#switchport trunk allowed vlan all

Switch3 needs to be configured for trunking and access:

Ranet-SW3(config)#vtp mode client
Ranet-SW3(config)#int f0/1
Ranet-SW3(config-if)#switchport mode access
Ranet-SW3(config-if)#switchport access vlan 10
Ranet-SW3(config-if)#int f0/2
Ranet-SW3(config-if)#switchport mode access
Ranet-SW3(config-if)#switchport access vlan 20

Trunking enabled itself on Switch3, and we’re all a happy family.

4.1 Static routes

This was simple, dealing with static routes.

lab4.1

I simply applied IPs as specified, and set the router of last resort to the next hop to the Internet. And then hit each router with a ip routing for good measure.

4.2 RIP

This is similar to the last lab, but with RIP instead of static routes.

lab4.2

Again, I set the interfaces per spec, ex:

Ranet-BR(config)#int s0/0/0
Ranet-BR(config-if)#ip address 98.93.165.73 255.255.255.252
Ranet-BR(config-if)#encapsulation hdlc
Ranet-BR(config-if)#clock rate 64000
Ranet-BR(config-if)#no shut
Ranet-BR(config-if)#int f0/0
Ranet-BR(config-if)#ip address 98.83.165.81 255.255.255.240
Ranet-BR(config-if)#no shut

And routing with RIP:

Ranet-BR(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0
Ranet-BR(config)#router rip
Ranet-BR(config-router)#version 2
Ranet-BR(config-router)#passive-interface f0/0
Ranet-BR(config-router)#network 98.0.0.0
Ranet-BR(config-router)#no auto-summary

4.5 Port Security

This lab is pretty straightforward.

lab4.5

Ranet-SW(config)#int range f0/1-24
Ranet-SW(config-if-range)#switchport mode access
Ranet-SW(config-if-range)#switchport port-security
Ranet-SW(config-if-range)#int f0/1
Ranet-SW(config-if)#switchport port-security mac-address sticky
Ranet-SW(config-if)#int f0/3
Ranet-SW(config-if)#switchport port-security mac-address 0030.f295.15c6

4.6 Access Control Lists

I think this was maybe the worst lab of the bunch. Not a really good demonstration of ACLs. First, there was a lot of preliminary setup:

Ranet-HQ(config)#int f0/0
Ranet-HQ(config-if)#no shut
Ranet-HQ(config-if)#ip address 172.22.3.33 255.255.255.224
Ranet-HQ(config-if)#int s0/1/0
Ranet-HQ(config-if)#ip address 203.144.7.254 255.255.255.252
Ranet-HQ(config-if)#no shut
Ranet-HQ(config-if)#int s0/0/0
Ranet-HQ(config-if)#ip address 172.22.3.98 255.255.255.252
Ranet-HQ(config-if)#router rip
Ranet-HQ(config-router)#version 2
Ranet-HQ(config-router)#no auto-summary
Ranet-HQ(config-router)#network 172.22.0.0
Ranet-HQ(config-router)#network 203.144.7.252
Ranet-HQ(config-router)#end

I verified that RIP routes were propagating, and then continued with the ACL. I would have made a separate access-group for the vty, but the lab said it should be a single ACL:

Ranet-HQ(config-ext-nacl)#permit tcp host 172.22.3.50 host 172.22.3.33 eq telnet
Ranet-HQ(config-ext-nacl)#deny tcp host 172.22.3.53 any eq www
Ranet-HQ(config-ext-nacl)#deny tcp any host 172.22.3.33 eq telnet
Ranet-HQ(config-ext-nacl)#permit ip any any
Ranet-HQ(config-ext-nacl)#exit
Ranet-HQ(config)#interface f0/0
Ranet-HQ(config-if)#ip access-group 100 in

And we’re good to go!

4.7 NAT

While I’m complaining, there’s no NAT overload here.

lab4.7

Ranet-GW(config)#ip nat pool Ranet 25.5.5.65 25.5.5.70 netmask 255.255.255.248
Ranet-GW(config)#access-list 1 permit 192.168.0.193 0.0.0.15
Ranet-GW(config)#int fastEthernet 0/0
Ranet-GW(config-if)#ip nat inside
Ranet-GW(config-if)#int s0/0/0
Ranet-GW(config-if)#ip nat outside
Ranet-GW(config-if)#exit
Ranet-GW(config)#ip nat inside source list 1 pool Ranet

And after pinging the ISP’s router from a network host, I get:

Ranet-GW#show ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
icmp 25.5.5.65:1       192.168.0.200:1    22.5.6.2:1         22.5.6.2:1
icmp 25.5.5.65:2       192.168.0.200:2    22.5.6.2:2         22.5.6.2:2
icmp 25.5.5.65:3       192.168.0.200:3    22.5.6.2:3         22.5.6.2:3
icmp 25.5.5.65:4       192.168.0.200:4    22.5.6.2:4         22.5.6.2:4

4.9 DHCP

It’s a little odd that DHCP is all the way at the end, but at least they put in another opportunity to get NAT working.

lab4.9

First, I bring up the interfaces:

Ranet-GW(config)#int f0/0
Ranet-GW(config-if)#no shut
Ranet-GW(config-if)#ip address 10.0.0.129 255.255.255.240
Ranet-GW(config-if)#int s0/0/0
Ranet-GW(config-if)#ip address 77.8.210.1 255.255.255.252
Ranet-GW(config-if)#no shut
Ranet-GW(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0

Then set up NAT:

Ranet-GW(config)#access-list 1 permit 10.0.0.128 0.0.0.15
Ranet-GW(config)#ip nat pool Ranet 19.5.39.129 19.5.39.130 netmask 255.255.255.252
Ranet-GW(config)#ip nat inside source list 1 pool Ranet
Ranet-GW(config)#int f0/0
Ranet-GW(config-if)#ip nat inside
Ranet-GW(config-if)#int s0/0/0
Ranet-GW(config-if)#ip nat outside

And finally, bang out DHCP.

Ranet-GW(config)#ip dhcp excluded-address 10.0.0.129 10.0.0.130
Ranet-GW(config)#ip dhcp pool Ranet
Ranet-GW(dhcp-config)#default-router 10.0.0.129
Ranet-GW(dhcp-config)#dns-server 77.8.209.5
Ranet-GW(dhcp-config)#network 10.0.0.128 255.255.255.240

Conclusion

Well, these labs were much better than the previous ones, and I’ve got my exam scheduled in under 48 hours, so it was worth the effort. I’m looking forward to moving on to the RHCE and ICND2 objectives though.

Stay tuned.