Scribd
Upload
15 views

General Final CCNP Lab

The document contains configuration details for multiple network devices including routers and switches, detailing hostname, interface settings, VLANs, IP addresses, and routing protocols. Each device is configured with specific roles and IP addressing schemes, supporting EIGRP and BGP routing protocols, as well as DHCP and SNMP settings. The configurations are structured to facilitate network management and connectivity across different segments of the network.

Uploaded by

Moham
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

General Final CCNP Lab

The document contains configuration details for multiple network devices including routers and switches, detailing hostname, interface settings, VLANs, IP addresses, and routing protocols. Each device is configured with specific roles and IP addressing schemes, supporting EIGRP and BGP routing protocols, as well as DHCP and SNMP settings. The configurations are structured to facilitate network management and connectivity across different segments of the network.

Uploaded by

Moham
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

HQ-Core-01

enable

conf t

hostname HQ-Core-01

username admin secret 123

line console 0

login local

line vty 0 4

login local

vtp domain abc.com

int range f1/1 -3

switchport trunk encapsulation dot1q

switchport mode trunk

int port-channel 1

switchport mode trunk

int range f1/14 -15

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

int f1/10
no switchport

ip address 192.168.1.1 255.255.255.0

no shut

int f1/11

no switchport

ip address 192.168.2.1 255.255.255.0

no shut

vlan 10

name HR

vlan 20

name IT

vlan 30

name Servers

vlan 220

name Management

int vlan 10

ip address 192.168.10.252 255.255.255.0

standby 10 ip 192.168.10.254

standby 10 priority 110

standby 10 preempt

int vlan 20

ip address 192.168.20.252 255.255.255.0

standby 20 ip 192.168.20.254

standby 20 priority 110

standby 20 preempt

int vlan 30

ip address 192.168.30.252 255.255.255.0

standby 30 ip 192.168.30.254

standby 30 priority 110

standby 30 preempt

int vlan 220

ip address 192.168.220.252 255.255.255.0


standby 220 ip 192.168.220.254

standby 220 priority 110

standby 220 preempt

spanning-tree mode rapid

spanning-tree vlan 10 root primary

spanning-tree vlan 20 root primary

spanning-tree vlan 30 root primary

spanning-tree vlan 220 root primary

ip routing

router eigrp 1

network 192.168.1.0 255.255.255.0

network 192.168.2.0 255.255.255.0

network 192.168.10.0 255.255.255.0

network 192.168.20.0 255.255.255.0

network 192.168.30.0 255.255.255.0

network 192.168.220.0 255.255.255.0

logging on

end

clock set 10:25:00 5 december 2024

conf t

ntp master

Snmp-server community cisco ro


Snmp-server enable traps (optional)
Snmp-server host 1.1.1.1 cisco (optional)
end

wr
HQ-Core-02

enable
conf t
hostname HQ-Core-02
username admin secret 123
line console 0
login local
line vty 0 4
login local
vtp domain abc.com
int range f1/1 -3
switchport trunk encapsulation dot1q
switchport mode trunk
int port-channel 1
switchport mode trunk
int range f1/14 -15
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
int f1/10
no switchport
ip address 192.168.3.1 255.255.255.0
no shut
int f1/11
no switchport
ip address 192.168.4.1 255.255.255.0
no shut
vlan 10
name HR
vlan 20
name IT
vlan 30
name Servers
vlan 220
name Management
int vlan 10
ip address 192.168.10.253 255.255.255.0
standby 10 ip 192.168.10.254
standby 10 priority 105
standby 10 preempt
int vlan 20
ip address 192.168.20.253 255.255.255.0
standby 20 ip 192.168.20.254
standby 20 priority 105
standby 20 preempt
int vlan 30
ip address 192.168.30.253 255.255.255.0
standby 30 ip 192.168.30.254
standby 30 priority 105
standby 30 preempt
int vlan 220
ip address 192.168.220.253 255.255.255.0
standby 220 ip 192.168.220.254
standby 220 priority 105
standby 220 preempt
spanning-tree vlan 10 root secondary
spanning-tree vlan 20 root secondary
spanning-tree vlan 30 root secondary
spanning-tree vlan 220 root secondary
ip routing
router eigrp 1
network 192.168.3.0 255.255.255.0
network 192.168.4.0 255.255.255.0
network 192.168.10.0 255.255.255.0
network 192.168.20.0 255.255.255.0
network 192.168.30.0 255.255.255.0
network 192.168.220.0 255.255.255.0
ntp server 192.168.10.252
end
wr
HQ-SW-01

enable
conf t
hostname HQ-SW-01
username admin secret 123
line console 0
login local
line vty 0 4
login local
vtp domain abc.com
ip dhcp snooping
int range f1/1 -2
switchport mode trunk
ip dhcp snooping trust
no ip dhcp snooping information option
int range f1/3 -15
switchport mode access
switchport access vlan 10
spanning-tree portfast
switchport port-security
switchport port-security violation shutdown
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security mac-address sticky
ip dhcp snooping limit rate 20
vlan 500
remote-span
monitor session 1 source int f0/1
monitor session 1 destination remote vlan 500
int vlan 220
ip address 192.168.220.10 255.255.255.0
ip default-g 192.168.220.254
int vlan 10
ip address 192.168.10.250 255.255.255.0
ip dhcp pool 10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
end
wr
HQ-SW-02
enable

conf t

hostname HQ-SW-02

username admin secret 123

line console 0

login local

line vty 0 4

login local

vtp domain abc.com

int range f1/1 -2

switchport mode trunk

int range f1/3 -15

switchport mode access

switchport access vlan 20

spanning-tree portfast

vlan 500

remote-span

monitor session 1 source remote vlan 500

monitor session 1 destination int f0/1

int vlan 220

ip address 192.168.220.20 255.255.255.0

ip default-g 192.168.220.254

int vlan 20

ip address 192.168.20.250 255.255.255.0

ip dhcp pool 20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.254
HQ-SW-03

enable

conf t

hostname HQ-SW-03

username admin secret 123

line console 0

login local

line vty 0 4

login local

vtp domain abc.com

int range f1/1 -2

switchport mode trunk

int range f1/3 -15

switchport mode access

switchport access vlan 30

spanning-tree portfast

int vlan 220

ip address 192.168.220.30 255.255.255.0

ip default-g 192.168.220.254

int vlan 30

ip address 192.168.30.250 255.255.255.0

ip dhcp pool 30

network 192.168.30.0 255.255.255.0

default-router 192.168.30.254

end

wr
Internet-Router

enable

conf t

hostname Internet-Router

username admin secret 123

line console 0

login local

line vty 0 4

login local

int f0/0

ip address 192.168.1.2 255.255.255.0

no shut

int f1/0

ip address 192.168.3.2 255.255.255.0

no shut

int f1/1

ip address 192.168.6.2 255.255.255.0

no shut

router eigrp 1

network 192.168.1.0 255.255.255.0

network 192.168.3.0 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.6.1

end

wr
Main-Router

enable

conf t

hostname Main-Router

username admin secret 123

line console 0

login local

line vty 0 4

login local

int f0/0

ip address 192.168.2.2 255.255.255.0

no shut

int f1/0

ip address 192.168.4.2 255.255.255.0

no shut

int f1/1

ip address 192.168.5.2 255.255.255.0

no shut

int f2/0

ip address 192.168.17.1 255.255.255.0

no shut

router eigrp 1

network 192.168.2.0 255.255.255.0

network 192.168.4.0 255.255.255.0

network 192.168.200.0 255.255.255.0

network 192.168.17.0 255.255.255.0

redistribute bgp 100 metric 100 10 255 50 1500

router bgp 100

neighbor 192.168.5.1 remote-as 1000

redistribute connected

redistribute eigrp 1

interface tunnel 1
tunnel source f1/1

tunnel destination 192.168.7.2

ip address 192.168.200.1 255.255.255.0

crypto isakmp policy 10


encr aes 256
authentication pre-share
group 5
lifetime 3600
crypto isakmp key Pa$$123 address 192.168.7.2
crypto ipsec transform-set MYTRANS esp-aes 256 esp-sha-hmac
crypto map MYMAP 10 ipsec-isakmp
set peer 192.168.7.2
set transform-set MYTRANS
match address 100
access-list 100 permit gre any any
ip access-list standard Access-RMap-Branch3
permit 192.168.10.0 0.0.0.255

ip access-list standard Access-RMap-ISP


permit 192.168.20.0 0.0.0.255
permit 192.168.30.0 0.0.0.255

route-map RMap permit 10


match ip address Access-RMap-Branch3
set ip next-hop 192.168.17.2

route-map RMap permit 20


match ip address Access-RMap-ISP
set ip next-hop 192.168.5.1
end
wr
Branch1-Router
enable

conf t
hostname Branch1-Router
username admin secret 123
line console 0
login local
line vty 0 4
login local
int f0/0
ip address 192.168.7.2 255.255.255.0
no shut
int f1/0
ip address 192.168.14.2 255.255.255.0
no shut
router eigrp 1
network 192.168.14.0 255.255.255.0
network 192.168.200.0 255.255.255.0
redistribute bgp 200 metric 100 10 255 50 1500
router bgp 200
neighbor 192.168.7.1 remote-as 1000
redistribute connected
redistribute eigrp 1
interface tunnel 1
tunnel source f0/0
tunnel destination 192.168.5.2
ip address 192.168.200.2 255.255.255.0
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600
crypto isakmp key Pa$$123 address 192.168.5.2
crypto ipsec transform-set MYTRANS esp-aes 256 esp-sha-hmac
crypto map MYMAP 10 ipsec-isakmp
set peer 192.168.5.2
set transform-set MYTRANS
match address 100
access-list 100 permit gre any any
end
wr
Branch1-Core

enable

conf t

hostname Branch1-Core

username admin secret 123

line console 0

login local

line vty 0 4

login local

vtp domain abc.com

int range f1/1 -2

switchport trunk encapsulation dot1q

switchport mode trunk

vlan 40

name HR

vlan 50

name IT

int f1/10

no switchport

ip address 192.168.14.1 255.255.255.0

no shut

int vlan 40

ip address 192.168.40.254 255.255.255.0

int vlan 50

ip address 192.168.50.254 255.255.255.0

ip routing

router eigrp 1

network 192.168.40.0 255.255.255.0

network 192.168.50.0 255.255.255.0

network 192.168.14.0 255.255.255.0

end

wr
Branch1-SW-01

enable

conf t

hostname Branch1-SW-01

username admin secret 123

line console 0

login local

line vty 0 4

login local

vtp domain abc.com

vlan 40

name HR

int f1/1

switchport mode trunk

int range f1/2 -15

switchport mode access

switchport access vlan 40

spanning-tree portfast

end

wr
Branch1-SW-02

enable

conf t

hostname Branch1-SW-02

username admin secret 123

line console 0

login local

line vty 0 4

login local

vtp domain abc.com

vlan 50

name IT

int f1/1

switchport mode trunk

int range f1/2 -15

switchport mode access

switchport access vlan 50

spanning-tree portfast

end

wr

Branch2-Router

enable

conf t

hostname Branch2-Router

username admin secret 123

line console 0

login local

line vty 0 4

login local

ip vrf VRF-1
ip vrf VRF-2
int f0/0.1
encapsulation dot 100
ip vrf forwarding VRF-1
ip address 192.168.15.2 255.255.255.0
no shut
int f0/0.2
encapsulation dot 200
ip vrf forwarding VRF-2
ip address 192.168.16.2 255.255.255.0
no shut
int f2/0
ip vrf forwarding VRF-1
ip address 192.168.80.254 255.255.255.0
no shut
int f1/1
ip vrf forwarding VRF-2
ip address 192.168.70.254 255.255.255.0
no shut
int f1/0
ip address 192.168.60.254 255.255.255.0
no shut
ip dhcp pool 60
netw 192.168.60.0 255.255.255.0
defa 192.168.60.254
ip dhcp pool 70
netw 192.168.70.0 255.255.255.0
defa 192.168.70.254
ip dhcp pool 80
netw 192.168.80.0 255.255.255.0
defa 192.168.80.254
router bgp 300
neighbor 192.168.8.1 remote-as 1000
redistribute connected
ip route vrf VRF-1 0.0.0.0 0.0.0.0 192.168.15.1
ip route vrf VRF-2 0.0.0.0 0.0.0.0 192.168.16.1
end
wr
VRF-Router
enable

conf t
hostname VRF-Router
username admin secret 123
line console 0
login local
line vty 0 4
login local
ip vrf VRF-1
ip vrf VRF-2
int f0/0
no shut
int f0/0.1
encapsulation dot 100
ip vrf forwarding VRF-1
ip address 192.168.11.2 255.255.255.0
no shut
int f0/0.2
encapsulation dot 200
ip vrf forwarding VRF-2
ip address 192.168.12.2 255.255.255.0
no shut
int f1/1
ip vrf forwarding VRF-1
ip address 192.168.100.254 255.255.255.0
no shut
int f1/0
ip vrf forwarding VRF-2
ip address 192.168.90.254 255.255.255.0
no shut
ip dhcp pool 90
netw 192.168.90.0 255.255.255.0
defa 192.168.90.254
ip dhcp pool 100
netw 192.168.100.0 255.255.255.0
defa 192.168.100.254
ip route vrf VRF-1 0.0.0.0 0.0.0.0 192.168.11.1
ip route vrf VRF-2 0.0.0.0 0.0.0.0 192.168.12.1
end
wr
Branch3-Router

enable
conf t
hostname Branch3-Router
username admin secret 123
line console 0
login local
line vty 0 4
login local
int f0/0
ip address 192.168.9.2 255.255.255.0
no shut
int f1/0
ip address 192.168.110.254 255.255.255.0
no shut
int f1/1
ip address 192.168.17.2 255.255.255.0
no shut
ip dhcp pool 110
network 192.168.110.0 255.255.255.0
default-router 192.168.110.254
ip prefix-list deny 192.168.1.0/24
ip prefix-list deny 192.168.2.0/24
ip prefix-list deny 192.168.3.0/24
ip prefix-list deny 192.168.4.0/24
ip prefix-list permit 0.0.0.0/0 le 32
router bgp 400
neighbor 192.168.9.1 remote-as 1000
redistribute connected
router eigrp 1
network 192.168.17.0 255.255.255.0
network 192.168.110.0 255.255.255.0
distribute-list TEST in
end
wr
ISP-Router

enable
conf t
hostname ISP-Router
username admin secret 123
line console 0
login local
line vty 0 4
login local
int f0/0
ip address 192.168.6.1 255.255.255.0
no shut
int f1/0
ip address 192.168.5.1 255.255.255.0
no shut
int f1/1
ip address 192.168.7.1 255.255.255.0
no shut
int f3/0
ip address 192.168.9.1 255.255.255.0
no shut
ip vrf VRF-1
ip vrf VRF-2
int f2/0
ip address 192.168.8.1 255.255.255.0
no shut
int f2/0.1
encapsulation dot 100
ip vrf forwarding VRF-1
ip address 192.168.15.1 255.255.255.0
no shut
int f2/0.2
encapsulation dot 200
ip vrf forwarding VRF-2
ip address 192.168.16.1 255.255.255.0
no shut
int f2/1.1
ip vrf forwarding VRF-1
encapsulation dot 100
ip address 192.168.11.1 255.255.255.0
no shut
int f2/1.2
ip vrf forwarding VRF-2
encapsulation dot 200
ip address 192.168.12.1 255.255.255.0
no shut
ip route vrf VRF-1 192.168.80.0 255.255.255.0 192.168.15.2
ip route vrf VRF-1 192.168.100.0 255.255.255.0 192.168.11.2
ip route vrf VRF-2 192.168.70.0 255.255.255.0 192.168.16.2
ip route vrf VRF-2 192.168.90.0 255.255.255.0 192.168.12.2
router bgp 1000
neighbor 192.168.5.2 remote-as 100
neighbor 192.168.9.2 remote-as 400
neighbor 192.168.7.2 remote-as 200
neighbor 192.168.8.2 remote-as 300
end
wr
Trouble Shoot and verifying Routers
Show run
Show cdp neighbor
Show cdp neighbor details
Show ip interfaces brief
Sh run | sec eigrp/ospf/dhcp/bgp/ip route/access-list …
Show ip route
Show ip protocols
sh crypto ipsec sa
sh crypto ipsec policy
sh crypto
sh crypto isakmp sa
sh crypto isakmp policy
sh crypto isakmp peers
sh crypto ipsec transform-set
sh route-map
sh ip bgp summary
sh ip route bgp/eigrp/ospf
sh ip eigrp 1 neighbors
sh ip eigrp 1 interfaces
sh ip eigrp 1 topology
sh ip dhcp binding
sh ip dhcp snooping binding
sh ip dhcp snooping
sh ip route vrf VRF-1
sh vlan-switch
sh standby
sh spanning-tree
sh port-security
sh ip prefix-list
sh interfaces
sh run interface f1/1
sh clock
sh ntp associations

You might also like