IP Services Sim

May 20th, 2022Go to comments

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

+ Refer to the Tasks tab to view the tasks for this lab item.
+ Refer to the Topology tab to access the device console(s) and perform the tasks.
+ Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.
+ All necessary preconfigurations have been applied.
+ Do not change the enable password or hostname for any device.
+ Save your configurations to NVRAM before moving to the next item.
+ Click Next at the bottom of the screen to submit this lab and move to the next question.
+ When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

Connectivity between three routers has been established, and IP services must be configured in the
order presented to complete the implementation. Tasks assigned include configuration of NAT, NTP,
DHCP, and SSH services.

1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All source
addresses must be translated from R3 to the IP address of Ethernet0/0 on R2, while using only a
standard access list named NAT. To verify, a ping must be successful to the R1 Loopback address
sourced from R3. Do not use NVI NAT configuration.

2. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the R1
Ethernet0/2 interface. Set the clock on the NTP server for midnight on January 1, 2019.

3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named NETPOOL. Using a single
command, exclude addresses 1-10 from the range. Interface Ethernet0/2 on R3 must be issued the IP
address of 10.1.3.11 via DHCP.

4. Configure SSH connectivity from R1 to R3, while excluding access via other remote connection
protocols. Access for user netadmin and password N3t4ccess must be set on router R3 using RSA
and 1024 bits. Verify connectivity using an SSH session from router R1 using a destination address of
10.1.3.11. Do NOT modify console access or line numbers to accomplish this task.

Solution

You can download the Packet Tracer file of this sim here to practice. Please open it with
Packet Tracer v8.1.1.0022 or newer.
Note: In Packet Tracer, there is one command that is slightly different. It is the command
“crypto key generate rsa modulus 1024”. In Packet Tracer you have to type the command
 “crypto key generate rsa general-keys modulus 1024” instead.

Note: Please check the ACL name username, password, clock… carefully in your exam as they may be
different!

Task 1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All
source addresses must be translated from R3 to the IP address of Ethernet0/0 on R2, while using only
a standard access list named NAT. To verify, a ping must be successful to the R1 Loopback address
sourced from R3. Do not use NVI NAT configuration.

R2(config)# ip access-list standard NAT //Note: The name of the ACL may be
different so please check carefully!
R2(config-std-nacl)#permit 10.2.3.3
R2(config-std-nacl)#permit 192.168.3.1
R2(config-std-nacl)#permit 10.1.3.11
R2(config-std-nacl)#exit
R2(config)# interface e0/1
R2(config-if)#ip nat inside
R2(config-if)#exit
R2(config)#interface e0/0
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#ip nat inside source list NAT interface e0/0 overload

Verification

R3#ping 192.168.1.1
.!!!! (ping should work)

Task 2. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the R1
Ethernet0/2 interface. Set the clock on the NTP server for midnight on January 1, 2019.

R1#clock set 00:00:00 January 1 2019 //Midnight means 00:00:00. Note: The
date may be different so please check carefully!
R1#config t
R1(config)#ntp master 1 //Configure R1 as an NTP server

A strange thing of this sim is that E0/2 of R1 has not been configured an IP address so we must assign
the IP address of 10.1.3.1 as shown in the topology for it. Maybe it is the reason the requirement says
“using the IP address of the R1 Ethernet0/2 interface”.

R1(config)#interface e0/2
R1(config)#ip address 10.1.3.1 255.255.255.0

Updated: It seems this bug has been fixed. E0/2 of R1 has been assigned 10.1.3.1/24 IP address
initially.

Configure R2 as the NTP client (not NTP peer):

R2#config t
R2(config)#ntp server 10.1.3.1

Verification
Check the clock on R2 to see if it is the same as R1:

R2#show clock
0:0:01.60 UTC Tue Jan 1 2019

Task 3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named NETPOOL. Using a
single command, exclude addresses 1-10 from the range. Interface Ethernet0/2 on R3 must be issued
the IP address of 10.1.3.11 via DHCP.

R1(config)#ip dhcp pool NETPOOL

R1(dhcp-config)#network 10.1.3.0 255.255.255.0
R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 10.1.3.1 10.1.3.10

Configure interface E0/2 of R3 to receive IP address issued from R1 (DHCP Server):

R3(config)#interface e0/2
R3(config-if)#ip address dhcp

Verification
R3(config-if)#exit
R3(config)#exit
R3#show ip interface brief (E0/2 interface is assigned the IP address of 10.1.3.11)

Interface IP-Address OK? Method Status Protocol

…
Ethernet0/2 10.1.3.11 YES DHCP up up

Task 4. Configure SSH connectivity from R1 to R3, while excluding access via other remote connection
protocols. Access for user netadmin and password N3t4ccess must be set on router R3 using RSA
and 1024 bits. Verify connectivity using an SSH session from router R1 using a destination address of
10.1.3.11. Do NOT modify console access or line numbers to accomplish this task.

R3(config)#line vty 0 4 //we should use the "show run" command to confirm if
the "line vty 0 4" or "line vty 0 15"
R3(config-line)#transport input ssh
R3(config-line)#login local
R3(config-line)#exit
R3(config)#username netadmin password N3t4ccess //Note: Please check the
username and password given carefully. It may not be "netadmin" and
"N3t4ccess" as shown here
R3(config)#crypto key generate rsa modulus 1024

Note: The command “ip domain-name xyz.com” has been configured so we don’t need to type this
command again. This command must be used before the “crypto key generate rsa” command or an
error will be shown.

Verification

R1# ssh -l netadmin 10.1.3.11

Password: {please type N3t4ccess here}

Save the configuration

As the guidelines clearly stated that we have to save the configuration to NVRAM so please save all
your configurations on R1, R2 and R3:

R1#, R2#, R3#copy running-config startup-config

Note: Just for your information, this lab requires “Do not use NVI NAT configuration” so what is NVI
NAT?

Cisco IOS Release 12.3(14)T introduced a feature called NAT Virtual Interface (NVI), which allows you
to do a NAT configuration without the need to specify an interface as being an inside or an outside
interface. Specifically, instead of issuing the “ip nat inside” or “ip nat outside” command in interface
configuration mode, you can issue the “ip nat enable” command. Not only does this feature make
configuration easier , but it also allows traffic to flow between two interfaces that would both be
considered inside interfaces, from a classic NAT perspective.

Reference: https://www.oreilly.com/library/view/ccnp-routing-and/9780133149883/ch12lev3sec6.html

IP Services Sim Version 2

January 1st, 2023Go to comments
Guidelines

This is a lab item in which tasks will be performed on virtual devices.

+ Refer to the Tasks tab to view the tasks for this lab item.
+ Refer to the Topology tab to access the device console(s) and perform the tasks.
+ Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.
+ All necessary preconfigurations have been applied.
+ Do not change the enable password or hostname for any device.
+ Save your configurations to NVRAM before moving to the next item.
+ Click Next at the bottom of the screen to submit this lab and move to the next question.
+ When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

Services must be configured in the order presented to complete the implementation.

1. Configure dynamic one-to-one address mapping on R2 using a standard list named XLATE, which
allows all traffic to translate the source address of R3 to a pool named test_pool using the
10.10.10.0/24 network for traffic sent from R3 to R1. Avoid using an NVI configuration. Verify
reachability by sending a ping to 192.168.100.1 from R3.

2. Configure R3 to dynamically receive an IP address on Ethernet0/2 from the DHCP server.

3. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address 10.1.2.1.
4. Configure SSH access from R1 to R3, while excluding access via other remote connection protocols
using the user root and password s3cret on router R3 using RSA. Verify connectivity from router R1 to
R3 using a destination address assigned to interface E0/2 on R3.

Solution

You can download the Packet Tracer file of this sim here to practice. Please open it with
Packet Tracer v8.1.1.0022 or newer.
Note: In Packet Tracer, there is one command that is slightly different. It is the command
“crypto key generate rsa modulus 1024”. In Packet Tracer you have to type the command
“crypto key generate rsa general-keys modulus 1024” instead.

Note: Please check the ACL name, username, password… carefully in your exam as they may be
different!

Task 1:
R2(config)# ip access-list standard XLATE //Note: The name of the ACL may be different so please
check carefully!
R2(config-std-nacl)#permit 10.2.3.3
R2(config-std-nacl)#permit 192.168.3.1
R2(config-std-nacl)#permit 10.1.3.11
R2(config-std-nacl)#exit
R2(config)# interface e0/1
R2(config-if)#ip nat inside
R2(config-if)#exit
R2(config)#interface e0/0
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#ip nat pool test_pool 10.10.10.1 10.10.10.254 netmask 255.255.255.0
R2(config)#ip nat inside source list XLATE pool test_pool

Note: This task requires to configure a dynamic one-to-one, not one-to-many so we don’t use the
keyword “overload”.

Verification
R3#ping 192.168.100.1
.!!!! (ping should work)

Task 2:

R1 has been configured an DHCP Server already so we just need to configure DHCP Client on R3.

R3(config)#interface e0/2
R3(config-if)#ip address dhcp

Wait a moment and we will see E0/2 of R3 is assigned the IP address 10.1.3.11 with the following
message:

%DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/2 assigned DHCP address 10.1.3.11,

mask 255.255.255.0, hostname R3

We can verify with the command “show ip interface brief” on R3:

R3(config-if)#exit
R3(config)#exit

R3#show ip interface brief

Interface IP-Address OK? Method Status
Protocol
...
Ethernet0/2 10.1.3.11 YES DHCP up
up

-> We see E0/2 has been assigned the IP address 10.1.3.11 via DHCP.

Task 3:

R1#config t
R1(config)#ntp master 1 //Configure R1 as an NTP server

Note: In this version, interface E0/2 of R1 was assigned the IP address of 10.1.3.1/24.

Configure R2 as the NTP client (not NTP peer):

R2#config t
R2(config)#ntp server 10.1.2.1

Verification

Wait a moment so that R2 can synchronize to R1:

R2(config)#exit
R2#show ntp status
Clock is synchronized, stratum 2, reference is 10.1.2.1
…

Task 4:
R3(config)#line vty 0 4
R3(config-line)#transport input ssh
R3(config-line)#login local
R3(config-line)#exit
R3(config)#username root password s3cret//Note: Please check the username and password given
carefully. It may not be “root” and “s3cret” as shown here
R3(config)#crypto key generate rsa modulus 1024

Note: The command “ip domain-name xyz.com” has been configured so we don’t need to type this
command again. This command must be used before the “crypto key generate rsa” command or an
error will be shown. Also this version does not ask the key-size of 1024 so you can configure any key-
size you want.

Verification

Come back to R1 and type:

R1# ssh -l root 10.1.3.11
Password: {please type s3cret here}

Save the configuration

As the guidelines clearly stated that we have to save the configuration to NVRAM so please save all
your configurations on R1, R2 and R3:

R1#, R2#, R3#copy running-config startup-config

Note: Just for your information, this lab requires “Do not use NVI NAT configuration” so what is NVI
NAT?

Cisco IOS Release 12.3(14)T introduced a feature called NAT Virtual Interface (NVI), which allows you
to do a NAT configuration without the need to specify an interface as being an inside or an outside
interface. Specifically, instead of issuing the “ip nat inside” or “ip nat outside” command in interface
configuration mode, you can issue the “ip nat enable” command. Not only does this feature make
configuration easier , but it also allows traffic to flow between two interfaces that would both be
considered inside interfaces, from a classic NAT perspective.

Static Routing Configuration Sim

May 23rd, 2022Go to comments
Topology

Tasks

Connectivity between four routers has been established. IP connectivity must be configured in the
order presented to complete the implementation. No dynamic routing protocols are included.

1. Configure static routing using host routes to establish connectivity from router R3 to the router R1
Loopback address using the source IP of 209.165.200.230.
2. Configure an IPv4 default route on router R2 destined for router R4.
3. Configure an IPv6 default router on router R2 destined for router R4.

Solution

You can download the Packet Tracer file of this sim here to practice. Please open it with
Packet Tracer v8.1.1.0022 or newer.
Packet Tracer routers do not support Ethernet interfaces so we used GigabitEthernet
interfaces instead.

Note: A host route is an IPv4 address with a 32-bit mask

Task 1. Configure static routing using host routes to establish connectivity from router R3 to the
router R1 Loopback address using the source IP of 209.165.200.230.

In this task we have to configure all the static routes so that R3 can ping Loopback 1 of R1 successfully

R3(config)#ip route 192.168.1.1 255.255.255.255 209.165.200.229

R2(config)#ip route 192.168.1.1 255.255.255.255 209.165.200.225
R1(config)#ip route 209.165.200.230 255.255.255.255 209.165.200.226

Verification

R3#ping 192.168.1.1
.!!!!

Task 2. Configure an IPv4 default route on router R2 destined for router R4

R2(config)#ip route 0.0.0.0 0.0.0.0 209.165.202.130

Task 3. Configure an IPv6 default router on router R2 destined for router R4

R2(config)#ipv6 route ::/0 2001:db8:abcd::2

Static Routing Configuration Sim 2

May 26th, 2022Go to comments
Topology

Tasks

IP connectivity and OSPF are preconfigured on all devices where necessary. Do not make any changes
to the IP addressing or OSPF. The company policy uses connected interfaces and next hops when
configuring static routes except for load balancing or redundancy without floating static. Connectivity
must be established between subnet 172.20.20.128/25 on the Internet and the LAN at 192.168.0.0/24
connected to SW1:

1. Configure reachability to the switch SW1 LAN subnet in router R2.

2. Configure default reachability to the Internet subnet in router R1.
3. Configure a single static route in router R2 to reach to the Internet subnet considering both
redundant links between routers R1 and R2. A default route is NOT allowed in router R2.
4. Configure a static route in router R1 toward the switch SW1 LAN subnet where the primary link must
be through Ethernet0/1, and the backup link must be through Ethernet0/2 using a floating route. Use
the minimal administrative distance value when required.

Solution

You can download the Packet Tracer file of this sim here (only initial config) to practice.
Please open it with Packet Tracer v8.1.1.0022 or newer. We still have not had enough
information about the OSPF configuration of this sim so the Packet Tracer file is still
incomplete.
Task 1. Configure reachability to the switch SW1 LAN subnet in router R2.

R2(config)#ip route 192.168.0.0 255.255.255.0 e0/0 10.10.31.1

Note: We have to configure both connected interface and next hop as requested (“The company policy
uses connected interfaces and next hops when configuring static routes”)

Maybe there is a default route to the Internet on each router so we don’t need to configure the return
path.

Verification

R3#ping 192.168.0.1
.!!!!

Task 2. Configure default reachability to the Internet subnet in router R1.

R1(config)#ip route 0.0.0.0 0.0.0.0 e0/0 10.10.13.3

Task 3. Configure a single static route in router R2 to reach to the Internet subnet considering both
redundant links between routers R1 and R2. A default route is NOT allowed in router R2.

We don’t understand why it asks using a single static route while considering both redundant links
because we will need two commands for two links:

R2(config)#ip route 172.20.20.128 255.255.255.128 10.10.12.129

R2(config)#ip route 172.20.20.128 255.255.255.128 10.10.12.1

Task 4. Configure a static route in router R1 toward the switch SW1 LAN subnet where the primary
link must be through Ethernet0/1, and the backup link must be through Ethernet0/2 using a floating
route. Use the minimal administrative distance value when required.

R1(config)#ip route 192.168.0.0 255.255.255.0 10.10.12.2

R1(config)#ip route 192.168.0.0 255.255.255.0 10.10.12.130 2

Remember to save all devices:

R1, R2, R3#copy runnning-config startup-config

OSPF Configuration Sim

June 2nd, 2022Go to comments
Guidelines
This is a lab item in which tasks will be performed on virtual devices.
+ Refer to the Tasks tab to view the tasks for this lab item.
+ Refer to the Topology tab to access the device console(s) and perform the tasks.
+ Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.
+ All necessary preconfigurations have been applied.
+ Do not change the enable password or hostname for any device.
+ Save your configurations to NVRAM before moving to the next item.
+ Click Next at the bottom of the screen to submit this lab and move to the next question.
+ When Next is clicked, the lab closes and cannot be reopened.

Topology
Tasks

IP connectivity between the three routers is configured. OSPF adjacencies must be established.
1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared
between them.
2. Configure the R2 links with a max value facing R1 and R3. R2 must become the DR. R1 and R3 links
facing R2 must remain with the default OSPF configuration for DR election. Verify the configuration
after clearing the OSPF process.
3. Using a host wildcard mask, configure all three routers to advertise their respective Loopback1
networks.
4. Configure the link between R1 and R3 to disable their ability to add other OSPF routers.

Solution

You can download the Packet Tracer file of this sim here to practice. Please open it with
Packet Tracer v8.1.1.0022 or newer.

Task 1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared
between them.

R1(config)#router ospf 1
R1(config-router)#router-id 10.10.12.1

R2(config)#router ospf 1
R2(config-router)#router-id 10.10.12.2

Verification

R1#clear ip ospf process

Reset ALL OSPF processes? [no]: y
R1#show ip ospf
Routing Process “ospf 1” with ID 10.10.12.1
…

R2#clear ip ospf process

Reset ALL OSPF processes? [no]: y

R2#show ip ospf
Routing Process “ospf 1” with ID 10.10.12.2

Task 2. Configure the R2 links with a max value facing R1 and R3. R2 must become the DR. R1 and R3
links facing R2 must remain with the default OSPF configuration for DR election. Verify the
configuration after clearing the OSPF process.

The max value of OSPF priority is 255 so we assign this value to E0/0 and E0/2 interfaces of R2, which
are facing R1 & R3.

On R2:

R2(config)#interface e0/0
R2(config-if)#ip ospf priority 255
R2(config-if)#interface e0/2
R2(config-if)#ip ospf priority 255
R2(config-if)#exit
R2(config)#exit

Verification

This task asks us to clear the OSPF process first:

R2#clear ip ospf process

Reset ALL OSPF processes? [no]: y

and then verify the configuration:

R2#show ip ospf neighbor

10.10.12.1 1 FULL/BDR 00:00:39 10.10.12.1 Ethernet0/0
192.168.3.3 1 FULL/BDR 00:00:39 10.10.23.3 Ethernet0/2

Our configuration is correct if we see our two OSPF neighbors are BDRs so R2 is DR. Or we can check
on R1 & R3 to see R2’s priority and its role. For example on R1:

R1#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.10.12.2 255 FULL/DR 00:00:37 10.10.12.2 Ethernet0/0
192.168.3.3 1 FULL/DR 00:00:37 10.10.13.3 Ethernet0/1

And on R3:

R3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.10.12.1 1 FULL/BDR 00:00:37 10.10.13.1 Ethernet0/1
10.10.12.2 255 FULL/DR 00:00:37 10.10.23.2 Ethernet0/2
Task 3. Using a host wildcard mask, configure all three routers to advertise their respective
Loopback1 networks.

This task requires to use “host wildcard mask” so we have to use “0.0.0.0” for the wildcard mask here.
Notice that it is still correct and match the exact Loopback 1 IP addresses only.

R1(config)#router ospf 1
R1(config-router)#network 192.168.1.1 0.0.0.0 area 0

R2(config)#router ospf 1
R2(config-router)#network 192.168.2.2 0.0.0.0 area 0

R3(config)#router ospf 1
R3(config-router)#network 192.168.3.3 0.0.0.0 area 0

Verification

We can check to see if the Loopback1 networks have been advertised with the “show ip route”
command or the “show ip route ospf” command (this command is same as the first one but it only
shows OSPF learned routes):

R3#show ip route ospf

10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 10.10.12.0 [110/2] via 10.10.13.1, 00:13:11, Ethernet0/1
[110/2] via 10.10.23.2, 00:13:11, Ethernet0/2
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/2] via 10.10.13.1, 00:01:08, Ethernet0/1
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.2 [110/2] via 10.10.23.2, 00:00:51, Ethernet0/2

-> We can see two other Loopback1 networks so our configuration was correct.

Task 4. Configure the link between R1 and R3 to disable their ability to add other OSPF routers.

Use these commands on both R1 & R3:

R1,R3(config)#interface e0/1
R1,R3(config-if)#ip ospf network point-to-point

After using these commands on both routers the OSPF process on this segment is up again.

Verification

R3#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.10.12.1 0 FULL/ - 00:00:39 10.10.13.1
GigabitEthernet0/1
10.10.12.2 255 FULL/DR 00:00:30 10.10.23.2
GigabitEthernet0/2

This is a point-to-point network so we cannot add other OSPF routers to R1-R3 segment.

Note: On point-to-point network, the DR/ BDR election process is unnecessary as there can only be two
routers.

LACP Configuration Sim

October 27th, 2022Go to comments
Guidelines

This is a lab item in which tasks will be performed on virtual devices.

+ Refer to the Tasks tab to view the tasks for this lab item.
+ Refer to the Topology tab to access the device console(s) and perform the tasks.
+ Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.
+ All necessary preconfigurations have been applied.
+ Do not change the enable password or hostname for any device.
+ Save your configurations to NVRAM before moving to the next item.
+ Click Next at the bottom of the screen to submit this lab and move to the next question.
+ When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

Physical connectivity is implemented between the two Layer 2 switches, and the network connectivity
between them must be configured.

1. Configure an LACP EtherChannel and number it as 44; configure it between switches SW1 and SW2
using interfaces Ethernet0/0 and Ethernet0/1 on both sides. The LACP mode must match on both ends.
2. Configure the EtherChannel as a trunk link.
3. Configure the trunk link with 802.1q tags.
4. Configure VLAN ‘MONITORING’ as the untagged VLAN of the EtherChannel.

Solution

Note: You can download the Packet Tracer file of this sim here to practice. Please open it
with Packet Tracer v8.1.1.0022 or newer.
Packet Tracer switches do not support Ethernet interfaces so we used FastEthernet interfaces
instead. Also E0/0 interface of Sw1 & Sw2 were replaced by FastEthernet0/2 as Packet
Tracer switches do not have FastEthernet0/0.

Task 1 + 2 + 3.

SW1, SW2:
interface range E0/0 – 1
channel-group 44 mode active
no shutdown

interface Port-channel 44
switchport trunk encapsulation dot1q
switchport mode trunk

Task 4.

It seems VLAN 746 is the “MONITORING” VLAN. Please check with the “show vlan” command on both
switches to be sure. If so we will set this VLAN the native VLAN on both switches.

SW1, SW2:

interface Port-channel 44
switchport trunk native vlan 746

Don’t forget to save the configuration on both switches:

SW1, SW2#copy running-config startup-config

Voice VLAN Configuration Sim

November 12th, 2022Go to comments
Guidelines

This is a lab item in which tasks will be performed on virtual devices.

+ Refer to the Tasks tab to view the tasks for this lab item.
+ Refer to the Topology tab to access the device console(s) and perform the tasks.
+ Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.
+ All necessary preconfigurations have been applied.
+ Do not change the enable password or hostname for any device.
+ Save your configurations to NVRAM before moving to the next item.
+ Click Next at the bottom of the screen to submit this lab and move to the next question.
+ When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks
All physical cabling between the two switches is installed. Configure the network connectivity between
the switches using the designated VLANs and interfaces.

1. Configure VLAN 100 named Compute and VLAN 200 named Telephony where required for each
task.
2. Configure Ethernet0/1 on SW2 to use the existing VLAN named Available.
3. Configure the connection between the switches using access ports.
4. Configure Ethernet0/1 on SW1 using data and voice VLANs.
5. Configure Ethernet0/1 on SW2 so that the Cisco proprietary neighbor discovery protocol is turned off
for the designated interface only.

Solution

Note: You can download the Packet Tracer file of this sim here to practice. Please open it
with Packet Tracer v8.1.1.0022 or newer.
Packet Tracer switches do not support Ethernet interfaces so we used FastEthernet interfaces
instead. Also E0/0 interface of Sw1 & Sw2 were replaced by FastEthernet0/24 as Packet
Tracer switches do not have FastEthernet0/0.

Note: The VLAN numbers may be different so please check them carefully.

Task 1. Configure VLAN 100 named Compute and VLAN 200 named Telephony where required for
each task.

SW1(config)#vlan 100
SW1(config-vlan)#name Compute
SW1(config-vlan)#vlan 200
SW1(config-vlan)#name Telephony

SW2 only uses “Compute” VLAN so we only need to configure this VLAN on SW2:

SW2(config)#vlan 100
SW2(config)#name Compute

Task 2. Configure Ethernet0/1 on SW2 to use the existing VLAN named Available.

Check the number of VLAN named “Available” so that we can assign interface E0/1 to this VLAN with
the “show vlan” command. Suppose we found VLAN 99 is the “Available” VLAN.

SW2(config)#interface e0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 99
SW2(config-if)#no shutdown

Task 3. Configure the connection between the switches using access ports.

Configure on both SW1 & SW2:

SW1+SW2(config)#interface e0/0
SW1+SW2(config-if)#switchport mode access
SW1+SW2(config-if)#switchport access vlan 100

Task 4. Configure Ethernet0/1 on SW1 using data and voice VLANs.

SW1(config)#interface e0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 100
SW1(config-if)#switchport voice vlan 200

Task 5. Configure Ethernet0/1 on SW2 so that the Cisco proprietary neighbor discovery protocol is
turned off for the designated interface only.
SW2(config)#cdp run
SW2(config)#interface e0/1
SW2(config-if)#no cdp enable

Don’t forget to save the configuration on both switches:

SW1+SW2#copy running-config startup-config

VLAN and Trunking Configuration Sim

November 16th, 2022Go to comments
Guidelines

This is a lab item in which tasks will be performed on virtual devices.

+ Refer to the Tasks tab to view the tasks for this lab item.
+ Refer to the Topology tab to access the device console(s) and perform the tasks.
+ Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.
+ All necessary preconfigurations have been applied.
+ Do not change the enable password or hostname for any device.
+ Save your configurations to NVRAM before moving to the next item.
+ Click Next at the bottom of the screen to submit this lab and move to the next question.
+ When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

Three switches must be configured for Layer 2 connectivity. The company requires only the designated
VLANs to be configured on their respective switches and permitted across any links between switches
for security purposes. Do not modify or delete VTP configurations.

The network needs two user-defined VLANs configured:

VLAN 110: MARKETING

VLAN 210: FINANCE

1. Configure the VLANs on the designated switches and assign them as access ports to the interfaces
connected to the PCs.
2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks with only the required VLANs
permitted.
3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the required VLANs
permitted.
Solution

You can download the Packet Tracer file of this sim here to practice. Please open it with
Packet Tracer v8.1.1.0022 or newer.
Note: Packet Tracer switches do not support Ethernet interfaces so we used FastEthernet
interfaces instead. Also E0/0 interface of Sw3 was replaced by FastEthernet0/2 as Packet
Tracer switches do not have FastEthernet0/0.

Note: The VLAN numbers may be different so please check them carefully.

Task 1. Configure the VLANs on the designated switches and assign them as access ports to the
interfaces connected to the PCs.

On Sw1:

Sw1(config)#vlan 210
Sw1(config-vlan)#name FINANCE
Sw1(config-vlan)#exit
Sw1(config)#interface e0/1
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 210

On Sw2:

Sw2(config)#vlan 110
Sw2(config-vlan)#name MARKETING
Sw2(config-vlan)#vlan 210
Sw2(config-vlan)#name FINANCE
Sw1(config-vlan)#exit
Sw2(config)#interface e0/1
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 110

Note: Although Sw2 does not use VLAN 210 but we have to configure this VLAN on Sw2 or PC5 and PC6
cannot communicate. Sw2 needs to declare this VLAN in its database to forward frames of this VLAN.

On Sw3:

Sw3(config)#vlan 110
Sw3(config-vlan)#name MARKETING
Sw3(config-vlan)#vlan 210
Sw3(config-vlan)#name FINANCE
Sw3(config-vlan)#exit
Sw3(config)#interface e0/0
Sw3(config-if)#switchport mode access
Sw3(config-if)#switchport access vlan 110
Sw3(config)#interface e0/1
Sw3(config-if)#switchport mode access
Sw3(config-if)#switchport access vlan 210

Task 2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks with only the required VLANs
permitted.

Only the VLAN 210 should be permitted on e0/2 of Sw1 & Sw2 so that PC5 can communicate with PC6.
There is no traffic for VLAN 110 on this trunk link so we should not allow VLAN 110 to go through.

On Sw1 & Sw2:

Sw1+Sw2(config)#interface e0/2
Sw1+Sw2(config-if)#switchport trunk encapsulation dot1q //this command should be used if possible
(on switch supports both ISL and 802.1Q trunking methods. If this command is not valid, just ignore it
Sw1+Sw2(config-if)#switchport mode trunk
Sw1+Sw2(config-if)#switchport trunk allowed vlan 210

Task 3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the required VLANs
permitted.

On Sw2 & Sw3:

Sw2+Sw3(config)#interface e0/3
Sw2+Sw3(config-if)#switchport trunk encapsulation dot1q
Sw2+Sw3(config-if)#switchport mode trunk
Sw2+Sw3(config-if)#switchport trunk allowed vlan 110,210

Don’t forget to save the configuration on all three switches:

SW1+SW2+Sw3#copy running-config startup-config

Verification

We are not sure if the three laptops can be accessible. If they can then we should perform ping tests
from them:

PC5:\> ping 10.10.3.2 -> Ping must be successful

PC3:\> ping 10.10.2.2 -> Ping must be successful

IPv4 and IPv6 Connectivity Sim

December 29th, 2022Go to comments
Guidelines

This is a lab item in which tasks will be performed on virtual devices.

+ Refer to the Tasks tab to view the tasks for this lab item.
+ Refer to the Topology tab to access the device console(s) and perform the tasks.
+ Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.
+ All necessary preconfigurations have been applied.
+ Do not change the enable password or hostname for any device.
+ Save your configurations to NVRAM before moving to the next item.
+ Click Next at the bottom of the screen to submit this lab and move to the next question.
+ When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

Configure IPv4 and IPv6 connectivity between two routers. For IPv4, use a /28 network from the
192.168.180.0/24 private range. For IPv6, use the first /64 subnet from the 2001:0db8:acca::/48
subnet.

1. Using Ethernet0/1 on routers R1 and R2, configure the next usable /28 from the 192.168.180.0/24
range. The network 192.168.180.0/28 is unavailable.
2. For the IPv4 /28 subnet, router R1 must be configured with the first usable host address.
3. For the IPv4 /28 subnet, router R2 must be configured with the last usable host address.
4. For the IPv6 /64 subnet, configure the routers with the IP addressing provided from the topology.
5. A ping must work between the routers on the IPv4 and IPv6 address ranges.

Solution

You can practice this sim with our own online simulator or Packet
Tracer file at:
+ IPv4 and IPv6 Connectivity Online Simulator
+ Packet Tracer file. Please open it with Packet Tracer v8.1.1.0022 or
newer.

Task 1 + Task 2 + Task 3

The network 192.168.180.0/28 is unavailable so the next subnet is 192.168.180.16/28 (increment: 16).
This subnet ranges from 192.168.180.16 to 192.168.180.31.

Therefore the first usable host address is 192.168.180.17/28 and the last usable host address is
192.168.180.30/28. We will them for two E0/1 interfaces:

R1(config)#interface e0/1
R1(config-if)#ip address 192.168.180.17 255.255.255.240
R1(config-if)#no shut

R2(config)#interface e0/1
R2(config-if)#ip address 192.168.180.30 255.255.255.240
R2(config-if)#no shut

Task 4. For the IPv6 /64 subnet, configure the routers with the IP addressing provided from the
topology.

Note: IPv6 routing has been configured so we don’t need to do it.

On R1:

R1(config)#interface e0/1
R1(config-if)#ipv6 address 2001:db8:acca::1/64

On R2:

R2(config)#interface e0/1
R2(config-if)#ipv6 address 2001:db8:acca::2/64

Task 5. A ping must work between the routers on the IPv4 and IPv6 address ranges.

R1#ping 192.168.180.30
.!!!!
R1#ping ipv6 2001:db8:acca::2
!!!!!

Save the configuration

R1,R2#copy running-config startup-config

Named Access-list & Port Security Sim

February 8th, 2023Go to comments
Guidelines

This is a lab item in which tasks will be performed on virtual devices.

+ Refer to the Tasks tab to view the tasks for this lab item.
+ Refer to the Topology tab to access the device console(s) and perform the tasks.
+ Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.
+ All necessary preconfigurations have been applied.
+ Do not change the enable password or hostname for any device.
+ Save your configurations to NVRAM before moving to the next item.
+ Click Next at the bottom of the screen to submit this lab and move to the next question.
+ When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

Refer to the topology. All physical cabling is in place. Configure a local user account, a Named ACL
(NACL), and security.

Task 1. Configure a local account on Sw101 with telnet access only on virtual ports 0-4. Use the
following information:

+ Username: support
+ Password: max2leam
+ Privilege level: Exec mode

Task 2. Configure and apply a single NACL on Sw101 using the following:

+ Name: ENT_ACL
+ Restrict only PC2 on VLAN 200 from pinging PC1
+ Allow only PC2 on VLAN 200 to telnet to Sw101
+ Prevent all other devices from telnetting from VLAN 200
+ Allow all other network traffic from VLAN 200

Task 3. Configure security on interface Ethernet 0/0 of Sw102:

+ Set the maximum number of secure MAC addresses to four.

+ Drop packets with unknown source addresses until the number of secure MAC addresses drops
below the configured maximum value. No notification action is required.
+ Allow secure MAC addresses to be learned dynamically.
Solution

You can download the Packet Tracer file of this sim here to practice (currently Task 2
solution is not working). Please open it with Packet Tracer v8.1.1.0022 or newer.
Note: Packet Tracer switches do not support Ethernet interfaces so we used FastEthernet
interfaces instead. Also E0/0 interfaces of Sw101 & Sw102 were replaced by
FastEthernet0/10 as Packet Tracer switches do not have FastEthernet0/0.

Note: Be careful that the username, password, ACL name… may be different.

Task 1. Configure a local account on Sw101 with telnet access only on virtual ports 0-4

On Sw101:

username support privilege 15 password max2learn

line vty 0 4
transport input telnet
login local

Note: Privilege level 15 is known as “enable mode” or “privileged exec mode,” and authorizes all
commands by default.

Verification

Try to telnet to Sw101 from PC1:

On PC1:
PC1:\> telnet 192.168.100.1
Trying 192.168.100.1 …Open
User Access Verification
Username: support //Type “support” here
Password: ***** //Type “max2leam” here

Sw101#

Task 2. Configure and apply a single NACL on Sw101

Use the “show ip interface brief” command on Sw101, we learn the IP address of interface VLAN 100 is
192.168.100.1/24. We will use this IP address to “allow only PC2 on VLAN 200 to telnet to Sw101”.

On Sw101:

ip access-list extended ENT_ACL

deny icmp host 192.168.200.10 host 192.168.100.10 //Restrict only PC2 on
VLAN 200 from pinging PC1
permit tcp host 192.168.200.10 host 192.168.100.1 eq telnet //Allow only PC2
on VLAN 200 to telnet to Sw101
deny tcp 192.168.200.0 0.0.0.255 any eq telnet //Prevent all other devices
from telnetting from VLAN 200
permit ip 192.168.200.0 0.0.0.255 any //Allow all other network traffic from
VLAN 200

interface e0/2
ip access-group ENT_ACL in
 The above solution does not work as interface e0/2 of SW101 is a Layer 2 trunk. Apply a Layer 3 ACL to
working for another solution and will update this task soon!

Verification

+ Check to make sure PC2 cannot ping PC1:

PC2:\> ping 192.168.100.10

Pinging 192.168.100.10 with 32 bytes of data
Request timed out.
Request timed out.
Request timed out.
Request timed out.

+ Check if only PC2 on VLAN 200 to telnet to Sw101 and prevent all other devices from telnetting from
VLAN 200:

PC2:\> telnet 192.168.100.1 //this must be successful

SW102# telnet 192.168.100.1 //this must fail

+ Check the “Allow all other network traffic from VLAN 200” condition by try pinging from PC2 to
SW101:

PC2:\>ping 192.168.100.1 //this must be successful

Task 3. Configure security on interface Ethernet 0/0 of Sw102.

In this task, it asked “No notification action is required” so we have to use “protect” for violation mode.

On Sw102:

int e0/0
switchport port-security
switchport port-security maximum 4
switchport port-security violation protect

Save the configurations

Sw101+Sw102#copy running-config startup-config

======================================================

For your information, the port security violation modes are described below:

Protect – This mode permits traffic from known MAC addresses to continue to be forwarded while
dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When
configured with this mode, no notification action is taken when traffic is dropped.

Restrict – This mode permits traffic from known MAC addresses to continue to be forwarded while
dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When
configured with this mode, a syslog message is logged, a Simple Network Management Protocol
(SNMP) trap is sent, and a violation counter is incremented when traffic is dropped.

Shutdown – This mode is the default violation mode; when in this mode, the switch will automatically
force the switchport into an error disabled (err-disable) state when a violation occurs. While in this
state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state
by issuing the errdisable recovery cause CLI command or by disabling and reenabling the switchport.

Shutdown VLAN -This mode mimics the behavior of the shutdown mode but limits the error disabled
state the specific violating VLAN.
Reference: https://www.ciscopress.com/articles/article.asp?p=1722561

Named Access-list & DHCP Snooping Sim

February 11th, 2023Go to comments
Guidelines

This is a lab item in which tasks will be performed on virtual devices.

+ Refer to the Tasks tab to view the tasks for this lab item.
+ Refer to the Topology tab to access the device console(s) and perform the tasks.
+ Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.
+ All necessary preconfigurations have been applied.
+ Do not change the enable password or hostname for any device.
+ Save your configurations to NVRAM before moving to the next item.
+ Click Next at the bottom of the screen to submit this lab and move to the next question.
+ When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

Refer to the topology. All physical cabling is in place. Configure local users accounts, modify the
Named ACL (NACL), and configure DHCP Snooping. The current contents of the NACL must remain
intact.
Task 1

Configure a local account on Gw1 with telnet access only on virtual ports 0-4. Use the following
information:

+ Username: wheel
+ Password: lock3path
+ Algorithm type: Scrypt
+ Privilege level: Exec mode

Task 2

Configure and apply a NACL on Gw1 to control network traffic from VLAN 10:

+ Name: CORP_ACL
+ Allow BOOTP and HTTPS
+ Restrict all other traffic and log the ingress interface, source MAC address, the packet’s source and
destination IP addresses, and ports.

Task 3

Configure Sw1:

+ Enable DHCP Snooping for VLAN 10

+ Disable DHCP Option-82 data insertion
+ Enable DHCP Snooping MAC address verification
+ Enable trusted interfaces.

Solution

You can download the Packet Tracer file of this sim here to practice. Please open it with
Packet Tracer v8.1.1.0022 or newer.
Currently Packet Tracer has not supported many features required in this sim so the solution
in Packet Tracer file does not work well. Please only use it as a reference only.
Note: Packet Tracer switches do not support Ethernet interfaces so we used FastEthernet
interfaces instead. Also E0/0 interfaces of the switches were replaced by FastEthernet0/4 as
Packet Tracer switches do not have FastEthernet0/0.
Note: Be careful that the username, password, ACL name… may be different. You can only access and
configure the “blue” devices, not “gray” ones.

Task 1. Configure a local account on Gw1 with telnet access only on virtual ports 0-4

On Gw1:

username wheel privilege 15 algorithm-type scrypt secret lock3path

line vty 0 4
transport input telnet
login local

Note: Privilege level 15 is known as “enable mode” or “privileged exec mode,” and authorizes all
commands by default. We cannot use the keyword “password” after “algorithm-type scrypt” so we
need to use the keyword “secret” instead.

Verification

First we must find an IP address on Gw1 to telnet with the “show ip interface brief” command on Gw1.
Suppose we find out the IP address of e0/0 is 10.1.1.1. Try to telnet to Gw1 from PC1:
On HostA:

HostA:\> telnet 10.1.1.1 //The IP address may be different

Trying 10.1.1.1 …Open
User Access Verification
Username: wheel //Type “wheel” here
Password: ********* //Type “lock3path” here
Gw1# //telnet to Gw1 successfully

Task 2. Configure and apply a NACL on Gw1 to control network traffic from VLAN 10

In order to control traffic from VLAN 10 only, we first need to find out the IP address range of this
VLAN. We can check in the IP Configuration of HostA and HostC to find their IP addresses and subnet
masks. For example we find out they belong to 10.10.10.0/24 so we will only permit HTTPS and deny
other traffic from this subnet.

Note: Before getting an IP address from DHCP process, the client only sends broadcast messages to
DHCP server so we cannot specify a specific subnet to filter these packets -> We should use the word
“any” for both source and destination addresses.

On Gw1:

ip access-list extended CORP_ACL

permit udp any any eq bootpc
permit udp any any eq bootps
permit tcp 10.10.10.0 0.0.0.255 any eq 443 //there is no "https" keyword so
we have to use the port number
deny ip 10.10.10.0 0.0.0.255 any log-input

interface e0/0
ip access-group CORP_ACL in

This will permit DHCP client requests (bootpc) and server responses (bootps) from any source and
destination address.

The “log-input” logs the following information: ingress interface, source MAC address, source IP
address, destination IP address, source port, destination port.

Note: The “log” keyword simply generates a log message for a matching packet, without including any
additional information. The “log-input” keyword, on the other hand, generates a log message that
includes additional information about the packet, such as the interface it was received on, the source
MAC address, and the source and destination IP addresses and ports. In summary, the “log” keyword
generates a simple log message, while the “log-input” keyword provides more detailed information
about the packet.

Task 3. Configure DHCP Snooping on Sw1:

On Sw1:

Sw1(config)#ip dhcp snooping //Enable DHCP Snooping feature

Sw1(config)#ip dhcp snooping vlan 10 //Enable DHCP Snooping for VLAN 10 only
Sw1(config)#no ip dhcp snooping information option //Disable DHCP Option-82
data insertion
Sw1(config)#ip dhcp snooping verify mac-address //Globally enables MAC
address verification for DHCP snooping on all switch interfaces.

+ Configure trusted interfaces for DHCP Snooping. In this case “trusted” interfaces are interfaces that
are connecting to the DHCP Server and other switches -> Interfaces e0/1, e0/2 should be configured
trusted interfaces.

Sw1(config)#interface e0/1
Sw1(config-if)#ip dhcp snooping trust
Sw1(config)#interface e0/2
Sw1(config-if)#ip dhcp snooping trust

Verification

Sw1#show ip dhcp snooping

Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs: 10
Insertion of option 82 is disabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
--------- ------- ----------------
Ethernet0/1 yes unlimited
Ethernet0/2 yes unlimited

Save the configurations:

Sw1+Gw1#copy running-config startup-config

==============================================

VLAN and CDP Sim

August 9th, 2023Go to comments
Tasks

R1 has been pre-configured with all the necessary commands. All physical cabling is in place and
verified. Connectivity from PC1, PC3, and the Server must be established to the switches, and each
port must only allow one VLAN.

1. Configure the VLAN connecting to the switch port for PC3 with the name “SALES”
2. Configure the switch port connecting to Server1
3. Configure the switch port connecting to PC3
4. Ensure R1 discovers SW-1 via the Cisco proprietary neighbor discovery protocol and all other
devices on the network are unable to discover SW-1

Topology
Solution

You can download the Packet Tracer file of this sim here to practice. Please open it with
Packet Tracer v8.1.1.0022 or newer.
Note: Packet Tracer switches do not support Ethernet interfaces so we used FastEthernet
interfaces instead. Also E0/0 interfaces of Sw-1 & Sw-2 were replaced by FastEthernet0/10
as Packet Tracer switches do not have FastEthernet0/0.

Task 1. Configure the VLAN connecting to the switch port for PC3 with the name “SALES”

According to the information in the table, we learn that the switch port connected to PC3 (interface
e0/3) belongs to VLAN 30 so we must name VLAN 30 “SALES”:

SW-2(config)#vlan 30
SW-2(config-vlan)#name SALES
SW-2(config-vlan)#exit //to apply the VLAN config

Task 2. Configure the switch port connecting to Server1

Server1 is connected via VLAN 20 on e0/2 so we should create VLAN 20 first then assign this VLAN to
interface e0/2. Then put this interface in access mode:

SW-2(config)#vlan 20
SW-2(config-vlan)#exit
SW-2(config)#int e0/2
SW-2(config-if)#switchport mode access
SW-2(config-if)#switchport access vlan 20
SW-2(config-if)#no shut

Task 3. Configure the switch port connecting to PC3

SW-2(config-if)#int e0/3
SW-2(config-if)#switchport mode access
SW-2(config-if)#switchport access vlan 30
SW-2(config-if)#no shut

Task 4. Ensure R1 discovers SW-1 via the Cisco proprietary neighbor discovery protocol and all other
devices on the network are unable to discover SW-1

Some documents say that “If CDP is disabled globally, you cannot enable it on each interface using the
“cdp enable” interface configuration mode command” so it is better to turn off CDP on e0/1 & e0/2 ->
CDP only runs on e0/0:

SW-1(config)#int range e0/1 – 2

SW-1(config-if)#no cdp enable

Save the configuration

On both SW-1 and SW-2:

SW-1#copy running-config startup-config

SW-2#copy running-config startup-config

IPv4 and IPv6 Deployment Sim

August 9th, 2023Go to comments
Tasks

All physical cabling is in place. A company plans to deploy 16 new sites. The sites will utilize both IPv4
and IPv6 networks.

1. Subnet 172.16.0.0/16 to meet the subnet requirements and maximize the number of hosts

– Using the second subnet

— Assign the first usable IP address to e0/0 on Sw101

— Assign the last usable IP address to e0/0 on Sw102

2. Subnet 2001:DB8::/50 to meet the subnet requirements and maximize the number of hosts

– Using the second subnet

— Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw101
— Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw102

Topology

Solution

Note: Please check the requirement of this sim carefully as the IP addresses, subnets used may be
different.

Task 1. Subnet 172.16.0.0/16 to meet the subnet requirements and maximize the number of hosts

We plan to deploy 16 new sites so we need 16 (24) subnets so we have to borrow four bits 1. Therefore
the subnet mask should be /20.

The first subnet will be 172.16.0.0/20 (increment: 16) so the second subnet will be 172.16.16.0/20,
which ranges from 172.16.16.0 (network address) to 172.16.31.255 (broadcast address).
-> The first usable IP address (of the second subnet) assigned to e0/0 on Sw101 is 172.16.16.1/20
-> The last usable IP address (of the second subnet) assigned to e0/0 on Sw102 is 172.16.31.254/20

Note: If you are not sure how to find out the subnets and increment above, please read our Subnetting
Tutorial – Subnetting Made Easy

Now to the configuration part:

On Sw101:

Sw101(config)#int e0/0
Sw101(config-if)#no switchport
Sw101(config-if)#ip address 172.16.16.1
255.255.240.0
Sw101(config-if)#no shut

On Sw102:

Sw101(config)#int e0/0
Sw101(config-if)#no switchport
Sw101(config-if)#ip address 172.16.31.254
255.255.240.0
Sw101(config-if)#no shut

Task 2. Subnet 2001:DB8::/50 to meet the subnet requirements and maximize the number of hosts

Same as IPv4, we need to borrow four bits to use for 16 new sites (as 2 4 = 16 new subnets, which are
also new sites) -> The first subnet will be 2001:DB8::/54 and we have to find out the second subnet.

To get the second subnet, we only need to add 1 bit to the 54th bit of the IPv6 address. So our task is
to find out where the 54th bit is.

In IPv6, each octet consists of 16 bits so the first three octets (2001:DB8:0: or 2001:0DB8:0000: in full
form) are 16 * 3 = 48 bits. The first number of the fourth octet is from 49 th bit to 52th bit and the
second number of the fourth octet is from 53th bit to 56th bit (in red box of the figure below). Therefore
54th bit is at the second place (from the left) of the second number of the fourth octet.

Add 1 to the 54th bit will change the value of that octet from 0 to 4. Therefore the second subnet will
be 2001:DB8:0:0400::/54 or 2001:DB8:0:400::/54 in short as we can remove the leading bit 0 in the
fourth octet.

So after finding the second subnet, we need to assign an IPv6 GUA using a unique 64-Bit interface
identifier. In other words, we need to assign EUI-64 addresses for two router interfaces.

Note: GUA is short for “Global Unicast Address” and 2001:DB8::/54 is a GUA as they are routable
addresses.

– Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw101:
 Sw101(config)#int e0/0
Sw101(config-if)#ipv6 address 2001:DB8:0:400::/54
eui-64

– Assign an IPv6 GUA using a unique 64-Bit interface identifier on e0/0 on Sw102:

Sw102(config)#int e0/0
Sw102(config-if)#ipv6 address 2001:DB8:0:400::/54
eui-64

There is another version of this sim so you need to grasp the subnetting concept to solve
them:
A company plans to deploy 64 new sites.
Task 1. Subnet 10.30.64.0/19 (maximize the number of hosts) using the third subnet
Task 2. Subnet 2001:db8::/56 (maximize the number of hosts) using the third subnet
Solution
Task 1. 64 new sites = 26 -> borrow 6 bits. Therefore the new subnet mask will be /25
Increment: 128 (of the fourth octet)
-> First subnet: 10.30.64.0/25
-> Second subnet: 10.30.64.128/25
-> Third subnet: 10.30.65.0/25
Task 2. 64 new sites = 26 -> borrow 6 bits means the first subnet is 2001:db8::/62
Three first octets (2001:db8:0:) have 16 * 3 = 48 bits so they are fixed. 56 – 48 = 8 bits so the
next 2 hexadecimal numbers are fixed too (the fixed part is in bold: 2001:db8:0:0000). We
borrowed 6 bits so we have to start from two next 00 and add 1 bit to the 6 bits we borrowed
for each subnet (6 bits we borrowed are underlined):
First subnet: 0000 0000 (binary) = 00 (hexadecimal)
Second subnet: 0000 0100 (binary) = 04 (hexadecimal)
Third subnet: 0000 1000 (binary) = 08 (hexadecimal)
Therefore the third subnet will be 2001:db8:0:0008::/62 or 2001:db8:0:8::/62 in short.

Save the configuration

Sw101#, Sw102#copy running-config startup-config

Static Routing Configuration Sim 3

August 10th, 2023Go to comments
Tasks

All physical cabling is in place. Routers R3 and R4 are fully configured and inaccessible. Configure
static routes for various connectivity to the ISP and the LAN that resides on R4.

1. Configure a route on R1 to ensure that R1 prefers R2 when traffic is destined to the server only.
2. Configure a default route on R2 to the ISP
3. Configure a route on R1 to ensure that R1 will use R2 for the R4 LAN if the link fails between R3 and
R4
4. Configure a route on R1 to ensure that R1 prefers R3 when traffic is destined to the R4 LAN at
10.0.41.0/24

Topology
Solution

Task 1. Configure a route on R1 to ensure that R1 prefers R2 when traffic is destined to the server
only.

R1(config)#ip route 10.0.41.10 255.255.255.255 10.0.12.2

Task 2. Configure a default route on R2 to the ISP

On R2:

R2(config)#ip route 0.0.0.0 0.0.0.0 209.165.200.225

Task 3. Configure a route on R1 to ensure that R1 will use R2 for the R4 LAN if the link fails between
R3 and R4

We can configure a floating static route with highest Administrator Distance (254) as a backup route:

On R1:

R1(config)#ip route 10.0.41.0 255.255.255.0 10.0.12.2 254

Task 4. Configure a route on R1 to ensure that R1 prefers R3 when traffic is destined to the R4 LAN at
10.0.41.0/24

Note: It is better to verify if the IP address of e0/0 interface of R3 is 10.0.13.3 with the “show ip
interface brief” on R3.
R1(config)#ip route 10.0.41.0 255.255.255.0 10.0.13.3

Save the configuration

R1#, R2#copy running-config startup-config

Note: There is another version of this sim with different tasks:

Tasks
1. Configure a default route on R2 to the ISP
2. Configure a default route on R1 to the ISP
3. Configure R2 with a route to the Server at 10.0.41.10
4. Configure R1 with a route to the LAN that prefers R3 as the primary path to the LAN
Solution
Task 1. Configure a default route on R2 to the ISP
On R2:

R2(config)#ip route 0.0.0.0 0.0.0.0 209.165.200.225

Task 2. Configure a default route on R1 to the ISP

We must find out the IP address of E0/0 of R2 so on R2 use the “show ip interface brief”
command. Suppose the IP address of E0/0 is 10.0.12.2 then we will use it as the destination
IP address for the default route on R1:
On R1:

R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.12.2

Task 3. Configure R2 with a route to the Server at 10.0.41.10

We must find out the IP address of E0/0 of R4 so on R4 use the “show ip interface brief”
command. Suppose the IP address of E0/0 is 10.0.24.4 then we will use it as the destination
IP address for the route to the Server on R2:
On R2:

R2(config)#ip route 10.0.41.10 255.255.255.255 10.0.24.4

Task 4. Configure R1 with a route to the LAN that prefers R3 as the primary path to the LAN
We must find out the IP address of E0/0 of R3 so on R3 use the “show ip interface brief”
command. Suppose the IP address of E0/0 is 10.0.13.3 then we will use it as the destination
IP address for the route to the LAN on R1 (that prefers R3):
On R1:

R1(config)#ip route 10.0.41.0 255.255.255.0 10.0.13.3

Save the configuration

R1#, R2#copy running-config startup-config

Note: Please check the IP addresses carefully as they may be different!

Static Routing Configuration Sim 4
August 24th, 2023Go to comments
Tasks

All physical cabling is in place. Router R4 and PC1 are fully configured and inaccessible. R4’s WAN
interfaces use .4 in the last octet for each subnet. Configurations should ensure that connectivity is
established end-to-end.

1 . Configure static routing to ensure R1 prefers the path through R2 to reach only PC1 on R4’s LAN
2. Configure static routing that ensures traffic sourced from R1 will take an alternate path through R3
to PC1 in the event of an outage along the primary path
3. Configure default routes on R1 and R3 to the Internet using the least number of hops

Topology

Solution

You can download the Packet Tracer file of this sim here to practice. Please open it with
Packet Tracer v8.1.1.0022 or newer.
Note: Packet Tracer switches do not support Ethernet interfaces so we used GigabitEthernet
interfaces instead.

Task 1. Configure static routing to ensure R1 prefers the path through R2 to reach only PC1 on R4’s
LAN

R1(config)#ip route 10.0.41.10 255.255.255.255 10.0.12.2

Task 2. Configure static routing that ensures traffic sourced from R1 will take an alternate path
through R3 to PC1 in the event of an outage along the primary path
We can configure a floating static route with highest Administrator Distance (254) as a backup route:

R1(config)#ip route 10.0.41.10 255.255.255.255 10.0.13.3 254

Task 3. Configure default routes on R1 and R3 to the Internet using the least number of hops

On R1:

R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.13.3

On R3:
R3(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.1

Save the configuration

R1#, R3#copy running-config startup-config

VLAN CDP & LLDP Sim

October 30th, 2023Go to comments
Tasks

R1 and R2 are pre-configured with all the necessary commands. All physical cabling is in place and
verified. Connectivity for PC1 and PC2 must be established to the switches; each port must only allow
one VLAN and be operational.

1. Configure SW-1 with VLAN 15 and label it exactly as OPS

2. Configure SW-2 with VLAN 66 and label it exactly as ENGINEERING
3. Configure the switch port connecting to PC1
4. Configure the switch port connecting to PC2
5. Configure the E0/2 connections on SW-1 and SW-2 for neighbor discovery using the vendor-neutral
standard protocol and ensure that e0/0 on both switches uses the Cisco proprietary protocol

Topology
Solution

You can download the Packet Tracer file of this sim here to practice. Please open it with
Packet Tracer v8.1.1.0022 or newer.
Note: Packet Tracer switches do not support Ethernet interfaces so we used FastEthernet
interfaces instead. Also E0/0 interfaces of Sw-1 & Sw-2 were replaced by FastEthernet0/10
as Packet Tracer switches do not have FastEthernet0/0.

Task 1. Configure SW-1 with VLAN 15 and label it exactly as OPS

SW-1(config)#vlan 15
SW-1(config-vlan)#name OPS
SW-1(config-vlan)#exit //To apply the VLAN configured

Task 2. Configure SW-2 with VLAN 66 and label it exactly as ENGINEERING

SW-2(config)#vlan 66
SW-2(config-vlan)#name ENGINEERING
SW-2(config-vlan)#exit //To apply the VLAN configured

Task 3. Configure the switch port connecting to PC1

SW-1(config)#int e0/1
SW-1(config-if)#switchport mode access
SW-1(config-if)#switchport access vlan 15
SW-1(config-if)#no shut

Task 4. Configure the switch port connecting to PC2

SW-2(config)#int e0/1
SW-2(config-if)#switchport mode access
SW-2(config-if)#switchport access vlan 66
SW-2(config-if)#no shut

Task 5. Configure the E0/2 connections on SW-1 and SW-2 for neighbor discovery using the vendor-
neutral standard protocol and ensure that e0/0 on both switches uses the Cisco proprietary protocol

“neighbor discovery using the vendor-neutral standard protocol” means LLDP while “Cisco proprietary
protocol” means CDP.

First we will enable both LLDP and CDP global and enable LLDP on interface e0/2. We also disable CDP
on this interface.

On both SW-1 and SW-2:

SW-1,SW-2(config)#lldp run
SW-1,SW-2(config)#cdp run
SW-1,SW-2(config)#int e0/2
SW-1,SW-2(config-if)#lldp transmit
SW-1,SW-2(config-if)#lldp receive
SW-1,SW-2(config-if)#no cdp enable //we need this command as CDP is enabled
by default

Then we will configure CDP on interface e0/0 of both switches while disabling LLDP on this interface:

On both SW-1 and SW-2:

SW-1,SW-2(config)#int e0/0
SW-1,SW-2(config-if)#no lldp transmit
SW-1,SW-2(config-if)#no lldp receive
SW-1,SW-2(config-if)#cdp enable

Verification

On both SW-1 and SW-2:

SW-1,SW-2#show cdp interface

-> We will see e0/0 interface here

SW-1,SW-2#show lldp interface

-> We will see e0/2 interface here

Save the configuration

Sw-1#copy running-config startup-config

Sw-2#copy running-config startup-config
VLAN & LLDP Sim
November 14th, 2023Go to comments
Tasks

R1 has been pre-configured with all the necessary commands. All physical cabling is in place and
verified. Connectivity for PC1 and PC2 must be established to the switches, and each port must only
allow one VLAN.

1. Configure SW-1 with VLAN 35 and label it exactly as SALES

2. Configure SW-2 with VLAN 39 and label it exactly as MARKETING
3. Configure the switch port connecting to PC1
4. Configure the switch port connecting to PC2
5. Configure SW-1 and SW-2 for universal neighbor discovery using the industry standard protocol and
disable it on the interface connecting to PC1

Topology

Solution

Task 1. Configure SW-1 with VLAN 35 and label it exactly as SALES

SW-1(config)#vlan 35
SW-1(config-vlan)#name SALES
SW-1(config-vlan)#exit //To apply the VLAN configured
Task 2. Configure SW-2 with VLAN 39 and label it exactly as MARKETING

SW-2(config)#vlan 39
SW-2(config-vlan)#name MARKETING
SW-2(config-vlan)#exit //To apply the VLAN configured

Task 3. Configure the switch port connecting to PC1

SW-1(config)#int e0/2
SW-1(config-if)#switchport mode access
SW-1(config-if)#switchport access vlan 35
SW-1(config-if)#no shut

Task 4. Configure the switch port connecting to PC2

SW-2(config)#int e0/2
SW-2(config-if)#switchport mode access
SW-2(config-if)#switchport access vlan 39
SW-2(config-if)#no shut

Task 5. Configure SW-1 and SW-2 for universal neighbor discovery using the industry standard
protocol and disable it on the interface connecting to PC1

Configure “neighbor discovery using the industry standard protocol” so we will use LLDP, not CDP.

Globally enable LLDP on both SW-1 & SW-2:

SW-1+SW-2(config)#lldp run

Disable LLDP on the interface connecting to PC1:

On SW-1:

SW-1(config)#int e0/2
SW-1(config-if)#no lldp receive
SW-1(config-if)#no lldp transmit

Verification

SW-1#show lldp neighbors

--output omitted--
Device ID Local Intf Hold-time Capability Port ID
SW-2 E0/1 120 SW E0/1
Total entries displayed: 1

Save the configuration

SW-1#,SW-2#copy running-config startup-config