CCNA Routing and Switching: Routing and Switching Essentials Instructor Lab Manual This document is exclusive property of Cisco Systems, Inc Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Security course as part of an official Cisco Networking Academy Program Lab - Initializing L g and Re eloading g a Routter and Switch S (Instructo or V Version) Instructor No ote: Red font color or Grayy highlights ind dicate text tha at appears in the instructor copy only T Topology O Objectives Part 1: Se et Up Device es in the Netw work as Show wn in the To opology Part 2: Initialize the Router R and Reload Part 3: Initialize the Switch S and Reload B Backgroun nd / Scenarrio Before sta arting a CCNA A hands-on la ab that makess use of either a Cisco routter or switch, ensure that the t devices in n use have be een erased an nd have no sttartup configu urations prese ent Otherwise e, the results of your lab may be b unpredictab ble This lab provides p a de etail procedure e for initializin ng and reload ding a Cisco ro outer and a Cisco sw witch Note: The e routers used d with CCNA hands-on lab bs are Cisco 1941 Integrate ed Services Routers R (ISRss) with Cisco IOS S Release 15 2(4)M3 (univversalk9 image) The switches used are Cisco Catalyyst 2960s with h Cisco IOS Relea ase 15.0(2) (lanbasek9 ima age) Other ro outers, switch hes, and Ciscco IOS version ns can be use ed Depending on the mod del and Cisco IOS version, the comman nds available and a output prroduced migh ht vary from whatt is shown in the t labs R Required R Resources • Rou uter (Cisco 19 941 with Cisco o IOS softwarre, Release 15.2(4)M3 universal image or comparab ble) • Switch (Cisco 29 960 with Cisco o IOS Release 15.0(2) lanb basek9 image e or compara able) • PCss (Windows 7, Vista, or XP P with termina al emulation program, p such h as Tera Term) • Conso ole cables to configure the e Cisco IOS devices via the e console porrts P 1: Part S Up De Set evices in the Netw work as Shown in the t Topo ology S Step 1: Ca able the netw work as sho own in the topology t Attach console cables to the devices shown in th he topology diiagram © 2013 Cisco and d/or its affiliates All rights reserve ed This docume ent is Cisco Public Page of Initializing and Reloading a Router and Switch Step 2: Power on all the devices in the topology Wait for all devices to finish the software load process before moving to Part Part 2: Initialize the Router and Reload Step 1: Connect to the router Console into the router and enter privileged EXEC mode using the enable command Router> enable Router# Step 2: Erase the startup configuration file from NVRAM Type the erase startup-config command to remove the startup configuration from nonvolatile randomaccess memory (NVRAM) Router# erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete Router# Step 3: Reload the router Issue the reload command to remove an old configuration from memory When prompted to Proceed with reload, press Enter to confirm the reload Pressing any other key will abort the reload Router# reload Proceed with reload? [confirm] *Nov 29 18:28:09.923: %SYS-5-RELOAD: Reload requested by console Reload Reason: Reload Command Note: You may receive a prompt to save the running configuration prior to reloading the router Respond by typing no and press Enter System configuration has been modified Save? [yes/no]: no Step 4: Bypass the initial configuration dialog After the router reloads, you are prompted to enter the initial configuration dialog Enter no and press Enter Would you like to enter the initial configuration dialog? [yes/no]: no Step 5: Terminate the autoinstall program You will be prompted to terminate the autoinstall program Respond yes and then press Enter Would you like to terminate autoinstall? [yes]: yes Router> Part 3: Initialize the Switch and Reload Step 1: Connect to the switch Console into the switch and enter privileged EXEC mode © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of Initializing and Reloading a Router and Switch Switch> enable Switch# Step 2: Determine if there have been any virtual local-area networks (VLANs) created Use the show flash command to determine if any VLANs have been created on the switch Switch# show flash Directory of flash:/ -rwx -rwx -rwx -rwx -rwx 1919 1632 13336 11607161 616 Mar Mar Mar Mar Mar 1 1 1993 1993 1993 1993 1993 00:06:33 00:06:33 00:06:33 02:37:06 00:07:13 +00:00 +00:00 +00:00 +00:00 +00:00 private-config.text config.text multiple-fs c2960-lanbasek9-mz.150-2.SE.bin vlan.dat 32514048 bytes total (20886528 bytes free) Switch# Step 3: Delete the VLAN file a If the vlan.dat file was found in flash, then delete this file Switch# delete vlan.dat Delete filename [vlan.dat]? You will be prompted to verify the file name At this point, you can change the file name or just press Enter if you have entered the name correctly b When you are prompted to delete this file, press Enter to confirm the deletion (Pressing any other key will abort the deletion.) Delete flash:/vlan.dat? [confirm] Switch# Step 4: Erase the startup configuration file Use the erase startup-config command to erase the startup configuration file from NVRAM When you are prompted to remove the configuration file, press Enter to confirm the erase (Pressing any other key will abort the operation.) Switch# erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete Switch# Step 5: Reload the switch Reload the switch to remove any old configuration information from memory When you are prompted to reload the switch, press Enter to proceed with the reload (Pressing any other key will abort the reload.) Switch# reload Proceed with reload? [confirm] Note: You may receive a prompt to save the running configuration prior to reloading the switch Type no and press Enter © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of Initializing and Reloading a Router and Switch System configuration has been modified Save? [yes/no]: no Step 6: Bypass the initial configuration dialog After the switch reloads, you should see a prompt to enter the initial configuration dialog Type no at the prompt and press Enter Would you like to enter the initial configuration dialog? [yes/no]: no Switch> Reflection Why is it necessary to erase the startup configuration before reloading the router? _ The startup configuration file is loaded into memory and becomes the running-config after the router reloads Erasing this file allows the router to return to its basic configuration after a reload You find a couple configurations issues after saving the running configuration to the startup configuration, so you make the necessary changes to fix those issues If you were to reload the device now, what configuration would be restored to the device after the reload? _ The configuration at the time of the last save is restored to the device after a reload Any changes made to the running configuration after the last save would be lost © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of Lab - Installing the IPv6 Protocol and Assigning Host Addresses with Windows XP (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only Objectives Part 1: Install the IPv6 Protocol on a Windows XP PC • Install the IPv6 protocol • Examine IPv6 address information Part 2: Use the Network Shell (netsh) Utility • Work inside the netsh utility • Configure a static IPv6 address on the local-area network (LAN) interface • Exit the netsh utility • Display IPv6 address information using netsh • Issue netsh instructions from the command prompt Background / Scenario The Internet Protocol Version (IPv6) is not enabled by default in Windows XP Windows XP includes IPv6 implementation, but the IPv6 protocol must be installed XP does not provide a way to configure IPv6 static addresses from the Graphical User Interface (GUI), so all IPv6 static address assignments must be done using the Network Shell (netsh) utility In this lab, you will install the IPv6 protocol on a Windows XP PC You will then assign a static IPv6 address to the LAN interface Required Resources Windows XP PC Part 1: Install the IPv6 Protocol on a Windows XP PC In Part 1, you will install the IPv6 protocol on a PC running Windows XP You will also use two commands to view the IPv6 addresses assigned to the PC Step 1: Install the IPv6 protocol From the command prompt window, type ipv6 install to install the IPv6 protocol Step 2: Examine IPv6 Address Information Use the ipconfig /all command to view IPv6 address information © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of Installing the IPv6 Protocol and Assigning Host Addresses with Windows XP Part 2: Use the Network Shell (netsh) Utility Network Shell (netsh) is a command-line utility included with Windows XP and newer Windows operating systems, such as Vista and Windows It allows you to configure the IPv6 address information on your LAN In Part 2, you will use the netsh utility to configure static IPv6 address information on a Windows XP PC LAN interface You will also use the netsh utility to display the PC LAN interface IPv6 address information Step 1: Work inside the Network Shell utility a From the command prompt window, type netsh and press Enter to start the netsh utility The command prompt changes from C:\> to netsh> b At the prompt, enter a question mark (?) and press Enter to provide the list of available parameters © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of Installing the IPv6 Protocol and Assigning Host Addresses with Windows XP c Type interface ? and press Enter to provide the list of interface commands Note: You can use the question mark (?) at any level in the netsh utility to list the available options The up arrow can be used to scroll through previous netsh commands The netsh utility also allows you to abbreviate commands, as long as the abbreviation is unique © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of Installing the IPv6 Protocol and Assigning Host Addresses with Windows XP Step 2: Configure a static IPv6 address on the LAN interface To add a static IPv6 address to the LAN interface, issue the interface ipv6 add address command from inside the netsh utility Step 3: Display IPv6 address information using the netsh utility You can display IPv6 address information using the interface ipv6 show address command Step 4: Exit the netsh utility Use the exit command to exit from the netsh utility Step 5: Issue netsh instructions from the command prompt All netsh instructions can be entered from the command prompt, outside the netsh utility, by preceding the instruction with the netsh command © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of Installing the IPv6 Protocol and Assigning Host Addresses with Windows XP Reflection How would you renew your LAN interface address information from the netsh utility? Hint: Use the question mark (?) for help in obtaining the parameter sequence _ _ Answers may vary, but from the command prompt you would issue the netsh interface ipv6 renew command © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of Lab - Troubleshooting NAT Configurations b Create a default route from the Gateway router to the ISP router Gateway(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1 Step 6: Load router configurations The configurations for the routers are provided for you There are errors with the configuration for the Gateway router Identify and correct the configurations errors Gateway Router Configuration interface g0/1 ip nat outside ! ip nat inside no shutdown interface s0/0/0 ip nat outside ! no ip nat outside interface s0/0/1 ! ip nat outside no shutdown ip nat inside source static 192.168.2.3 209.165.200.254 ! ip nat inside source static 192.168.1.3 209.165.200.254 ip nat pool NAT_POOL 209.165.200.241 209.165.200.246 netmask 255.255.255.248 ip nat inside source list NAT_ACL pool NATPOOL ! ip nat inside source list NAT_ACL pool NAT_POOL ip access-list standard NAT_ACL permit 192.168.10.0 0.0.0.255 ! permit 192.168.1.0 0.0.0.255 banner motd $AUTHORIZED ACCESS ONLY$ end Step 7: Save the running configuration to the startup configuration Part 2: Troubleshoot Static NAT In Part 2, you will examine the static NAT for PC-A to determine if it is configured correctly You will troubleshoot the scenario until the correct static NAT is verified a To troubleshoot issues with NAT, use the debug ip nat command Turn on NAT debugging to see translations in real-time across the Gateway router Gateway# debug ip nat b From PC-A, ping Lo0 on the ISP router Do any NAT debug translations appear on the Gateway router? No c On the Gateway router, enter the command that allows you to see all current NAT translations on the Gateway router Write the command in the space below show ip nat translations Gateway# show ip nat translations Pro Inside global Inside local Outside local © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Outside global Page of 14 Lab - Troubleshooting NAT Configurations - 209.165.200.254 192.168.2.3 - - Why are you seeing a NAT translation in the table, but none occurred when PC-A pinged the ISP loopback interface? What is needed to correct the issue? The static translation is for an incorrect inside local address d Record any commands that are necessary to correct the static NAT configuration error Gateway(config)# no ip nat inside source static 192.168.2.3 209.165.200.254 Gateway(config)# ip nat inside source static 192.168.1.3 209.165.200.254 e From PC-A, ping Lo0 on the ISP router Do any NAT debug translations appear on the Gateway router? No f On the Gateway router, enter the command that allows you to observe the total number of current NATs Write the command in the space below show ip nat statistics Gateway# show ip nat statistics Total active translations: (1 static, dynamic; extended) Peak translations: 1, occurred 00:08:12 ago Outside interfaces: GigabitEthernet0/1, Serial0/0/0 Inside interfaces: Hits: Misses: CEF Translated packets: 0, CEF Punted packets: Expired translations: Dynamic mappings: Inside Source [Id: 1] access-list NAT_ACL pool NATPOOL refcount Total doors: Appl doors: Normal doors: Queued Packets: Is the static NAT occurring successfully? Why? No NAT translation is occurring because both of G0/1 and S0/0/0 interfaces are configured with the ip nat outside command No active interfaces area assigned as inside g On the Gateway router, enter the command that allows you to view the current configuration of the router Write the command in the space below show running-config © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of 14 Lab - Troubleshooting NAT Configurations Gateway# show running-config Building configuration Current configuration : 1806 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Gateway ! boot-start-marker boot-end-marker ! ! enable secret 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 ! no aaa new-model ! no ip domain lookup ip cef no ipv6 cef ! multilink bundle-name authenticated ! redundancy ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface Serial0/0/0 no ip address ip nat outside ip virtual-reassembly in shutdown clock rate 2000000 ! interface Serial0/0/1 © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of 14 Lab - Troubleshooting NAT Configurations ip address 209.165.200.225 255.255.255.252 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat pool NAT_POOL 209.165.200.241 209.165.200.246 netmask 255.255.255.248 ip nat inside source list NAT_ACL pool NATPOOL ip nat inside source static 192.168.1.3 209.165.200.254 ip route 0.0.0.0 0.0.0.0 Serial0/0/1 ! ip access-list standard NAT_ACL permit 192.168.10.0 0.0.0.255 ! ! ! ! control-plane ! ! banner motd ^CAUTHORIZED ACCESS ONLY^C ! line password cisco logging synchronous login line aux line no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits line vty password cisco login transport input all ! scheduler allocate 20000 1000 ! end h Are there any problems with the current configuration that prevent the static NAT from occurring? Yes The inside and outside NAT interfaces are incorrectly configured i Record any commands that are necessary to correct the static NAT configuration errors © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of 14 Lab - Troubleshooting NAT Configurations Gateway(config)# interface g0/1 Gateway(config-if)# no ip nat outside Gateway(config-if)# ip nat inside Gateway(config-if)# exit Gateway(config)# interface s0/0/0 Gateway(config-if)# no ip nat outside Gateway(config-if)# exit Gateway(config)# interface s0/0/1 Gateway(config-if)# ip nat outside Gateway(config-if)# exit j From PC-A, ping Lo0 on the ISP router Do any NAT debug translations appear on the Gateway router? Yes *Mar 18 23:53:50.707: *Mar 18 23:53:50.715: Gateway# *Mar 18 23:53:51.711: *Mar 18 23:53:51.719: *Mar 18 23:53:52.707: Gateway# *Mar 18 23:53:52.715: *Mar 18 23:53:53.707: Gateway# *Mar 18 23:53:53.715: k NAT*: s=192.168.1.3->209.165.200.254, d=198.133.219.1 [187] NAT*: s=198.133.219.1, d=209.165.200.254->192.168.1.3 [187] NAT*: s=192.168.1.3->209.165.200.254, d=198.133.219.1 [188] NAT*: s=198.133.219.1, d=209.165.200.254->192.168.1.3 [188] NAT*: s=192.168.1.3->209.165.200.254, d=198.133.219.1 [189] NAT*: s=198.133.219.1, d=209.165.200.254->192.168.1.3 [189] NAT*: s=192.168.1.3->209.165.200.254, d=198.133.219.1 [190] NAT*: s=198.133.219.1, d=209.165.200.254->192.168.1.3 [190] Use the show ip nat translations verbose command to verify static NAT functionality Note: The timeout value for ICMP is very short If you not see all the translations in the output, redo the ping Gateway# show ip nat translations verbose Pro Inside global Inside local Outside local Outside global icmp 209.165.200.254:1 192.168.1.3:1 198.133.219.1:1 198.133.219.1:1 create 00:00:04, use 00:00:01 timeout:60000, left 00:00:58, flags: extended, use_count: 0, entry-id: 12, lc_entries: - 209.165.200.254 192.168.1.3 create 00:30:09, use 00:00:04 timeout:0, flags: static, use_count: 1, entry-id: 2, lc_entries: Is the static NAT translation occurring successfully? Yes If static NAT is not occurring, repeat the steps above to troubleshoot the configuration © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of 14 Lab - Troubleshooting NAT Configurations Part 3: Troubleshoot Dynamic NAT a From PC-B, ping Lo0 on the ISP router Do any NAT debug translations appear on the Gateway router? No b On the Gateway router, enter the command that allows you to view the current configuration of the router Are there any problems with the current configuration that prevent dynamic NAT from occurring? Yes The NAT pool is incorrectly identified in the source statement The NAT access list has an incorrect network statement c Record any commands that are necessary to correct the dynamic NAT configuration errors Gateway(config)# no ip nat inside source list NAT_ACL pool NATPOOL Gateway(config)# ip nat inside source list NAT_ACL pool NAT_POOL Gateway(config)# ip access-list standard NAT_ACL Gateway(config-std-nacl)# no permit 192.168.10.0 0.0.0.255 Gateway(config-std-nacl)# permit 192.168.1.0 0.0.0.255 d From PC-B, ping Lo0 on the ISP router Do any NAT debug translations appear on the Gateway router? Yes *Mar 19 00:01:17.303: *Mar 19 00:01:17.315: Gateway# *Mar 19 00:01:18.307: *Mar 19 00:01:18.315: *Mar 19 00:01:19.303: Gateway# *Mar 19 00:01:19.315: *Mar 19 00:01:20.303: *Mar 19 00:01:20.311: NAT*: s=192.168.1.4->209.165.200.241, d=198.133.219.1 [198] NAT*: s=198.133.219.1, d=209.165.200.241->192.168.1.4 [198] NAT*: s=192.168.1.4->209.165.200.241, d=198.133.219.1 [199] NAT*: s=198.133.219.1, d=209.165.200.241->192.168.1.4 [199] NAT*: s=192.168.1.4->209.165.200.241, d=198.133.219.1 [200] NAT*: s=198.133.219.1, d=209.165.200.241->192.168.1.4 [200] NAT*: s=192.168.1.4->209.165.200.241, d=198.133.219.1 [201] NAT*: s=198.133.219.1, d=209.165.200.241->192.168.1.4 [201] e Use the show ip nat statistics to view NAT usage Gateway# show ip nat statistics Total active translations: (1 static, dynamic; extended) Peak translations: 3, occurred 00:02:58 ago Outside interfaces: Serial0/0/1 Inside interfaces: GigabitEthernet0/1 Hits: 24 Misses: CEF Translated packets: 24, CEF Punted packets: Expired translations: Dynamic mappings: Inside Source © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of 14 Lab - Troubleshooting NAT Configurations [Id: 2] access-list NAT_ACL pool NAT_POOL refcount pool NAT_POOL: netmask 255.255.255.248 start 209.165.200.241 end 209.165.200.246 type generic, total addresses 6, allocated (16%), misses Total doors: Appl doors: Normal doors: Queued Packets: Is the NAT occurring successfully? _ Yes What percentage of dynamic addresses has been allocated? 16% f Turn off all debugging using the undebug all command Reflection What is the benefit of a static NAT? _ _ A static NAT translation allows users from outside the LAN access to the computer or server on the internal network What issues would arise if 10 host computers in this network were attempting simultaneous Internet communication? _ _ Not enough public addresses exist in the NAT pool to satisfy 10 simultaneous user sessions, but as hosts drop off different hosts will be able to claim the pool addresses to access the Internet © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of 14 Lab - Troubleshooting NAT Configurations Router Interface Summary Table Router Interface Summary Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has There is no way to effectively list all the combinations of configurations for each router class This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device The table does not include any other type of interface, even though a specific router may contain one An example of this might be an ISDN BRI interface The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface Device Config Router Gateway Gateway#show run Building configuration Current configuration : 1805 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Gateway ! boot-start-marker boot-end-marker ! ! enable secret 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 ! no aaa new-model ! ! no ip domain lookup © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page 10 of 14 Lab - Troubleshooting NAT Configurations ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! redundancy ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 ip address 209.165.200.225 255.255.255.252 ip nat outside ip virtual-reassembly in ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat pool NAT_POOL 209.165.200.241 209.165.200.246 netmask 255.255.255.248 ip nat inside source list NAT_ACL pool NAT_POOL ip nat inside source static 192.168.1.3 209.165.200.254 ip route 0.0.0.0 0.0.0.0 Serial0/0/1 ! ip access-list standard NAT_ACL permit 192.168.1.0 0.0.0.255 © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page 11 of 14 Lab - Troubleshooting NAT Configurations ! ! ! ! control-plane ! ! banner motd ^CAUTHORIZED ACCESS ONLY^C ! line password cisco logging synchronous login line aux line no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits line vty password cisco login transport input all ! scheduler allocate 20000 1000 ! end Router ISP ISP#show run Building configuration Current configuration : 1482 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! ! enable secret 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 ! © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page 12 of 14 Lab - Troubleshooting NAT Configurations no aaa new-model memory-size iomem 15 ! no ip domain lookup ip cef ! ! ! ! ! ! no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! ! ! ! interface Loopback0 ip address 198.133.219.1 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 209.165.200.226 255.255.255.252 clock rate 128000 ! interface Serial0/0/1 no ip address shutdown ! ip forward-protocol nd © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page 13 of 14 Lab - Troubleshooting NAT Configurations ! no ip http server no ip http secure-server ! ip route 209.165.200.224 255.255.255.224 Serial0/0/0 ! ! ! ! control-plane ! ! ! line password cisco logging synchronous login line aux line no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits line vty password cisco login transport input all line vty 15 password cisco login transport input all ! scheduler allocate 20000 1000 ! end © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page 14 of 14 NAT Check (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only Objective Configure, verify and analyze static NAT, dynamic NAT and NAT with overloading Instructor Note: This activity can be completed individually or in small or large groups Scenario Network address translation is not currently included in your company’s network design It has been decided to configure some devices to use NAT services for connecting to the mail server Before deploying NAT live on the network, you prototype it using a network simulation program Resources  Packet Tracer software  Word processing or presentation software Directions Step 1: Create a very small network topology using Packet Tracer, including, at minimum: a Two 1941 routers, interconnected b Two LAN switches, one per router c One mail server, connected to the LAN on one router d One PC or laptop, connected the LAN on the other router Step 2: Address the topology a Use private addressing for all networks, hosts, and device b DHCP addressing of the PC or laptop is optional c Static addressing of the mail server is mandatory Step 3: Configure a routing protocol for the network Step 4: Validate full network connectivity without NAT services a Ping from one end of the topology and back to ensure the network is functioning fully b Troubleshoot and correct any problems preventing full network functionality Step 5: Configure NAT services on either router from the host PC or laptop to the mail server Step 6: Produce output validating NAT operations on the simulated network a Use the show ip nat statistics, show access-lists, and show ip nat translations commands to gather information about NAT’s operation on the router b Copy and paste or save screenshots of the topology and output information to a word processing or presentation document © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of NAT Check Step 7: Explain the NAT design and output to another group or to the class Suggested Activity Example (student designs will vary): NAT Topology Diagram R2# show ip nat translations Pro Inside global icmp 192.168.1.1:2 Inside local 192.168.1.2:2 Outside local 192.168.3.2:2 Outside global 192.168.3.2:2 R2# show ip nat statistics Total translations: (0 static, dynamic, extended) Outside Interfaces: GigabitEthernet0/0 Inside Interfaces: Serial0/0/0 Hits: Misses: Expired translations: Dynamic mappings: Inside Source access-list pool R1 refCount pool R1: netmask 255.255.255.0 start 192.168.1.1 end 192.168.1.254 type generic, total addresses 254 , allocated (0%), misses R2# show access-lists Standard IP access list permit 192.168.1.0 0.0.0.255 (6 match(es)) Identify elements of the model that map to IT-related content: NAT Configuration © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of NAT Check Operation Troubleshooting © 2013 Cisco and/or its affiliates All rights reserved This document is Cisco Public Page of ... memory When prompted to Proceed with reload, press Enter to confirm the reload Pressing any other key will abort the reload Router# reload Proceed with reload? [confirm] *Nov 29 18:28:09.923: %SYS-5-RELOAD:... When you are prompted to delete this file, press Enter to confirm the deletion (Pressing any other key will abort the deletion.) Delete flash:/vlan.dat? [confirm] Switch# Step 4: Erase the startup... prompted to remove the configuration file, press Enter to confirm the erase (Pressing any other key will abort the operation.) Switch# erase startup-config Erasing the nvram filesystem will remove