//=============================================================================================
// Commands used in
//============================================================================================
//===========Vlan codes===============
show vlan == s=display vlans details
show vlan brief == display the details of the vlans
create a vlan == config t -> vlan 10
assign switch port to a specific vlan == interface fastEthernet 0/11 -> switchport mode access ->switchport access vlan 10
//=================== creating sub interface/interface on router =====================
to create sub interface on the router == int GigabitEthernet0/0/0.10 -> encapsulation dot1Q 10 -> ip address 172.17.10.1 255.255.255.0 (ip Computers walain bs akhari ka digit 1 )-> no shutdown
* to display interface details on router == show ip interface brief
//================== Trunking codes ====================
* to communicate the computer between different vlans === (enable trunking on switch)
enable trunking == (jis port ko stream send krna ha uspr ye code eg jo router se connect etc) == interface g0/1 -> switchport mode trunk
to verify trunk = show interface trunk
jo pc ka default gateway ha usko aur router ka subinterface uske network ke hisab se assign krny hain
//========================================================================================================
sample
Router0 = ip route 10.0.0.0 255.0.0.0 40.0.0.1
routing the ips
// jis source se pichla router ka network broadcast kr rha ha aur destination port
ip route 10.0.0.0 255.0.0.0 20.0.0.1
ip route 10.0.0.0 ( jis network ko access krna ha) 255.0.0.0 20.0.0.1 (dono router ke connection ka port )
=================LAB 1 ===========================================
SWITCH BASIC COMMANDS ===========
* the show running-config (will display default configuration of switch)
* show run (will also display the configs as show running-config)
* show startup-config (Startup configuration of NVRAM)
* show interface vlan1 (To display the characteristics of vlan1)
* show ip interface vlan1 (IP properties SVOI Vlan 1 )
* show version (Cisco version of the switch)
* show vlan (To examine the default setting of vlan of the switch)
* Switch# show flash: Switch# dir flash: (Examine the flash memory)
* setting the ip and interface of the switch
--Configure terminal
--Interface VLAN 1
--Ip address 192.168.1.2 255.255.255.0
--No shutdown
* setting a password to console port access
COMMANDS ON PC===================
* enable
* config terminal
* line console 0
* login
* password ibrahim
* show interface GigabitEthernet0/1 (To Examine the default properties of the GigabitEthernet0/1 interface used by PC-A.)
=============================================================================================================
===================================================Lab 2 ===================================================
create a vlan interface --------------
To create a vlan on a switch
* S1#(config)# vlan 10
* S1#(config-vlan)# name Faculty/Staff
in a similar way create vlan 20 30
Which command will only display the VLAN name
* Show vlan brief
Assigning Vlan to a switch 2 3
VLAN 10: FastEthernet 0/11
* S2(config)# interface f0/11
* S2(config-if)# switchport mode access
* S2(config-if)# switchport access vlan 10
making trunk on switch 1 for switch 2 3
S1(config)# interface range fa0/1 – 3
S1 (config-if-range)# switchport mode trunk
S1(config-if)#switchport trunk allowed vlan 1,10,20,30
To verify trunking is enabled on s2 and s3 write the following commands
S3# show interface trunk
=======LAB 3==============
-----------------------SIDE BASIC CODES ------------------
Setting a router name
* hostname R1
To Set the router’s domain name as ccna-lab.com.
* R1(config)# ip domain name ccna-lab.com
a. Console into the router and enable privileged EXEC mode.
Router> enable
b. Enter configuration mode.
Router# config terminal
c. Assign a device name to the router.
Router(config)# hostname R1
d. Set the router’s domain name as ccna-lab.com.
R1(config)# ip domain name ccna-lab.com
e. Encrypt the plaintext passwords.
R1(config)# service password-encryption
f. Configure the system to require a minimum 12-character password.
R1(config)# security passwords min-length 12
g. Configure the username SSHadmin with an encrypted password of 55Hadm!n2020.
R1(config)# username SSHadmin secret 55Hadm!n2020
h. Generate a set of crypto keys with a 1024 bit modulus.
R1(config)# crypto key generate rsa general-keys modulus 1024
i. Assign $cisco!PRIV* as the privileged EXEC password.
R1(config)# enable secret $cisco!PRIV*
j. Assign $cisco!!CON* as the console password. Configure sessions to disconnect after four minutes of
inactivity, and enable login.
R1(config)# line console 0
R1(config-line)# password $cisco!!CON*
R1(config-line)# exec-timeout 4 0
R1(config-line)# login
k. Assign $cisco!!VTY* as the vty password. Configure the vty lines to accept SSH connections only.
Configure sessions to disconnect after four minutes of inactivity, and enable login using the local
database.
R1(config)# line vty 0 4
R1(config-line)# password $cisco!!VTY*
R1(config-line)# exec-timeout 4 0
R1(config-line)# transport input ssh
R1(config-line)# login local
l. Create a banner that warns anyone accessing the device that unauthorized access is prohibited.
R1(config)# banner motd $ Authorized Users Only! $
m. Enable IPv6 routing.
R1(config)# ipv6 unicast-routing
--------------------------------------------------------------------
Creating an interface on router for ports
int GigabitEthernet0/0/0
ip address 192.168.0.1 255.255.255.0
NO SHUTDOWN
To create a vlan on a switch
* S1#(config)# vlan 10
----------------------LAB 3 Part 2 -----------------
To provide a communication on switch between devices that are configured on different vlans on that switch using a router on switch
summary router ke port pr vlan ke subinterfaces create aur switch ke port pr trunking enable
for vlan 10
R1(config)# int g0/0.10
R1(config-subif)# encapsulation dot1Q 10 (indicating the vlan ID here 10)
R1(config-subif)# ip address 172.17.10.1 255.255.255.0
repeat the same commands for vlan30
for varification
* show ip interface brief
192.
Now we need to enable trunking for the subinterfaces of router on switch port
S1(config)# interface gig0/1
S1 (config-if-range)# switchport mode trunk
S1(config-if)#switchport trunk allowed vlan 1,10,20,30
show interface trunk -- for varification
default gateway bhi set krna ha pcs mn which will be the ip of their respective vlan subinterface on router
=========LAB 4==============
generate http traffic in webserver type http client
192.168.1.254
generate ftp traffic using prompt by clicking ftp client
ftp 192.168.1.254
generate a dns traffic
nslookup multiserver.pt.ptu
generate email traffic click maiol client then send mail
user@multiserver.pt.ptu
===================LAB 5 =============
// toupology set krny ke baad networks define krne ke baad
// isme bhi default gateway set krna ha pcs ka
Router4 =
Router5 = ip route 40.0.0.0 255.0.0.0 50.0.0.5
Router0 = ip route 10.0.0.0 255.0.0.0 40.0.0.1
routing the ips
ip route 10.0.0.0 255.0.0.0 20.0.0.1
ip route 10.0.0.0 ( jis network ko access krna ha DESTINATION network it does not matters who much hoops it contains ) 255.0.0.0 20.0.0.1 (MOST NEAREST ROUTER CONNECTION IP )
===================LAB 6 ====================
After configuring the router if the spscific port of a router protocol is down after running show ip interface brief then use a cross over cable
RIP
->After setting all the subnets and ips
->use the serial cable to connect the router in which you want
->then set the rip protocol with the following commands.
->Add the passive interfaces (wo interface jin pr ethernet laga hua ha )
->Add the suummarized network the the networks
* R1# config t
* R1(config)# router rip
* R1(config-router)# version 2
* R1(config-router)# passive-interface g0/1
* R1(config-router)# network 172.30.0.0
* R1(config-router)# network 10.0.0.0
Extra
*no auto-summary
*clear ip route *
The passive-interface command stops routing updates out the specified interface. This process prevents
unnecessary routing traffic on the LAN. However, the network that the specified interface belongs to is
still advertised in routing updates that are sent out across other interfaces.
===================LAB 7 =============
ACL Implementation
after
ye codes dono mn lagany standard and extended
*ip route 20.0.0.0 255.0.0.0 15.0.0.2 from host to server router
*ip route 10.0.0.0 255.0.0.0 15.0.0.1 from server to client on serial
*router rip
Standard ACL=====
*access-list 10 deny host 10.0.0.1
*access-list 10 permit any
*interface serial0/0/0
*ip access-group 10 out
EXTENDED ACL ==========
*accesss-list deny tcp host 10.0.0.1 host 20.0.0.1 eq www
*access-list deny tcp host 10.0.0.2 host 20.0.0.2 eq ftp
*access-list permit ip any any
*interface gig0/0
*ip access-group 110 in
------------
extras
*show access-list 110
access-list 110 deny tcp host 10.0.0.1 host 20.0.0.1 eq www
access-list 110 deny icmp host 10.0.0.1 host 20.0.0.1 eq www
access-list 1 permit 10.1.5.1
access-list 1 permit 172.30.0.0 0.0.255.255
access-list 10 permit any after deny allow others
interface GigabitEthernet0/0 / interface serial0/0/0
ip access-group 110 in ..out
==================
===================LAB 8 =============
apply static nat on service provider
apply pat on customer edge
========== static nat configurations on service provider
Make the toupology . sbki ip set default gateway
STATIC NAT
static nat steps
1.configure initial routes
2.configure inside outside nat
3.configure source
initial route on (router)
ip route 0.0.0.0 0.0.0.0 203.0.113.2 (next hop ip)
R1(config)#int g0/0
R1(config-if)#ip nat outside
R1(config-if)#in g0/1
R1(config-if)#ip nat inside
Do this for all pcs static nat mapping
*ip nat inside source static 172.16.0.x 100.0.0.x (for pc 1 x=1)
verify the static nat
*show ip nat translations
*show ip nat statistics
DYNAMIC NAT
ip route 0.0.0.0 0.0.0.0 203.0.113.2 (next hop ip)
R1(config)#int g0/0
R1(config-if)#ip nat outside
R1(config-if)#in g0/1
R1(config-if)#ip nat inside
now creating acl
*access-list 1 permit 172.16.0.0 0.0.255.255
*ip nat pool POOL1 100.0.0.1 100.0.0.2 netmask 255.255.255.0
*ip nat inside source list 1 pool POOL1
verify the dynamic nat
*do show ip nat translations in config t
PAT =================
for pat last 2 commands ki jagah ye
now configureing source with overload
*ip nat inside source list 1 interface g0/0 overload (internet ki taraf wala port )
===============================================
EXTRAS ====== FAALTU
after settign ips on servce provider manually or usinf these first 2 commands
*interface gig0/0
*ip address 10.0.0.1 255.0.0.0
*ip nat inside
*no shutdown
* interface se0/0/0
*ip address 220.110.0.1 255.255.255.252
*clock rate 64000
*ip nat outside
* no shutdown
configuring the source on service provider
ip nat inside source static 10.0.0.10 220.110.0.1
copy r s (optional commad to save a copy in nvram)
public address hamesha outside address
========== pat configurations on customer edge
initial route === ip route 0.0.0.0 0.0.0.0 se0/0/0
*interface gig0/0
*ip address 192.168.1.1
*ip nat inside
*no shutdown
* interface se0/0/0
*ip address 220.110.0.2 255.255.255.252
*clock rate 64000
*ip nat outside
* no shutdown
now creating acl
*access-list 1 permit 192.168.1.0 0.0.0.255
now configureing source with overload
*ip nat inside source list 1 interface se0/0/0 overload
No comments: