CCNA Test Lab

I have been working on renewing my CCNA certification. I have been reading up extensively using the CCNA Study Guide 7th Edition, CBT Nuggets and GNS3 over the past month. I have 3 chapters left in the Study guide and I have covered topics including The OSI and DoD Models, How routers Switch and Route to how to configure Static and Dynamic Routing and switching to name a few.

Last night after I finished the chapter on Network Address Translation I decided to make a simple lab topology using GNS3 and emulating a medium sized network.

Test Lab aimed to cover Routing, subnetting, summarization and nat

I started drawing the network out on paper based on needs to create an efficient, redundant and scalable and fast converging network. The network diagram shows that there are 2 buildings indicated by a Multi-layer switches. I used two 2691 routers in GNS3 and changed them to look like they were a 4500/6500 series switch commonly found in network environment.

Each building has four networks. Building_1 has 192.168.0.0/22  and Building_2 has 192.168.4.0/22 as the subnets. Each multi-layer switch are connected to a gateway router in a mesh topology to ensure that if one of the segments go down there is an alternate path. With that said I chose EIGRP as the routing protocol as it keeps backup routes for fast convergence, which happens to fit one of the descriptions of the lab requirements I designed.

The links between the Multi-layer switches and the gateway are subnetted using the 10.1.1.0/30, 10.1.1.4/30 and 10.1.1.8/30 networks allowing a ip address hierarchy to be scalable and logical while conserving on the ip addressing space. Doing this allows me effectively summarize networks and reduce routing overhead on the equipment making the networking efficient as possible.

Finally, the last piece of the puzzle is setting up NAT on the Gateway router. The Network has been allotted 5 public ip address used for communication to the internet. The IP address are 200.1.1.1 – 200.1.1.5 on the network 200.1.1.0/29.

This is just part one of the test lab that I created. Designing the network based off the requirements is all good but you need to make sure that you can implement the design, verify that the pieces are working and troubleshoot if something is not. That is what the CCNA series is trying to teach. The verification and troubleshooting of the processes because when a network goes down and your in charge of finding out what is wrong knowing the troubleshooting steps to identify the problems and implementing the fixes and verifying that they work are just as important as being able to design the network.

Earlier today, I was working on creating the configurations in notepad while referencing to the network diagram that I created. I took the information from the visual diagram and typed in the commands in the order in which I would use to get the devices running.  With that I was able to take the topology that was running in GNS3 and use the console connection to paste each line in one by one.

The administrative functions came first. Setting up the enable secret password, the local username with level 15 privledges and the console/vty settings.

 

hostname Gateway

no ip domain-lookup

ip domain-name gateway.lab.local

enable secret cisco

username ron privileged 15 password cisco

banner motd # This is a private router. If you don’t have access Please log off immediately. #

line con 0

login local

logging synchronous

line vty 0 4

login local

transport input ssh telnet

crypto key generate rsa general-keys label SSH modulus 1024

Once those functions were done, I was able to focus on getting the interfaces configured using the appropriate commands and verifying that the interfaces had the right IP Addresses and could Ping Each other. The two commands that I used during this step was show ip int brief and ping which allowed me to verify that the correct ip addresses were assigned to the right interfaces and that the interfaces were enabled.

The next part that I configured was the routing between each of the Buildings and the Gateway. I used the Router EIGRP 100 command to initiate the routing process and I turned off the automatic summarization feature of EIGRP with the no auto-summary command. The next set of commands that I configured were the network commands. For example network 10.1.1.1 0.0.0.0 was the command I used to enable eigrp to start sending hello packets out of the interface as well as which interfaces should exchange routing information such as on lan segments or the segments going to the ISP

Verification commands that I used in this stage was the Sh Ip route EIGRP and Sh ip eigrp Neighbors and debug ip eigrp 100. Fortuneatly enough the commands I had in my configuration template worked right the first time so I didn’t have to troubleshot that much

The final part of my configuration I needed to do was setting up Dynamic Nat with Overload and set up the RFC1918 networks block to block private ip addresses from being routed into the network from the ISP as that could be a potential security threat. The configuration that I made in notepad worked like a charm on the first try. I was able to translate the private 192.168.0.0/24 networks to the internet but deny the 10.1.1.0/24 networks.

This lab that I create actually helped me out. I was able to take a design that I made myself. Implement it on paper and then implement it onto the devices. I was able to get it running well and if I did encounter a problem I was able to get troubleshoot and validate my work. This proves that I am coming along from being a novice and on the right path to become an expert with the CCNA level Material and its one step closer to my goal.

If you want to see what my original configuration looked like. Please keep in mind that this is a rough configuration and It needed some additional troubleshooting. But I had the whole network working within 30 minutes from start to finish.

Enable

config t

hostname Gateway

no ip domain-lookup
ip domain-name gateway.lab.local

enable secret cisco

username ron privledge 15 password cisco

banner motd # This is a private router. If you don't have access Please log off immediately. #

line con 0
login local
logging synchronus

line vty 0 4
login local
transport input ssh telnet

crypto key generate rsa

ip ssh version 2

ip access-list standard BLOCK_PRIVATE_WAN
deny 10.0.0.0 0.255.255.255
deny 172.16.0.0 0.15.255.255
deny 192.168.0.0 0.0.255.255
permit any

interface s0/0
description Link to ISP BLABRunner.
ip address 200.1.1.1 255.255.255.248
no cdp enable
ip access-group BLOCK_PRIVATE_WAN in
ip nat outside
no shutdown

interface f0/0
description 100M link to Building 1
ip address 10.1.1.1 255.255.255.252
bandwidth 102400
ip nat inside
no shutdown

interface f0/1
description 100M link to Building 2
ip address 10.1.1.5 255.255.255.252
bandwidth 102400
ip nat inside
no shutdown

ip route 0.0.0.0 0.0.0.0 200.1.1.6

router eigrp 100
no auto-summary
network 10.1.1.1 0.0.0.0
network 10.1.1.5 0.0.0.0
network 0.0.0.0
passive-interface s0/0

ip nat pool WAN_OVERLOAD 200.1.1.1 200.1.1.5 netmask 255.255.255.248
ip nat inside source list NAT_ALLOWED pool WAN_OVERLOAD overload

ip access-list standard NAT_ALLOWED
permit 192.168.0.0 0.0.15.255

!-------------------------------------------------------------------------------------------------------

Enable

config t

hostname building1

no ip domain-lookup
ip domain-name building1.lab.local

enable secret cisco

username ron privledge 15 password cisco

banner motd # This is a private router. If you don't have access Please log off immediately. #

line con 0
login local
logging synchronus

line vty 0 4
login local
transport input ssh telnet

crypto key generate rsa

ip ssh version 2

interface f0/0
description 100M link to gateway
ip address 10.1.1.2 255.255.255.252
bandwidth 102400
ip summary-address eigrp 100 192.168.0.0 255.255.252.0
no shutdown

interface f0/1
description 100M link to Building 2
ip address 10.1.1.9 255.255.255.252
bandwidth 102400
ip summary-address eigrp 100 192.168.0.0 255.255.252.0
no shut

interface lo0
ip address 192.168.0.1 255.255.255.0
no cdp enable
no shut

interface lo1
no cdp enable
ip address 192.168.1.1 255.255.255.0
no cdp enable
no shut

interface lo2
ip address 192.168.2.1 255.255.255.0
no cdp enable
no shut

interface lo3
ip address 192.168.3.1 255.255.255.0
no cdp enable
no shut

router eigrp 100
no auto-summary
passive-interface lo0
passive-interface lo1
passive-interface lo2
passive-interface lo3

network 10.1.1.2 0.0.0.0
network 10.1.1.9 0.0.0.0
network 192.168.0.1 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.2.1 0.0.0.0
network 192.168.3.1 0.0.0.0

!-------------------------------------------------------------------------------------------------------
Enable

config t

hostname building2

no ip domain-lookup
ip domain-name building2.lab.local

enable secret cisco

username ron privledge 15 password cisco

banner motd # This is a private router. If you don't have access Please log off immediately. #

line con 0
login local
logging synchronus

line vty 0 4
login local
transport input ssh telnet

crypto key generate rsa

ip ssh version 2

interface f0/0
description 100M link to gateway
ip address 10.1.1.6 255.255.255.252
bandwidth 102400
ip summary-address eigrp 100 192.168.4.0 255.255.252.0
no shutdown

interface f0/1
description 100M link to Building 1
ip address 10.1.1.10 255.255.255.252
bandwidth 102400
ip summary-address eigrp 100 192.168.4.0 255.255.252.0
no shut

interface lo0
ip address 192.168.4.1 255.255.255.0
no cdp enable
no shut

interface lo1
ip address 192.168.5.1 255.255.255.0
no cdp enable
no shut

interface lo2
ip address 192.168.6.1 255.255.255.0
no cdp enable
no shut

interface lo3
ip address 192.168.7.1 255.255.255.0
no cdp enable
no shut

router eigrp 100
no auto-summary
passive-interface lo0
passive-interface lo1
passive-interface lo2
passive-interface lo3

network 10.1.1.6 0.0.0.0
network 10.1.1.10 0.0.0.0
network 192.168.4.1 0.0.0.0
network 192.168.5.1 0.0.0.0
network 192.168.6.1 0.0.0.0
network 192.168.7.1 0.0.0.0

!-------------------------------------------------------------------------------------------------------

en

config t

hostname ISP

no ip domain-lookup

banner motd # This is a restricted system. Enter at your own RISK! #

interface s0/0
description Link to Lab.local IP RANGE 200.1.1.0/29
clock rate 100000000
ip address 200.1.1.6 255.255.255.248
no cdp enable
ip access-group BLOCK_PRIVATE_WAN in
no shutdown

int lo0
ip address 100.1.1.1 255.255.255.255
no shut

ip route 200.1.1.0 255.255.255.248 200.1.1.1
ip route 100.1.1.0 255.255.255.0 lo0

ip access-list standard BLOCK_PRIVATE_WAN
deny 10.0.0.0 0.255.255.255
deny 172.16.0.0 0.15.255.255
deny 192.168.0.0 0.0.255.255
permit any