WIXLIB

Cisco CCNA in 60 DaysWorkbook Labswww.in60days.com Copyright Paul Browning 2020

ContentsDynamic ARP Inspection (DAI) . 4Implementing GLBP . 8Install a Wireless Access Point . 14Verify IP parameters for Linux OS (GUI and CLI) . 19Verify IP parameters for Mac OS (GUI). 27Power over Ethernet (PoE) Basics. 34Implementing QoS. 37Implementing VRRP . 40Verify IP parameters for Windows OS (GUI and CLI) . 44Configure WLAN using WPA2 PSK using the GUI . 50www.in60days.com Copyright Paul Browning 2020

Here are some more labs you need to configure. They are mentioned in the syllabus but we just ranout of space. As with all the labs, use these as a basis for your studies and then make your own uptesting all the available commands.These labs are from our 101 Labs – Cisco CCNA book which is for sale on Amazon if you want an extrastudy tool.www.in60days.com Copyright Paul Browning 2020

Dynamic ARP Inspection (DAI)Lab Objective:In this lab, you will learn how to configure layer 2 security feature called Dynamic ARP Inspection or DAIto protect the network against malicious ARP packets.Lab Purpose:Dynamic ARP Inspection depend on DHCP snooping. Once DHCP issues the IP information out, it willtake the MAC address and map it to the IP address and store it on the switch. When another device isconnected to the network and it’s MAC address and IP address do not match an entry in the DHCPsnooping bindings database, switch drops an ARP packet.Certification Level:This lab is suitable for ICND2 and CCNA certification exam preparation.Lab Difficulty:This lab has a difficulty rating of 8/10.Readiness Assessment:When you are ready for your certification exam, you should complete this lab in no morethan 20 minutes.Lab Topology:Please use the following topology to complete this lab exercise. (GNS3 with IOSvL2 is used for this lab)Task 1:Configure the hostnames and IP address on R1 as illustrated in the topology.Task 2:Configure DHCP scope on R1www.in60days.com Copyright Paul Browning 2020

Task 3:Use default VLAN 1 on switch SW1 and configure all three ports as access ports.Task 4:Enable DHCP snooping on switch SW1 and configure port Gi0/2 as DHCP snooping trust portVerify using following command show ip dhcp binding ( on R1)show ip dhcp snooping binding (on SW1)Task 5:On switch SW1, enable ARP inspection on VLAN 1 and configure port Gi0/1 and Gi0/2 as ARP inspectiontrust portsTask 6:Assign static IP 192.168.10.2/24 to an attacker PC and ping R1’s IPConfiguration and VerificationTask 1:For reference information on configuring hostnames and IP address, please refer to earlier labs.Task 2:R1#config tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#ip dhcp pool mypoolR1(dhcp-config)#network 192.168.10.0 255.255.255.0R1(dhcp-config)#ip dhcp relay information trust-allTask 3:SW1#config tEnter configuration commands, one per line.SW1(config)#int gi0/0SW1(config-if)#switchport mode accessSW1(config-if)#int gi0/1SW1(config-if)#switchport mode accessSW1(config-if)#int gi0/2SW1(config-if)#switchport mode accessTask 4:SW1#config tSW1(config)#ip dhcp snoopingSW1(config)#ip dhcp snooping vlan 1www.in60days.com Copyright Paul Browning 2020End with CNTL/Z.

SW1(config)#int gi0/2SW1(config-if)#ip dhcp snooping trustPC now should be able to get an IP from DHCP (configured on R1)PC ping84 bytes84 bytes84 bytes84 bytes84 bytes192.168.10.254from 192.168.10.254from 192.168.10.254from 192.168.10.254from 192.168.10.254from 192.168.10.254icmp seq 1icmp seq 2icmp seq 3icmp seq 4icmp seq 5ttl 255ttl 255ttl 255ttl 255ttl 255time 6.759 mstime 14.000 mstime 12.774 mstime 15.825 mstime 11.043 msR1#sh ip dhcp bindingBindings from all pools not associated with VRF:IP address Client-ID/Lease expirationType State InterfaceHardware address/Username192.168.10.1 0100.5079.6668.00 Jun15 2020 03:36PM Auto Active Gi0/0Switch#show ip dhcp snooping ------------- --------------- 68.10.180246GigabitEthernet0/1Total number of bindings: 1TypeVLAN-----------------dhcp-snooping1Task 5:SW1#config tSW1(config)#ip arp inspection vlan 1SW1(config)#int gi0/1SW1(config-if)#ip arp inspection trustSW1(config-if)#int gi0/2SW1(config-if)#ip arp inspection trustTask 6:Attacker show ipNAME: Attacker[1]IP/MASK: 192.168.10.2/24Attacker ping 192.168.10.254host (192.168.10.254) not reachableSW1(config)#*Jun 14 07:14:05.474: %SW DAI-4-DHCP SNOOPING DENY: 1 Invalid ARPs(Req) on Gi0/0, vlanwww.in60days.com Copyright Paul Browning 2020

.168.10.254/07:14:04UTC Sun Jun 14 2020])*Jun 14 07:14:06.484: %SW DAI-4-DHCP SNOOPING DENY: 1 Invalid ARPs(Req) on Gi0/0, /192.168.10.254/07:14:05UTC Sun Jun 14 2020])*Jun 14 07:14:07.536: %SW DAI-4-DHCP SNOOPING DENY: 1 Invalid ARPs(Req) on Gi0/0, /192.168.10.254/07:14:06UTC Sun Jun 14 2020])As you can see Attacker PC is not able to ping R1 IP address and Invalid ARPs log entries wouldshow up under switch SW1.www.in60days.com Copyright Paul Browning 2020

Implementing GLBPLab Objective:The objective of this lab exercise is for you to learn how to implement GLBP in the Corelevel of your network.Lab Purpose:Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol and is a very special protocolbecause unlike the others, GLBP allows the load balancing of traffic among the master and standbyrouters. GLBP is considered a high-end feature and that means most Cisco switches and routers don'tsupport GLBP. By configuring a virtual IP address on the router interfaces, you will determine which oneacts as primary and which one as secondary based on interface priority level. The difference here(compared to VRRP and HSRP) is that there will be load balancing happening between the primary andsecondary router.Certification Level:Th is lab is suitable for ICND2 and CCNA certification exam preparation.Lab Difficulty:This lab has a difficulty rating of 8/10.Readiness Assessment:When you are ready for your certification exam, you should complete this lab in no morethan 20 minutes.Lab Topology:Please use the following topology to complete this lab exercise.NOTE: Packet Tracer doesn’t support GLBP. You can use GNS3 or live equipmentwww.in60days.com Copyright Paul Browning 2020

NOTE: R1 and R2 both connect to the Internet.Task 1:Configure hostnames on R1, R2, and R3 as illustrated in the topology.Task 2:Configure the IP addresses on the Gig0/0 interfaces of R1, R2, and R3 as illustrated inthe topology.NOTE: 192.168.10.254 will be the GLBP virtual address shared between R1 and R2.Task 3:Configure GLBP on R1 and R2 as follows: GLBP group number: 100GLBP virtual IP address: 192.168.10.254R1: primary gateway (GLBP Priority 100)R2: secondary gateway (GLBP Priority 90)GLBP routers should send Hellos every second and detect a failure of a routerin 3 secondsGLBP routers should authenticate their communication using the key “CCNA”.www.in60days.com Copyright Paul Browning 2020

Task 4:Configure R3 to use 192.168.10.254 (GLBP virtual IP) as its default gateway.Task 5:Check the status of GLBP on R1 and R2 running the following commands: show glbpshow glbp briefConfiguration and VerificationTask 1:For reference information on configuring hostnames, please refer to earlier labs.Task 2:For reference information on configuring IP addressing, please refer to earlier labs.Task3:R1#config tR1(config)#int gig0/0R1(config-if)# glbp 100R1(config-if)# glbp 100R1(config-if)# glbp 100R1(config-if)# glbp 100ip 192.168.10.254priority 100timers 1 3authentication text CCNAR2(config)#int gig0/0R2(config-if)# glbp 100R2(config-if)# glbp 100R2(config-if)# glbp 100R2(config-if)# glbp 100ip 192.168.10.254priority 90timers 1 3authentication text CCNATask 4:R3(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.254With this configuration, if R3 wants to communicate on the Internet, it will send theIP packets to the GLBP virtual IP address and traffic will get load balanced between R1 and R2. Also, ifany of the two routers fail, the other one will take over and becomes master (load balancing andredundancy).Task 5:www.in60days.com Copyright Paul Browning 2020

R1#show glbpGigabitEthernet0/0 - Group 100State is Active4 state changes, last state change 00:04:52Virtual IP address is 192.168.10.254Hello time 1 sec, hold time 3 secNext hello sent in 0.832 secsRedirect time 600 sec, forwarder time-out 14400 secAuthentication text, string "CCNA"Preemption disabledActive is localStandby is 192.168.10.2, priority 90 (expires in 2.880 sec)Priority 100 (default)Weighting 100 (default 100), thresholds: lower 1, upper 100Load balancing: round-robinGroup members:ca01.4e20.0008 (192.168.10.1) localca02.4568.0008 (192.168.10.2)There are 2 forwarders (1 active)Forwarder 1State is Active3 state changes, last state change 00:15:15MAC address is 0007.b400.6401 (default)Owner ID is ca01.4e20.0008Redirection enabledPreemption enabled, min delay 30 secActive is local, weighting 100Forwarder 2State is Listen2 state changes, last state change 00:04:39MAC address is 0007.b400.6402 (learnt)Owner ID is ca02.4568.0008Redirection enabled, 599.904 sec remaining (maximum 600 sec)Time to live: 14399.904 sec (maximum 14400 sec)Preemption enabled, min delay 30 secActive is 192.168.10.2 (primary), weighting 100 (expires in 3.072sec)R2#show glbpGigabitEthernet0/0 - Group 100www.in60days.com Copyright Paul Browning 2020

State is Standby4 state changes, last state change 00:05:38Virtual IP address is 192.168.10.254Hello time 1 sec, hold time 3 secNext hello sent in 0.640 secsRedirect time 600 sec, forwarder time-out 14400 secAuthentication text, string "CCNA"Preemption disabledActive is 192.168.10.1, priority 100 (expires in 3.040 sec)Standby is localPriority 90 (configured)Weighting 100 (default 100), thresholds: lower 1, upper 100Load balancing: round-robinGroup members:ca01.4e20.0008 (192.168.10.1)ca02.4568.0008 (192.168.10.2) localThere are 2 forwarders (1 active)Forwarder 1State is Listen4 state changes, last state change 00:05:41MAC address is 0007.b400.6401 (learnt)Owner ID is ca01.4e20.0008Time to live: 14399.936 sec (maximum 14400 sec)Preemption enabled, min delay 30 secActive is 192.168.10.1 (primary), weighting 100 (expires in 3.008sec)Arp replies sent: 1Forwarder 2State is Active1 state change, last state change 00:20:09MAC address is 0007.b400.6402 (default)Owner ID is ca02.4568.0008Preemption enabled, min delay 30 secActive is local, weighting 100Arp replies sent: 1As you can see from the above output, default load balancing algorithm is round-robin. That means eachrouter equally takes turns forwarding traffic.R1#show glbp briefInterface Grp Fwd Pri StateGi0/0100 100 ActiveGi0/0100 1- ActiveGi0/0100 2- ListenAddressActive router Standby router192.168.10.254 local192.168.10.20007.b400.6401 local0007.b400.6402 192.168.10.2-www.in60days.com Copyright Paul Browning 2020

R2#sh glbpInterfaceGi0/0Gi0/0Gi0/0briefGrp Fwd100 100 1100 2Pri StateAddressActive90 Standby 192.168.10.254- Listen0007.b400.6401- Active0007.b400.6402www.in60days.com Copyright Paul Browning 2020router Standby router192.168.10.1local192.168.10.1local-

Install a Wireless Access PointLab Objective:Learn how to install a WAP.Lab Purpose:WAPs are ubiquitious and you are more than likely going to be required to install them as part of yourjob as a network engineer. This lab will cover the basics, we will look into wireless security later in thisguide.Lab Tool:Packet TracerLab Topology:Please use the following topology to complete this lab exercise:Lab Walkthough:Task 1:www.in60days.com Copyright Paul Browning 2020