Word packet tracer

11.5.
5 Packet Tracer – Subnet an IPv4 Network

Packet Tracer – Subnet an IPv4 Network
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
CustomerRouter G0/0 192.168.0.1 255.255.255.192 N/A
CustomerRouter G0/1 192.168.0.65 255.255.255.192 N/A

CustomerRouter S0/1/0 209.165.201.2 255.255.255.252 N/A
LAN-A Switch VLAN1 192.168.0.2 255.255.255.192 192.168.0.1
LAN-B Switch VLAN1 192.168.0.66 255.255.255.192 192.168.0.65
PC-A NIC 192.168.0.62 255.255.255.192 192.168.0.1
PC-B NIC 192.168.0.126 255.255.255.192 192.168.0.65
ISPRouter G0/0 209.165.200.225 255.255.255.224 N/A
ISPRouter S0/1/0 209.165.201.1 255.255.255.252 N/A

ISPSwitch VLAN1 209.165.200.226 255.255.255.224 209.165.200.225
ISP Workstation NIC 209.165.200.235 255.255.255.224 209.165.200.225
ISP Server NIC 209.165.200.240 255.255.255.224 209.165.200.225
Objectives
 Part 1: Design an IPv4 Network Subnetting Scheme
 Part 2: Configure the Devices
 Part 3: Test and Troubleshoot the Network
Background / Scenario
 In this activity, you will subnet the Customer network into multiple subnets.
The subnet scheme should be based on the number of host computers
required in each subnet, as well as other network considerations, like future
network host expansion.
 After you have created a subnetting scheme and completed the table by filling
in the missing host and interface IP addresses, you will configure the host
PCs, switches and router interfaces.
 After the network devices and host PCs have been configured, you will use
the ping command to test for network connectivity.
Instructions
Part 1: Subnet the Assigned Network

Step 1: Create a subnetting scheme that meets the
required number of subnets and required number of host
addresses.
 In this scenario, you are a network technician assigned to install a new
network for a customer. You must create multiple subnets out of the
192.168.0.0/24 network address space to meet the following requirements:
a. The first subnet is the LAN-A network. You need a minimum of 50 host IP
addresses.
b. The second subnet is the LAN-B network. You need a minimum of 40 host IP
addresses.
c. You also need at least two additional unused subnets for future network
expansion.
Note: Variable length subnet masks will not be used. All of the device subnet
masks should be the same length.
d. Answer the following questions to help create a subnetting scheme that meets
the stated network requirements:
How many host addresses are needed in the largest required subnet?
50
What is the minimum number of subnets required?

The requirements stated above specify two company networks plus two
additional networks for future expansion. So, the answer is a minimum
of four networks.
The network that you are tasked to subnet is 192.168.0.0/24. What is the /24
subnet mask in binary?
1111111.11111111.11111111.00000000
e. The subnet mask is made up of two portions, the network portion, and the
host portion. This is represented in the binary by the ones and the zeros in the
subnet mask.
In the network mask, what do the ones represent?

The ones represent the network portion.
In the network mask, what do the zeros represent?

The zeroes represent the host portion.
f. To subnet a network, bits from the host portion of the original network mask
are changed into subnet bits. The number of subnet bits defines the number
of subnets.
Given each of the possible subnet masks depicted in the following binary
format, how many subnets and how many hosts are created in each example?
Hint: Remember that the number of host bits (to the power of 2) defines the
number of hosts per subnet (minus 2), and the number of subnet bits (to the
power of two) defines the number of subnets. The subnet bits (shown in bold)
are the bits that have been borrowed beyond the original network mask of /24.
The /24 is the prefix notation and corresponds to a dotted decimal mask of
255.255.255.0.
1. (/25) 11111111.11111111.11111111.10000000
Dotted decimal subnet mask equivalent:

255.255.255.128
Number of subnets? Number of hosts?

Two subnets (2^1) and 128 hosts (2^7) – 2 = 126 hosts per subnet
2. (/26) 11111111.11111111.11111111.11000000

255.255.255.192

Four subnets (2^2) and 64 hosts (2^6) – 2 = 62 hosts per subnet
3. (/27) 11111111.11111111.11111111.11100000

255.255.255.224

Eight subnets (2^3) and 32 hosts (2^5) – 2 = 30 hosts per subnet
4. (/28) 11111111.11111111.11111111.11110000

255.255.255.240
Sixteen subnets (2^4) and 16 hosts (2^4) – 2 = 14 hosts per subnet
5. (/29) 11111111.11111111.11111111.11111000

255.255.255.248

Thirty two subnets (2^5) and 8 hosts (2^3) – 2 = 6 hosts per subnet
6. (/30) 11111111.11111111.11111111.11111100

255.255.255.252

Sixty four subnets (2^6) and 4 hosts (2^2) – 2 = 2 hosts per subnet
Considering your answers above, which subnet masks meet the required
number of minimum host addresses?
/25, /26
Considering your answers above, which subnet masks meets the minimum
number of subnets required?
/26, /27, /28, /29, /30 will give the required number of subnets.
Considering your answers above, which subnet mask meets both the required
minimum number of hosts and the minimum number of subnets required?
/26 will give you the four subnets that are required, and 62 hosts per
subnet, which is greater than the 50 hosts required for the first subnet.
When you have determined which subnet mask meets all of the stated
network requirements, derive each of the subnets. List the subnets from first
to last in the table. Remember that the first subnet is 192.168.0.0 with the
chosen subnet mask.
Subnet Address Prefix Subnet Mask
192.168.0.0 /26 255.255.255.192

192.168.0.64 /26 255.255.255.192
192.168.0.128 /26 255.255.255.192
192.168.0.192 /26 255.255.255.192
Step 2: Fill in the missing IP addresses in the Addressing

Table
 Assign IP addresses based on the following criteria: Use the ISP Network
settings as an example.
a. Assign the first subnet to LAN-A.
1. Use the first host address for the CustomerRouter interface connected to
LAN-A switch.
2. Use the second host address for the LAN-A switch. Make sure to assign a
default gateway address for the switch.
3. Use the last host address for PC-A. Make sure to assign a default gateway
address for the PC.
b. Assign the second subnet to LAN-B.
1. Use the first host address for the CustomerRouter interface connected to
LAN-B switch.
2. Use the second host address for the LAN-B switch. Make sure to assign a
default gateway address for the switch.
3. Use the last host address for PC-B. Make sure to assign a default gateway
address for the PC.
Part 2: Configure the Devices

 Configure basic settings on the PCs, switches, and router. Refer to the
Addressing Table for device names and address information.
Step 1: Configure CustomerRouter.

a. Set the enable secret password on CustomerRouter to Class123
b. Set the console login password to Cisco123.
c. ConfigureCustomerRouter as the hostname for the router.
d. Configure the G0/0 and G0/1 interfaces with IP addresses and subnet masks,
and then enable them.
e. Save the running configuration to the startup configuration file.
Step 2: Configure the two customer LAN switches.

 Configure the IP addresses on interface VLAN 1 on the two customer LAN
switches. Make sure to configure the correct default gateway on each switch.
Step 3: Configure the PC interfaces.

 Configure the IP address, subnet mask, and default gateway settings on PC-
Aand PC-B.
Part 3: Test and Troubleshoot the Network

 In Part 3, you will use the ping command to test network connectivity.
a. Determine if PC-A can communicate with its default gateway. Do you get a
reply?
b. Determine if PC-B can communicate with its default gateway. Do you get a
reply?
c. Determine if PC-A can communicate with PC-B. Do you get a reply?
If you answered “no” to any of the preceding questions, then you should go
back and check your IP address and subnet mask configurations, and ensure
that the default gateways have been correctly configured on PC-A and PC-B.
Device Configurations
CustomerRouter
enable
configure terminal
hostname CustomerRouter
enable secret Class123
line con 0
password Cisco123
login
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.192
no shutdown
ip address 192.168.0.65 255.255.255.192
no shutdown
interface Serial0/1/0
ip address 209.165.201.2 255.255.255.252
no shutdown
end
LAN-A
enable
configure terminal
interface Vlan1
ip address 192.168.0.2 255.255.255.192
no shutdown
ip default-gateway 192.168.0.1
end
LAN-B
enable
configure terminal
interface Vlan1
ip address 192.168.0.66 255.255.255.192
no shutdown
end
PC-A
IP address: 192.168.0.63 /26
Default gateway: 192.168.0.1
PC-B
IP address: 192.168.0.126 /26
11.7.5 Packet Tracer – Subnetting Scenario
Packet Tracer – Subnetting Scenario
Addressing Table
Objectives
 Part 1: Design an IP Addressing Scheme
 Part 2: Assign IP Addresses to Network Devices and Verify Connectivity
Scenario
 In this activity, you are given the network address of 192.168.100.0/24 to
subnet and provide the IP addressing for the Packet Tracer network. Each
LAN in the network requires at least 25 addresses for end devices, the switch
and the router. The connection between R1 to R2 will require an IP address
for each end of the link.
Instructions
Part 1: Design an IP Addressing Scheme

Step 1: Subnet the 192.168.100.0/24 network into the
appropriate number of subnets.
a. Based on the topology, how many subnets are needed?
5 Four for the LANs, and one for the link between the routers.
b. How many bits must be borrowed to support the number of subnets in the
topology table?
3
c. How many subnets does this create?

8
d. How many usable hosts does this create per subnet?

30
Note: If your answer is less than the 25 hosts required, then you borrowed too
many bits.
e. Calculate the binary value for the first five subnets. The first two subnets have
been done for you.
f. Calculate the binary and decimal value of the new subnet mask.
g. Fill in the Subnet Table,listing the decimal value of all available subnets, the
first and last usable host address, and the broadcast address. Repeat until all
addresses are listed.
Note: You may not need to use all rows.
Subnet Table
o
Step 2: Assign the subnets to the network shown in the

topology.
a. Assign Subnet 0 to the LAN connected to the GigabitEthernet 0/0 interface of
R1: 192.168.100.0 /27
b. Assign Subnet 1 to the LAN connected to the GigabitEthernet 0/1 interface of

R1: 192.168.100.32 /27
c. Assign Subnet 2 to the LAN connected to the GigabitEthernet 0/0 interface of

R2: 192.168.100.64 /27
d. Assign Subnet 3 to the LAN connected to the GigabitEthernet 0/1 interface of

R2: 192.168.100.96 /27
e. Assign Subnet 4 to the WAN link between R1 to R2: 192.168.100.128 /27
Step 3: Document the addressing scheme.

 Fill in the Addressing Table using the following guidelines:
a. Assign the first usable IP addresses in each subnet to R1 for the two LAN
links and the WAN link.
b. Assign the first usable IP addresses in each subnet to R2 for the LAN links.
Assign the last usable IP address for the WAN link.
c. Assign the second usable IP address in the attached subnets to the switches.
d. Assign the last usable IP addresses to the PCs in each subnet.
Part 2: Assign IP Addresses to Network Devices

and Verify Connectivity
 Most of the IP addressing is already configured on this network. Implement
the following steps to complete the addressing configuration. EIGRP dynamic
routing is already configured between R1 and R2.
Step 1: Configure R1 LAN interfaces.

a. Configure both LAN interfaces with the addresses from the Addressing Table.
b. Configure the interfaces so that the hosts on the LANs have connectivity to
the default gateway.
Step 2: Configure IP addressing on S3.

a. Configure the switch VLAN1 interface with addressing.
b. Configure the switch with the default gateway address.
Step 3: Configure PC4.

 Configure PC4 with host and default gateway addresses.
Step 4: Verify connectivity.

 You can only verify connectivity from R1, S3, and PC4. However, you should
be able to ping every IP address listed in the Addressing Table.
Device Configs
R1
enable
configure terminal
ip address 192.168.100.1 255.255.255.192
no shutdown
ip address 192.168.100.33 255.255.255.192
no shutdown
end
S3
enable
configure terminal
interface Vlan1
ip address 192.168.100.66 255.255.255.192
no shutdown
end
PC4
IP address: 192.168.100.126 /27
Subnet Table
Subnet Numb Network First Usable Last Usable Bro
Descripti er of Address/CIDR Host Address Host Address Ad
on Hosts
Neede
d
User-4
LAN 58 192.168.72.0/26 192.168.72.1 192.168.72.62 192.1
User-3
LAN 29 192.168.72.64/27 192.168.72.65 192.168.72.94 192.1
User-2 192.168.72.12 192.1

LAN 15 192.168.72.96/27 192.168.72.97 6 7
User-1 192.168.72.128/2 192.168.72.12 192.168.72.14 192.1

LAN 7 8 9 2 3
WAN 192.168.72.144/3 192.168.72.14 192.168.72.14 192.1

Link 2 0 5 6 7
Device Interfac Address Subnet Mask Default

e Gateway
Remote-Site1 G0/0 192.168.72.129 255.255.255.240 N/A
Remote-Site1 G0/1 192.168.72.97 255.255.255.224 N/A
Remote-Site1 S0/0/0 192.168.72.145 255.255.255.252 N/A
Remote-Site2 G0/0 192.168.72.65 255.255.255.224 N/A
Remote-Site2 G0/1 192.168.72.1 255.255.255.192 N/A
Remote-Site2 S0/0/0 192.168.72.146 255.255.255.252 N/A
Sw1 VLAN 1 192.168.72.130 255.255.255.240 192.168.72.129
Sw2 VLAN 1 192.168.72.98 255.255.255.224 192.168.72.97
Sw3 VLAN 1 192.168.72.66 255.255.255.224 192.168.72.65

Device Interfac Address Subnet Mask Default
e Gateway
Sw4 VLAN 1 192.168.72.2 255.255.255.192 192.168.72.1
User-1 NIC 192.168.72.142 255.255.255.240 192.168.72.129
User-2 NIC 192.168.72.126 255.255.255.224 192.168.72.97
User-3 NIC 192.168.72.94 255.255.255.224 192.168.72.65
User-4 NIC 192.168.72.62 255.255.255.192 192.168.72.1
Remote-Site1
en
conf t
int g0/0
ip add 192.168.72.129 255.255.255.240
no shut
int g0/1
ip add 192.168.72.97 255.255.255.224
no shut
Sw-3
en
conf t
int vlan 1
ip add 192.168.72.66 255.255.255.224
no shut
ip def 192.168.72.65
User-4
IP Address: 192.168.72.62
Subnet Mask: 255.255.255.192
Default Gateway: 192.168.72.1
Download Packet Trace
13.2.6 Packet Tracer – Verify IPv4 and IPv6

Addressing (Instructor Version)
Same for:
 12.2.6 Packet Tracer – Verify IPv4 and IPv6 Addressing
 29.2.6 Packet Tracer – Verify IPv4 and IPv6 Addressing
Instructor Note: Red font color or gray highlights indicate text that appears in
the instructor copy only.
Topology
13.2.6 Packet Tracer – Verify IPv4 and IPv6 Addressing
Addressing Table
Device Interface IP Address / Prefix Default Gateway
R1 G0/0 10.10.1.97 255.255.255.224 N/A
R1 G0/0 2001:db8:1:1::1/64 N/A
R1 S0/0/1 10.10.1.6 255.255.255.252 N/A
R1 S0/0/1 2001:db8:1:2::2/64 N/A
R1 S0/0/1 fe80::1 N/A
R2 S0/0/0 10.10.1.5 255.255.255.252 N/A
R2 S0/0/0 2001:db8:1:2::1/64 N/A
R2 S0/0/1 10.10.1.9 255.255.255.252 N/A
R2 S0/0/1 2001:db8:1:3::1/64 N/A
R2 S0/0/1 fe80::2 N/A
R3 G0/0 10.10.1.17 255.255.255.240 N/A
R3 G0/0 2001:db8:1:4::1/64 N/A
R3 S0/0/1 10.10.1.10 255.255.255.252 N/A
R3 S0/0/1 2001:db8:1:3::2/64 N/A
R3 S0/0/1 fe80::3 N/A
PC1 NIC 10.10.1.100 255.255.255.224 10.10.1.97
PC1 NIC 2001:db8:1:1::a/64 fe80::1

PC2 NIC 10.10.1.20 255.255.255.240 10.10.1.17
PC2 NIC 2001:db8:1:4::a/64 fe80::3
Objectives
Part 1: Complete the Addressing Table Documentation
Part 2: Test Connectivity Using Ping
Part 3: Discover the Path by Tracing the Route
Background
Dual-stack allows IPv4 and IPv6 to coexist on the same network. In this activity,
you will investigate a dual-stack implementation including documenting the IPv4
and IPv6 configuration for end devices, testing connectivity for both IPv4 and
IPv6 using ping, and tracing the path from end to end for IPv4 and IPv6.
Part 1: Complete the Addressing Table Documentation

Step 1: Use ipconfig to verify IPv4 addressing.
a. Click PC1 and open the Command Prompt.
b. Enter the ipconfig /all command to collect the IPv4 information. Fill-in
the Addressing Table with the IPv4 address, subnet mask, and default
gateway.
c. Click PC2 and open the Command Prompt.
d. Enter the ipconfig /all command to collect the IPv4 information. Fill-in
gateway.
Step 2: Use ipv6config to verify IPv6 addressing.
a. On PC1, enter the ipv6config /all command to collect the IPv6 information.
Fill-in the Addressing Table with the IPv6 address, subnet prefix, and default
gateway.
b. On PC2, enter the ipv6config /all command to collect the IPv6 information.
Fill-in the Addressing Table with the IPv6 address, subnet prefix, and default
gateway.
Part 2: Test Connectivity Using Ping
Step 1: Use ping to verify IPv4 connectivity.
a. From PC1, ping the IPv4 address for PC2.
Question:
Was the result successful?
Yes
b. From PC2, ping the IPv4 address for PC1.
Question:
Yes
Step 2: Use ping to verify IPv6 connectivity.
a. From PC1, ping the IPv6 address for PC2.
Question:
Yes
b. From PC2, ping the IPv6 address of PC1.
Question:
Yes
Part 3: Discover the Path by Tracing the Route
Step 1: Use tracert to discover the IPv4 path.
a. From PC1, trace the route to PC2.
PC> tracert 10.10.1.20

What addresses were encountered along the path?
10.10.1.97, 10.10.1.5, 10.10.1.10, 10.10.1.20
With which interfaces are the four addresses associated
G0/0 of R1, S0/0/0 on R2, S0/0/1 on R3, NIC of PC2
b. From PC2, trace the route to PC1.

10.10.1.17, 10.10.1.9, 10.10.1.6, 10.10.1.100
With which interfaces are the four addresses associated?
G0/0 of R3, S0/0/1 of R2, S0/0/1 of R1, NIC of PC1
Step 2: Use tracert to discover the IPv6 path.
a. From PC1, trace the route to the IPv6 address for PC2.
PC> tracert 2001:db8:1:4::a

2001:db8:1:1::1, 2001:db8:1:2::1, 2001:db8:1:3::2,
2001:db8:1:4::a
G0/0 of R1, S0/0/0 of r2, S0/0/1 of R3, NIC of PC2
b. From PC2, trace the route to the IPv6 address for PC1.

2001:db8:1:4::1, 2001:db8:1:3::1, 2001:db8:1:2::2,
2001:db8:1:1::a
G0/0 of R3, S0/0/1 of R2, S0/0/1 of R1, NIC of PC1
13.2.7 Packet Tracer – Use Ping and Traceroute to
Test Network Connectivity (Instructor Version –
Optional Packet Tracer)
13.2.7 Packet Tracer – Use Ping and Traceroute to Test Network

Connectivity
Addressing Table
R1 G0/0 2001:db8:1:1::1/64 N/A
R1 G0/1 10.10.1.97 255.255.255.224 N/A
R1 S0/0/1 10.10.1.6 255.255.255.252 N/A
R1 S0/0/1 2001:db8:1:2::2/64 N/A

R1 S0/0/1 fe80::1 N/A
R2 S0/0/0 10.10.1.5 255.255.255.252 N/A
R2 S0/0/0 2001:db8:1:2::1/64 N/A
R2 S0/0/1 10.10.1.9 255.255.255.252 N/A
R2 S0/0/1 2001:db8:1:3::1/64 N/A
R2 S0/0/1 fe80::2 N/A
R3 G0/0 2001:db8:1:4::1/64 N/A
R3 G0/1 10.10.1.17 255.255.255.240 N/A
R3 S0/0/1 10.10.1.10 255.255.255.252 N/A
R3 S0/0/1 2001:db8:1:3::2/64 N/A
R3 S0/0/1 fe80::3 N/A
PC1 NIC 10.10.1.98 255.255.255.224 10.10.1.97
PC2 NIC 2001:db8:1:1::2/64 fe80::1
PC3 NIC 10.10.1.18 255.255.255.240 10.10.1.17
PC4 NIC 2001:db8:1:4::2/64 fe80::1
Objectives
Part 1: Test and Restore IPv4 Connectivity
Scenario
There are connectivity issues in this activity. In addition to gathering and
documenting information about the network, you will locate the problems and
implement acceptable solutions to restore connectivity.
Note: The user EXEC password is cisco. The privileged EXEC password
is class.
Instructions

Step 1: Use ipconfig and ping to verify connectivity.
a. Click PC1 and open the Command Prompt.
b. Enter the ipconfig /all command to collect the IPv4 information. Complete
gateway.
c. Click PC3 and open the Command Prompt.
d. Enter the ipconfig /all command to collect the IPv4 information. Complete
gateway.
e. Use the ping command to test connectivity between PC1 and PC3. The ping
should fail.
Step 2: Locate the source of connectivity failure.
a. From PC1, enter the necessary command to trace the route to PC3.
What is the last successful IPv4 address that was reached? 10.10.1.97
b. The trace will eventually end after 30 attempts. Enter Ctrl+C to stop the trace
before 30 attempts.
c. From PC3, enter the necessary command to trace the route to PC1.
What is the last successful IPv4 address that was reached? 10.10.1.17
d. Enter Ctrl+C to stop the trace.
e. Click R1 and then the CLI tab. Press ENTER and log in to the router.
f. Enter the show ip interface brief command to list the interfaces and their status.
There are two IPv4 addresses on the router. One should have been recorded in
Step 2a.
What is the other? 10.10.1.6
g. Enter the show ip route command to list the networks to which the router is
connected. Note that there are two networks connected to
the Serial0/0/1 interface.
What are they? 10.10.1.6/32, 10.10.1.4/30
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M -

mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter

area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type

2
E1 - OSPF external type 1, E2 - OSPF external type 2, E -

EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-

IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.10.1.4/30 is directly connected, Serial0/0/1
L 10.10.1.6/32 is directly connected, Serial0/0/1
C 10.10.1.96/27 is directly connected, GigabitEthernet0/1
L 10.10.1.97/32 is directly connected, GigabitEthernet0/1
h. Repeat steps 2e through 2g with R3 and record your answers.

10.10.1.10, 10.10.1.8/30, 10.10.1.10/32
i. Click R2. Press ENTER and log into the router.
j. Enter the show ip interface brief command and record your addresses.
10.10.1.2, 10.10.1.9
k. Run more tests if it helps visualize the problem. Simulation mode is available.
Step 3: Propose a solution to solve the problem.

a. Compare your answers in Step 2 to the documentation you have available
for the network. What is the error?
R2’s Serial 0/0/0 interface is configured with the wrong IP address
b. What solution would you propose to correct the problem?
Configure the correct IP address on R2’s Serial 0/0/0 interface (10.10.1.5)
Step 4: Implement the plan.
Implement the solution you proposed in Step 3b.
R2>en
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset administratively

down down
GigabitEthernet0/1 unassigned YES unset administratively

down down
Serial0/0/0 10.10.1.2 YES manual up up

Vlan1 unassigned YES unset administratively down down
Fix:
R2#configure terminal
R2(config)#interface serial 0/0/0
R2(config-if)#ip address 10.10.1.5 255.255.255.252
R2(config-if)#exit
R2(config)#exit
Vlan1 unassigned YES unset administratively down down
Step 5: Verify that connectivity is restored.

a. From PC1 test connectivity to PC3.
b. From PC3 test connectivity to PC1.
Is the problem resolved? Yes
Step 6: Document the solution.

Step 1: Use ipv6config and ping to verify connectivity.
a. Click PC2 and click the Desktop tab > Command Prompt.
b. Enter the ipv6config /all command to collect the IPv6 information.
Complete the Addressing Table with the IPv6 address, subnet prefix, and
default gateway.
c. Click PC4 and click the Desktop tab > Command Prompt.
d. Enter the ipv6config /all command to collect the IPv6 information.
Complete the Addressing Table with the IPv6 address, subnet prefix, and
default gateway.
e. Test connectivity between PC2 and PC4. The ping should fail.
Step 2: Locate the source of connectivity failure.
a. From PC2, enter the necessary command to trace the route to PC4.
What is the last successful IPv6 address that was reached?
2001:db8:1:3::2
b. The trace will eventually end after 30 attempts. Enter Ctrl+C to stop the trace
before 30 attempts.
c. From PC4, enter the necessary command to trace the route to PC2.
What is the last successful IPv6 address that was reached?
No IPv6 address was reached.
d. Enter Ctrl+C to stop the trace.
e. Click R3. Press ENTER and log in to the router.
f. Enter the show ipv6 interface brief command to list the interfaces and their
status. There are two IPv6 addresses on the router. One should match the
gateway address recorded in Step 1d.
Is there a discrepancy?
Yes
g. Run more tests if it helps visualize the problem. Simulation mode is available.
Step 3: Propose a solution to solve the problem.

a. Compare your answers in Step 2 to the documentation you have available for
the network. What is the error?
PC4 is using the wrong default gateway configuration
b. What solution would you propose to correct the problem?
Configure PC4 with the correct default gateway address: FE80::3.
Step 4: Implement the plan.
Implement the solution you proposed in Step 3b.
Step 5: Verify that connectivity is restored.
a. From PC2 test connectivity to PC4.
b. From PC4 test connectivity to PC2.
Is the problem resolved? Yes
Step 6: Document the solution.
13.3.1 Packet Tracer – Use ICMP to Test and Correct
Network Connectivity Instructor Version
Instructor Note: Red font color or green highlights indicate text that appears
in the instructor copy only.
Topology
13.3.1 Packet Tracer – Use ICMP to Test and Correct Network

Connectivity
Addressing Table
Device Interfa Address Mask/Prefix Default
ce Gateway
RTR-1 G/0/0/0 192.168.1.1 255.255.255.0 N/A
RTR-1 G/0/0/0 2001:db8:4::1 /64 N/A
RTR-1 S0/1/0 10.10.2.2 255.255.255.252 N/A
RTR-1 S0/1/0 2001:db8:2::2 /126 N/A

Device Interfa Address Mask/Prefix Default
ce Gateway
RTR-1 S0/1/1 10.10.3.1 255.255.255.252 N/A
RTR-1 S0/1/1 2001:db8:3::1 /126 N/A
RTR-2 G/0/0/0 10.10.1.1 255.255.255.0 N/A
RTR-2 G0/0/1 2001:db8:1::1 /64 N/A
RTR-2 S0/1/0 10.10.2.1 255.255.255.252 N/A
RTR-2 S0/1/0 2001:db8:2::1 /126 N/A
RTR-3 G0/0/0 10.10.5.1 255.255.255.0 N/A
RTR-3 G0/0/1 2001:db8:5::1 /64 N/A
RTR-3 S0/1/0 10.10.3.2 255.255.255.252 N/A
RTR-3 S0/1/0 2001:db8:3::2 /126 N/A
PC-1 NIC 10.10.1.10 255.255.255.0 10.10.1.1
Laptop A NIC 10.10.1.20 255.255.255.0 10.10.1.1
PC-2 NIC 2001:db8:1::10 /64 fe80::1
PC-3 NIC 2001:db8:1::20 /64 fe80::1
PC-4 NIC 10.10.5.10 255.255.255.0 10.10.5.1
Server 1 NIC 10.10.5.20 255.255.255.0 10.10.5.1
Laptop B NIC 2001:db8:5::10 /64 fe80::1
Laptop C NIC 2001:db8:5::20 /64 fe80::1
Corporate Server NIC 203.0.113.100 255.255.255.0 203.0.113.1
Corporate Server NIC 2001:db8:acad::100 /64 fe80::1
Objectives
In this lab you will use ICMP to test network connectivity and locate network
problems. You will also correct simple configuration issues and restore
connectivity to the network.
 Use ICMP to locate connectivity issues.
 Configure network devices to correct connectivity issues.
Background
Customers have been complaining that they can’t reach some network
resources. You have been asked to test connectivity in the network. You use
ICMP to find out which resources are unreachable and the locations from which
they can’t be reached. Then, you use trace to locate the point at which network
connectivity is broken. Finally, you fix the errors that you find to restore
connectivity to the network.
Instructor Note: The focus of this activity is the user of ICMP to identify and
locate network connectivity problems. Please encourage students to use ICMP
rather than other methods, such as opening configurations, to systematically
locate connectivity issues.
Instructions
All hosts should have connectivity to all other hosts and the Corporate Server.
 Wait until all link lights are green.
 Select a host and use ICMP ping to determine which hosts are reachable
from that host.
 If a host is found to be unreachable, use ICMP trace to locate the general
location of the network errors.
 Locate the specific errors and correct them.
Connectivity Issues:
1. Server 1 is set to receive its IP address over DHCP. It should be statically
configured with the correct IP address, subnet mask, and default gateway.
2. Router RTR-3 interface G0/0/1 has been configured with the wrong IPv6
address. The address should be 2001:DB8:5::1/64 as shown in the addressing
table.
RTR-3
enable
config terminal
interface g0/0/1
ipv6 address 2001:DB8:5::1/64

3. Note: The G0/0/1 interface may need to be shut down and brought back up
in order for the new route to take effect. The old route may still show up in the
routing table as well.
4. PC-4 is configured with the wrong default gateway address. It should
be 10.10.5.1 as shown in the addressing table.
17.5.9 Packet Tracer – Interpret show Command
Output Instructor Version
00:00/01:00
Topology
17.5.9 Packet Tracer – Interpret show Command Output
Objectives
Part 1: Analyze Show Command Output
Part 2: Reflection Questions
Background
This activity is designed to reinforce the use of router show commands. You are
not required to configure, but rather to examine the output of
several show commands. This activity does not automatically provide a score.
Instructions
Part 1: Analyze Show Command Output

a. To connect to ISPRouter, Click ISP PC, then the Desktop tab, followed
by Terminal.
b. Enter privileged EXEC mode.
c. Use the following show commands to answer the Reflection Questions in Part
2.
Note: If a command pauses with the -–More—prompt, make certain to hit the
spacebar until the ISPRouter# prompt appears in order to obtain all of the
command output.
show arp
show flash:
show ip route
show interfaces
show ip interface brief
show protocols
show users
show version
Part 2: Reflection Questions

1. Which commands can you use to determine the IP address and network prefix
of interfaces?
show ip route, show interfaces, show protocols (before IOS 15, the show ip route
command did not display the IP address of the interfaces)
2. Which command provides the IP address and interface assignment, but not
the network prefix?
show ip interface brief
3. Which commands would you use to determine if an interface is up?
show interfaces, show ip interface brief, show protocols
4. You need to determine the IOS version that is running on a router. Which
command will give you this information?
show version
5. Which commands provide information about the addresses of the router
interfaces?
show arp, show interfaces, show ip route, show ip interface brief, show protocols
6. You are considering an IOS upgrade and need to determine if router flash can
hold the new IOS. Which commands provide information about the amount of
Flash memory available?
show version, show flash
7. You need to adjust a router configuration, but you suspect that a colleague
may also be working on the router from another location. Which command
provides information about the lines being used for configuration or device
monitoring?
show users
8. You have been asked to check the performance of a device interface. Which
command provides traffic statistics for router interfaces?
show interfaces
9. Customers are complaining that they cannot reach a server that they use for
file storage. You suspect that the network may have become unreachable due to
a recent upgrade. Which command provides information about the paths that are
available for network traffic?
show ip route
10. Which interfaces are currently active on the ISP Router?
GigabitEthernet 0/0, Serial 0/0/1
17.7.6 Packet Tracer – Troubleshooting Connectivity
Issues (Instructor Version)
17.7.7 Packet Tracer – Troubleshoot Connectivity Issues
Topology
17.7.7 Packet Tracer – Troubleshoot Connectivity Issues

Addressing Table
Device Interface IP Address Subnet Mask Default
Gateway
R1 G0/0 172.16.1.1 255.255.255.0 N/A
R1 G0/1 172.16.2.1 255.255.255.0 N/A
R1 S0/0/0 209.165.200.226 255.255.255.252 N/A
R2 G0/0 209.165.201.1 255.255.255.224 N/A
R2 S0/0/0 (DCE) 209.165.200.225 255.255.255.252 N/A

Device Interface IP Address Subnet Mask Default
Gateway
PC-01 NIC 172.16.1.3 255.255.255.0 172.16.1.1
PC-02 NIC 172.16.1.4 255.255.255.0 172.16.1.1
PC-A NIC 172.16.2.3 255.255.255.0 172.16.2.1
PC-B NIC 172.16.2.4 255.255.255.0 172.16.2.1
Web NIC 209.165.201.2 255.255.255.224 209.165.201.1
DNS1 NIC 209.165.201.3 255.255.255.224 209.165.201.1
DNS2 NIC 209.165.201.4 255.255.255.224 209.165.201.1
Objectives
The objective of this Packet Tracer activity is to troubleshoot and resolve
connectivity issues, if possible. Otherwise, the issues should be clearly
documented and so they can be escalated.
Users are reporting that they cannot access the web server, www.cisco.pka after
a recent upgrade that included adding a second DNS server. You must
determine the cause and attempt to resolve the issues for the users. Clearly
document the issues and any solution(s). You do not have access to the devices
in the cloud or the server www.cisco.pka. Escalate the problem if necessary.
Router R1 can only be accessed using SSH with the username Admin01 and
password cisco12345.
Step 1: Determine the connectivity issue between PC-01

and web server.
a. On PC-01, open the command prompt. Enter the command ipconfig to verify
what IP address and default gateway have been assigned to PC-01. Correct as
necessary according to the Addressing Table.
IP incorrect, change IP address to 172.16.1.3
b. After verifying/correcting the IP addressing issues on PC-01, issue pings to the
default gateway, web server, and other PCs. Were the pings successful? Record
the results.
Ping to default gateway (172.16.1.1)?
Yes
To web server (209.165.201.2)?
Yes
Ping to PC-02?
Yes
To PC-A?
No
To PC-B?
No
c. Use the web browser to access the web server on PC-01. Access the web
server by first entering the URL http://www.cisco.pka and then by using the IP
address 209.165.201.2. Record the results.
Can PC-01 access www.cisco.pka?
Yes
Using the web server IP address?
Yes
d. Document the issues and provide the solution(s). Correct the issues if
possible.
The IP address on PC-01 is incorrectly configured. To resolve
the issue, the IP address is changed from 172.168.1.3 to
172.16.1.3. PC-01 cannot successfully ping the PCs on the
172.16.2.0/24 network.
Step 2: Determine the connectivity issue between PC-02

and web server.
a. On PC-02, open the command prompt. Enter the command ipconfig to verify
the configuration for the IP address and default gateway. Correct as necessary.
Default Gateway incorrect, change Default Gateway address to
172.16.1.1:
b. After verifying/correcting the IP addressing issues on PC-02, issue pings to the
default gateway, web server, and other PCs. Were the pings successful? Record
the results.
Yes
To web server (209.165.201.2)?
Yes
Ping to PC-01?
Yes
To PC-A?
No
To PC-B?
No
c. Navigate to www.cisco.pka using the web browser on PC-02. Record the
results.
Can PC-02 access www.cisco.pka?
Yes.
Yes
possible.
PC-02 can access the web server using the IP address after
correcting the default gateway. The default gateway should be
configured as 172.16.1.1 on PC-02. PC-02 cannot successfully
ping the PCs on the 172.16.2.0/24 network.
Step 3: Determine the connectivity issue between PC-A and

web server.
a. On PC-A, open the command prompt. Enter the command ipconfig to verify
b. After correcting the IP addressing issues on PC-A, issue the pings to the web
server, default gateway, and other PCs. Were the pings successful? Record the
results.
To web server (209.165.201.2)?
No
No
Ping to PC-B?
Yes
To PC-01?
No
To PC-02?
No
c. Navigate to www.cisco.pka using the web browser on PC-A. Record the
results.
Can PC-A access www.cisco.pka?
No
No
possible.
PC-A can only access the local LAN. The interface G0/1 on
router R1 is incorrectly configured. Correct the IP address on
interface G0/1. Access router R1 using SSH from PC-01 or PC-
02 to change the IP address from 172.16.3.1 to 172.16.2.1.
On PC-01, go to Desktop tab -> Telnet / SSH Client
Enter IP address, Username & Password:

Enter the command below to change the IP address from 172.16.3.1 to
172.16.2.1
R1#enable
R1#configure terminal
R1(config)#interface g0/1
R1(config-if)#ip address 172.16.2.1 255.255.255.0
R1(config-if)#no shutdown
Step 4: Determine the connectivity issue between PC-B and

web server.
a. On PC-B, open the command prompt. Enter the command ipconfig to verify
b. After correcting the IP addressing issues on PC-B, issue the pings to the web
server, default gateway, and other PCs. Were the pings successful? Record the
results.
To web server (209.165.201.2)?
Yes
Yes
Ping to PC-A?
Yes
To PC-01?
Yes
To PC-02?
Yes
c. Navigate to www.cisco.pka using the web browser. Record the results.
Questions:
Can PC-B access www.cisco.pka?
No
Using the web server IP address
Yes
possible.
PC-B can access the web server using the IP address only. PC-B
is also configured with the correct DNS-2 server address. This
indicates that DNS-2 server may be incorrectly configured. To
resolve this issue temporarily, the DNS server address can be
configured to use 209.165.200.3.The issue with DNS-2 server
needs to be escalated because you do not have administrative
access to devices outside your network.
e. Could all the issues be resolved on PC-B and still make use of DNS2? If not,
what would you need to do?
No. DNS2 apparently has configuration issues. You would need
to contact the person in charge of the DNS2 server and report
your findings.
16.5.1 Packet Tracer – Secure Network Devices
Instructor Version
Topology
16.5.1 Packet Tracer – Secure Network Devices
Addressing Table
Device Interface Address Mask Gateway
G0/0/0 192.168.1.1 255.255.255.0 N/A
RTR-A G0/0/1 192.168.2.1 255.255.255.0 N/A
SW-1 SVI 192.168.1.254 255.255.255.0 192.168.1.1
PC NIC 192.168.1.2 255.255.255.0 192.168.1.1
Laptop NIC 192.168.1.10 255.255.255.0 192.168.1.1

Remote PC NIC 192.168.2.10 255.255.255.0 192.168.2.1
Requirements
Note: To keep this activity brief and easy to manage, some security
configuration settings have not been made. In other cases, security best
practices have not been followed.
In this activity you will configure a router and a switch based on a list of
requirements.
Instructions
Step 1: Document the Network

Complete the addressing table with the missing information.
Step 2: Router configuration requirements:

• Prevent IOS from attempting to resolve mistyped commands to domain names.
• Hostnames that match the values in the addressing table.
Router(config)#hostname RTR-A
• Require that newly created passwords be at least 10 characters in length.

RTR-A(config)#security passwords min-length 10
• A strong ten-character password for the console line. Use @Cons1234!
RTR-A(config)#line console 0
RTR-A(config-line)#password @Cons1234!
RTR-A(config-line)#login
• Ensure that console and VTY sessions close after 7 minutes exactly.
//RTR-A(config)#line console 0
RTR-A(config-line)#exec-timeout 7 0
RTR-A(config-line)#line vty 0 4
RTR-A(config-line)#exec-timeout 7 0
• A strong, encrypted ten-character password for the privileged EXEC mode. For
this activity, it is permissible to use the same password as the console line.
RTR-A(config)#enable secret @Cons1234!
• A MOTD banner that warns about unauthorized access to the devices.

RTR-A(config)#banner motd #Unauthorized access prohibited.#
• Password encryption for all passwords.

RTR-A(config)#service password-encryption
• A user name of NETadmin with encrypted password LogAdmin!9.
RTR-A(config)#username NETadmin secret LogAdmin!9
• Enable SSH.
 Use security.com as the domain name.
 Use a modulus of 1024.
RTR-A(config)#no ip domain-lookup
RTR-A(config)#ip domain-name security.com
RTR-A(config-line)#crypto key generate rsa
The name for the keys will be: RTR-A.security.com
Choose the size of the key modulus in the range of 360 to

4096 for your
General Purpose Keys. Choosing a key modulus greater than

512 may take
a few minutes.
How many bits in the modulus [512]: 1024
• The VTY lines should use SSH for incoming connections.

RTR-A(config-line)#transport input ssh
• The VTY lines should use the username and password that were configured to
authenticate logins.
RTR-A(config-line)#login local
• Impede brute force login attempts by using a command that blocks login
attempts for 45 seconds if someone fails three attempts within 100 seconds.
RTR-A(config)#login block-for 45 attempts 3 within 100
Step 3: Switch configuration requirements:

Switch(config)#hostname SW-1
• All unused switch ports are administratively down.

SW-1(config)#interface range fastEthernet0/1,
fastEthernet0/3-9, fastEthernet0/11-24, GigabitEthernet0/2
SW-1(config-if-range)#shutdown
• The SW-1 default management interface should accept connections over the
network. Use the information shown in the addressing table. The switch should
be reachable from remote networks.
SW-1(config-if-range)#interface Vlan1
SW-1(config-if)#ip address 192.168.1.254 255.255.255.0
SW-1(config-if)#no shutdown
SW-1(config-if)#ip default-gateway 192.168.1.1
• Use @Cons1234! as the password for the privileged EXEC mode.
SW-1(config)#enable secret @Cons1234!
• Configure SSH as was done for the router.

SW-1(config)#ip domain-name security.com
SW-1(config-line)#crypto key generate rsa
The name for the keys will be: SW-1.security.com

4096 for your

512 may take
a few minutes.
% Generating 1024 bit RSA keys, keys will be non-

exportable...[OK]
• Create a user name of NETadmin with encrypted secret

password LogAdmin!9
SW-1(config)#username NETadmin secret LogAdmin!9
• The VTY lines should only accept connections over SSH.

SW-1(config)#line vty 0 4
SW-1(config-line)#transport input ssh
• The VTY lines should only allow the network administrator account to access
the switch management interface.
SW-1(config)#line vty 0 4
SW-1(config-line)#login local
• Hosts on both LANs should be able to ping the switch management interface.
An swers Script – Download PDF & PKA file:

RTR-A
enable
conf t
service password-encryption
security passwords min-length 10
hostname RTR-A
login block-for 45 attempts 3 within 100
enable secret @Cons1234!
username NETadmin secret LogAdmin!9
no ip domain-lookup
ip domain-name security.com
banner motd #Unauthorized access prohibited.#
line con 0
exec-timeout 7 0
password @Cons1234!
login
line vty 0 4
exec-timeout 7 0
login local
transport input ssh
line vty 5 15
no login
crypto key generate rsa
1024
end
SW-1
enable
conf t
hostname SW-1
ip domain-name security.com
enable secret @Cons1234!
username NETadmin secret LogAdmin!9
interface range fastEthernet0/1, fastEthernet0/3-9,

fastEthernet0/11-24, GigabitEthernet0/2
shutdown
interface Vlan1
ip address 192.168.1.254 255.255.255.0
no shutdown
line vty 0 4
login local
transport input ssh
1024
end
Download Packet
17.8.2 Packet Tracer – Skills Integration Challenge
Instructor Version
00:00/01:00itexamanswers
17.8.2 Packet Tracer – Skills Integration Challenge
Addressing Table
G0/0 192.168.0.1 / 25 N/A
G0/0 2001:db8:acad::1/64 N/A
G0/0 fe80::1 N/A
G0/1 192.168.0.129 /26 N/A
G0/1 2001:db8:acad:1::1/64 N/A
G0/1 fe80::1 N/A
G0/2 192.168.0.193 /27 N/A
G0/2 2001:db8:acad:2::1/64 N/A
G0/2 fe80::1 N/A
S0/0/1 172.16.1.2 /30 N/A
S0/0/1 2001:db8:2::1/64 N/A
R1 S0/0/1 fe80::1 N/A
Central S0/0/0 209.165.200.226 /30 N/A
S0/0/0 2001:db8:1::1/64 N/A
S0/0/0 fe80::2 N/A
S0/0/1 172.16.1.1 /30 N/A
S0/0/1 2001:db8:2::2/64 N/A

S0/0/1 fe80::2 N/A
S1 VLAN 1 192.168.0.2 /25 192.168.0.1
S2 VLAN 1 192.168.0.130 /26 192.168.0.129
S3 VLAN 1 192.168.0.194 /27 192.168.0.193
NIC 192.168.0.3 /25 192.168.0.1
NIC 2001:db8:acad::2/64 fe80::1
Staff NIC fe80::2 fe80::1
NIC 192.168.0.131 /26 192.168.0.129
NIC 2001:db8:acad:1::2/64 fe80::1
Sales NIC fe80::2 fe80::1
NIC 192.168.0.195 /27 192.168.0.193
NIC 2001:db8:acad:2::2/64 fe80::1
IT NIC fe80::2 fe80::1
Web NIC 64.100.0.3 /29 64.100.0.1
NIC 2001:db8:cafe::3/64 fe80::1
NIC fe80::2 Fe80::1

The router Central, ISP cluster, and the Web server are completely configured.
You must create a new IPv4 addressing scheme that will accommodate 4
subnets using the 192.168.0.0/24 network. The IT department requires 25 hosts.
The Sales department needs 50 hosts. The subnet for the rest of the staff
requires 100 hosts. A Guest subnet will be added in the future to accommodate
25 hosts. You must also finish the basic security settings and interface
configurations on R1. Then, you will configure the SVI interface and basic
security settings on switches S1, S2, and S3.
Instructions
IPv4 Addressing
• Use 192.168.0.0/24 to create subnets that meet the host requirements.
 Staff: 100 hosts
 Sales: 50 hosts
 IT: 25 hosts
 Guest network to be added later: 25 hosts
• Document the IPv4 addresses that have been assigned in the Addressing
Table.
• Record the subnet for the Guest network: 192.168.0.224/27
Reference ~~> VLSM Online Calculator
PC Configurations
• Configure the assigned IPv4 address, subnet mask, and default gateway
settings on the Staff, Sales, and IT PCs using your addressing scheme.
• Assign the IPv6 unicast and link local addresses and default gateways to the
Staff, Sales, and IT networks according to the Addressing Table.
R1 Configurations
• Configure the device name according to the Addressing Table.
• Disable DNS lookup.
• Assign Ciscoenpa55 as the encrypted privileged EXEC mode password.
• Assign Ciscoconpa55 as the console password and enable login.
• Require that a minimum of 10 characters be used for all passwords.
• Encrypt all plaintext passwords.
• Create a banner that warns anyone accessing the device that unauthorized
access is prohibited.
• Configure and enable all the Gigabit Ethernet interfaces.
 Configure the IPv4 addresses according to your addressing scheme.
 Configure the IPv6 addresses according to the Addressing Table.
• Configure SSH on R1:
 Set the domain name to CCNA-lab.com
 Generate a 1024-bit RSA key.
 Configure the VTY lines for SSH access.
 Use the local user profiles for authentication.
 Create a user Admin1 with a privilege level of 15 and use the encrypted
password of Admin1pa55.
• Configure the console and VTY lines to log out after five minutes of inactivity.
• Block anyone for three minutes who fails to log in after four attempts within a
two-minute period.
Switch Configuration
• Configure the device name according to the Addressing Table.
• Configure the SVI interface with the IPv4 address and subnet mask according
your addressing scheme.
• Configure the default gateway.
• Disable DNS lookup.
• Assign Ciscoenpa55 as the encrypted privileged EXEC mode password.
• Assign Ciscoconpa55 as the console password and enable login.
• Configure the console and VTY lines to log out after five minutes of inactivity.
• Encrypt all plaintext passwords.
Connectivity Requirements
• Use the web browser on the Staff, Sales, and IT PCs to navigate
to www.cisco.pka.
• Use the web browser on the Staff, Sales, and IT PCs to navigate
to www.cisco6.pka.
• All PCs should be able to ping all other the devices.
Running Script – Download PDF & PKA file:

R1 Configuration
enable
config t
security passwords min-length 10
hostname R1
enable secret 5 $1$mERr$Amm/da5NtiazLuZDbgqZ60
ipv6 unicast-routing
username Admin1 secret 5 $1$mERr$Ty/EkWXcSXEwIckISrps8/
no ip domain-lookup
ip domain-name CCNA-lab.com
ip address 192.168.0.1 255.255.255.128
duplex auto
speed auto
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:ACAD::1/64
no shutdown
ip address 192.168.0.129 255.255.255.192
duplex auto
speed auto
ipv6 address 2001:DB8:ACAD:1::1/64
no shutdown
ip address 192.168.0.193 255.255.255.224
duplex auto
speed auto
ipv6 address 2001:DB8:ACAD:2::1/64
no shutdown
interface Serial0/0/1
ip address 172.16.1.2 255.255.255.252
ipv6 address 2001:DB8:2::1/64
no shutdown
banner motd #Router R1#
line con 0
exec-timeout 5 0
password 7 0802455D0A1606181C1B0D517F
login
line vty 0 4
exec-timeout 5 0
login local
transport input ssh
exit
crypto key generate rsa general-keys modulus 1024
end
S1 Configuration
enable
conf t
hostname S1
no ip domain-lookup
interface Vlan1
ip address 192.168.0.2 255.255.255.128
no shutdown
line con 0
password 7 0802455D0A1606181C1B0D517F
login
exec-timeout 5 0
line vty 0 4
exec-timeout 5 0
login
line vty 5 15
exec-timeout 5 0
login
end
S2 Configuration
enable
conf t
hostname S2
no ip domain-lookup
interface Vlan1
ip address 192.168.0.130 255.255.255.192
no shutdown
line con 0
password 7 0802455D0A1606181C1B0D517F
login
exec-timeout 5 0
line vty 0 4
exec-timeout 5 0
login
line vty 5 15
exec-timeout 5 0
login
end
S3 Configuration
enable
conf t
hostname S3
no ip domain-lookup
interface Vlan1
ip address 192.168.0.194 255.255.255.224
no shut
line con 0
password 7 0802455D0A1606181C1B0D517F
login
exec-timeout 5 0
line vty 0 4
exec-timeout 5 0
login
line vty 5 15
exec-timeout 5 0
login
end
PC Configurations
IT PC
IP Address: 192.168.0.195
Subnet Mask: 255.255.255.224
IPv6 Address: 2001:db8:acad:2::2/64
IPv6 Gateway: fe80::1
Link Local Address: fe80::2
Sales PC
IP Address: 192.168.0.131
Subnet Mask: 255.255.255.192
IPv6 Address: 2001:db8:acad:1::2/64
Staff PC
IP Address: 192.168.0.3
Subnet Mask: 255.255.255.128
IPv6 Address: 2001:db8:acad::2/64
Download Packet Tracer (.pka) file:

16.4.6 Packet Tracer – Configure Secure Passwords
and SSH Instructor Version
00:00/01:00itexamanswers
16.4.6 Packet Tracer – Configure Secure Passwords and SSH
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
RTA G0/0 172.16.1.1 255.255.255.0 N/A
PCA NIC 172.16.1.10 255.255.255.0 172.16.1.1
SW1 VLAN 1 172.16.1.2 255.255.255.0 172.16.1.1
Scenario
The network administrator has asked you to prepare RTA and SW1 for
deployment. Before they can be connected to the network, security measures
must be enabled.
Intructions
Step 1: Configure Basic Security on the Router

a. Configure IP addressing on PCA according to the Addressing Table.
b. Console into RTA from the Terminal on PCA.
c. Configure the hostname as RTA.
d. Configure IP addressing on RTA and enable the interface.
e. Encrypt all plaintext passwords.
RTA(config)# service password-encryption
f. Set the minimum password length to 10.

RTA(config)# security password min-length 10
g. Set a strong secret password of your choosing.

Note: Choose a password that you will remember, or you will need to reset the
activity if you are locked out of the device.
h. Disable DNS lookup.
RTA(config)# no ip domain-lookup
i. Set the domain name to CCNA.com (case-sensitive for scoring in PT).
RTA(config)# ip domain-name CCNA.com
j. Create a user of your choosing with a strong encrypted password.

RTA(config)# username any_user secret any_password
k. Generate 1024-bit RSA keys.

Note: In Packet Tracer, enter the crypto key generate rsa command and press
Enter to continue.
RTA(config)# crypto key generate rsa
The name for the keys will be: RTA.CCNA.com

2048 for your

512 may take
a few minutes.
l. Block anyone for three minutes who fails to log in after four attempts within a
two-minute period.
RTA(config)# login block-for 180 attempts 4 within 120
m. Configure all VTY lines for SSH access and use the local user profiles for
authentication.
RTA(config)# line vty 0 4
RTA(config-line)# transport input ssh
RTA(config-line)# login local
n. Set the EXEC mode timeout to 6 minutes on the VTY lines.

RTA(config-line)# exec-timeout 6
o. Save the configuration to NVRAM.
p. Access the command prompt on the desktop of PCA to establish an SSH
connection to RTA.
(Make sure you have IP configured for PCA)
C:\> ssh /?
Packet Tracer PC SSH
Usage: SSH -l username target
C:\>
C:\>SSH -l jony 172.16.1.1

Password: <~~ enter password itexamanswers.net
Step 2: Configure Basic Security on the Switch

Configure switch SW1 with corresponding security measures. Refer to the
configuration steps on the router if you need additional assistance.
a. Click on SW1 and select the CLI tab.
b. Configure the hostname as SW1.
c. Configure IP addressing on SW1 VLAN1 and enable the interface.
d. Configure the default gateway address.
e. Disable all unused switch ports.
Note: On a switch it is a good security practice to disable unused ports. One
method of doing this is to simply shut down each port with
the ‘shutdown’ command. This would require accessing each port individually.
There is a shortcut method for making modifications to several ports at once by
using the interface range command. On SW1 all ports except
FastEthernet0/1 and GigabitEthernet0/1 can be shutdown with the following
command:
SW1(config)# interface range F0/2-24, G0/2
SW1(config-if-range)# shutdown
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to

administratively down
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to
administratively down
<Output omitted>
%LINK-5-CHANGED: Interface FastEthernet0/24, changed state

to administratively down
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state

to administratively down
The command used the port range of 2-24 for the FastEthernet ports and then a
single port range of GigabitEthernet0/2.
f. Encrypt all plaintext passwords.
g. Set a strong secret password of your choosing.
h. Disable DNS lookup.
i. Set the domain name to CCNA.com (case-sensitive for scoring in PT).
j. Create a user of your choosing with a strong encrypted password.
k. Generate 1024-bit RSA keys.
l. Configure all VTY lines for SSH access and use the local user profiles for
authentication.
m. Set the EXEC mode timeout to 6 minutes on all VTY lines.
n. Save the configuration to NVRAM.
Final Script – Download PDF & PKA file:

Router RTA
enable
config terminal
hostname RTA
interface g0/0
ip address 172.16.1.1 255.255.255.0
no shutdown
exit
security password min-length 10
enable secret itexamanswers
no ip domain-lookup
ip domain-name CCNA.com
username jony secret itexamanswers.net
1024
line vty 0 4
transport input ssh
login local
exec-timeout 6
end
copy running-config startup-config
Switch SW1
enable
config terminal
hostname SW1
interface vlan 1
ip address 172.16.1.2 255.255.255.0
no shutdown
exit
interface range F0/2-24, G0/2
shutdown
exit
enable secret class
no ip domain-lookup
ip domain-name CCNA.com
1024
username admin_switch secret p@ssword
line vty 0 15
transport input ssh

login local
exec-timeout 6
end
copy running-config startup-config
IP configured for PCA

Word packet tracer

Uploaded by

Copyright:

Available Formats

Word packet tracer

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Word packet tracer

Uploaded by

Copyright:

Available Formats

11.5.

5 Packet Tracer – Subnet an IPv4 Network

CustomerRouter G0/0 192.168.0.1 255.255.255.192 N/A

CustomerRouter G0/1 192.168.0.65 255.255.255.192 N/A

ISPRouter S0/1/0 209.165.201.1 255.255.255.252 N/A

Part 1: Subnet the Assigned Network

What is the minimum number of subnets required?

In the network mask, what do the ones represent?

In the network mask, what do the zeros represent?

Dotted decimal subnet mask equivalent:

Number of subnets? Number of hosts?

Dotted decimal subnet mask equivalent:

Number of subnets? Number of hosts?

Dotted decimal subnet mask equivalent:

Number of subnets? Number of hosts?

Dotted decimal subnet mask equivalent:

Dotted decimal subnet mask equivalent:

Number of subnets? Number of hosts?

Dotted decimal subnet mask equivalent:

Number of subnets? Number of hosts?

192.168.0.0 /26 255.255.255.192

Step 2: Fill in the missing IP addresses in the Addressing

a. Assign the first subnet to LAN-A.

b. Assign the second subnet to LAN-B.

Part 2: Configure the Devices

Step 1: Configure CustomerRouter.

b. Set the console login password to Cisco123.

c. ConfigureCustomerRouter as the hostname for the router.

e. Save the running configuration to the startup configuration file.

Step 2: Configure the two customer LAN switches.

Step 3: Configure the PC interfaces.

Part 3: Test and Troubleshoot the Network

c. Determine if PC-A can communicate with PC-B. Do you get a reply?

Part 1: Design an IP Addressing Scheme

c. How many subnets does this create?

d. How many usable hosts does this create per subnet?

Note: You may not need to use all rows.

Step 2: Assign the subnets to the network shown in the

b. Assign Subnet 1 to the LAN connected to the GigabitEthernet 0/1 interface of

c. Assign Subnet 2 to the LAN connected to the GigabitEthernet 0/0 interface of

d. Assign Subnet 3 to the LAN connected to the GigabitEthernet 0/1 interface of

e. Assign Subnet 4 to the WAN link between R1 to R2: 192.168.100.128 /27

Step 3: Document the addressing scheme.

d. Assign the last usable IP addresses to the PCs in each subnet.

Part 2: Assign IP Addresses to Network Devices

Step 1: Configure R1 LAN interfaces.

Step 2: Configure IP addressing on S3.

Step 3: Configure PC4.

Step 4: Verify connectivity.

User-2 192.168.72.12 192.1

User-1 192.168.72.128/2 192.168.72.12 192.168.72.14 192.1

WAN 192.168.72.144/3 192.168.72.14 192.168.72.14 192.1

Device Interfac Address Subnet Mask Default

Remote-Site1 G0/0 192.168.72.129 255.255.255.240 N/A

Remote-Site1 G0/1 192.168.72.97 255.255.255.224 N/A

Remote-Site1 S0/0/0 192.168.72.145 255.255.255.252 N/A

Remote-Site2 G0/0 192.168.72.65 255.255.255.224 N/A

Remote-Site2 G0/1 192.168.72.1 255.255.255.192 N/A

Remote-Site2 S0/0/0 192.168.72.146 255.255.255.252 N/A

Sw1 VLAN 1 192.168.72.130 255.255.255.240 192.168.72.129