Reference no: EM131103802

Part -1:

Preparation:

Watch the YouTube lecture "How Network Address Translation Works"

https://www.youtube.com/watch?v=QBqPzHEDzvo

Read Cisco's IOS NAT document white paper

https://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.pdf

Read Cisco's "NAT FAQ"

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html

Watch the YouTube lecture "Setup NAT for the Cisco CCNA w/ Packet Tracer"

https://www.youtube.com/watch?v=1G_vYlXyPLI

You should now be able to answer the following short answer questions.

1. What are two advantages of using NAT? Security - hides private addresses; address conservation - private addresses need only be unique across the corporate network, not the Internet as a whole

2. What are the minimum number of interfaces that need to be configured on a router to support NAT? Two - at least one interface on the "NAT inside" network, and at least one interface on the "NAT outside" network

3. What is the difference between a public IP address and a private IP address? A public IP address can be accessed via the Internet and is globally unique. A private IP address need only be unique on your network, and is not directly accessible via the Internet.

4. What is the RFC that defines NAT functionality?RFC1631

5. Give an example of a TCP/IP network id (in the format a.b.c.d) that is typically used for private networks 192.168.0.0

6. T or F? NAT translation takes place after routing for outgoing (i.e. inside to outside) packets True

7. What is the difference between static and dynamic address translation in NAT?Static address translation is used to map one local address to one global address. Dynamic address translation maps a pool of local addresses to a pool of dynamic addresses.

8. If I wanted a particular local address to always have the same global address when it was mapped by NAT, what type of address translation would I use? Static

9. What is the Cisco IOS command to show define a pool of NAT addresses for translation? Ipnat pool ...

10. What is the Cisco IOS command to ‘mark' a router interface so packets are subjected to NAT processing? ipnat { inside | outside }

Lab

Complete the lab as shown in parts 2 and 3 of the "Setup NAT for the Cisco CCNA w/ Packet Tracer" (see link above to part 1; parts 2 and 3 immediately follow).

Note: to complete this lab, you may need to add a serial port to the two routers you add to the network diagram (the routers may have serial ports disabled by default). What this requires you to do is to simulate the adding of an extra interface card to each of your routers (an interface card in Cisco terminology is a card that makes more ports available to the router, such as serial, fast Ethernet, Frame Relay etc).

In this case the interface card you want to add is the WIC-IT interface card. Read the link below to see how it is done (you ‘drag and srop' the interface card to a vacant slot on the routerAfter you have added the interface card, a serial port should now appear in the list of interfaces)

https://sherihansliit.blogspot.com.au/2012/12/how-to-add-serial-ports-to-cisco.html

Part - 2:

1. ICTNWK506: Topic learning guide: DHCP

Preparation:

Read Sections 3.1 "Address Management" and 3.2 "Address Assignment" in the IP Network Design Guide book (in Learning Resources)
Read Lesson 11 "Deploying and Configuring DHCP" in Installing and Configuring Windows 2012book (in Learning Resources)

Watch the YouTube lecture "DHCP Protocol"

https://www.youtube.com/watch?v=CgsRdy0iCiE

Watch the YouTube lecture "DHCP and the DORA process"

https://www.youtube.com/watch?v=0Dp7YoR0SLE

Test your understanding

You should now be able to answer the following short answer questions.

1. What is the difference between a statically assigned IP address and a dynamically assigned IP address?

2. What are two advantages of dynamically assigning IP addresses?

3. True or false? A DHCP server could be run on either a Windows 2012 server or a Cisco router.

4. What does the DORA acronym mean when applied to DHCP?

5. When would a DHCP relay agent need to be configured?

6. What is the difference between BOOTP and DHCP?

7. Into what software is the DHCP client typically integrated?

8. Give three examples of IP-related parameters that can be given out by DHCP.

9. What is a DHCP reservation used for?

10. What is a DHCP exclusion from an address pool used for?

Lab

Complete Lab 1 DHCP (in Learning Resources)

Part - 3:

ICTNWK506 Lab Guide: Introduction and Lab 1 DHCP

Introduction

To successfully complete the labs, you need to master two sets of skills (1) working with the Cisco Packet Tracer; and (2) working with the Cisco IOS command line interface (CLI)

The Cisco Packet Tracer (CPT) is a network simulation tool that allows students to create complex networks involving components such as routers, switches and computers. You can use the CPT in the VIT labs, or download a copy from the net.

The Cisco IOS CLI is used to configure individual elements (such as routers and switches) in the networks you create with the CPT.

To get started with the CPT, you can use the tutorials that are built into the software (can be accessed via the Help/Tutorials option). Another good way is to look at the YouTube videos that are available e.g.

"Packet Tracer for Beginners - Part 1"

https://www.youtube.com/watch?v=3wz8qI_nBK4&index=5&list=PL33E07ECCA73C0755

To get started with the Cisco CLI, you can also view YouTube videos, such as:
"Cisco IOS for Beginners - Part 1"

https://www.youtube.com/watch?v=-zvihHxrfzM&index=7&list=PL33E07ECCA73C0755

You should also consult the Cisco documentation e.g.

https://www.cisco.com/c/en/us/td/docs/ios/fundamentals/configuration/guide/15_1s/cf_15_1s_book/cf_cli-basics.pdf
 
Lab 1. DHCP

Lab overview. In this lab we will configure a DHCP service on a router, and have it give out an IP address to a client.

Lab preparation.

Review the YouTube video "DHCP Services on a Router for the Cisco CCNA - Part 1"

Review the Cisco documentation "Configuring the Cisco IOS DHCP Server"

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4t/dhcp-12-4t-book/config-dhcp-server.html

Instructions

1. Configure the router port with the static IP address 192.168.1.20

2. Create an address pool called S123456 (where S123456 is your student id) of IP addresses in the range from 192.168.1.1 to 192.168.1.100. (subnet mask 255.255.255.0)

3. Exclude the address range 192.168.1.1 to 192.168.1.20. Also exclude the address 192.168.1.22

4. Set DNS server to 192.168.10

5. Go into the client PC device to verify that the client has picked up the correct IP settings from the DHCP server you just configured on the router.

6. Save your work as Lab1.PKTWritten assignment

You need to review the following resources, and then complete the questions below
Link 1: "Electrical Equipment - What are the laws/guidelines?" https://www.ohsrep.org.au/faqs/ohs-reps-@-work-electrical-safety-/electrical-equipment-what-are-the-lawsguidelines

Link 2: "WANs and Routers" https://ptgmedia.pearsoncmg.com/images/1587131668/samplechapter/1587131668ch01.pdf
Link 3: "MPLS for Dummies" https://www.nanog.org/meetings/nanog49/presentations/Sunday/mpls-nanog49.pdf
Link 4: "Very basic MPLS tutorial" https://www.youtube.com/watch?v=4QGRLgIq8iA
Complete the following questions:

1. What is the name of the Safe Work Australia code of practise that provides guidance on how to manage the risks of electrical equipment in the workplace?

2. In the code of practise referred to in question 1 (hint: there is a download link in the link 1 article that enables you to download and review the code of practise) what are the four steps of the risk management process?

3. What are two things you can do to manage risks associated with electrical equipment in the workplace (see section 3 of the code of practise)?

4. What does MPLS use instead of a destination IP address to forward data between routers across an MPLS network?

5. True or False? MPLS only works with IP networks.

6. What is the major function of Label Edge Router (LER) in an MPLS network?

7. What is the major function of a Label Switching Router (LER) in an MPLS network?

8. What is the definition of a Label Switched Path (LSP) in an MPLS network?

9. What are the names of the three operations (corresponding to add a tag, remove a tag, and exchanging one tag for another) a router can perform on a tag in an MPLS network?

10. True or false? Traffic engineering in MPLS sometimes means a longer (i.e. more hops) data path can be preferred to a shorter one.

11. Give one example of a technology that could be used to implement a point-to-point WAN link between two devices.

12. List the four steps a network engineer could use to implement a point-to-point WAN link

13. Give two examples of equipment that would typically be defined as Customer Premises Equipment (CPE)

14. Why is clocking usually necessary over serial links?

15. List three organisations who are active in defining and publishing WAN-related standards.

16. What is meant by "path selection" as it applies to routers?

17. List three different types of hardware that a router would typically have.

18. What information is typically stored in the RAM of a router?

19. Where is the router backup/startup configuration usually stored?

20. What information is stored on the flash memory of a router?

21. For what reason would a router have multiple power supplies?

22. If I want to connect to a router console port from a PC, what port do I use on the PC and what type of Cisco cable do I need to use?

23. What is meant by "out-of-band" management as it applies to Cisco routers?

24. What port(s) on a router would I typically use for out-of-band management of routers?

25. Give a brief example of a situation where a network engineer would need to use out-of-band management for a router.

Lab 12

The answers to this lab can be found in Appendix A, "Answers to Written Labs" In this section, write the answers to the following questions:

1. What command would you use to configure a standard IP access list to prevent all machines on network 172.16.0.0/16 from accessing your Ethernet network?

2. What command would you use to apply the access list you created in question 1. Ethernet interface outbound?

3. What command(s) would you use to create an access list that denies host 192.168.253 access to an Ethernet network?

4. Which command verifies that you've entered the access list correctly?

5. What two tools can help notify and prevent DoS attacks?

6. What command(s) would you use to create an extended access list that stops host 172.16.10.1 from telnetting to host 172.16.30.5?

7. What command would you use to set an access list on a VTY line?

8. Write the same standard IP access list you wrote in question 1 but this time as a names access list.

9. Write the command to apply the named access list you created in question 8 to an Ethernet interface outbound.

10. Which command verifies the placement and direction of an access list?

Hands-on Labs

In this section, you will complete two labs. To complete these labs, you will need at learn three routers. You can easily perform these labs with the Cisco Packet Tracer program. You are studying to take your Cisco exam, you really need to do these labs!

Lab 12.1: Standard IP Access Lists

Lab 12.2: Extended IP Access Lists

Lab 2

At this point, you can add the eq telnet command to filter host 192.168.10.2 from telnetting to 172.16.10.6. The log command can also be used at the end of the com-mand so that whenever the access-list line is hit, a log will be generated on the console.
SF(config)#access-list 118 deny tcp host
192.168.18.2 host 172.16.10.6 eq telnet log

It is important to add this line next to create a permit statement. (Remember that 0.0.0.0 255.255.255.255 is the same as the any command.)

SF(config)#access-list 110 permit ip any 0.0.0.0
255.255.255.255

You must create a permit statement; if you just add a deny statement, nothing will be permitted at all. Please see the sections earlier in this chapter for more detailed information on the deny any command implied at the end of every ACL.

Apply the access list to the FastEthernet0/0 on SF to stop the Telnet traffic as soon as it hits the first router interface.
SF(config)#int f
SF(config-if)#ip access-group 110 in
SF(config-if)#AZ

Try telnetting from host 192.168.10.2 to LA using the destination IP address of 172.16.10.6. This should fail, but the ping command should work.

On the console of SF, because of the log command, the output should appear as follows;
01:11:48: %SEC-6-IPACCESSLOGP: list 110 denied tcp
192.168.10.2(1030) -> 172.16.10.6(23), 1 packet
01:13:04: %SEC-6-IPACCESSLOGP: list 110 denied tcp
192.168.10.2(1030) -> 172.16.10.6(23), 3 packets