Back to Dashboard
Module 56
Comprehensive Lab 1 - Full Network Implementation
โ Previous Module
Next Module โ
# ๐ CCNA 200-301 - Video 56: Comprehensive Lab 1 - Full Network Implementation ## Deep Study Notes --- ## ๐ Learning Objectives By the end of this lab, you should be able to: - Design and implement a complete enterprise network - Configure VLANs, trunking, and STP - Configure inter-VLAN routing - Configure OSPF as the routing protocol - Configure NAT for internet access - Configure DHCP services - Configure ACLs for security - Verify end-to-end connectivity --- ## ๐ง Lab Topology ### Network Diagram ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ ENTERPRISE NETWORK โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ Internet โ โ โ โ โ โ โ โ โโโโโโโโโโผโโโโโโโโโ โ โ โ ISP Router โ โ โ โ 203.0.113.2 โ โ โ โโโโโโโโโโฌโโโโโโโโโ โ โ โ โ โ โ 203.0.113.0/30 โ โ โ โ โ โโโโโโโโโโผโโโโโโโโโ โ โ โ Edge Router โ โ โ โ (NAT, OSPF) โ โ โ โ 203.0.113.1 โ โ โ โโโโโโโโโโฌโโโโโโโโโ โ โ โ โ โ โโโโโโโโโโโดโโโโโโโโโโ โ โ โ โ โ โ โโโโโโโโโโผโโโโโโโโโ โโโโโโโโโโผโโโโโโโโโ โ โ โ Core Switch โ โ Core Switch โ โ โ โ (L3 Switch) โ โ (L3 Switch) โ โ โ โ VLAN 100 โ โ VLAN 100 โ โ โ โ 10.0.100.0/24 โ โ 10.0.100.0/24 โ โ โ โโโโโโโโโโฌโโโโโโโโโ โโโโโโโโโโฌโโโโโโโโโ โ โ โ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโ โ โ โ โ โ โ โ โ โโโโโโโโโโผโโโโโโโโโ โโโโโโโโโโโผโโโโโโโโโโ โโโโโโโโโผโโโโโโโโโโ โโโโโโโโโโโผโโโโโโโโโโ โ โ Distribution โ โ Distribution โ โ Distribution โ โ Distribution โโ โ โ Switch (Dist1) โ โ Switch (Dist2) โ โ Switch (Dist3) โ โ Switch (Dist4) โโ โ โ VLANs: 10,20 โ โ VLANs: 10,20 โ โ VLANs: 30,40 โ โ VLANs: 30,40 โโ โ โ 10.0.10.0/24 โ โ 10.0.10.0/24 โ โ 10.0.30.0/24 โ โ 10.0.30.0/24 โโ โ โ 10.0.20.0/24 โ โ 10.0.20.0/24 โ โ 10.0.40.0/24 โ โ 10.0.40.0/24 โโ โ โโโโโโโโโโฌโโโโโโโโโ โโโโโโโโโโโฌโโโโโโโโโโ โโโโโโโโโฌโโโโโโโโโโ โโโโโโโโโโโฌโโโโโโโโโโ โ โ โ โ โ โ โ โโโโโโโโโโผโโโโโโโโโ โโโโโโโโโโโผโโโโโโโโโโ โโโโโโโโโผโโโโโโโโโโ โโโโโโโโโโโผโโโโโโโโโโ โ โ Access Switch โ โ Access Switch โ โ Access Switch โ โ Access Switch โโ โ โ (Access1) โ โ (Access2) โ โ (Access3) โ โ (Access4) โโ โ โ VLAN 10 - PCs โ โ VLAN 20 - PCs โ โ VLAN 30 - PCs โ โ VLAN 40 - PCs โโ โ โ 10.0.10.0/24 โ โ 10.0.20.0/24 โ โ 10.0.30.0/24 โ โ 10.0.40.0/24 โโ โ โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` --- ## ๐ง Configuration Steps ### Step 1: Core Network Configuration (IP Addressing Plan) | Device | Interface | IP Address | Subnet Mask | Description | |--------|-----------|------------|-------------|-------------| | **Edge Router** | Gi0/0 (WAN) | 203.0.113.1 | 255.255.255.252 | ISP Link | | | Gi0/1 (LAN) | 10.0.100.1 | 255.255.255.0 | Core Network | | **Core Switch 1** | VLAN 100 | 10.0.100.2 | 255.255.255.0 | Management | | | VLAN 10 | 10.0.10.1 | 255.255.255.0 | Engineering | | | VLAN 20 | 10.0.20.1 | 255.255.255.0 | Sales | | **Core Switch 2** | VLAN 100 | 10.0.100.3 | 255.255.255.0 | Management | | | VLAN 30 | 10.0.30.1 | 255.255.255.0 | IT | | | VLAN 40 | 10.0.40.1 | 255.255.255.0 | HR | | **Distribution Switches** | Trunk to Core | - | - | Pass VLANs | | **Access Switches** | Access Ports | - | - | End Devices | --- ### Step 2: Edge Router Configuration (Internet Gateway) ```cisco hostname Edge-Router ! ! Enable IP routing ip routing ! ! Configure WAN interface (to ISP) interface GigabitEthernet0/0 description Link to ISP ip address 203.0.113.1 255.255.255.252 no shutdown ! ! Configure LAN interface (to Core) interface GigabitEthernet0/1 description Link to Core Network ip address 10.0.100.1 255.255.255.0 no shutdown ! ! Configure static default route to ISP ip route 0.0.0.0 0.0.0.0 203.0.113.2 ! ! Configure OSPF for internal routing router ospf 1 router-id 1.1.1.1 network 10.0.0.0 0.0.255.255 area 0 ! ! Configure NAT for internal users access-list 10 permit 10.0.0.0 0.0.255.255 ip nat inside source list 10 interface GigabitEthernet0/0 overload ! ! Apply NAT to interfaces interface GigabitEthernet0/1 ip nat inside ! interface GigabitEthernet0/0 ip nat outside ! end ``` --- ### Step 3: Core Switch 1 Configuration (L3 Switch) ```cisco hostname Core-Switch1 ! ! Enable IP routing ip routing ! ! Configure OSPF router ospf 1 router-id 2.2.2.2 network 10.0.0.0 0.0.255.255 area 0 ! ! Create VLANs vlan 10 name Engineering ! vlan 20 name Sales ! vlan 100 name Management ! ! Configure SVIs (Switch Virtual Interfaces) interface Vlan10 description Engineering VLAN ip address 10.0.10.1 255.255.255.0 no shutdown ! interface Vlan20 description Sales VLAN ip address 10.0.20.1 255.255.255.0 no shutdown ! interface Vlan100 description Management VLAN ip address 10.0.100.2 255.255.255.0 no shutdown ! ! Configure uplink to Edge Router interface GigabitEthernet0/0 description Uplink to Edge Router no switchport ip address 10.0.100.2 255.255.255.0 no shutdown ! ! Configure trunk ports to Distribution Switches interface range GigabitEthernet0/1-2 description Trunk to Distribution Switches switchport mode trunk switchport trunk allowed vlan 10,20,100 ! ! Configure default gateway ip route 0.0.0.0 0.0.0.0 10.0.100.1 ! end ``` --- ### Step 4: Core Switch 2 Configuration (L3 Switch) ```cisco hostname Core-Switch2 ! ! Enable IP routing ip routing ! ! Configure OSPF router ospf 1 router-id 3.3.3.3 network 10.0.0.0 0.0.255.255 area 0 ! ! Create VLANs vlan 30 name IT ! vlan 40 name HR ! vlan 100 name Management ! ! Configure SVIs interface Vlan30 description IT VLAN ip address 10.0.30.1 255.255.255.0 no shutdown ! interface Vlan40 description HR VLAN ip address 10.0.40.1 255.255.255.0 no shutdown ! interface Vlan100 description Management VLAN ip address 10.0.100.3 255.255.255.0 no shutdown ! ! Configure uplink to Edge Router interface GigabitEthernet0/0 description Uplink to Edge Router no switchport ip address 10.0.100.3 255.255.255.0 no shutdown ! ! Configure trunk ports to Distribution Switches interface range GigabitEthernet0/1-2 description Trunk to Distribution Switches switchport mode trunk switchport trunk allowed vlan 30,40,100 ! ! Configure default gateway ip route 0.0.0.0 0.0.0.0 10.0.100.1 ! end ``` --- ### Step 5: Distribution Switch Configuration ```cisco hostname Dist-Switch1 ! ! Create VLANs vlan 10 name Engineering ! vlan 20 name Sales ! vlan 100 name Management ! ! Configure uplink trunk to Core Switch interface GigabitEthernet0/0 description Uplink to Core Switch1 switchport mode trunk switchport trunk allowed vlan 10,20,100 ! ! Configure downlink trunk to Access Switch interface GigabitEthernet0/1 description Downlink to Access Switch1 switchport mode trunk switchport trunk allowed vlan 10,20,100 ! ! Configure management interface interface Vlan100 ip address 10.0.100.10 255.255.255.0 ! ! Default gateway ip default-gateway 10.0.100.2 ! end ``` --- ### Step 6: Access Switch Configuration ```cisco hostname Access-Switch1 ! ! Create VLANs vlan 10 name Engineering ! vlan 100 name Management ! ! Configure uplink trunk to Distribution Switch interface GigabitEthernet0/0 description Uplink to Dist-Switch1 switchport mode trunk switchport trunk allowed vlan 10,100 ! ! Configure access ports for PCs interface range FastEthernet0/1-24 description Engineering PCs switchport mode access switchport access vlan 10 spanning-tree portfast ! ! Configure management interface interface Vlan100 ip address 10.0.100.20 255.255.255.0 ! ! Default gateway ip default-gateway 10.0.100.2 ! end ``` --- ### Step 7: DHCP Server Configuration ```cisco hostname DHCP-Server ! ! Configure IP address on management VLAN interface GigabitEthernet0/0 ip address 10.0.100.50 255.255.255.0 no shutdown ! ! Configure DHCP pools for each VLAN ip dhcp excluded-address 10.0.10.1 10.0.10.10 ip dhcp excluded-address 10.0.20.1 10.0.20.10 ip dhcp excluded-address 10.0.30.1 10.0.30.10 ip dhcp excluded-address 10.0.40.1 10.0.40.10 ! ! Engineering VLAN (VLAN 10) ip dhcp pool ENGINEERING network 10.0.10.0 255.255.255.0 default-router 10.0.10.1 dns-server 8.8.8.8 8.8.4.4 domain-name engineering.local lease 7 ! ! Sales VLAN (VLAN 20) ip dhcp pool SALES network 10.0.20.0 255.255.255.0 default-router 10.0.20.1 dns-server 8.8.8.8 8.8.4.4 domain-name sales.local lease 7 ! ! IT VLAN (VLAN 30) ip dhcp pool IT network 10.0.30.0 255.255.255.0 default-router 10.0.30.1 dns-server 8.8.8.8 8.8.4.4 domain-name it.local lease 7 ! ! HR VLAN (VLAN 40) ip dhcp pool HR network 10.0.40.0 255.255.255.0 default-router 10.0.40.1 dns-server 8.8.8.8 8.8.4.4 domain-name hr.local lease 7 ! ! Configure IP helper on Core Switches for DHCP relay ! (Configured on Core Switch SVIs) ! end ``` --- ### Step 8: IP Helper Configuration (On Core Switches) ```cisco ! On Core-Switch1 (for VLANs 10 and 20) Core-Switch1(config)# interface Vlan10 Core-Switch1(config-if)# ip helper-address 10.0.100.50 Core-Switch1(config-if)# exit Core-Switch1(config)# interface Vlan20 Core-Switch1(config-if)# ip helper-address 10.0.100.50 Core-Switch1(config-if)# exit ! On Core-Switch2 (for VLANs 30 and 40) Core-Switch2(config)# interface Vlan30 Core-Switch2(config-if)# ip helper-address 10.0.100.50 Core-Switch2(config-if)# exit Core-Switch2(config)# interface Vlan40 Core-Switch2(config-if)# ip helper-address 10.0.100.50 Core-Switch2(config-if)# exit ``` --- ### Step 9: ACL Configuration for Security ```cisco ! On Edge Router - Restrict management access access-list 10 permit 10.0.0.0 0.0.255.255 ! line vty 0 4 access-class 10 in transport input ssh ! ! On Core Switch - Restrict inter-VLAN traffic ! Allow Engineering to access IT servers only access-list 110 permit ip 10.0.10.0 0.0.0.255 10.0.30.0 0.0.0.255 access-list 110 deny ip any any ! interface Vlan10 ip access-group 110 in ! ! Allow Sales to access HR servers only access-list 120 permit ip 10.0.20.0 0.0.0.255 10.0.40.0 0.0.0.255 access-list 120 deny ip any any ! interface Vlan20 ip access-group 120 in ``` --- ### Step 10: Port Security Configuration ```cisco ! On Access Switches - Enable port security interface range FastEthernet0/1-24 switchport port-security switchport port-security maximum 2 switchport port-security violation shutdown switchport port-security mac-address sticky switchport port-security aging time 60 switchport port-security aging type inactivity ``` --- ### Step 11: Spanning Tree Configuration ```cisco ! On Core-Switch1 - Set as root for VLANs 10 and 20 Core-Switch1(config)# spanning-tree vlan 10 root primary Core-Switch1(config)# spanning-tree vlan 20 root primary Core-Switch1(config)# spanning-tree vlan 100 root secondary ! On Core-Switch2 - Set as root for VLANs 30 and 40 Core-Switch2(config)# spanning-tree vlan 30 root primary Core-Switch2(config)# spanning-tree vlan 40 root primary Core-Switch2(config)# spanning-tree vlan 100 root secondary ! On Access Switches - Enable PortFast Access-Switch1(config)# interface range FastEthernet0/1-24 Access-Switch1(config-if-range)# spanning-tree portfast ``` --- ### Step 12: Verification Commands ```cisco ! Verify interfaces show ip interface brief ! Verify routing show ip route ! Verify OSPF neighbors show ip ospf neighbor ! Verify VLANs show vlan brief ! Verify trunks show interfaces trunk ! Verify DHCP bindings show ip dhcp binding ! Verify NAT translations show ip nat translations ! Verify ACLs show access-lists ! Verify port security show port-security ! Verify STP show spanning-tree ! Test connectivity ping 8.8.8.8 traceroute 8.8.8.8 ``` --- ### Step 13: End-to-End Connectivity Test ```cisco ! From Engineering PC (10.0.10.10) PC> ping 10.0.20.10 ! Should succeed (same core) PC> ping 10.0.30.10 ! Should succeed (different core) PC> ping 8.8.8.8 ! Should succeed (via NAT) PC> ping google.com ! Should succeed (DNS resolution) ! From Sales PC (10.0.20.10) PC> ping 10.0.10.10 ! Should succeed PC> ping 10.0.40.10 ! Should succeed (HR) PC> ping 8.8.8.8 ! Should succeed ! From IT PC (10.0.30.10) PC> ping 10.0.10.10 ! Should succeed (ACL allows) PC> ping 10.0.40.10 ! Should succeed PC> ping 8.8.8.8 ! Should succeed ``` --- ## ๐ Summary This comprehensive lab implements: ``` โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ LAB IMPLEMENTATION SUMMARY โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ โ LAYER 2 CONFIGURATION: โ โ โโโ VLANs created (10,20,30,40,100) โ โ โโโ Trunk ports configured between switches โ โ โโโ Access ports configured for end devices โ โ โโโ STP with root bridge placement โ โ โโโ PortFast and port security on access ports โ โ โ โ โ LAYER 3 CONFIGURATION: โ โ โโโ SVIs on Core Switches โ โ โโโ OSPF routing between Core Switches and Edge Router โ โ โโโ Default route to ISP โ โ โโโ Inter-VLAN routing โ โ โ โ โ IP SERVICES: โ โ โโโ DHCP server with pools for each VLAN โ โ โโโ IP helper-address on Core Switches โ โ โโโ DNS configuration โ โ โ โ โ SECURITY: โ โ โโโ NAT for internet access โ โ โโโ ACLs for inter-VLAN traffic control โ โ โโโ VTY access control (management) โ โ โโโ Port security on access ports โ โ โ โ โ VERIFICATION: โ โ โโโ show ip route โ โ โโโ show ip ospf neighbor โ โ โโโ show vlan brief โ โ โโโ show interfaces trunk โ โ โโโ ping/traceroute tests โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ ``` --- ## ๐งช Practice Questions **1. What is the purpose of the `ip helper-address` command on Core Switches?** - A) Enable DHCP server - B) Forward DHCP broadcasts to DHCP server - C) Configure DNS server - D) Enable routing <details> <summary>Answer</summary> <b>B) Forward DHCP broadcasts to DHCP server</b> - IP helper forwards DHCP requests across subnets. </details> **2. Why are different root bridges configured for different VLANs?** - A) To improve security - B) To provide load balancing - C) To reduce broadcast traffic - D) To enable routing <details> <summary>Answer</summary> <b>B) To provide load balancing</b> - Different root bridges distribute traffic across links. </details> **3. What does the ACL on VLAN 10 interface accomplish?** - A) Blocks all traffic - B) Allows Engineering to access IT only - C) Allows Engineering to access all VLANs - D) Blocks internet access <details> <summary>Answer</summary> <b>B) Allows Engineering to access IT only</b> - The ACL permits Engineering to IT and denies other traffic. </details> **4. Why is PortFast configured on access ports?** - A) To increase security - B) To bypass STP listening/learning states - C) To enable trunking - D) To enable routing <details> <summary>Answer</summary> <b>B) To bypass STP listening/learning states</b> - PortFast immediately transitions to forwarding state. </details> **5. What is the purpose of the NAT configuration on Edge Router?** - A) To block traffic - B) To translate private IPs to public IP - C) To route between VLANs - D) To enable DHCP <details> <summary>Answer</summary> <b>B) To translate private IPs to public IP</b> - NAT allows internal devices to access internet. </details> --- ## ๐ Next Steps After completing Video 56, you should be ready for: - **Video 57:** Comprehensive Lab 2 - Troubleshooting - **Video 58:** Final Exam Preparation **Lab Practice:** 1. Build this network in Packet Tracer 2. Verify all configurations 3. Test connectivity between all devices 4. Test internet access via NAT 5. Verify ACLs are working correctly 6. Test DHCP functionality 7. Verify OSPF neighbor relationships --- **Ready for Video 57?** Share the link or say "next" and I'll continue with Comprehensive Lab 2 - Troubleshooting. I'll continue with **Video 57: Comprehensive Lab 2 - Troubleshooting** based on the standard CCNA 200-301 curriculum. ---