Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
15 views34 pages

CCNP Encore Lab

This document serves as a guide for implementing network protocols including Time Synchronization, First-Hop Redundancy Protocol, and Network Address Translation (NAT). It details the configuration of NTP (Network Time Protocol) on routers and switches, emphasizing the importance of synchronized time for network management and security. The document provides step-by-step instructions for setting up NTP, including commands for configuring devices and verifying synchronization status.

Uploaded by

alatsis.n
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views34 pages

CCNP Encore Lab

This document serves as a guide for implementing network protocols including Time Synchronization, First-Hop Redundancy Protocol, and Network Address Translation (NAT). It details the configuration of NTP (Network Time Protocol) on routers and switches, emphasizing the importance of synchronized time for network management and security. The document provides step-by-step instructions for setting up NTP, including commands for configuring devices and verifying synchronization status.

Uploaded by

alatsis.n
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

I.

LAB OVERVIEW
This guide covers the following subjects:

▪ Time Synchronization: This section describes the need for synchronizing time in
an environment and covers Network Time Protocol and its operations to keep time consistent across
devices.

▪ First-Hop Redundancy Protocol: This section gives details on how multiple routers can provide
resilient gateway functionality to hosts at the Layer 2/Layer 3 boundaries.

▪ Network Address Translation (NAT): This section explains how a router can translate IP addresses
from one network realm to another.

In addition to routing and switching network packets, a router can perform additional functions to enhance a
network. This chapter covers time synchronization, virtual Gateway technologies, and Network Address
Translation.

2 By Justin O. OLANGI
II. NETWORK TIME PROTOCOL LAB
A device’s system time is used to measure periods of idle state or computation. Ensuring that the time is
consistent on a system is important because applications often use the system time to tune internal
processes.

From the perspective of managing a network, it is important that the time be synchronized between network
devices for several reasons:

▪ Managing passwords that change at specific time intervals,


▪ Encryption key exchanges,
▪ Checking validity of certificates based on expiration date and time,
▪ Correlation of security-based events across multiple devices (routers, switches, firewalls, network
access control systems, and so on),
▪ Troubleshooting network devices and correlating events to identify the root cause of an event.

For more details about NTP, see the Cisco CCNP ENCOR course.

3 By Justin O. OLANGI
III. NTP CONFIGURATION
The configuration of an NTP client is pretty straightforward. The client configuration uses the global
configuration command ntp server ip-address [prefer] [source interface-id]. The source interface, which is
optional, is used to stipulate the source IP address for queries for that server.

Multiple NTP servers can be configured for redundancy, and adding the optional prefer keyword indicates
which NTP server time synchronization should come from.

Cisco devices can act as a server after they have been able to query an NTP server.

III.1 Build the Network and Configure Basic Device Settings and Interface Addressing

a. R1
Router(config)# hostname R1
R1(config)# ip domain lookup source-interface g0/0
R1(config)# ip name-server 8.8.8.8 8.8.4.4
R1(config)# ip domain name ccnp.lab.nt

R1(config)# line con 0


R1(config-if)# logging sync
R1(config-if)# exec-time 3 60
R1(config-if)# exit
R1(config)# banner motd # This is R1, Implement NTP Lab #

R1(config)# interface g0/0


R1(config-if)# ip add dhcp
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# interface g0/1


R1(config-if)# description LINK-TO-R2
R1(config-if)# ip address 10.0.0.1 255.255.255.252
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# interface g0/2.1


R1(config-if)# description DEFAULT-GATEWAY-VLAN1
R1(config-if)# encapsulation dot1q 1 native
R1(config-if)# ip address 172.16.1.1 255.255.255.0
R1(config-if)# exit

R1(config)# interface g0/2.10


R1(config-if)# description DEFAULT-GATEWAY-VLAN10
R1(config-if)# encapsulation dot1q 10
R1(config-if)# ip address 172.16.10.1 255.255.255.0
R1(config-if)# exit

4 By Justin O. OLANGI
R1(config)# interface g0/2.20
R1(config-if)# description DEFAULT-GATEWAY-VLAN20
R1(config-if)# encapsulation dot1q 20
R1(config-if)# ip address 172.16.20.1 255.255.255.0
R1(config-if)# exit
R1(config)# interface g0/2
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# ip dhcp pool VLAN 200


R1(dhcp-config)# network 172.16.20.0 255.255.255.0
R1(dhcp-config)# default-router 172.16.20.1
R1(dhcp-config)# dns-server 8.8.8.8 8.8.4.4
R1(dhcp-config)# ip dhcp excluded-address 172.16.20.1 172.16.20.9

b. R2
Router(config)# hostname R2
R2(config)# ip domain lookup source-interface g0/0
R2(config)# ip name-server 8.8.8.8 8.8.4.4
R2(config)# ip domain name ccnp.lab.nt

R2(config)# line con 0


R2(config-if)# logging sync
R2(config-if)# exec-time 3 60
R2(config-if)# exit
R2(config)# banner motd # This is R2, Implement NTP Lab #

R2(config)# interface g0/0


R2(config-if)# ip add dhcp
R2(config-if)# no shut
R2(config-if)# exit

R2(config)# interface g0/1


R2(config-if)# description LINK-TO-R1
R2(config-if)# ip address 10.0.0.2 255.255.255.252
R2(config-if)# no shut
R2(config-if)# exit

R2(config)# interface g0/2.1


R2(config-if)# description DEFAULT-GATEWAY-VLAN1
R2(config-if)# encapsulation dot1q 1 native
R2(config-if)# ip address 172.16.1.2 255.255.255.0
R2(config-if)# exit

R2(config)# interface g0/2.10


R2(config-if)# description DEFAULT-GATEWAY-VLAN10
R2(config-if)# encapsulation dot1q 10
R2(config-if)# ip address 172.16.10.2 255.255.255.0
R2(config-if)# exit

R2(config)# interface g0/2.20


R2(config-if)# description DEFAULT-GATEWAY-VLAN20
R2(config-if)# encapsulation dot1q 20

5 By Justin O. OLANGI
R2(config-if)# ip address 172.16.20.2 255.255.255.0
R2(config-if)# exit

R2(config)# interface g0/2


R2(config-if)# no shut
R2(config-if)# exit

R2(config)# ip dhcp pool VLAN 10


R2(dhcp-config)# network 172.16.10.0 255.255.255.0
R2(dhcp-config)# default-router 172.16.10.2
R2(dhcp-config)# dns-server 8.8.8.8 8.8.4.4
R2(dhcp-config)# ip dhcp excluded-address 172.16.10.1 172.16.10.9

c. SW1
Switch(config)# hostname SW1
SW1(config)# ip domain lookup source-interface vlan 1
SW1(config)# ip name-server 8.8.8.8 8.8.4.4
SW1(config)# ip domain name ccnp.lab.nt

SW1(config)# line con 0


SW1(config-if)# logging sync
SW1(config-if)# exec-time 3 60
SW1(config-if)# exit
SW1(config)# banner motd # This is SW1, Implement NTP Lab #

SW1(config)# vlan 10
SW1(config-vlan)# name Users10
SW1(config-vlan)# exit

SW1(config)# vlan 20
SW1(config-vlan)# name Users20
SW1(config-vlan)# exit

SW1(config)# interface vlan 1


SW1(config-if)# ip address 172.16.1.3 255.255.255.0
SW (config-if)# no shut
SW1(config-if)# exit

SW2(config-if)# ip default-gateway 172.16.1.1

SW1(config)# interface range g0/1-3


SW1(config-if)# channel-group 1 mode active
SW1(config-if)# exit

SW1(config)# interface port-channel 1


SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk allowed vlan 1,10,20
SW1(config-if)# switchport trunk native vlan 1
SW1(config-if)# switchport nonegotiate
SW1(config-if)# exit

6 By Justin O. OLANGI
SW1(config)# interface g0/0
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk allowed vlan 1,10,20
SW1(config-if)# switchport trunk native vlan 1
SW1(config-if)# switchport nonegotiate
SW1(config-if)# exit

SW1(config)# interface g1/0


SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 20
SW1(config-if)# exit

c. SW2
Switch(config)# hostname SW2
SW2(config)# ip domain lookup source-interface vlan 1
SW2(config)# ip name-server 8.8.8.8 8.8.4.4
SW2(config)# ip domain name ccnp.lab.nt

SW2(config)# line con 0


SW2(config-if)# logging sync
SW2(config-if)# exec-time 3 60
SW2(config-if)# exit
SW2(config)# banner motd # This is SW2, Implement NTP Lab #

SW2(config)# vlan 10
SW2(config-vlan)# name Users10
SW2(config-vlan)# exit

SW2(config)# vlan 20
SW2(config-vlan)# name Users20
SW2(config-vlan)# exit

SW2(config)# interface vlan 1


SW2(config-if)# ip address 172.16.1.4 255.255.255.0
SW2(config-if)# no shut
SW2(config-if)# exit

SW2(config-if)# ip default-gateway 172.16.1.1

SW2(config)# interface range g0/1-3


SW2(config-if)# channel-group 1 mode passive
SW2(config-if)# exit

SW2(config)# interface port-channel 1


SW2(config-if)# switchport trunk encapsulation dot1q
SW2(config-if)# switchport mode trunk
SW2(config-if)# switchport trunk allowed vlan 1,10,20
SW2(config-if)# switchport trunk native vlan 1
SW2(config-if)# switchport nonegotiate
SW2(config-if)# exit

7 By Justin O. OLANGI
SW2(config)# interface g0/0
SW2(config-if)# switchport trunk encapsulation dot1q
SW2(config-if)# switchport mode trunk
SW2(config-if)# switchport trunk allowed vlan 1,10,20
SW2(config-if)# switchport trunk native vlan 1
SW2(config-if)# switchport nonegotiate
SW2(config-if)# exit

SW1(config)# interface g1/0


SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 20
SW1(config-if)# exit

III.2 Configure NTP P2P and Verify

III.2.1 Configure

a. R1
R1(config)# clock timezone WAT +1
R1(config)# ntp server ntp2.ispa-drc.cd prefer Will be selected
R1(config)# ntp server ntp1.ispa-drc.cd
R1(config)# ntp server 1.1.1.1

b. R2
R1(config)# clock timezone WAT +1
R1(config)# ntp server ntp2.ispa-drc.cd
R1(config)# ntp server ntp1.ispa-drc.cd prefer Will be selected
R1(config)# ntp server 1.1.1.1

III.2.1 Verify

a. R1

R1(config)#do show ntp status


Clock is synchronized, stratum 3, reference is 196.216.216.23
nominal freq is 1000.0003 Hz, actual freq is 1000.5002 Hz, precision is 2**15
ntp uptime is 177500 (1/100 of seconds), resolution is 1000
reference time is EAEF276D.9DF663B5 (17:42:21.617 WAT Mon Nov 25 2024)
clock offset is 579.8925 msec, root delay is 11.48 msec
root dispersion is 8005.37 msec, peer dispersion is 1938.14 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is -0.000499964 s/s
system poll interval is 64, last update was 90 sec ago.

NTP server ntp2.ispa-drc.cd prefer selected as NTP Server

8 By Justin O. OLANGI
b. R2

R2(config)#do show ntp status


Clock is synchronized, stratum 3, reference is 196.216.216.24
nominal freq is 1000.0003 Hz, actual freq is 1000.5002 Hz, precision is 2**15
ntp uptime is 175900 (1/100 of seconds), resolution is 1000
reference time is EAEF25D7.F8A8BD02 (17:35:35.971 WAT Mon Nov 25 2024)
clock offset is 15871.2445 msec, root delay is 6.05 msec
root dispersion is 22346.22 msec, peer dispersion is 4.89 msec
loopfilter state is 'SPIK' (Spike), drift is -0.000499979 s/s
system poll interval is 64, last update was 447 sec ago.

NTP server ntp1.ispa-drc.cd prefer selected as NTP Server

III.3 Configure NTP Broadcast

III.3.1 Configure

a. R1
R1(config)# interface g0/2.1
R1(config-if)# ntp broadcast destination 172.16.1.255 VLAN 1 Broadcast
R1(config-if)# exit IP address

b. R2
R2(config)# interface g0/2.1
VLAN 1 Broadcast
R2(config-if)# ntp broadcast destination 172.16.1.255
R2(config-if)# exit IP address

c. SW1
SW1(config)# interface vlan 1
SW1(config-if)# ntp broadcast client
SW1(config-if)# exit
d. SW2
SW2(config)# interface vlan 1
SW2(config-if)# ntp broadcast client
SW2(config-if)# exit

III.4 Configure NTP Peer between two devices for redundancy

III.4.1 Configure between R1 and R2

a. R1
R1(config)# ntp peer 10.0.0.2 Neighbor IP address

b. R2
R2(config)# ntp peer 10.0.0.1 Neighbor IP address

9 By Justin O. OLANGI
III.4.2 Configure between SW1 and SW2

c. SW1
SW1(config)# ntp peer 172.16.1.4 Neighbor IP address

b. SW2
SW2(config)# ntp peer 172.16.1.3 Neighbor IP address

III.5 Test Ping from PC1 to 192.168.106.183 without FHRP

PC1> show ip

NAME : PC1[1]
IP/MASK : 172.16.20.10/24
GATEWAY : 172.16.20.2
DNS : 8.8.8.8 8.8.4.4
DHCP SERVER : 172.16.20.2
DHCP LEASE : 85472, 86400/43200/75600
MAC : 00:50:79:66:68:06
LPORT : 20000
RHOST:PORT : 127.0.0.1:30000
MTU : 1500

PC1> ping 192.168.106.183

84 bytes from 192.168.106.183 icmp_seq=1 ttl=255 time=13.624 ms


84 bytes from 192.168.106.183 icmp_seq=2 ttl=255 time=10.337 ms
84 bytes from 192.168.106.183 icmp_seq=3 ttl=255 time=48.482 ms
84 bytes from 192.168.106.183 icmp_seq=4 ttl=255 time=42.040 ms
84 bytes from 192.168.106.183 icmp_seq=5 ttl=255 time=10.128 ms

PC1>

Two default gateway per VLAN but one is prefered :

- VLAN 1 : 172.16.1.1 (R1 prefered) and 172.16.1.2 (R2)


- VLAN 10 : 172.16.10.1 (R1 prefered) and 172.16.10.2 (R2)
- VLAN 20 : 172.16.20.1 (R1) and 172.16.20.2 (R2 preferd)

10 By Justin O. OLANGI
Ping from PC1 to 192.168.106.183

ICMP Reply ICMP Request

The deployment of first-hop redundancy protocols (FHRPs) solves the problem of hosts configuring multiple
gateways. FHRPs work by creating a virtual IP (VIP) Gateway instance that is shared between the Layer 3
devices. This book covers the following FHRPs:

▪ Hot Standby Router Protocol (HSRP)


▪ Virtual Router Redundancy Protocol (VRRP)
▪ Gateway Load Balancing Protocol (GLBP)

11 By Justin O. OLANGI
IV. HOT STANDBY ROUTER PROTOCOL LAB
Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol that provides transparent failover of
the first-hop device, which typically acts as a gateway to the hosts.

HSRP provides routing redundancy for IP hosts on an Ethernet network configured with a default gateway
IP address. A minimum of two devices are required to enable HSRP: One device acts as the active device
and takes care of forwarding the packets, and the other acts as a standby that is ready to take over the role
of active device in the event of a failure.

For more details about HSRPv2 and HSRPv3, see the Cisco CCNP ENCOR course.

12 By Justin O. OLANGI
V. HSRP CONFIGURATION
The following steps show how to configure an HSRP virtual IP (VIP) gateway instance:

Step 1. Define the HSRP instance by using the command standby instance-id ip vip-address.

Step 2. (Optional) Configure HSRP router preemption to allow a more preferred router to take the active
router status from an inferior active HSRP router. Enable preemption with the command standby instance-id
preempt.

Step 3. (Optional) Define the HSRP priority by using the command standby instance-id priority priority. The
priority is a value between 0 and 255.

Step 4. Define the HSRP MAC Address (Optional). The MAC address can be set with the command standby
instance-id macaddress mac-address. Most organizations accept the automatically generated MAC address,
but in some migration scenarios, the MAC address needs to be statically set to ease transitions when the
hosts may have a different MAC address in their ARP table.

Step 5. (Optional) Define the HSRP timers by using the command standby instance-id timers {seconds |
msec milliseconds}. HSRP can poll in intervals of 1 to 254 seconds or 15 to 999 milliseconds.

V.1 Build the Network and Interface Addressing for our HSRP Implementation

We're going to keep the previous configuration on interfaces, IP address, NTP, EtherChannel, but we'll
modify the Default Gateway on the switches and the DHCP server with a new default address.

a. R1
R1(config)# ip dhcp pool VLAN 20
R1(config-dhcp)# network 172.16.20.0 255.255.255.0
R1(config-dhcp)# no default-router 172.16.20.2
R1(config-dhcp)# default-router 172.16.20.3
R1(config-dhcp)# dns-server 8.8.8.8 8.8.4.4
R1(config-dhcp)# ip dhcp excluded-address 172.16.20.1 172.16.20.9

b. R2
R2(config)# ip dhcp pool VLAN 10
R2(dhcp-config)# network 172.16.10.0 255.255.255.0
R2(dhcp-config)# no default-router 172.16.10.1
R2(dhcp-config)# default-router 172.16.10.3
R2(dhcp-config)# dns-server 8.8.8.8 8.8.4.4
R2(dhcp-config)# ip dhcp excluded-address 172.16.10.1 172.16.10.9

13 By Justin O. OLANGI
c. SW1
SW1(config)# no ip default-gateway 172.16.1.1
SW1(config)# ip default-gateway 172.16.1.254

d. SW2
SW2(config)# no ip default-gateway 172.16.1.1
SW2(config)# ip default-gateway 172.16.1.254

V.2 Configure HSRPv2 and Verify

V.2.1 Configure HSRPv2

a. R1
R1(config)# interface g0/2.1
R1(config-if)# standby version 2
R1(config-if)# standby 1 ip 172.16.1.254
R1(config-if)# standby 1 priority 200
R1(config-if)# standby 1 preempt

R1(config)# interface g0/2.10


R1(config-if)# standby version 2
R1(config-if)# standby 1 ip 172.16.10.3
R1(config-if)# standby 1 priority 200
R1(config-if)# standby 1 preempt

R1(config)# interface g0/2.20


R1(config-if)# standby version 2
R1(config-if)# standby 1 ip 172.16.20.3
R1(config-if)# standby 1 priority 150
R1(config-if)# standby 1 preempt

b. R2
R2(config)# interface g0/2.1
R2(config-if)# standby version 2
R2(config-if)# standby 1 ip 172.16.1.254
R2(config-if)# standby 1 priority 150
R2(config-if)# standby 1 preempt

R2(config)# interface g0/2.10


R2(config-if)# standby version 2
R2(config-if)# standby 1 ip 172.16.10.3
R2(config-if)# standby 1 priority 150
R2(config-if)# standby 1 preempt

R2(config)# interface g0/2.20


R2(config-if)# standby version 2
R2(config-if)# standby 1 ip 172.16.20.3

14 By Justin O. OLANGI
R2(config-if)# standby 1 priority 200
R2(config-if)# standby 1 preempt

V.2.1 Verify HSRPv2

a. R1

R1#show standby brief


P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/2.1 1 200 P Active local 172.16.1.2 172.16.1.254
Gi0/2.10 1 200 P Active local 172.16.10.2 172.16.10.3
Gi0/2.20 1 150 P Standby 172.16.20.2 local 172.16.20.3
R1#

b. R2

R2#show standby brief


P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/2.1 1 150 P Standby 172.16.1.1 local 172.16.1.254
Gi0/2.10 1 150 P Standby 172.16.10.1 local 172.16.10.3
Gi0/2.20 1 200 P Active local 172.16.20.1 172.16.20.3
R2#

V.3 Optimising HSRP configuration

V.3.1 Object Tracking

To ensure optimal traffic flow when a WAN link goes down, in our case these are GigabitEthernet interfaces
0/0 for R1 and R2, it would be nice to be able to determine the availability of routes or the interface state to
which FHRP route traffic is directed.

Object tracking offers a flexible and customizable mechanism for linking with FHRPs and other routing
components (for example, conditional installation of a static route). With this feature, users can track specific
objects in the network and take necessary action when any object’s state change affects network traffic.

Tracking of routes in the routing table is accomplished with the command track object number ip route
route/prefix-length reachability. The status object tracking can be viewed with the command show track
[object-number].

15 By Justin O. OLANGI
a. R1 : Track interface G0/0 Line Protocol State, Static route reachability
R1(config)# track 1 interface g0/0 line-protocol
R1(config-track)# track 2 ip route 0.0.0.0/0 reachability
R1(config-track)# track 3 ip route 1.1.1.1/32 reachability
R1(config-track)# exit

R1(config-track)#do show track


Track 1
Interface GigabitEthernet0/0 line-protocol
Line protocol is Up
1 change, last change 00:04:29
Track 2
IP route 0.0.0.0 0.0.0.0 reachability
Reachability is Up (static)
1 change, last change 00:00:05
First-hop interface is GigabitEthernet0/0
Track 3
IP route 1.1.1.1 255.255.255.255 reachability
Reachability is Up (static)
1 change, last change 00:00:04
First-hop interface is GigabitEthernet0/0
R1(config-track)#

b. R2 : Track interface G0/0 Line Protocol State, Static route reachability


R2(config)# track 1 interface g0/0 line-protocol
R2(config-track)# track 2 ip route 0.0.0.0/0 reachability
R2(config-track)# track 3 ip route 1.1.1.1/32 reachability
R2(config-track)# exit

R2(config)#do show track


Track 1
Interface GigabitEthernet0/0 line-protocol
Line protocol is Up
1 change, last change 00:05:15
Track 2
IP route 0.0.0.0 0.0.0.0 reachability
Reachability is Up (static)
2 changes, last change 00:00:21
First-hop interface is GigabitEthernet0/0
Track 3
IP route 1.1.1.1 255.255.255.255 reachability
Reachability is Up (static)
2 changes, last change 00:00:06
First-hop interface is GigabitEthernet0/0
R2(config)#

16 By Justin O. OLANGI
c. R1 : Apply the tracking in HSRP

R1(config)# int g0/2.1


R1(config-if)# standby 1 track 1 decrement 100
R1(config-if)# standby 1 track 2 decrement 100
R1(config-if)# standby 1 track 3 decrement 100
R1(config-if)# exit

R1(config)# int g0/2.10


R1(config-if)# standby 1 track 1 decrement 100
R1(config-if)# standby 1 track 2 decrement 100
R1(config-if)# standby 1 track 3 decrement 100
R1(config-if)# exit

d. R2 : Apply the tracking in HSRP

R2(config)# int g0/2.20


R2(config-if)# standby 1 track 1 decrement 100
R2(config-if)# standby 1 track 2 decrement 100
R2(config-if)# standby 1 track 3 decrement 100
R2(config-if)# exit

R2(config)#int g0/0
R2(config-if)#shut
R2(config-if)#
.Nov 26 11:55:13.111: %TRACK-6-STATE: 1 interface Gi0/0 line-protocol Up -> Down
.Nov 26 11:55:27.625: %TRACK-6-STATE: 2 ip route 0.0.0.0/0 reachability Up -> Down
.Nov 26 11:55:27.625: %TRACK-6-STATE: 3 ip route 1.1.1.1/32 reachability Up -> Down
R2(config-if)#
R2(config-if)#
.Nov 26 11:55:26.238: %HSRP-5-STATECHANGE: GigabitEthernet0/2.20 Grp 1 state Speak -> Standby
R2(config-if)#
R2(config-if)#do show standby br
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/2.1 1 150 P Standby 172.16.1.1 local 172.16.1.254
Gi0/2.10 1 150 P Standby 172.16.10.1 local 172.16.10.3
Gi0/2.20 1 0 P Standby 172.16.20.1 local 172.16.20.3
R2(config-if)#

R1 is now in Active mode for VLAN 20 because R2's priority for VLAN 20 has been changed to 0

17 By Justin O. OLANGI
PC1>
PC1> ping 192.168.106.183 -t

84 bytes from 192.168.106.183 icmp_seq=1 ttl=255 time=90.829 ms


84 bytes from 192.168.106.183 icmp_seq=2 ttl=255 time=26.035 ms
84 bytes from 192.168.106.183 icmp_seq=9 ttl=255 time=17.278 ms
84 bytes from 192.168.106.183 icmp_seq=10 ttl=255 time=15.759 ms
84 bytes from 192.168.106.183 icmp_seq=11 ttl=255 time=12.967 ms
192.168.106.183 icmp_seq=12 timeout
84 bytes from 192.168.106.183 icmp_seq=13 ttl=255 time=7.006 ms
84 bytes from 192.168.106.183 icmp_seq=14 ttl=255 time=178.055 ms
84 bytes from 192.168.106.183 icmp_seq=15 ttl=255 time=67.869 ms
84 bytes from 192.168.106.183 icmp_seq=21 ttl=255 time=48.368 ms
84 bytes from 192.168.106.183 icmp_seq=22 ttl=255 time=8.159 ms
^C
PC1>

Only one packet loss

V.3.1 HSRP Authentication (MD5) and Hello Time change

a. R1

R1(config)# int g0/2.1


R1(config-if)# standby 1 authentication md5 key-string Encor@123
R1(config-if)# exit

R1(config)# int g0/2.10


R1(config-if)# standby 1 authentication md5 key-string Encor@123
R1(config-if)# exit

R1(config)# int g0/2.20


R1(config-if)# standby 1 authentication md5 key-string Encor@123
R1(config-if)# exit

b. R2

R2(config)# int g0/2.1


R2(config-if)# standby 1 authentication md5 key-string Encor@123
R2(config-if)# exit

R2(config)# int g0/2.10


R2(config-if)# standby 1 authentication md5 key-string Encor@123
R2(config-if)# exit

R2(config)# int g0/2.20


R2(config-if)# standby 1 authentication md5 key-string Encor@123
R2(config-if)# exit

18 By Justin O. OLANGI
R2(config)#do show standby
GigabitEthernet0/2.20 - Group 1 (version 2)
State is Active
17 state changes, last state change 00:00:39
Virtual IP address is 172.16.20.3
Active virtual MAC address is 0000.0c9f.f001
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.432 secs
Authentication MD5, key-string
Preemption enabled
Active router is local
Standby router is 172.16.20.1, priority 150 (expires in 3.296 sec)
Priority 200 (configured 200)
Track object 1 state Up decrement 100
Track object 2 state Up decrement 100
Track object 3 state Up decrement 100
Group name is "hsrp-Gi0/2.20-1" (default)
R2(config)#

19 By Justin O. OLANGI
VI. VIRTUAL ROUTER REDUNDANCY PROTOCOL
Virtual Router Redundancy Protocol (VRRP) is an industry standard and operates similarly to HSRP. The
behavior of VRRP is so close to that of HSRP that the following différences should be noted:
▪ The preferred active router controlling the VIP gateway is called the master router. All other VRRP
routers are known as backup routers.
▪ VRRP enables preemption by default.
▪ The MAC address of the VIP gateway uses the structure 0000.5e00.01xx, where xx reflects the group
ID in hex.
▪ VRRP uses the multicast address 224.0.0.18 for communication.

There are currently two versions of VRRP:


▪ VRRPv2: Supports IPv4
▪ VRRPv3: Supports IPv4 and IPv6

For more details about VRRP, see the Cisco CCNP ENCOR course.

20 By Justin O. OLANGI
VII. VRRP CONFIGURATION
VII.1 Legacy VRRP Configuration

Early VRRP configuration supported only VRRPv2 and was non-hierarchical in its configuration. The
following steps are used for configuring older software versions with VRRP:

Step 1. Define the VRRP instance by using the command vrrp instance-id ip vip-address.

Step 2. (Optional) Define the VRRP priority by using the command vrrp instance-id priority priority. The
priority is a value between 0 and 255.

Step 3. (Optional) Enable object tracking so that the priority is decremented when the object is false. Do so
by using the command vrrp instance-id track object-id decrement decrement-value. The decrement value
should be high enough so that when it is removed from the priority, the value is lower than that of the other
VRRP router.

Step 4. (Optional) Establish VRRP authentication by using the command vrrp instance-id authentication
{text-password | text text-password | md5 {key-chain key-chain | key-string key-string}}.

VII.2 Hierarchical VRRP Configuration

The newer version of IOS XE software provides configuration of VRRP in a multi-address format that is
hierarchical. The steps for configuring hierarchical VRRP are as follows:

Step 1. Enable VRRPv3 on the router by using the command fhrp version vrrp v3.

Step 2. Define the VRRP instance by using the command vrrp instance-id addressfamily {ipv4 | ipv6}. This
places the configuration prompt into the VRRP group for additional configuration.

Step 3. (Optional) Change VRRP to Version 2 by using the command vrrpv2. VRRPv2 and VRRPv3 are not
compatible.

Step 4. Define the gateway VIP by using the command address ip-address.

Step 5. (Optional) Define the VRRP priority by using the command priority priority. The priority is a value
between 0 and 255.

Step 6. (Optional) Enable object tracking so that the priority is decremented when the object is false. Do so
by using the command track object-id decrement decrement-value. The decrement value should be high
enough so that when it is removed from the priority, the value is lower than that of the other VRRP router.

21 By Justin O. OLANGI
In this lab we have chosen the second configuration: Hierarchical VRRP Configuration.

VII.3 Build the Network and Interface Addressing for our VRRP Implementation

We're going to keep the previous configuration on interfaces, IP address, NTP, EtherChannel, but we'll
modify the Default Gateway on the switches and the DHCP server with a new default address.

We are going to delete the previous HSRP configuration.

a. R1
R1(config)# interface g0/2.1
R1(config-if)# no standby version 2
R1(config-if)# no standby 1 ip 172.16.1.254
R1(config-if)# no standby 1 priority 150
R1(config-if)# no standby 1 preempt
R1(config-if)# no standby 1 authentication md5 key-string Encor@123
R1(config-if)# no standby 1 timers 1 3
R1(config-if)# no standby 1 track 1 decrement 100
R1(config-if)# no standby 1 track 2 decrement 100
R1(config-if)# no standby 1 track 3 decrement 100
R1(config-if)# exit

R1(config)# interface g0/2.10


R1(config-if)# no standby version 2
R1(config-if)# no standby 1 ip 172.16.1.254
R1(config-if)# no standby 1 priority 150
R1(config-if)# no standby 1 preempt
R1(config-if)# no standby 1 authentication md5 key-string Encor@123
R1(config-if)# no standby 1 timers 1 3
R1(config-if)# no standby 1 track 1 decrement 100
R1(config-if)# no standby 1 track 2 decrement 100
R1(config-if)# no standby 1 track 3 decrement 100
R1(config-if)# exit

R1(config)# interface g0/2.20


R1(config-if)# no standby version 2
R1(config-if)# no standby 1 ip 172.16.1.254
R1(config-if)# no standby 1 priority 150
R1(config-if)# no standby 1 preempt
R1(config-if)# no standby 1 authentication md5 key-string Encor@123
R1(config-if)# no standby 1 timers 1 3
R1(config-if)# exit

b. R2
R2(config)# interface g0/2.1
R2(config-if)# no standby version 2
R2(config-if)# no standby 1 ip 172.16.1.254
R2(config-if)# no standby 1 priority 150
R2(config-if)# no standby 1 preempt
R2(config-if)# no standby 1 authentication md5 key-string Encor@123

22 By Justin O. OLANGI
R2(config-if)# no standby 1 timers 1 3
R2(config-if)# exit

R2(config)# interface g0/2.10


R2(config-if)# no standby version 2
R2(config-if)# no standby 1 ip 172.16.1.254
R2(config-if)# no standby 1 priority 150
R2(config-if)# no standby 1 preempt
R2(config-if)# no standby 1 authentication md5 key-string Encor@123
R2(config-if)# no standby 1 timers 1 3
R2(config-if)# exit

R2(config)# interface g0/2.20


R2(config-if)# no standby version 2
R2(config-if)# no standby 1 ip 172.16.1.254
R2(config-if)# no standby 1 priority 150
R2(config-if)# no standby 1 preempt
R2(config-if)# no standby 1 authentication md5 key-string Encor@123
R2(config-if)# no standby 1 timers 1 3
R2(config-if)# no standby 1 track 1 decrement 100
R2(config-if)# no standby 1 track 2 decrement 100
R2(config-if)# no standby 1 track 3 decrement 100
R2(config-if)# exit

VII.4 Configure VRRPv3 and Verify

VII.4.1 Configure VRRPv3

a. R1
R1(config)# fhrp version vrrp v3

R1(config)# int g0/2.1


R1(config-if)# vrrp 1 address-family ipv4
R1(config-if-vrrp)# address 172.16.1.254
R1(config-if-vrrp)# priority 200
R1(config-if-vrrp)# track 1 decrement 100
R1(config-if-vrrp)# track 2 decrement 100
R1(config-if-vrrp)# track 3 decrement 100
R1(config-if-vrrp)# exit
R1(config-if)# exit

R1(config)# int g0/2.10


R1(config-if)# vrrp 1 address-family ipv4
R1(config-if-vrrp)# address 172.16.10.3
R1(config-if-vrrp)# priority 200
R1(config-if-vrrp)# track 1 decrement 100
R1(config-if-vrrp)# track 2 decrement 100
R1(config-if-vrrp)# track 3 decrement 100
R1(config-if-vrrp)# exit
R1(config-if)# exit

23 By Justin O. OLANGI
R1(config)# int g0/2.20
R1(config-if)# vrrp 1 address-family ipv4
R1(config-if-vrrp)# address 172.16.20.3
R1(config-if-vrrp)# priority 150
R1(config-if-vrrp)# exit
R1(config-if)# exit

b. R2
R1(config)# fhrp version vrrp v3

R1(config)# int g0/2.1


R1(config-if)# vrrp 1 address-family ipv4
R1(config-if-vrrp)# address 172.16.1.254
R1(config-if-vrrp)# priority 150
R1(config-if-vrrp)# exit
R1(config-if)# exit

R1(config)# int g0/2.10


R1(config-if)# vrrp 1 address-family ipv4
R1(config-if-vrrp)# address 172.16.10.3
R1(config-if-vrrp)# priority 150
R1(config-if-vrrp)# exit
R1(config-if)# exit

R1(config)# int g0/2.20


R1(config-if)# vrrp 1 address-family ipv4
R1(config-if-vrrp)# address 172.16.20.3
R1(config-if-vrrp)# priority 150
R1(config-if-vrrp)# track 1 decrement 100
R1(config-if-vrrp)# track 2 decrement 100 Track
R1(config-if-vrrp)# track 3 decrement 100
R1(config-if-vrrp)# exit
R1(config-if)# exit

VII.4.2 Verify VRRPv3

a. R1

R1(config)#do show vrrp br


Interface Grp A-F Pri Time Own Pre State Master addr/Group addr
Gi0/2.1 1 IPv4 200 0 N Y MASTER 172.16.1.1(local) 172.16.1.254
Gi0/2.10 1 IPv4 200 0 N Y MASTER 172.16.10.1(local) 172.16.10.3
Gi0/2.20 1 IPv4 150 3414 N Y BACKUP 172.16.20.2 172.16.20.3
R1(config)#

24 By Justin O. OLANGI
b. R2

R2#show vrrp br
Interface Grp A-F Pri Time Own Pre State Master addr/Group addr
Gi0/2.1 1 IPv4 150 3414 N Y BACKUP 172.16.1.1 172.16.1.254
Gi0/2.10 1 IPv4 150 3414 N Y BACKUP 172.16.10.1 172.16.10.3
Gi0/2.20 1 IPv4 200 0 N Y MASTER 172.16.20.2(local) 172.16.20.3
R2#

25 By Justin O. OLANGI
VIII. GATEWAY LOAD BALANCING PROTOCOL
As the name suggests, Gateway Load Balancing Protocol (GLBP) provides gateway redundancy and load-
balancing capability to a network segment. It provides redundancy with an active/standby gateway, and it
provides load-balancing capability by ensuring that each member of the GLBP group takes care of forwarding
the traffic to the appropriate gateway.

The GLBP contains two roles:

▪ Active virtual gateway (AVG): The participating routers elect one AVG per GLBP group to respond
to initial ARP requests for the VIP. For example, when a local PC sends an ARP request for the VIP,
the AVG is responsible for replying to the ARP request with the virtual MAC address of the AVF.

▪ Active virtual forwarder (AVF): The AVF routes traffic received from assigned hosts. A unique
virtual MAC address is created and assigned by the AVG to the AVFs. The AVF is assigned to a host
when the AVG replies to the ARP request with the assigned AVF’s virtual MAC address. ARP replies
are unicast and are not heard by other hosts on that broadcast segment. When a host sends traffic
to the virtual AVF MAC, the current router is responsible for routing it to the appropriate network. The
AVFs are also recognized as Fwd instances on the routers.

GLBP supports four active AVFs and one AVG per GLBP group. A router can be an AVG and an AVF at the
same time. In the event of a failure of the AVG, there is not a disruption of traffic due to the AVG role
transferring to a standby AVG device. In the event of a Failure of an AVF, another router takes over the
forwarding responsibilities for that AVF, which includes the virtual MAC address for that instance.
For more details about GLBP, see the Cisco CCNP ENCOR course.

26 By Justin O. OLANGI
IX. GLBP CONFIGURATION
The following steps detail how to configure a GLBP:

Step 1. Define the GLBP instance by using the command glbp instance-id ip vip-address.

Step 2. (Optional) Configure GLBP preemption to allow for a more preferred router to take the active virtual
gateway status from an inferior active GLBP router. Preemption is enabled with the command glbp instance-
id preempt.

Step 3. (Optional) Define the GLBP priority by using the command glbp instance-id priority priority. The
priority is a value between 0 and 255.

Step 4. (Optional) Define the GLBP timers by using the command glbp instance-id timers {hello-seconds |
msec hello-milliseconds} {hold-seconds | msec hold-milliseconds}.

Step 5. (Optional) Establish GLBP authentication by using the command glbp instance-id authentication
{text text-password | md5 {key-chain key-chain | key-string key-string}}.

IX.1 Build the Network and Interface Addressing for our GLBP Implementation

We're going to keep the previous configuration on interfaces, IP address, NTP, EtherChannel, but we'll
modify the Default Gateway on the switches and the DHCP server with a new default address.

We are going to delete the previous VRRP configuration.

a. R1
R1(config)# interface g0/2.1
R1(config-if)# no vrrp 1 address-family ipv4
R1(config-if)# exit

R1(config)# interface g0/2.10


R1(config-if)# no vrrp 1 address-family ipv4
R1(config-if)# exit

R1(config)# interface g0/2.20


R1(config-if)# no vrrp 1 address-family ipv4
R1(config-if)# exit

R1(config)# track 1 interface g0/0 line-protocol


R1(config-track)# track 2 ip route 0.0.0.0/0 reachability
R1(config-track)# track 3 ip route 1.1.1.1/32 reachability
R1(config-track)# exit

27 By Justin O. OLANGI
b. R2
R2(config)# interface g0/2.1
R2(config-if)# no vrrp 1 address-family ipv4
R2(config-if)# exit

R2(config)# interface g0/2.10


R2(config-if)# no vrrp 1 address-family ipv4
R2(config-if)# exit

R2(config)# interface g0/2.20


R2(config-if)# no vrrp 1 address-family ipv4
R2(config-if)# exit

R2(config)# track 1 interface g0/0 line-protocol


R2(config-track)# track 2 ip route 0.0.0.0/0 reachability
R2(config-track)# track 3 ip route 1.1.1.1/32 reachability
R2(config-track)# exit

IX.2 Configure GLBP and Verify

IX.2.1 Configure GLBP

a. R1
R1(config)# int g0/2.1
R1(config-if)# glbp 1 priority 200
R1(config-if)# glbp 1 ip 172.16.1.254
R1(config-if)# glbp 1 preempt
R1(config-if)# glbp 1 timers 1 3
R1(config-if)# glbp 1 authentication md5 key-string Encor@123
R1(config-if)# glbp 1 load-balancing weighted
R1(config-if)# glbp 1 weight 200 lower 110 upper 190
R1(config-if)# glbp 1 weight track 1 decrement 100
R1(config-if)# glbp 1 weight track 2 decrement 100
R1(config-if)# glbp 1 weight track 3 decrement 100
R1(config-if)# exit

R1(config)# int g0/2.10


R1(config-if)# glbp 2 priority 200
R1(config-if)# glbp 2 ip 172.16.10.3
R1(config-if)# glbp 2 preempt
R1(config-if)# glbp 2 timers 1 3
R1(config-if)# glbp 2 authentication md5 key-string Encor@123
R1(config-if)# glbp 2 load-balancing weighted
R1(config-if)# glbp 2 weight 200 lower 110 upper 190
R1(config-if)# glbp 2 weight track 1 decrement 100
R1(config-if)# glbp 2 weight track 2 decrement 100
R1(config-if)# glbp 2 weight track 3 decrement 100
R1(config-if)# exit

28 By Justin O. OLANGI
R1(config)# int g0/2.20
R1(config-if)# glbp 3 priority 150
R1(config-if)# glbp 3 ip 172.16.20.3
R1(config-if)# glbp 3 preempt
R1(config-if)# glbp 3 timers 1 3
R1(config-if)# glbp 3 authentication md5 key-string Encor@123
R1(config-if)# glbp 3 load-balancing weighted
R1(config-if)# glbp 3 weight 110 lower 85 upper 105
R1(config-if)# glbp 3 weight track 1 decrement 100
R1(config-if)# glbp 3 weight track 2 decrement 100
R1(config-if)# glbp 3 weight track 3 decrement 100
R1(config-if)# exit

b. R2
R2(config)# int g0/2.1
R2(config-if)# glbp 1 priority 150
R2(config-if)# glbp 1 ip 172.16.1.254
R2(config-if)# glbp 1 preempt
R2(config-if)# glbp 1 timers 1 3
R2(config-if)# glbp 1 authentication md5 key-string Encor@123
R2(config-if)# glbp 1 load-balancing weighted
R2(config-if)# glbp 1 weight 110 lower 85 upper 105
R2(config-if)# glbp 1 weight track 1 decrement 100
R2(config-if)# glbp 1 weight track 2 decrement 100
R2(config-if)# glbp 1 weight track 3 decrement 100
R2(config-if)# exit

R2(config)# int g0/2.10


R2(config-if)# glbp 2 priority 150
R2(config-if)# glbp 2 ip 172.16.10.3
R2(config-if)# glbp 2 preempt
R2(config-if)# glbp 2 timers 1 3
R2(config-if)# glbp 2 authentication md5 key-string Encor@123
R2(config-if)# glbp 2 load-balancing weighted
R2(config-if)# glbp 2 weight 110 lower 85 upper 105
R2(config-if)# glbp 2 weight track 1 decrement 100
R2(config-if)# glbp 2 weight track 2 decrement 100
R2(config-if)# glbp 2 weight track 3 decrement 100
R2(config-if)# exit

R2(config)# int g0/2.20


R2(config-if)# glbp 3 priority 200
R2(config-if)# glbp 3 ip 172.16.20.3
R2(config-if)# glbp 3 preempt
R2(config-if)# glbp 3 timers 1 3
R2(config-if)# glbp 3 authentication md5 key-string Encor@123
R2(config-if)# glbp 3 weight 200 lower 110 upper 190
R2(config-if)# glbp 3 weight 110 lower 85 upper 105
R2(config-if)# glbp 3 weight track 1 decrement 100
R2(config-if)# glbp 3 weight track 2 decrement 100
R2(config-if)# glbp 3 weight track 3 decrement 100
R2(config-if)# exit

29 By Justin O. OLANGI
IX.2.2 Verify GLBP

a. R1

R1(config)#do show glbp br


Interface Grp Fwd Pri State Address Active router Standby router
Gi0/2.1 1 - 200 Active 172.16.1.254 local 172.16.1.2
Gi0/2.1 1 1 - Listen 0007.b400.0101 172.16.1.2 -
Gi0/2.1 1 2 - Active 0007.b400.0102 local -
Gi0/2.10 2 - 200 Active 172.16.10.3 local 172.16.10.2
Gi0/2.10 2 1 - Listen 0007.b400.0201 172.16.10.2 -
Gi0/2.10 2 2 - Active 0007.b400.0202 local -
Gi0/2.20 3 - 150 Standby 172.16.20.3 172.16.20.2 local
Gi0/2.20 3 1 - Listen 0007.b400.0301 172.16.20.2 -
Gi0/2.20 3 2 - Active 0007.b400.0302 local -
R1(config)#

R1 is the AVG Active for VLAN 1 and VLAN 10 priority 200 to respond to initial ARP requests for the VIP.
R1 is AVF Active for all VLAN and routes traffic received from assigned hosts for load balancing.

b. R2

R2(config)#do show glbp br


Interface Grp Fwd Pri State Address Active router Standby router
Gi0/2.1 1 - 150 Standby 172.16.1.254 172.16.1.1 local
Gi0/2.1 1 1 - Active 0007.b400.0101 local -
Gi0/2.1 1 2 - Listen 0007.b400.0102 172.16.1.1 -
Gi0/2.10 2 - 150 Standby 172.16.10.3 172.16.10.1 local
Gi0/2.10 2 1 - Active 0007.b400.0201 local -
Gi0/2.10 2 2 - Listen 0007.b400.0202 172.16.10.1 -
Gi0/2.20 3 - 200 Active 172.16.20.3 local 172.16.20.1
Gi0/2.20 3 1 - Active 0007.b400.0301 local -
Gi0/2.20 3 2 - Listen 0007.b400.0302 172.16.20.1 -
R2(config)#

R2 is the AVG Active for VLAN 20 priority 200 to respond to initial ARP requests for the VIP.
R2 is AVF Active for all VLAN and routes traffic received from assigned hosts for load balancing.

30 By Justin O. OLANGI
31 By Justin O. OLANGI
X. NAT CONFIGURATION
Four important terms are related to NAT:

▪ Inside local: The actual private IP address assigned to a device on the inside network(s).
▪ Inside global: The public IP address that represents one or more inside local IP addresses to the
outside.
▪ Outside local: The IP address of an outside host as it appears to the inside network. The IP address
does not have to be reachable by the outside but is considered private and must be reachable by the
inside network.
▪ Outside global: The public IP address assigned to a host on the outside network. This IP address
must be reachable by the outside network.

Three types of NAT are commonly used today:

▪ Static NAT: Provides a static one-to-one mapping of a local IP address to a global IP address.

▪ Pooled NAT: Provides a dynamic one-to-one mapping of a local IP address to a global IP address.
The global IP address is temporarily assigned to a local IP address. After a certain amount of idle
NAT time, the global IP address is returned to the pool.

▪ Port Address Translation (PAT): Provides a dynamic many-to-one mapping of many local IP
addresses to one global IP address. The NAT device needs a mechanism to identify the specific
private IP address for the return network traffic. The NAT device translates the private IP address
and port to a different global IP address and port. The port is unique from any other ports, which
enables the NAT device to track the global IP address to local IP addresses based on the unique port
mapping.

X.1 PAT Configuration

We're going to keep the previous configuration on interfaces, IP address, NTP, EtherChannel, but we'll
modify the Default Gateway on the switches and the DHCP and GLBP.

X.1 Configure NAT

a. R1
R1(config)# access-list 10 permit 172.16.0.0 0.0.255.255
R1(config)# ip nat inside source list 10 interface g0/0 overload

R1(config)# interface g0/0


R1(config-if)# ip nat outside
R1(config-if)# exit

32 By Justin O. OLANGI
R1(config)# interface g0/2.1
R1(config-if)# ip nat inside
R1(config-if)# exit

R1(config)# interface g0/2.10


R1(config-if)# ip nat inside
R1(config-if)# exit

R1(config)# interface g0/2.20


R1(config-if)# ip nat inside
R1(config-if)# exit

b. R2
R2(config)# access-list 10 permit 172.16.0.0 0.0.255.255
R2(config)# ip nat inside source list 10 interface g0/0 overload

R2(config)# interface g0/0


R2(config-if)# ip nat outside
R2(config-if)# exit

R2(config)# interface g0/2.1


R2(config-if)# ip nat inside
R2(config-if)# exit

R2(config)# interface g0/2.10


R2(config-if)# ip nat inside
R2(config-if)# exit

R2(config)# interface g0/2.20


R2(config-if)# ip nat inside
R2(config-if)# exit

X.2 Verify NAT

a. R1

R1#show ip nat translations


Pro Inside global Inside local Outside local Outside global
udp 192.168.106.183:5400 172.16.20.10:5400 8.8.8.8:53 8.8.8.8:53
icmp 192.168.106.183:60990 172.16.20.10:60990 192.178.54.142:60990 192.178.54.142:60990
icmp 192.168.106.183:61246 172.16.20.10:61246 192.178.54.142:61246 192.178.54.142:61246
icmp 192.168.106.183:61502 172.16.20.10:61502 192.178.54.142:61502 192.178.54.142:61502
icmp 192.168.106.183:61758 172.16.20.10:61758 192.178.54.142:61758 192.178.54.142:61758
icmp 192.168.106.183:62014 172.16.20.10:62014 192.178.54.142:62014 192.178.54.142:62014
R1#

33 By Justin O. OLANGI
b. R2

R2#show ip nat translations


Pro Inside global Inside local Outside local Outside global
icmp 192.168.106.188:63 172.16.10.10:63 8.8.8.8:63 8.8.8.8:63
icmp 192.168.106.188:319 172.16.10.10:319 8.8.8.8:319 8.8.8.8:319
icmp 192.168.106.188:575 172.16.10.10:575 8.8.8.8:575 8.8.8.8:575
icmp 192.168.106.188:831 172.16.10.10:831 8.8.8.8:831 8.8.8.8:831
icmp 192.168.106.188:1087 172.16.10.10:1087 8.8.8.8:1087 8.8.8.8:1087
icmp 192.168.106.188:1343 172.16.10.10:1343 8.8.8.8:1343 8.8.8.8:1343
icmp 192.168.106.188:1599 172.16.10.10:1599 8.8.8.8:1599 8.8.8.8:1599
icmp 192.168.106.188:2111 172.16.10.10:2111 8.8.8.8:2111 8.8.8.8:2111
icmp 192.168.106.188:2367 172.16.10.10:2367 8.8.8.8:2367 8.8.8.8:2367
icmp 192.168.106.188:2623 172.16.10.10:2623 8.8.8.8:2623 8.8.8.8:2623
icmp 192.168.106.188:2879 172.16.10.10:2879 8.8.8.8:2879 8.8.8.8:2879
icmp 192.168.106.188:64062 172.16.10.10:64062 8.8.8.8:64062 8.8.8.8:64062
icmp 192.168.106.188:64318 172.16.10.10:64318 8.8.8.8:64318 8.8.8.8:64318
icmp 192.168.106.188:64830 172.16.10.10:64830 8.8.8.8:64830 8.8.8.8:64830
icmp 192.168.106.188:65086 172.16.10.10:65086 8.8.8.8:65086 8.8.8.8:65086
icmp 192.168.106.188:65342 172.16.10.10:65342 8.8.8.8:65342 8.8.8.8:65342
R2#

34 By Justin O. OLANGI
XI. REVIEW
XI.1 HSRP Review (Cisco)

HSRPv1 HSRPv2
Timers Does not support millisecond Supports millisecond timer
timer values values
Group range 0 to 255 0 to 4095
Multicast address 224.0.0.2 224.0.0.102
MAC address range 0000.0C07.ACxy, where xy is a 0000.0C9F.F000 to
hex value representing the 0000.0C9F.FFFF
HSRP group number
Internet Protocol IPv4 IPv4 and IPv6

XI.2 VRRP Reviews (Standard)

VRRPv2 VRRPv3
Timers Does not support millisecond Supports millisecond timer
timer values values
Group range 0 to 255 0 to 4095
Multicast address 224.0.0.18 224.0.0.18
MAC address range 0000.5e00.01xx 0000.5e00.01xx (IPv4)
0000.5e00.02xx (IPv6)
Internet Protocol IPv4 IPv4 and IPv6

XI.3 GLBP Reviews (Cisco)

GLBPv1 GLBPv2
Group range 0 to 1023 0 to 4095
Multicast address 224.0.0.102 224.0.0.102
MAC address range 0007.b4xx.xxyy 0007.b4xx.xxyy
0007.b6xx.xxyy
Internet Protocol IPv4 IPv4 and IPv6

35 By Justin O. OLANGI

You might also like