GRE over IP VPN Tunnel in Packet Tracer

GRE VPN Tunnel Overview

In this Packet Tracer 6.1 activity you configure a Generic Routing Encapsulation (GRE) over IP VPN tunnel. VPN tunnels are now part of the CCNA certification exam. VPN tunnels allow geographically separate private local area networks to be connected to each other across public wide area networks. In this way, a company or organization can have separate office networks virtually connected to each other across the public internet. Private local area networks connected by a tunnel across the internet have complete transparency to each other and are able to take advantage of all local area network resources as if they were locally available. In VPN Tunnels private networks are able to communicate across the public internet because all private network addressing and header information is not visible to public internet routers. The routers on the public internet do not have knowledge of the the private networks communicating across the internet. Unlike IPSec or OpenVPN tunnels, a GRE tunnel does not provide security or encryption by itself and therefore would not be a recommended method of creating a VPN tunnel across the internet if security or privacy is an important concern.

Instructions

In this Packet Tracer 6.1 activity you do not need to configure R2, and the PCs. R1 and R3 have G0/0, G0/1, and default routes already configured

1. Create a GRE VPN tunnel from the R1 LAN 192.168.1.0/24 to the R3 LAN 192.168.3.0/24
2. Configure Tunnel0 192.168.2.0/24
R1-192.168.2.1
R3-192.168.2.2
3. Use static routes on R1 and R3 (next hop address) to route traffic across tunnel0
4. You are successful when you can ping from PC-A to PC-C and vide versa

Download

GREoverIP_tunnel.zip

 Note: This Packet Tracer activity requires Packet Tracer version 6.1 minimum.

Video Walkthrough Tutorial

 

CLI Command Examples

R1(config)# int tunnel 0
R1(config-if)# ip address 192.168.2.1 255.255.255.0
R1(config-if)# tunnel source g0/1
R1(config-if)# tunnel destination 201.150.200.6
R1(config-if)# tunnel mode gre ip
R1(config-if)# exit
R1(config)# ip route 192.168.3.0 255.255.255.0 192.168.2.2

R3(config)# int tunnel 0
R3(config-if)# ip address 192.168.2.2 255.255.255.0
R3(config-if)# tunnel source g0/1
R3(config-if)# tunnel destination 201.150.200.1
R3(config-if)# tunnel mode gre ip
R3(config-if)# exit
R3(config)# ip route 192.168.1.0 255.255.255.0 192.168.2.1

CCNA1 Practice Final – Packet Tracer 6

Lab Overview – CCNA1 Practice Final

This virtual CCNA1 Practice Final lab activity is designed to test if you have skill and knowledge required to pass the Cisco Academy CCNA 6.0 – Introduction to Networking Final Skills Assessment. You will need to have at least Packet Tracer version 6.0.1 to open the activity file. The activity tracks your overall progress and provides feedback on correctly executed tasks. Here is a list of the knowledge and skill areas that it covers:

• Configuring IPv4 addressing and subnetting,
• Configuring IPv6 addressing,
• Basic network device configuration, for both routers and switches,
• Securing network device access, including security and encryption,
• Configuring secure remote access for administration,
• Backing up network device configuration files to a TFTP server

The scoring is based on the total number of items correctly configured (a few gradable items like the crypto-keys may not grade correctly in Packet Tracer). Remember that the Cisco IOS is case sensitive when entering configuration settings like hostnames and banner message of the day. When you are finished, you should be able to communicate across the network (e.g. successfully ping PC0 from PC2). In this PT activity access to the CLI tab has been disabled, so in order to configure the router and switches, you will need to console-in, using the console cable and the PC desktop terminal emulation program.

Screenshot CCNA1 Practice Final Packet Tracer Activity

Download

CCNA1-practice-final.zip

Note: You need Packet Tracer version 6.0.1 to open the CCNA1 Practice Final activity.

CCNA 1 Practice Final – Video Tutorials

These video tutorials walk you through my CCNA1 Packet Tracer final. I explain and demonstrate the process of calculating the IPv4 subnets and configuring the IPv6 addressing. I also walk through all of the Cisco router and Cisco switch configurations.

Packet Tracer 6 Activity – Basic IPv6 Network

Overview

This Packet Tracer 6.0.1 and 6.1 networking activity involves setting up a basic IPv6 network by interconnecting two Cisco 1941 routers, two Cisco Catalyst 2960 switches, and two PCs. All of the devices in the network will need to be configured with IPv6 addressing in order to communicate. The goal is to configure the routers and PCs with the following information:

{loadposition adposition5}• On the routers configure basic security with hostnames, console and vty passwords, banner message of the day, and enable password encryption (see the network diagram in Packet Tracer),
• On the routers configure link-local and global unicast IPv6 addresses with network prefix lengths (see the network diagram),
• On the routers configure static IPv6 default routes (see the network diagram),
• On the PCs configure static IPv6 addresses with network prefix lengths, and a gateway address (see the network diagram),
• Follow the instructions in the network diagram for additional required configurations

The scoring is based on the total number of items correctly configured. Remember that when entering configurations the system is case sensitive. When you are finished, you should be able to communicate across the network (e.g. successfully ping PCB from PCA)

Download

BasicIPv6NetworkConfiguration_6.1.zip

Notes: This version fixes the incorrect grading of the IPv6 link-local address of the R2 G0/1 interface You will need Packet Tracer version 6.1 to open this activity

BasicIPv6NetworkConfiguration.zip

Notes: There is incorrect grading of the IPv6 link-local address on the R2 G0/1 interface. Change it to FE80::1 to receive 100%. You will need Packet Tracer version 6.0.1 to open this activity.

 

Spoiler Alert – Only Read Below if you are stuck

IOS Command List

router>enable
router#configure terminal
router(config)#hostname R1
R1(config)#banner motd “No unauthorized access allowed!”
R1(config)#enable secret class
R1(config)#service password-encryption
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#ipv6 unicast-routing
R1(config)#interface g0/0
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:ACAD:2::1/64
R1(config-if)#description toR2
R1(config-if)#no shut
R1(config)#interface g0/1
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:ACAD:1::1/64
R1(config-if)#description toLAN
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#ipv6 route ::/0 2001:DB8:ACAD:2::2
R1#copy running-config startup-config
R1#show running-config
R1#show ipv6 route
R1#show ipv6 int brief

router(config)#hostname R2
R2(config)#banner motd “No unauthorized access allowed!”
R2(config)#enable secret class
R2(config)#service password-encryption
R2(config)#line console 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#line vty 0 4
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#ipv6 unicast-routing
R2(config)#interface g0/0
R2(config-if)#ipv6 address FE80::2 link-local
R2(config-if)#ipv6 address 2001:DB8:ACAD:2::2/64
R2(config-if)#description toR2
R2(config-if)#no shut
R2(config)#interface g0/1
R2(config-if)#ipv6 address FE80::2 link-local
R2(config-if)#ipv6 address 2001:DB8:ACAD:3::1/64
R2(config-if)#description toLAN
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#ipv6 route ::/0 2001:DB8:ACAD:2::1
R2#copy running-config startup-config
R2#show running-config
R2#show ipv6 route
R2#show ipv6 int brief

Packet Tracer 6 Activity – Basic IPv4 Network

Overview

This virtual networking activity involves setting up a basic IPv4 network by connecting two Cisco 1941 routers to two Cisco Catalyst 2960 switches to two PCs. The goal is to variously configure the PCs, switches, and routers with the following information:

{loadposition adposition5}• Basic network device security, by configuring access port passwords, banner message of the day and encryption on the routers and switches (see the network diagram in Packet Tracer),
• Interface IP address, subnet mask, and gateway addresses (see the network diagram in Packet Tracer),
• A static default route/gateway of last resort for the routers,
• Follow the instructions in the network diagram for additional required configurations

The scoring is based on the total number of items correctly configured. Remember that when entering configurations the system is case sensitive. In the end, you should be able to ping from PCA to PCB

Download

BasicIPv4NetworkConfiguration.zip

Note: You will need Packet Tracer version 6.0.1 to open this activity

 

Spoiler Alert – Only Read Below if you are stuck

IOS Command List

router>enable
router#configure terminal
router(config)#hostname R1
R1(config)#banner motd “No unauthorized access allowed!”
R1(config)#enable secret class
R1(config)#service password-encryption
{loadposition adposition5}R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#interface g0/0
R1(config-if)#ip address 192.168.5.1 255.255.255.0
R1(config-if)#description toR2
R1(config-if)#no shut
R1(config)#interface g0/1
R1(config-if)#ip address 192.168.0.1 255.255.255.0
R1(config-if)#description toLAN
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.5.2
R1#copy running-config startup-config
R1#show running-config
R1#show ip route
R1#show ip int brief

switch>enable
switch#configure terminal
switch(config)#hostname S1
S1(config)#banner motd “No unauthorized access allowed!”
S1(config)#enable secret class
S1(config)#service password-encryption
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 14
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
S1(config)#interface vlan 1
S1(config-if)#ip address 192.168.0.2
S1(config-if)#exit
S1(config)#ip default-gateway 192.168.0.1
S1(config)#exit
S1#copy running-config startup-config
S1#show running-config

Standard ACL Packet Tracer Challenge

Packet Tracer Challenge Overview

Learn the basics of using standard access lists with these Packet Tracer graded activities. In the activities, the networks have been pre-configured. All you need to do is write the access list, and decide where to apply it. Open the Packet Tracer files, follow the written instructions and the instructions on the topology diagrams.

Standard ACL Practice #1

In this Packet Tracer exercise, the goal is to create a simple standard ACL to permit one network and block the other. Follow the written instructions on where to apply the access list.

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download it here: standardACL-practice1.zip

Standard ACL Practice #2

In this exercise the goal is to permit two hosts, one from the yellow network and one from the blue network, to reach the green network. In this exercise you need to figure out where to apply the ACL so that the intended networks are effected. Hint: standard ACL are usually applied closest to the destination network effected.

 

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download the file here: standardACL-practice2.zip

Switch & VLAN Packet Tracer Challenge

Switch & VLAN Packet Tracer Challenge Overview

A Packet Tracer graded activity. It covers basic Cisco CCNA switch configurations, VLANs, native VLAN, trunk ports, port-security, and setting up secure remote administration with SSH. Great practice for the the Cisco CCNA!

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download it here: BasicConfig-VLAN-Trunk-PortSec-SSH-challenge.zip

Activity Instructions

Configure the Network according to the Topology Diagram and Labels.
When you are finished, the PCs on the Student VLAN should be able to ping each other and so should the PCs on the Faculty VLAN. The Admin PC should be able to SSH into S1 and S2 from the command prompt (Eg. PC>ssh -l admin 192.168.99.2)

PCs
1. IP address (see topology),
2. subnet mask (see topology),
3. default gateway address (first usable address in network)

Cisco 2960 Switches: S1 & S2
1. name: S1, S2
2. enable password, md5 encrypted: class
3. domain name: danscourses.com
4. message of the day banner: Unauthorized access is prohibited!
5. console password: cisco
6. vty 0 15 password: cisco
7. Security RSA Key size: 1024
8. SSH version 2
9. vty: ssh only
10. VLAN 10: student
11. VLAN 20: faculty
12. VLAN 99: Mgt
13. Interface VLAN 99: S1-IP address 192.168.99.2, S2-IP address 192.168.99.3
14. Native VLAN 99
15. fa0/1 Trunk
16. fa0/2-0/13 access VLAN 10
17. fa0/14-0/24 access VLAN 20
18. Gi1/1 access VLAN 99
19. Encrypt all passwords
20. Save running-config to startup-config

Cisco 2960 Switch: S1 Only
1. Gi1/1 Switchport Port-Security, sticky, maximum 1 mac address, violation shutdown

EIGRP Packet Tracer Lab Part 3

 

 

EIGRP Practice Network Graded Packet Tracer Lab

Instructions

In order to finish the EIGRP Packet Tracer lab with a 100% completion rate, follow the directions below. The directions are divided up by network device. You can download the Packet Tracer Lab at the bottom of this page:

PC0 – PC3:

1. all pc hosts need to have the tenth (.10) ip address in their networks,
2. all pc hosts need to have the correct subnet mask and gateway

R0

1. hostname set to: R0
2. enable secret password set to: class
3. banner motd set to: No unauthorized access!
4. line console 0 configured with password set to: cisco
5. line vty 0-4 configured with password set to: cisco
6. interfaces fa0/0, fa0/1, eth0/1/0 and s0/0/0 should all have the first usable host address in the network
7. s0/0/0 should have bandwidth set to 384 kbps,
8. should run EIGRP with process ID# 100,
9. should add all EIGRP networks with wildcard masks,
10. should use a manual EIGRP summary address on S0/0/0, for its 192.168.x.x networks,
11. should use EIGRP passive interfaces where appropriate,
12. should use EIGRP no auto-summary to avoid the presence of “null 0” routes in the routing table

R1

1. hostname set to: R1
2. enable secret password set to: class
3. banner motd set to: Get Out!
4. line console 0 configured with password set to: cisco
5. line vty 0-4 configured with password set to: cisco
6. interface s0/0/0 should have the second usable host address in the network, and as the DCE, the clock rate should be set to 64000
7. interfaces s0/0/1 and fa0/0 should both have the first usable host address in the network
8. s0/0/0 should have bandwidth set to 384 kbps,
9. should run EIGRP with process ID# 100,
10. should add all EIGRP networks with wildcard masks,
11. should not advertise the 209.12.12.32/30 network with EIGRP,
12. should have a default route to the ISP router,
13. should use EIGRP to distribute the default route to R0,
14. should use EIGRP passive interfaces where appropriate,
15. should use EIGRP no auto-summary to avoid the presence of “null 0” routes in the routing table

ISP

1. hostname set to: ISP
2. interface s0/0/1 should have the second usable host address in the network, and as the DCE, the clock rate should be set to 64000
3. does not participate in EIGRP
4. uses static routes:
a summary route to reach the 192.168.x.x networks,
a static route to the 172.16.5.0/30 network

Router CLI Commands:

router>enable
router#
router#configure terminal
router(config)#

router(config)#hostname <router name>
router(config)#enable secret <secret-password>
router(config)#banner motd <$banner message$>

router(config)#line console 0
router(config-line)#password <password>
router(config-line)#login
router(config-line)#exit
router(config)#line vty 0 4
router(config-line)#password <password>
router(config-line)#login
router(config-line)#exit

router(config)#interface <interface type> <interface number>
router(config-if)#ip address <ip address> <subnet mask>
router(config-if)#no shutdown
//some of the interfaces will also need:
router(config-if)#clock rate <rate>
router(config-if)#bandwidth <speed>
router(config-if)#ip summary-address eigrp <process ID#> <ip address> <subnet mask>

router(config)#router eigrp <process ID#>
router(config-router)#network <network address> <wildcard mask>
router(config-router)#network <network address> <wildcard mask>
router(config-router)#network <network address> <wildcard mask>
router(config-router)#no auto-summary
router(config-router)#passive-interface <interface>
router(config-router)#redistribute static

Packet Tracer 5.3.3 Graded Exercise

EIGRP practice network.zip

Application Layer PT Server Activity

Application Layer – Server Activity Overview

It is important to know the basic functions of the various networking programs that operate at the Application Layer. The average person uses these Application Layer programs on a daily basis without ever wondering about how they fit into the layered networking models of the OSI and TCP/IP models. These Application Layer services continue to be important as we learn about how they correspond to source and destination port numbers within the Transport Layer header. 

Cisco Packet Tracer Activity

Set up the following services on the servers in Packet Tracer: DHCP, DNS, HTTP (Web), FTP, and Mail. If you configure everything correctly you should be able to: receive ip addressing to the DHCP clients from the DHCP server, resolve domain name requests from the DNS server, successfully receive requested web pages from the web server, upload and download files after logging into the FTP server, and send and receive email to and from the mail server. Here is a rough outline of the steps involved:

  1. Physically connect all of the devices with appropriate cables,
  2. Configure IP addressing on all of the networking devices (follow the device labels),
  3. Configure the server services on the devices as listed (dhcp, dns, mail, web, ftp),
  4. Verify that all of the configured services work by testing from the client computers,
  5. Note: In this Cisco PT activity the services and testing do not extend beyond the LAN i.e. router.

Download the start file here: PT_working_w_servers_begin.zip ,
the finished version is here: PT_working_w_servers_end.zip
Packet Tracer version 5.3.3

 

Video Tutorials

Cable the network, configure IP addressing, and DHCP services

Configure and test HTTP and DNS services

Configure and test the FTP service

Configure and test Mail services