GRE over IP VPN Tunnel in Packet Tracer

GRE VPN Tunnel Overview

In this Packet Tracer 6.1 activity you configure a Generic Routing Encapsulation (GRE) over IP VPN tunnel. VPN tunnels are now part of the CCNA certification exam. VPN tunnels allow geographically separate private local area networks to be connected to each other across public wide area networks. In this way, a company or organization can have separate office networks virtually connected to each other across the public internet. Private local area networks connected by a tunnel across the internet have complete transparency to each other and are able to take advantage of all local area network resources as if they were locally available. In VPN Tunnels private networks are able to communicate across the public internet because all private network addressing and header information is not visible to public internet routers. The routers on the public internet do not have knowledge of the the private networks communicating across the internet. Unlike IPSec or OpenVPN tunnels, a GRE tunnel does not provide security or encryption by itself and therefore would not be a recommended method of creating a VPN tunnel across the internet if security or privacy is an important concern.

Instructions

In this Packet Tracer 6.1 activity you do not need to configure R2, and the PCs. R1 and R3 have G0/0, G0/1, and default routes already configured

1. Create a GRE VPN tunnel from the R1 LAN 192.168.1.0/24 to the R3 LAN 192.168.3.0/24
2. Configure Tunnel0 192.168.2.0/24
R1-192.168.2.1
R3-192.168.2.2
3. Use static routes on R1 and R3 (next hop address) to route traffic across tunnel0
4. You are successful when you can ping from PC-A to PC-C and vide versa

Download

GREoverIP_tunnel.zip

 Note: This Packet Tracer activity requires Packet Tracer version 6.1 minimum.

Video Walkthrough Tutorial

 

CLI Command Examples

R1(config)# int tunnel 0
R1(config-if)# ip address 192.168.2.1 255.255.255.0
R1(config-if)# tunnel source g0/1
R1(config-if)# tunnel destination 201.150.200.6
R1(config-if)# tunnel mode gre ip
R1(config-if)# exit
R1(config)# ip route 192.168.3.0 255.255.255.0 192.168.2.2

R3(config)# int tunnel 0
R3(config-if)# ip address 192.168.2.2 255.255.255.0
R3(config-if)# tunnel source g0/1
R3(config-if)# tunnel destination 201.150.200.1
R3(config-if)# tunnel mode gre ip
R3(config-if)# exit
R3(config)# ip route 192.168.1.0 255.255.255.0 192.168.2.1

EtherChannel

EtherChannel Overview

EtherChannel is a Cisco technology that enables the aggregation or bundling of switchports into one logical link. Bundling multiple switchport ethernet links into one logical channel increases bandwidth as well creating redundancy and fault tolerance. For example, a bundle of four switchports into one EtherChannel would provide four times the bandwidth coming to and from the switch. EtherChannel bundles or port groups can be run from switch-to-switch or switch-to-server if the server’s network interfaces cards (NICs) support EtherChannel. You can bundle up to eight switchports in one Etherchannel port group with no more than six EtherChannel port groups per switch.

Instructions

In this Packet Tracer 6.2 activity you configure different forms of EtherChannel on switches S1, S2 and S3. The PCs have already been configured with IP addresses, subnet masks and default gateways.

1. Create VLANs 10 and 20 on all three switches
2. On both S1 and S2 configure switchport 0/1 as an access port and add it to VLAN10. Configure switchport 0/10 as an access port and add it to VLAN20.
3. Configure the open standard for EtherChannel, Link Aggregation Control Protocol (LACP 802.3ad) as channel-group 1 on both S1 and S2 Gigabit Ethernet switchports 0/1 and 0/2.
4. Configure Cisco’s Port Aggregation Protocol (PAgP) for EtherChannel as channel-group 2 between S2 and S3 Fast Ethernet switchports 0/21-24.
5. Configure Cisco’s EtherChannel manually with no PAgP as channel-group 3 between S3 and S1 Fast Ethernet switchports 0/17-20.
6. Configure all three resulting virtual or logical interfaces (port-channel interfaces) as trunks and allowing only VLANs 10 and 20.
7. Verify the EtherChannels with show etherchannel commands and by pinging from PC0 to PC2 and PC1 to PC3.

 

Download

 etherchannel-begin.zip

Note: This Packet Tracer activity requires Packet Tracer version 6.2 minimum.

Video Walkthrough Tutorial

 

 

CLI Command Examples

S1(config)# vlan 10
S1(config-vlan)# vlan 20

S1(config-vlan)# exit
S1(config)# int f0/1
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# int f0/10
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
<repeat commands above on S2>

S1(config)# int range g0/1-2
S1(config-if)# channel-group 1 mode active
S1(config-if)# exit
S1(config)# int port-channel 1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20

S2(config)# int range g0/1-2
S2(config-if)# channel-group 1 mode passive
S2(config-if)# exit
S2(config)# int port-channel 1
S2(config-if)# switchport mode trunk
S2(config-if)# switchport trunk allowed vlan 10,20

S3(config)# vlan 10
S3(config-vlan)# vlan 20

S3(config)# int range f0/21-24
S3(config-if)# channel-group 2 mode desirable
S3(config-if)# exit
S3(config)# int port-channel 2
S3(config-if)# switchport mode trunk
S3(config-if)# switchport trunk allowed vlan 10,20

S2(config)# int range f0/21-24
S2(config-if)# channel-group 2 mode auto
S2(config-if)# exit
S2(config)# int port-channel 2
S2(config-if)# switchport mode trunk
S2(config-if)# switchport trunk allowed vlan 10,20

S3(config)# int range f0/17-20
S3(config-if)# channel-group 3 mode on
S3(config-if)# exit
S3(config)# int port-channel 3
S3(config-if)# switchport mode trunk
S3(config-if)# switchport trunk allowed vlan 10,20

S1(config)# int range f0/17-20
S1(config-if)# channel-group 3 mode on
S1(config-if)# exit
S1(config)# int port-channel 3
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20

Beginning Network Addressing PT Activity

Overview

This is a beginning Packet Tracer 6.1 activity designed to get you familiar with working with Packet Tracer. Your goal in this Packet Tracer activity is to configure the following:

1.  Both PCs with IP addresses, subnet masks, and default gateways.
2.  Configure each switch with: a hostname, an IP address and subnet mask on the VLAN 1 interface, and bring up the VLAN 1 interface.
3.  Configure the router with: a hostname, and IP address and subnet mask on each gigabit ethernet interface, and bring up the interfaces.

Download

CCNA1-exercise1-activity.zip

Command Examples

switch> enable
switch# configure terminal
switch(config)# hostname S1
S1(config)# interface vlan 1
S1(config-if)# ip address 192.168.1.2 255.255.255.0
S1(config-if)# no shutdown

router> enable
router# configure terminal
router(config)# hostname R1
R1(config)# interface g0/1
R1(config-if)# ip address 192.168.1.1 255.255.255.0
R1(config-if)# no shutdown

Networking Basics

Overview

At the beginning of a course of study towards the Cisco CCNA, it is a good idea to have an understanding of basic networking terms and concepts. Here is a list of introductory concepts that you should be familiar with:

LAN – a local area network or LAN is a network that has the following characteristics. It usually exists within a home, building or group of buildings. It is usually administered and managed by a single entity, business, or organization. In addition, a LAN typically consists of some form of an Ethernet network, whether it is Fast Ethernet (100Mb), Gigabit Ethernet (1000Mb), and whether it is implemented in twisted pair copper cables, multimode fiber optic cables, or some form of wireless technology.

WAN – wide area networks are the networks that interconnect all of the local area networks. WANs are typically managed and controlled by internet service providers (ISPs). Instead of using Ethernet, WANs typically implement different technologies like DSL, Cable, T1 and T3 serial lines, PPP, Frame Relay, ATM, etc..

WANs/LANs – To simplify the differences between these two types of networks we can use the example of a wireless router. On the wireless router the LAN ports and the wireless antennas connect to the computers on your local network or LAN, and the WAN port connects to the modem which communicates with your internet service provider on the WAN.

Internet, Intranet, Extranet – What is the difference between the internet, an intranet, and an extranet?

Internet – inter means between, and net is short for networks, so internet literally means between networks. So what is the internet? The network of networks. The network formed by connecting all of the networks together.

Intranet – intra means within and net means network, so intranet means within the network. For instance, when I taught high school I wanted to have my own web server. The school district agreed to let me have my own web server for my students, but it had to be on the intranet only. This meant that the students could reach the webpages but from within the school only. The webserver was not on the internet.

Extranet – extra means in addition to, and net means network, so extranet literally means in addition to the network. An extranet is an area of the network that users who are outside of the network can remotely connect into. This can be done with VPN services, allowing users with permission to VPN into an area of the network.

Recovering from a Lost Windows Password with Hiren’s BootCD

Overview

This classroom lab started as a way to teach students about the BIOS and its usefulness. For example, what if you forgot your Windows 7 or Windows 8 password and you could not login to your computer? Is there a way to bypass user authentication and access your system? Yes, there is. In this lab exercise, you will bypass a login failure, caused by a forgotten Windows password, by using Hiren’s BootCD. To accomplish this, you will need to be able to access your computer’s BIOS and set the boot order. What about the opposite situation? What if you wanted to protect your system from someone booting to the CDROM, or a USB thumb drive and bypassing your password with special software? Is there a way to protect your system from someone trying to bypass your password by accessing the optical drive or USB port? Yes there is, and in that particular situation setting the BIOS boot order and password protecting the BIOS is very useful.

Here are the different topics that this lab covers:

BIOS – a program or firmware stored on a ROM chip that runs the power on self test, locates and runs the boot loader, and is an interface to the computer hardware.

CMOS – integrated circuit used to store configuration settings in BIOS. One of those settings is the Boot Order. When the computer is powered off CMOS configuration settings are retained because of a small battery plugged into the motherboard.

boot order – a setting configured in BIOS that determines the priority device order from which to boot the system. Devices will be checked in order, for the presence of boot code and boot files from which to boot the system. For example, if the CDROM drive is listed first in the boot order, the system will check the CDROM drive for the presence of a bootable disk, if one is found like a Windows installation CD/DVD then the system will boot to the install disk, but if none is found, the system will check the next device in the boot order. If the hard disk drive is listed first in the boot order, and has an operating system installed, then the system will boot from the hard disk drive and the CDROM will always be bypassed when the system boots.  Bootable CD/DVDs – to create a bootable CD or DVD you will need a burning program like ImgBurn, capable of burning a bootable disc from a .iso bootable image file. Note, AVG antivirus will by default flag and block ImgBurn as having a virus. After doing some research on ImgBurn I decided that this is not warranted and I have personally clicked to allow it. You can always find an alternative program with which to burn bootable CDs from .ISO image files.

Bootable USB thumb drive
– to create a bootable USB thumb drive you will use a program like Universal USB Installer, designed to format thumb drives, install boot code and boot files, and you will also need a .iso bootable image file to copy to the thumb drive.

Hiren’s BootCD – a custom built operating system and live CD that can be run from memory through a CD or removable device like a USB thumb drive. Hiren’s BootCD contains programs that can be used to recover from a lost password, lost files and data, registry tools, antivirus tools and more.

Kaspersky Rescue Disk 10 – custom built operating system and live CD that can be run from memory through a CD or removable device like a USB thumb drive. Kaspersky Rescue Disk 10 is an antivirus, rootkit and malware scanning tool designed to disinfect computer systems.

VMware Player – desktop virtualization software used to create virtual computers (virtual machines) that run an entire operating system within a window on your desktop. Virtual machines running alongside the host computer system are visible on the network just like any other computer on the network.

Recovering from a Lost Windows Password – Lab Steps

In this lab you, you start with a hypothetical situation that you have forgotten your Windows password and you need to clear the Windows password to access your computer. To do this you will need to use the BIOS, the boot order, and Hiren’s BootCD burned to a bootable CD or installed on a bootable thumb drive.

Step 1 – If you are testing this lab on your main computer system, I recommend that you start by creating an additional user account with password that you will pretend to lose. You will use this test account as the account that you are attempting to clear the password on. Go to Start > Control Panel > User Accounts and create a new user with administrative privileges and password.

Step 2 – Next, go to hirensbootcd.org, click the Download link, scroll down the page and download the compressed file Hirens.BootCD.15.2.zip. The file extracts into a folder and within that folder you will find the bootable .iso image file: Hiren’s.BootCD.15.2.iso. To boot your computer to this file you will need to burn the Hiren’s.BootCD.15.2.iso file to a bootable image disc (CD) with a program like ImgBurn, or you can create a bootable USB thumb drive with a program like Universal USB Installer, which is optimized to create bootable thumb drives for Hiren’s Boot CD.

Virtualization Option: Another choice is to do this entire lab on a Windows 7 virtual machine running on your desktop. To do that you will need a Windows 7 or 8 virtual machine running in either VMware Player or VirtualBox. For that option you only need the .iso image file, no bootable CD or thumb drive is necessary. Go to edit virtual machine settings, select the CD/DVD (IDE), and under connection select use ISO image file and browse for the Hiren’s.BootCD.15.2.iso file. Make sure Connect at power on is selected. You will also need to boot to the virtual machines BIOS and set the boot order as well (see below).

Burning a Bootable CD with ImgBurn

Run the program ImgBurn and select “Write image file to disc”

Then click the browse file location button to find the Hiren’s.BootCD.15.2.iso file ,
Place your CD in the CD Drive and press Write

Creating a Bootable USB thumb drive with Universal USB Installer

Select Hiren’s Boot CD from the pull down menu

Browse for the Hiren’s.BootCD.15.2.iso file,

Put in a blank USB thumb drive and select the corresponding drive letter,
Checkmark format the drive as Fat32, and click Create

 

Step 3 – Start your computer and go into Setup Mode (BIOS) – To do this, as you start your computer, look to the corners of your monitor screen for information on how to enter Setup Mode. It usually involves pressing a key like the F2 or Delete key. The instructions will only flash momentarily so you need to be ready to press the key quickly.

Computer monitor screen with instructions on entering setup mode at the bottom

BIOS Setup screen

 

Step 4 – Using your keyboard arrow keys find the Boot Menu where you can change the boot order. To boot to a CD or thumb drive you will need to have the CD-ROM drive and Removable Devices placed above the Hard Disk Drive in the order. This is usually done with the + and – keys on your keyboard.

 

Step 5 – Place your newly created Hiren’s BootCD in the CD/DVD drive or your Hirens thumb drive in a USB port and restart your computer. If the BIOS was configured to boot to the CD/DVD drive and Removable Devices prior to the Hard Disk Drive then your computer should boot to the Hiren’s BootCD and you should see a welcome screen.

 

Step 6 – Now that you are running the Hiren’s BootCD environment from memory, use your keyboard arrow down to Offline NT/2000/XP/Vista/7 Password Changer and press enter.

Step 7 – Press Enter and then Enter again at the boot: prompt on the next screen:

Step 8 – On the following screen you need to select the partition where Windows is located. In my screenshot you can see that 1) is the small 100Mb boot partition and 2) is the larger Windows partition. So, in my case I typed in the number 2 and then pressed enter. Your situation may be different if you have multiple partitions or hard disk drives

Step 9 – The following screen shows that the Windows installation was found and that the path to the registry directory at Windows/System32/config was also found. The prompt displas the path as the default choice between brackets. Press enter to accept.

Step 10 – Choose the default choice [1] – Password reset [sam system security] and press enter.

Step 11 – Again choose the default choice [1] – Edit user data and passwords and press enter

Step 12 – This screen shows that four users were discovered: Administrator, Guest, student, and testuser. The account that I am trying to clear the password on is the student account. Notice at the bottom of the screen that I have typed in student and now I just need to press enter.

Step 13 – At this screen you are given a choice to clear the user password, edit the user password, promote the user to administrative privileges, or quit. I recommend clearing the password and then resetting it later through the control panel once you are logged in.  Enter 1 – Clear (blank) user password and press enter.

Step 14 – You can see from this screen that account bits have been set to: password does not expire, normal account, and password not required. You can also see the response to the last entry: Password cleared! Enter an ! to quit and press enter.

Step 15 – Enter q to quit and press enter.

Step 16 – This screen shows that we have reached the final step: Writing back changes. Enter y for yes and press enter.

Step 17 – This screen shows Edit Complete. and prompts you if you want to run it again. Accept the default [n] for no and press enter.

Step 18 – This screen shows that you have reached the end of the scripts. Remove the boot CD or boot USB thumbdrive and press Ctrl+Alt+Delete to reboot your computer. After rebooting you will be able to test the user account to see if the password has been removed.

Step 19 – You can see from the image below that I have more than one user account. At the beginning of the lab, I recommended creating an extra user account to use to test clearing the password on. In this case, I cleared the student account password. If the password was successfully cleared then I should go directly to the desktop after clicking the student login icon.

Step 20 – Success! The system goes directly to the desktop without a user password prompt.

Video Tutorial

Build a Server Video Quiz

Overview – Build a Server Video Quiz and Answers

The video below was created with a GoPro using time-lapse video recording. It represents a first attempt at creating an online video quiz. In the video, I build a homemade server from parts. Watch the video and press pause at the prompts to answer the questions. You will have 3 seconds to press pause. Write down your answers and compare them to the answers posted below. The answers have been obfuscated, with encoding, so you want to see the answers you will need to decode them. The server in the video will serve as a department virtualization server.

Below are the answers to the computer video quiz. However the answers are encoded within the string of text. You will need to decode the string to get the answers? To do that, I recommend searching online for a website with a built in encoder and decoder web application. To correctly decode the answers, you will need to know how the answers were encoded in the first place, were they encoded in Binary, Hex, Octal, or Base64? Here is an additional tip; when copying and pasting the text make sure there are no hidden line returns.

Quiz Answers (encoded)

312E20536F636B6574732C435055730D0A322E204D656D6F727920536C6F74732C52414D20444
94D4D530D0A332E205772656E6368696E6720746865206D6F74686572626F617264207374616E6
46F6666730D0A342E205363726577696E6720696E20746865206D6F74686572626F6172640D0A3
52E20506F77657220537570706C790D0A362E2048617264204469736B2044726976652C20447269
7665204261790D0A372E20380D0A382E204350550D0A392E20726567697374726174696F6E2070
6F696E7420666F7220636F727265637420616C69676E6E6D656E7420696E2074686520736F636B6
5740D0A31302E20616E74692D7374617469632077726973742073747261700D0A31312E20636F6F
6C696E6720756E69740D0A31322E206170706C79696E6720746865726D616C2070617374650D0A
31332E206E6F0D0A31342E207965732C2045434320616E6420726567697374657265640D0A31352
E20503120706F77657220636F6E6E6563746F720D0A31362E206D6F64756C61720D0A31372E204
350552C20320D0A31382E20534154412C20686172642064726976650D0A31392E204D6F6C65780D
0A32302E20534154412064617461206361626C650D0A32312E20706F77657220627574746F6E2C2
0726573657420627574746F6E2C206864642D6C65640D0A32322E2066726F6E7420736964652055
534220706F7274730D0A32332E204E6F20706F77657220636F72640D0A32342E20706F7765722062
7574746F6E20636F6E6E6563746F72

Routing and Switching Essentials Practice Final – Packet Tracer 6

Lab Overview – Routing and Switching Essentials Practice Final

I designed this Packet Tracer 6 lab activity as a final review for the CCNA2: Routing and Switching Essentials. This lab covers many of the skill and knowledge areas necessary for the Cisco Academy CCNA5.0, Routing and Switching Essentials Final, Hands-on Lab Final and Packet Tracer Final. This Packet Tracer activity also includes IPv6  configurations that are covered in the new curriculum. You will need Packet Tracer 6.0.1 to open the activity file. The activity tracks your overall progress and provides feedback on correctly executed tasks. Here is a list of the knowledge and skill areas that it covers:

• IPv4 addressing and IPv6 addressing,
• VLANs, Trunks and InterVLAN routing,
• OSPFv2 and OSPFv3 for IPv6
• DHCPv4 as well as SLAAC and Stateless DHCPv6
• NAT for IPv4,
• ACLs and IPv6 ACLs,

The scoring is based on the total number of items correctly configured. Remember that when entering configurations the system is case sensitive. When you are finished, you should be able to communicate across the network. In this PT activity access to the CLI tab has not been disabled. Have fun!

 

Download

CCNA2_RoutingNSwitching-practice-final.zip

Note: You will need Packet Tracer version 6.0.1 to open this activity

Video Tutorials

CCNA1 Practice Final – Packet Tracer 6

Lab Overview – CCNA1 Practice Final

This virtual CCNA1 Practice Final lab activity is designed to test if you have skill and knowledge required to pass the Cisco Academy CCNA 6.0 – Introduction to Networking Final Skills Assessment. You will need to have at least Packet Tracer version 6.0.1 to open the activity file. The activity tracks your overall progress and provides feedback on correctly executed tasks. Here is a list of the knowledge and skill areas that it covers:

• Configuring IPv4 addressing and subnetting,
• Configuring IPv6 addressing,
• Basic network device configuration, for both routers and switches,
• Securing network device access, including security and encryption,
• Configuring secure remote access for administration,
• Backing up network device configuration files to a TFTP server

The scoring is based on the total number of items correctly configured (a few gradable items like the crypto-keys may not grade correctly in Packet Tracer). Remember that the Cisco IOS is case sensitive when entering configuration settings like hostnames and banner message of the day. When you are finished, you should be able to communicate across the network (e.g. successfully ping PC0 from PC2). In this PT activity access to the CLI tab has been disabled, so in order to configure the router and switches, you will need to console-in, using the console cable and the PC desktop terminal emulation program.

Screenshot CCNA1 Practice Final Packet Tracer Activity

Download

CCNA1-practice-final.zip

Note: You need Packet Tracer version 6.0.1 to open the CCNA1 Practice Final activity.

CCNA 1 Practice Final – Video Tutorials

These video tutorials walk you through my CCNA1 Packet Tracer final. I explain and demonstrate the process of calculating the IPv4 subnets and configuring the IPv6 addressing. I also walk through all of the Cisco router and Cisco switch configurations.