Section 43 Tasks
- Take the exam below
- Complete the challenge lab
- Review switchport security (it can appear in the ICND2 exam)
- Read the ICND2 cram guide (and the ICND1 cram guide, if taking the CCNA exam)
- Spend 15 minutes on the subnetting.org website
Section 43 Exam
- How do you turn off CDP on a router interface?
- Write down the configuration to enable IPv6 on your router.
- Write down all the administrative distances you remember.
- What are the two available PPP authentication types? How do you configure them?
- What are the OSI Data Link sublayers of PPP?
Section 43 Answers
1. Issue the no cdp enable command.
2. Enabling IPv6 on the router:
R1(config)#ipv6 unicast-routing R1(config)#ipv6 router eigrp 1 R1(config-rtr)#eigrp router-id 1.1.1.1 R1(config-rtr)#no shutdown R1(config-rtr)#exit R1(config)#interface GigabitEthernet0/0 R1(config-if)#ipv6 address 3fff:1234:abcd:1::1/64 R1(config-if)#ipv6 enable R1(config-if)#ipv6 eigrp 1 R1(config-if)#exit
3. Administrative distances:
4. Check the PPP labs.
5. NCP, LCP, and HDLC.
Section 43 Lab – PPP and NAT
Topology
Instructions
Connect two routers together with a serial or crossover cable:
- Add IP addresses to the routers and a Loopback interface on Router A, according to the diagram (NAT shouldn’t be in the ICND2 exam but it’s been known to appear again!)
- Turn on debug ppp negotiation and debug ppp authentication
- Configure PPP authentication CHAP for the WAN connection
- Designate NAT inside and outside interfaces
- Add a static route on Router B to send all traffic back to Router A
- Ping between Router A and Router B to test the serial line (remember clock rates)
- Turn off all debugging with the undebug all command
- Create a NAT pool of 172.16.1 to 10, inclusive
- Create two ACL lines to permit the Loopback networks (/24) for NAT
- Turn on NAT debugging
- Source two extended pings, one each from L0 and L1 from A to B
- Check the NAT translation table
Solution Hints and Commands
- CHAP authentication: define a username and password for the remote devices; add the ppp authentication chap command on the interface
- Issue the ip nat inside and ip nat outside commands on the interfaces to enable NAT
- Issue the ip route command to configure a static route
- Issue the ip nat pool <name> <start_ip> <end_ip> netmask <mask> command
- Issue the ip nat inside source list x pool <name> overload command
- Issue the debug ip nat command