Video Lab A Part 1 Lab Setup (20 min)

Hello, I'm Dan Alberghetti with DansCourses.com and I'm going to walk you through Lab A from Chapter 10 of
the CCNA Security Version 1.1 curriculum. This lab introduces the Cisco ASA 5505 standalone firewall
device, I have it right here. And what we're going to do is we're going to do some basic configurations with
this ASA 5505 inside of a network topology. And right here on my desktop you can see I have the lab open for
Lab A, Chapter 10: Configuring ASA Basic Settings and Firewall Using the Command Line Interface.
And in this topology, in this lab, let me bring up this image of it here, you can see that we have three routers,
three 1841 routers, named R2, R1, and R3. R2 is at the top and I have it over here. You can see that I've
labeled it R2 right here. So this top router here, this 1841 router's R2. Then I have R1 right here and then
below it I have R3. So there's my three routers, stacked one, two, and three. Or in this case, two, one, and
three. And then below that I've got three switches.
We need three switches for this lab, S1, S2, and S3. And as you can see the topology here, in between S1
and R1, right here, in between S1 and R1, we have it cabled in between the ASA 5505 Firewall appliance. So
everything that goes on this network will go through this firewall device.
Okay and then also we need three PCs for this lab. So I've got my three routers, I've got my three switches.
I've got the topology open here, and we need three PCs. And I'm using my laptop as PC A, which is
connected to S1 and then I've got two other laptops here, PC B, connected to S2, which is the middle switch,
and then PC C, offscreen here, I have another laptop. And that's connected to switch three or S3 here at the
bottom. And these switches are 2960 series switches, Cisco switches. Here in this lab at the bottom switch I
have the 2950 switch that I'm using. So I've got two 2960 switches and then the bottom one a 2950 switch. So
I've got everything cabled up and the diagram comes with recommended network and interface IP addresses,
which I've set up already. So we'll take a look at that, we'll take a look at the configurations and we'll start this
lab.
So on this PC here, this laptop, I've got a console cable hooked to my COM port, my serial port on my laptop,
and we'll start with R2, which is the topmost router in the diagram, and we'll plug it into the console port.
Okay, that's plugged in. And now on my desktop, you see I've installed here Tera Term Pro right here, and
Tera Term Pro will allow me to set up a console connection and all I have to do is click on serial, COM1, and
click OK and the default configuration should get me right into the router. If I hit enter, you can see there, it
says R2. I've already set the host name to R2 to make it easy. So I'll go to Setup, Font, and I'm going to
change the font to Terminal and change the size to 14 to make it easier to see for the video. All right so there
it is, R2.
Now, we'll take a look here at the running configuration and you could see on the running configuration that
Serial0/0/0, I've already configured the IP address 10.1.1.2 with a /30 subnet mask and then Serial0/0/1, the
IP address is 10.2.2.2 also with a /30 subnet mask. All right, and then this interface does get a clock rate, you
can see I've already got that here. Now let's take a look on the layout here. So you can see here this network
right here in between R2 and R1, 10.1.1.0 network /30 and over here 10.2.2.0/30. And you can see that R2 in
both instances is the .2 host. So 10.1.1.2 and then 10.2.2.2 and so we look in our configuration and you can
see that I've correctly assigned those IP addresses, all right.
Okay, now in the lab though, under steps two and three it wants you to do some, it talks about some
configurations that you need to do. Now I've actually already done these configurations but let's just walk
through them one more time. So if I type conf t and get to global config mode if I wanted to, hostname, it's
already set to R2 but I'll just do it again, there it is. And then, let's see here, this is R2 we're talking about, so
in R2, interface serial 0/0/1, you need to make sure that the DCE interface on the DC side of the cable, serial
001, has the clock rate. So then what you do is say clock rate 64000. All right so that sets the clock rate on
the interface. All right, and if you wanted to put the IP address you would put it in here, IP address, right,
10.2.2.2 and then your subnet mask and then .252 so that's how you would set up your IP address and then a
no shutdown command, right, and that would set up your interface Serial0/0/1 with the correct IP address and
also activate the interface. So I've already done that, though.
What I need to do is I also need to set up the static routes to reach these other networks. So R2 needs a
static route to reach this network over here, the 209.165.200.224 network and it needs a static route going
this way to reach the 172.16.3.0 network. The router knows about its connected interfaces and its connected

© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 3
Video Lab A Part 1 Lab Setup

networks, right, so it knows about the 10.1.1.0 network, it also knows about the 10.2.2.0 network, but it needs
to be configured to learn about these other networks that are out here specifically in this case the 209 and the
172 over here. So let's do that right now.
So I'm going to do a Control-C and a conf t, C-O-N-F space t, hit enter to get to global config mode and setup
my static routes. So IP route 209.165, whoops, .200.224 and this is going to be, this network right here,
209.165.200.224 is /29, which in this case takes a 225.255.255.248 subnet mask. So I put in IP route, the
network I want to get to, the subnet mask for the network, and then I'm going to put which interface to go out
of. So in this case, for this one, it's going to be serial, and I can just use s for short, 0/0/0 and hit enter and
that's good. And then I can do an up arrow and I can do serial0/0/1. In this case I want a /24 bit subnet mask,
255.255.255.0 and the network is going to be 0 here, 3 here, 16 here and a 172 here so 172.16.3.0 and that
looks correct and hit enter.
So now I have my two static routes configured on R2 and you also need to, according to the diagram in the
lab you also need to set passwords on your console and virtual terminal interfaces. So, line console 0,
password cisco, login, this allows a global admin login basically and then line vty 0 space 4, and then
password cisco and then login. And so now we've got our line console zero and our line vty set up. Also, what
we can do is do a Control-C, and then a conf t again, conf t, C-O-N-F like that and then space t, which is short
for configure terminal. Get to global config mode and set up your enable password enable password cisco.
Okay that looks good.
Now those are the basic configurations for R2 and now we need to do the basic configurations for R1 and R3.
So before I finish that, I'm going to do a Control-C and a copy, run, whoops, let me hit enter here so you can
see it. Copy, run start, to save the configuration and just hit enter and take the default, which is startup-config
and we have our configurations set up for R2. Now what we need to do is we need to configure R1 and R3.
So, once again, I have already set up the IP addresses on the interfaces on the router. But all I have to do
now, is take my console cable and switch it over to R1 right below and if I just hit enter now, I should pick up
R1 and I do.
So now I'll type enable and I'm in privileged user mode and now it's time to configure R1. Now R1 is going to
be a little different. R1 over here on the diagram needs a, it can just take a, let's say, default route, or any
network that it doesn't know about, we can say set up a default route, a static route, going out of, going this
way out of serial 0/0/0, so that's what we'll do. So in global configuration mode, conf t, global config mode,
we're going to say, IP route 0.0.0.0 space 0.0.0.0 space serial0/0/0 and that'll set up a default route going out
of our serial zero interface. Also you can see here, R1 has a DCE, that means a clock rate on this serial
interface because the serial cable has the DTE side and a DCE side and it just so happens the DCE side is
on serial0/0/0 on R1. So we're going to need to set up that clock rate.
So I'll say interface serial0/0/0 clock rate 64000, then that's done. If you want to be careful, you could say no
shut, make sure it's not shut down, right. I've already set up the IP address on the interface so that should not
be a problem. So now that we've done that, we've set the clock rate we've given ourselves a default route, we
have to also do a few other things. And this is step four in part one of Lab A. And to do that I'm going to do a
Control-C and then a conf t to get to global config mode and I'm going to set up and I'm going to activate the
HTTP server. So ip http server, all right, that's done. The enable password of cisco and also we need to set
up the line vty 0 space 4 and password cisco, login, and then I'm going to do an up arrow and also do line
console 0 password cisco, up arrow, and login.
So now that that's set up, all we have to do, Control-C, copy, run, start, and hit enter and save our
configuration. Let's do a show run. And when we do a show run, we can see our running configuration and we
can see that the host name is R1, we can see the enable password is cisco. We can also verify our
interfaces. You can see that Serial0/0/0 is 10.1.1.1 and it's got a /30 subnet mask, which is correct, and a
clock rate. And that's what we need here, 10.1.1 host number 1. And on the Ethernet side it is
209.165.200.225 and it's got the 255.255.255/29 so it's 248 at the end and that is the correct address for the
Fa0/0 interface, the fast Ethernet 0/0. So that looks pretty good. And we'll hit enter and you can see we've got
the line console zero and the vty set up. So R1 is all set and we saved the configuration so we're all good
there. All right so I will take this out and put it into the last console port on R3. And hit enter.
And now we're dealing with R3. We'll do the same exact thing. So on R3, take a look at this, R3 does not get
a clock rate on an interface and once again, I've already set up the IP addresses. So all we need to do is set

© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 3
Video Lab A Part 1 Lab Setup

up a default route going out of serial0/0/1, so any unknown routes, or any unknown destination networks will
go out of serial0/0/1. So let's set that up first. So we'll do a conf t, configure terminal to get to global config
mode, IP route. All right, that's done. And now let's do the enable password cisco, to get to privileged user
mode and we also need to do our line vty space 0 space 4 and set the password cisco, login and then line
console 0, password cisco, and login. So that looks good.
Once again, I've already set the hostname to R3 so that you know which one we're dealing with. Now that we
have vty, virtual terminal lines, set up with password and we have our enable password set to cisco we should
be able to telnet into the routers without having to unplug the console cable and switch in between the
routers, so that's pretty nice. Let's give that a shot. Control-C, let's see if we can telnet into one of the other
routers or even ping one of the other routers. So right now I'm in R3, and R3 as you can see is right here. So
if everything's good I should be able to ping 10.2.2.2 and I should be able to ping 10.1.1.1 so let's give that a
try.
Say ping and you can see that's successful. And we'll ping over here, and that's successful, that's good. Also
we have a host, since we're R3, we have a host here, this PC C, which is my laptop offscreen over here on
the far right, at 172.16.3.3. Let's see if we can reach it. And you see we can reach that. So from R3 I was able
to ping this interface, I was able to ping this interface, and I was also able to ping PC C right here at 3.3.
Now, even though this laptop right now, PC A, has the 192.682.2.3 IP address already configured we need to
configure the ASA device before we can ping across the network and reach this device at 192.682.3. The
ASA has not been configured. We've now configured R1, R2 and R3 with static routes and we've configured
our passwords and our enable password on line console zero, vty, we've got our static routes. But now we
need to focus on this ASA and work with the ASA.

© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 3