Protocol improvements :

  • HSRP configurationis now supported on Cisco ISR 2911 sub-interfaces (example : int gi0/0.10)
  • debug ip packet command is now supported in Packet Tracer 7.2
  • debug ip eigrp command is now supported in Packet Tracer 7.2
  • DHCPv6 client is now supported on ISR1941 router interfaces
  • Cisco Packet Tracer routers and switches can now act as ntp servers using the ntp master <1-15> IOS command. The show ntp association and show ntp status commands allow NTP peering verification. NTP routers can now be chained for time sync (router acting as both NTP client and NTP master)

The following improvements are expected in a future Packet Tracer release (ie : not included in Packet Tracer 7.2) :

  • VTP v3 support is expected on Catalyst 3650 (VTP Version capable : 1 to 3 but no option to move to vtp v3 using vtp version)
  • Private vlans and vlan-acl support is expected on IOS 15 in a future Packet Tracer release
  • ip rip authentication command is expected in a future Packet Tracer release


New devices in Cisco Packet Tracer 7.2

Cisco ASA 5506-X firewall

Cisco ASA 5506 is an upgrade from legacy Cisco ASA5505 which have been end of sale since August 2017. It incorporates the Cisco FirePOWER IPS technology, provides next-generation Intrusion Prevention (NGIPS), Application Visibility and Control (AVC), Advanced Malware Protection (AMP) and URL Filtering.

Cisco ASA 5506-X With Firepower Network Security can be bought on Amazon at about 400$ for Cisco CCNP Security exam preparation as CCNP security now includes Firepower NGIPS and Cisco AMP topics. It can also be used as strong, cost effective, firewall dorhome, small business, or branch office.

ASA 5506 is available in three models, but only ASA 5506X is emulated in Cisco Packet Tracer 7.2 :

  • Desktop model 5506-X (emulated in Cisco Packet Tracer 7.2),
  • Integrated wireless access point model 5506W-X
  • Ruggedized model 5506H-X for industrial control systems and critical infrastructure environment.

ASA 5506-X in Cisco Packet Tracer 7.2

ASA 5506-X is emulated with software version 9.6(1) and Security Plus license. Cisco FirePOWER features are not emulated in Cisco Packet Tracer.

The following features are licenced for this ASA 5506 platform in Cisco Packet Tracer 7.2 :

Running Permanent Activation Key: 0xEEA307B2 0x6A05C832 0x36EEC339 0x9E62CC58 0x4946D561

Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
Maximum VLANs                     : 30             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Standby perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 4              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 50             perpetual
Total VPN Peers                   : 50             perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total UC Proxy Sessions           : 160            perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASA 5506 Security Plus license.

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)

Cisco Adaptive Security Appliance Software Version 9.6(1)


Meraki security appliance

A simplified version of the Cisco Meraki Security Appliance, model MX65W, has been added in Cisco Packet Tracer 7.2.

Meraki Security Appliance is a cloud managed Unified Threat Management (UTM) devices with Software Defined Wide Area Networking (SD-WAN) and wireless capabilities included.

Basic networking configuration can be achived via an HTTP session from a PC directly connected to the security appliance through the URL (login is the serial number of the appliance displayed on the config tab, no password). However, wireless and security functions have to be configured through the Meraki Server via the URL after having linked the Security Appliance to the Meraki Server.

Supported features of the MX65W Meraki appliance are :

  • Addressing & VLANs
  • DHCP server
  • Wireless Access Point. Supported security modes are Open, WEP, WPA2 PSK, and WPA2 Enterprise.
  • Firewall (outbound rules only)
  • PPPoE internet connection

Packet Tracer 7.2 - Meraki MX65W security appliance

Packet Tracer 7.2 - Meraki Security Appliance PPPoE internet access

Home Router

Home Router has been added in Cisco Packet Tracer 7.2 to emulate Linksys WRT120N Wireless-N Home Router. This home router features advanced wireless capabilities:

  • Wireless 2.4G and 5G mode
  • Wireless Media Bridge
  • Wireless Beamforming
  • Per Wireless interface Mac address filtering
  • WEP, WPA-PSK, WPA-Enterprise, WPA2-PSK, WPA2-Enterprise with radius server and AES / TKIP encryption

Packet Tracer 7.2 Home Router interface


New protocol support in Cisco Packet Tracer 7.2

Wired 802.1x (dot1x) device authentication

Wired 802.1x device authentication has been added to Catalyst switches emulated in Cisco Packet Tracer 7.2 . This feature is available with the following limitations :

  • dot1x commands only supported with IOS 15. Update of the switch image is required (IOS 15 images available on the server device) before configuring 802.1x authentication.
  • EAP-MD5 is the only EAP protocol supported.

802.1x configuration form has been added to end devices IP configuration utility.

Packet Tracer 7.2 - End devices 802.1x configuration (EAP-MD5)

PPPoE authentication

PPPOE support has been added to ISR routers, Meraki Security Appliance, and end devices (PC, servers) in Cisco Packet Tracer 7.2.

PAP and CHAP authentication is supported in Cisco Packet Tracer 7.2

Packet Tracer 7.2 - PPPoE configuration on a PC end device

PPPoE is a protocol widely used by Internet Service Providers to provide high speed internet services which can use the same authentication server for both PPP and PPPoE sessions, resulting in a cost savings. It expands the capability of PPP by allowing a virtual point to point connection over a multipoint Ethernet network architecture. PPPoE uses the same methods of compression, authentication, and encryption than PPP.


Real HTTP server and real websocket

Cisco Packet Tracer 7.2 IoT programming features now include a realHttpServer capability which starts an HTTP server accessible from outside the Packet Tracer environment. The HTTP server can be accessed from a web browser installed on the PC running Packet Tracer. In order for this to work correctly one may need to enable the [✔] Enable External Network Access from Device Scripts from the Miscellaneous tab of the Options/Preferences dialog box.

enable the Enable External Network Access from Device Scripts from the Miscellaneous tab of the Options/Preferences dialog box

Cisco Packet Tracer 7.2 asks for user permission before starting the web server and listening on port 8765.

Packet Tracer 7.2 asking permission to start the real HTTP server

Output the C:\Program Files\Cisco Packet Tracer 7.2\saves\7.2\IoT\real-websocket.html test page provided to test the new real websocket capability.

! connected to websocket @ ws://localhost:8765/ws
ping: hello: 10
... pong: hello: 10
ping: hello: 9
... pong: hello: 9
ping: hello: 8
... pong: hello: 8
ping: hello: 7
... pong: hello: 7
ping: hello: 6
... pong: hello: 6
ping: hello: 5
... pong: hello: 5
ping: hello: 4
... pong: hello: 4
ping: hello: 3
... pong: hello: 3
! disconnected from websocket


DHCPv6 client on ISR1941 router

DHCP v6 client is now supported on Cisco Packet Tracer 7.2 ISR1941 router interface. Gigabit Ethernet interface IPv6 address can now be dynamically obtained by DHCP with the "ipv6 address dhcp" IOS command. ISR 1941 router can also act as  DHCPv6 server with the "ipv6 dhcp pool <pool name>" command.

RouterClient(config)#interface gigabitEthernet 0/0
RouterClient(config-if)#ipv6 address dhcp 

RouterClient#show ipv6 interface 
GigabitEthernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::202:17FF:FE61:5C01
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:DB8:1111:0:9364:8387:C92D:86B6, subnet is 2001:DB8:1111:0:9364:8387:C92D:86B6/128 [CAL/PRE]
  Joined group address(es):
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds



The following Cisco Packet Tracer 7.1.1 bugs are fixed in Cisco Packet Tracer 7.2 :

  • [Fixed] Packet Tracer crash when booting C1841 ISR router from ROMMON mode (boot flash:c1841-advipservicesk9-mz.124-15.T1.bin)
  • [Fixed] Packet Tracer crash when inserting hwic-4esw in C1841 ISR router slot 1.
  • [Fixed] EIGRP packet headers not displayed in simulation mode.
  • Packet Tracer crash when configuring DHCP on WLC-PT wireless controller
  • Unable to use ip http server command on Cisco ISR 1941 router
  • LLDP protocol error with LLDP neighbors not showing
  • Port-channel interfaces become unassociated from the channel-groups on a router device when a saved file is reloaded after Packet Tracer restart
  • After entering the command "show spanning-tree details" on a switch with a spanning-tree instance, program crashes
  • Program crashes when placing fiber adaptor GLC-LH-SMD in ISR 2811 router using mixed media adaptor