Cisco Packet Tracer 7.x labs

Lab 21 - Public & enterprise wlan users differentiation

4 1 1 1 1 1 Rating 4.00 (7 Votes)

Lab description

The aim of this wireless Packet Tracer lab is to configure a campus network allowing authenticated enterprise users to access enterprise ressources using their mobile devices while allowing a filtered public wireless access for unregistered users.

Two access points are connected to an access switch to publish two différent SSID ("default" and "Secured"). The basic access point broadcasts the public SSID. The Linksys AP broadcasts the protected SSID as this AP can be configured for WPA Enterprise security. Each SSID is mapped to a single vlan : vlan 20 for secure SSID, vlan 30 for public SSID. In a real world architecture, we would be using a Cisco Wireles Lan Controller (WLC) and Leight Weight AP. Support for Wireless Lan Controller (WLC) has been added in Packet Tracer 7.1 with the introduction of the Cisco 2504 Wireless Controller (limited functionalities).

The VLAN interface of the secure ssid (interface vlan 20) is hosted by the campus core and he traffic is directly routed to the datacenter. The VLAN interface of the public ssid (interface vlan 30) is hosted by the ASA firewall on it's outside interface. The public traffic is filtered before entering the campus


Read more ...

Lab 6 - Basic router setup

2.7551020408163 1 1 1 1 1 Rating 2.76 (49 Votes)


When you first boot up your Cisco ISR router, some basic configuration has to be performed to secure adminitrative access to the router. This lab will test your ability to configure the basic security settngs of a Cisco router and help prepare yourself for the router configuration simulation activities in the CCNA exam (Chapter 5.0 Infrastructure Maintenance of 100-105 ICND1 exam)

Read more ...

Lab 19 - Deep Packet Inspection with ASA 5505

2.5526315789474 1 1 1 1 1 Rating 2.55 (38 Votes)

Network diagram

 Packet Tracer 6.1 - ASA 5505 Deep Packet Inspection lab


Lab instructions

Configure the ASA firewall to allow HTTP traffic from the laptop (inside network) to the HTTP server located on the other side of the firewall. The traffic will be deeply inspected by the firewall to make sure it contains real HTTP instead of rogue traffic.

All the communication from the outside to the inside network have to remain denied. Only the statefull sessions established from the inside network have to be allowed by the firewall.

Interfaces and vlans default configuration is provided below. The default vlan security levels have been manually added in the picture.

Read more ...

Lab 20 - CBAC trafic Inspection with ISR router

2.1470588235294 1 1 1 1 1 Rating 2.15 (34 Votes)

What is Cisco Context-Based Access Control ?

Cisco's Context-Based Access Control (CBAC) is a security component similar to reflexive ACL available in ISR routers. This feature has been implemented in Packet Tracer since version 5.3

CBAC enables dynamic modification of inbound access lists to allow some incoming flows even if a "deny any any" ACL has been implemented by first inspecting and recording flows initiated from the protected internal network. The main difference with reflexive ACLs is that whereas reflexive ACLs act solely on L2-L4 protocol attributes, CBAC is able to inspect all the way to the application layer (layer 7), taking into consideration characteristics of a flow on a per-protocol (or context) basis.

Read more ...

Lab 18 - DMZ configuration with ASA 5506-X

2.5 1 1 1 1 1 Rating 2.50 (92 Votes)

Network diagram

 Packet Tracer 7.2 - ASA 5506-X DMZ lab


Lab instructions

1. Configure NAT to allow LAN users to access the INTERNET

2. Configure NAT to allow DMZ servers to access the INTERNET

3. Configure inbound NAT rule to allow access to the DMZ webserver from the Internet with public IP address.

4. Configure ICMP rules to allow laptop1 to ping internet router and any internet resource. An access-list, named OUTSIDE, will be configured to allow incoming echo-reply and unreachable ICMP replies

5.Configure the required access-lists on the internet facing interface to allow incoming trafic to the DMZ webserver

6.Test HTTP connectivity from the Public laptop to the DMZ webserver (

Read more ...