Cisco Packet Tracer 8.x tutorials

Packet Tracer 8.0 - Netflow configuration

What is Netflow?

Netflow is a network analysis protocol that was initially created by Cisco to give the ability to collect detailled informations about network traffic as it flows through a router interface.

The data processed by Netflow collectors provides the network administrator with detailled traffic informations such as the source and destination of the traffic, class of service, .... Netflow version 9 was standardized in 2008 as IPFIX by the IETF organization. This feature is used by network operators for billing network users.

NetFlow records are exported to a Netflow collector using User Datagram Protocol (UDP). The IP address and the destination UDP port of the NetFlow collector have to be configured on the sending device (router or l3 switch). The standard value is UDP port 2055, but other values like 9555 or 9995 can also be used.

Read more ...

Packet Tracer 8.0 - Setting up and managing a DHCP server

Introduction

DHCP service is a key component of your network infrastructure by allowing centralized ip address management on a single pool of servers. DHCP configuration is also part of CCNA and CCNP Enterprise certification curricula. This skill can be tested in lab environnement during exams ans it's important for students to get used to DHCP configuration before taking the exam.

Packet Tracer 8.0 implements two methods for setting up a DHCP server in your network :

  • Configuration of DHCP pools on Cisco routers or multlayer switches.
  • Configuration of a standalone DHCP server appliance on the network and usage of the "ip helper-address" command on network devices for DHCP traffic forwarding outside each local broadcast domain. This tutorial will describe this method for implementing DHCP service in your network.

DHCP server and DHCP client sould be in the same vlan to be able to communicate as the initial DHCP discover is a layer 2 broadcast packet to ff:ff:ff:ff:ff:ff MAC address. Cisco routers and layer 3 switches are able to act as DHCP relay and forward DHCP requests to a DHCP server located in another VLAN : a single DHCP server can now be deployed to deliver IP addresses to many subnet.

Read more ...

Packet Tracer 8.0 - RADIUS configuration

This Cisco Packet Tracer 8.0 tutorial describes two common use cases for radius authentication configuration on enterprise networks :

  • Radius as a central authentication service for securing network devices admin access
  • Radius as an authentication service for securing a WIFI network with WPA enterprise

 

Radius authentication for telnet access on a Cisco 2811 router

Telnet authentication lab description

This Packet Tracer tutorial describes how to configure RADIUS authentication on a CiscoTM 2811 router to secure telnet access. The RADIUS server is hosted as a service on a Server-PT device. Radius client password has to be configured on the AAA tab of the Server-PT device.

Router R1 :

  • FastEthernet 0/0 : 192.168.1.1/24
  • FastEthernet 0/1 : 192.168.2.1/24

RADIUS Server : 192.168.1.2/24

Client (Laptop0) : 192.168.2.1/24

 

Packet Tracer 7.3 - Router radius authentication

Read more ...

Packet Tracer 8.0 - IP telephony devices

Supported devices in Packet Tracer 8.0

Cisco Packet Tracer 8.0 supports three telephony devices :

  • Cisco 7960 IP Phone
  • Home VOIP device for analog phone connection to an IP network.
  • Cisco IP Communicator software on desktop or laptop PC

 

Cisco 7960 IP Phone

Cisco 7960 emulated IP phone in Packet Tracer - Front view

Read more ...

IPSEC VPN tunneling in Cisco Packet Tracer

Introduction - IPSEC VPN on ISR routers

Cisco Packet Tracer allows IPSEC VPN configuration between routers. The example below presents a basic VPN configuration over a Frame Relay between Paris and New-York using Cisco 2811 routers.

IPSEC Tunneling allows network adminisrators to use the Internet to create secure connections between networks (teleworkers, remote sites, ...). Cisco 2811 routers use the ISAKMP and IPsec tunneling standards to crete and manage tunnels. IPsec provides authentication (AH) and encryption (ESP) services to prevent unauthorized data access or modification. ISAKMP is the negotiation protocol that makes peers negociate on how to build the IPsec security association.

A major problem with IPSec sessions is that they do not support multicast or broadcast traffic. Enabling dynamic routing protocols such as OSPF or EIGRP requires multicast or brodcast support to allow hellos and updates traffic between routers.

Solution : Build another generic tunnel over IPSEC. Three options available in Cisco routers :

  • Virtual Tunnel Interface (VTI)
  • Generic Routing Encapsulation (GRE)
  • DMVPN and GET VPN

GRE over IPSEC has been working in Cisco Packet Tracer since at least version 6.0.1 . This tunnel design allows OSPF dynamic routing over the tunnel

Read more ...