Cisco Packet Tracer 7.x tutorials

Packet Tracer 7.1.1 - Wireless WLC configuration

4.4285714285714 1 1 1 1 1 Rating 4.43 (7 Votes)

Cisco Wireless concepts

The Cisco Wireless Controller (WLC) devices is the Cisco solution to centrally configure, manage enterprise wireless networks, regardless of the number of access points deployed and thei location. Wireless controllers have become very popular as companies move from standalone Access Point (AP) wireless designs, complicated to configure and to secure properly, to centralized controller-based designs, reaping the enhanced visibility, functionality and redundancy benefits that come with those modern designs.

The following youtube video presents the basic concepts of how Wireless Controllers work and interact with Lightweight access points using CAPWAP protocol. A good understanding of the concepts presented in this video is mandatory before starting this Packet Tracer 7.1.1 wireless tutorial.

 

Read more ...

Packet Tracer 7.0 - LLDP configuration

2.1052631578947 1 1 1 1 1 Rating 2.11 (19 Votes)

What is LLDP ?

The Link Layer Discovery Protocol (LLDP), standardized as 802.1AB, is a standardized network discovery protocol aimed to replace a wide variety of propietary protoclos such as Cisco CDP, Nortel discovery protocol, ... It helps network administrators to identify the neighbors devices (including remote ports) of the device they are configuring. As a link-layer protocol, LLDP works without needing a valid IP configuration on the devices.

 

LLDP show commands available in Packet Tracer 7.0

show lldp

Router#show lldp 

Global LLDP Information:
    Status: ACTIVE
    LLDP advertisements are sent every 30 seconds
    LLDP hold time advertised is 120 seconds
    LLDP interface reinitialisation delay is 2 seconds

 

Read more ...

Cisco 819 ISR router - Embedded AP configuration

2.8333333333333 1 1 1 1 1 Rating 2.83 (18 Votes)

Access point overview

The Cisco 819 ISR supports built-in enterprise class WLAN capability with an embedded Cisco 3500 Access Point featuring 802.11a/b/g/n and 2X3 MIMO antenna diversity (2 transmitting antennas and 3 receiving antennas).  With the dual 802.11 radio capability, the integrated AP can serve both as an access point and as a client to another wireless network for backbone/internet connectivity. This provides another source for WAN diversity along with Gigabit Ethernet, serial, and 3G/4G capabilities.

The Cisco 819 ISR router wireless access-point is a service module connected to the router with the following interfaces :

  • wlan-ap0 for access point management
  • Wlan-GigabitEthernet0 for production traffic between the router and the AP. This interface can be configured as a trunk to allow the AP to link multiple SSID to different vlans

 

Router#show ip interface brief 
Interface              IP-Address      OK? Method Status                Protocol
 
GigabitEthernet0       unassigned      YES NVRAM  administratively down down
 
FastEthernet0          unassigned      YES unset  up                    down
 
FastEthernet1          unassigned      YES unset  up                    down
 
FastEthernet2          unassigned      YES unset  up                    down
 
FastEthernet3          unassigned      YES unset  up                    down
 
Serial0                unassigned      YES NVRAM  administratively down down
 
Wlan-GigabitEthernet0  unassigned      YES unset  up                    up
 
wlan-ap0               10.10.10.1      YES TFTP   up                    up
 
Cellular0              unassigned      YES unset  administratively down down
 
Vlan1                  10.10.10.1      YES NVRAM  up                    up

 

Read more ...

Packet Tracer 7.0 - Precision Time Protocol

2.3 1 1 1 1 1 Rating 2.30 (10 Votes)

What is Precision Time Protocol (PTP) ?

Precision Time Protocol (P2P) is a new feature of Packet Tracer 7.0 available in IE2000 industrial switches.

This time synchronization protocol is defined in IEEE-1588 as Precision Clock Synchronization for Networked Measurements and Control Systems, and was developed to synchronize the clocks in networks devices that include distributed device clocks with various levels of precision and stability. Acurate time synchronization is vital for smart grid power automation applications such as virtual power generators and peak-hour billing, but also for network outage monitoring tools which require a high level of time accuracy and stability.

 

PTP configuration in Packet Tracer 7.0

Precision Time protocol can be simulated in Packet Tracer 7.0 using IE2000 switches. These switches features PTP boundary, end-to-end transparent, and forward modes.

Switch(config)#ptp mode ?
  boundary        Boundary Clock mode
  e2etransparent  End-to-End Transparent Clock mode
  forward         Forward packets without processing

Configure PTP using the following commands and verify the configuration using the show ptp clock and show ptp port IOS command :

Switch(config)#ptp mode boundary 
Switch(config)#interface fastEthernet 1/1
Switch(config-if)#ptp enable 

 

Read more ...

IPSEC VPN tunneling in Cisco Packet Tracer

3.8 1 1 1 1 1 Rating 3.80 (10 Votes)

Introduction - IPSEC VPN on ISR routers

Cisco Packet Tracer allows IPSEC VPN configuration between routers. The example below presents a basic VPN configuration over a Frame Relay between Paris and New-York using Cisco 2811 routers.

IPSEC Tunneling allows network adminisrators to use the Internet to create secure connections between networks (teleworkers, remote sites, ...). Cisco 2811 routers use the ISAKMP and IPsec tunneling standards to crete and manage tunnels. IPsec provides authentication (AH) and encryption (ESP) services to prevent unauthorized data access or modification. ISAKMP is the negotiation protocol that makes peers negociate on how to build the IPsec security association.

A major problem IPSec sessions is that they do not support multicast or broadcast traffic. Enabling dynamic routing protocols such as OSPF or EIGRP requires multicast or brodcast support to allow hellos and updates traffic between routers.

Solution : Build another generic tunnel over IPSEC. Three options available in Cisco routers :

  • Virtual Tunnel Interface (VTI)
  • Generic Routing Encapsulation (GRE)
  • DMVPN and GET VPN

 

Good news : GRE over IPSEC has been working in Packet Tracer since at least version 6.0.1 . This tunnel design allows OSPF dynamic routing over the tunnel

Basic IPSEC VPN configuration

Download network topology

File Name: ipsec-vpn.pkt
File Size: 11 KB

Configuration

Paris router configuration

hostname PARIS
!
crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp key 0 address 172.16.1.2
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set SECUREWAN esp-aes esp-sha-hmac
!
crypto map IPSECWAN 100 ipsec-isakmp 
 set peer 172.16.1.2
 set pfs group2
 set security-association lifetime seconds 86400
 set transform-set SECUREWAN 
 match address SECURED-TRAFFIC
!
!
interface FastEthernet0/0
 ip address 10.0.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 172.16.1.1 255.255.255.252
 encapsulation frame-relay
 frame-relay interface-dlci 100
 crypto map IPSECWAN
!
ip route 10.100.1.0 255.255.255.0 172.16.1.2 
!
!
ip access-list extended SECURED-TRAFFIC
 permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
!


New-York router configuration

hostname NEWYORK
!
!
crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp key 0 address 172.16.1.1
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set SECUREWAN esp-aes esp-sha-hmac
!
crypto map IPSECWAN 100 ipsec-isakmp 
 set peer 172.16.1.1
 set security-association lifetime seconds 86400
 set transform-set SECUREWAN 

 

OSFP dynamic routing with GRE tunnel over IPSEC

I modified the IPSEC ACL to permit GRE traffic over the tunnel and to deny any unencrypted traffic on the WAN link

ip access-list extended SECURED-TRAFFIC
 permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
 permit ip any any
 permit gre 10.254.1.0 0.0.0.3 10.254.1.0 0.0.0.3


GRE tunnel configuration on Paris router

interface Tunnel0
 ip address 10.254.1.1 255.255.255.252
 tunnel source Serial0/0/0
 tunnel destination 172.16.1.2
 tunnel mode gre ip


GRE tunnel configuration on NewYork router

interface Tunnel0
 ip address 10.254.1.2 255.255.255.252
 tunnel source Serial0/0/0
 tunnel destination 172.16.1.1
 tunnel mode gre ip


OSPF configuration over the tunnel

router ospf 1
 log-adjacency-changes
 network 10.0.1.0 0.0.0.255 area 0
 network 10.254.1.0 0.0.0.3 area 0

 

File Attachment:

File Name: ipsec-vpn-gre.pkt
File Size: 11 KB