Cisco Packet Tracer 7.x tutorials

Packet Tracer 7.3 - IP telephony devices

1 1 1 1 1 Rating 3.95 (21 Votes)

Supported devices in Packet Tracer 7.3

Cisco Packet Tracer 7.3 supports three telephony devices :

  • Cisco 7960 IP Phone
  • Home VOIP device for analog phone connection to an IP network.
  • Cisco IP Communicator software on desktop or laptop PC

 

Cisco 7960 IP Phone

Cisco 7960 emulated IP phone in Packet Tracer - Front view

 

Power up the phone

Two options are available in Packet Tracer for powering up the 7960 IP Phone :

  • External power adapter
  • PoE (only with 3560 multilayer switch)

If you choose to use the external power adapter, go to the physical tab and drag and drop the "IP_PHONE_POWER_ADAPTER" to the bottom left connector of the 7960 IP Phone.

Cisco 7960 emulated IP phone in Packet Tracer - Back view

 

If you want to use the PoE functionnality of the Cisco 3560 switch, apply the following configuration to the switch interface connected to the phone :

Switch(config)#int fastEthernet 0/1
Switch(config-if)#power inline auto

  

Place calls with 7960 IP Phone

The 7960 IP Phone emulated in Packet Tracer 7.2.1does not have any configurable options. It receives it's IP address through DHCP and it's line number from the Call Manager Express server.

 In the GUI tab, you can place a call, answer a call, and send Do, Re, and Mi notes to the recipient phone. To place a call enter the recipient's line number first using the keypad and then click on the handset to dial out.

To answer a phone call on the analog phone, click on the handset when the phone is ringing. While the line is connected, you can send Do, Re, or Mi to the recipient by pressing the respective buttons. In order to hear the sounds, be sure Sound is enabled in Preferences. To end a call, click on the handset.

 

Home VOIP device

Packet Tracer 7.2.1 - Home VOIP device

The Home VoIP only has a "Server Address" configuration in which you have to place the Call Manager Express IP address.

 

Cisco IP Communicator software

The IP Communicator software is installed on desktop or laptop end devices. Configure the computer for DHCP address assignment and use the "Desktop" tab to access the IP Communicator software. The software will receive it's phone line number from the Cisco Call Manager Express server.

Packet Tracer 7.2.1 - Applications available on a laptop device.

To place a phone call, enter the number of the recipient phone using the keypad and then click the Dial button. Once the recipient has answered the call, the status message will indicate that the Cisco IP Communicator is connected and a green light will show. While the call is still active, click on the Do, Re, or Mi buttons to send the respective sounds to the recipient. To end the call, click the EndCall button. For the best possible experience while making calls, be sure that Sound is enabled in Preferences.

If you want configure the Cisco IP Communicator to use a different TFTP server from the default TFTP server, follow these steps. On the upper right-hand corner of the Cisco IP Communicator GUI, there are four buttons above the words "Cisco IP Phone." Click on the first button from the left to open a context menu and then select Preferences. Select the option Use these TFTP Servers: and then enter the IP address of the TFTP server that you wish to use.

Packet Tracer 7.2.1 - IP Communicator software

Packet Tracer 7.3 - RADIUS configuration

1 1 1 1 1 Rating 3.15 (34 Votes)

This Cisco Packet Tracer 7.3 tutorial describes two common use cases for radius authentication configuration on enterprise networks :

  • Radius as a central authentication service for securing network devices admin access
  • Radius as an authentication service for securing a WIFI network with WPA enterprise

 

Radius authentication for telnet access on a Cisco 2811 router

Telnet authentication lab description

This Packet Tracer tutorial describes how to configure RADIUS authentication on a CiscoTM 2811 router to secure telnet access. The RADIUS server is hosted as a service on a Server-PT device. Radius client password has to be configured on the AAA tab of the Server-PT device.

Router R1 :

  • FastEthernet 0/0 : 192.168.1.1/24
  • FastEthernet 0/1 : 192.168.2.1/24

RADIUS Server : 192.168.1.2/24

Client (Laptop0) : 192.168.2.1/24

 

Packet Tracer 5.3 - Router radius authentication

Configuration steps

IOS configuration on R1

aaa new-model The first command, aaa new-model, tells the router that you are using either TACACS+ or RADIUS for authentication.
radius-server host 192.168.1.2 key p@ssword Tells the router the IP address of the RADIUS server and the shared secret.
aaa authentication login default group radius local The aaa authentication command is used to start RADIUS authentication on the router as a defaul method for login.

line vty 0 15

login authentication default

Configuration of the vty interfaces for login

 

Configure WPA entreprise on a Linksys wireless access point

WPA enterprise configuration with radius authentication

This tutorial describes how to configure WPA entreprise WIFI authentication on a LinksysTM WRT300N wireless router in Packet Tracer 7.2.1

Linksys WRT300N : 192.168.1.1/24

RADIUS Server : 192.168.1.2/24

Laptop : 192.168.1.3/24

Tip : For security reasons, it is highly recommended to secure the RADIUS server behind a router (using ACL) or a firewall in production networks.

 

Packet Tracer 5.3 - WPA entreprise configuration

Packet Tracer 7.2.1 - Radius server configuration

 

Configuration steps

  1. Add a Linksys AP and configure it's IP address to 192.168.1.1 (netmask 255.255.255.0)
  2. Add a Server-PT device and configure it's IP address to 192.168.1.2 (netmask 255.255.255.0)
  3. On the Server configuration page, configure the AAA Service with the following settings :
    1. Client Name : Linksys (Chose a name. Doesn't need to match AP name)
    2. Client IP : IP address of the Linksys AP
    3. Client password : A shared secret with the AP (here : deltapassword)
    4. Create a new user (name : user1 - Password : test)
  4. Configure the wireless settings of the Linksys AP like in the screenshot above (WPA TKIP / Radius server IP / Shared secret)
  5. Add a laptop device and configure it with a PT-LAPTOP-NM-1W module (Drag and drop to replaces the original ethernet module)
  6. Configure the wireless settings of the laptop like in the screenshot above (WPA TKIP / User ID, Password)
  7. The connection should establish between the laptop and the AP.

Packet Tracer 7.3 - Setting up and managing a DHCP server

1 1 1 1 1 Rating 3.41 (59 Votes)

Introduction

DHCP service is a key component of your network infrastructure by allowing centralized ip address management on a single pool of servers. DHCP configuration is also part of CCNA and CCNP Switch certification exams curricula. This skill can be tested in lab environnement during exams ans it's important for students to get used to DHCP configuration before taking the exam.

Packet Tracer 7.3 implements two methods for setting up a DHCP server in your network :

  • Configuration of DHCP pools on Cisco routers or multlayer switches.
  • Configuration of a standalone DHCP server appliance on the network and usage of the "ip helper-address" command on network devices for DHCP traffic forwarding outside each local broadcast domain. This tutorial will describe this method for implementing DHCP service in your network.

DHCP server and DHCP client sould be in the same vlan to be able to communicate as the initial DHCP discover is a layer 2 broadcast packet to ff:ff:ff:ff:ff:ff MAC address. Cisco routers and layer 3 switches are able to act as DHCP relay and forward DHCP requests to a DHCP server located in another VLAN : a single DHCP server can now be deployed to deliver IP addresses to many subnet.

 

Tutorial description

This tutorial will show you how to configure dynamic IP address assignment on multiple VLAN with a unique DHCP server appliance on the network.

Two VLANs are configured on Switch0 with Router0 as default gateway :

  • VLAN 10 - Nework : 192.168.10.0/24 - Gateway : 192.168.10.1 (FA 0/0.10)
  • VLAN 20 - Network : 192.168.20.0/24 - Gateway : 192.168.20.1 (FA 0/0.20)

The unique DHCP server is located on a remote subnet with IP 172.16.24.2.

DHCP lab overview on packet tracer 5

 

Learning DHCP : recommended books

Coming soon

 

DHCP configuration

Declare IP address pools on the DHCP management tab of the server like on the picture below. One pool has to be declared for each VLAN. Don't forget to configure the right network settings and default gateway (Router0 FA 0/0.10 and FA 0.0.20 IP address) for each VLAN.

DHCP server configuration on packet tracer 5.3

 

Configure router0 for DHCP forwarding to the DHCP server (DHCP relay)

The ip helper-address <IP address> configures DHCP request forwarding to the configured <IP address> DHCP server.

Router(config)# interface FastEthernet0/0.10

Router(config-subif)# encapsulation dot1Q 10

Router(config-subif)# ip address 192.168.10.1 255.255.255.0

Router(config-subif)# ip helper-address 172.16.24.2

 

Router(config)# interface FastEthernet0/0.20

Router(config-subif)# encapsulation dot1Q 20

Router(config-subif)# ip address 192.168.20.1 255.255.255.0

Router(config-subif)# ip helper-address 172.16.24.2

Packet Tracer 7.3 - Netflow configuration

1 1 1 1 1 Rating 3.75 (28 Votes)

What is Netflow?

Netflow is a network analysis protocol that was initially created by Cisco to give the ability to collect detailled informations about network traffic as it flows through a router interface.

The data processed by Netflow collectors provides the network administrator with detailled traffic informations such as the source and destination of the traffic, class of service, .... Netflow version 9 was standardized in 2008 as IPFIX by the IETF organization. This feature is used by network operators for billing network users.

NetFlow records are exported to a Netflow collector using User Datagram Protocol (UDP). The IP address and the destination UDP port of the NetFlow collector have to be configured on the sending device (router or l3 switch). The standard value is UDP port 2055, but other values like 9555 or 9995 can also be used.

 

Netflow in Cisco Packet Tracer

The following Netflow components are available in Cisco Packet Tracer :

  • Netflow version 9 on Cisco ISR routers. This feature is not available on Layer 3 switches.
  • A netflow collector software on PC, laptop and server devices.
Packet Tracer 6.1 - ISR router netflow records  Packet Tracer 6.1 - Netflow collector software

 

 

Netflow configuration using Cisco 2811 ISR routers

Network topology and configuration instructions

 

 

IP configuration :

  • IP Phone n°1 : 192.168.10.2/24
  • IP Phone n°2 : 192.168.10.4/24
  • Router Fa0/0 : 192.168.10.1/24
  • Router Fa0/1 : 192.168.20.1/24
  • Netflow Collector : 192.168.20.2/24

 

First step : Configure netflow collection on router interfaces using the "ip flow" IOS command. The flow can be configured on either ingress or egress direction. It is recommended to configure the flow on ingress.

interface FastEthernet0/0
 ip flow ingress
 ip address 192.168.10.1 255.255.255.0
 duplex auto
 speed auto

 

Second step : Configure the ISR router to send the flow records to the netflow collector. Packet Tracer 6.1 netflow collection software deployed on end devices (servers or PCs) uses UDP port 9996.

ip flow-export destination 192.168.20.2 9996
ip flow-export version 9

 

 

Testing the configuration

Make a phone call from IP Phone n°1 to IP Phone n°2 and use the "show ip cache flow" command on the ISR router to display the router's netflow cache. In this example, the router shows a SCCP (TCP-SKINNY) flow between the two IP Phones (192.168.10.2 & 192.168.10.4).

RouterA#show ip cache flow 
IP packet size distribution (729 total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
   .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 

IP Flow Switching Cache, 278544 bytes
  2 active, 4094 inactive, 337 added
  3 ager polls, 0 flow alloc failures
  Active flows timeout in 30 minutes
  Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 34056 bytes
  0 active, 1024 inactive, 0 added, 0 added to flow
  0 alloc failures, 0 force free
  1 chunk, 1 chunk added
  last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-SKINNY         335      0.1         2    40      0.1       1.3      15.0
Total:             335      0.1         2    40      0.1       1.3      15.0

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Fa0/0         192.168.10.4    Local         192.168.10.1    06 0401 07d0     8
Fa0/0         192.168.10.2    Local         192.168.10.1    06 0401 07d0    23
RouterA#

 

IPSEC VPN tunneling in Cisco Packet Tracer

1 1 1 1 1 Rating 4.08 (13 Votes)

Introduction - IPSEC VPN on ISR routers

Cisco Packet Tracer allows IPSEC VPN configuration between routers. The example below presents a basic VPN configuration over a Frame Relay between Paris and New-York using Cisco 2811 routers.

IPSEC Tunneling allows network adminisrators to use the Internet to create secure connections between networks (teleworkers, remote sites, ...). Cisco 2811 routers use the ISAKMP and IPsec tunneling standards to crete and manage tunnels. IPsec provides authentication (AH) and encryption (ESP) services to prevent unauthorized data access or modification. ISAKMP is the negotiation protocol that makes peers negociate on how to build the IPsec security association.

A major problem with IPSec sessions is that they do not support multicast or broadcast traffic. Enabling dynamic routing protocols such as OSPF or EIGRP requires multicast or brodcast support to allow hellos and updates traffic between routers.

Solution : Build another generic tunnel over IPSEC. Three options available in Cisco routers :

  • Virtual Tunnel Interface (VTI)
  • Generic Routing Encapsulation (GRE)
  • DMVPN and GET VPN

GRE over IPSEC has been working in Cisco Packet Tracer since at least version 6.0.1 . This tunnel design allows OSPF dynamic routing over the tunnel

Read more ...