Connect Your Home Cisco Lab to the Internet | Cisco CCNA 200-301

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hello and welcome my name is Keith Barker is so good to have you here I was chatting with a couple of people after the live stream not just a couple people s chatting with um Dave and brendlin and I think packets are always there in the mix as well and one of the questions that would came up was I'm trying to connect my home network they bought some Cisco gear I'm trying to connect my I think it was Brendon trying to get my home network my Cisco gear up to the live internet and so I said oh let me help you I love to jump in there and play and think her well it occurred to me when I did that that there is there's a lot of stuff that's going on to make that happen for example routing not just on the routers but also on the local PC and your local network if you want to make that all manageable by that PC there's NAT this can be required or it's a little cousin Pat and also and routing I mentioned the routing on the PC or on the router itself that would have to be done so I thought you know what let me do this in fact I asked brendlin in the chat hey do you mind if I take this idea and just run with it so here's what I did I dusted off a couple of pieces of old gear an old router and I forget the model and almost like a 3560 multi-layer switch dusted it off and I powered him on there boom all this noise so what I did was I connected them with some base IP connectivity to my local network there a couple rooms away just for noise purposes but other than that they have not been configured so let me introduce you to the topology and what I'd like to do if you're in for it I'd like to walk you through step-by-step how to connect a home Cisco lab that you've built to the Internet and have it use its own separate subnet and be able to manage its routes and stuff within that space as well and I think you'll enjoy a lot of the pieces alright let's take a look at the topology so here's the topology and let me get out my pin here there it is alright so here's the topology we're going to use and this mirrors my current Network here at my house at my recording studio and let's take a look at the pieces so this is the Internet we're familiar with that and then the internet comes in - I have a cable modem but it might could be a DSL device it's the device that terminates to the service provider network and then it has a connection to my home router now some devices are some at some yeah devices would have the cable modem and DSL built into the router itself and there's also possibly wireless that's coming off of that as well which is all great but it's want to give you the lay of the land as far as my cable modem DSL and my home router and in my case I'm using Google Wi-Fi here at this location and so on my internal network at my at my home office here I have the 192 168 1 Network with the 24 bit mask and I've got dot one is the IP address of the actual router self so that's my default gateway now it's running DHCP but what I chose to do is on my PC here the one I'm currently sitting at it has the IP address of dot 254 and I statically configured that in fact let's just pause for a moment and confirm that so I'll bring up a command prompt and and we'll do an IP config and just to verify that I've got that IP address I think I do sure enough there's 192 168 1 dot 254 that's the IP address on this PC that I'm sitting at and the default gateway is 192 168 1.1 which is the IP address of my wife of my Google Wi-Fi router system ok want to make sure that was set it is all right moving forward oh ok so then what I did was I connected router 1 on its fa 0 0 interface I physically connected that into this network now out in the other room I've got another Google Wi-Fi node and I has the Ethernet part is plugged it in so I have this physically plugged in the router into this 192 168 1 Network and I also assigned it hard-coded I could have done DHCP but I wanted to know what the address is every time so I I gave it an IP address of 11 that wasn't in use and that's how it's starting that's it starting position so there's this home network there's the router what I also did so I could remotely connect all the other stuff I also took the switch no switches connected to the router routers using fa fa 0 / 1 going to a gigabit 0 / 1 they'll negotiate that speed and duplex no problem but on the 0 one interface that's the physical connection I also configured on switch 1 all the inner all daveed on all the porch are associated VLAN 1 by default including this one and I also carved out interface VLAN 1 and on this network it's 172 16 1.0 at the 24 bit mask and use dot 200 here now no listen let's back up the truck for a minute if you're looking at this and you're brand new to Cisco brand new to networking anything what the heck is I'll have half of that stuff no worries I've got a whole master playlist on YouTube you can go through it it's the master play with play this for CCNA 200 301 and that'll walk you through step by step a lot of these pieces and the cool thing about a lab like this somebody's trying to do it is it's gonna require a lot of different technologies that we've learned in the course of CCNA to put it together that's why I think it's a great rehearsal for practicing a lot of the technologies so coming back here that's the initial position and let me see what else do I have here oh and also what Brendan said is that they want to use like the one say 2 to 16 one network and to network and three network and so forth so after we have this initially configured I'll also share with you how to set up a route on this PC so this PC knows oh if I need to reach 170 to 16 anything I need to forward it over to dot 11 so we'll refer to this diagram as we build a network and let's start off with r1 which should be at the IP address of 192 168 1 0 R 1 dot 11 on this interface and here it is they show you haven't papers I haven't used this cable in a while but I did today so this is a USB connection on one side that goes to the console port on a Cisco device why did was like I just wiped out the configs on router 1 and switch 1 put on the base IP addresses for the VLAN interface and for FA 0 0 and FA 0 1 so i could remotely connect to them and then everything else does give me from the ground up similar to what you'd experience if you're doing this on your own with having to configure all the NAT and the routing and the routing protocols ok so let's sum well that's hide that pointer and let me bring up a session and let verify it well I can't make let me connect to r1 so I told putty which is free and all right there he is so I'm connected to right now connected to the IP address of our one on its dot 11 interface and to verify that I just resize this again super okay so let's do a show IP interface brief so there's the FA 0 0 interface that is connecting me our connect to this router to my little home network and then this is the ones three to sixteen one interface that is connecting the router to the the Cisco lab network so we've looked at the topology again let me go ahead and actually click on this so we clicked on the topology what we're looking at is FA 0 0 and FA 0 1 so the first order of business if we want to have our Cisco lab connect to the internet our one is the own is the the keep in and making all that happen and as we take a look at our one if it doesn't have any routes outside of its locally connected networks so what we're going to need to do is set a route to 0 0 0 0 that's a default route and I've got a question for you let me have EA go ahead and take a stab at this if we told our one hey dear minister r1 with a static default route if you don't know how to forward a packet where should it go and what IP address would we use as the next hop yeah if we wanted to set this default route for r1 and again this is so we can at the home lab to reach the internet what would be the the default the next hop for the default route and you're saying keith that it looks like it would be dot one because that is the only way out of this local network you would be absolutely correct so we're gonna create a static route on r1 a default route that says to get to anywhere meaning you don't have a more specific route in your routing table you're gonna use 180 - 1 6 8 1.1 which is our home router it's the same default gateway that it's the same IP address that we're using on this PC as a default gateway so let's clean that up let's go back to putty and let's do a show IP route to start so we've got two routes there - directly connected networks the 192 168 1 and the 170 216 1 and to create a static route we're gonna do this configuration mode IP route and then we're gonna put in the 4 octet sub-zero's space for octet sub-zero's which is the syntax for a default route for ipv4 and then the next hop address of one ninety two dot one sixty eight dot one dot we're gonna point to our home networks IP address of our router which in my case is dot one so then that we've done that we should build a ping and I'd like to start small so meeting baby steps so let's do a ping to the default gateway 192.168.1.1 the IP address of my router I say that my home router and ok great so the first one was consumed by the ARP and then the rest should work right and let's also try to ping my PC now let's take a look at my pc IP address which is dot 254 again the secret here is just starting small same local network we're not really worried about you know routing outside of our network yet just make sure that the basic pieces work and then you can document that and move forward sometimes people throw in configs and they throw in devices and then things don't work like what's that way so if we start small verify the infrastructure that is working we have reach ability to things on the same network that's a great great first step all right so back to putty I still up ping to one ninety two dot one sixty eight dot one dot 254 and that's not working no not working so why not why is that not working and if you've had some experience with Windows devices you may know that a Windows computer has many times in fact almost all the time by default a firewall attitude built into it where it's not gonna accept ping requests and it's not responding so so this could be a false indicator and I want to point that out because you're very likely gonna run into this if you have a Windows device so check this out if we did a sharp look at this see that right there that means that this router did an ARP request got the response and if we looked at the Mac my windows computer it's going to end in C 0 for 2 and that means that we have we're on the same network it's just that my computer chose not to go ahead and respond so one answer to that is to go to your computer so I'm gonna bring up a command prompt on my local computer let's verify the IP address so I've got a lot of things going on but this is the primary IP address on that network and let's do a ping to the router a ping - I'm gonna call it r1 going forward that way will notice the Cisco router will do a ping to our ones address which is oh it's right there it's 1 Sydney 192 once you take 1 to 11 one ninety two dot one sixty eight dot one dot 11 and see how that works that just takes a whole bunch of like frustration and pain out of the scenario because a lot of times when the PC or when the router can't ping the PC is like oh no something's broken and in Windows it's just likely they personal firewall is running on that device by default ok so here's what we've done so far we have verified that r1 can ping the piece of the PC can ping the router and the router can ping this IP address of dot 1 and that local part is good so let's move along to oh-oh-oh let's verify that our one can get out to the Internet our one has a default route that says use dot one is the next top let's verify that that works that'd be a good basic starter as well so back to the router we go and show IP route so here is our default route right here I'm in kind of a interesting version of iOS I don't know how old this is but anyway literally the switch was sitting in the closet and not being used for a long time anyway this default route is using the next top of dot one let's do a ping two eight eight eight eight and sometimes I think you know is that real is that like did that really happen and let's do a trace because it was pretty fast we'll do a trace out to eight eight eight eight and sure enough all right so there's the default kate there's the default gateway the dot one address are the default route address there's the next hop which is from my service provider network so they're also doing that a couple of times it looks like for me and then I have the next top and the next top looks like I had a firewall or some other devices that I'm not responding into your TTL expired messages which is often quite normal and then we have our final destination here which responded back so we literally have this router which is sitting at my hall connected through my home network out to the live internet okay so what's next next let's configure let's take a look at switch one and it has an IP address on it's switched virtual interface that's a logical layer 3 interface for VLAN 1 of 1 32 16 1 dot 200 and this is verified of a basic connectivity between r1 and that switch so to do that I have a telnet I have a ok so to do that because I don't have full connectivity for my home network to that switch on the other on the Cisco lab network from r1 we're gonna tell net from r1 and hop over to switch 1 so it's gonna look something like this we're so we're sitting here r1 I'll use a different color we're sitting here at r1 and what we're gonna do is open the telnet session to go over to that IP address of the switch which is enabled and accepting telnet sessions also if you currently setup SSH and that's working you could use SSH as well I just did this so I wouldn't have to take my console port my console cable and plug into that switch to do the config I wanted to do it with the noise of those devices in another room alright so let's do that let's go ahead and on r1 we'll do a telnet to what was the address again let's take a look the SBI address the switch virtual interface address review then one of the switch is one thing to use 16 1 dot 200 and from a router we could type in telnet once no 2.16 dot one dot one dot 200 is the IP address we could do that or if we just typed in the IP address 172 dot 16.2 200 huh Keith 1 dot 200 if we did that it assumes we want to tell that and it will launch telnet to that IP address okay I was nervous but anyway there we go we have the connections anybody to show users this says hey you are connected to me on line vty 0 @ coming in from one sim to 216 1.11 which is the routers address so I just want to share with you that that's our current session telnet from the router over to the switch FBI so we can manage it and configure it if you're doing this in your home lab just take that console cable if there's next to you plug into the console port do it all from there I just want to make sure that as I showed you this I'm sharing with you all the details of what I'm doing to make this all work so let's do a show IP route okay well so this which really is a multi-layer switch but that show IP route where it says default gateway is not set that's it that is implying that IP routing is not enabled so I'm gonna enable IP routing on this multi-layer switched so it can route for other devices so IP routing that's it okay and then if we do a show IP route also oh I know it is you know I'm not getting any messages console messages and that's an important aspect if you're remotely connected to a device through SSH or through telnet it's not by default sending the messages to your current session and I may want those especially I do want those I'd like to see the messages that talk about OSPF neighbor ships and other things so to solve that the command right here from privileged mode not config but from privileged mode is terminal space monitor it basically says hey please go ahead and send console messages to this session I'm currently using to connect which in our case is telnet and that way we'll get log messages to confirm that there we go so great I just want to make sure we're getting the log messages and I'm also gonna do that over on r1 in a moment too when we go back there okay so where was that okay so show IP route show IP route I said it but didn't spell it so now it's it's enabled for IP routing it has these routing codes but it only shows us the one directly connected Network though ten once into 216 1 which is associate with VLAN 1 W then one interface so let's [Laughter] so couple options here let's talk about a plan and then we'll do it and anyway you wanted this is great I want to share with you some of the options that I think are worth considering and they would include this if if we want if we're gonna build more networks back here like the one 1716 one and other routers maybe we hang a router off here and hang a router off here if we want those routers to also have reach ability and be able to reach the internet what we're gonna want to do is run a dynamic routing protocol and that way they'll be able to dynamically then routes and we'd also want our one to make sure it injects its default route so it currently has a default route that says hey if I don't have a better out I know to go 2.1 but we also want to advertise that inside of a routing protocol so that this route over here r2 or r3 or even this guy who the multi-layer switch who's doing routing so it would also know how to forward a packet if it didn't have any more detailed routes more detailed routes so the one way of doing that would be to run OSPF and in the master playlist we have lots of videos on OSPF it opens shortest path first it's a dynamic routing protocol happens to be the link state and so I think we have to do is we have to enable OSPF on these two routers switch 1 and r1 and future routers as well and we'll also tell r1 to inject a default route into OSPF so that switch 1 will also receive and learn that a dynamic route that's default route dynamically instead of having to configure it manually so that's a mouthful this is a good review though of a lot of those technologies let's enable OSPF on these devices so we'll go back to switch 1 and show IP interface brief so all we have is just one interface right here B then one interface and it's also a ping of r1 at 172 dot 16.1 11 and because we're actually tell NetID from r1 to this switch that implies connectivity as well so let's do a I pick T router OSPF 1 Oh SPF routing process number one and let's just do a network statement for everything network zero zero zero zero space and for octet some wildcard mask if you haven't seen the wildcard mask videos yet check those out they're all in the master playlist and we're going to put all those interfaces into area 0 the way a network statement works with OSPF is Network statement says which interfaces should I consider to be put into the OSPF routing process and with this Network statement it says any interface that's running OS as this running ipv4 put it in the OSPF writing process and associate those networks with area 0 so that is done also right here because I do have some gig if you have some gigabit links you're gonna be using in your network you'd also want to auto cost reference bandwidth and I will save the discussion of that for for one of the other OSPF videos in the master playlist alright so let's do a show IP ospf interface brief great so we have one interface that VLAN one interface that's associated with area 0 here's the dusty IP address slash and mask associated with that interface and it's currently in a wait state and that's because it didn't see any other routers on that network segment and this because we haven't enabled router one yet so after a period of time it'll figure out hey there's nobody else here it'll become a designated router because the network type is broadcast and it'll start running OSPF so let's go back to our 1 and here on our 1 we're going to do a terminal monitor because I want to see the messages as they come up and let's see here ok router we want to enable OSPF so config T router OSPF we want to enable OSPF so router OSPF process ID 1 and and the thing here is that sometimes the mistake is made and we don't want to make the same mistake the mistake is made that oh all I need to do is enable OSPF for the ones new to 16 interface here but that's not the case that's not the case because as we build this network if we want this switch or these other routers to be managed by this PC these are the routers need to route back to the 192 168 network or they guess I could use the the default route advertised by r1 but in any case to make to play it as safe as you can I'm going to include both interfaces inside of OSPF that way we're advertising this 192 168 network in our Cisco lab network so they'll have that in their routing tables so I would recommend doing that as well later if you want to peel that back you can but let's get functionality first and then we'll go ahead and sort of pull that back later alright so back at the CLI we'll do a network statement of everything area 0 all that and then we'll do the auto cost reference bandwidth set that 2000 all that says is that a gigabit interface will have a cost of 1 fast easy to have a cost of 10 instead of everything of fast ethernet and fast or all having a cost of 1 which is not correct alright so I don't see a neighbor ship so let's do show IP ospf interface brief oh it's ok oh so FA 0 0 huh oh it says BDR that looks good do I have terminal monitor on I didn't get a neighbor ship statement usually I get a oh s PF neighbor adjacency but I didn't I didn't see that at all let's did I did terminal mono - there alright yeah so oh okay all right all right as and the problems start okay this was not intended to be a troubleshooting lab but let's take a look at this out pipe this is router one on this fa 0/1 interface that's it goes over to switch one this right here says that the first number is 4 F 4 full adjacency which is a zero and then C is 4 count that's other OSPF speakers so r1 is saying that he is abd are on this network on that interface but we don't have a full of Jason see that that is a that is a problem so let's do a show IP ospf neighbor yeah so maybe if we get out of this duct state so right now what this is saying is we had a we had a video on neighbor States for OSPF and it goes something like this I t elf like and I use a little image of an IT elf at Christmas time or a holiday time handing out gifts so the states that neighbors go through on their way to becoming fully adjacent and sharing their entire lease oh there we go ok yeah they they never got they never got past X start and I lost connectivity oh well let me keep writing out here so the process is they go through an it then the 2-way then the X start and exchange we got stopped at X start and then they go to loading assuming it's working and then they get a full but I've got bigger problems so let's go ahead and sort that out we lost our connectivity yeah I'm toast I wonder why that happened let's um hmm I'm gonna close that I'm gonna reopen if you're on the console part you're set you don't have to worry about reach ability to get there let's go back to our one and huh show IP ospf here's a couple of commands for OS path so my favorites show IP protocols that shows you what routing protocols you're running so this shows our Network statement and we're gonna show IP ospf interface brief on my favorites this shows us that we are the designated router on both of these interfaces but check this out we do not have a full adjacency or with the switch so I'm gonna do terminal monitor again and let's do I don't I don't I'm just bringing this up I don't I don't know why it's not seeing a full of Chasen see huh all right this is not something you should have to do but it's my home lab here so I'm gonna do a debug of IP ospf I'm gonna do packets I can do packets um it's the adjacency that we're trying to troubleshoot so let's do a debug IP ospf adjacency and see if that tilt let's see oh oh oh oh oh okay I'm gonna turn that off because that's all I need to know undie bug all is a fast way to turn that feature off on debugging off and this says state X start we saw that and they never didn't get further than that oh it says right here look at that neighbor once into 16 1.2 hundred has a larger interface MTU and that's why it's failing Wow okay if you're if you're in a CCA lab or a CC & P lab perhaps this would be appropriate for CCNA this is oh my gosh that's lost connectivity again okay so what we need to do is well read in a moment what we need to do is I need to go and tell this interface right here to ignore the fact if for OSPF ignore the fact that the MTU the maximum transmission unit is larger and I think I said 1504 I'm just gonna go ahead and tell it I could do it or we could go to switch and set it down smaller or we could just tell 0/1 forget it don't worry about it let it go and I think he will at least that's the way it used to work let's go ahead and verify that okay all right on the road yeah that exceptions is dead will right-click here and let me see if I can do a reset terminal no it's gone all right I don't know why that's happening but it does seem to happen when the errors came up so we'll go back to putty go back to our one all right let's work quick here we want to go to interface let's leave this right here while we do it we want to go to interface FA 0/1 and I'm gonna do terminal monitor that's just so I can see the messages and let's do it IP ospf how there it is empty you ignore just like that so if that was the only problem that was causing us not to neighbor up other REO there's our full adjacency right there oh no it's not it's from down to down okay there's our full adjacency okay wasn't expecting that but there it is I can live with that and if stuff comes up like that hopefully in your environment well if it happened here on this thirty five sixty switch because the MTU is different for the VLAN interface and the router interface now you know the secret to solving that on the interface just go IP ospf MTU ignore okay now let's next go back to the switch and the switches at all right now we're in the weeds we'll go to the switches virtual interface of 172 dot 16 dot one dot 200 great I set up the vty lines on switch one so that no login is required puts me in privilege level 15 immediately so that's what I did there and let's do a show IP route look okay so we have this route 192 wants to take one which is this network right here which is great so now that this switch knows how to reach this network but it doesn't have a default route and so we want to inject a default route in OSPF as well for everything else including the internet so to do that let's go back to r1 and I'll leave this up here so I'll type in exit we'll go back to router 1 and config T router OSPF one and one way of doing this because because our one has a default route to show IP route static so there's this default route and if it has a default route weaking in the router process just do default information originated always and the always keyword you don't have to tack that on but what that says is hey mr. r1 advertise the default route if you got one that's the first part and then the always keyword says just even if you don't have one just to advertise the default route so that everything so you know where to go for anything that's not more explicit in the routing tables so I'm gonna throw on the always in case for some reason we're playing with static routes when we remove it off of r1 and now that we've done that I'm gonna do a WR it's a copy run start the old write memory command and let's also go to a switch one one thing to do that 16 dot one dot 200 and we'll do a write mem and let's do a show IP route okay and there is our OSPF route right there the default route for everything so that means that this okay so now let's take a big picture look at this because we're not done yet and this is why it's important to go through these details then you bring up my pin alright having fun getting serious so switch one if we tried to ping eight eight eight eight or did a trace to eight eight eight eight on the internet it's gonna look at its routing table it's gonna look for a detailed route a specific route for eight eight something it's not there it would default to the default route and it would forward it to dot 11 so switch would make a routing decision using r1 as the next top then r1 it would say and we can go take a look I'm gonna take off my pin there so our so r1 would say I was expecting more routes but we haven't got a lot more routes yet so r1 if it got that packet it would look for a specific route for 8 8 8 8 or any kind of a rough that matches 8 anything it's not there it would use its default route it would sent it to 192 168 1.1 which is my little home router and then my little home router would say oh you're trying to go to 8 8 8 8 it went forward through the isp let me clear us up and show you it would go ahead my home router and forward up to the isp up to 8 and then the internet and all this devices and all the routers and service providers would forward it and do other things along the way now the question is is that going to work can switch one ping 8 8 8 8 and successfully get a response and the answer is let's look at the return path and I'll let you tell me what the answer is so if we did a ping to 8 8 8 8 at this DSL box our home router is probably doing NAT or Pat so it's gonna swap out these private IP addresses either here or somewhere along the way on the internet before it gets out so if the packet makes it out and the reply comes back the reply comes back here to the home router and check out what the reply addresses it's this guy 172 dot 16 dot one dot 200 and you note your little home router says to that I don't know where that is it doesn't has no clue how to reach one 32 16 there's no at least going this direction it might think it's gonna use like out to the internet but it it doesn't know it's over here and so at that point the reply won't get back and switch 1 and your whole Cisco Network no longer that is not gonna have access to the Internet our one will because it's on this local network that the home router knows how to reach but all these guys don't so to solve that and this what we're gonna do next is well let's test it let's test a ping and verify it fails so we'll go back to switch 1 I see host is an IP host is that yeah IP host sw1 once NT 2.17 2.16 dot come on Keith 1.2 honored awesome save that reason I'm gonna do that I'm tired of type it in switches one switch once IP address so now we can do is just type it telnet to SW one or we can just type in SW one it would tell knit there now we're there to switch one okay so if we do they show we already did the route so ping 8888 yeah so that packets actually going out to the internet and it's being that along the way by either my home router or the isp going out but the reply traffic coming back when our router sees it our little home router it has no idea where the source address of once any 216 anyone is so to solve that we're gonna have to implement net and here's what we're gonna do for our nap plan and I will add this I will add this permanently on this actually make one more layer and I'll add the same because we're going to need to keep this if we want to work so let me bring out some colors and let's use let's use light blue and that'll work so from an app perspective what we're gonna do is we're gonna have this part of the network I'm not happy I'm not happy with that color I'm not happy let me change the color alright here we go so from this perspective it's gonna be for NAT this is we're gonna represent the inside and over here is going to represent the outside from this routers perspective so we can set up a NAT rule that says hey anything that is once in 2 to 16 anything qualifies for NAT this will be the inside interface this will be the outside interface and if we see traffic like that will just translate it and we'll just translate it to our IP address that's on this interface up dot 11 and then when that packet goes out the home router with the next top of dot one and goes out to the Internet after a couple layers of Matt that the service provider is going to do when the reply traffic comes back to 192 168 1 dot 11 which is an added address for switch 1 and for anybody else because we're using it was say oh I know where that is it would forward the packet back to our one who would then untranslated and forward it to our home network or to this Cisco Network so we're actually gonna use Pat port address translation this is a great exercise too if we want it to work if you don't want it to work don't do it but this is a all these pieces are good practice and employing the technologies in CCNA 200 301 so if you haven't joined our arm if you haven't yet please click on subscribe hit the alert belt I draw other Bell I dropped videos two to three times a week I add them to the master playlist there are lots of fun so I want you to enjoy them as well all right so let's involve let's invoke NAT here on r1 now I have a separate video in the playlist that goes step by step implementing inside source NAT which is what we're gonna do right here so I'm just going to implement it to verify that that's what's required get it working and then you can either go back and review the steps slowly or go back to the video and the master play this on that and enjoy it more I'll also probably make a packet tracer and a viral to lab that walks through some of the details for NAT as well viral two drops in April of this year this month and I've never been so excited for a Cisco product in my life it's gonna be great okay let's implement that the plan is we're allowing everything on the ten six one seven two sixteen one that work to be actually oh you know what let me tweak this while we're here this is the one sin to do sixteen one network so maybe out here this is also VLAN one that would work and then this could be VLAN two and this could be van three I thought oh no I've got these Network in the same place but they could be part of the same VLAN so this could be V then one and this could be doing one I'll leave it let's implement that and to do that will bring up the CLI and I will let us see the picture here that way we can see the graphic as we can figure it and let's create an access control list that identifies who can be translated so access list one permit and we're gonna say 172 dot 16 anything so our wildcard mask will be actually it's a wild-card bit at this point wildcard bits will be 0 0 25 25 which means anything that starts with once into 2:16 qualifies for net and will press ENTER boom done will tell r1 that FA 0 0 is the outside interface for NAT IP net outside will tell this router that the inside interface is FA 0 / 1 I P net inside like that and then we'll set up a rule that says this IP net inside source list if a traffic coming in on an inside interface matches access this one which is looking for 172 16 anything go ahead and translate them to I don't have a pool of addresses we're gonna use the one IP address on the interface of our one with the which is this interface right here all right this interface right here so IP not inside source list one interface NNSA FAS 0/0 and i scooch this over so you can see this as well because the next part we're gonna put in is overload which means do it again and again you can put hundreds thousands even of IP addresses to that one IP address and port address translation will come to the rescue to keep all those sessions unique so there's that again check out the master playlist for more details on that as well as OSPF as well as VLANs and SB is which virtual interfaces as well ok so now that's done let's do a show that statistics it's a great way to see the kind of details so the outside interface is FA 0 0 inside interfaces fa 0 / 1 there's the access control list great and let's go back to switch 1 and let's try going to the internet yeah okay so let's do a to a trace out to 8.8.8.8 yeah yeah it's freaking amazing how fast things work I mean this is a router this switch is going through a router that's then going through my home network which is then going to the service provider going through a couple levels of nap there or Pat whatever they're doing and then city out to the Internet and if we let's do that again a Cisco router uses UDP at layer 4 when it does a trace command and so if we went back to our 1 and I'll just type in exit to get there we could also swap between sessions but just to show IP NAT translations and yeah that's a lot because we had 3 you have 3 for each hop in the past so there's our are translated so we also have another video which is I thought a lot of fun about inside local and outside local and outside global and inside glow what do they mean well I think it would be good for a review real quick right here because it only take a moment we got it right here in front of us anywhere it says local I want you to think of a user on the inside somewhere over here that is a looking at the IP addresses so from the inside user the local user thinks that the inside address is 1 32 16 1 dot 200 which is the IP address on SBI 1 it's really is and it thinks we're going to the outside address of 8 8 8 8 which is literally true but that's it the perspective from the inside looking at those addresses if we used a different color to help visually separate these and I will go for let's go for green if we went we're looking at this from the outside the word global is from the perspective of the outside somebody out here looking at the addresses involved so from the outside they think oh this packet is destined to 8 8 8 8 which it was that's because we were not doing destination that we're we didn't translate the outside address so it's gonna be the same one same from the perspective of the inside or the outside but from the output outsides perspective if we went right now and said hey Google who do you think's I do you think the IP address was that was making that request it's right here the global from the global from the outside position I think oh that inside address looks like it came from 192 168 1 dot 11 now that address know this it went through several layers of NAT as it proceeded through my cable modem and the Internet service provider but that's it a quick review our discussion about Larry's local was it looks like from the inside G is for Google or some global company saying what is its IP address what are the addresses appear as from its outside perspective and from this router that's the dividing line from the inside perspective where do things look like as far as the IP addresses and here from the global perspective what are the IP addresses look like local is the appearance from the left global is the appearance from the right the outside and I think that worked actually I'm sure it worked it good we just we just did it so in this video I wanted to share with you wow we got everything at least we can show you when those routing oh no no stop the truck Keith there's what there's one other important aspect I want to share with you let's do it right now and that is this if we want this PC so at the moment I'll let me undo that then you get up my other pin there we go so if we want this PC right here to be able to reach switch one directly at once into 216 one this switch one knows how to get to this network where the PC is but the PC does not know how to get to 170 216 at all and we might have 150 216 the one subnet for VLAN 1 and 2 for VLAN 2 & 3 4 vm 3 and so forth so what we could do is create a static route on this PC that expresses or says how to get to those additional how to get to those additional VLANs and I'm sorry I think so if we we we could create as my brain was like going three levels deep this PC we need to set up a static route this says hey dear mr. PC to get to one sitting 216 anything go ahead and use dot 11 as your next top so it can make correct routing decisions otherwise it'll be try to send routes out to the dot one addresses default gateway which will then never reach over here so that one that step is important if you want this PC to be able to directly manage your other devices in this network so let's let's do that so I'm gonna bring up the command prompt and here is the command prompt and this is on my local PC here at dot 254 and let's do a show I'm just gonna do a route print so route print is a command you can do on a Windows computer to verify and see the entire routing so the lots of good lots of information going on here's my default route that says the default next-hop default gateways 190 wants to see it 1.1 here's how we can add another static route that says use double Evan I'll scooch is over to the right a little bit and I'll speak this as we do it so it's route ad I think oh yeah I need to do it from a privileged prompt that has admin admin rights so I'm going to go to so just gonna grab my command prompt right click to say run as administrator because I'm gonna need this so I can actually add a static route on my local PC so here is the syntax route okay route enter I just want to see the syntax so we're gonna do a route where as ad all right there okay so here's the syntax route ad we want to go to one 32.16 anything so we use a mask of 16 bits so that route will cover 1 2 to 16 1 to 5 anything that begins with once into 16 and then the next hop address is going to be the router here at 192 dot 168 1 dot 1 1 1 excuse me 111 they switch this over a little more so we can see it then the problem is oh and it's a good one the problem now is that if we had this route and then we reboot our Windows machine that loses the route so we're gonna add the dash p option at the very end and the dash p says hey please keep this as a persistent route so the next time I reboot I will remember it not a bad idea let's do it so we'll just add the - P Oh bad argument route ad oh I forgot the keyword mask ok mas que alright so then after I've added that route was a show or a show too many cisco commands route print again and take a look at this in the persistent route section it now has a route for 172 16 anything with the next top of 192 168 1 dot 11 which is our router so the last step is to vary by this let me go ahead and close putty bye-bye putty will open up a new putty session and I guess we could all see this ping I'm going for the home run here that was too uh not that I don't have the SSH enabled on switch one but we can tell knit over there and it is 170 2.16 dot one dot 200 I'm going to call that switch one I'm going to save it and then I'm going to go ahead and load it and open it once that you 1.2 hundred okay maybe I did something wrong all right we're gonna troubleshoot this live I'm gonna close that session at my command prompt let's see if I can ping 172 16.1 dot 200 I can't ping it once he I I wonder I don't know why not I don't know I thought okay we'll do all this lab we'll connect it all but I really would like this piece to work so let's find out what's going on let's bring back putty I'm gonna go directly to switch one actually I'm gonna go to r1 and hop over to switch one show IP route it has a route to 192 168 1 which is where my PC is let's see if it can ping oh it shouldn't let's see if I can pee my default oh we know that this switch is good to go as far as connectivity we're ready to trace out to the Internet yep and you bring that up with it so you can read it hey Keith okay how did that have that 20 minute video trying to afford him in a video story of my life computer networks all right let's do this let's do a it's just to a ping to 192 dot once the eight dot one dot this is a good trick eleven which is the router and we'll with just our one and we'll go to dot one which is a my Google Wi-Fi home router so why is it my PC maybe my my sessions is messed up let's go back to so it's not a routing issue switch one knows how to route to the 192 wants to see it one network this is my PC having grief so let me exit out of here eggs it out of here I'll bring up and let me start up a new session maybe I just rushed it so this is putty and I'm going to use telnet to 170 2.16 dot one dot and the replay off to go back like what did I go to the wrong address about two hundred telnet I'm not going to change any other settings open oh I'm connected why is it not holy spumoni so I'm actually connected my terminal isn't working all right I'm gonna do one more Hail Mary here I'm gonna go back here take my r1 load it I'm gonna say instead of connecting to 192 168 1 dot 11 I'm gonna take those settings everything else in this terminal session with putty and I'm gonna go to Wow and it has a route okay so once 2.16 dot one dot 200 open holy spumoni I am connected yeah okay well I say we troubleshoot this it's gonna be a little longer if you want to cut off now and work on your lab that's great I am very curious as to why I can't get there from my PC ipconfig unless I put the wrong route in her salon I'm connected so I am on the one thing if she wants to date one network I'm at dot 254 I've got firewall services enabled so it should be able to pay me I'm going to turn off my firewall services for a moment just gonna go firewall I'll turn me back on after check firewall status and I'm gonna go ahead and say turn it off turn Windows not Defender a firewall back okay all right off off okay that's why see if I can ping from switch one two this this computer I'm on the same network that should be a problem all right let's go ahead and spring up putty I'm going to good r1 that's our one from there I'm gonna go to switch one let's just show run real quick here on the look of these vty lines but I'm connected from our one on the vty lines that is so weird I have got no login on those I wonder if it's something coming from a non-local network okay let's do a ping to 192.168.1.2 54 yeah okay so I've got a connectivity I turned off the firewall so that would respond to the pings why is it that I cannot see right now I'm connected from the router I've got connectivity back to my PC why is it that my PC can't tell that directly over to the switch I don't know okay I'm gonna try one more time here I want to go to 170 2.16 dot one dot 200 I want to use telnet on default port TCP 23 take to save open let's uh it couldn't be my settings could it along sorry Syd terminal alright Wow why can I cannot why can I not connect there I wonder if it's something local so here's what I'm going to do it is so weird that I cannot have connectivity but I can't login from this PC I really want to I really do by the way I really want to so [Music] a couple things I'm thinking of because I have like no login on the switch I'm thinking are there any kind of weird parameters for telnet that allows from local networks because it works from r1 it just doesn't work from switch one but it's not refusing the connection I'll say let's do this let's do this let me oh oh I I did this to myself this is fantastic here's what I think's happening here's I think alright here's what I think is happening I think that this PC is initiating a connection to that switch at 170 216 1.2 honored that's true and when the replies coming back r1 is doing network address translation on that to its own IP address so this PC is expecting an IP address from switch 1 coming back when what it's getting is it's getting a reply from this IP address on this interface as it's going through NAT one direction and that's what's happening oh my gosh I was not expecting that so how do we fix that we could do conditional NAT I suppose okay here's here's how I'm going to fix it in the short-term there are some options to do conditional nap based on policy like where is the traffic going to net or not NAT but here's what I'm going to do I'm gonna do I'm gonna remove the dynamic NAT I'm gonna put a static network address translation for switch 1 right here on r1 and then we'll do a telnet to that IP address that'll work yeah let's do that Wow dang and also the way we could have verified that is if we do that again that command that connection like a bulldog don't want let go don't let go so if we got a router 1 for a moment and we go to yeah I got a router 1 let me open up a session again our try to open a session um let me move out of the way all right now the troubleshooting lab courtesy of how the network works and this so I'm gonna put a new session that's gonna try to go out to the switch and so it's failing and on our one of you just show IP NAT translations ya see that it's translating 23 that's telling it TCP port 23 is translating that back to its own interface address and that's why I'm getting this response from a device I wasn't asking for alright now we know what the problem is let's go ahead and solve it right here on our one config T no IP net let's do this do show run knots no do show run include source I just want to get the source access list and remove it I will do the know and boom do you wanna bleed all entries yes I do and then let's just do a static translation I totally caused this I was like yeah so this will solve it I believe so IP that inside source yeah we can use a route map and get very specific on when we want the translation to happen but I'm just going ahead IP net inside source static and we'll map the address of 170 2.16 dot one dot 200 and we'll map that to the global from the outside perspective we'll map that to one ninety two dot one sixty eight dot one dot let's use two hundred again I say I say the last octet of two hundred so we're gonna map switch one it's VLAN one interface of once using one to two hundred to the outside or to my local home network address of one thing if you wants to get one about two hundred and it's done sharpie net translations okay so there's our hard-coded translations it's not in use yet is sitting there ready but we haven't done any traffic and now if we go back to another session of putty and we go to switch actually I need to change this I'm gonna load it so we no longer when I connect to 116 one dot two hundred we now want to connect to one ninety two dot one sixty eight dot one 200 because that's the aesthetically mapped address from our perspective on the outside and open and there's our prompt right there switch one up about time all right that's a lot of fun the last piece with NAT I wasn't expecting that I thought well just NAT it and it'll be great but the reality is that we were connecting from PC over to the IP address and the response because it was being added for the reply of that traffic was coming to the other address and so now we're connecting to it at it's mapped address and we are good to go all right well looking at the clock that was a lot longer than I thought it would be hey I'm glad you join me if you enjoy networking which I do and you want to join me at Keith Parker up on YouTube for our focus on the technologies all these by the way are technic sep for the conditional netting all these are representative of the technologies associated in Cisco CCNA 200 301 also if you're looking for a formal course that covers every Bell and whistle from soup desert of course we have CBT Nuggets with 52 hours of training there it's done by Chuck Network Chuck Anthony Network Chuck Jeremy Chara and myself it also includes labs and everything else also stay tuned on this channel if you liked it or learn something or you want to follow me more click on subscribe hit the alert bellow see you know when new alerts come in our new videos are dropped I also add new videos and labs probably two to three times a week fairly consistently and I'm going to continue doing so also after the premieres happen I record them like this one and I'll premiere it in a certain time so I can sit there and watch it with you and chat I also often if I'm available will often have a voice call afterwards we can chat about it ask questions and discuss it in discord on the discord server so I'll put links for the discord at the bottom as well so you can join that if you like alright I have taken longer than I intended to for this but I wanted to thank brendlin and the other individuals involved on discord when they're asking me out this question and getting it up and running and I thought that everybody a lot of people could vote a see value in implementing all these pieces to get it working including the net right hey thanks everybody and I'll see you in the next video bye for now [Music]
Info
Channel: Keith Barker
Views: 16,121
Rating: 4.9616857 out of 5
Keywords: ccna, cisco, 200-301, Cisco CCNA, Cisco Certification, ogit, Keith Barker, cisco home lab setup, cisco home lab 2020, build cisco home lab, cisco ccna home lab, cisco ccna home lab setup
Id: mBKpwmHk-fk
Channel Id: undefined
Length: 63min 2sec (3782 seconds)
Published: Sun Apr 05 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.