PT 5.4.

Packet Tracer - Explore a Simple Network (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Addressing Table
Device Interface IPv4 Address Subnet Mask Default Gateway

R1 G0/0/0 209.165.200.225 255.255.255.248 N/A

R1 N/A

G0/0/1 10.1.1.2 255.255.255.252

R3 G0/0/0 10.2.2.2 255.255.255.252 N/A
R3 N/A

G0/0/1 172.16.3.1 255.255.255.0

FIREWALL VLAN1 192.168.1.1 255.255.255.0 N/A
FIREWALL N/A

VLAN2 209.165.200.226 255.255.255.248

FIREWALL N/A

VLAN3 192.168.2.1 255.255.255.0

DEVASC Server NIC IN: 192.168.2.3 255.255.255.0 192.168.1.1
DEVASC Server

VLAN1 OUT: 209.165.200.227 255.255.255.248 209.165.200.225

Example Server NIC 64.100.0.10 255.255.255.0 64.100.0.1
PC-A NIC 192.168.1.2 255.255.255.0 192.168.1.1
PC-B NIC 172.16.3.2 255.255.255.0 172.16.3.1

Note: You will add PC-A and PC-B to the topology in Step 1.

Objectives
Part 1: Add PCs to the Topology
Part 2: Test Connectivity Across the Network
Part 3: Create a Web Page and View it
Part 4: Examine the FIREWALL Access Lists

Background / Scenario
Packet Tracer is a great tool for building and testing networks and network equipment. As a developer, it is
important that you are familiar with network devices and how they communicate with each other. The simple
network in this Packet Tracer activity is pre-configured to give you an opportunity to explore the devices.
Note: In this activity, the two web servers are referred to as DEVASC Server and Example Server. In the
topology, they are named with their URL: www.devasc-netacad.pka and www.example.com.

Instructions

Part 1: Add PCs to the Topology

In this Part, you will add PCs to the topology and configure them with IPv4 addressing.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 4 www.netacad.com
Packet Tracer - Explore a Simple Network

Step 1: Place the PCs and connect them to the network.

Note: Device names are case-sensitive. If you use a different case or different name, your score will be
impacted.
a. Drag a PC to the work area and place it near S2.
b. Rename the PC as PC-A.
c. Drag a PC to the work area and place it near S3.
d. Rename the PC as PC-B.
e. Connect a Copper Straight-Through cable from the FastEthernet0 port a PC-A to any available
FastEthernet port on S2.
f. Connect a Copper Straight-Through cable from the FastEthernet0 port a PC-B to any available
FastEthernet port on S3.

Step 2: Configure the IPv4 addressing for the PCs.

a. Click PC-A.
b. Click Desktop.
c. Click IP Configuration.
d. Assign the following IPv4 addressing information:
IPv4 Address: 192.168.1.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
e. Repeat this for PC-B, but use the following IPv4f addressing information:
IPv4 Address: 172.16.3.2
Subnet Mask: 255.255.255.0
Default Gateway: 172.16.3.1
f. In the Instructions window for this activity, your completion percentage should be 100%. If not, click
Check Results to see which required components are not yet completed. The rest of this activity is not
scored.

Part 2: Test Connectivity Across the Network

a. Click PC-B.
b. Click Command Prompt.
c. Attempt to ping R3. Type ping 172.16.3.1 (your default gateway).
You may have to issue the command a couple of times, but you should start receiving replies from the
router.
d. Ping the Example Server at the 64.100.0.10 address.
You may have issues initially as the network converges. Repeat the ping if necessary. Now you know you
have connectivity through the internet.
e. Ping the DEVASC Server at the 209.165.200.227 address.
You may have issues initially as the network converges. Repeat the ping if necessary. Now you know that
you have end-to-end connectivity across the network topology.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 4 www.netacad.com
Packet Tracer - Explore a Simple Network

Part 3: Create a Web Page and View it

In this Part, you will create a simple web page on the DEVASC server and then verify that PC-B can access
the web page.

Step 1: Create a web page.

a. Click the Server-PT www.devasc-netacad.pka server.
b. Click Services.
c. Under Services, you default to the first service, which is HTTP. Click New File.
d. Name the file index.html.
e. Packet Tracer understands basic Hypertext Markup Language (HTML). Place the following html code in
the box below the file name. If you know HTML, feel free to customize the code.
<html>
<center><font size='+2' color='blue'>DevNet Associate</font></center>
<hr>Welcome to the NetAcad DEVASC course!

f. Click Save. Click Yes to the warning.

Step 2: View the web page.

a. Click PC-B.
b. Click Desktop. If necessary, close the Command Prompt window.
c. Click Web Browser.
d. Place the following address in the URL box: http://209.165.200.227.
Your web page should display. If not, check your configurations, and try again.

Part 4: Modify the FIREWALL Access List

In this Part, you will examine the access list of the FIREWALL device, edit the access list, and test that the
FIREWALL now denies ping access.

Step 1: Examine the access list on the FIREWALL device.

a. Click FIREWALL
b. Click CLI.
c. Press Enter a couple of times to get a prompt.
d. Type en and press Enter.
e. There is no password. Press Enter again.
f. Type show run and press Enter.
g. Press the space bar to scroll through the running configuration.
h. Notice the following access-list:
access-list OUTSIDE-DMZ extended permit icmp any host 192.168.2.3
access-list OUTSIDE-DMZ extended permit tcp any host 192.168.2.3 eq www

Host 192.168.2.3 is the internal IPv4 address of the DEVASC server in the DMZ.
• The first access-list statement allows any device to access to the server using Internet Control
Message Protocol (ICMP), which is the protocol used by the ping command.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 4 www.netacad.com
Packet Tracer - Explore a Simple Network

• The second access-list statement allows any device to access the server using Hypertext Transfer
Protocol (HTTP), which is the protocol used by web browsers.
i. If necessary, press the space bar until you are at the command prompt.
FIREWALL#

Step 2: Modify and test the effectiveness of the access list.

Typically, you do not want the outside world to be able to ping your internal servers. Therefore, you should
remove the access-list statement that explicitly allows ping access.
a. Enter global configuration mode with the configure terminal command.
FIREWALL# configure terminal
b. Remove the access-list statement that permits ping with the following command and press Enter.
Note: The command is on one line although it may word wrap in the terminal
FIREWALL(config)# no access-list OUTSIDE-DMZ extended permit icmp any host
192.168.2.3
c. From the Command Prompt on PC-B, ping the DEVASC Server outside IPv4 address. The ping should
now fail.
d. From the Web Browser on PC-B, access the DEVASC Server web page at http://209.165.200.227. You
should still see the web page as you did not remove this access-list statement that allows HTTP access.
End of document

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 4 www.netacad.com
 PT 5.5.7

Packet Tracer - Explore Network Protocols (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Addressing Table
Device Interface IPv4 Address Subnet Mask Default Gateway

R1 G0/0/0 209.165.200.225 255.255.255.248 N/A

R1 N/A

G0/0/1 10.1.1.2 255.255.255.252

R3 G0/0/0 10.2.2.2 255.255.255.252 N/A
R3 N/A

G0/0/1 172.16.3.1 255.255.255.0

FIREWALL VLAN1 192.168.1.1 255.255.255.0 N/A
FIREWALL N/A

VLAN2 209.165.200.226 255.255.255.248

FIREWALL N/A

VLAN3 192.168.2.1 255.255.255.0

DEVASC Server NIC IN: 192.168.2.3 255.255.255.0 192.168.1.1
DEVASC Server

VLAN1 OUT: 209.165.200.227 255.255.255.248 209.165.200.225

Example Server NIC 64.100.0.10 255.255.255.0 64.100.0.1
PC-A NIC DHCP Assigned 255.255.255.0 192.168.1.1
PC-B NIC 172.16.3.2 255.255.255.0 172.16.3.1

Objectives
Part 1: Configure DNS
Part 2: Configure DHCP
Part 3: Configure NTP
Part 4: Use SSH to Configure a Switch
Part 5: Use SNMP
Part 6: Configure HTTPS
Part 7: Configure EMAIL
Part 8: Configure FTP

Background / Scenario
Many services run on networks behind the scene to make things happen reliably and efficiently. As a
developer, you should understand what services are available and how they can help you. You should also
understand the basics of how the most useful and popular services are configured. In Packet Tracer, these
services are simulated and the configuration is simple and straightforward. However, Packet Tracer does a
very good job at simulating the actual traffic. As you work through this lab and send traffic, we encourage you
to switch to Simulation mode to explore the contents of the various types of packets that the network is
generating.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

Note: Packet Tracer does not grade everything you do in this activity. However, you should be able to verify
your configurations by following the steps. At the end of the activity, your completion percentage should be
100%.
Note: In this activity, the two web servers are referred to as DEVASC Server and Example Server. In the
topology, they are named with their URL: www.devasc-netacad.pka and www.example.com.

Instructions

Part 1: Configure DNS

All of the hosts on a network are assigned an IP address. The IP address can be an IPv4 address, and IPv6
address, or both. This includes all of the hosts on the internet too. But you do not use their IP address to
communicate with them. You use common names such as cisco.com. Domain Name System (DNS) is the
service that automatically translates the common, easy to remember names into IP addresses so that
communication can take place between devices. In this Packet Tracer activity, the devices are using IPv4
addresses.

Step 1: Configure a local DNS server.

a. Click the Corporate server.
b. Click Services.
c. Click DNS.
d. Click the On radio button to turn on DNS Service.
Now that DNS has been enabled, you will need to provide the information for all of the hosts on the
network(s) to which you would like to translate their name to an IPv4 address.
e. In the Name box, type www.example.com.
f. The IPv4 address of the server is 64.100.0.10. In the Address box, type the IPv4 address.
g. Click Add.
You will now see an entry that shows the hostname and IPv4 address of the Example Server. This is
where DNS will look for the hostname and return the IPv4 address of that host to any device that requests
it.

Step 2: Configure and test the use of a local DNS server.

a. Click PC-A.
b. Click Config.
c. In the DNS Server box, type the IPv4 address of the Corporate DNS server: 192.168.1.3.
Now when PC-A uses common hostnames, it will send out a DNS request for the IPv4 address of the
host with that name.
d. Click Desktop > Command Prompt.
e. Ping www.example.com. The ping may not work the first time, or even the second, as the network
converges. But by your third attempt, it should succeed. Notice that the very first line of the output shows
that PC-A is using the right IPv4 address for the Example Server.
Packet Tracer PC Command Line 1.0
C:\> ping www.example.com

Pinging 64.100.0.10 with 32 bytes of data:

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

Request timed out.

<output omitted>

C:\> ping www.example.com

Pinging 64.100.0.10 with 32 bytes of data:

Reply from 64.100.0.10: bytes=32 time=3ms TTL=125

<output omitted>

C:\>

Note: There is a known issue with Packet Tracer’s implementation of the FIREWALL. You will not be able
to access the web servers from PC-A. However, PC-A will be able to send and receive email through the
Example Server later in the activity.

Step 3: Configure and test the use of a remote DNS server.

PC-B does not have a local DNS server. Therefore, it will use the Example Server as its DNS server.
a. Click PC-B.
b. Click Config.
c. In the DNS Server box, type the IPv4 address of the Corporate DNS server: 64.100.0.10.
d. Click Desktop > Command Prompt.
e. Ping www.example.com. The ping may take a few seconds, but it should be successful.
f. Ping www.devasc-netacad.pka. The ping may not work the first time, or even the second, as the
network converges. But by your third attempt, it should succeed.
g. Close the Command Prompt window and click Web Browser.
h. Enter www.example.com in the URL field and click Go. You should now see the Example.com web page
displayed in the Web Browser.
i. Enter www.devasc-netacad.pka in the URL field and click Go. You should now see the DEVASC server
web page displayed in the Web Browser.

Part 2: Configure DHCP

Manual configuration of IPv4 addresses is fine for very small networks, but on larger networks it is necessary
to automatically provide IPv4 addressing to devices when they connect to the network. Dynamic Host
Configuration Protocol (DHCP) provides this service. It is also convenient when devices are moved because if
they move to a different subnet, they will get a new address and be able to communicate with other hosts.
Another great feature abut DHCP is that it automatically sets not only the IPv4 address for a host, but also the
subnet, default gateway, and DNS server address. This makes it very easy for multiple pieces of information
to be configured on hosts automatically.

Step 1: Configure DHCP on the Corporate server.

Note: Your Completion percentage will not increase until you click Save at the end of this step.
a. Click the Corporate server, then Services, if necessary.
b. Click DHCP.
c. Click the On radio button to turn on the DHCP Service.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

You will now define a pool of IPv4 addresses that you wish to assign to hosts. You will use IPv4
addresses in the 192.168.1.0 subnet. You cannot use the address of 192.168.1.1 because it is already in
use by the FIREWALL interface. You also cannot use the Corporate server address of 192.168.1.3. In
addition, it is a good practice to leave some addresses free for statically assigning to servers or other
devices where you want their address to remain the same.
d. The Pool Name is currently serverPool. Do not change it.
e. For Default Gateway, enter the IPv4 address of the INSIDE interface of the FIREWALL: 192.168.1.1.
This will provide each DHCP host a route to other networks.
f. For DNS Server, enter the IPv4 address of the Corporate server: 192.168.1.3.
This will provide each DHCP host an address to use to send DNS messages.
g. For Start IP Address, use 192.168.1.10.
This provides for a few statically-assigned devices on the network in the future.
h. For Subnet Mask, use 255.255.255.0.
i. For Maximum number of users, enter 245, the remaining amount after setting 10 aside.
j. Click Save to overwrite the default serverPool name.

Step 2: Test the DHCP configuration.

a. Click PC-A.
b. Close the Command Prompt, if it is still open.
c. Click IP Configuration.
d. Click DCHP.
This may take a little time, but you should be supplied with an IPv4 address from the router outside of the
first 10 addresses. You should also see the subnet mask, default gateway, and DNS server all supplied
for you automatically.

Part 3: Configure NTP

The clock on a router or a switch is important for managing, securing, and troubleshooting networks. Even on
small networks, it is important to synchronize the time across all devices. Trying to do this manually is almost
impossible especially for large networks. Network Time Protocol (NTP) can be used to synchronize the time
on each device by receiving it from an NTP server, ensuring that the times are all the same.

Step 1: Turn the NTP service on.

a. Click the Corporate server.
b. Click Services.
c. Click NTP.
d. Click the On radio button next to Service.

Step 2: Investigate NTP on S2.

S2 has already been configured to use the Corporate server as its NTP server.
a. Click S2.
b. Click CLI.
c. Press Enter to get a command prompt. The enter privileged EXEC mode with the enable command. Use
cisco as the password.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

S2> enable
Password: <cisco>
S2#
d. Display the current time and date using the show clock detail command. Notice that the time is set by
hardware and is not accurate.
S2# show clock detail
*0:3:44.318 UTC Mon Mar 1 1993
Time source is hardware calendar
S2#
e. You can manually configure the time with the clock command. However, a better practice is to use an
NTP server. Enter global configuration mode with the configure terminal command.
S2# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
S2(config)#
f. Configure S2 to use the Corporate server as its NTP server. Exit global configuration mode and verify S2
is now using NTP. Your time and date should now be accurate.
S2(config)# ntp server 192.168.1.3
S2(config)# exit
S2# show clock detail
14:1:26.216 UTC Thu May 21 2020
Time source is NTP
S2#
Note: It may take some time before the source is updated to NTP. You can click Fast Forward Time (the
double arrow button) to speed up the simulation.

Part 4: Use SSH to Securely Access a Switch

Secure Shell (SSH) is a protocol that is used to encrypt communication between a client and a host. SSH is
the preferable connection type because it is secure in comparison to Telnet. SSH has already been
configured on S2.
a. Click PC-A. Close IP Configuration, if necessary.
b. Click Desktop > Command Prompt.
c. Attempt to establish an insecure Telnet session to S2.
C:\> telnet 192.168.1.4
Trying 192.168.1.4 ...Open

[Connection to 192.168.1.4 closed by foreign host]

d. S2 denies your request because it is configured for SSH access only. Enter the command ssh and press
Enter to see how to use the command. Note that the option is a lowercase L, not a number 1.
C:\> ssh
Packet Tracer PC SSH

Usage: SSH -l username target.

C:\>

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

e. Attempt to establish an SSH connection to S2. The password is cisco.

C:\> ssh -l administrator 192.168.1.4

Password:

S2>

You can now securely configure S2.

f. You are now accessing the command line for S2 over a secure connection. Enter global configuration
mode with the enable command to verify you can configure the switch remotely. Use cisco as the
password. Then enter exit to terminate the SSH session.
S2> enable
Password:
S2# exit

[Connection to 192.168.1.4 closed by foreign host]

C:\>

Part 5: Investigate SNMP MIB Object IDs

Simple Network Management Protocol (SNMP) can be used to get and set variables related to the status and
configuration of network hosts like routers and switches, as well as network client computers. The SNMP
manager can poll SNMP agents for data, or data can be automatically sent to the SNMP manager by
configuring traps on the SNMP agents. In this part, you will retrieve the Management Information Base (MIB)
Object ID codes to learn the details of the messages using the MIB browser.
Cisco devices use community strings to authenticate access to the Management Information Base (MIB). This
is where all of the information about the device is stored. A community string is simply a plaintext password.
Community strings can be either read-only (ro) or read-write (rw). These community strings have been
created for you on R3 so that you can investigate the MIB.
Note: Although SNMP can be programmatically accessed to managed the network, more sophisticated tools
are now available, as you will see in the rest of this course. However, SNMP has a large install base in
networks today and will continue to be a valuable management tool for the foreseeable future.
Follow these steps to investigate the simulation of SNMP in Packet Tracer.
a. Click PC-B. Close Web Browser, if necessary.
b. Click MIB Browser.
c. Enter the address of R3 in the Address field: 172.16.3.1.
d. Click Advanced.
e. Enter read in the field for Read Community.
f. Enter write in the field for Write Community.
g. Change the SNMP Version to v3.
h. Click OK.
i. Click the arrow next to MIB Tree to expand the tree.
j. Click the arrow next to router_std MIBs.
k. Continue expanding the tree until you reach .mgmt.
l. Expand .mgmt.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

m. Continue expanding the tree until you reach .system.

n. Expand .system. You may need to make the window wider at the point. You can also grab the middle bar
between the MIB Tree on the left and the Result Table on the right.
o. Click .sysName.
p. Click the GO button.
You will now see the Value of the object is R3. You can look at other objects in the MIB such as the
interfaces on the router.
q. Expand the tree .interfaces > .ifTable > .ifEntry > .ifOperStatus and click GO.
You will see that two of three interfaces are up. You can now easily query anything about the router.

Part 6: Configure HTTPS

When you connect to a server using HTTP, you connect and assume that it is the correct server. The data
transferred between you and the server is sent in plaintext, so if anyone captured that data, they could read it
and manipulate it. Normally, this isn't a problem if you are simply browsing the internet. But if you are creating
an account, accessing an account, or providing any personal information, it can be captured and used by
someone else. Secure HTTP (HTTPS) adds a layer of security by encrypting the connection between you and
the server. A site must posses a security certificate from a trusted source, to verify that the site is legitimate.
Your browser checks that the certificate is valid and from a trusted source before connecting you to the site.

Step 1: Open your web page from a PC.

a. Click PC-B.
b. Click Desktop.
c. Click Web Browser.
d. Enter www.devasc-netacad.pka in the URL box and click Go. You verified access earlier. However,
after you click Go, notice the protocol is HTTP (http://).

Step 2: Examine the FIREWALL.

a. Click FIREWALL.
b. Click CLI.
c. Press Enter.
d. Enter enable and press Enter.
There is no password, so press Enter.
e. Enter show run and press Enter.
f. Use the space bar to scroll through the firewall configuration.
Notice the following two configurations in the OUTSIDE-DMZ access-list:
<output omitted>
access-list OUTSIDE-DMZ extended permit icmp any host 192.168.2.3
access-list OUTSIDE-DMZ extended permit tcp any host 192.168.2.3 eq www
access-list OUTSIDE-DMZ extended permit tcp any host 192.168.2.3 eq 443
<output omitted>

The line with www allows port 80, which is unsecured HTTP traffic. The line with port 443 allows port 443,
which is secured HTTP (HTTPS) traffic.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

g. Remove the access-list statement that allows unsecured HTTP traffic on port 80. Enter the no version of
the access-list statement as shown below. The command will wrap to the next line, but do not press Enter
until you have completed the full command.
FIREWALL# configure terminal
FIREWALL(config)# no access-list OUTSIDE-DMZ extended permit tcp any host
192.168.2.3 eq www
FIREWALL(config)#

Step 3: Configure HTTPS.

a. Click the DEVASC Server.
b. Click Services > HTTP. Notice that HTTP is set to On, but HTTPS is Off.
c. Turn HTTP off and turn HTTPS on. Even though the FIREWALL will no longer allow HTTP access, it is
best practice to also configure the server to only allow HTTPS.
d. Click the radio button for HTTPS to turn it On.

Step 4: Verify HTTPS configuration.

a. Click PC-B.
b. Close the MIB Browser, if necessary. Click the Web Browser to reopen it.
c. Verify PC-B can no longer access www.devasc-netacad.pka using HTTP. After a few seconds, you
should get a Request Timeout message. Click Fast Forward Time to speed this up.
d. Change http to https and click Go. You should now see the web page.
https://www.devasc-netacad.pka

Part 7: Configure EMAIL

Email clients use Simple Mail Transfer Protocol (SMTP), port 25, to send email to a server. SMTP is also
used to send email between servers. Email client uses Post Office Protocol 3 (POP3), port 110, to retrieve
mail from the server.

Step 1: Configure the EMAIL server.

a. Click the Example Server.
b. Click Services.
c. Click EMAIL.
d. Turn on both SMTP and POP3 services.
e. Enter www.example.com in the Domain Name box.
f. Click Set.

Step 2: Create users.

a. In the User box, type Student1.
b. Enter class for the password.
c. Click the plus (+) box to add the user.
d. Repeat this step to add a user called Student2 with the same password.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

Step 3: Configure the clients.

a. Click PC-A.
b. Click Desktop.
c. Click Email.
d. Enter the following information:
Your Name: Student1
Email Address: [email protected]
Incoming Mail Server: 64.100.0.10
Outgoing Mail Server: 64.100.0.10
User Name: Student1
Password: class
e. Click Save.
f. Repeat this configuration on PC-B replacing Student1 with Student2.

Step 4: Send and receive Email

a. On PC-B, open Email if it is not open.
b. Click Compose.
c. Fill in the following information:
To: [email protected]
Subject: Email
In the message box, type a message to Student1 such as "How are you?"
d. Click Send.
e. On PC-A, open Email if it is not open.
f. Click Receive. This may take a little time and a few tries to complete.
g. Double-click the message when it arrives to read it.
h. Click Reply.
i. Enter a response to the email and click Send.
j. Click Send.
k. Return to PC-B, click Receive to read the reply.

Part 8: Configure FTP

File Transfer Protocol (FTP) is a commonly used application to transfer files between clients and servers on
the network. The server is configured to run the service where clients connect, login, and transfer files. FTP
uses port 21 as the server command port to create the connection. FTP then uses port 20 for data transfer.

Step 1: Configure the server.

a. Click the Corporate server.
b. Click Services.
c. Click FTP.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 9 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

d. Click the On radio button to turn on the FTP service.

e. In the Username box, type Student.
f. In the Password box, type class.
g. Check all of the boxes below these fields to set the user permission to allow write, read, delete, rename,
and list.
h. Click Add.
Note: At this point, your completion percentage should be 100%. If not, click Check Results to see which
required components are not yet completed. The rest of this activity is not graded.

Step 2: Use the FTP service.

a. Click PC-A.
b. Click Desktop.
c. Click Command Prompt.
d. Enter dir to see the files on the PC.
C:\> dir
Volume in drive C has no label.
Volume Serial Number is 5E12-4AF3
Directory of C:\

2/6/2106 23:28 PM 26 sampleFile.txt

26 bytes 1 File(s)
C:\>

e. FTP to the Corporate server IPv4 address.

C:\> ftp 192.168.1.3
Trying to connect...192.168.1.3
Connected to 192.168.1.3
220- Welcome to PT Ftp server
Username:

f. Enter the username and password you configured previously to gain access.
g. Enter? and press Enter to see the commands available in the ftp client.
ftp> ?
?
cd
delete
dir
get
help
passive
put
pwd
quit
rename
ftp>

h. Enter dir to see the files available on the server.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 10 of 11 www.netacad.com
Packet Tracer - Explore Network Protocols

ftp> dir

Listing /ftp directory from 192.168.1.3:

0 : asa842-k8.bin 5571584
1 : asa923-k8.bin 30468096
2 : c1841-advipservicesk9-mz.124-15.T1.bin 33591768
3 : c1841-ipbase-mz.123-14.T7.bin 13832032
<output omitted>

i. Enter put sampleFile.txt to send the file to the server.

ftp> put sampleFile.txt

Writing file sampleFile.txt to 192.168.1.3:

File transfer in progress...

[Transfer complete - 26 bytes]

26 bytes copied in 0.08 secs (325 bytes/sec)

ftp>
j. Use the dir command again to list the contents of the FTP server again to see the file.
k. Enter get asa842-k8.bin to retrieve the file from the server. This can take 30 seconds or more to
complete as the file is big. Fast Forward Time does not help.
ftp> get asa842-k8.bin

Reading file asa842-k8.bin from 192.168.1.3:

File transfer in progress...

[Transfer complete - 5571584 bytes]

5571584 bytes copied in 46.893 secs (42706 bytes/sec)

ftp>

l. Enter delete sampleFile.txt to remove the file from the server.

ftp> delete sampleFile.txt

Deleting file sampleFile.txt from 192.168.1.3: ftp>

[Deleted file sampleFile.txt successfully ]
ftp>

m. Enter quit to exit the FTP client.

n. Display the contents of the directory on the PC again to see the image file from the FTP server.
In the Instructions window for this activity, your completion percentage should be 100%. If not, click Check
Results to see which required components are not yet completed.
End of Document

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 11 of 11 www.netacad.com
 PT 5.6.6

Packet Tracer - Troubleshoot Common Network Problems

(Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Addressing Table
Device Interface IPv4 Address Subnet Mask Default Gateway

R1 G0/0/0 209.165.200.225 255.255.255.248 N/A

R1 N/A

G0/0/1 10.1.1.2 255.255.255.252

R3 G0/0/0 10.2.2.2 255.255.255.252 N/A
R3 N/A

G0/0/1 172.16.3.1 255.255.255.0

FIREWALL VLAN1 192.168.1.1 255.255.255.0 N/A
FIREWALL N/A

VLAN2 209.165.200.226 255.255.255.248

FIREWALL N/A

VLAN3 192.168.2.1 255.255.255.0

DEVASC Server NIC IN: 192.168.2.3 255.255.255.0 192.168.1.1
DEVASC Server

VLAN1 OUT: 209.165.200.227 255.255.255.248 209.165.200.225

Example Server NIC 64.100.0.10 255.255.255.0 64.100.0.1
PC-A NIC DHCP Assigned 255.255.255.0 192.168.1.1
PC-B NIC 172.16.3.2 255.255.255.0 172.16.3.1

Objectives
Part 1: Test connectivity
Part 2: Troubleshoot R3
Part 3: Troubleshoot R1
Part 4: Troubleshoot DNS

Background / Scenario
Networks have a lot of components working together to ensure connectivity and data delivery. Often, these
components may not work properly. This may be due to a simple device misconfiguration, or many, seemingly
unrelated problems that must be systematically resolved. As a developer, you may need to troubleshoot
network issues to regain connectivity. To troubleshoot network issues, it is necessary to take a step-by-step
methodical approach, using clues to determine the problem and implement a solution. You may often find
more than one problem preventing a connection from working.
Note: In this activity, the two web servers are referred to as DEVASC Server and Example Server. In the
topology, they are named with their URL: www.devasc-netacad.pka and www.example.com.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 6 www.netacad.com
Packet Tracer - Troubleshoot Common Network Problems

Instructions

Part 1: Test Connectivity

In this Part, you are on PC-B, trying to reach the web page of the DEVASC Server.

Step 1: Test the connectivity of the network.

a. Click PC-B.
b. Click Desktop.
c. Click Web Browser.
d. Enter www.devasc-netacad.pka in the URL field and click Go.
The web page request will not work. There may be one or many different problems between PC-B and
the server. We will begin troubleshooting from PC-B and work our way over to the server, troubleshooting
along the way.

Step 2: Troubleshoot the basic configuration of PC-B.

In the Packet Tracer work area, you can see that the connection between PC-B and S3 has red icons.
This means that the connection is physically down between the two or TCP/IP is not correctly configured
on PC-B. Begin by troubleshooting the protocol stack first.
a. Click PC-B.
b. Close the Web Browser, if it is open.
c. Click Command Prompt.
d. Ping the loopback address to ensure that TCP/IP is installed and working properly.
C:\>ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Reply from 127.0.0.1: bytes=32 time=16ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 16ms, Average = 6ms

C:\>
Because there were successful replies, we know that TCP/IP is installed and working correctly. This
means that, most likely, either the Ethernet port on PC-B or S3 is not enabled.
e. Click Config on PC-B.
f. Click FastEthernet0.
g. The Port Status is Off. Click On next to Port Status to enable the interface.
Notice the icons between PC-B and S3 turn green after a few seconds to indicate communication
between the two devices.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 6 www.netacad.com
Packet Tracer - Troubleshoot Common Network Problems

h. Click Desktop.
i. Close the Command Prompt window.

Step 3: Check the IP configuration.

a. Click IP Configuration.
b. You should be provided with an IP address if there is a DHCP server on the network.
Notice that the DHCP request failed. Because PC-B cannot reach a DHCP server, you will need to
provide static IP address information.
c. Click the radio button next to Static to assign the interface IP Configuration information:
IP Address: 172.16.3.2
Subnet Mask: 255.255.255.0
Default Gateway: 172.16.3.1
DNS Server: 64.100.0.10
You now have the correct information to get to the default gateway.
d. Close IP Configuration and click Web Browser.
e. Enter www.devasc-netacad.pka in the URL field and click Go.
Again, the request fails.

Part 2: Troubleshoot R3
In this Part, you will test connectivity to the next network device, R3, to continue troubleshooting.

Step 1: Communicate with the default gateway.

a. Close the Web Browser, if it is open.
b. Click Command Prompt.
c. Ping the default gateway.
C:\>ping 172.16.3.1

Pinging 172.16.3.1 with 32 bytes of data:

Request timed out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.3.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>

You know that the IP addressing information on PC-B is correct, that the interface is up, and that the
TCP/IP stack is working properly. There must be something wrong with the default gateway preventing
communication.

Step 2: Check the IP configuration of R3.

a. Click R3.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 6 www.netacad.com
Packet Tracer - Troubleshoot Common Network Problems

b. Click Config.
c. Click GigabitEthernet0/0/1. This is the interface connected to the 172.16.3.0/24 network.
The interface is up, and there is IP addressing information for it, but it is not correct for the 172.16.3.0
network.
d. Change the IP address for the interface to 172.16.3.1.

Step 3: Check connectivity.

a. Return to PC-B and ping the default gateway again to ensure communication is working between the
devices.
C:\>ping 172.16.3.1

Pinging 172.16.3.1 with 32 bytes of data:

Reply from 172.16.3.1: bytes=32 time<1ms TTL=255

Reply from 172.16.3.1: bytes=32 time<1ms TTL=255
Reply from 172.16.3.1: bytes=32 time=2ms TTL=255
Reply from 172.16.3.1: bytes=32 time<1ms TTL=255

Ping statistics for 172.16.3.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 2ms, Average = 0ms

C:\>

Great! We now have communication between PC-B and the default gateway.
b. Return to the Web Browser on PC-B and attempt to connect to the www.devasc-netacad.pka web
page on the DEVASC Server again.
It still does not work.

Part 3: Troubleshoot R1
In this Part, you will continue troubleshooting on the next device in the path, R1, because you do not have any
control over the devices in the Internet cloud.

Step 1: Check the basic configuration of R1.

By looking at the Packet Tracer work area, we can see that there is a physical problem with the cabling
between R1 and FIREWALL.
a. Click R1, and then the Config tab.
b. Check the Port Status of each interface.
The ports are up.
The network between the devices is 209.165.200.224/29. The IP addresses of the ports at either end of
the cable must fall in this range for communication to take place.

Step 2: Check the cable.

a. Hover over FIREWALL.
VLAN2 has an acceptable IP address, and the link is up.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 6 www.netacad.com
Packet Tracer - Troubleshoot Common Network Problems

b. Hover over R1.

G0/0/0 has an acceptable IP address, and the link is up. The problem is the cable itself. It may be
damaged, or it may be connected to an incorrect port.
You will need to re-cable the connection between the devices.

Step 3: Replace the cable.

a. Be sure to click any white space in the topology to de-select any devices that may be currently selected.
Then use the Delete tool to remove the cable between R1 and FIREWALL.
b. Click Connections.
c. Click the Copper Straight-Through cable, and then click FIREWALL.
d. Choose Ethernet0/0 as the connection. This is the port assigned to 209.165.200.224/29 (VLAN1).
e. Click R1.
f. Choose port GigabitEthernet0/0/0. This is the port assigned to 209.165.200.224/29.
You should now see icons on both sides of the cable, and soon they turn green.

Step 4: Check connectivity.

a. Return to the Web Browser on PC-B and attempt to bring up the DEVASC server web page.
It still does not work. To find out if it is a connection issue or a protocol issue, attempt to ping the
DEVASC Server IP address.
b. Return to the Command Prompt.
c. Ping the IP address of the DEVASC Server. In Packet Tracer, the first set of pings may fail until the
network converges.
C:\> ping 209.165.200.225

Pinging 209.165.200.225 with 32 bytes of data:

Request timed out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for 209.165.200.225:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\> ping 209.165.200.225

Pinging 209.165.200.225 with 32 bytes of data:

Reply from 209.165.200.225: bytes=32 time<1ms TTL=253

Reply from 209.165.200.225: bytes=32 time=1ms TTL=253
Reply from 209.165.200.225: bytes=32 time<1ms TTL=253
Reply from 209.165.200.225: bytes=32 time<1ms TTL=253

Ping statistics for 209.165.200.225:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 6 www.netacad.com
Packet Tracer - Troubleshoot Common Network Problems

Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\>

This is what you wanted to see. We are getting all the way to the DEVASC Server, and all the way back
using ICMP. This tells you there may be something wrong with the DNS configuration.

Part 4: Troubleshoot DNS

Because there is connectivity from PC-B to the DEVASC Server using ICMP, you know all the physical
problems and configuration problems preventing connections before have been solved. This means there is
most likely a protocol issue preventing the web page from displaying.
a. Open the Web Browser on PC-B.
b. Type the IP address of the DEVASC server, along with the port to which you would like to connect: 80.
209.165.200.227:80
You will receive a response from the server.
Request Timeout

The web page does not respond to port 80. In a previous lab, the server was configured to only connect
using secure HTTP (HTTPS). This was to make sure that the FIREWALL does not forwarding traffic on
the unencrypted port 80. You need to use HTTPS to connect to the web page:
https://209.165.200.227
After a few seconds, the web page finally displays!
The most likely problem is the DNS configuration.

Step 2: Verify DNS.

a. On PC-B, open IP Configuration.
b. Ensure the DNS Server is set to 64.100.0.10.
c. Since it is correctly configured, check the configuration of the DNS settings on the Example Server.

Step 3: Verify DNS server configuration.

a. Click the Example Server.
b. Click Services.
c. Click DNS.
There are no DNS records and the service is disabled.
d. Add an entry for the DEVASC Server with the Name set to www.devasc-netacad.pka and Address set
to 209.165.200.227. Then click Add.
Even though the entry is now correct, DNS has not been turned on.
e. Turn On DNS.
f. Return to PC-B, open a Web Browser, and type https://www.devasc-netacad.pka in the URL field. Be
sure you add https:// as FIREWALL only allows secure web traffic.
You will now see that the web page is accessible using DNS across the network.
End of document

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 6 www.netacad.com
 PT 8.8.2

Packet Tracer - Compare CLI and SDN Controller Network

Management (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Addressing Table
Note: All subnet masks are /24 (255.255.255.0).

Device Interface IP Address

R1 G0/0/0 192.168.101.1

R1
S0/1/0 192.168.1.2
R2 G0/0/0 192.168.102.1

R2
S0/1/1 192.168.2.2
R3 G0/0/0 10.0.1.1

R3
G0/0/1 10.0.2.1

R3
S0/1/0 192.168.1.1

R3
S0/1/1 192.168.2.1
SWL1 VLAN 1 192.168.101.2
SWL2 VLAN 1 192.168.102.2
SWR1 VLAN 1 10.0.1.2
SWR2 VLAN 1 10.0.1.3
SWR3 VLAN 1 10.0.1.4
SWR4 VLAN 1 10.0.1.5
Admin NIC 10.0.1.129
PC1 NIC 10.0.1.130
PC2 NIC 10.0.2.129
PC3 NIC 10.0.2.130
PC4 NIC 192.168.102.3
Example Server NIC 192.168.101.100
PT-Controller* NIC 192.168.101.254

* In Part 3, you will add and configure PT-Controller0.

Objectives
Part 1: Explore the Network Topology
Part 2: Use the CLI to Gather Information

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 7 www.netacad.com
Packet Tracer - Compare CLI and SDN Controller Network Management

Part 3: Configure an SDN Controller

Part 4: Use an SDN Controller to Discover a Topology
Part 5: Use an SDN Controller to Gather Information
Part 6: Use an SDN Controller to Configure Network Settings

Background / Scenario
In this Packet Tracer activity, you will compare the differences between managing a network from the
command line interface (CLI) and using a software-defined networking (SDN) controller to manage the
network.

Instructions

Part 1: Explore the Network Topology

In this Part, you will become familiar with the topology you will use for network programmability activities.

Step 1: Review the network configuration documentation

The network is configured as follows:
• Routers are running OSPFv2.
• SSH is enabled on all devices with user cisco and password cisco123!
• R1 has no hosts.
• R2 LAN IPv4 is statically configured.
• R3 is the DHCPv4 server for LAN1 and LAN2.
• Switches are Layer 2 (no VLANs).
• All SWR# switches belong to LAN1.

Step 2: Verify that all devices can ping each other.

Either use the command line on each device or use the Add Simple PDU (P) tool to verify that all devices
can ping each other.

Part 2: Use the CLI to Gather Information

In this part, you manually access each device to gather information about the software version.

Step 1: From the Admin PC, securely access the SWR3 switch.
a. Click Admin > Desktop > Command Prompt.
b. Enter the command ssh -l cisco 10.0.1.4. The -l option is the letter “L”, not the number one.
c. When prompted, enter cisco123! as the password. You are now logged in to SWR3.

Step 2: Gather information about the software on SWR3.

a. Enter the following command to filter the output of the show version command to view just the
RELEASE SOFTWARE installed on the device. Notice that SWR3 is running IOS 16.3.2 and Boot Loader
4.2.6.
SWR3# show version | include RELEASE

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 7 www.netacad.com
Packet Tracer - Compare CLI and SDN Controller Network Management

Cisco IOS Software [Denali], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M),

Version 16.3.2, RELEASE SOFTWARE (fc4)
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 4.26, RELEASE SOFTWARE (P)
SWR3#
b. Copy the information to your clipboard
c. Open a text file editor and paste the information into a text file.
d. Save the file as software-versions.txt.

Step 3: Gather the software information for the rest of the network devices.
a. From the Command Prompt on SWR3, securely access another network device and repeat Step 2
above.
b. Continue documenting the software versions until you have completed all nine network devices: SWL1,
SWL2, SWR1, SWR2, SWR3, SWR4, R1, R2, and R3.
c. Exit out of all of your SSH sessions.

Part 3: Configure the PT-Controller

For many years, network administrators have used early automation tools such as bash scripts or SNMP-
enabled software to complete a process similar to what you did in the previous step. However, with the
introduction of SDN, this process has been greatly enhanced. Packet Tracer provides a simple PT-Controller
to simulate an SDN controller. In this Part, you will connect and configure the PT-Controller.
Note: To learn more about Packet Tracer’s implementation of the Network Controller, click the Help menu,
then Contents. In the Index on the left, about midway down, you will find the heading Configuring Devices.
Underneath this heading, find Network Controllers. Here you will find a wealth of information, much of which
you will explore in the activities in this course.

Step 1: Add a Network Controller to the topology.

a. At the bottom left corner of the Packet Tracer interface, click End Devices > Network Controller.
b. Add the Network Controller in the blank spot left of the SWL1 switch. The name should already by PT-
Controller0. If not, click the name and change it.
c. At the bottom again, click the lightening bolt for Connections. Click the solid black Copper Straight-
Through cable.
d. Click PT-Controller0 and choose GigabitEthernet0. Then click SWL1 and choose the first available
Gigabit Ethernet interface.

Step 2: Configure connectivity for the PT-Controller0.

a. Click PT-Controller0 > Config.
b. For Gateway/DNS IPv4, enter 192.168.101.1 as the Gateway address.
c. On the left under INTERFACE, click GigabitEthernet0.
d. For IP Configuration, enter the IP Address 192.168.101.254 and Subnet Mask 255.255.255.0.
e. On the left, under REAL WORLD, click Controller. If the Server Status is Stopped, move on to the next
substep. If the Server Status is Disabled in Preferences, then you will need to enable external access
by following these instructions:
1) Select Options > Preferences from the Packet Tracer menus.
2) Click Miscellaneous.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 7 www.netacad.com
Packet Tracer - Compare CLI and SDN Controller Network Management

3) Under External Network Access, click Enable External Access for Network Controller REST
API.
4) Close Preferences and click PT-Controller0 > Config, if necessary.
5) On the left under REAL WORLD, click Controller.
f. The Server Status should now be Stopped. Click Access Enabled to enable it. Server Status changes
to Listening on port 58000. If the port is some other value, change it to 58000. This is the port number in
the Python scripts.

Step 3: From Admin, verify connectivity to the PT-Controller0.

Verify that Admin can ping PT-Controller0. If you are not able to ping, make sure your configuration matches
the specifications in the previous step.

Step 4: Register a new user and log into the PT-Controller0.

a. Click Admin > Desktop > Web Browser.
b. Enter the IPv4 address 192.168.101.254 to access the User Setup for PT-Controller0.
c. Enter cisco in the Username field and cisco123! in the Password and Confirm Password fields, and
then click SETUP.
Note: You can use whatever username and password you want here. For simplicity, we recommend
using common credentials used in the rest of the activity.
d. On User Login screen, enter your credentials and click LOG IN.
e. You are now logged in to the dashboard for PT-Controller0. At this point, it may be helpful to expand the
window so you can see the entire interface.

Part 4: Use an SDN Controller to Discover a Topology

In this Part, you will configure PT-Controller0 to use Cisco Discover Protocol (CDP) to automatically discover
the nine network devices in your topology. The PT-Controller0 will also discover all five host devices attached
to the network.

Step 1: Add credentials to access all the network devices in the topology.
a. From the Network Controller GUI, click the menu button to the left of the Cisco logo.
b. Select Provisioning. From here, you can manually add networking devices. However, you will use CDP
to automatically discover devices for you.
c. Click CREDENTIALS and then click + CREDENTIAL to add a New Credential.
d. For Username, enter cisco, and for Password, enter cisco123!. Leave Enable Password blank. For
Description, enter admin credentials, and then click OKAY.
e. The new CLI Credentials are now stored on PT-Controller0 for use in automation tasks.

Step 2: Use CDP to discover all the devices on the network.

a. Click DISCOVERY and the click + DISCOVERY to add a New Discovery.
b. For Name, enter SWL1. For IP Address, enter 192.168.101.2. For CLI Credential List, drop down the
list and choose cisco - admin credentials.
c. Click ADD.
d. You should now see the Status as In Progress. You can wait for Packet Tracer to finish simulating this
process. Or you can Fast Forward Time button on the main Topology window to speed up the process.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 7 www.netacad.com
Packet Tracer - Compare CLI and SDN Controller Network Management

Part 5: Use an SDN Controller to Gather Information

In this Part, you will use the PT-Controller0 GUI to view information about the network devices and host
devices in the topology. You will view the topology created by the controller and then conduct a path trace
across the network.

Step 1: View the list of network devices discovered.

a. Click NETWORK DEVICE. You should now see all nine network devices listed.
b. Click the Gear icon next to any device’s hostname to see the information collected by the discover
process. Notice that the Software Version is listed as well as a variety of other detailed information about
the device.

Step 2: View a list of all the host devices discovered.

a. Return to the Dashboard. Click the menu next to the Cisco logo, then click Dashboard. (You can also
simply click the Network Controller banner to return to the Dashboard from anywhere.)
b. On the Dashboard, you will see charts with the number of hosts that can be reached via ping and the
number of network devices that are managed. Both should be 100%.
c. You should also see tiles for QoS, Network Device, and Host. Click the Gear icon for Host. This will take
you to the HOSTS tab for ASSURANCE.
d. On this page, you can view all the Layer 2 and Layer 3 connectivity information for each host as well as
the network device to which each is attached.
e. Click the Gear icon next to any host to view more detailed information.

Step 3: View the topology created by PT-Controller0.

a. Click the TOPOLOGY tab. Notice that the PT-Controller dynamically created the same topology you see
in Packet Tracer’s main window.
b. From this view, you can click any network device to see its details.
c. You can also click and drag the device icons to rearrange the topology. However, your changes will not
be saved when you leave the TOPOLOGY workspace.

Step 4: Trace the path from one device to another device.

a. Click the PATH TRACE tab.
b. Click + PATH to add a New Path.
c. Trace the path from one end of the network to the other. For example, you could enter the IP addresses
for PC1 to PC4. Then click OKAY.
d. Click the new path that was added to initiate the path trace.
You will get a Route report that shows all the hops from source to destination. Notice that only Layer 3
device information is listed. The switches are shown as an UNKNOWN device. This is because they are
all operating at Layer 2 only.

Part 6: Use an SDN Controller to Configure Network Settings

A major benefit of network automation using a controller is the ability to configure global network settings and
policies for all devices and then push that configuration with the click of a button. In this Part, you will
configure PT-Controller0 with network settings for DNS, NTP, and Syslog. You will then push this
configuration to supported network devices. Finally, you will verify and test the policy.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 7 www.netacad.com
Packet Tracer - Compare CLI and SDN Controller Network Management

Step 1: Investigate the configuration of the Example server.

a. Click Example Server > Services.
b. Under SERVICES, click DNS. Notice that the DNS service is enabled and that there is one record for
www.example.com.
c. Under SERVICES, click SYSLOG. Notice that the Syslog service is enabled.
d. Under SERVICES, click NTP. Notice that the NTP service is enabled.

Step 2: Configure a global policy for DNS, SYSLOG, and NTP.

a. Click Admin. If you closed Admin, you will need to open the Web Browser app and reauthenticate with
PT-Controller0.
b. Click the menu to the left of the Cisco logo.
c. Click Policy.
d. On the QOS tab, notice there are options for configuring the Scope and Policy. In this activity, you will
configure NETWORK SETTINGS.
e. Click NETWORK SETTINGS.
f. Click DNS. Enter example.com as the Domain Name and 192.168.101.100 as the IP Address.
g. Click Save.
h. Click NTP.
i. Enter 192.168.101.100 as the IP Address.
j. Click Save.
k. Click SYSLOG.
l. Enter 192.168.101.100 as the IP Address.
m. Click Save.
n. Click DNS, NTP, and SYSLOG again to verify the information is correct. If not, correct the information
saving each time.
o. Click PUSH CONFIG.
p. The Push All Network Settings dialog box opens. Verify your settings and click OKAY. A “Saved
Successfully” message appears briefly.

Step 3: Verify and test the network settings that were pushed to devices.
At the bottom of the NETWORK SETTINGS window, there is the following:
Note: This functionality is only supported on devices running IOS-XE OS and Switch 2960-24TT
This means that, for this version of Packet Tracer, your global settings were only applied to the routers.
a. Click any of the three routers. R1 is shown in the following output.
b. Click CLI.
c. Click inside the window and press Enter to get a command prompt.
d. Enter the privileged EXEC mode and verify the DNS settings.
R1> enable
R1# show run | begin ip domain
ip domain-name example.com
ip name-server 192.168.101.100

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 7 www.netacad.com
Packet Tracer - Compare CLI and SDN Controller Network Management

!
<output omitted>
R1#
e. Enter the following commands to verify the NTP settings. The time on R1 should match your current time.
Packet Tracer may take a little time to propagate NTP messages. You can click the Fast Forward Time
button to speed up the process.
R1# show ntp associations

address ref clock st when poll reach delay offset

disp
*~192.168.101.100127.127.1.1 1 12 16 377 0.00 0.00
0.12
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
R1# show clock
15:30:54.268 UTC Thu Jun 11 2020
R1#
f. Enter the following command to verify logging is configured.
R1# show run | include logging
logging 192.168.101.100
R1#
g. To test logging, shut down the Serial0/1/0 interface and then reactivate it.
R1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# interface s0/1/0
R1(config-if)# shutdown
%LINK-5-CHANGED: Interface Serial0/1/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to down
15:36:37: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.1 on Serial0/1/0 from FULL to DOWN,
Neighbor Down: Interface down or detached
R1(config-if)# no shutdown
%LINK-5-CHANGED: Interface Serial0/1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to up
15:36:53: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.1 on Serial0/1/0 from LOADING to
FULL, Loading Done
R1(config-if)# end
R1#
h. Click Example Server > Services > SYSLOG. You should see the same syslog messages you saw on in
the CLI are also logged to the server. Double-click any of the entries to review the messages.
End of document

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 7 www.netacad.com
 PT 8.8.3

Packet Tracer - Implement REST APIs with an SDN Controller

(Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Addressing Table
Note: All subnet masks are /24 (255.255.255.0).

Device Interface IP Address

R1 G0/0/0 192.168.101.1/24

R1
S0/1/0 192.168.1.2
R2 G0/0/0 192.168.102.1

R2
S0/1/1 192.168.2.2
R3 G0/0/0 10.0.1.1

R3
G0/0/1 10.0.2.1

R3
S0/1/0 192.168.1.1

R3
S0/1/1 192.168.2.1
SWL1 VLAN 1 192.168.101.2
SWL2 VLAN 1 192.168.102.2
SWR1 VLAN 1 10.0.1.2
SWR2 VLAN 1 10.0.1.3
SWR3 VLAN 1 10.0.1.4
SWR4 VLAN 1 10.0.1.5
Admin NIC 10.0.1.129
PC1 NIC 10.0.1.130
PC2 NIC 10.0.2.129
PC3 NIC 10.0.2.130
PC4 NIC 192.168.102.3
Example Server NIC 192.168.101.100
PT-Controller NIC 192.168.101.254

Objectives
Part 1: Launch the DEVASC VM
Part 2: Verify External Connectivity to Packet Tracer
Part 3: Request an Authentication Token with Postman

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 8 www.netacad.com
Packet Tracer - Implement REST APIs with an SDN Controller

Part 4: Send REST Requests with Postman

Part 5: Send REST Requests with VS Code
Part 6: Send REST Requests Inside Packet Tracer

Background / Scenario
In this Packet Tracer activity, you will use the Packet Tracer Network Controller and associated API
documentation to send REST requests from Postman and from Visual Studio Code (VS Code). Packet Tracer
also supports a Python coding environment. Therefore, in the final Part of this activity, you will send REST
requests from within Packet Tracer.

Required Resources
• 1 PC with operating system of your choice
• Virtual Box or VMWare
• DEVASC Virtual Machine

Instructions

Part 1: Launch the DEVASC VM

If you have not already completed the Lab - Install the Virtual Machine Lab Environment, do so now. If you
have already completed that lab, launch the DEVASC VM now.

Part 2: Verify External Connectivity to Packet Tracer

In this Part, you will verify that Packet Tracer can be accessed by other applications on the DEVASC VM.
This activity must be completed entirely within the DEVASC virtual machine environment. Support for other
setups is not provided.

Step 1: If you have not done so already, open the Packet Tracer activity.
a. Within the DEVASC VM, access your course curriculum in the Chromium browser.
b. Navigate to the page for this activity.
c. Download and launch the file Packet Tracer - Implement REST APIs with an SDN Controller.pka
associated with these instructions.

Step 2: Verify Packet Tracer's settings for external access.

a. Click Options > Preferences > Miscellaneous. Under External Network Access, verify that Enable
External Access for Network Controller REST API is checked.
b. Close the Preferences window.
c. Click PT-Controller0 > Config.
d. On the left, under REAL WORLD, click Controller.
e. Check Access Enabled and make note of the port number, which is most likely 58000. This is the port
number you will need when externally accessing the Packet Tracer activity from Chromium, VS Code,
and Postman later in this activity.

Step 3: Verify you can access Packet Tracer from another program on the DEVASC VM.
Open Chromium and navigate to http://localhost:58000/api/v1/host.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 8 www.netacad.com
Packet Tracer - Implement REST APIs with an SDN Controller

You will get the following response. This step verifies that you can externally access Packet Tracer and PT-
Controller0. Notice that authorization requires a ticket. You will get an authorization token in the next Part.
{
"response": {
"detail": "Security Authentication Failure",
"errorCode": "REST_API_EXTERNAL_ACCESS",
"message": "Ticket-based authorization: empty ticket."
},
"version": "1.0"
} {

Part 3: Request an Authentication Token with Postman

In this Part, you will investigate the REST API documentation in Packet Tracer and use Postman to request
an authentication token from the PT-Controller0. You can also do this in VS Code with a Python script.

Step 1: Investigate the REST API documentation for the Network Controller.
To see the REST API documentation for PT-Controller0, complete the following steps:
a. Click Admin > Desktop > Web Browser.
b. Enter 192.168.101.254.
c. Log in to PT-Controller0 with user cisco and password cisco123!.
d. Click the menu next to the Cisco logo and choose API Docs.
e. You can also access this same documentation from the Help menu. Click Help > Contents.
f. In the navigation pane on the left, scroll down about two-thirds of the way and click Network Controller
API. This provides the same documentation you found on PT-Controller0.
g. In the API documentation, click addTicket. You will use this documentation in the next step.
Note: Some REST API functionality may not be available in the current version of Packet Tracer.

Step 2: Create a new POST request.

a. After reviewing the addTicket REST API Method documentation, open Postman. In the Launch area,
click the plus sign to create a new Untitled Request.
b. Click the down arrow and change the type from GET to POST.
c. Enter the URL http://localhost:58000/api/v1/ticket.
d. Below the URL field, click Body. Change the type to raw.
e. Click the down arrow next to Text and change it to JSON. This change will also set the “Content-type”
HTTP Header to “application/json” that is required for this API call.
f. Paste the following JSON object into the Body field. Make sure your code is properly formatted
{
"username": "cisco",
"password": "cisco123!"
}

Step 3: Send the POST request

a. Click Send to send the POST request to the PT-Controller0.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 8 www.netacad.com
Packet Tracer - Implement REST APIs with an SDN Controller

You should get a response similar to the following. However, your_serviceTicket will be an actual value.
{
"response": {
"idleTimeout": 900,
"serviceTicket": "your_serviceTicket",
"sessionTimeout": 3600
},
"version": "1.0"
}

b. Copy the serviceTicket value without the quotes to a text file for later use.

Part 4: Send REST Requests with Postman

In this Part, you will use your service ticket to send three REST requests to the PT-Controller0.

Step 1: Create a new GET request for all network devices in the network.
a. In Postman, click the plus sign to create a new Untitled Request.
b. Enter the URL http://localhost:58000/api/v1/network-device.
c. Below the URL field, click Headers.
d. Under the last KEY, click the Key field and enter X-Auth-Token.
e. In the Value field, enter the value for your service ticket.

Step 2: Send the GET request.

Click Send to send the GET request to the PT-Controller0.
You should get a response listing the details that the controller has for the nine network devices in the
network. The response for the first device is shown here.
{
"response": [
{
"collectionStatus": "Managed",
"connectedInterfaceName": [
"GigabitEthernet0/0/0",
"GigabitEthernet0",
"FastEthernet0"
],
"connectedNetworkDeviceIpAddress": [
"192.168.101.1",
"192.168.101.254",
"192.168.101.100"
],
"connectedNetworkDeviceName": [
"R1",
"NetworkController",
"Example Server"
],
"errorDescription": "",
"globalCredentialId": "53046ecc-88c3-49f6-9626-ca8ab9db6725",

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 8 www.netacad.com
Packet Tracer - Implement REST APIs with an SDN Controller

"hostname": "SWL1",
"id": "CAT1010BT47-uuid",
"interfaceCount": "29",
"inventoryStatusDetail": "Managed",
"lastUpdateTime": "6",
"lastUpdated": "2020-06-11 22:55:51",
"macAddress": "000C.CF42.2B11",
"managementIpAddress": "192.168.101.2",
"platformId": "3650",
"productId": "3650-24PS",
"reachabilityFailureReason": "",
"reachabilityStatus": "Reachable",
"serialNumber": "CAT1010BT47-",
"softwareVersion": "16.3.2",
"type": "MultiLayerSwitch",
"upTime": "4 hours, 55 minutes, 11 seconds"
},
<output omitted>
],
"version": "1.0"
}

Step 3: Duplicate the GET request and modify it for all hosts on the network.
a. In Postman, right-click the tab for your host GET request and choose Duplicate Tab.
b. All information in the ticket is the same except for the URL. Simply change network-device to host:
http://localhost:58000/api/v1/host.

Step 4: Send the GET request.

Click Send to send the GET request to the PT-Controller0.
You should get a response listing the details that the controller has for the six host devices in the network.
The response for the first device is shown here.
{
"response": [
{
"connectedAPMacAddress": "",
"connectedAPName": "",
"connectedInterfaceName": "GigabitEthernet1/0/24",
"connectedNetworkDeviceIpAddress": "192.168.102.2",
"connectedNetworkDeviceName": "SWL2",
"hostIp": "192.168.102.3",
"hostMac": "00E0.F96C.155B",
"hostName": "PC4",
"hostType": "Pc",
"id": "PTT08108MO8-uuid",
"lastUpdated": "2020-06-11 22:49:32",
"pingStatus": "SUCCESS"
},
<output omitted>

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 8 www.netacad.com
Packet Tracer - Implement REST APIs with an SDN Controller

],
"version": "1.0"
}

Step 5: Close Postman to free up memory in the DEVASC VM.

Part 5: Send REST Requests with VS Code

In this Part, you will use Python script in VS Code to send the same API requests you sent in Postman.
However, you will also use Python for loops to parse the JSON and display only specific key value pairs.

Step 1: Use a script to request a service ticket.

a. Open VS code.
b. Click File > Open Folder... and navigate to the devnet-src/ptna directory.
c. Click OK.
Notice in the EXPLORE pane on the left that three scripts are shown: 01_get-ticket.py, 02_get-network-
device.py, and 03_get-host.py. Review the code for each. Notice that the scripts for network devices
and hosts require that you replace the your_serviceTicket value with the value Packet Tracer gave you
when you requested a ticket. Request a new service ticket to see the function of the 01_get-ticket.py
script.
d. Open a terminal window in VS Code: Terminal > New Terminal.
e. Run the 01_get-ticket.py to see output similar to the following.
devasc@labvm:~/labs/devnet-src/ptna$ python3 01_get-ticket.py
Ticket request status: 201
The service ticket number is: your_serviceTicket
devasc@labvm:~/labs/devnet-src/ptna$
f. Replace the your_serviceTicket value in 02_get-network-device.py and 03_get-host.py with the value
Packet Tracer gave you.

Step 2: Use a script to request a list of network devices.

Previously in Postman, the call to the network device's API returned a list of all nine network devices and all
the information available for each device. However, the 02_get-network-device.py script prints only the
values of the keys that the programmer is interested in: hostname, platformId, and
managementIpAddress.
In the terminal window, run the 02_get-network-device.py script.
devasc@labvm:~/labs/devnet-src/ptna$ python3 02_get-network-device.py
Request status: 200
SWL1 3650 192.168.101.2
R1 ISR4300 192.168.1.2
R3 ISR4300 192.168.2.1
SWR1 3650 10.0.1.2
SWR2 3650 10.0.1.3
R2 ISR4300 192.168.2.2
SWL2 3650 192.168.102.2
SWR4 3650 10.0.1.5
SWR3 3650 10.0.1.4
devasc@labvm:~/labs/devnet-src/ptna$

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 8 www.netacad.com
Packet Tracer - Implement REST APIs with an SDN Controller

Step 3: Use a script to request a list of host devices.

Similarly, the programmer chose to list specific information for each of the six host devices connected to the
network.
In the terminal window, run the 03_get-host.py script.
devasc@labvm:~/labs/devnet-src/ptna$ python3 03_get-host.py
Request status: 200
PC4 192.168.102.3 00E0.F96C.155B GigabitEthernet1/0/24
PC3 10.0.2.129 0004.9A42.C245 GigabitEthernet1/0/24
PC1 10.0.1.129 00E0.A330.3359 GigabitEthernet1/0/22
PC2 10.0.2.130 0060.47C1.A4DB GigabitEthernet1/0/23
Admin 10.0.1.130 0050.0FCE.B095 GigabitEthernet1/0/21
Example Server 192.168.101.100 000A.413D.D793 GigabitEthernet1/0/3
devasc@labvm:~/labs/devnet-src/ptna$

Part 6: Send REST Requests Inside Packet Tracer (Optional)

In this Part, you will use the same scripts with one small edit to send the same API requests inside Packet
Tracer that you sent from VS Code.

Step 1: Create a Project in Packet Tracer

a. In Packet Tracer, click the Admin PC.
b. Click the Programming tab.
c. There is currently no project. Click New.
d. Enter REST APIs as the Name and choose Empty - Python as the template.
e. Click Create.
The REST APIs (Python) project is now created with a blank main.py script.

Step 2: Modify the scripts to run inside Packet Tracer.

Access from one application to another on the same host machine requires that the port number be specified
in the URL. However, Packet Tracer is simulating a real network. In the real world, you do not normally
specify the port number when making API requests. In addition, you would use a domain name or IP address
in the URL.
a. In VS Code, copy the code for 03_get-host.py.
b. In the Admin > Programming tab, double-click the main.py script to open it.
c. Paste the code in the main.py script.
d. Change the api_url. Replace localhost:58000/api/v1/host with 192.168.101.254/api/v1/host.
e. Edits are automatically saved. Click Run. Packet Tracer output does not exactly simulate what you see in
the Linux command line. However, you should see similar output as shown below.
Starting REST APIs (Python)...
('Request status: ', 200)
('PC4', '\t', '192.168.102.3', '\t', '00E0.F96C.155B', '\t', 'GigabitEthernet1/0/24')
('PC3', '\t', '10.0.2.129', '\t', '0004.9A42.C245', '\t', 'GigabitEthernet1/0/24')
('PC1', '\t', '10.0.1.129', '\t', '00E0.A330.3359', '\t', 'GigabitEthernet1/0/22')
('PC2', '\t', '10.0.2.130', '\t', '0060.47C1.A4DB', '\t', 'GigabitEthernet1/0/23')
('Admin', '\t', '10.0.1.130', '\t', '0050.0FCE.B095', '\t', 'GigabitEthernet1/0/21')

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 8 www.netacad.com
Packet Tracer - Implement REST APIs with an SDN Controller

('Example Server', '\t', '192.168.101.100', '\t', '000A.413D.D793', '\t',

'GigabitEthernet1/0/3')
REST APIs (Python) finished running.

f. Copy and paste 02_get-network-device.py into the main.py. Change the URL and run it.
REST APIs (Python) finished running.
Starting REST APIs (Python)...
('Request status: ', 200)
('SWL1', '\t', '3650', '\t', '192.168.101.2')
('R1', '\t', 'ISR4300', '\t', '192.168.1.2')
('R3', '\t', 'ISR4300', '\t', '192.168.2.1')
('SWR1', '\t', '3650', '\t', '10.0.1.2')
('SWR2', '\t', '3650', '\t', '10.0.1.3')
('R2', '\t', 'ISR4300', '\t', '192.168.2.2')
('SWL2', '\t', '3650', '\t', '192.168.102.2')
('SWR4', '\t', '3650', '\t', '10.0.1.5')
('SWR3', '\t', '3650', '\t', '10.0.1.4')
REST APIs (Python) finished running
End of document

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 8 www.netacad.com