‫بسم هللا الرحمن الرحيم‬

Osama Saleh Al-Jamal

Khidmat Watan Final Project Documentation.

Computer Science (ICT)

Mobile phone: +962788690737
E-mail: samaaljamal84@gmail.com
Date: 25 /8 /2020
 A basic Network infrastructure allude to the resources like hardware and software of an entire
network that let network connectivity, communication, operations and control of an topology
where you can achieve full connectivity between the clients in headquarter and branch site.

Cisco packet Tracer latest version was used to design & simulate this design. Using Cisco
packet tracer we can simulate application layer protocols, basic routing with RIP, OSPF,
EIGRP, etc. My design consist two locations for Ranet Company, headquarter and branch site.
The total cost of this project 40,000$ [1].

The main purpose of a network is to reduce isolated users and workgroups. All systems should
be capable of communicate and provide and desired information. Additionally, physical systems
and devices should be able to maintain and provide satisfactory performance, reliability and
security.

Figure (1): Connectivity between the clients in headquarter and branch office in general.[2]

In order to design and implement of a Network the following methodology was used:

a) Conceptualizing the Ideas.

b) Designing the Network Architecture.

c) Add devices and network tools.

d) Configuration of Devices in accordance to Topology.

e) Network Troubleshooting.
Figure: HQ & BO network design.
- Devices Price List:

Devices Name Quantity Price

Router 1941 2 3000
Switch 3650 1 6000
Switch 3560 1 4000
Switch 2960 4 6000
Workstation 2 1200
Wireless LAN Controller 1 5000
Access Point 1 300
WAN Interface card (HWIC) 2 2000
Wireless Adapter 1 50
Total > 27,550 $
Table (1): Devices Price List

- Headquarter VLANs:

VLANs Name Network IP Subnet mask Gateway

10 Mgmt. 192.168.1.0 255.255.255.0 192.168.1.1
99 Native 192.168.2.0 255.255.255.0 192.168.2.1
20 HR 192.168.3.0 255.255.255.240 192.168.3.1
30 Financial 192.168.3.16 255.255.255.240 192.168.3.17
40 IT 192.168.3.32 255.255.255.248 192.168.3.33
50 Application 192.168.3.40 255.255.255.248 192.168.3.41
5 Wireless 192.168.3.48 255.255.255.248 192.168.3.49
Table (2): Headquarter VLANs

- Headquarter Routers:

R,SW Hostname HQ_AGSW1 HQ_AGSW2 HQ_WAN_R

Interfaces
GigabitEthernet1/0/1 10.0.0.1/30 Null Null
FastEthernet0/1 Null 10.0.0.5/30 Null
GigabitEthernet0/1 Null Null 10.0.0.2/30
GigabitEthernet0/2 Null Null 10.0.0.6/30
Serial 0/0/0 Null Null 200.100.10.1/30
Table (3): Headquarter Routers
- Branch Office VLANs:

VLAN Name Network IP Subnet mask Gateway

10 Mgmt. 172.16.1.0 255.255.255.0 172.16.1.1
99 Native 172.16.2.0 255.255.255.0 172.16.2.1
70 Auditing 172.16.3.0 255.255.255.248 172.16.3.1
80 IT 172.16.3.8 255.255.255.248 172.16.3.9
90 Admin 172.16.3.16 255.255.255.248 172.16.3.17
Table (4): Branch Office VLANs

- Branch Office Router:

R Hostname BO_W_R
Interfaces
Serial 0/0/0 200.100.10.2/30
GigabitEthernet0/0.70 172.16.3.1/29
GigabitEthernet0/0.80 172.16.3.18/29
GigabitEthernet0/1.90 172.16.3.16/29
Table (5): Branch Office Router

♦ Headquarter Router (HQ_WAN_R) Configurations:

hostname HQ_WAN_R

enable password Cisco@123

username Osama password Cisco@123

ip domain-name osamalab.com

interface Tunnel1
ip address 192.168.20.1 255.255.255.0
tunnel source Serial0/0/0
tunnel destination 200.100.10.2

interface GigabitEthernet0/0
ip address 10.0.0.2 255.255.255.252
ip access-group ssh in

interface GigabitEthernet0/1
ip address 10.0.0.6 255.255.255.252
ip access-group ssh in

interface Serial0/0/0
ip address 200.100.10.1 255.255.255.252

router ospf 100

network 10.0.0.0 0.0.0.3 area 0
network 10.0.0.4 0.0.0.3 area 0
network 192.168.20.0 0.0.0.255 area 0

ip access-list extended ssh

permit tcp 192.168.3.32 0.0.0.7 172.16.0.0 0.0.3.255 eq 22
permit ip 192.168.3.32 0.0.0.7 192.168.3.40 0.0.0.7
deny tcp 192.168.0.0 0.0.7.255 172.16.0.0 0.0.3.255 eq 22
deny ip any 192.168.3.40 0.0.0.7
permit ip any any

crypto key generate rsa

How many bits in the modulus [512]: 1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh

line vty 5 15
login local
transport input ssh

ntp server 192.168.1.5

logging host 192.168.1.5

 ♦ Multilayer Switch1 (HQ_MLSW1) Configurations:

hostname HQ_MLSW1

enable password Cisco@123

ip dhcp excluded-address 192.168.1.1 192.168.1.3

ip dhcp excluded-address 192.168.2.1 192.168.2.3
ip dhcp excluded-address 192.168.3.1 192.168.3.3
ip dhcp excluded-address 192.168.3.17 192.168.3.19
ip dhcp excluded-address 192.168.3.33 192.168.3.35
ip dhcp excluded-address 192.168.3.41 192.168.3.43
ip dhcp excluded-address 192.168.3.49 192.168.3.51
ip dhcp excluded-address 192.168.3.52
ip dhcp excluded-address 192.168.1.5

ip dhcp pool vlan10

network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1

ip dhcp pool vlan99

network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.1

ip dhcp pool vlan20

network 192.168.3.0 255.255.255.240
default-router 192.168.3.1
dns-server 192.168.3.1
ip dhcp pool vlan30
network 192.168.3.16 255.255.255.240
default-router 192.168.3.17
dns-server 192.168.3.17

ip dhcp pool vlan40

network 192.168.3.32 255.255.255.248
default-router 192.168.3.33
dns-server 192.168.3.33

ip dhcp pool vlan50

network 192.168.3.40 255.255.255.248
default-router 192.168.3.41
dns-server 192.168.3.41

ip dhcp pool vlan5

network 192.168.3.48 255.255.255.248
default-router 192.168.3.49
dns-server 192.168.3.48

ip routing

username Osama password Cisco@123

ip domain-name osamalab.com

interface Port-channel1
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk

interface Port-channel3
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/0/1
no switchport
ip address 10.0.0.1 255.255.255.252

interface GigabitEthernet1/0/2
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable

interface GigabitEthernet1/0/3
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable

interface GigabitEthernet1/0/4
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode desirable

interface GigabitEthernet1/0/5
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode desirable

interface Vlan5
mac-address 0005.5e7a.0d01
ip address 192.168.3.50 255.255.255.248
standby 0 ip 192.168.3.49
standby 0 priority 150
standby 0 preempt
interface Vlan10
mac-address 0005.5e7a.0d02
ip address 192.168.1.2 255.255.255.0
standby 0 ip 192.168.1.1
standby 0 priority 150
standby 0 preempt

interface Vlan20
mac-address 0005.5e7a.0d03
ip address 192.168.3.2 255.255.255.240
standby 0 ip 192.168.3.1
standby 0 priority 150
standby 0 preempt

interface Vlan30
mac-address 0005.5e7a.0d04
ip address 192.168.3.18 255.255.255.240
standby 0 ip 192.168.3.17
standby 0 priority 150
standby 0 preempt

interface Vlan40
mac-address 0005.5e7a.0d05
ip address 192.168.3.34 255.255.255.248
standby 0 ip 192.168.3.33
standby 0 priority 150
standby 0 preempt

interface Vlan50
mac-address 0005.5e7a.0d06
ip address 192.168.3.42 255.255.255.248
standby 0 ip 192.168.3.41
standby 0 priority 150
standby 0 preempt
interface Vlan99
mac-address 0005.5e7a.0d07
ip address 192.168.2.2 255.255.255.0
standby 0 ip 192.168.2.1
standby 0 priority 150
standby 0 preempt

router ospf 100

network 192.168.3.48 0.0.0.7 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.15 area 0
network 192.168.3.16 0.0.0.15 area 0
network 192.168.3.32 0.0.0.7 area 0
network 192.168.3.40 0.0.0.7 area 0
network 192.168.2.0 0.0.0.255 area 0
network 10.0.0.0 0.0.0.3 area 0

crypto key generate rsa

How many bits in the modulus [512]: 1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh

line vty 5 15
login local
transport input ssh

ntp server 192.168.1.5

logging host 192.168.1.5

 ♦ Multilayer Switch2 (HQ_MLSW2) Configurations:

hostname HQ_AGSW2

enable password Cisco@123

ip dhcp excluded-address 192.168.1.1 192.168.1.3

ip dhcp excluded-address 192.168.2.1 192.168.2.3
ip dhcp excluded-address 192.168.3.1 192.168.3.3
ip dhcp excluded-address 192.168.3.17 192.168.3.19
ip dhcp excluded-address 192.168.3.33 192.168.3.35
ip dhcp excluded-address 192.168.3.41 192.168.3.43
ip dhcp excluded-address 192.168.3.49 192.168.3.51
ip dhcp excluded-address 192.168.3.52
ip dhcp excluded-address 192.168.1.5

ip dhcp pool vlan10

network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1

ip dhcp pool vlan99

network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.1

ip dhcp pool vlan20

network 192.168.3.0 255.255.255.240
default-router 192.168.3.1
dns-server 192.168.3.1

ip dhcp pool vlan30

network 192.168.3.16 255.255.255.240
default-router 192.168.3.17
dns-server 192.168.3.17
ip dhcp pool vlan40
network 192.168.3.32 255.255.255.248
default-router 192.168.3.33
dns-server 192.168.3.33

ip dhcp pool vlan50

network 192.168.3.40 255.255.255.248
default-router 192.168.3.41
dns-server 192.168.3.41

ip dhcp pool vlan5

network 192.168.3.48 255.255.255.248
default-router 192.168.3.49
dns-server 192.168.3.48

ip routing

username Osama password Cisco@123

ip domain-name osamalab.com

interface Port-channel2
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk

interface Port-channel4
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk

interface FastEthernet0/1
no switchport
ip address 10.0.0.5 255.255.255.252
interface FastEthernet0/2
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode desirable

interface FastEthernet0/3
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode desirable

interface FastEthernet0/4
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode desirable

interface FastEthernet0/5
switchport trunk native vlan 99
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode desirable

interface Vlan5
mac-address 00d0.ff3b.1201
ip address 192.168.3.51 255.255.255.248
standby 0 ip 192.168.3.49

interface Vlan10
mac-address 00d0.ff3b.1202
ip address 192.168.1.3 255.255.255.0
standby 0 ip 192.168.1.1
interface Vlan20
mac-address 00d0.ff3b.1203
ip address 192.168.3.3 255.255.255.240
standby 0 ip 192.168.3.1

interface Vlan30
mac-address 00d0.ff3b.1204
ip address 192.168.3.19 255.255.255.240
standby 0 ip 192.168.3.17

interface Vlan40
mac-address 00d0.ff3b.1205
ip address 192.168.3.35 255.255.255.248
standby 0 ip 192.168.3.33

interface Vlan50
mac-address 00d0.ff3b.1206
ip address 192.168.3.43 255.255.255.248
standby 0 ip 192.168.3.41

interface Vlan99
mac-address 00d0.ff3b.1207
ip address 192.168.2.3 255.255.255.0
standby 0 ip 192.168.2.1

router ospf 100

network 192.168.3.48 0.0.0.7 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.15 area 0
network 192.168.3.16 0.0.0.15 area 0
network 192.168.3.32 0.0.0.7 area 0
network 192.168.3.40 0.0.0.7 area 0
network 192.168.2.0 0.0.0.255 area 0
network 10.0.0.4 0.0.0.3 area 0
crypto key generate rsa
How many bits in the modulus [512]: 1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh

line vty 5 15
login local
transport input ssh

ntp server 192.168.1.5

logging host 192.168.1.5

♦ Switch0 (HQ_SW1) Configurations:

hostname HQ_SW1

enable password Cisco@123

ip dhcp excluded-address 192.168.1.5

username Osama privilege 1 password Cisco@123

ip domain-name osamalab.com

spanning-tree mode pvst

spanning-tree portfast bpduguard default
spanning-tree extend system-id

interface Port-channel1
switchport trunk native vlan 99
switchport mode trunk
interface Port-channel2
switchport trunk native vlan 99
switchport mode trunk

interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
channel-group 1 mode desirable

interface FastEthernet0/2
switchport trunk native vlan 99
switchport mode trunk
channel-group 1 mode desirable

interface FastEthernet0/3
switchport trunk native vlan 99
switchport mode trunk
channel-group 2 mode desirable

interface FastEthernet0/4
switchport trunk native vlan 99
switchport mode trunk
channel-group 2 mode desirable

interface FastEthernet0/5
switchport access vlan 20
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

interface FastEthernet0/7
switchport access vlan 10
switchport mode access

interface FastEthernet0/8
switchport access vlan 20
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

interface FastEthernet0/9
switchport access vlan 20
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

interface FastEthernet0/10
switchport access vlan 20
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

interface FastEthernet0/12
switchport access vlan 30
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

interface FastEthernet0/13
switchport access vlan 30
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

interface FastEthernet0/14
switchport access vlan 30
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict
interface Vlan10
mac-address 00e0.a331.1701
ip address dhcp

logging 192.168.1.5

crypto key generate rsa

How many bits in the modulus [512]: 1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh

line vty 5 15
login local
transport input ssh

ntp server 192.168.1.5

♦ Switch1 (HQ_SW2) Configurations:

hostname HQ_SW2

enable password Cisco@123

username Osama privilege 1 password Cisco@123

ip domain-name osamalab.com

spanning-tree portfast bpduguard default – disabled BPDU on access ports

interface Port-channel3
switchport trunk native vlan 99
switchport mode trunk

interface Port-channel4
switchport trunk native vlan 99
switchport mode trunk

interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
channel-group 3 mode desirable

interface FastEthernet0/2
switchport trunk native vlan 99
switchport mode trunk
channel-group 3 mode desirable

interface FastEthernet0/3
switchport mode trunk
channel-group 4 mode desirable
shutdown

interface FastEthernet0/4
switchport mode trunk
channel-group 4 mode desirable
shutdown

interface FastEthernet0/5 – map port to the VLAN

switchport access vlan 40
switchport mode access
switchport port-security – configuration port security
switchport port-security maximum 5
switchport port-security mac-address sticky
 spanning-tree bpduguard enable

interface FastEthernet0/6
switchport access vlan 50
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky

interface FastEthernet0/7
switchport access vlan 5
switchport mode access

interface FastEthernet0/8
switchport access vlan 5
switchport mode access

interface Vlan10
ip address dhcp

crypto key generate rsa

How many bits in the modulus [512]: 1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh

line vty 5 15
login local
transport input ssh

ntp server 192.168.1.5

logging host 192.168.1.5
 ♦ Router1 (BO_W_R) Configurations:

hostname BO_W_R

enable password Cisco@123

ip dhcp excluded-address 172.16.1.1

ip dhcp pool AUDITING

network 172.16.3.0 255.255.255.248
default-router 172.16.3.1
dns-server 172.16.3.1
ip dhcp pool IT
network 172.16.3.8 255.255.255.248
default-router 172.16.3.9
dns-server 172.16.3.9
domain-name wr
ip dhcp pool ADMIN
network 172.16.3.16 255.255.255.248
default-router 172.16.3.16
dns-server 172.16.3.16
domain-name wr
ip dhcp pool Mgmt
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 172.16.1.1

username Osama password 0 Cisco@123

ip domain-name osamalab.com
interface Tunnel1
ip address 192.168.20.2 255.255.255.0
mtu 1476
tunnel source Serial0/0/0
tunnel destination 200.100.10.1

interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 172.16.1.1 255.255.255.0

interface GigabitEthernet0/0.70
encapsulation dot1Q 70
ip address 172.16.3.1 255.255.255.248

interface GigabitEthernet0/0.80
encapsulation dot1Q 80
ip address 172.16.3.9 255.255.255.248

interface GigabitEthernet0/1.90
encapsulation dot1Q 90
ip address 172.16.3.17 255.255.255.248

interface Serial0/0/0
ip address 200.100.10.2 255.255.255.252
clock rate 2000000

router ospf 100

network 172.16.1.0 0.0.0.255 area 0
network 172.16.3.0 0.0.0.7 area 0
network 172.16.3.8 0.0.0.7 area 0
network 172.16.3.16 0.0.0.7 area 0
network 192.168.20.0 0.0.0.255 area 0
crypto key generate rsa
How many bits in the modulus [512]: 1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh

line vty 5 15
login local
transport input ssh

♦ Switch3 (BO_SW1) Configurations:

hostname BO_SW1

enable password Cisco@123

username Osama privilege 1 password 0 Cisco@123

ip domain-name osamalab.com

spanning-tree portfast bpduguard default

interface Port-channel1
switchport trunk native vlan 99
switchport mode trunk

interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk

interface FastEthernet0/2
switchport trunk native vlan 99
switchport mode trunk
channel-group 1 mode desirable
interface FastEthernet0/3
switchport trunk native vlan 99
switchport mode trunk
channel-group 1 mode desirable

interface FastEthernet0/4
switchport trunk native vlan 99
switchport mode trunk
channel-group 1 mode desirable

interface FastEthernet0/5
switchport access vlan 70
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

interface FastEthernet0/6
switchport access vlan 80
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

interface FastEthernet0/7
switchport access vlan 10
switchport mode access
interface Vlan10
mac-address 0001.c949.e601
ip address dhcp

logging 172.16.1.3

crypto key generate rsa

How many bits in the modulus [512]: 1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh

line vty 5 15
login local
transport input ssh

ntp server 172.16.1.3

♦ Switch4 (BO_SW2) Configurations:

hostname BO_SW2

enable password Cisco@123

username Osama privilege 1 password 0 Cisco@123

ip domain-name osamalab.com

spanning-tree portfast bpduguard default

interface Port-channel1
switchport trunk native vlan 99
switchport mode trunk
interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk

interface FastEthernet0/2
switchport trunk native vlan 99
switchport mode trunk
channel-group 1 mode desirable

interface FastEthernet0/3
switchport trunk native vlan 99
switchport mode trunk
channel-group 1 mode desirable

interface FastEthernet0/4
switchport trunk native vlan 99
switchport mode trunk
channel-group 1 mode desirable

interface FastEthernet0/5
switchport access vlan 90
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security mac-address sticky
switchport port-security violation restrict

interface Vlan10
ip address dhcp

logging 172.16.1.3

crypto key generate rsa

How many bits in the modulus [512]: 1024
ip ssh version 2
line vty 0 4
login local
transport input telnet ssh

line vty 5 15
login local
transport input ssh

ntp server 172.16.1.3

VLAN verification:

Command Description
show interface switchport Displays information about the ports, including those in
private VLANs.
show vlan Displays summary information for all VLANs.
show vlan private-vlan Displays summary information for all private VLANs.
Table (6): VLANs verification commands

OSPF verification:

Command Description
show ip route Display all routes from routing table
show ip route ospf Display all routers learned through OSPF from routing
table
show ip ospf Display basic information about OSPF
show ip ospf interface Display information about all OSPF active interfaces
show ip ospf interface serial 0/0/0 Display OSPF information about serial 0/0/0 interface
show ip ospf neighbor List all OSPF neighbors with basic info
show ip ospf neighbor detail List OSPF neighbors with detail info
show ip ospf database Display data for OSPF database
Table (7): OSPF verification commands
STP verification:

Command Description
show spanning-tree active Displays information about STP active interfaces only.
show spanning-tree bridge Displays the bridge ID, timers, and protocol for the local bridge
on the switch.
show spanning-tree brief Displays a brief summary about STP.
show spanning-tree detail Displays detailed information about STP.
show spanning-tree interface Displays the STP interface status and configuration of specified
interfaces.
show spanning-tree mst Displays information about Multiple Spanning Tree (MST)
STP.
show spanning-tree root Displays the status and configuration of the root bridge for the
STP instance to which this switch belongs.
show spanning-tree summary Displays summary information about STP.
show spanning-tree vlan Displays STP information for specified VLANs.
Table (8): STP verification commands

HSRP verification:

Command Description
show hsrp type Interface type. For more information, use the question mark (?)
online help function.
show hsrp [interface-path-id] Physical interface or virtual interface.

**Note : Use the show interfaces command to

see a list of all interfaces currently
configured on the router.

For more information about the syntax for the router, use the
question mark (?) online help function.
show hsrp group-number (Optional) Group number on the interface for which output is
displayed.
show hsrp brief (Optional) A single line of output summarizes each standby
group. The brief keyword is the default if detail is not
specified.
show hsrp detail (Optional) This keyword has the same effect as not
specifying brief ; more output is provided.
Table (9): HSRP verification commands
DHCP verification:

Command Description
Show IP DHCP Pool It used to display all of the information regarding the
DHCP address pools.
Show IP DHCP Import displays you with all the parameters which were
imported to the DHCP server database during the process
of configuration.
Show IP DHCP server statistics display the statistics regarding the DHCP server, such as
the number of address pools.
Table (10): DHCP verification commands

ACL verification:

Command Description

show access-lists Displays all access lists and their parameters configured on the
router. This command doesn't show which interface the list is
configured on.
show access-list [list #] Shows only the parameters for the access list specified. This
command does not show you the interface the list is
configured on.

show ip access-list Shows only the IP access lists configured on the router.
show ip interface Shows which interfaces have IP access lists on them.

ip access-group Applies an IP access list to an interface.

show running-config Shows the access lists and which interfaces have access lists
set.

any Keyword used to represent all hosts or networks, replaces

0.0.0.0 255.255.255.255 in access list.
host Keyword that specifies that an address should have a wildcard
mask of 0.0.0.0 (i.e will match only 1 host)

clear access-list counter Clears extended access lists counter of the number of matches
[list#] per line of the access list.
Table (11): ACL verification commands
EtherChannel verification:

Command Description
show port-channel display summary information about EtherChannels
summary
channel-group Assigns and configures a physical interface to an EtherChannel.
(Ethernet)
interface port- Creates an EtherChannel interface and enters interface
channel configuration mode.
Table (12): EtherChannel verification commands

NAT verification:

Command Description
show running-config Display NAT configuration lines you entered
are actually there in the running configuration
of the router.
show ip nat translations Display local addresses mapped to inside
global address as configured.
show ip nat statistics Display NAT statistics including the number
of translated packets or hits.
ip nat inside source Display configures a static translation
between inside local and inside global IP
addresses
Table (13): NAT verification commands

[1] Ashraf H. Ali, ""Enterprise Network Design and Implementation for Airports" by Ashraf,”
27 April 2016. [Online]. https://scholar.valpo.edu/ms_ittheses/2/. [Accessed 25 July 2020].

[2] trendmicro.com," IP Sec Example 1: Branch Office Configuration Example ", NA NA

2012.[Online].https://docs.trendmicro.com/all/ent/de/v1.5/enus/de_1.5_olh/ctm_ag/ctm1_ag_ch
3/c_vpn_example1.htm. [Accessed 25 July 2020].