Browse previously published labs by topic, track, and difficulty. Open any lab to read its objectives and troubleshooting focus. A subscription lets you download and run every daily lab published since you subscribed — the current one and each new drop — while it's active; earlier labs unlock permanently with a bundle.
Prefer to browse by theme? See all practice topics or certification tracks.
Build a small hub-and-branch network to master default static routes and the gateway of last resort. Each branch uses a default route toward the hub; the hub holds specific routes back to branch LANs. Verify routing tables and end-to-end host connectivity, then troubleshoot common misconfigurations.
+3 more objectives · 3 troubleshooting scenarios
Archive preview only
Deploy IP addressing and bidirectional static routing across a three-router topology to connect two branch LANs through an HQ hop. Practice verification from end hosts, analyze routing tables, and troubleshoot asymmetric reachability.
+3 more objectives · 3 troubleshooting scenarios
Archive preview only
Beginner CCNA lab focusing on IPv4 addressing and basic Layer 3 verification on a small branch network. You will assign IP addresses to router interfaces, confirm end-host default gateways, and verify connected reachability using host-based pings. You will also learn to read 'show ip interface brief' and 'show ip route' to confirm operational state before any routing beyond directly-connected networks is configured.
+3 more objectives · 4 troubleshooting scenarios
Archive preview only
Deploy VLANs, hardened 802.1Q trunks, router-on-a-stick inter-VLAN routing, and sticky port security in a compact branch topology. Verify from real hosts and troubleshoot common misconfigurations.
+3 more objectives · 4 troubleshooting scenarios
Archive preview only
Deploy and troubleshoot VLANs, 802.1Q trunks, and port security in a realistic small-branch ROAS design. You will stand up VLANs 10/20/99 with a hardened trunk native VLAN 999, configure sticky port security on access ports, correct a misassigned VLAN, and resolve an err-disabled port caused by a port security violation. Finish by verifying end-to-end host connectivity across VLANs.
+3 more objectives · 3 troubleshooting scenarios
Archive preview only
Beginner CCNA ACL lab on a compact 5-node CML-Free topology. You will configure static routing end-to-end, implement source NAT (PAT) at the source edge, and then build a standard numbered ACL near the destination to allow a single NATed host and a specific subnet while denying all others. You will validate with pings from end hosts, observe ACL hit counters and NAT translations, and troubleshoot common mistakes such as ACL placement, wildcard masks, and pre-/post-NAT address matching.
+5 more objectives · 3 troubleshooting scenarios
Configure a standard IPv4 ACL and bind it to the VTY lines on the HQ router so only the dedicated management host can SSH to it. Confirm that regular routed traffic between sites is unaffected, and prove both a permitted and a denied management attempt.
+3 more objectives · 3 troubleshooting scenarios
Hands-on ACL practice using named standard and extended ACLs, applied with correct placement and direction, edited by sequence number, and verified with counters and end-host tests. The lab adds a realistic NAT edge to expose order-of-operations pitfalls without obscuring data-plane ACL effects.
+4 more objectives · 3 troubleshooting scenarios
Build a two-router, one-access-switch lab with a client and a server. Establish basic IP connectivity with static routing, then implement an extended IPv4 ACL inbound on the client-facing interface to permit SSH and HTTP to the server while denying Telnet and ICMP echo. Validate from the client and review ACL hit counters for proof.
+3 more objectives · 3 troubleshooting scenarios
Dual-router Branch/HQ lab with a branch client and an HQ server. You will apply an extended IPv4 ACL inbound near the source on the Branch LAN to block specific traffic (TCP/80) while permitting others (ICMP), and a standard IPv4 ACL outbound near the destination on the HQ LAN to admit only the approved source. Validate from real hosts, confirm ACL hitcounts, and keep inter-site connectivity via static routes over a /30 transit.
+2 more objectives · 3 troubleshooting scenarios
Three-router static-routing lab with two Linux endpoints. An extended IPv4 ACL is intentionally misordered inbound near the source, causing Telnet to be permitted unexpectedly. Learners must observe first-match behavior via hit counters, enable buffered logging to see ACL log entries, and then correct the ACL sequence so Telnet is blocked while SSH and ICMP are permitted. All routers include a complete SSH management plane. The final solution forwards end-to-end and is enterprise-clean.
+3 more objectives · 3 troubleshooting scenarios
Deploy and verify multiple IPv4 ACLs on a single router that terminates three distinct LANs (Client, Server, and Management). You will place an extended ACL inbound on the Client interface to allow only specific services to the Server and block access to Management, a standard ACL outbound on the Management interface to enforce destination-side protection by source, and a VTY access-class to restrict router SSH to the Management subnet only. Validate with end-host tests that permitted flows succeed while denied flows are provably blocked, and use ACL hit counts and logs to troubleshoot.
+3 more objectives · 5 troubleshooting scenarios