Browse previously published labs by topic, track, and difficulty. Open any lab to read its objectives and troubleshooting focus. A subscription lets you download and run every daily lab published since you subscribed — the current one and each new drop — while it's active; earlier labs unlock permanently with a bundle.
Prefer to browse by theme? See all practice topics or certification tracks.
Beginner CCNA NTP lab. Two IOS routers share a single /30 link with no routing. Configure R1 as an authoritative NTP master at stratum 3 and point R2 to R1 as its NTP server. Verify using show ntp associations, show ntp status, and show clock. Emphasis: deterministic config — grading checks the presence of ntp master 3 on R1 and ntp server 10.0.0.1 on R2, not live convergence.
+3 more objectives · 4 troubleshooting scenarios
Configure a Cisco IOS router as an authoritative NTP master at a chosen stratum and point a neighbor at it as a client. Understand how NTP stratum works and verify deterministically using show commands rather than waiting for live synchronization.
+2 more objectives · 4 troubleshooting scenarios
Configure a deterministic NTP broadcast design on a single shared LAN. R1 acts as an authoritative clock (ntp master 3) and broadcasts time on its LAN interface. R2 and R3 act as broadcast clients to scale time distribution without per-client server statements. Verify broadcast associations on the clients and understand the tradeoffs vs. unicast client/server.
+3 more objectives · 5 troubleshooting scenarios
Build a small LAN with two IOS routers acting as NTP masters at different strata and a client that lists both as time sources, preferring one using the prefer keyword. All routers share a single broadcast domain via a Layer-2 switch, with no routing configured. You will deploy deterministic NTP, verify associations, and understand redundancy selection behavior.
+2 more objectives · 4 troubleshooting scenarios
Advanced NTP troubleshooting on a two-router /30. R2 never synchronizes its clock. Use show commands to diagnose, then correct the design intent so R2 deterministically references R1, and R1 is an authoritative time source at the agreed stratum. The starter ships with a pre-broken NTP configuration already applied; your job is to find and fix two independent faults.
+2 more objectives · 3 troubleshooting scenarios
Configure a Cisco IOS router as an authoritative NTP master and restrict which clients it will serve using an NTP access-group with a standard ACL. One shared LAN (no routing) connects three routers through a Layer-2 switch. Only R2 is authorized to receive time from R1; R3 is denied. Learners deploy, verify, and troubleshoot the access-group behavior.
+3 more objectives · 5 troubleshooting scenarios
Configure NTP MD5 authentication so a client (R2) synchronizes only to a trusted, authenticated master (R1). R1 is already an authoritative clock (ntp master 3). You will enable NTP authentication on both routers, define and trust key 1, and bind the key on R2's ntp server statement. Verification focuses on authenticated associations and status; actual time lock may take minutes and is not graded.
+2 more objectives · 5 troubleshooting scenarios
Configure two Cisco IOS routers as symmetric-active NTP peers over a single /30 link. R1 is an authoritative clock (ntp master 4) and both routers form a symmetric peer relationship with ntp peer. Learn how peer mode differs from client/server, and how to verify and troubleshoot associations without relying on Internet sources.
+3 more objectives · 3 troubleshooting scenarios
Create a deterministic three-tier NTP hierarchy on a single shared LAN. R1 is the authoritative clock (ntp master 2), R2 syncs to R1, and R3 syncs to R2. No routing or additional subnets — all devices share 10.0.0.0/24 via one L2 switch. Verify with show ntp status and show ntp associations.
+4 more objectives · 5 troubleshooting scenarios
Harden the management plane of a single IOS router by throttling brute-force login attempts and presenting a legal-warning banner. You will enable SSH-based management, configure login block-for and delay to resist password-guessing, and verify behavior from an ADMIN Linux workstation.
+3 more objectives · 5 troubleshooting scenarios
Harden the management-plane SSH service on a single Cisco IOS router so only SSHv2 is permitted and session limits are tightened. The baseline lab already has working SSH. You will enforce SSH version 2, set a 60-second authentication timeout, and limit authentication retries to 2. You will also regenerate a 2048-bit RSA key (an exec-only step) and validate with show commands.
+3 more objectives · 4 troubleshooting scenarios
Harden privileged access on a single IOS router by configuring a hashed enable secret, creating a local admin user with privilege 15 and a secret, and enabling service password-encryption. Verify that privileged access requires the secret and that the running-config contains no cleartext passwords.
+2 more objectives · 4 troubleshooting scenarios