SNMPv3 AuthPriv Monitoring
Harden the monitoring plane by replacing cleartext SNMPv2c with authenticated and encrypted SNMPv3 (authPriv) on R1. You will create a v3 group that requires privacy and a user with SHA authentication and AES-128 encryption, then verify the configuration. The flat management LAN avoids routing complexity so you can focus on the security mechanics of SNMPv3.
EtherChannel Troubleshooting Capstone (L2 LACP)
Advanced CCNP EtherChannel troubleshooting capstone on Cisco IOS L2 switches. Two ioll2-xe switches are joined by two parallel links intended to bundle as one LACP Port-channel. The lab ships pre-broken with two independent faults on SW1: the parallel links are placed into different channel-groups and their switchport L2 parameters are inconsistent. Learners must use show commands to diagnose, then correct both faults so Port-channel 100 bundles both members as an access link for VLAN 100, restoring host-to-host reachability.
NAT at the Internet Edge with Default Routing
Build an Internet-edge NAT design that reaches beyond the ISP to a real external network. You will configure dynamic PAT (overload) from a private LAN to a public /29 using a NAT pool on the edge router, with the router’s default route already pointing to the ISP. Verify that an inside host can reach a public server across the ISP and that translations, counters, and default routing reflect the expected state.
CCNA NAT1: Static One-to-One NAT with ISP
Build a small but realistic edge topology and configure static one-to-one NAT on R1 so the inside host PC-A (192.168.10.10) always translates to 203.0.113.3. Validate bidirectional reachability with an upstream ISP router and a public server one hop further. Verify translation state and counters on R1 and connectivity from both ends.
CCNA NAT4: PAT Overload onto a Pool
Implement Port Address Translation (PAT) using a one-address NAT pool so multiple inside hosts share a single public IP. Reuse the same 5-node topology and addressing as the prior lab; convert the pool to a single address and enable overload. Verify simultaneous connectivity from two inside hosts, observe translations and counters, and contrast with prior pool-exhaustion behavior.
CCNA Port Security 5: Violation Shutdown & Manual Recovery
Hands-on CCNA L2 switching lab: build a small campus with a distribution switch and two access switches carrying a shared user VLAN over 802.1Q trunks. Harden access ports with sticky port-security in violation shutdown mode. Intentionally seed and diagnose broken trunks/host VLANs, restore end-to-end host reachability, then trigger a port-security violation to observe err-disabled behavior and perform manual recovery.