Lab Portfolio

The First 12 Foundation Labs

Foundation first — no OSPF or BGP before the basics are stone. Every lab follows the same loop: build it, verify it, break it on purpose, troubleshoot it back, then commit the proof (.pkt file, running config, topology screenshot, notes) to the GitHub repo under labs/beginner/.

Set each lab's status as you go — it's saved in your browser and feeds the homepage dashboard.

# Labs 01–12

LAB 01 — PC to PC Network

Beginner

Goal: understand IP address, subnet mask and ping — the atom of networking.

Topology: PC0 ↔ crossover cable ↔ PC1. No switch, no router.

Tools: Cisco Packet Tracer.

Problem: make two PCs talk with nothing between them but a cable.

PC0: 192.168.1.1  /  255.255.255.0
PC1: 192.168.1.2  /  255.255.255.0
Verify:  ping 192.168.1.2   and   ipconfig

Expected result: ping succeeds both directions, 0% loss.

Break it: change PC1's mask to 255.255.255.128 — watch the ping die. Explain exactly why before fixing it.

Proof to commit: labs/beginner/lab01/ → topology.png, lab01.pkt, notes.md

Interview answer: "An IP address identifies a host; the subnet mask defines which addresses are on the same network. Two hosts on the same subnet can talk directly — I proved it with two PCs and one cable, then broke it with a mismatched mask and explained the failure."

LAB 02 — Switch Basics

Beginner

Goal: connect multiple PCs through a switch and see how it learns MAC addresses.

Topology: 4 PCs → 1 switch (2960), all in 192.168.1.0/24.

Tools: Packet Tracer.

Problem: all four PCs must ping each other; then explain how the switch knew where to send each frame.

Switch> enable
Switch# show mac address-table
Switch# show interfaces status

Expected result: full connectivity; MAC table shows one entry per PC after pings.

Break it: give two PCs the same IP address — observe the chaos, then fix and document the symptom.

Proof to commit: labs/beginner/lab02/ → topology.png, lab02.pkt, mac-table.txt, notes.md

Interview answer: "A switch learns MAC addresses from incoming frames and forwards based on its MAC table, flooding only unknown destinations. I watched the table populate live with show mac address-table."

LAB 03 — Basic Commands Survival Kit

Beginner

Goal: own the everyday commands — show, ping, ipconfig, tracert — plus basic device setup.

Topology: reuse Lab 02 (4 PCs + switch).

Problem: name the switch, secure console access, save the config, and inspect everything.

Switch(config)# hostname SW1
SW1(config)# line console 0
SW1(config-line)# password ****  /  login
SW1# copy running-config startup-config
SW1# show running-config | show version | show ip interface brief
PC:  ipconfig /all   ping   tracert

Expected result: hostname set, console protected, config survives a reload.

Break it: configure everything, reload without saving — feel the pain once so you never forget copy run start.

Proof to commit: labs/beginner/lab03/ → running-config.txt, notes.md

Interview answer: "My first checks on any device are show ip interface brief for port/IP state and show running-config for the live config. I save with copy run start — I learned the hard way what a reload does to unsaved work."

LAB 04 — Subnetting a Small Office

Core

Goal: divide one network into smaller networks on paper, then prove the boundaries in a lab.

Topology: 1 switch, 4 PCs — two PCs in 192.168.10.0/26, two in 192.168.10.64/26.

Problem: split 192.168.10.0/24 into 4 subnets for 4 departments. Document network, broadcast and usable range for each.

192.168.10.0/26   → .1–.62    (Dept A)
192.168.10.64/26  → .65–.126  (Dept B)
192.168.10.128/26 → .129–.190 (Dept C)
192.168.10.192/26 → .193–.254 (Dept D)

Expected result: same-subnet PCs ping each other; cross-subnet pings FAIL — and I can explain that this failure is correct and why a router is needed (that's Lab 07/09).

Break it: put a PC's IP in one subnet but its gateway in another — predict the symptom before testing.

Proof to commit: labs/beginner/lab04/ → subnet-plan.md, topology.png, lab04.pkt

Interview answer: "I can take a /24 and split it into right-sized subnets, documenting network, broadcast and usable ranges. I also know hosts in different subnets can't communicate without a router — I built a lab that proves it."

LAB 05 — VLAN Basics: HR vs IT

Core

Goal: separate two departments logically on one physical switch.

Topology: 1 switch, 4 PCs — 2 in VLAN 10 (HR), 2 in VLAN 20 (IT).

SW1(config)# vlan 10
SW1(config-vlan)# name HR
SW1(config)# vlan 20
SW1(config-vlan)# name IT
SW1(config)# interface fa0/1
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10
Verify: show vlan brief

Expected result: HR pings HR, IT pings IT, HR cannot ping IT — isolation proven.

Break it: move one HR PC's port into VLAN 20 "by accident" — diagnose using show vlan brief, then correct the access port.

Proof to commit: labs/beginner/lab05/ → topology.png, lab05.pkt, show-vlan-brief.txt, notes.md

Interview answer: "A VLAN is a logical separation inside a switch. I used VLANs to separate HR and IT traffic and verified both connectivity and isolation with show vlan brief and ping tests."

LAB 06 — Trunking Between Switches

Core

Goal: pass multiple VLANs between two switches over one link.

Topology: 2 switches connected; VLAN 10 and VLAN 20 PCs on both.

SW1(config)# interface gi0/1
SW1(config-if)# switchport mode trunk
Verify: show interfaces trunk

Expected result: VLAN 10 PC on SW1 pings VLAN 10 PC on SW2; VLANs stay isolated from each other across both switches.

Break it: leave the inter-switch link in access mode — the classic fault. Diagnose with show interfaces trunk before fixing.

Proof to commit: labs/beginner/lab06/ → topology.png, lab06.pkt, trunk-verify.txt, notes.md → and a matching entry on the Mistakes page.

Interview answer: "VLANs can't cross switches unless the inter-switch link is a trunk carrying 802.1Q tags. I've hit the exact failure — access-mode link between switches — and fixed it after reading show interfaces trunk."

LAB 07 — Router-on-a-Stick

Core

Goal: let VLANs communicate — controlled, routed, on purpose.

Topology: Lab 06 topology + 1 router on a trunk port.

R1(config)# interface gi0/0.10
R1(config-subif)# encapsulation dot1Q 10
R1(config-subif)# ip address 192.168.10.1 255.255.255.0
R1(config)# interface gi0/0.20
R1(config-subif)# encapsulation dot1Q 20
R1(config-subif)# ip address 192.168.20.1 255.255.255.0

Expected result: HR pings IT — through the router. tracert shows the gateway hop.

Break it: swap the dot1Q VLAN IDs on the two subinterfaces — a subtle, realistic fault. Find it from the symptoms.

Proof to commit: labs/beginner/lab07/ → topology.png, lab07.pkt, router-config.txt, notes.md

Interview answer: "Inter-VLAN routing needs a Layer 3 device. I configured router-on-a-stick with dot1Q subinterfaces so each VLAN's gateway lives on one physical router port."

LAB 08 — DHCP

Core

Goal: automatically assign IP addresses instead of typing them.

Topology: Lab 07 topology; router becomes the DHCP server for both VLANs.

R1(config)# ip dhcp excluded-address 192.168.10.1 192.168.10.10
R1(config)# ip dhcp pool HR
R1(dhcp-config)# network 192.168.10.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.10.1
R1(dhcp-config)# dns-server 8.8.8.8
Verify: show ip dhcp binding   /   PC: ipconfig /renew

Expected result: all PCs switched to DHCP get correct IP, mask, gateway and DNS automatically.

Break it: remove the default-router line from one pool — clients get IPs but can't leave the subnet. Diagnose from the client side first.

Proof to commit: labs/beginner/lab08/ → topology.png, lab08.pkt, dhcp-bindings.txt, notes.md

Interview answer: "DHCP hands out IP, mask, gateway and DNS through the DORA exchange. I've configured pools with exclusions on a router and debugged a missing default-router option from the client's symptoms."

LAB 09 — Static Routing

Core

Goal: connect two routers manually — understand routing before any protocol does it for you.

Topology: LAN A — R1 — link — R2 — LAN B.

R1(config)# ip route 192.168.2.0 255.255.255.0 10.0.0.2
R2(config)# ip route 192.168.1.0 255.255.255.0 10.0.0.1
Verify: show ip route

Expected result: PCs in LAN A ping PCs in LAN B; show ip route shows the S (static) entries.

Break it: delete only R2's route — ping fails even though R1's route is perfect. Lesson: traffic needs a return path.

Proof to commit: labs/beginner/lab09/ → topology.png, lab09.pkt, routing-tables.txt, notes.md

Interview answer: "A static route tells a router how to reach a network it isn't connected to. I've debugged one-way reachability caused by a missing return route — ping needs a path in both directions."

LAB 10 — Default Route

Core

Goal: send all unknown traffic to one gateway — how every office reaches the internet.

Topology: Lab 09 + a third router acting as "ISP".

R1(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.1
Verify: show ip route   → look for S* (gateway of last resort)

Expected result: PCs reach the simulated ISP loopback without a specific route; tracert shows the path.

Break it: point the default route at the wrong next hop — packets leave but vanish. Trace where they die.

Proof to commit: labs/beginner/lab10/ → topology.png, lab10.pkt, notes.md

Interview answer: "A default route (0.0.0.0/0) is the gateway of last resort — used when no more specific route matches. It's how branch offices send everything toward the internet edge."

LAB 11 — Basic OSPF

Challenge

Goal: let routers exchange routes dynamically — my first routing protocol.

Topology: Lab 09's two routers (+ optionally a third), static routes removed.

R1(config)# router ospf 1
R1(config-router)# network 192.168.1.0 0.0.0.255 area 0
R1(config-router)# network 10.0.0.0 0.0.0.3 area 0
Verify: show ip ospf neighbor   /   show ip route ospf

Expected result: neighbor state FULL; O routes appear in the routing table; end-to-end ping works with zero static routes.

Break it: put one router's link in area 1 while the other stays in area 0 — adjacency never forms. Diagnose with show ip ospf neighbor.

Proof to commit: labs/beginner/lab11/ → topology.png, lab11.pkt, ospf-neighbors.txt, notes.md

Interview answer: "OSPF is a link-state protocol where routers form adjacencies and exchange topology info. I've formed adjacencies, read the OSPF routes in the table, and troubleshot a neighbor stuck because of an area mismatch."

LAB 12 — The Troubleshooting Gauntlet

Challenge

Goal: fix a deliberately broken network using a strict method — the final exam of the foundation.

Topology: the full Lab 11 network with 4+ planted faults: a wrong IP, a wrong VLAN assignment, an access-mode trunk, a missing gateway, a broken OSPF area.

Method (no guessing allowed):

1. Physical/link:  show interfaces status
2. VLANs:          show vlan brief / show interfaces trunk
3. Addressing:     ipconfig / show ip interface brief
4. Gateway:        ping own gateway first
5. Routing:        show ip route / show ip ospf neighbor
Document each fault like a ticket: symptom → checks → root cause → fix

Expected result: every PC reaches every network; all faults written up on the Mistakes page.

Proof to commit: labs/beginner/lab12/ → broken.pkt, fixed.pkt, tickets.md

Interview answer: "I troubleshoot layer by layer — physical, then VLANs, then addressing, then gateway, then routing — and I document each fix like a ticket. I built a multi-fault lab specifically to drill that discipline."
After Lab 12: the foundation is real. The next lab sets live on the level pages — CCST labs, CCNA labs, CCNP labs — each following this same build → break → prove format.