← Back to all projects

CISCO NETWORKING NO HARDWARE PROJECTS

Learn Cisco Networking: From Zero to CCNA (Without Hardware)

Goal: Deeply understand networking protocols, Cisco IOS command-line mastery, and network architecture—from packet flow to complex routing scenarios—using industry-standard simulators and protocol analyzers, effectively preparing for certification without buying a single physical router.

Why Cisco Networking Matters

The internet runs on networking protocols, and for decades, Cisco has defined the standard for enterprise infrastructure. Even if you switch to Juniper, Arista, or cloud networking (AWS/Azure), the foundational concepts—IP addressing, subnetting, routing tables, and switching logic—remain identical.

Learning “Cisco” isn’t just about learning a vendor; it’s about learning how the internet works.

The Challenge: Hardware is expensive, loud, and power-hungry. The Solution: Simulation. Tools like Cisco Packet Tracer (free) and GNS3/EVE-NG allow you to build networks larger and more complex than you could ever afford physically.

Core Concept Analysis

1. The OSI Model & Encapsulation

Data doesn’t just “move”. It is wrapped (encapsulated) in layers of headers, like nested envelopes.

DATA FLOW (Encapsulation):
┌───────────────────────────────┐
│ Layer 7: Application (HTTP)   │ "Get webpage"
├───────────────────────────────┤
│ Layer 4: Transport (TCP)      │ "Port 80, Seq 1, Ack 1"
├───────────────────────────────┤
│ Layer 3: Network (IP)         │ "Src: 192.168.1.5, Dst: 8.8.8.8"
├───────────────────────────────┤
│ Layer 2: Data Link (Ethernet) │ "Src MAC: AA:BB..., Dst MAC: CC:DD..."
├───────────────────────────────┤
│ Layer 1: Physical (Bits)      │ 101010101...
└───────────────────────────────┘

2. Switching Logic (Layer 2)

Switches connect devices within a network. They make decisions based on MAC Addresses.

  • Invariants:
    • A switch learns MAC addresses by listening to incoming frames.
    • If destination MAC is unknown, it “floods” the frame out all ports.
    • Loops are fatal (Broadcast Storms); STP (Spanning Tree Protocol) prevents them.

3. Routing Logic (Layer 3)

Routers connect different networks. They make decisions based on IP Addresses.

  • Invariants:
    • Routers do not forward Broadcasts.
    • The “Longest Prefix Match” always wins in the routing table.
    • Specificity > Protocol Preference (Admin Distance) > Metric.
ROUTING DECISION:
Packet to 10.1.1.5
┌─────────────────────────────┐
│ Routing Table               │
├─────────────────────────────┤
│ A) 10.0.0.0/8   via Fa0/0   │ (Match, but short prefix)
│ B) 10.1.1.0/24  via Fa0/1   │ (Match, longer prefix) -> WINNER
│ C) 0.0.0.0/0    via Ser0/0  │ (Default, shortest prefix)
└─────────────────────────────┘

Concept Summary Table

Concept Cluster What You Need to Internalize
Subnetting The binary math that defines network boundaries. 1s represent the network, 0s the host.
VLANs Logically slicing one physical switch into multiple virtual switches for security/efficiency.
Routing Protocols How routers “gossip” to learn paths dynamically (OSPF, EIGRP, BGP).
ACLs The firewall rules. “Permit this, deny that.” Order of operations matters enormously.
NAT Translating private (internal) IPs to public (internet) IPs. The reason IPv4 still survives.

Deep Dive Reading by Concept

This section maps each core concept to specific resources.

Foundation (Subnetting & Ethernet)

Concept Resource
Subnetting “CCNA 200-301 Official Cert Guide, Vol 1” by Wendell Odom — Part III: IP Addressing
Ethernet/Switching “CCNA 200-301 Official Cert Guide, Vol 1” — Part II: Ethernet LANs

Routing & Protocols

Concept Resource
Routing Logic “Routing TCP/IP, Volume 1” by Jeff Doyle — Chapter 1-2 (The bible of routing)
OSPF “CCNA 200-301 Official Cert Guide, Vol 1” — Part V: OSPF

Troubleshooting & Tools

Concept Resource
Packet Analysis “Wireshark 101” by Laura Chappell
Real World logic “Network Warrior” by Gary A. Donahue — Anything on “What happens when you plug it in”

Essential Reading Order

  1. Foundation: Official Cert Guide (Odom) - Chapters on TCP/IP and Subnetting.
  2. Practice: Network Warrior - To understand why the theory breaks in real life.

Project List

These projects are designed to be built in Cisco Packet Tracer (Free from Cisco Networking Academy) or GNS3 (Advanced).

Project 1: The “Paper” Router (Subnetting Engine)

  • File: CISCO_NETWORKING_NO_HARDWARE_PROJECTS.md
  • Main Programming Language: Python
  • Alternative Programming Languages: C, Go, JavaScript
  • Coolness Level: Level 2: Practical but Forgettable
  • Business Potential: 1. The “Resume Gold” (Shows fundamental understanding)
  • Difficulty: Level 2: Intermediate
  • Knowledge Area: IP Addressing / Binary Math
  • Software or Tool: Code Editor + CLI
  • Main Book: “CCNA 200-301 Official Cert Guide” (Subnetting Chapters)

What you’ll build: A command-line tool that takes an IP address and CIDR (e.g., 192.168.1.15/26) and calculates the Network ID, Broadcast Address, First/Last Usable Host, and Number of Hosts—implementing the binary logic yourself without using libraries like ipaddress.

Why it teaches Cisco: Subnetting is the barrier to entry for networking. If you can’t calculate a subnet mask in your head, you cannot configure a router. Building the calculator forces you to deal with the bitwise AND/OR operations that routers actually perform in hardware.

Core challenges you’ll face:

  • Binary Conversion: Converting 192 to 11000000.
  • Bitwise ANDing: Applying the Mask 255.255.255.192 to the IP to find the Network ID.
  • CIDR Math: Calculating that /26 means “64 total IPs, 62 usable”.

Key Concepts:

  • IPv4 Addressing: RFC 791.
  • Subnet Masks: Defining the boundary between “Network” and “Host”.
  • Bitwise Operations: AND, OR, NOT logic.

Difficulty: Beginner/Intermediate Time estimate: Weekend Prerequisites: Basic coding, binary arithmetic.

Real World Outcome

A CLI tool you can trust for your own networking exams/labs.

Example Output:

$ python subnet_calc.py 172.16.50.55/20

--- Subnet Analysis ---
IP Address:       172.16.50.55
Subnet Mask:      255.255.240.0
Network ID:       172.16.48.0
Broadcast Addr:   172.16.63.255
Range:            172.16.48.1 - 172.16.63.254
Total Hosts:      4096
Usable Hosts:     4094
Binary Netmask:   11111111.11111111.11110000.00000000

The Core Question You’re Answering

“How does a router know that 192.168.1.1 and 192.168.1.200 are on the same local network?”

Concepts You Must Understand First

Stop and research these before coding:

  1. The Magic Number:
    • In a /26 network, what is the “block size”? (Answer: 64).
    • Why? 32 - 26 = 6 bits. 2^6 = 64.
  2. Bitwise AND:
    • 1 & 1 = 1
    • 1 & 0 = 0
    • Network ID = IP_Addr & Subnet_Mask

Questions to Guide Your Design

  1. Input Parsing: How do you split “192.168.1.1” into four integers?
  2. Calculation: How do you turn /24 into 255.255.255.0 programmatically? (Shift bits).

Thinking Exercise

Manual ANDing

Scenario: IP: 192.168.10.5 Mask: 255.255.255.240 (/28)

  1. Convert last octet 5 to binary: 00000101
  2. Convert mask 240 to binary: 11110000
  3. Perform AND: 
      00000101
& 11110000
----------
  00000000  -> 0 (Network ID for last octet)
  4. Find Broadcast: Invert the host bits of the Network ID (last 4 bits become 1) -> 00001111 -> 15.

The Interview Questions They’ll Ask

  1. “Why do we subtract 2 from the number of usable hosts?” (Network ID and Broadcast Address).
  2. “What is a /30 subnet used for?” (Point-to-point links, only 2 hosts).
  3. “If a PC tries to ping an IP outside its subnet mask range, where does it send the packet?” (To the Default Gateway).

Hints in Layers

Hint 1: The Math Don’t use strings for math. Convert the whole IP to a single 32-bit integer first.

Hint 2: Mask Generation A mask from CIDR n is (0xFFFFFFFF << (32 - n)) & 0xFFFFFFFF.

Hint 3: Formatting Write a helper function to_dotted_quad(int) to convert back to “x.x.x.x”.

Books That Will Help

Topic Book Chapter
IP Addressing “CCNA Official Cert Guide” Part III
Python Bitwise “Fluent Python” (Look up bitwise operators)

Project 2: Packet Tracer - The “First Boot” (SOHO Setup)

  • File: CISCO_NETWORKING_NO_HARDWARE_PROJECTS.md
  • Main Programming Language: Cisco IOS (CLI)
  • Alternative Programming Languages: None
  • Coolness Level: Level 2: Practical
  • Business Potential: 3. The “Service & Support” Model
  • Difficulty: Level 1: Beginner
  • Knowledge Area: Basic Configuration / CLI Mastery
  • Software or Tool: Cisco Packet Tracer (Free)
  • Main Book: “CCNA 200-301 Official Cert Guide” (CLI Basics)

What you’ll build: A complete Small Office Home Office (SOHO) network simulation. You will drag-and-drop a Router (ISR 4321), a Switch (2960), and 3 PCs. You will configure hostnames, secure the “User Exec” and “Privileged Exec” modes with passwords, configure SSH (crypto keys), and enable DHCP so PCs get IPs automatically.

Why it teaches Cisco: This is the “Hello World” of networking. You will learn the command hierarchy (User -> Privileged -> Global Config -> Interface Config) which is the interface for 90% of the world’s networking infrastructure.

Core challenges you’ll face:

  • Mode Confusion: Typing interface gig0/0 when you aren’t in configure terminal.
  • Saving Config: Realizing that rebooting the router wipes your work unless you copy run start.
  • SSH Setup: Generating crypto keys requires a domain name to be set first.

Key Concepts:

  • The IOS Command Modes: > vs # vs (config)#.
  • VTY Lines: Virtual Teletype (how you connect remotely).
  • DHCP DORA Process: Discover, Offer, Request, Acknowledge.

Difficulty: Beginner Time estimate: Weekend Prerequisites: None.

Real World Outcome

A .pkt (Packet Tracer) file where:

  1. All PCs have IP addresses (192.168.1.x) assigned by the Router.
  2. You can open a terminal on a PC, type ssh admin@192.168.1.1, and log into the router.
  3. Pings between all devices succeed.

Example Output (Router CLI):

Router> enable
Password: 
Router# show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0/0   192.168.1.1     YES manual up                    up
Vlan1                  unassigned      YES unset  administratively down down

The Core Question You’re Answering

“How do I configure a bare-metal box to talk to the world?”

Concepts You Must Understand First

Stop and research these before coding:

  1. Running-Config vs Startup-Config:
    • Where is running-config stored? (RAM).
    • Where is startup-config stored? (NVRAM).
  2. The Prompt:
    • Router> = User Mode (Look but don’t touch).
    • Router# = Privileged Mode (God mode).
    • Router(config)# = Configuration Mode (Change things).

Questions to Guide Your Design

  1. Security: Why do we use service password-encryption? (To hide plain-text passwords in the config file).
  2. Access: Why configure line vty 0 4? (To allow 5 simultaneous SSH/Telnet connections).

Thinking Exercise

The Boot Sequence

Trace what happens when a Cisco router boots:

  1. POST (Power On Self Test).
  2. Bootstrap loads from ROM.
  3. IOS Image loads from Flash.
  4. Startup Config loads from NVRAM. If step 4 fails, it enters “Setup Mode” (Wizard).

The Interview Questions They’ll Ask

  1. “What is the command to save the configuration?” (copy running-config startup-config or write memory).
  2. “How do you encrypt all plaintext passwords in the configuration file?” (service password-encryption).
  3. “What does no shutdown do?” (Powers up the interface layer).

Hints in Layers

Hint 1: Basic Config enable, conf t, hostname MyRouter.

Hint 2: Interfaces int g0/0/0, ip address 192.168.1.1 255.255.255.0, no shut.

Hint 3: SSH ip domain-name lab.local, crypto key generate rsa, ip ssh version 2.

Books That Will Help

Topic Book Chapter
CLI Basics “CCNA Official Cert Guide” Part I
SSH Config “Network Warrior” Security Chapters

Project 3: The VLAN Divider (Switching Mastery)

  • File: CISCO_NETWORKING_NO_HARDWARE_PROJECTS.md
  • Main Programming Language: Cisco IOS
  • Alternative Programming Languages: None
  • Coolness Level: Level 3: Genuinely Clever
  • Business Potential: 4. The “Open Core” Infrastructure (Enterprise Essentials)
  • Difficulty: Level 2: Intermediate
  • Knowledge Area: Switching / Layer 2
  • Software or Tool: Cisco Packet Tracer
  • Main Book: “CCNA 200-301 Official Cert Guide” (Switching)

What you’ll build: An office network with 3 departments: Sales, Engineering, and Management. They are physically connected to the same switch, but logical separated into VLANs (10, 20, 30). You will prove that Sales cannot ping Engineering. Then, you will configure a “Trunk” link to a second switch, allowing Sales on Floor 1 to talk to Sales on Floor 2.

Why it teaches Switching: VLANs are the fundamental building block of modern networks. They reduce broadcast domains and provide security. Trunks (802.1Q) are how VLANs traverse multiple switches.

Core challenges you’ll face:

  • VLAN Tagging: Understanding that frames inside the switch have tags, but frames leaving access ports do not.
  • Trunk Configuration: Setting up 802.1Q trunks and allowing specific VLANs.
  • Native VLAN Mismatches: A common configuration error that causes leaks.

Key Concepts:

  • Access Ports: Connect to PCs (untagged).
  • Trunk Ports: Connect to Switches (tagged).
  • 802.1Q: The standard protocol for VLAN tagging.
  • Broadcast Domains: Each VLAN is a separate broadcast domain.

Difficulty: Intermediate Time estimate: 1 Week Prerequisites: Project 2.

Real World Outcome

A simulation where:

  1. PC A (VLAN 10) can ping PC B (VLAN 10, different switch).
  2. PC A (VLAN 10) cannot ping PC C (VLAN 20, same switch).
  3. show vlan brief displays a clean, segmented network.

Example Output:

Switch# show int trunk

Port        Mode         Encapsulation  Status        Native vlan
Gig0/1      on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gig0/1      1-4094

The Core Question You’re Answering

“How do I securely separate departments sharing the same infrastructure?”

Concepts You Must Understand First

Stop and research these before coding:

  1. The Tag:
    • Where is the VLAN tag inserted in the Ethernet frame? (Between Source MAC and Type/Length).
    • What happens to the tag when it leaves an Access port? (It is stripped off).
  2. Native VLAN:
    • What happens to untagged traffic on a trunk? (It goes to the Native VLAN).

Questions to Guide Your Design

  1. Design: Which ports go to PCs? (Fa0/1 - Fa0/10). Which go to other switches? (Gi0/1).
  2. Security: Should unused ports be left in VLAN 1? (No, move them to a “parking” VLAN and shut them down).

Thinking Exercise

The Frame’s Journey

Trace a ping from Sales-Floor1 to Sales-Floor2:

  1. PC sends standard frame.
  2. Switch 1 receives on Access Port (VLAN 10).
  3. Switch 1 adds “VLAN 10” tag.
  4. Switch 1 sends out Trunk Port.
  5. Switch 2 receives tagged frame.
  6. Switch 2 sees “VLAN 10”, looks up destination MAC in VLAN 10 table.
  7. Switch 2 strips tag, sends out Access Port to Sales-Floor2.

The Interview Questions They’ll Ask

  1. “What is the difference between an access port and a trunk port?”
  2. “What happens if the Native VLANs do not match on both ends of a trunk?” (VLAN hopping attacks / Spanning Tree errors).
  3. “Why do we prune VLANs on trunks?” (To save bandwidth by not sending unnecessary broadcasts).

Hints in Layers

Hint 1: Creating VLANs vlan 10, name Sales.

Hint 2: Port Assignment int range f0/1-5, switchport mode access, switchport access vlan 10.

Hint 3: Trunking int g0/1, switchport mode trunk.

Books That Will Help

Topic Book Chapter
Switching “CCNA Official Cert Guide” Part II
VLANs “Network Warrior” Chapter 3

Project 4: The “Loop” (Spanning Tree Protocol Observer)

  • File: CISCO_NETWORKING_NO_HARDWARE_PROJECTS.md
  • Main Programming Language: Cisco IOS
  • Alternative Programming Languages: None
  • Coolness Level: Level 3: Genuinely Clever
  • Business Potential: 3. The “Service & Support” Model
  • Difficulty: Level 3: Advanced
  • Knowledge Area: Redundancy / STP
  • Software or Tool: Cisco Packet Tracer
  • Main Book: “CCNA 200-301 Official Cert Guide” (STP Chapters)

What you’ll build: A network with intentional physical loops. You will connect 3 switches in a triangle. Without STP, this would crash the network in seconds (Broadcast Storm). You will observe STP blocking one port (amber light in Packet Tracer). You will then manipulate the “Root Bridge” election to force traffic to take a different path.

Why it teaches Redundancy: Redundancy is required for reliability, but loops are fatal for Ethernet. STP is the protocol that allows redundancy without death. Understanding Root Bridges, Path Cost, and Port States is critical for troubleshooting “random” network outages.

Core challenges you’ll face:

  • Understanding the Election: Why did Switch B become Root? (Lowest MAC address / Priority).
  • Manipulating Priority: Changing spanning-tree vlan 1 priority to force a specific switch to lead.
  • Convergence Time: Waiting 30-50 seconds for amber lights to turn green (and learning how PortFast fixes this for PCs).

Key Concepts:

  • BPDU: Bridge Protocol Data Unit (the “heartbeat” of STP).
  • Root Bridge: The king of the topology.
  • Block vs Forward: The states of a port.

Difficulty: Intermediate Time estimate: 1 Week Prerequisites: Project 3.

Real World Outcome

A simulation where you can cut a cable (delete link) and watch the network “heal” itself as the blocked port automatically turns green and starts forwarding traffic.

The Core Question You’re Answering

“How do I build a network that survives a cable cut without creating a death loop?”

Concepts You Must Understand First

Stop and research these before coding:

  1. Broadcast Storm:
    • Why does a loop cause a storm? (Because Ethernet frames have no TTL / Time To Live).
  2. STP States:
    • Blocking -> Listening -> Learning -> Forwarding.

Questions to Guide Your Design

  1. Topology: Connect Switch A -> Switch B -> Switch C -> Switch A.
  2. Observation: Use show spanning-tree to see who is Root.

Thinking Exercise

The Election

Three switches: Switch A (Priority 32768, MAC AAA) Switch B (Priority 32768, MAC BBB) Switch C (Priority 4096, MAC CCC)

  1. Who wins? (Switch C - Lowest Priority).
  2. If Switch C dies, who takes over? (Switch A - Lowest MAC among remaining, assuming AAA < BBB).

The Interview Questions They’ll Ask

  1. “What is the default STP priority?” (32768).
  2. “What does PortFast do?” (Skips Listen/Learn states, goes straight to Forwarding. Only for edge ports!).
  3. “How does Rapid STP (RSTP) differ from STP?” (Faster convergence, fewer states).

Hints in Layers

Hint 1: The Connections Use Crossover cables between switches (Packet Tracer handles this, but good to know).

Hint 2: The Command show spanning-tree vlan 1. Look for “This bridge is the root”.

Hint 3: Changing Root spanning-tree vlan 1 priority 4096.

Books That Will Help

Topic Book Chapter
Spanning Tree “CCNA Official Cert Guide” Part II

Project 5: Router on a Stick (Inter-VLAN Routing)

  • File: CISCO_NETWORKING_NO_HARDWARE_PROJECTS.md
  • Main Programming Language: Cisco IOS
  • Coolness Level: Level 3: Genuinely Clever
  • Difficulty: Level 3: Advanced
  • Knowledge Area: Routing / Switching Integration
  • Software or Tool: Packet Tracer
  • Main Book: “CCNA 200-301 Official Cert Guide” (Inter-VLAN Routing)

What you’ll build: You will integrate Project 2 (Router) and Project 3 (VLANs). You will configure a Router on a Stick. A single physical cable between Router and Switch will carry traffic for multiple VLANs using Sub-Interfaces (e.g., g0/0.10, g0/0.20). This allows Sales to email Engineering, passing through the router to cross the VLAN boundary.

Why it teaches Architecture: Layer 2 (VLANs) keeps things separate. Layer 3 (Routing) connects them. This project bridges the gap (pun intended) and is the most common topology for small networks.

Core challenges you’ll face:

  • Encapsulation Mismatch: Forgetting encapsulation dot1Q 10 on the router sub-interface.
  • Gateway Config: Setting the PC’s default gateway to the sub-interface IP, not the physical interface.
  • Trunking the Switch: The router-facing switch port MUST be a trunk.

Key Concepts:

  • Sub-Interfaces: Virtual interfaces splitting one physical port.
  • 802.1Q Encapsulation on Routers: Reading the VLAN tags.
  • Default Gateway: The “door” out of a VLAN.

Difficulty: Intermediate Time estimate: 1 Week Prerequisites: Project 2 & 3.

Real World Outcome

A simulation where a PC in VLAN 10 (192.168.10.5) can ping a PC in VLAN 20 (192.168.20.5). The traceroute will show the router IP as the first hop.

Example Router Config:

interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0

The Core Question You’re Answering

“How do distinct networks communicate while remaining logically separate?”

Concepts You Must Understand First

Stop and research these before coding:

  1. Layer 3 Switch vs Router on Stick:
    • Router on Stick uses one physical router link (bottleneck).
    • Layer 3 Switches route at hardware speed (more advanced).
  2. Native VLAN on Router:
    • The Native VLAN traffic must be untagged on the switch, and configured specifically on the router.

Questions to Guide Your Design

  1. IP Scheme: Plan this on paper first!
    • VLAN 10: 192.168.10.0/24 (GW: .1)
    • VLAN 20: 192.168.20.0/24 (GW: .1)

Thinking Exercise

Packet Walk

PC A (VLAN 10) -> Switch (Tags VLAN 10) -> Router (Subinterface .10) -> Router (Routing Logic) -> Router (Subinterface .20, Re-tags VLAN 20) -> Switch -> PC B (VLAN 20).

The Interview Questions They’ll Ask

  1. “Why is the physical interface on the router usually left with no IP address?” (Because the IPs are on the sub-interfaces).
  2. “What happens if the switch port connected to the router is Access instead of Trunk?” (Only one VLAN will work, usually the native one).

Hints in Layers

Hint 1: Physical Interface int g0/0, no ip address, no shut.

Hint 2: Sub-Interface int g0/0.10, encapsulation dot1Q 10, ip address ....

Hint 3: Troubleshooting Use show ip route to confirm the router sees both connected networks.

Books That Will Help

Topic Book Chapter
Inter-VLAN Routing “CCNA Official Cert Guide” Part III

Project 6: “Dynamic Whispers” (OSPF Single Area)

  • File: CISCO_NETWORKING_NO_HARDWARE_PROJECTS.md
  • Main Programming Language: Cisco IOS
  • Coolness Level: Level 4: Hardcore Tech Flex
  • Difficulty: Level 3: Advanced
  • Knowledge Area: Dynamic Routing / OSPF
  • Software or Tool: Packet Tracer
  • Main Book: “Routing TCP/IP, Volume 1” (OSPF Chapter)

What you’ll build: A larger network with 3 Routers connected in a ring or chain. Instead of typing 20 static routes, you will enable OSPF (Open Shortest Path First). You will watch the routers “discover” each other (Adjacency), exchange maps (LSA), and build the routing table automatically. You will then break a link and watch OSPF find the alternative path instantly.

Why it teaches Routing: Static routes don’t scale. OSPF is the industry standard interior gateway protocol (IGP). Understanding Hello packets, Dead intervals, and Areas is essential for any network engineer.

Core challenges you’ll face:

  • Wildcard Masks: OSPF uses wildcards (inverse masks), not subnet masks. 0.0.0.255 instead of 255.255.255.0.
  • Router IDs: Identifying routers uniquely.
  • DR/BDR Election: Why is one router the “Designated Router”? (On Ethernet links).

Key Concepts:

  • Link State Database: Every router has a full map of the network.
  • Dijkstra’s Algorithm: The math used to calculate the shortest path.
  • Area 0: The backbone area.

Difficulty: Advanced Time estimate: 1 Week Prerequisites: Projects 1, 2, 5.

Real World Outcome

3 Routers. PC on Router 1 can ping PC on Router 3. Command show ip route shows codes starting with O (OSPF).

Example Output:

Router# show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/BDR        00:00:32    10.0.0.2        Gig0/0

The Core Question You’re Answering

“How does the internet heal itself when a cable is cut?”

Concepts You Must Understand First

Stop and research these before coding:

  1. Wildcard Mask Math:
    • 255.255.255.255 - Subnet Mask = Wildcard Mask.
    • Example: /24 -> 255.255.255.0 -> Wildcard 0.0.0.255.
  2. Hello Packets:
    • Routers must agree on Hello/Dead timers to become neighbors.

Questions to Guide Your Design

  1. Topology: Use Serial links (red zigzag cables) for point-to-point connections to avoid DR/BDR complexity initially.
  2. Addressing: Use 10.0.0.0/30 for router-to-router links (only 2 usable IPs).

Thinking Exercise

The Shortest Path

If Router A can reach Router C via Link 1 (Cost 10) or Link 2+3 (Cost 100), which way will the packet go? (Link 1). OSPF calculates cost based on Bandwidth.

The Interview Questions They’ll Ask

  1. “What is the difference between Neighbor state and Full state?” (Neighbor is ‘I see you’, Full is ‘We have synced databases’).
  2. “What is the administrative distance of OSPF?” (110).
  3. “Why do we need Area 0?” (All other areas must connect to Area 0 to prevent loops).

Hints in Layers

Hint 1: Process ID router ospf 1 (The number ‘1’ is locally significant only).

Hint 2: Network Statement network 192.168.1.0 0.0.0.255 area 0.

Hint 3: Verification show ip protocols, show ip ospf neighbor, show ip route.

Books That Will Help

Topic Book Chapter
OSPF “CCNA Official Cert Guide” Part V
Advanced OSPF “Routing TCP/IP Vol 1” Chapter 8

Project 7: The Security Guard (Access Control Lists)

  • File: CISCO_NETWORKING_NO_HARDWARE_PROJECTS.md
  • Main Programming Language: Cisco IOS
  • Coolness Level: Level 3: Genuinely Clever
  • Difficulty: Level 3: Advanced
  • Knowledge Area: Security / Packet Filtering
  • Software or Tool: Packet Tracer
  • Main Book: “CCNA 200-301 Official Cert Guide” (Security/ACLs)

What you’ll build: You will secure the network from Project 6. You will create a “Guest” VLAN. You will write Access Control Lists (ACLs) to:

  1. Allow Guests to access the “Internet” (simulated server).
  2. Block Guests from accessing the “Finance” server.
  3. Block Ping (ICMP) but allow Web (HTTP).

Why it teaches Security: ACLs are the primitive form of firewalls. They teach you “Stateless” filtering. You must understand port numbers (80, 443, 22) and protocol types (TCP, UDP, ICMP) to write effective rules.

Core challenges you’ll face:

  • The Implicit Deny: At the end of every ACL is an invisible “Deny All”. If you permit one thing, you deny everything else unless you handle it.
  • Direction: Applying the ACL in vs out. This is the #1 confusion point.
  • Standard vs Extended: Standard filters by Source IP only. Extended filters by Source, Dest, Port, Protocol.

Key Concepts:

  • Packet Filtering: Checking headers against a list.
  • TCP/UDP Ports: Layer 4 addressing.
  • Inbound vs Outbound: Relative to the router’s interface.

Difficulty: Advanced Time estimate: 1 Week Prerequisites: Projects 1, 2, 5.

Real World Outcome

When you use the PC web browser to hit the Finance Server: “Request Timeout”. When you use the PC web browser to hit Google: “Success”. When you try to Ping Google: “Destination Host Unreachable” (if you blocked ICMP).

Example Config:

ip access-list extended GUEST_RESTRICT
 deny ip 192.168.50.0 0.0.0.255 192.168.10.0 0.0.0.255
 permit tcp 192.168.50.0 0.0.0.255 any eq 80
 permit ip any any
!
interface g0/0.50
 ip access-group GUEST_RESTRICT in

The Core Question You’re Answering

“How do I selectively control traffic flow without unplugging cables?”

Concepts You Must Understand First

Stop and research these before coding:

  1. Placement:
    • Standard ACLs go close to the Destination.
    • Extended ACLs go close to the Source (to save bandwidth).
  2. Logic:
    • ACLs are processed Top-Down. First match wins.

Questions to Guide Your Design

  1. Scenario: If I want to block PC A from PC B, do I apply the ACL on the router interface connected to A (in) or connected to B (out)? (Usually A (in) is more efficient).

Thinking Exercise

The Bouncer

Imagine a bouncer at a club door. Rule 1: “No red shirts.” Rule 2: “Allow everyone.” A guy in a red shirt walks up. The bouncer stops him at Rule 1. He doesn’t check Rule 2. If Rule 1 was “Allow blue shirts”, and a guy in a green shirt walks up… Implicit Deny kicks him out.

The Interview Questions They’ll Ask

  1. “What is the Implicit Deny?”
  2. “Can a Standard ACL filter based on destination port?” (No).
  3. “How do you allow an established TCP connection return traffic through an ACL?” (Using established keyword or Reflexive ACLs).

Hints in Layers

Hint 1: Numbered vs Named Use Named ACLs (ip access-list extended NAME)—they are easier to edit later.

Hint 2: The Host Keyword host 192.168.1.1 is easier than 192.168.1.1 0.0.0.0.

Hint 3: Verification show ip access-lists shows hit counts.

Books That Will Help

Topic Book Chapter
ACLs “CCNA Official Cert Guide” Security Part

Project Comparison Table

Project Difficulty Time Depth of Understanding Fun Factor
1. Paper Router ⭐⭐ Weekend Deep on Binary/Math ⭐⭐
2. First Boot Weekend Deep on CLI Basics ⭐⭐⭐
3. VLAN Divider ⭐⭐ 1 Week Deep on Layer 2 ⭐⭐⭐
4. The Loop (STP) ⭐⭐⭐ 1 Week Deep on Protocols ⭐⭐⭐⭐
5. Router on Stick ⭐⭐⭐ 1 Week Deep on Architecture ⭐⭐⭐
6. Dynamic OSPF ⭐⭐⭐⭐ 1 Week Deep on Routing Logic ⭐⭐⭐⭐⭐
7. Security ACLs ⭐⭐⭐⭐ 1 Week Deep on Traffic Control ⭐⭐⭐⭐

Recommendation

For Beginners: Start with Project 2 (First Boot). Getting your hands “dirty” in the CLI is the most important step. Don’t worry about the math (Project 1) until you’ve successfully pinged something in Project 2.

For Certification Preppers: Project 1 (Paper Router) is mandatory. You cannot pass the CCNA without being a human subnetting calculator.

For Career Switchers: Project 3 and 5 (VLANs + Routing) represent 80% of what a Junior Network Admin does daily. Master these.

Final Overall Project: The “Mock ISP” Campus Network

Goal: Build a massive topology in Packet Tracer that simulates a Headquarters, a Branch Office, and an ISP connection.

Requirements:

  1. WAN: Connect HQ and Branch via a Serial link using OSPF.
  2. LAN: HQ has 3 VLANs, Branch has 2 VLANs.
  3. Internet: Configure a Default Route to the “ISP” router.
  4. NAT: Configure PAT (Port Address Translation) so internal 192.168.x.x IPs can ping the “Google Server” (8.8.8.8) on the internet.
  5. Services: Configure a DHCP server on the routers to hand out IPs to PCs.
  6. Security: Lock down the VTY lines with ACLs so only the Admin PC can SSH into devices.

Outcome: A comprehensive, living network simulation that proves you have mastered the CCNA curriculum.

Summary

This learning path covers Cisco Networking through 7 hands-on projects without physical hardware.

# Project Name Main Tool Difficulty Time Estimate
1 The Paper Router Python Intermediate Weekend
2 Packet Tracer First Boot Packet Tracer Beginner Weekend
3 The VLAN Divider Packet Tracer Intermediate 1 Week
4 The Loop (STP) Packet Tracer Advanced 1 Week
5 Router on a Stick Packet Tracer Advanced 1 Week
6 Dynamic Whispers (OSPF) Packet Tracer Advanced 1 Week
7 The Security Guard (ACLs) Packet Tracer Advanced 1 Week

You will emerge with the ability to configure, troubleshoot, and secure enterprise-grade networks, entirely through simulation.