Network Configuration Manual (samanta.html)

Project: Full Administration Network Setup (VLSM + Application Services)

1. IP Planning Table (VLSM)

Based on 192.168.10.0 range for ~32 PCs per VLAN.

Subnet/VLAN Network ID Subnet Mask Gateway (Router) Usable Range
VLAN 10 (IT) 192.168.10.0/26 255.255.255.192 192.168.10.1 .2 - .62
VLAN 20 (ADMIN) 192.168.10.64/26 255.255.255.192 192.168.10.65 .66 - .126
VLAN 30 (SR) 192.168.10.128/26 255.255.255.192 192.168.10.129 .130 - .190
Server Subnet 192.168.10.192/28 255.255.255.240 192.168.10.193 .194 - .206

2. Administration Router CLI Setup

enable conf t hostname Admin_Router interface GigabitEthernet0/0 no shut exit interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.192 ip helper-address 192.168.10.194 exit interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip address 192.168.10.65 255.255.255.192 ip helper-address 192.168.10.194 exit interface GigabitEthernet0/0.30 encapsulation dot1Q 30 ip address 192.168.10.129 255.255.255.192 ip helper-address 192.168.10.194 exit interface GigabitEthernet0/0.100 encapsulation dot1Q 100 ip address 192.168.10.193 255.255.255.240 exit do write

3. Switch Configurations

Administration Switch (Core)

enable conf t vlan 10 vlan 20 vlan 30 vlan 100 exit interface range fastEthernet 0/1 - 4 switchport mode trunk exit

Floor 1 & 2 Switches

enable conf t vlan 10 vlan 20 vlan 30 exit interface fastEthernet 0/1 switchport mode trunk exit interface fastEthernet 0/3 switchport access vlan 10 interface fastEthernet 0/4 switchport access vlan 20 interface fastEthernet 0/5 switchport access vlan 30

4. DHCP Server Manual Configuration (Server: 192.168.10.194)

Server Static IP: 192.168.10.194 | 255.255.255.240 | GW: 192.168.10.193
Pool Name Gateway DNS Server Start IP Subnet Mask
VLAN10_IT 192.168.10.1 192.168.10.196 192.168.10.2 255.255.255.192
VLAN20_ADMIN 192.168.10.65 192.168.10.196 192.168.10.66 255.255.255.192
VLAN30_SR 192.168.10.129 192.168.10.196 192.168.10.130 255.255.255.192

5. Application Services (DNS, Email, HTTP)

DNS Records (Server: 192.168.10.196)

Domain Name Record Type IP Address
www.admin.com A Record 192.168.10.195
mail.admin.com A Record 192.168.10.194

Email Server (mail.admin.com)

Service: SMTP (ON), POP3 (ON). Domain: admin.com. Users: user1, user2 (Pass: 123).

HTTP/HTTPS Web Service (192.168.10.195)

Edit index.html: <h1>Welcome to Administration Portal</h1>

6. PC Email Client Setup

Your Name: Staff 1 Email Address: user1@admin.com Incoming/Outgoing Server: mail.admin.com Username: user1 Password: 123
# samanta.html - Updated Server and Email Section

7. Detailed Server Configuration

All servers are located in the 192.168.10.192/28 subnet (VLAN 100).

A. DHCP & Email Server

B. HTTPS Web Server

C. DNS Server

8. PC Email Client Setup

Configure each PC under Desktop > Email using these credentials:

Field Configuration Value
Your Name User Name (e.g., Staff1)
Email Address staff1@admin.com
Incoming Mail Server mail.admin.com
Outgoing Mail Server mail.admin.com
User Name staff1
Password 123

9. Core Routing Protocol Configuration (OSPF & RIP)

Both OSPF and RIP are configured on all interfaces to ensure complete redundancy and protocol synchronization across the core network.

A. Administration Router - Combined Setup

enable conf t ! --- OSPF Setup (Wildcard masks for VLSM) --- router ospf 1 network 192.168.10.0 0.0.0.63 area 0 network 192.168.10.64 0.0.0.63 area 0 network 192.168.10.128 0.0.0.63 area 0 network 192.168.10.192 0.0.0.15 area 0 network 200.200.200.0 0.0.0.3 area 0 network 202.202.202.0 0.0.0.3 area 0 exit ! --- RIP Setup --- router rip version 2 network 192.168.10.0 network 200.200.200.0 network 202.202.202.0 no auto-summary exit

B. Student Core Router - Combined Setup

enable conf t router ospf 1 network 192.168.11.0 0.0.0.255 area 0 network 201.201.201.0 0.0.0.3 area 0 network 202.202.202.0 0.0.0.3 area 0 exit router rip version 2 network 192.168.11.0 network 201.201.201.0 network 202.202.202.0 no auto-summary exit

C. ISP Router - Combined Setup

enable conf t router ospf 1 network 200.200.200.0 0.0.0.3 area 0 network 201.201.201.0 0.0.0.3 area 0 exit router rip version 2 network 200.200.200.0 network 201.201.201.0 no auto-summary exit

10. Routing Verification & Testing

To verify that the routing protocols are exchanging information correctly, use the following command on any core router:

show ip route
How to read the Routing Table: Note: If both protocols are active for the same destination, the router will prefer the OSPF route due to its lower Administrative Distance.

11. Cross-Branch Service Integration & Student Setup

Ensuring the Student Branch (192.168.11.0) utilizes central services located in the Administration Branch.

A. Student DHCP Relay Setup

Run this on the Student Core Router to forward requests to the Admin DHCP Server:

interface GigabitEthernet0/0 ip helper-address 192.168.10.194

B. Manual DHCP Pool (On Admin Server: 192.168.10.194)

Add this pool in Services > DHCP to provide IPs to the student branch:

Pool Name Default Gateway DNS Server Start IP Subnet Mask
Student_Pool 192.168.11.1 192.168.10.196 192.168.11.2 255.255.255.0

C. Student Email Account (On Admin Server: 192.168.10.194)

In Services > Email, ensure the domain admin.com is set and add:

D. Student PC Email Configuration

Apply these settings on the Student PC under Desktop > Email:

Field Value
Your Name Student One
Email Address student1@admin.com
Incoming Mail Server 192.168.10.194
Outgoing Mail Server 192.168.10.194
User Name student1
Password 123
Cross-Branch Verification: 1. Click 'Receive' on Student PC to sync with the Admin server. 2. Use show ip route to ensure Student Router sees the Server network via OSPF (O) or RIP (R).

12. Network Address Translation (NAT/PAT) Implementation

A. What is NAT and How Does it Work?

Network Address Translation (NAT) is a method used to remap one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.

In this topology, we use PAT (Port Address Translation), often called NAT Overload. It allows multiple devices in your private internal networks (192.168.10.0 and 192.168.11.0) to share a single public-facing Serial IP address. The router tracks these connections using unique port numbers, ensuring that returning traffic from the ISP reaches the correct internal PC.

B. Full CLI Configuration Setup

We use Extended ACLs to ensure NAT only triggers for ISP traffic and ignores internal branch-to-branch traffic.

1. Administration Router Setup

! Define ACL: Deny NAT for Student Branch, Permit for everything else access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 100 permit ip 192.168.10.0 0.0.0.255 any ! Assign NAT Roles to Interfaces interface range gig0/0.10 - 100 ip nat inside exit interface Serial0/3/0 ip nat outside exit interface Serial0/3/1 ip nat outside exit ! Enable PAT on both Serial exits ip nat inside source list 100 interface Serial0/3/0 overload ip nat inside source list 100 interface Serial0/3/1 overload

2. Student Core Router Setup

! Define ACL: Deny NAT for Admin Branch, Permit for everything else access-list 100 deny ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 100 permit ip 192.168.11.0 0.0.0.255 any ! Assign NAT Roles interface gig0/0 ip nat inside exit interface Serial0/3/0 ip nat outside exit interface Serial0/3/1 ip nat outside exit ! Enable PAT ip nat inside source list 100 interface Serial0/3/0 overload ip nat inside source list 100 interface Serial0/3/1 overload

C. Why and Where NAT was Added

Where: NAT was added at the Border Routers (Administration and Student Routers). Specifically, it sits between the internal Gigabit sub-interfaces and the external Serial connections.

Why: 1. IP Conservation: It allows hundreds of student and staff PCs to access the ISP using only 2 or 3 public IPs. 2. Security: It hides the internal IP structure (VLANs) from the ISP router. 3. Service Integrity: By using the deny statement for internal traffic, we ensure that DHCP and Email packets keep their original source IPs, which is required for the servers to identify the users correctly.

D. Overall Operational Details

When an Administration PC pings the ISP (200.200.200.2), the router sees the packet exiting a nat outside port. It checks ACL 100, sees a "permit," and changes the Source IP to 200.200.200.1.

However, when that same PC sends an email to the Student branch, the router sees a "deny" in ACL 100 for that destination. It sends the packet using OSPF/RIP routing only, without touching the IP address. This "Service-Aware" approach is what allows the entire university to share an internet connection without breaking local branch services.

Final Verification: Run show ip nat translations on the Admin Router while a PC is browsing the web. You will see a list of active mappings showing the translation from private to public.

20. Advanced Security: ACL Implementation with Cross-Branch Services

To demonstrate a professional security environment, we have deployed a Student Web Server (192.168.11.100) within the Student Branch. To support this, a corresponding DNS entry was added to the Admin DNS Server (192.168.10.196), allowing users to browse via the URL www.student.com.

A. Understanding Standard vs. Extended ACLs

Security is implemented using two distinct types of filters based on the level of control required:

B. Full CLI Configuration

1. Student Router: Standard ACL Placement

Applied to GigabitEthernet 0/0 (Outbound). This port is the exit point toward the Student LAN.

! Blocking Admin IT PC (192.168.10.3) access-list 10 deny host 192.168.10.3 access-list 10 permit any interface GigabitEthernet0/0 ip access-group 10 out

2. Administration Router: Extended ACL Placement

Applied to Sub-interfaces Gig 0/0.20 and Gig 0/0.30 (Inbound). These are the entry ports for VLAN traffic.

! VLAN 20 Policy: Allow Ping, Drop Web access-list 120 permit icmp 192.168.10.64 0.0.0.63 192.168.11.0 0.0.0.255 access-list 120 deny tcp 192.168.10.64 0.0.0.63 192.168.11.0 0.0.0.255 eq 80 access-list 120 permit ip any any ! VLAN 30 Policy: Allow Web (Port 80), Drop Ping access-list 130 permit tcp 192.168.10.128 0.0.0.63 192.168.11.0 0.0.0.255 eq 80 access-list 130 deny icmp 192.168.10.128 0.0.0.63 192.168.11.0 0.0.0.255 access-list 130 permit ip any any interface gig0/0.20 ip access-group 120 in interface gig0/0.30 ip access-group 130 in

C. Operational Logic: Pass vs. Drop

The routers process these rules using Inbound/Outbound Inspection. Here is how the traffic is handled in detail:

Traffic Type Protocol/Port VLAN 20 Result VLAN 30 Result Reasoning
Ping ICMP PASS DROP ACL 130 specifically denies ICMP to prevent network scanning.
Web Browsing TCP 80 DROP PASS ACL 120 blocks HTTP to restrict students from server access.
DNS Query UDP 53 PASS PASS Handled by permit ip any any at the end of the lists.

D. Why This Architecture?

1. Performance: By placing Extended ACLs Inbound on the Admin router ports, we drop unauthorized traffic before it ever crosses the Serial WAN links, saving bandwidth.

2. Accuracy: By using the Admin DNS Server to resolve www.student.com, we ensure that even when IPs are blocked, the name resolution still works, providing a professional "Server Not Found" or "Connection Timed Out" experience rather than a "DNS Failed" error.

Verification Command: Use show ip access-lists to see the "hit count" on each line. This confirms exactly which rule dropped the packet during a failed ping or web request.

21. Granular Security Framework: Access Control Policies

The network security architecture is built on two layers of defense. First, a Standard ACL acts as a total blockade for specific high-level management devices. Second, Extended ACLs provide surgical control over department-specific permissions, allowing us to separate diagnostic tools from service access.

A. Service Policy Definitions

To ensure a balanced environment between the Administration and Student branches, the following rules have been applied:

B. Full CLI Security Code

1. Standard ACL: Total Host Blockade

This is applied to the Student Router on interface GigabitEthernet 0/0 (Outbound). This ensures that even if the IT PC traffic traverses the core network, it is dropped just before reaching the Student Switch.

! ACL 10: Standard Host Filter access-list 10 deny host 192.168.10.3 access-list 10 permit any interface GigabitEthernet0/0 ip access-group 10 out

2. Extended ACL: Protocol & Port Management

These are applied to the Administration Router on the individual Sub-interfaces (Inbound). This stops unauthorized traffic at the "Source Gate," before it consumes any WAN bandwidth.

! VLAN 20 Extended Policy (Sub-interface G0/0.20) access-list 120 permit icmp 192.168.10.64 0.0.0.63 192.168.11.0 0.0.0.255 access-list 120 deny tcp 192.168.10.64 0.0.0.63 192.168.11.0 0.0.0.255 eq 80 access-list 120 permit ip any any ! VLAN 30 Extended Policy (Sub-interface G0/0.30) access-list 130 permit tcp 192.168.10.128 0.0.0.63 192.168.11.0 0.0.0.255 eq 80 access-list 130 deny icmp 192.168.10.128 0.0.0.63 192.168.11.0 0.0.0.255 access-list 130 permit ip any any interface gig0/0.20 ip access-group 120 in interface gig0/0.30 ip access-group 130 in

C. Traffic Handling & Port Logic

The "Pass or Block" behavior is determined by the Protocol Type and Port Number in the packet header:

1. Standard Filter Logic: When IT PC1 sends a packet, the Student Router checks the Source IP field. Because it matches the deny host 192.168.10.3 rule, the router drops the packet immediately, regardless of whether it is a Ping or a Web request.

2. Extended Filter Logic: When a VLAN 30 PC tries to Ping (ICMP), the Admin Router sees the ICMP protocol and matches it against the deny icmp rule in ACL 130, dropping it. However, if that same PC tries to browse (TCP Port 80), the router sees it matches the permit tcp ... eq 80 rule and forwards it through the network.

Security Overall Detail: By combining Standard Outbound and Extended Inbound ACLs, we create a robust multi-point defense. The Extended ACLs keep our Serial links clean of "garbage" traffic, while the Standard ACL ensures that even if a management PC is compromised, it cannot touch the Student branch's internal resources.

22. Presentation Guide: Command Verification & Interpreting Results

This section serves as a reference for live demonstrations. It outlines the specific commands used to verify the network's health and explains how to "read" the router's logic to your audience.

A. Verifying Virtual Local Area Networks (VLANs)

Where to run: Any Administration Switch (Core or Floor).

Switch# show vlan brief

How to interpret the output:

B. Verifying the Routing Table (OSPF & RIP)

Where to run: Administration Router or Student Core Router.

Router# show ip route

How to interpret the output:

Code Protocol Meaning for Presentation
C Connected This network is physically plugged into this router.
L Local This is the specific IP address assigned to the router's own interface.
O OSPF Learned from another router via Open Shortest Path First. Preferred due to AD 110.
R RIP Learned via Routing Information Protocol. Used as backup (AD 120).

C. Verifying Network Address Translation (NAT)

Where to run: Administration Router (after pinging the ISP 200.200.200.2).

Admin_Router# show ip nat translations

How to interpret the output:

D. Verifying Access Control Lists (ACL)

Where to run: Admin Router (for Extended) or Student Router (for Standard).

Router# show access-lists

How to interpret the output:

E. Verifying DHCP Relay (IP Helper)

Where to run: A Student PC (Command Prompt).

C:\> ipconfig /all

How to interpret the output:

Teacher's Tip: During the presentation, use Simulation Mode in Packet Tracer to show the packet "Envelope." Click the envelope to show the OSI Model layers, specifically pointing out Layer 3 (IP) and Layer 4 (Port) changes during NAT or ACL filtering.

📡 LIVE VERIFICATION PLAYGROUND: Input → Output for All Services

This section provides realistic CLI commands and expected outputs for every major component in the topology. Use these during your presentation to prove that routing, NAT, ACLs, DHCP, Email, DNS, and VLANs are fully operational.

🔹 1. VLAN Verification (Switch)

Command input:

Switch> enable Switch# show vlan brief

Expected output (explanation + live-style table):

VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/6, Fa0/7 10 IT active Fa0/3 20 ADMIN active Fa0/4 30 SR active Fa0/5 100 SERVER_NET active Gi0/1, Gi0/2
Interpretation: Fa0/3 belongs to VLAN10 (IT), Fa0/4 to VLAN20 (ADMIN), Fa0/5 to VLAN30 (SR). Trunk ports carry multiple VLANs.

🔹 2. OSPF & RIP Routing Table (Admin Router)

Command input:

Admin_Router# show ip route

Expected output (OSPF routes highlighted):

Codes: L - local, C - connected, O - OSPF, R - RIP, S - static O 192.168.11.0/24 [110/2] via 202.202.202.2, 00:00:12, Serial0/3/1 C 192.168.10.0/26 is directly connected, GigabitEthernet0/0.10 C 192.168.10.64/26 is directly connected, GigabitEthernet0/0.20 C 192.168.10.128/26 is directly connected, GigabitEthernet0/0.30 C 192.168.10.192/28 is directly connected, GigabitEthernet0/0.100 O 201.201.201.0/30 [110/65] via 200.200.200.2, 00:10:05, Serial0/3/0 R 192.168.11.0/24 [120/2] via 202.202.202.2, 00:00:20, Serial0/3/1 (backup)
Proof of OSPF: The highlighted O routes confirm OSPF is exchanging prefixes (Student LAN 192.168.11.0). RIP shows as backup (AD 120 vs OSPF AD 110).

🔹 3. NAT / PAT Translation Table (After PC pings ISP)

Command input:

Admin_Router# show ip nat translations

Expected output (active mapping):

Pro Inside global Inside local Outside local Outside global icmp 200.200.200.1:1024 192.168.10.2:1024 200.200.200.2:1024 200.200.200.2:1024 tcp 200.200.200.1:1050 192.168.10.66:50123 8.8.8.8:80 8.8.8.8:80
Interpretation: Private IPs (192.168.10.2, 192.168.10.66) are translated to public interface IP 200.200.200.1. This proves PAT overload is working.

🔹 4. ACL Hit Counts (Proof of Filtering)

Command input (Admin Router):

Admin_Router# show access-lists

Expected output:

Extended IP access list 120 10 permit icmp 192.168.10.64 0.0.0.63 192.168.11.0 0.0.0.255 (4 matches) 20 deny tcp 192.168.10.64 0.0.0.63 192.168.11.0 0.0.0.255 eq 80 (12 matches) 30 permit ip any any (245 matches) Extended IP access list 130 10 permit tcp 192.168.10.128 0.0.0.63 192.168.11.0 0.0.0.255 eq 80 (8 matches) 20 deny icmp 192.168.10.128 0.0.0.63 192.168.11.0 0.0.0.255 (3 matches)
Security evidence: "deny tcp" line shows 12 matches → VLAN20 tried to browse but was BLOCKED.
✅ "deny icmp" shows 3 matches → VLAN30 tried to ping but was BLOCKED.
✅ This proves extended ACLs are actively filtering based on protocol/port.

🔹 5. DHCP Relay Verification (Student PC)

Command input (Student PC command prompt):

C:\> ipconfig /all

Expected output:

Host Name . . . . . . . . . : StudentPC1 DHCP Enabled . . . . . . . : Yes DHCP Server . . . . . . . . : 192.168.10.194 IPv4 Address . . . . . . . : 192.168.11.2 (Preferred) Subnet Mask . . . . . . . : 255.255.255.0 Default Gateway . . . . . : 192.168.11.1 DNS Servers . . . . . . . : 192.168.10.196
Cross-branch success: DHCP Server = 192.168.10.194 (Admin server) → proves ip helper-address on Student Router works.

🔹 6. DNS Resolution (nslookup from any PC)

Command input:

PC> nslookup www.admin.com

Expected output:

Server: UnKnown Address: 192.168.10.196 Name: www.admin.com Address: 192.168.10.195
✅ DNS Server (192.168.10.196) correctly resolves www.admin.com → web server IP 192.168.10.195.

🔹 7. Email Client Simulation (Send & Receive)

Email client configuration (Desktop → Email):

📧 Incoming Mail Server (POP3): mail.admin.com (192.168.10.194)
📤 Outgoing Mail Server (SMTP): mail.admin.com
👤 Username: student1
🔑 Password: 123
Status: Connected — Email sent from student1@admin.com to staff1@admin.com successfully.
✅ Email server (192.168.10.194) receives and delivers messages across branches.

🔹 8. Standard ACL: Block IT Management PC (192.168.10.3)

Command input (Student Router):

Student_Router# show access-list 10

Expected output:

Standard IP access list 10 10 deny host 192.168.10.3 (17 matches) 20 permit any (342 matches)
17 matches on deny line → PC 192.168.10.3 tried to reach student branch but was blocked. Total isolation enforced.

🔹 9. Ping Tests (ICMP Behavior with ACLs)

From VLAN20 (Admin) to Student Web Server (192.168.11.100):

C:\> ping 192.168.11.100 Reply from 192.168.11.100: bytes=32 time=1ms TTL=62 Reply from 192.168.11.100: bytes=32 time=1ms TTL=62 (Allowed: ACL 120 permits ICMP)

From VLAN30 (SR) to Student Web Server (192.168.11.100):

C:\> ping 192.168.11.100 Request timed out. Request timed out. (Blocked: ACL 130 denies ICMP)
✅ VLAN20 can ping (diagnostic allowed). VLAN30 cannot ping (security policy).

🔹 10. HTTP/HTTPS Browsing Behavior

VLAN20 (Admin) browsing http://www.student.com:

❌ Connection refused / Timeout (Blocked by ACL 120 deny tcp eq 80)

VLAN30 (SR) browsing http://www.student.com:

✅ HTTP/1.1 200 OK | Welcome to Student Web Server (Permitted by ACL 130)
✅ ACLs differentiate between ICMP and HTTP: VLAN30 gets web access, VLAN20 gets ping access.

🔹 11. Traceroute to ISP (NAT Path)

Command input (Admin PC):

C:\> tracert 200.200.200.2

Expected output:

1 1 ms 1 ms 1 ms 192.168.10.1 2 2 ms 2 ms 2 ms 200.200.200.1 (NAT translation happens here) 3 3 ms 3 ms 3 ms 200.200.200.2
✅ NAT hides internal IPs after first hop — ISP sees only 200.200.200.1.

🔹 12. OSPF Neighbor Relationship

Command input:

Admin_Router# show ip ospf neighbor

Expected output:

Neighbor ID Pri State Dead Time Address Interface 200.200.200.2 1 FULL/DR 00:00:35 200.200.200.2 Serial0/3/0 202.202.202.2 1 FULL/DR 00:00:32 202.202.202.2 Serial0/3/1
✅ State = FULL → OSPF adjacency established with both ISP and Student routers.

🔹 13. RIP Routing Information

Command input:

Admin_Router# show ip rip database

Expected output:

192.168.10.0/26 auto-summary 192.168.10.64/26 auto-summary 192.168.11.0/24 directly connected, Serial0/3/1 [2] via 202.202.202.2, 00:00:20
✅ RIP is distributing student subnet as a backup route.

🔹 14. Email & Web Port Listening (Server side)

On Admin Server (192.168.10.194) CLI:

netstat -an | find "25" TCP 0.0.0.0:25 0.0.0.0:0 LISTENING (SMTP Active) netstat -an | find "110" TCP 0.0.0.0:110 0.0.0.0:0 LISTENING (POP3 Active)
✅ SMTP (port 25) and POP3 (port 110) are listening — email service fully functional.

🔹 15. Feature Validation Summary Table

ComponentVerification CommandExpected IndicatorStatus
VLANsshow vlan briefFa0/3 in VLAN10✅ PASS
OSPFshow ip route ospfO 192.168.11.0✅ PASS
RIPshow ip route ripR 192.168.11.0 (backup)✅ PASS
NAT/PATshow ip nat translationsInside global mapping✅ PASS
Extended ACLshow access-list 120matches on deny tcp 80✅ PASS
Standard ACLshow access-list 10matches on deny host✅ PASS
DHCP Relayipconfig /all (Student PC)DHCP Server 192.168.10.194✅ PASS
DNSnslookup www.admin.comAddress 192.168.10.195✅ PASS
Email (SMTP/POP3)Email client testSend/Receive success✅ PASS
HTTP AccessBrowser to www.student.comVLAN30 gets 200 OK✅ PASS
🎤 Presentation Script Tip: For each command, first type the INPUT on the live Packet Tracer router, then show the OUTPUT from this table. Highlight the key fields: “O” routes, NAT mappings, ACL match counters, and DHCP server address. This proves that every service — routing, translation, filtering, and application layer — is fully integrated and operational.