Connect Your Home Cisco Lab to the Internet | Cisco CCNA 200-301

This has to be the single most informative video on building a home lab behind and your ISP! You filled in the gaps for me most magnificently! THANK YOU KEITH #subscribed

Loved every minute of this video. Specially when things did not work as expected 🙂 - thank you Keith

Very good presentation Keith! I have a home Cisco lab with a couple of 1841 routers, 3 3560 v1 switches and an ASA 5510 firewall. I was able to follow your specific instructions to the tee and was successful with setup. Now, how would I add a second 3560 switch to my home Cisco lab?

Amazing video Mr. Keith. I'm about 8 months late to the party, but I do have a question: After you fix the telnet connection at the end by updating the NAT ACL can the switch and any subnets off it still reach the internet?

Now that's some serious troubleshooting skills ! I like that you didn't edit the unexpected events

Hey just, just started studying for the 200-301 certification, who wanna be study buddy, so we can motivate 1 and other?

45:07 Wouldn't it be more scalable and less error-prone if you'd configure R1 as the PC's default gateway (or swap the IPs of your home router and R1)? That way, if you configure another subnet later, like the 10s subnet, you wouldn't have to add that statically to the PC, because R1 would already know about it. Maybe an even better solution would be to configure R1 as the DHCP server, that way all new end user hosts would have R1 as their default gateway. What do you think? Thank you.

Thanks, Keith for all your videos and support. I always use your videos for CCNA preparation a re-certification. I am wondering why you are using in this Lab the Cisco router after the ISP Wi-Fi router? Is it not a better option to have the Cisco router controlling the whole network getting the internet signal after the IPS modem? Please advise. Thank you!

Wow very informative and I get really help to practice my homelab config! Thanks for the video !

Many thanks for the video.
Question:
Instead to do the static nat you can use a dynamic nat with extended acl by denying the 172 source subnet to 192 subnet and permit source 172 to any. By this way we keep the access to the switch with his original ip address?

Hi Keith,
For someone just starting out in Networking like from the very basic, where do you recommend I start from, any videos/series from you will be very helpful. Thank you

Keith. You're the man. Has almost a decade that am following your videos and for me is one of the best one. Was struggling and stuck to connect my Cisco homelab but now I know what was wrong. Asked the wrong people for support even ISP provider told me that will be possible only if I pay for a private ip wich is expencive

This was awesome. Thanks Keith. I survived certpocalypse and passed the 200-125 back in February, but still staying tuned in here. BTW, assuming your home router supports this, couldn't you have avoided all the NAT business with a static route to 172.16.0.0/16 pointed at 192.168.1.11 (R1)?

How do i wipe out the configs. Just failed CCNA this weekend so I am setting up a lab with my Google Nest Router, Google Wifi Mesh. I have a cisco 1900 with no switch yet and a Raspi4 8g. I couldnt get it working. I was able to ping around the network (different computer, Google Nest router) from rapsi with wifi off through ethernet. no internet connectivity. I figure if i start from jump street with Cisco Router I should be able to configure. According to Pearson, I understand about 70% of this stuff. Thanks Barker! I have been watching you on CBTnuggets and youtube for about 4 months.

I used the pc static route configuration today to set up management to the beginnings of my home lab made up of 5 3560 switches with OSPF routing capabilities, but no NAT. It worked great to allow me to manage all of the 10.10.x.x devices from my home-side pc :) thank you for the new tool to put in my bag

How to configure a Cisco Access Switch to AC1200 Wi-Fi Gigabit Router
DIR-825 ? Please help on this setup

Hello Keith. How are you? Just a quick one. Say like if i have an ASA i can exclude the cisco lab router (R1)and connect it to the home router and use it as a L3 device? Also use the 3750 as a L2 device create same VLANS on both the 3750 and the ASA, connect them through a trunk port? So basically all the routing is handled by the ASA having a static route pointing to the home router for internet access for the clients? Thank you

I am also running Google WiFi. Are you using their 3-puck product? If so, are you connecting the main puck's LAN to the WAN of the Cisco router?

I followed along with a Cisco 2921 and a 3850 worked perfect! Had a ton of fun with this lab thanks Keith!

I didn't see the ip 192.168.1.200 configured in R1.. where it was and when it was configured ? This is the ip which statically maped to SW1,s SVI at the end . :)

Really enjoyed this video especially the trouble shooting parts. Thanks

Why OSPF and not EIGRP?

Oh man great video loved it all the way through. I am actually buying some hardware from your recommendation list for home lab. Been using GNS3 and EVE-NG and always something doesn't work so now I am going for physical equipment now.
Not sure if you could advise I want to put my equipment in my garage due to noise switches and routers will make. I was thinking I can put a wireless extender in the garage and connect the routers and switches with it so I can ssh from insode the home. Or do you prefer or recommend something else?

Great stuff!! I am going to set this up just for fun!

Love your videos Keith. I got 1x 2911, 2x 1921 routers n 3 x 3750 switches also a asa 5510 firewall. Will that work following this video? I want to be able to remote in and work with them

Whats the cheapest router I can get that does NAT

As a follow up.. On top of the NAT statement for telnet, I re-configured the original NAT statement back in the router and I now have internet access from my laptop. Now.. thats the next thing I'd like to conquer. Which is to properly NAT to the lab switch using its actual SVI IP and not the home lan IP..

Another amazing video. Thanks Keith. Hope you’re staying safe in these strange times.

This was such a great video. I had some basic cisco skills before loading up this video and bought a home lab kit in order to study for ccna, ccnp. This is exactly the way I was looking to get started and I thank you for your time and the extra time spent troubleshooting the issues because I was having the same issues. Great work!

Great video. You're teaching style is so much better than most. Thank you.

Keith, would you show us how to connect without the home router?

Where would you connect an ASA? Is it best to put it on R1 0/0 interface or 0/1?

Can you use a cisco small business router to connect directly to my fiber ISP or does the simple cisco routers always need a "isp router" or any other internet connected device between ISP and cisco routeR?

what a great video man, it shows how everything is done in real life!

I did not get time to watch this video yet, but this was something I had to Google the heck out of when I ran into this. Off the top of my head it involved creating a DNS server in Packet tracer and using one of the loopback ports on the router to connect to the DNS server. It was deffinately an interesting process.
Packet tracer can be quite robust, but sometimes it can take HOURS to figure things like this out.

Hello Keith, I have a question about the telnet issue by the end of the video.
I wanted to solve it in a different way, so I tried setting up an extended ACL with the first statement being a deny tcp any any eq telnet and the second statement matching 172.16.x.x, so in theory telnet connections shouldn't have their IP addresses changed because of NAT (due to the first rule matching Telnet traffic), while everything else would be translated.
However this solution didn't work, so I'm left wondering: is my logic flawed, or is it something else (like maybe the fact I'm using packet tracer and it has a lot of limitations).
Thank you for your time and awesome content.

great stuff I just subscribed. couple of questions: first (and I understand you are trying to show multiple technologies such as nat) would the non reach-ability of the 172 networks to the internet have been solved if you have put a static route on the home router pointing 172.16.0.0 to 192.168.1.11? would this have also allowed the telnet to the switch from the workstation (workstation to home router, home router to .11 and then to switch? Finally in the last step with the static nat, since you did away with the inside source list 1 did you kill the access to the internet from 172 when you solved telnet from your workstation? and how would you then get that access back while keeping the nat for the telnet session from your pc to the switch? for example if you put back the original nat would the specific static nat override the nat done for all of 172 by list 1 letting pings work to the internet from the switch but still allowing telnet to 192.168.1.200 to access the switch from the pc? great video thanks!!!

Hm, I think it could be useful if we checked why SW1 has a larger MTU configured, not just ignore this problem.
But this is a minor nitpick
Nice stuff at the end. I also forgot this [obvious!] detail This is why Port Forwarding exists after all

Great video! I do have a few questions, is it possible to telnet from my switch to my router ? I configured telnet on both devices, I can telnet into both devices individually but not from from one device to another. Thanks!

Thank you so much ! I build my first WORKING packet tracer of my home network and if finally worked !! You did a fantastic job
I am an IT director and had networking as my weak spot. Not anymore! Thanks for your dedication !

This is excellent, love your videos, and yes, I echo what a lot of others have said, loved watching the fails, was right there with you, thinking right alongside you, now why isn't that working, and going through scenarios and the process as well. My question is, ok, yes, want the setup, just like this, however in my office is where my setup is at, and yes, I want internet access, for well, going through CCNA/CCNP labs and stuff. But I also have a work laptop and several home-based laptops/desktops in this area as well, and I want them to use the lab router/switches for internet access, but I do not want to access or connect to my lab stuff with those PCs. Your thought, create a separate VLAN/ or network altogether to allow them to access the internet, but not the lab environment. I believe I know the answer but just want a second opinion.

Awesome Video! Great topic. Like. Subscribed. Its pretty cool to see even the experts sometimes sweat lol.. I followed this line by line.. weird thing happens to me though.. with the original NAT statement, I can ping the router 172.16.1.11 address but not the switch svi. What the??

Hello Keith..Hope you are doing great..
In case of a topology performing HSRP between 2 routers, (1 interface of each router is connected with the internet) in which router should we be performing PAT?Do we need to perform PAT on both the routers performing HSRP?

Thanks Keith for this great video - may I suggest an updated one ? I am trying to build a lab connected to the internet with a twist ; between my home router and my Cisco 2921 router, I added a Fortigate 60D. It would be great to see how this little twist fits in the overall picture 😅
Happy to new year to everyone on the channel 🎉

I really enjoyed this video. The best part was the troubleshooting. I will go back and watch this video and take notes. I am working on transitioning from using physical Cisco gear to using CML2. Thanks!

Great Lab, I am in situation where cisco 3560 has no nat/pat, my L3 switch routed port has internet route via adsl router and back, but no vlans can access the internet, i cannot add any routes to adsl router - to route back to vlan ranges, 3560 not capable of pat, so i believe i need a router between L3 switch and Adsl modem.

Which Cisco router is used in this video?

Anything older than iOS version 15 will not show locally connected routes when you run the show ip route command. 12:48

Keith first of all im watching your series and thank you for your value that you offer in IT community. I want to ask, what if the R1(router) doesn't connect to home router but instead of this we may connect it straight to the internet cable, would it be a problem?

This is a very amazing guide and put together very well! Thank you for your time

Hi Keith, thanks a lot for sharing your knowledge and teaching us in a clear and exciting way.
I need your advice.
I am presently configuring internet access using customer home router huawei hg8245w5 provided by service provider.
Internal router consists of 350 cisco as core and 8 220 cisco switches.
Problem being faced is that the local vlans on core 350 are not able to ping 8.8.8.8
The router has disabled features of static routing, NAT configuration, lan port configuration and there is only one subnet allowed on router.
How should i configure internet access? I was thinking of creating a static route on router pointing any destination internal traffic to core 350 but this feature is disabled. Is there any other way? Pls advise.
The port from core 350 to router is configured as trunk with native vlan as subnet of router.
From 350 ping is working ip addresses from this vlan - subnet router

Setting up, troubleshooting, NAT, OSPF... Loved it!

Hello Keith. I noticed that the switch port connected to the router is a part of one of the vlans. I assume that you didn't use the no switchport command and make the router and switch connection a separate network. Is the method you used a better way. Thank you

Hi keith, how can i access my lab from remote network, without console server, and use access for more than 1 user? thank you

Hello Keith, It was a very good lab especially the trouble shooting bit. I often watch your videos when stuck with something and thank you.

Hey Keith can you tell me when is the new CCNP ENCOR training will be release ?

Hey Keith. Love your vids. 1 question. I have a more or less similar lab set up to your diagram except the I have a 3750 switch coming out of my home router which is a cisco 2901. If I were to configure my home lab to uplink to the home switch instead of the home router, how would I configure it. It looks like you are going direct from lab router to home router, that's why I'm asking. Thanks.

Great video, so much "good stuff"!!! I went into this thinking for sure I would need to set up static NAT for any lab side devices I wanted to manage from home side, but I had never seen the trick of setting a static route on a pc (neat). So with that and the extended ACL suggestion below, I do see how it could be done without any static NAT.

Hello Keith, thanks so much for such an amazing and great video. I am preparing for CCNA and just started studying for the exam. I am building my own lab but still confused don't not sure about the ip address that I need to assign to my home lab router. My homer modem has a DHCP enabled and the range for the ip address is from 10 to 200 and then I am confused about the default gateway of my home router. Could you explain to me what IP address should I assign to my home lab router? Thanks

Thank you for all of your work, Keith! It really shows that you want all of us to learn. Is there a way we can support your work financially? If you'd post your Paypal under your videos, I'm sure I wouldn't be the only one who'd donate money. I know making money isn't your primary goal for doing this, but at least we viewers can show you some appreciation as well, other than via our comments (which I'm sure are by themselves a rewarding experience to read). Have a nice weekend.

What are the differences in home and cisco router, can we do configure home router just like the one cisco.

Amazing. :)

great stuff!

Follow-up question.. I have since plugged in a laptop into one of my switch ports, on the same subnet, using 172.16.1.11 as the gateway. No internet access. Anyone know what am I missing??

Thanks so much Keith once Again. Bonito Viegas from Angola

Would you now have to add an address exclusion on the home router for 192.168.1.200 in order for that address to not be used by another device?

Needed!

Thank You, troubleshouting is also very handy

I learned a lot 👍Thanks Keith. What software do you use for the illustration board?

Hey Keith, Hope you are doing great and thank you so much for throwing such a great stuff for our help with setting up our lab with our internet. If you could please make a video on how to establish remote access to our lab over the internet.
Me and My friend has lab, what if we want to setup a gre tunnel between them, how to make it work. I don't know how on the base of private ip (of R1) being translated into public by our internet router we can setup a gre tunnel. Please help

Thank you Keith

Keith
​Can you just make the one NAT you took out a list 2 for an access list and make the connection to the PC (NAT) list 1?

A great video tutorial!!!!!!! would be nice to have a tutorial in reverse accessing the lab from the internet when travelling etc.

Good stuff Keith. Thanks for sharing!

What switch and router models you recommend for the CCNA?

This is very impressive and elaborate, you are a great tutor, many thanks for this learning session

So with the last access list would you not lose connectivity to the internet I’m confused.

Very informative keep it up

Wont you have dbl Nat with this configuration?

Thank you Keith, Love your work.

I take it this cant be done with a layer 2 switch instead of a layer 3?

Thanks Keith, i Hope u are fine !

I appreciate your Hard work

Old laptop, zero tier, ssh

Thanks...love your work!

I m trying to set this up but my 3750 has "c3750-ipbase-mz.122-53.SE2.bin" which does not have OSPF support. Getting following error message:
SW1(config)#router ospf 1
Protocol not in this image
- Can someone tell me which image i will need to get this working?

Awesome