Lab 1: Build a Basic Office LAN

Scenario: New Four-Person Office

You bring up a small office: four desktops, one network printer, one wireless access point (AP), an Ethernet switch, and an Internet router/firewall. The engineer's diagram specifies the router LAN interface as the default gateway at 192.168.50.1/24, a DHCP (Dynamic Host Configuration Protocol) pool of 192.168.50.100-192.168.50.199, the printer reserved at 192.168.50.20, and the AP management address 192.168.50.30. The switch is unmanaged, so your job is to cable accurately, verify link, and confirm client addressing.

The Cisco Certified Support Technician (CCST) Networking exam (100-150, 50 minutes, a Cisco-form-varying number of items, ~$125 via Certiport) tests this as a performance-based build task. Expect to drag steps into the correct order or click the device you would check next.

Build Order: Physical First, Bottom-Up

Work the OSI layers from the bottom up, because a fault at a lower layer makes everything above it look broken.

Match the diagram to room labels, patch-panel labels, and device ports. Use straight-through copper patch cords; modern switches support auto-MDIX, so a crossover cable is rarely needed today. Confirm the switch uplink lands on the router LAN port, not the WAN/Internet port. A link light proves Layer 1 only; it does not prove correct addressing. Cisco's troubleshooting model in the CCST objectives is explicitly bottom-up: verify physical connectivity, then Layer 2 switching, then Layer 3 addressing, then services such as DHCP and DNS.

Each higher layer assumes the one below it already works, so starting at the application (the browser) wastes time when the cable is loose.

A practical cabling tip: as you connect each device, write the switch port number next to its diagram entry immediately. Do not trust memory across twelve cables. If a desktop port stays dark, follow a fixed sequence: reseat the connector, swap to a known-good patch cord, move to a different switch port, and confirm the wall-jack label matches the patch panel. Document each result. Category 5e (Cat 5e) handles gigabit at up to 100 meters; if a run exceeds 100 m or crosses between buildings, that is a fiber or design question to escalate, not a patch-cord swap.

Verify Addressing and Test in Order

A DHCP desktop should receive an address inside 192.168.50.0/24, mask 255.255.255.0, gateway 192.168.50.1, and DNS from the router. The /24 prefix means the first three octets (192.168.50) identify the network and the last octet identifies the host, giving 254 usable host addresses (.1 through .254). Run ipconfig /all on Windows or ip addr plus cat /etc/resolv.conf on Linux to read every field at once rather than guessing. Failure patterns:

• 169.254.x.x (APIPA, Automatic Private IP Addressing): no usable DHCP lease.
• Wrong subnet (e.g., 192.168.1.x): wrong VLAN, wrong SSID, wrong router, or a rogue DHCP server.
• Blank gateway: off-subnet traffic fails while local pings may succeed.

Test bottom-up: ping the host's own gateway 192.168.50.1 first. If it fails, suspect cable, switch port, router LAN interface, host firewall, or address mismatch. If it succeeds, ping the printer 192.168.50.20, then an Internet IP such as 8.8.8.8, then a name such as www.cisco.com. IP works but names fail = DNS. Names resolve but pages fail = filtering, proxy, or upstream. Note that some hosts and firewalls drop inbound ICMP echo, so a single failed ping is a clue, not proof; confirm with a second target before declaring a device unreachable.

A worked example: a desktop shows 192.168.50.112, mask 255.255.255.0, gateway 192.168.50.1. It pings 192.168.50.1 and 192.168.50.20 successfully, pings 8.8.8.8 successfully, but www.cisco.com times out. The address, mask, and gateway are all correct and routing works, so the build is sound at Layers 1-3. The only broken step is name resolution, which isolates the fault to DNS: either the DHCP-supplied DNS server is wrong or unreachable, or a stale entry exists. You would compare the DNS server field to the engineer's plan rather than re-cabling anything.

Printer, AP, and Documentation

The printer reservation 192.168.50.20 sits outside the DHCP pool (.100-.199) so it cannot collide with a leased address. If the printer instead grabbed a DHCP address, its address could change after a lease expires and users would lose their saved print queue; a fixed reservation keeps it stable. The AP should bridge into the office LAN and must not run its own DHCP server unless the design says so; a consumer router added 'for more ports' can create double NAT (Network Address Translation), duplicate DHCP, and isolated clients.

In the exam's drag-and-drop build tasks, the expected order is almost always: cable and verify link, confirm switch connectivity, confirm the host obtains a correct lease, verify the gateway, then verify Internet and DNS, then document.

Close the lab with notes: device model, switch port, wall-jack label, IP settings, SSID, and test results. Escalate if the diagram conflicts with physical labels, if router LAN settings differ from the approved plan, or if a managed switch needs configuration you are not authorized to perform.

Common Traps

• Treating a link light as proof of working network access.
• Reading top-down (browser) instead of bottom-up (cable/IP/gateway).
• Plugging the switch uplink into the router WAN port.