The PingLabz CCNA Labs - IP Services pillar is the operational tier of the labs library. Ten labs covering the services that make a routed network usable and observable: DHCP server and relay, three flavors of NAT (static, dynamic, PAT), NTP for time synchronization, syslog for log centralization, SNMPv3 for monitoring, and QoS for voice-grade behavior on a constrained link. This pillar is where you move from "the routing works" to "the network is operable."
All ten labs are paid (no free preview in this pillar). They use the PingLabz CCNA Base Topology - the three iol-xe routers and the managed switch are all you need. The QoS labs apply classification and queueing to a real interface and verify with per-class packet counters.
What this pillar covers
IP Services is the working-engineer tier. The routing pillar (Pillar 3) gets traffic from A to B; this pillar handles everything else: how hosts get their IPs (DHCP), how internal IPs reach the public internet (NAT), when things happened (NTP-correct timestamps), what happened (syslog), how things are doing right now (SNMP), and which traffic is more important when the link is full (QoS).
These services are unglamorous but production-critical. Operations teams spend more time on DHCP problems and NAT exhaustion than on routing protocol failures because they happen more often. The labs in this pillar build the muscle memory for diagnosing and configuring the services that keep an enterprise network running smoothly.
What you will learn across this cluster
- How to configure Cisco IOS XE as a DHCP server with pools, exclusions, default-router, dns-server, lease
- DHCP relay with
ip helper-addressacross L3 boundaries - Three NAT flavors: static (one-to-one), dynamic pool (one-to-pool), and PAT (many-to-one)
- How PAT shares one public IP across thousands of inside hosts using source-port translation
- NTP master/client configuration and stratum mechanics
- Syslog destination, severity levels, buffer sizing, and high-precision timestamps
- SNMPv2c community strings (legacy) vs SNMPv3 users with SHA auth + AES priv (modern)
- QoS classification with class-maps and DSCP marking
- QoS queueing with LLQ (priority) + CBWFQ (weighted) on a WAN interface
Lab categories in this pillar
DHCP (2 labs)
How hosts get their IP addresses. Lab ips-01: IOS XE as a DHCP Server configures R1 as a DHCP server for the LAN, watches HOST1 receive a lease, and walks through the DORA exchange. Lab ips-02: DHCP Relay covers the ip helper-address command and how DHCP broadcasts cross routers as unicasts to a central server.
NAT (3 labs)
How private addresses reach the public internet. Lab ips-03: Static NAT Inside/Outside configures a permanent one-to-one mapping for an exposed inside server. Lab ips-04: Dynamic NAT with Pool uses a pool of public addresses with ACL-controlled source matching. Lab ips-05: NAT Overload (PAT) introduces source-port translation - one public IP shared across many inside hosts.
Time, logs, and monitoring (3 labs)
The operations triad: time, logs, monitoring. Lab ips-06: NTP Server and Client configures R1 as NTP master and R2 as client, walking through stratum and association mechanics. Lab ips-07: Syslog and Buffer Sizing covers logging buffer + remote host + the eight severity levels + msec timestamps. Lab ips-08: SNMPv2c vs SNMPv3 compares the legacy community-string model with modern SNMPv3 (SHA auth, AES priv).
QoS (2 labs)
Quality of Service - the priority discipline. Lab ips-09: QoS Classification and Marking configures class-maps for VOICE (DSCP EF) and VIDEO (AF41) and a policy-map with priority + bandwidth allocations. Lab ips-10: QoS LLQ + CBWFQ on WAN Egress applies the policy to a real WAN interface and verifies per-class packet counters with show policy-map interface.
The full lab library, in reading order
| # | Lab | What it teaches | Tier |
|---|---|---|---|
| ips-01 | IOS XE as DHCP Server | DHCP pool, excluded addresses, lease, DORA exchange | Pro |
| ips-02 | DHCP Relay (ip helper-address) | Cross-subnet DHCP forwarding, eight UDP services | Pro |
| ips-03 | Static NAT Inside/Outside | Permanent one-to-one IP mapping, inside/outside labels | Pro |
| ips-04 | Dynamic NAT with Pool | Pool allocation, ACL-controlled translation, pool exhaustion | Pro |
| ips-05 | NAT Overload (PAT) | Source-port translation, sharing one IP across many hosts | Pro |
| ips-06 | NTP Server and Client | Stratum, associations, time sync for log correlation | Pro |
| ips-07 | Syslog and Buffer Sizing | Severity levels, msec timestamps, remote destination | Pro |
| ips-08 | SNMPv2c vs SNMPv3 | Community strings vs user-with-auth-and-priv | Pro |
| ips-09 | QoS Classification and Marking | class-map, policy-map, DSCP EF/AF41 | Pro |
| ips-10 | QoS LLQ + CBWFQ on WAN Egress | Priority queue + bandwidth shares + per-class counters | Pro |
What you will need
- Cisco Modeling Labs Free. All ten labs run within the 5-node cap.
- PingLabz CCNA Base Topology .yaml. Three iol-xe routers + alpine + managed switch. The same base topology used by Pillars 1 and 3.
- 30 to 90 minutes per lab. NAT and QoS labs lean longer because of the verification commands.
How these labs map to CCNA 200-301
IP Services is Domain 4 of the official Cisco CCNA 200-301 exam blueprint, worth 10%.
| Blueprint sub-domain | Labs that cover it |
|---|---|
| 4.1 NAT (static, dynamic, PAT) | ips-03, ips-04, ips-05 |
| 4.2 NTP master/client | ips-06 |
| 4.3 DHCP server and relay | ips-01, ips-02 |
| 4.4 SNMP function | ips-08 |
| 4.5 Syslog severity levels | ips-07 |
| 4.6 DHCP client behavior | ips-01 (DORA exchange coverage) |
| 4.7 QoS forwarding behaviors | ips-09, ips-10 |
| 4.8 SSH for remote access (covered in Pillar 5) | sec-06 |
Frequently asked questions
When should I use static NAT vs dynamic NAT vs PAT?
Static NAT for inbound-reachable servers (web server, mail server, VPN endpoint) that need a stable public IP. Dynamic NAT for outbound clients when each session genuinely needs a unique public IP (regulatory cases, certain legacy apps). PAT for everything else - sharing one or a few public IPs across many internal hosts. In 2026, PAT covers 95%+ of NAT use cases.
Why are NTP and Syslog separated into different labs?
Because they teach different operational disciplines. NTP synchronizes clocks so log timestamps line up. Syslog centralizes logs so you can correlate events across devices. Both are essential but for different reasons. The labs are also stackable - finish NTP first (so timestamps are correct), then enable syslog and you immediately get meaningful logs at the central destination.
Is SNMPv2c still acceptable in production?
Only for very specific cases (a legacy NMS that does not support SNMPv3, or a closed monitoring network behind a firewall). Modern best practice: SNMPv3 everywhere. If you must run v2c, restrict the community string to a specific source IP with an ACL so an attacker on the network cannot poll the device. Lab ips-08 shows both configurations side by side.
What is the difference between LLQ and CBWFQ?
LLQ (Low Latency Queue) is a priority queue - traffic in this class is dequeued first, ahead of everything else. Best for voice and other latency-sensitive traffic. LLQ is policed at its allocated percentage; exceeding traffic is dropped to protect other classes. CBWFQ (Class-Based Weighted Fair Queueing) provides a bandwidth guarantee to a class but dequeues round-robin with other CBWFQ classes. Best for video and high-priority data. The canonical Cisco pattern: LLQ for voice, CBWFQ for video and important data, fair-queue for class-default. Lab ips-10 implements all three.
Does QoS work on the LAN or only on the WAN?
QoS is most valuable on links that are full enough that priority matters - typically the WAN edge (where the bandwidth is constrained relative to the LAN inside). LAN QoS is rarely needed because LAN bandwidth is usually abundant. Modern enterprises configure QoS on WAN-edge routers, on the path between data centers, and on internet-edge boxes where streaming video and voice compete with bulk traffic. The PingLabz QoS labs use a constrained virtual WAN interface to demonstrate.
Why do I keep losing track of NAT translations in the table?
Default idle timeouts: 24 hours for established TCP, 5 minutes for UDP, 60 seconds for ICMP. If a session goes idle longer than the timeout, the translation expires and gets removed. Tune with ip nat translation tcp-timeout N, udp-timeout N, etc. For PAT-heavy environments where port pressure is high, shortening the TCP-FIN timeout to 30 seconds and the UDP timeout to 60 seconds frees ports faster.
Key takeaways
- IP Services is the operations pillar - the services that make a routed network usable, observable, and operable.
- Ten labs across four categories: DHCP, NAT, monitoring (NTP+Syslog+SNMP), and QoS.
- All labs are paid; no free preview in this pillar.
- All use the PingLabz CCNA Base Topology.
- The pillar emphasizes modern best practice: SNMPv3 over v2c, msec timestamps, NTP everywhere, LLQ + CBWFQ as the canonical QoS pattern.
Ready to start?
Start with Lab ips-01: IOS XE as a DHCP Server and work through the pillar in order. The labs are largely independent but DHCP -> NAT -> NTP -> Syslog -> SNMP -> QoS is the natural learning order.
When you finish IP Services, move to Pillar 5: Security Fundamentals - the access-control toolkit that closes out the CCNA 200-301 blueprint.