VLANs and TRUNKING (Catalyst 1900 Switches)

Issue the show vlan command on both switches to verify these ports have been moved to VLAN10.. In this lab, you will set up VLANs on switch3 and switch4 Catalyst 2950 switches and test t

Trang 1

LAB 11 – VLANs and TRUNKING (Catalyst 1900 Switches)

1 In this lab, you will set up VLANs on the Catalyst 1900 switches and test them by pinging between router4 and PC1 Router4 is connected to e0/1 on switch1 and PC1 is connected to e0/1 on switch2 Switch1 and switch2 are interconnected through their fa0/26 Fast Ethernet ports

2 Using winipcfg on PC1, configure an IP address of 195.10.1.2/24 and a default

gateway of 195.10.1.1

(if not already configured from a previous lab)

c:> winipcfg

3 Verify you can presently ping between PC1 and router4 If you cannot ping

successfully, check that router4’s Ethernet0 IP address is 195.10.1.1/24 and that the interface is enabled Also, using the winipcfg utility, check that the PC has a configured

IP address of 195.10.1.2/24

c:> ping 195.10.1.1

4 On switch1 and switch2, issue the show vlan command You should note that, by default, all switch ports are in VLAN1 Because router4, PC1, and the switch-to-switch link are all in VLAN1, should be able to ping between PC1 and router4

1900swx# show vlan

5 On switch1 and switch2, set up a VTP domain called bigdomain Verify it has been created with the show vtp command

a Question: what VTP operating mode are the switches in?

1900swx(config)# vtp domain bigdomain

1900swx(config)# exit

1900swx# show vtp

6 On switch1 and switch2, create VLAN 10, calling it ccnavlan Issue the show vlan command to verify it was successfully created

a Question: do you see any ports connected to VLAN 10 If not, why not?

1900swx(config)# vlan 10 name ccnavlan

1900swx(config)# exit

1900swx# show vlan

7 On switch1 and switch2, assign the e0/1 ports to the new VLAN you created Router4 and PC1 are attached to these ports Issue the show vlan command on both switches to verify these ports have been moved to VLAN10 Also, issue the show vlan-membership command This is another command that shows VLAN assignments by port on the

1900

Trang 2

1900swx(config)# interface e0/1

1900swx(config-if)# vlan-membership static 10

on both switches (it should say “Trunking: on”)

a Question: what trunking protocol does the 1900 use – ISL or 802.1Q?

1900swx(config)# interface fa0/26

c:> ping 195.10.1.1

Trang 3

LAB 12 - CATALYST 2950 SWITCH CONFIGURATION

1 In this lab, you will configure basic IOS commands on switch3 and switch4 which are Catalyst 2950 switches

2 From the NetSim tool bar, select Switch3 (Catalyst 2950) Press enter to get into the user prompt mode

Enter enable to get into privileged mode Type ? to see a list of privileged mode

commands Enter disable to go back to user mode

4 On switch3, type show running-config to see the active configuration

a Question: Do you need to issue copy running-config startup-config on the Catalyst

2950 to save the running configuration?

2950sw3# show running-config

5 On switch3, type copy running-config startup-config to save the active configuration to NVRAM Display the saved configuration in NVRAM with the show startup-config command

2950sw3# copy running-config startup-config

2950sw3# show startup-config

6 On switch3, erase the saved configuration and reload the box

2950sw3# erase startup-config

2950sw3# reload

7 On switch3, go into privileged mode and then into global configuration mode

Reassign the switch a hostname of 2950sw3 and an enable password of ‘cisco’

(unencrypted) Assign the switch an IP address of 197.10.1.99 with a subnet mask of 255.255.255.0 Assign the switch a default gateway of 197.10.1.1 (router3’s Ethernet address)

Trang 4

> enable

# configure terminal

(config)# hostname 2950sw3

2950sw3(config)# enable password cisco

2950sw3(config)# interface vlan1

2950sw3# show interface vlan1

9 On switch3, issue the show interfaces command

a Question: What is the Spanning Tree (802.1D) state of interface fa0/1?

b Question: What is the duplex setting for interface fa0/2?

2950sw3# show interfaces

10 From the NetSim tool bar, select Switch 4 (Catalyst 2950) Configure it with a hostname of 2950sw4 and an enable password of cisco (the enable password should be encrypted when displaying the configuration file) Assign an IP address of

197.10.1.100/24 and a default gateway of 197.10.1.1

> enable

# configure terminal

(config)# hostname 2950sw4

2950sw4(config)# enable secret cisco

2950sw4(config)# interface vlan1

11 On switch4, issue the show spantree command

a Question: what is the address of the root bridge?

b Question: what is the port cost of fa0/1?

c Question: what is the maxage interval?

d Question: what is the hello interval?

2950sw4# show spanning-tree

12 On switch4, issue the show mac-address-table command This shows which devices are attached to which switch ports

Trang 5

2950sw4# show mac-address-table

13 On switch4, permanently assign a device with MAC address 4444-4444-4444 to port fa0/5 Issue the show mac-address-table command to verify the device is in the table as a permanent entry

2950sw4(config)# mac-address-table static 4444-4444-4444 vlan 1 int fa0/5

2950sw4(config)# exit

2950sw4# show mac-address-table

14 On switch4, configure port security for port fa0/9 The switch will ‘sticky-learn’ the MAC address of the device connected to port fa0/9 and will only allow that device to connect to the port in the future

2950sw4(config)# interface fa0/9

2950sw4(config-if)# switchport port-security

2950sw4(config-if)# switchport port-security maximum 1

Trang 6

LAB 13 – VLANs and TRUNKING (Catalyst 2950 Switches)

1 In this lab, you will set up VLANs on switch3 and switch4 (Catalyst 2950

switches) and test them by pinging between router3 and PC2 Router3 is connected to Fa0/1 on switch3 and PC2 is connected to Fa0/1 on switch4 Switch3 and switch4 are interconnected through their fa0/12 Fast Ethernet ports

2 On PC2 using winipcfg, configure an IP address of 197.10.1.2/24 and a default

gateway of 197.10.1.1

c:> winipcfg

3 Verify you can presently ping between PC2 and router3 If you cannot ping

successfully, check that router3’s FastEthernet0 IP address is 197.10.1.1/24 and that the interface is enabled Also, using the winipcfg utility, check that PC2 has a configured IP address of 197.10.1.2/24

c:> ping 197.10.1.1

4 On switch3 and switch4, issue the show vlan command You should note that, by default, all switch ports are in VLAN1 Because router3, PC2, and the switch-to-switch link are all in VLAN1, you should be able to ping between PC2 and router3

Trang 7

2950swx(config-if)# switchport mode access

2950swx(config-if)# switchport access vlan 20

a Question: what trunking protocol does the 2950 use – ISL or 802.1Q?

2950swx(config-if)# switchport mode trunk

2950swx(config-if)# ctrl-z

2950swx# show interface fa0/12 switchport

10 Now ping between PC2 and router3 The pings should succeed because both devices are in the same VLAN

and the inter-switch link is a trunk line capable of carrying traffic for any VLAN

c:> ping 197.10.1.1

Trang 8

router3# ping 160.10.1.2

3 On router1, build a standard IP access-list that permits traffic from subnet 175.10.1.0, but blocks traffic from all other devices Apply this access-list to router1’s serial0 interface for inbound traffic

a Question: is a ‘deny any’ statement required in the access-list?

b Question: what does the mask 0.0.0.255 mean in the access-list?

c Question: can any number be assigned to a standard IP access-list?

router1(config)# access-list 1 permit 175.10.1.0 0.0.0.255

router1(config)# interface serial0

router1(config-if)# ip access-group 1 in

4 Test your access-list by ping’ing from router3 and router4 to router2 The pings from router3 (in subnet 175.10.1.0)

should succeed while the pings from router4 (in subnet 180.10.1.0) should fail

5 On router1, build an extended IP access-list that will allow Telnet traffic from host 175.10.1.2 (router3), and

ICMP traffic from host 180.10.1.2 (router4), but that will block everything else Remove the previous access-list and apply this new one to router1’s serial0 interface

a Question: what are two ways you can specify a host address in an extended IP list?

access-b Question: what is the number range for extended IP access-lists?

c Question: how would you permit RIP routing updates?

router1(config)# access-list 100 permit tcp host 175.10.1.2 any eq telnet

router1(config)# access-list 100 permit icmp host 180.10.1.2 any

router1(config)# interface serial0

router1(config-if)# no ip access-group 1 in

router1(config-if)# ip access-group 100 in

6 Test access-list 100 by pinging and telneting from router3 & router4 to router2 Router3 (175.10.1.2) should be able to telnet to router2, but not ping to it Router4 (180.10.1.2) should be able to ping to router2, but not telnet to it

Trang 9

Trang 10

LAB 15 - NAT/PAT

1 In this lab, you will configure NAT/PAT function on router1 You will configure three forms of translation: static network address translation, dynamic translation, and

overloading (port address translation) Remember to disable the access lists your

configured in the previous lab before continuing this lab

2 On router1, configure NAT to statically translate router2’s Ethernet address

160.10.1.2 to 169.10.1.2

router1(config)# ip nat inside source static 160.10.1.2 169.10.1.2

router1(config)# interface ethernet0

router1(config-if)# ip address 160.10.1.1 255.255.255.0

router1(config-if)# ip nat inside

router1(config-if)# interface serial0

router1(config-if)# ip nat outside

router1(config-if)# no shut

3 Test the static NAT translation by telnet’ing from router2 to router3 Once into

router3, issue the show users command The output of this command should show that 169.10.1.2 (the translated IP address) is the logged-in device

router2# telnet 175.10.1.2

router3# show users

4 Display the NAT Translation table on router1 The output of the display should show that the inside local IP address (160.10.1.2) is translated to the inside global IP address (169.10.1.2)

a Question: does the “inside global IP address” normally represent a public or a private

IP address?

router1# show ip nat translations

5 On router1, remove the previous static NAT commands and configure NAT to

translate router2’s Ethernet address to a dynamically assigned address You will utilize a

pool of public addresses in the range of 169.10.1.50 to 169.10.1.100

a Question: if the pool of dynamically assigned addresses only contains one IP address entry, what’s another term for this form of NAT translation?

router1(config)# no ip nat inside source static 160.10.1.2 169.10.1.2

router1(config)# ip nat pool pool1 169.10.1.50 169.10.1.100 netmask 255.255.255.0

router1(config)# ip nat inside source list 1 pool pool1

6 Test the dynamic NAT translation function by telneting from router2 to router3 Once into router3, issue the show users command The output of this command should show

Trang 11

that the logged-in device is 169.10.1.50 (the translated address) Also, display the NAT translation table on router1 using the show ip nat translations command

router3# show users

|router1# show ip nat translations

7 Remove the previous NAT commands Configure NAT overloading (port address translation) on router1 to translate router2’s Ethernet address

(160.10.1.2) to the serial0 interface address (175.10.1.1) on router1

router1(config)# ip nat inside source list 1 interface serial0 overload

router1(config)# interface Ethernet 0

router1(config-if)# ip nat inside

router1(config-if)# interface serial 0

router1(config-if)# ip nat outside

router1(config-if)# exit

8 Test the overloading (PAT) function by Telnet’ing from router2 to router3 Issue the show users command on router3 It should show that the logged-in device is 175.10.1.1 (the translated IP address) Also, issue the show ip nat translations command on router1

to display the NAT translation table

router3# show users

router1# show ip nat translations

9 Remove all NAT/PAT configuration commands from router1 before continuing on with the CCNA labs

Trang 12

LAB 16 - PPP & CHAP

1 In this lab, you will configure PPP and CHAP authentication on a serial interface On router1, issue the show interfaces serial 0 command Note the encapsulation type of HDLC which is the default for serial links

router1# show interfaces serial 0

2 On router1 and router3, configure PPP encapsulation for interface S0 Note that the link will not come up unless both ends are configured with the same encapsulation type

routerx(config)# interface serial0

routerx(config-if)# encapsulation ppp

3 On router1 and router3, issue the show interfaces serial 0 command to verify that PPP

is configured for the link The output should show the PPP LCP phase as ‘Open’ from router1, ping router3 to verify the link is operational

routerx# show interfaces serial 0

4 Configure PPP CHAP authentication for the S0 link on router1 and router3 Use the password of ‘cisco’

router1(config)# username router3 password cisco

router1(config)# interface serial 0

router1(config-if)# ppp authentication chap

router3(config)# interface serial 0

5 On router1 and router3, issue the show interfaces serial0 command to verify the link is

‘up and up’ Ping from router1 to router3 across the link

routerx# show interfaces serial0

Trang 13

LAB 17 – ISDN BRI-BRI using Legacy DDR

authentication should be used Refer to the table above for ISDN switch-type, IP

addresses, subnet masks, and telephone numbers

router1(config)# isdn switch-type basic-ni

router1(config)# dialer-list 1 protocol ip permit

router1(config)# interface bri0

router1(config-if)# encap ppp

router1(config-if)# isdn spid1 32177820010100

router1(config-if)# dialer-group 1

router1(config-if)# dialer map ip 200.10.1.2 name router2 broadcast 7782002

router2(config)# isdn switch-type basic-ni

router2(config)# dialer-list 1 protocol ip permit

router2(config)# interface bri0

router2(config-if)# encap ppp

router2(config-if)# isdn spid1 32177820020100

router2(config-if)# dialer-group 1

router2(config-if)# dialer map ip 200.10.1.1 name router1 broadcast 7782001

2 Issue the show isdn status command on both router1 and router2 You should see: Layer1: Active

Layer2: Multiple Frame Established with spid1 valid

routerx# show isdn status

3 Issue the show interfaces bri0 command on router1 This displays the signaling or D Channel It should show ‘Up and Up (spoofing)’ if it is ready to handle a call request

Trang 14

Now issue the command show interfaces bri0 1 2 This should show the status of the two data, or B channels

a Question: what status are the B channels? Why?

router1# show interfaces bri0

router1# show interfaces bri0 1 2

4 From router1, ping the ISDN interface of router2 This should cause an ISDN call to

be initiated and the pings should succeed

a Question: which configuration parameter(s) on router1 identifies the interesting traffic that will trigger a call?

5 Issue the show isdn status command on router1

a Question: what does it show for the ‘Layer 3 Status’?

router1# show isdn status

6 Issue the show interfaces bri0 1 2 command on router1

a Question: what is the status of the two B channels?

router1# show interfaces bri0 1 2

Tiêu đề	VLANs and Trunking (Catalyst 1900 Switches)
Trường học	Boson Software, Inc.
Chuyên ngành	Networking
Thể loại	Lab
Năm xuất bản	1998-2004

Định dạng
Số trang	29
Dung lượng	172,9 KB