Monavathia's Blog

CCNA 3 Labskill Chapter 2

Posted on: December 2, 2010

Lab 2.3.5 Configuring Basic Routing and Switching

Objectives

• Configure static routes.

•  Configure a routing protocol (RIP v2).

•  Configure a switch management VLAN IP address.

•  Test and verify configurations.

Background / Preparation

This lab reviews the primary IOS commands used to manage, configure, and monitor devices in a multirouter network. In this lab, you will configure two routers using static routes and then using a routing protocol; configure a switch, including access to management functions; and configure two hosts. You will make and verify configuration changes on the switch. You will also verify network configurations and connectivity.

The following resources are required:

•  Cisco 2960 switch or other comparable switch

•  Two 1841 or other compatible Cisco routers with Fast Ethernet interfaces to connect to switch and host

•  Two Windows-based PCs, at least one with a terminal emulation program

•  At least one RJ45-to-DB-9 connector console cable

•  Two straight-through Ethernet cables

•  One crossover Ethernet cable

•  Access to the PC command prompt

•  Access to PC network TCP/IP configuration

NOTE: Go to the “Erasing and Reloading the Switch” instructions at the end of this lab. Perform those steps on the switch in this lab assignment before continuing.

Step 1: Connect PC1 to the switch

Step 2: Perform an initial configuration on the switch

  1. Configure the hostname of the switch as Switch1.

Switch>enable

Switch#configure terminal

Switch(config)#hostname Switch1

  1. Set the privileged EXEC mode password to cisco.

Switch1(config)#enable password cisco

  1. Set the privileged EXEC mode secret password to class.

Switch1(config)#enable secret class

  1. Configure the console and virtual terminal lines to use a password and require it at login.

Switch1(config)#line console 0

Switch1(config-line)#password cisco

Switch1(config-line)#login

Switch1(config-line)#line vty 0 15

Switch1(config-line)#password cisco

Switch1(config-line)#login

Switch1(config-line)#end

  1. Exit from the console session and log in again.

Which password was required? Why?

Jawab:

Password yang digunakan ialah cisco, karena untuk mengakses kelas atau host yang telah dibentuk menggunakan konfigurasi pada switch, sehingga kelas tersebut bersifat tertutup, sehingga membutuhkan password untuk login.

Step 3: Configure the switch management interface on VLAN 1

  1. Enter the interface configuration mode for VLAN 1.

Switch1(config)#interface vlan 1

  1. Set the IP address, subnet mask, and default gateway for the management interface.

Switch1(config-if)#ip address 192.168.1.5 255.255.255.0

Switch1(config-if)#no shutdown

Switch1(config-if)#exit

Switch1(config)#ip default-gateway 192.168.1.1

  1. Why does interface VLAN1 require an IP address in this LAN?

Jawab;

Dibutuhkan alamt IP pada VLAN ini karena mengkonfigurasi dua router dengan menggunakan rute statis dan kemudian menggunakan protokol routing.

  1. What is the purpose of the default gateway?

Jawaban:

Diperlukannya gateway sebagai menjembatanai jaringan local atau dalam skala kecil agar dapat terkoneksi dengan jaringan induk / server.

Step 4: Verify configuration of the switch

a. Verify that the IP address of the management interface on the switch VLAN 1 and the IP address of PC1 are on the same local network. Use the show running-config command to check the IP address configuration of the switch.

b.  Save the configuration.

Step 5: Perform basic configuration of router R1

Connect switch port Fa0/3 to interface Fa0/0 of router R1. Establish a terminal emulation session to router R1 from PC1. Enter privileged EXEC mode, and then global configuration mode.

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Configure the router name as R1.

Router(config)#hostname R1

Disable DNS lookup.

R1(config)#no ip domain-lookup

Why would DNS lookup be disabled in a lab environment?

Jawab:

karena jika menggunakan DNS IP address yang telah terdaftar saja yang bias menggunakan jaringan, karena pada pengaturan ini IP address terdaftar secara otomatis.

Configure the EXEC mode password.

R1(config)#enable secret class

Why is it not necessary to use the enable password password command?

Jawab:

karena telah dikonfigurasi sebelumnya , yaitu member password pada pengaturan host, sehingga tidak diperlukan lagi password pada password command.

Configure a message-of-the-day banner using the banner motd command.

Where does this banner display?

Configure the console and virtual terminal lines to use a password and require it at login.

R1(config)#line console 0

R1(config-line)#password cisco

R1(config-line)#login

R1(config-line)#line vty 0 4

R1(config-line)#password cisco

R1(config-line)#login

R1(config-line)#end

Step 6: Configure interfaces and static routing on router R1

  1. Configure the FastEthernet 0/0 interface with the IP address 192.168.1.1/24.

R1(config)#interface fastethernet 0/0

R1(config-if)#ip address 192.168.1.1 255.255.255.0

R1(config-if)#no shutdown

  1. Configure the Serial 0/0/0 interface with the IP address 192.168.2.1/24. Set the clock rate to 64000.

R1(config-if)#interface serial 0/0/0

R1(config-if)#ip address 192.168.2.1 255.255.255.0

R1(config-if)#clock rate 64000

R1(config-if)#no shutdown

  1. Return to global configuration mode.
  2. Create a static route to enable R1 to reach the network attached to the R2 Fa0/0 interface. Use the next hop interface on R2 as the path to this network.

R1(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.2

  1. Why is this static route the only one required?

Jawab:

karena Konfigurasi interface dan statis routing pada router R1 telah mendaftarkan terlebih dahulu IP address statis yang diperlukan.

  1. Return to privileged EXEC mode.
  2. Save the configuration.
  3. Shut down R1.

Step 7: Connect PC2 to router R2

Connect PC2 to the Fast Ethernet interface 0/0 of router R2.

What kind of cable is required to connect a host directly to a router Ethernet port?

Jawab:

jenis kabel twisted, atau UTP

Establish a terminal emulation session with router R2 from PC2.

Step 8: Perform basic configuration of router R2

Repeat Step 5, a through h, making the hostname R2. Configure the Serial 0/0/0 interface with the IP address 192.168.2.2/24.

R2(config)#interface serial 0/0/0

R2(config-if)#ip address 192.168.2.2 255.255.255.0

R2(config-if)#no shutdown

Configure the FastEthernet 0/0 interface with the IP address 192.168.3.1/24.

R2(config-if)#interface fastethernet 0/0

R2(config-if)#ip address 192.168.3.1 255.255.255.0

R2(config-if)#no shutdown

Create a static route to enable R2 to reach the network attached to the R1 Fa0/0 interface. Use the

next hop interface on R1 as the path to this network.

R2(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1

Return to privileged EXEC mode. Save the configuration. Shut down R2.

Step 9: Connect the internetwork

  1. Connect R1 and R2 using a serial cable between their configured serial interfaces.
  2. Verify that the serial DCE cable is connected to R1 and that the serial DTE cable is connected to R2.
  3. Start up both routers, and log in.

Step 10: Verify and test the configurations

a.  To verify that PC1 and Switch1 are correctly configured, ping the switch IP address from PC1.

b.  To verify that Switch1 and R1 are correctly configured, ping the router Fa0/0 interface (default gateway) IP address from the Switch1 CLI.

c.  To verify that PC2 and R2 are correctly configured, ping the router Fa0/0 interface from PC2.

Were the pings successful? (ya berhasil) If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the host, switch, and router configurations.

d.  Verify that the routing tables have routes to all configured networks by using the show ip route command.  What does the “S” indicate?

Jawab:

symbol “S” merupaakn pembatasan hak akses yang berarti security, karena telah dikonfigurasikan pada tahapan awal tadi.

e.  Verify the router interface configurations using the show ip interface brief command.  What should the output indicate for correctly configured, active interfaces?

Jawab:

jika terminal R1 dan R2 telah terkoneksi

What should the output indicate for any interface that has not been configured?

Jawab:

akan memunculkan Requst time out atau host unreachable

f.  View devices from R1’s terminal session using the show cdp neighbors command. If an additional switch is added between PC2 and R2, would that switch appear in this command output? Why or why not? CDP only displays directly-connected Cisco devices.

Jawab:

maka perlu ditambahakn perintah

R2(config-if)# interface FastEthernet 0 / 0
R2 (config-if) # ip address PC2(alamat IP addressnya) 255.255.255.0
R2 (config-if) # shutdown tidak

Step 11: Remove Static Route and configure a routing protocol on router R1

a.  Remove the static route to 192.168.3.0.

R1(config)#no ip route 192.168.3.0 255.255.255.0 192.168.2.2

b.  Enable RIP v2 routing and advertise the participating networks.

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#network 192.168.1.0

R1(config-router)#network 192.168.2.0

c.  Return to privileged EXEC mode.

d.  Save the configuration.

Step 12: Remove Static Route and configure a routing protocol on router R2

a.  Remove the static route to 192.168.1.0.

R2(config)#no ip route 192.168.1.0 255.255.255.0 192.168.2.1

R2(config)#router rip

R2(config-router)#version 2

R2(config-router)#network 192.168.2.0

R2(config-router)#network 192.168.3.0

c.  Return to privileged EXEC mode.

d.  Save the configuration.

Step 13: Verify and test the configurations

a.  To verify that PC1 and Switch1 are correctly configured, ping the switch IP address from PC1.

b.  To verify that Switch1 and R1 are correctly configured, ping the router Fa0/0 interface (default gateway) IP address from the Switch1 CLI.

c.  To verify that PC2 and R2 are correctly configured, ping the router Fa0/0 interface from PC2.  Were the pings successful? If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the host, switch, and router configurations.

d.  Verify that the routing tables have routes to all configured networks by using the show ip route

command. R2’s routing table should display: What does the “R” indicate? On R1, which route would be displayed with an “R”?

jawab;

huruf R menunjukkan proses routing yang telah dikonfigurasikan untuk menghubungkan R1 dan R2 pada temapt yang berbeda.

e.  Verify the router interface configurations using the show ip interface brief command.

f.  View devices from R1’s terminal session using the show cdp neighbors command.

Step 14: Use the switch management interface

a.  Open a command prompt on PC1, and enter the telnet command followed by the IP address assigned to management interface VLAN 1.

b.  Enter the vty password configured in Step 2 to gain access to the switch.

c.  At the switch prompt, issue the show version command.

Switch1>show version

d.  What is the Cisco IOS version of this switch?

Jawab:

V 2.0.1

e.  Determine which MAC addresses the switch has learned by using the show mac-address-table command at the privileged EXEC mode prompt.

Switch1#show mac-address-table

How can you determine the MAC address belonging to PC1?

Jawab:

Cara menetukannya = dapat dilihat dari table mac address dan lihat computer PC1 .

Does PC1’s MAC address match one in the switch table?

Jawab:

Ya

f.  To allow the switch port FastEthernet 0/1 to accept only one device, configure port security as

follows:

Switch1(config-if)#switchport mode access

Switch1(config-if)#switchport port-security

Switch1(config-if)#switchport port-security mac-address sticky

Switch1(config-if)#end

g.  Check the port security settings.

Switch1#show port-security

Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action

(Count)       (Count)          (Count)

—————————————————————————

Fa0/1            1          1                0         Shutdown

—————————————————————————

If a host other than PC1 attempts to connect to Fa0/1, what will happen?

Jawab:

Akan dimatikan secara otomatis.

h. Issue the show interfaces command. What is the duplex and speed setting for Fa0/5 now?

i. Enter quit at the switch command prompt to terminate the Telnet session.

Step 15: Reflection

a.  Describe a situation in which you would use virtual terminal access to manage a switch, as you did in

Step 11.

Jawab:

bias di implementasika pada kantor kecil yang jaraknya dekat atau bersebelahan.

b.  Which symbol is used to show a successful ping in the Cisco IOS software?

Jawab:

congratulation

c.  Which commands used in this lab would provide the best documentation for this network?

Jawab:

Switch1 # show mac-address-table

d.  This lab gave you an opportunity to review and display your knowledge of configuration commands. If you were asked to state three rules for “best practices” in device configuration, what would they be?

Jawab:

1. Menetukan rute terbaik

2. memilih jenis protocol yang digunakan dan membatasi IP address

3. mendaftarkan MAC address

e.  Erase and reload all devices.

1)  At the privileged EXEC mode, enter the reload command:

Switch(config)#reload

The responding line prompt is:

System configuration has been modified. Save? [yes/no]:

2) Type n, and then press Enter.

The responding line prompt is:

Proceed with reload? [confirm] [Enter]

The first line of the response is:

Reload requested by console.

After the switch has reloaded, the line prompt is:

Would you like to enter the initial configuration dialog? [yes/no]:

3) Type n, and then press Enter.

The responding line prompt is:

Press RETURN to get started! [Enter]

Erasing and Reloading the Router

Enter the privileged EXEC mode by typing enable.

Router>enable

In privileged EXEC mode, enter the erase startup-config command.

Router#erase startup-config

The responding line prompt is:

Erasing the nvram filesystem will remove all files! Continue?

[confirm]

Press Enter to confirm.

The response is:

Erase of nvram: complete

In privileged EXEC mode, enter the reload command.

Router(config)#reload

The responding line prompt is:

System configuration has been modified. Save? [yes/no]:

Type n and then press Enter.

The responding line prompt is:

Proceed with reload? [confirm]

Press Enter to confirm.

In the first line of the response is:

Reload requested by console.

After the router has reloaded the line prompt is:

Would you like to enter the initial configuration dialog? [yes/no]:

Type n and then press Enter.

The responding line prompt is:

Press RETURN to get started!

Press Enter.

The router is ready for the assigned lab to be performed.

SDM Router Basic IOS Configuration to Bring Up SDM

If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic config as follows. Further details regarding the setup and use of SDM are can be found in the SDM Quick Start Guide:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_quick_start09186a0080511c89.html#wp44788

Set the router Fa0/0 IP address. This is the interface that a PC will connect to using a browser to bring up SDM. The PC IP address should be set to 10.10.10.2  255.255.255.248.

NOTE: An SDM router other than the 1841 may require connection to a different port to access SDM.

Router(config)#interface Fa0/0

Router(config-if)#ip address 10.10.10.1 255.255.255.248

Router(config-if)#no shutdown

Enable the router’s HTTP/HTTPS server, using the following Cisco IOS commands:

Router(config)#ip http server

Router(config)#ip http secure-server

Router(config)#ip http authentication local

Create a user account with privilege level 15 (enable privileges).

Router(config)#username <username> privilege 15 password 0 <password>

Replace <username> and <password> with the username and password that you want to

configure.

Configure SSH and Telnet for local login and privilege level 15.

Router(config)#line vty 0 4

Router(config-line)#privilege level 15

Router(config-line)#login local

Router(config-line)#transport input telnet

Router(config-line)#transport input telnet ssh

Router(config-line)#exit

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: