Monavathia's Blog

CCNA 3 Labskill Chapter 3

Posted on: December 2, 2010

Lab 3.1.4 Applying Basic Switch Security

Objectives

•  Configure passwords to ensure that access to the CLI is secured.

•  Configure a switch to remove http server status for security.

•  Configure port security.

•  Disable unused ports.

•  Test security configuration by connecting unspecified hosts to secure ports.

Background / Preparation

Set up a network similar to the one in the topology diagram.  The following resources are required:

•  One Cisco 2960  or comparable switch

•  Two Windows-based PCs, at least one with a terminal emulation program

•  At least one RJ-45-to-DB-9 connector console cable

•  Two straight-through Ethernet cables (PC1 and PC2 to switch)

•  Access to the PC command prompt

•  Access to PC network TCP/IP configuration

Step 1: Connect PC1 to the switch

a.  Connect PC1 to Fast Ethernet switch port Fa0/1. Configure PC1 to use the IP address, mask, and gateway shown in the table.

b.  Establish a terminal emulation session to the switch from PC1.

Step 2: Connect PC2 to the switch

a.  Connect PC2 to Fast Ethernet switch port Fa0/4.

b.  Configure PC2 to use the IP address, mask, and gateway shown in the table.

Step 3: Configure PC3 but do not connect

A third host is needed for this lab.

a.  Configure PC3 using IP address 192.168.1.5. The subnet mask is 255.255.255.0, and the default gateway is 192.168.1.1.

b.  Do not connect this PC to the switch yet. It will be used for testing security.

Step 4: Perform an initial configuration on the switch

a.  Configure the hostname of the switch as Switch1.

Switch>enable

Switch#config terminal

Switch(config)#hostname Switch1

b.  Set the privileged EXEC mode password to cisco.

Switch1(config)#enable password cisco

c.  Set the privileged EXEC mode secret password to class.

Switch1(config)#enable secret class

d.  Configure the console and virtual terminal lines to use a password and require it at login.

Switch1(config)#line console 0

Switch1(config-line)#password cisco

Switch1(config-line)#login

Switch1(config-line)#line vty 0 15

Switch1(config-line)#password cisco

Switch1(config-line)#login

Switch1(config-line)#end

e.  Exit from the console session and log in again. Which password was required to enter privileged EXEC mode? Why?

Jawab:

password yang digunakan ialah CISCO, karena telah dikonfihurasi untuk menampilkan izin login.

Step 5: Configure the switch management interface on VLAN 1

a.  Enter the interface configuration mode for VLAN 1.

Switch1(config)#interface vlan 1

b.  Set the IP address, subnet mask, and default gateway for the management interface.

Switch1(config-if)#ip address 192.168.1.2 255.255.255.0

Switch1(config-if)#no shutdown

Switch1(config-if)#exit

Switch1(config)#ip default-gateway 192.168.1.1

Switch1(config)#end

Why does interface VLAN 1 require an IP address in this LAN?

Jawab:

karena alamat IP digunakan sebagai interface management.

What is the purpose of the default gateway?

Jawab:

tujuan dari default gateway ialah sebagai penjembatan agar jaringan local bias mengakses jaringan induk.

Step 6: Verify the management LANs settings

a.  Verify that the IP address of the management interface on the switch VLAN 1 and the IP address of PC1 and PC2 are on the same local network. Use the show running-config command to check the IP address configuration of the switch.

b.  Verify the interface settings on VLAN 1.

Switch1#show interface vlan 1

What is the bandwidth on this interface?

What are the VLAN states?

VLAN 1 is and line protocol is

Step 7: Disable the switch from being an http server

Turn off the feature of the switch being used as an http server.

Switch1(config)#no ip http server

Step 8: Verify connectivity

a.  To verify that hosts and switch are correctly configured, ping the switch IP address from the hosts.

Were the pings successful? If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the host and switch configurations.

b.  Save the configuration.

Step 9: Record the host MAC addresses

Determine and record the Layer 2 addresses of the PC network interface cards. From the command prompt of each PC, enter ipconfig /all.

PC1     192.168.1.1

PC2     192.168.1.2

PC3     192.168.1.3

Step 10: Determine what MAC addresses the switch has learned

Determine what MAC addresses the switch has learned by using the show mac-address-table command at the privileged EXEC mode prompt.

Switch1#show mac-address-table

How many dynamic addresses are there? 3 buah

How many total MAC addresses are there?3 buah

Do the MAC addresses match the host MAC addresses? Ya, cocok.

Step 11: View the show mac-address-table options

View the options that the show mac-address-table command has available.

Switch1(config)#show mac-address-table ?

What options are available? Untuk memutuskan , melihat nama dari PC yang mengakses.

Step 12: Set up a static MAC address

Set up a static MAC address on FastEthernet interface 0/4. Use the address that was recorded for PC2 in Step 9. The MAC address 00e0.2917.1884 is used in this example statement only.

Switch1(config)#mac-address-table static 00e0.2917.1884 vlan 1

interface fastethernet 0/4

Step 13: Verify the results

a.  Verify the MAC address table entries.

Switch1#show mac-address-table

How many dynamic MAC addresses are there now?

Jawab:

3 buah

How many static MAC addresses are there now?

Jawab:

3 buah

b.  Remove the static entry from the MAC Address Table.

Switch1(config)#no mac-address-table static 00e0.2917.1884 vlan 1

interface fastethernet 0/4

Step 20: Reflection

a.  Why would port security be enabled on a switch?

Jawab:

agar ketika mengakses jaringan hanya no Mac address ayng terdaftar aygn bias mengakses.

b.  Why should unused ports on a switch be disabled?

Jawab:

agar ports yagn tidak terpakai tidak mengganggu dan menyebabkan data terkirim ke port yagn dipakai. Dan otomatis jika semakin sedikit port semakin cepat koneksi aygn diperoleh.

 

Lab 3.2.3 Building a Switched Network with Redundant Links

Objectives

•  Create a switched network with redundant links.

•  Determine which switch is selected to be the root bridge with the factory default settings.

•  Configure the BID on a switch to control the selection of the root bridge.

Background / Preparation

This lab examines the effect that selection of a root bridge has on traffic patterns in a switched network with redundant links. You will configure the network with default factory settings and then reassign the root bridge by changing the bridge priority value. You will observe the spanning tree as the network adjusts to the changes.

The following resources are required:

•  Two Cisco 2960 switches or other comparable switches

•  Two Windows-based PCs, one with a terminal emulation program; one as the host, one as the server

•  At least one RJ-45-to-DB-9 connector console cable to configure the switches

•  Two straight-through Ethernet cables

•  Two crossover Ethernet cables

•  Access to the PC command prompt

•  Access to PC network TCP/IP configuration

NOTE: Make sure that the routers and the switches have been erased and have no startup configurations.

Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy

Connection in the Tools section.

NOTE: SDM Enabled Routers – If the startup-config is erased in an SDM enabled router, SDM will no longer

come up by default when the router is restarted. It will be necessary to build a basic router configuration using

IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you

wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools

section or contact your instructor if necessary.

Step 1: Cable the network

a.  Connect Host 1 to Switch 1 Fast Ethernet port Fa0/7, using a straight-through Ethernet cable.

b.  Connect Host 2 to Switch 2 Fast Ethernet port Fa0/8, using a straight-through Ethernet cable.

c.  Connect Switch 1 Fast Ethernet port Fa0/1 to Switch 2 Fast Ethernet port Fa0/1, using a crossover Ethernet cable.

d.  Create a redundant link between the switches by connecting Switch 1 Fast Ethernet port Fa0/4 to Switch 2 Fast Ethernet port Fa0/4, using a crossover Ethernet cable. What typically undesirable traffic pattern have you created by using the two crossover cables between the two switches? Memang ada jalur yang seharusnya tidak usah dibentuk

Predict: What do you think the switches will do to keep this from becoming a problem? tidak

Step 2: Configure the switches

a.  Establish a terminal emulation session to Switch 1 from Host 1.

b.  Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on  Switch 1.

c.  Save the configuration.

d.  Establish a terminal emulation session to Switch 2 from either Host 1 or Host 2.

e.  Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on  Switch 2.

f.  Save the configuration.

Step 3: Configure the hosts

a.  Configure each host to use an IP address in the same network as the switches.

b.  Configure each host to use the same subnet mask as the switches. Why is no default gateway specified for this network? Karena memiliki dua buah media transmisi kabel cross

Step 4: Verify connectivity

  1. To verify that the network is set up successfully, ping from Host 1 to Host 2.

Was the ping successful? tidak If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated.

  1. If the ping is not successful, what utility could you use to determine where the connection is failing?

Step 5: Examine interface VLAN 1 information

a.  From the terminal emulation session on either switch, enter the command show interface vlan1 ? at the privileged EXEC mode prompt.

SwitchA#show interface vlan1 ?

List some of the options that are available.

b.  On SwitchA, enter the command show interface vlan1 at the privileged EXEC mode prompt.

SwitchA#show interface vlan1

What is the MAC address of the switch?

What other term for MAC address is used?

c.  On SwitchB, enter the command show interface vlan1 at the privileged EXEC mode prompt.

What is the MAC address of the switch?

Which switch should be the root of the spanning tree for this network?

Step 6: Examine the spanning-tree tables on each switch

a.  On SwitchA, enter the command show spanning-tree at the privileged EXEC mode prompt.

b.  On SwitchB, enter the command show spanning-tree at the privileged EXEC mode prompt.

c.  Examine the outputs and answer the following questions:

Which switch is the root bridge?

What is the priority of the root bridge?

What is the bridge ID of the root bridge?

Which ports are forwarding on the root bridge?

Which ports are blocking on the root bridge? What is the priority of the non-root bridge?

What is the bridge ID of the non-root bridge?

Which ports are forwarding on the non-root bridge?

Which ports are blocking on the non-root bridge?

d.  Examine the link lights on both switches.

Can you tell which port is in blocking state?

Why is there no change in the link lights?

Step 7: Reassign the root bridge

What would you do if you wanted a different switch to be the root bridge for this network?

Why might you want to do this?

For the purposes of this lab, assume that the switch that is currently the root bridge is undesirable.

The example assumes that SwitchB is preferred as the root switch. To “force” SwitchB to become the new

root bridge, you need to configure a new priority for it.

a.  Go to the console and enter configuration mode on SwitchB.

b.  Determine the options that can be configured for the Spanning Tree Protocol by issuing this

command:

SwitchB(config)#spanning-tree ?

c.  List the options that are available:

d.  Set the priority of the switch to 4096.

SwitchB(config)#spanning-tree vlan 1 priority 4096

SwitchB(config)#exit

Step 8: Look at the spanning-tree table

a.  On SwitchA, enter show spanning-tree at the privileged EXEC mode prompt.

b.  On SwitchB, enter show spanning-tree at the privileged EXEC mode prompt.

c.  Examine the outputs and answer the following questions:

Which switch is the root bridge?

What is the priority of the root bridge?

What is the bridge ID of the root bridge?

Which ports are forwarding on the root bridge? Which ports are blocking on the root bridge?

What is the priority of the non-root bridge?

What is the bridge ID of the non-root bridge?

Which ports are forwarding on the non-root bridge?

Which ports are blocking on the non-root bridge?

Step 9: Verify the running configuration file on the root bridge

a.  On the switch that was changed to be the root bridge, enter the show running-config command

at the privileged EXEC mode prompt.

b.  Locate the spanning-tree priority information for this switch.

c.  How can you tell from the information given that this switch is the root bridge?

Step 10: Reflection

Suppose that you are adding new switches to a company’s network. Why should you plan the physical design carefully? Why should you be prepared to make adjustments to factory default settings?

 

Lab 3.2.4 Verifying STP with Show Commands

Objectives

•  Create a switched network with redundant links.

•  Observe how the Spanning Tree Protocol adjusts to changes in the switched network topology.

•  Verify the status of a spanning tree.

Background / Preparation

This lab demonstrates advantages and disadvantages of the Spanning Tree Protocol in dealing with changes to a switched network with redundant links. You will configure the network with default factory settings and then examine the spanning-tree tables for the switches before and after a link is removed. You will use various show commands to verify the operation of the spanning-tree algorithm.

The following resources are required:

•  Two Cisco 2960 switches or other comparable switches

•  Two Windows-based PCs, one with a terminal emulation program, one as the host, one as the server

•  At least one RJ-45-to-DB-9 connector console cable to configure the switches

•  Two straight-through Ethernet cables

•  Two crossover Ethernet cables

•  Access to the PC command prompt

•  Access to PC network TCP/IP configuration

Step 1: Cable the network

a.  Connect Host 1 to Switch 1 Fast Ethernet port Fa0/7, using a straight-through Ethernet cable.

b.  Connect Host 2 to Switch 2 Fast Ethernet port Fa0/8, using a straight-through Ethernet cable.

c.  Connect Switch 1 Fast Ethernet port Fa0/1 to Switch 2 FastEthernet port Fa0/1, using a crossover Ethernet cable.

d.  Create a redundant link between the switches by connecting Switch 1 Fast Ethernet port Fa0/4 to Switch 2 Fast Ethernet port Fa0/4, using a crossover Ethernet cable. What is the advantage of providing redundant links in a network like this one?

Step 2: Configure the switches

a.  Establish a terminal emulation session to Switch 1 from Host 1.

b.  Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on

Switch 1.

c.  Save the configuration.

d.  Establish a terminal emulation session to Switch 2 from either Host 1 or Host 2.

e.  Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on Switch 2.

f.  Save the configuration.

Step 3: Configure the hosts

a.  Configure each host to use an IP address in the same network as the switches.

b.  Configure each host to use the same subnet mask as the switches.

Step 6: Determine the roles of ports participating in the spanning tree on each switch

a.  On SwitchA, enter the command show spanning-tree at the privileged EXEC mode prompt.

b.  On SwitchB, enter the command show spanning-tree at the privileged EXEC mode prompt.

Which switch is the root bridge?

c.  The spanning tree is using three ports on each switch. Complete this chart indicating the port state

and role for each port.

Step 7: Create a change in the network topology

a.  Remove the crossover cable from the forwarding port on the non-root bridge.

d.  Continue to check the spanning tree on both switches until a new tree has been calculated and all ports are either forwarding or blocking.  How long does it take for this to happen?

e.  Replace the cable that was removed in Step 7a.

f.  Wait again until both switches have recalculated their tables.   How much time has passed since you first removed the crossover cable?

Step 8: Examine the spanning tree on each switch

a.  On each switch, enter the command show spanning-tree detail.

b.  Examine the information for port Fa0/1. The output shows the interface, role, and state for each

switch. It also provides details about port activity and characteristics.

Step 9: Reflection

Your networking team is deciding whether to disable Spanning Tree Protocol on the switches in your corporate network. Explain how you would feel about this decision. What are the advantages and disadvantages? How would this decision affect your network design?


Lab 3.3.2 Configuring, Verifying, and Troubleshooting VLANs

Objectives

•  Observe default switch VLAN configuration and operation.

•  Configure static VLANs on a switch.

•  Verify VLAN configuration and operation.

•  Modify an existing VLAN configuration.

Background / Preparation

This lab focuses on the basic VLAN configuration of the Cisco 2960 switch (or similar) using Cisco IOS commands. The information in this lab applies to other switches; however, command syntax may vary. Depending upon the switch model, the interface designations may differ. For example, modular switches have multiple slots; therefore, the Fast Ethernet ports may be FastEthernet 0/1 or FastEthernet 1/1, depending on the slot and port. The router used can be any router.

The following resources are required:

•  One Cisco 2960 switch or equivalent switch

•  One Cisco 1841 router or equivalent

•  Two Windows-based PCs with a terminal emulation program

•  At least one RJ-45-to-DB-9 connector console cable to configure the switch and the router

•  Three straight-through Ethernet cables to connect from the PCs to Switch 1

NOTE: Make sure that the router and all the switches have been erased and have no startup configurations. For detailed instructions, refer to the Lab Manual that is located on Academy Connection in the Tools section.

NOTE: SDM Routers – If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. Contact your instructor if necessary.

Step 1: Connect the equipment

a.  Connect the router Fa0/0 interface with a straight-through cable to Switch 1 Fa0/8 interface.

b.  Connect the Host 1a Ethernet interface with a straight-through cable to Switch 1 Fa0/2 interface.

c.  Connect the Host 1b Ethernet interface with a straight-through cable to Switch 1 Fa0/3 interface.

d.  Connect a PC with a console cable to perform configurations on the router and switches.

e.  Configure IP addresses on the hosts as shown in the chart.

Step 2: Perform basic configuration on the router

a.  Connect a PC to the console port of the router to perform configurations using a terminal emulation program.

b.  Configure Router 1 with a hostname and console, Telnet, and privileged passwords according to the table diagram.

Step 3: Configure Switch 1

a.  Configure S1 hostname and passwords.

b.  Configure Switch 1 with a hostname and console, Telnet, and privileged passwords according to the

addressing table.

c.  Configure S1 with an IP address and default gateway.

S1(config)#interface vlan1

S1(config-if)#ip address 172.16.1.2 255.255.255.0

S1(config-if)#no shutdown

S1(config-if)#exit

S1(config)#ip default-gateway 172.16.1.1

S1(config)#end

Step 4: Verify connectivity and default VLAN configuration

a.  Verify LAN connectivity by pinging from the router to the switch and the hosts. Also verify that you can ping from host to host.

b.  Verify default VLAN configuration with the show vlan command on S1.

S1#show vlan

Are all switch ports assigned to VLAN 1? Ya, VLAN 1 port switchnya memang pada S1

Step 5: Configure VLANs on S1

a.  Create and name two additional VLANs on S1.

S1(config)#vlan 20

S1(config-vlan)#name fred

S1(config-vlan)#exit

S1(config)#vlan 30

S1(config-vlan)#name wilma

S1(config-vlan)#exit

b.  Verify the creation of the new VLANs with the show vlan command.

S1#show vlan

Do the new VLANs appear in the output? ya

What interfaces belong to the new VLANs? R1 yaitu FA0/0

c.  Assign interfaces to VLANs. Assign S1 port Fa0/2 to VLAN 20 and ports Fa0/3 – Fa0/8 to VLAN 30.

S1(config)#int Fa0/2

S1(config-if)#switchport access vlan 20

S1(config-if)#exit

S1(config-)#interface range Fa0/3 – 8

S1(config-if-range)#switchport access vlan 30

S1(config-if-range)#end

S1#show running-config

Observe that the switchport access command was applied to ports Fa0/2 – Fa0/8.

d.  Verify the port assignments of the new VLANs with the show vlan command.

S1#show vlan

Which interfaces now belong to VLAN 1? R1

Which interfaces belong to VLAN 20? S1

Which interfaces belong to VLAN 30? 1b

e.  Other commands can be used to show different amounts of information or specific pieces of

information. Enter the following commands on S1 and observe the output:

S1#show vlan brief

Is all of the basic VLAN membership information shown? Tidak semuanya ditampilkan pada command show VLAN brief

S1#show vlan id 30

What information is shown?hanya IP address

S1#show vlan name fred

What information is shown? Nama – nama port yang terhubung.

Step 6: Verify VLAN segmentation

In the previous step, the ports connected to R1 and Host 1b were placed in one VLAN and Host 1a was

placed in another. Even though these hosts are connected to one switch, it appears as if there are two

separate switches. Connectivity tests will prove this.

a.  Ping from Host 1b to R1.

Were the pings successful? Ya berhasil

b.  Ping from Host 1b to Host 1a.

Were the pings successful?berhasil

c.  Ping from Host 1b to R1.

Were the pings successful? tidak

Why were some pings successful and others not?

Karena beberapa ada yang perlu dilakukan VLAN agar dapat berkomunikasi sedangkan yang lain hanya perlu switch agar dapat berkomunikasi.

How could Host 1b communicate with Host 1a in different VLAN?

Menggunakan interface dari R1

Step 7: Change and delete VLAN configurations

a.  Reassign S1 port Fa0/3 to VLAN 20.

S1(config)#interface Fa0/3

S1(config-if)#switchport access vlan 20

S1(config)#end

S1#show vlan

Does the output reflect the VLAN membership change? ya

b.  Remove VLAN 30.

Which two commands would be used to delete all VLAN configuration and return to the default

configuration?

Step 8: Reflection

a.  Why would VLANs be configured in a network?

Jawaban = vlan dapat digunakan untuk menghubungkan dan membatasi dan juga bias memferivikasi ports ports yagn bisa terkoneksi.

b.  What must be set up to communicate between VLANS?

Yang harus diatur ialah menentukan VLAN 1 berserta IP address dan Gateway

c.  With no configuration, what VLAN are all ports a member of?

VLAN1

 

Lab 3.4.1 Creating VLANs and Assigning Ports

Objectives

•  Configure three VLANs on a switch.

• Verify connectivity.

Background / Preparation

This lab focuses on the basic VLAN configuration of the Cisco 2960 switch (or similar) using Cisco IOS commands. The information in this lab applies to other switches; however, command syntax may vary. Depending upon the switch model, the interface designations may differ. For example, modular switches have multiple slots; therefore, the Fast Ethernet ports may be Fast Ethernet 0/1 or Fast Ethernet 1/1, depending on the slot and port.

The following resources are required:

•  One Cisco 2960 switch or other comparable switch

•  Three Windows-based PCs with a terminal emulation program

•  One RJ-45-to-DB-9 connector console cable to configure the switch

•  Three straight-through Ethernet cables to connect from the PCs to Switch 1

NOTE: Make sure that the switch has been erased and has no startup configurations. Instructions for erasing the switch are provided in the Lab Manual, located on Academy Connection in the Tools section.

Step 1: Connect the equipment

a.  Connect PC1 to the switch with a console cable.

b.  Connect PC1 to switch port Fast Ethernet 0/4 with a straight-through Ethernet cable.

c.  Connect PC2 to switch port Fast Ethernet 0/5 with a straight-through Ethernet cable.

d.  Connect PC3 to switch port Fast Ethernet 0/7 with a straight-through Ethernet cable.

Step 2: Perform basic PC configuration

Use this table to configure addressing on the PCs.

Step 3: Configure Switch 1

a.  Configure Switch 1 with a hostname and console, Telnet, and privileged passwords.

b.  Configure Switch 1 with the VLAN 1 IP address of 172.16.1.2/24.

Switch1(config)#interface vlan1

Switch1(config-if)#ip address 172.16.1.2 255.255.255.0

Switch1(config-if)#no shutdown

Switch1(config-if)#exit

c.  Create VLAN 10, named Faculty, and VLAN 20, named Students.

Switch1(config)#vlan 10

Switch1(config-vlan)#name Faculty

Switch1(config-v exit  lan)#

Switch1(config)#vlan 20

Switch1(config-vlan)#name Students

Switch1(config-vlan)#exit

d.  Configure Switch 1 with the default gateway address of 172.16.1.1.

Switch1(config)#ip default-gateway 172.16.1.1

e.  Configure Switch 1 to place interfaces Fa0/5 and Fa0/6 in VLAN 10.

Switch1(config)#interface Fa0/5

Switch1(config-if)#switchport mode access

Switch1(config-if)#switchport access vlan 10

Switch1(config-if)#interface Fa0/6

Switch1(config-if)#switchport mode access

Switch1(config-if)#switchport access vlan 10

Switch1(config-if)#exit

f.  Configure Switch 1 to place interfaces Fa0/7 and Fa0/8 in VLAN 20.

Switch1(config)#interface Fa0/7

Switch1(config-if)#switchport mode access

Switch1(config-if)#switchport access vlan 20

Switch1(config-if)#interface Fa0/8

Switch1(config-if)#switchport mode access

Switch1(config-if)#switchport access vlan 20

Switch1(config-if)#end

Switch1#

g.  Save the configuration.

Switch1#copy running-config startup-config

h.  By default, there is only a single VLAN for all ports. You cannot rename or delete VLAN 1. Therefore, no further configuration is necessary to assign the rest of the ports to VLAN 1. To prove this, issue the command show vlan brief.

Are all other switch ports in VLAN 1?

Jawaban = ya semua ports berada pada VLAN 1

Which switch ports are in VLAN 10?

Jawaban = Fa0/5 – Fa0/6

Which switch ports are in VLAN 20?

Jawaban = Fa0/7 – Fa0/8

i.  Issue the command show vlan.  What difference is noticed between the two commands show vlan brief and show vlan?

Jawaban = perbedaan antara command show vlan brief dan show vlan ialah pada show vlan brief hanya sedikit sekali informasi yagn diberikan, jika pada show vlan tiap – tiap port pada switch dirincinya.

Step 4: Verify connectivity

a.  Ping from each PC to Switch1 address of 172.16.1.2.

Are PC1 pings successful? Ya , berhasil

Are PC2 pings successful? Ya, berhasil

Are PC3 pings successful?ya, berhasil

b.  Ping from PC1 to PC2 and PC3.

Can PC1 ping PC2? Tidak  berhasil

Can PC1 ping PC3? Tidak berhasil.

Step 5: Reflection

a. Why can PC1 ping Switch1 when PC2 and PC3 cannot?

Jawaban = karena PC1 memiliki alamat IP address 172.16.1.1 subnet bitnya langsung termasuk yang dipakai sebagai gateway. Sedangkan PC2 dan PC3 tidak.

b. The PCs cannot ping each other. Why?

Jawaban = karena masing masing PC berada pada kelas yang berbeda, yaitu PC1 =172.16.1.1

Pc2= 176.16.10.1 sedangkan PC3 = 172.16.30.


Lab 3.4.2 Configuring a Trunk Port to Connect Switches

 

Objectives

•  Observe default switch VLAN configuration and operation.

•  Configure static VLANs on a switch.

•  Verify VLAN configuration and operation.

•  Configure trunking between switches.

Background / Preparation

This lab focuses on the basic VLAN configuration of the Cisco 2960 switch (or similar) using Cisco IOS commands. The information in this lab applies to other switches; however, command syntax may vary. Depending upon the switch model, the interface designations may differ. For example, modular switches have multiple slots; therefore, the Fast Ethernet ports may be Fast Ethernet 0/1 or Fast Ethernet 1/1, depending on the slot and port.

The following resources are required:

•  Two Cisco 2960 switches or equivalent switches

•  Two Windows-based PCs with a terminal emulation program

•  At least one RJ-45-to-DB-9 connector console cable to configure the switch and the router

•  Three straight-through Ethernet cables to connect from the PCs to the switches

•  One crossover Ethernet cable to connect S1 to S2

NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section.

Step 1: Connect the equipment

a.  Connect Switch 1 Fa0/1 interface to Switch 2 Fa0/1 interface with a crossover cable.

b.  Connect Host 1a Ethernet interface with a straight-through cable to Switch 1 Fa0/2 interface.

c.  Connect Host 1b Ethernet interface with a straight-through cable to Switch 1 Fa0/3 interface.

d.  Connect Host 2 Ethernet interface with a straight-through cable to Switch 2 Fa0/2 interface.

e.  Connect a PC with a console cable to perform configurations on the router and switches.

f.  Configure IP addresses on the hosts as shown in the chart.

Step 2: Perform basic configuration of Switch 1 and Switch 2

a.  Connect a PC to the console port of the switches to perform configurations using a terminal emulation program.

b.  Configure Switch 1 with a hostname and console, Telnet, and privileged passwords according to the table diagram. Save the configuration.

c.  Configure Switch 2 with a hostname and console, Telnet, and privileged passwords according to the table diagram. Save the configuration.

Step 3: Configure host PCs

Configure the host PCs according to the information in the table and diagram.

Step 4: Verify default VLAN configuration and connectivity

a.  When directly connecting some switches, as in this lab, the switch ports automatically configure themselves for trunking. To prevent this, manually configure the switch ports for normal operation on

S1 and S2.

S1(config)#interface fa0/1

S1(config-if)#

S2(config)#

switchport mode access

interface fa0/1

S2(config-if)#switchport mode access

b.  Verify default VLAN configurations on both switches with the show vlan command.

S1#show vlan

S2#show vlan

Is every switch port assigned to a VLAN?

Jawaban = ya

Which VLAN do the ports appear in?  switch 1 Fa0/1

Should any host or switch be able to ping any other host or switch at this time?

c.  Verify this by pinging from Host 1a to all the other hosts and switches.  Are all the pings successful?

Jawaban = ya, berhasil karena masih didalam 1 kelas.

Step 5: Create and verify VLAN configuration

a.  Create and name VLANs 2 and 3 on both switches.

S1(config)#vlan 2

S1(config-vlan)#name fred

S1(config-vlan)#exit

S1(config)#vlan 3

S1(config-vlan)#name wilma

S1(config-vlan)#exit

S2(config)#vlan 2

S2(config-vlan)#name fred

S2(config-vlan)#

S2(config)#

exit

vlan 3

S2(config-vlan)#name wilma

S2(config-vlan)#exit

b.  Assign switch ports to VLANs. The ports connecting Hosts 1a and 2 will be assigned to VLAN 2 and the port connecting Host 1b will be assigned to VLAN 3. Save the configurations.

S1(config)#int fa0/2

S1(config-if)#switchport access vlan 2

S1(config-if)#exit

S1(config)#interface fa0/3

S1(config-if)#switchport access vlan 3

S1(config-if)#end

S1#copy running-config startup-config

S2(config)#int fa0/2

S2(config-if)#switchport access vlan 2

S2(config-if)#

S2#copy running-config startup-config

End

c.  Test connectivity between devices.

1)  Ping from S1 to S2.

Are the pings successful? berhasil

To what VLAN do the management interfaces of S1 and S2 belong? Host 1a

2)  Ping from Host 1a to Host 2.

Are the pings successful? Ya berhasil

To what VLAN do Hosts 1a and 2 belong?  Switch 1 (s1)

To what VLAN do the Fa0/1 interfaces of the switches belong? Sebagai interface S1 dan S2

If Hosts 1a and 2 belong to the same VLAN, why can’t they ping each other? Karena tidak adanya konfigurasi yang menentukan siapa yang akan menjadi gatewaynya.

3)  Ping from host 1a to S1.

Are the pings successful? tidak

Why can’t Host 1a ping S1? Karena Switch 1 berfungsi hanya sebagai penerus dari S2.

Step 6: Configure and verify trunking

To allow connectivity within multiple VLANs across multiple switches, trunking can be configured. Without trunking, each VLAN requires a separate physical connection between switches.

a.  Configure trunking on S1 and S2. Port Fa0/1 on S1 is already connected to port Fa0/1 on S2.

S1(config)#int Fa0/1

S1(config-if)#switchport mode trunk

S1(config-if)#end

S2(config)#int Fa0/1

S2(config-if)#switchport mode trunk

S2(config-if)#end

b.  Verify the creation of the trunk with the show interfaces trunk command.

S1#show interfaces trunk

S2#show interfaces trunk

Do the trunk interfaces appear in the output? Ya, muncul

What VLAN is set as the native VLAN? 1a

What VLANs are allowed to communicate over the trunk? 1b

c.  View the VLAN configuration on both switches with the show vlan command.

S1#show vlan

S2#show vlan

Do the S1 and S2 Fa0/1 interfaces appear in a VLAN? Why or why not?

Jawaban = ya muncul, karena telah diberikan perintah konfigurasi untuk memunculkan kedua swtich

d.  Retest the connectivity between devices.

1)  Ping from S1 to S2.

Are the pings successful? Ya berhasil

2)  Ping from Host 1a to Host 2.

Are the pings successful? Ya, berhasil

3)  Ping from Host 1b to Host 2.

Are the pings successful? Ya berhasil

4)  Ping from Host 1a to S1.

Are the pings successful? Ya berhasil

e.  The ping test should show that devices that belong to the same VLAN can now communicate with each other across switches, but devices in different VLANs cannot communicate with each other. What would have to be configured to allow devices in different VLANs to communicate with each other?

Jawaban = ayng harus dikonfigurasi ialah alamat pada NIC address

Step 7: Observe the default trunking behavior of switches

a.  Previously in this lab, the Fa0/1 interfaces on the switches were manually configured for trunking. Remove that configuration with the no switchport mode trunk command.

S1(config)#int Fa0/1

S1(config-if)#no switchport mode trunk

S1(config-if)#end

S2(config)#int Fa0/1

S2(config-if)#no switchport mode trunk

S2(config-if)#end

b.  View the trunking status of the switch ports.

S1#show interfaces trunk

S2#show interface trunk

Are Fa0/1 on S1 and S2 in trunking mode? ya

What trunking mode did they default to?

What trunking encapsulation did they default to?

Step 8: Reflection

a.  Why would trunking be configured in a network?

Jawaban= untuk menentukan switch mana yang berfungsi sebagai VLAN atau switch yang berfungsi hanya sebagai jalur transmisi dan bias memanfaat kan setiap switch yagn dimiliki untuk membentuk VLAN.

b.  Does trunking allow for communication between VLANS?

Ya, itu mendukung.

c.  With no configuration, from which VLAN are frames forwarded across the trunk without VLAN tagging added?  Jawaban= jika tampa dikonfigurasi maka, Pc yang hanay dlam satu jalur yang bis berkomunikasi.

 

 

Lab 3.2.3 Building a Switched Network with Redundant Links

Objectives

•  Create a switched network with redundant links.

•  Determine which switch is selected to be the root bridge with the factory default settings.

•  Configure the BID on a switch to control the selection of the root bridge.

Background / Preparation

This lab examines the effect that selection of a root bridge has on traffic patterns in a switched network with redundant links. You will configure the network with default factory settings and then reassign the root bridge by changing the bridge priority value. You will observe the spanning tree as the network adjusts to the changes.

The following resources are required:

•  Two Cisco 2960 switches or other comparable switches

•  Two Windows-based PCs, one with a terminal emulation program; one as the host, one as the server

•  At least one RJ-45-to-DB-9 connector console cable to configure the switches

•  Two straight-through Ethernet cables

•  Two crossover Ethernet cables

•  Access to the PC command prompt

•  Access to PC network TCP/IP configuration

NOTE: Make sure that the routers and the switches have been erased and have no startup configurations.

Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy

Connection in the Tools section.

NOTE: SDM Enabled Routers – If the startup-config is erased in an SDM enabled router, SDM will no longer

come up by default when the router is restarted. It will be necessary to build a basic router configuration using

IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you

wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools

section or contact your instructor if necessary.

Step 1: Cable the network

a.  Connect Host 1 to Switch 1 Fast Ethernet port Fa0/7, using a straight-through Ethernet cable.

b.  Connect Host 2 to Switch 2 Fast Ethernet port Fa0/8, using a straight-through Ethernet cable.

c.  Connect Switch 1 Fast Ethernet port Fa0/1 to Switch 2 Fast Ethernet port Fa0/1, using a crossover Ethernet cable.

d.  Create a redundant link between the switches by connecting Switch 1 Fast Ethernet port Fa0/4 to Switch 2 Fast Ethernet port Fa0/4, using a crossover Ethernet cable. What typically undesirable traffic pattern have you created by using the two crossover cables between the two switches? Memang ada jalur yang seharusnya tidak usah dibentuk

Predict: What do you think the switches will do to keep this from becoming a problem? tidak

Step 2: Configure the switches

a.  Establish a terminal emulation session to Switch 1 from Host 1.

b.  Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on  Switch 1.

c.  Save the configuration.

d.  Establish a terminal emulation session to Switch 2 from either Host 1 or Host 2.

e.  Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on  Switch 2.

f.  Save the configuration.

Step 3: Configure the hosts

a.  Configure each host to use an IP address in the same network as the switches.

b.  Configure each host to use the same subnet mask as the switches. Why is no default gateway specified for this network? Karena memiliki dua buah media transmisi kabel cross

Step 4: Verify connectivity

a. To verify that the network is set up successfully, ping from Host 1 to Host 2.

Was the ping successful? tidak If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated.

b. If the ping is not successful, what utility could you use to determine where the connection is failing?

Step 5: Examine interface VLAN 1 information

a.  From the terminal emulation session on either switch, enter the command show interface vlan1 ? at the privileged EXEC mode prompt.

SwitchA#show interface vlan1 ?

List some of the options that are available.

b.  On SwitchA, enter the command show interface vlan1 at the privileged EXEC mode prompt.

SwitchA#show interface vlan1

What is the MAC address of the switch?

What other term for MAC address is used?

c.  On SwitchB, enter the command show interface vlan1 at the privileged EXEC mode prompt.

What is the MAC address of the switch?

Which switch should be the root of the spanning tree for this network?

Step 6: Examine the spanning-tree tables on each switch

a.  On SwitchA, enter the command show spanning-tree at the privileged EXEC mode prompt.

b.  On SwitchB, enter the command show spanning-tree at the privileged EXEC mode prompt.

c.  Examine the outputs and answer the following questions:

Which switch is the root bridge?

What is the priority of the root bridge?

What is the bridge ID of the root bridge?

Which ports are forwarding on the root bridge?

Which ports are blocking on the root bridge? What is the priority of the non-root bridge?

What is the bridge ID of the non-root bridge?

Which ports are forwarding on the non-root bridge?

Which ports are blocking on the non-root bridge?

d.  Examine the link lights on both switches.

Can you tell which port is in blocking state?

Why is there no change in the link lights?

Step 7: Reassign the root bridge

What would you do if you wanted a different switch to be the root bridge for this network?

Why might you want to do this?

For the purposes of this lab, assume that the switch that is currently the root bridge is undesirable.

The example assumes that SwitchB is preferred as the root switch. To “force” SwitchB to become the new

root bridge, you need to configure a new priority for it.

a.  Go to the console and enter configuration mode on SwitchB.

b.  Determine the options that can be configured for the Spanning Tree Protocol by issuing this

command:

SwitchB(config)#spanning-tree ?

c.  List the options that are available:

d.  Set the priority of the switch to 4096.

SwitchB(config)#spanning-tree vlan 1 priority 4096

SwitchB(config)#exit

Step 8: Look at the spanning-tree table

a.  On SwitchA, enter show spanning-tree at the privileged EXEC mode prompt.

b.  On SwitchB, enter show spanning-tree at the privileged EXEC mode prompt.

c.  Examine the outputs and answer the following questions:

Which switch is the root bridge?

What is the priority of the root bridge?

What is the bridge ID of the root bridge?

Which ports are forwarding on the root bridge? Which ports are blocking on the root bridge?

What is the priority of the non-root bridge?

What is the bridge ID of the non-root bridge?

Which ports are forwarding on the non-root bridge?

Which ports are blocking on the non-root bridge?

Step 9: Verify the running configuration file on the root bridge

a.  On the switch that was changed to be the root bridge, enter the show running-config command

at the privileged EXEC mode prompt.

b.  Locate the spanning-tree priority information for this switch.

c.  How can you tell from the information given that this switch is the root bridge?

Step 10: Reflection

Suppose that you are adding new switches to a company’s network. Why should you plan the physical design carefully? Why should you be prepared to make adjustments to factory default settings?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: