Académique Documents
Professionnel Documents
Culture Documents
Introduction
A new switch just purchased from Cisco contains no default configuration in it. You need to configure the switch with setup mode using the setup mode or from scratch using the command line interface (CLI) before connecting it in your network environment. As a Cisco certified technician, it is very important to know the basic Cisco switch configuration commands to improve the performances and the security of your internetwork.
Lab instructions
This lab will test your ability to configure basic settings on a cisco switch. 1. Use the local laptop connect to the switch console. 2. Configure Switch hostname as LOCAL-SWITCH 3. Configure the message of the day as "Unauthorized access is forbidden" 4. Configure the password for privileged mode access as "cisco". The password must be md5 encrypted 5. Configure password encryption on the switch using the global configuration command 6. Configure CONSOLE access with the following settings : - Login enabled - Password : ciscoconsole - History size : 15 commands - Timeout : 6'45'' - Synchronous logging 6. Configure TELNET access with the following settings : - Login enabled - Password : ciscotelnet - History size : 15 commands - Timeout : 8'20'' - Synchronous logging 7. Configure the IP address of the switch as 192.168.1.2/24 and it's default gateway IP (192.168.1.1). 8. Test telnet connectivity from the Remote Laptop using the telnet client.
Network diagram
Solution
Configure Switch hostname as LOCAL-SWITCH hostname LOCAL-SWITCH
Configure the message of the day as "Unauthorized access is forbidden" banner motd # Unauthorized access is forbidden#
Configure the password for privileged mode access as "cisco". The password must be md5 encrypted enable secret cisco
Configure password encryption on the switch using the global configuration command service password-encryption
Configure CONSOLE access [...] line con 0 password ciscoconsole logging synchronous login history size 15 exec-timeout 6 45
Configure TELNET access [...] line vty 0 15 exec-timeout 8 20 password ciscotelnet logging synchronous login history size 15
Configure the IP address of the switch as 192.168.1.2/24 and it's default gateway IP (192.168.1.1). interface Vlan1 ip address 192.168.1.2 255.255.255.0 ip default-gateway 192.168.1.1
2. PC "192.168.1.4" seems to be unable to ping other PCs in the network. Check switch configuration. TIP : How many broadcast domains are there in this network ?
3. Choose the right cable to connect : - Switch0 gigabitethernet 1/1 to Switch1 gigabitethernet 1/1 - Switch1 gigabitethernet 1/2 to Switch2 gigabitethernet 1/2
4. Configure those two links as trunk lines without using trunk negotiation between switches
Network diagram
Solution
Connect to Switch0 using console interface and configure each Switch0 fastethernet switchport for operation. Switch(config)#interface FastEthernet0/1 switchport mode access duplex full speed 100 Switch(config)#interface FastEthernet0/2 switchport mode access duplex full speed 100
Switch(config)#interface FastEthernet0/3 switchport mode access duplex full speed 100 Switch(config)#interface FastEthernet0/4 switchport mode access duplex full speed 100
PC "192.168.1.4" seems to be unable to ping other PCs in the network. Check switch configuration. Switch(config)#interface FastEthernet0/4 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 1
Choose the right cable to connect : - Switch0 gigabitethernet 1/1 to Switch1 gigabitethernet 1/1 - Switch1 gigabitethernet 1/2 to Switch2 gigabitethernet 1/2
Configure those two links as trunk lines without using trunk negotiation between switches On every interface that has to be configured for trunk operation, configure the following settings Switch(config)#interface GigabitEthernet1/X Switch(config-if)#switchport mode trunk
Verify interface operational mode using the "show interface GigabitEthernet1/X switchport command" :
Name: Gig1/2 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Another usefull ios command is "show interfaces trunk" : Switch#sh interfaces trunk Port Mode Encapsulation Status Gig1/2 on 802.1q trunking Port Vlans allowed on trunk Gig1/2 1-1005 Port Vlans allowed and active in management domain Gig1/2 1 Port Vlans in spanning tree forwarding state and not pruned Gig1/2 1
Native vlan 1
Network diagram
Solution
Configure the VTP-SERVER switch as a VTP server VTP-SERVER(config)#vtp mode server Verify the VTP configuration using the "show vtp status command"
VTP-SERVER#show vtp status VTP Version :2 Configuration Revision :4 Maximum VLANs supported locally : 255 Number of existing VLANs :7 VTP Operating Mode : Server VTP Domain Name : TESTDOMAIN VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xAE 0x4F 0x3F 0xC5 0xD3 0x41 0x9C 0x11 Configuration last modified by 192.168.1.1 at 3-1-93 00:27:41 Local updater ID is 192.168.1.1 on interface Vl1 (lowest numbered VLAN interface found)
Connect to the 3 other switches and configure them as VTP clients. All links between swiches must be configured as trunk lines. VTP-CLIENT3(config)#vtp mode client Verify the VTP configuration using the "show vtp status command" VTP-CLIENT3#sh vtp status VTP Version :2 Configuration Revision :4 Maximum VLANs supported locally : 255 Number of existing VLANs :7 VTP Operating Mode : Client VTP Domain Name : TESTDOMAIN VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xAE 0x4F 0x3F 0xC5 0xD3 0x41 0x9C 0x11 Configuration last modified by 192.168.1.1 at 3-1-93 00:27:41
Configure VTP domain name as "TESTDOMAIN" and VTP password as "cisco" 1. Configure each link between switches as a trunk line interface GigabitEthernet1/1 switchport mode trunk interface GigabitEthernet1/2 switchport mode trunk
Configure VLAN 10 with name "STUDENTS" and VLAN 50 with name "SERVERS" On the VTP server switch, configure the following commands VTP-SERVER(config)#vlan 10 VTP-SERVER(config-vlan)#name STUDENTS VTP-SERVER(config)#vlan 50 VTP-SERVER(config-vlan)#name SERVERS
Check propagation on all switches of the VTP domain. Use the "show vlan brief" on each switch to check propagation of the 2 VLANS. VTP-SERVER#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, [...] 10 STUDENTS active 50 SERVERS active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
Lab instructions
This lab will test your ability to configure port security on CiscoTM 2960 switch interfaces. 1. Configure port security on interface Fa 0/1 of the switch with the following settings : - Port security enabled - Mode : restrict - Allowed mac addresses : 3 - Dynamic mac address learning.
2. Configure port security on interface Fa 0/2 of the switch with the following settings : - Port security enabled - Mode : shutdown - Allowed mac addresses : 3 - Dynamic mac address learning.
3. Configure port security on interface Fa 0/3 of the switch with the following settings :
- Port security enabled - Mode : protect - Static mac address entry : 00E0.A3CE.3236
4. From LAPTOP 1 : Try to ping 192.168.1.2 and 192.168.1.3. It should work. Try to ping 192.168.1.4 and 192.168.1.5. It should work.
5. Connect ROGUE laptop to the hub. Try to ping 192.168.1.1. It should work. Try to ping 192.168.1.4. It should fail.
Network diagram
Configuration of DHCP pools on Cisco routers or multlayer switches. Configuration of a standalone DHCP server appliance on the network and usage of the "ip helper-address" command on network devices for DHCP traffic forwarding outside each local broadcast domain. This tutorial will describe this method for implementing DHCP service in your network.
Tutorial description
This tutorial will show you how to configure dynamic IP address assignment on multiple VLAN with a unique DHCP server appliance on the network. Two VLANs are configured on Switch0 with Router0 as default gateway :
VLAN 10 - Nework : 192.168.10.0/24 - Gateway : 192.168.10.1 (FA 0/0.10) VLAN 20 - Network : 192.168.20.0/24 - Gateway : 192.168.20.1 (FA 0/0.20)
DHCP configuration
Declare IP address pools on the DHCP management tab of the server like on the picture below. One pool has to be declared for each VLAN. Don't forget to configure the right network settings and default gateway (Router0 FA 0/0.10 and FA 0.0.20 IP address) for each VLAN.
Router(config)# interface FastEthernet0/0.20 Router(config-subif)# encapsulation dot1Q 20 Router(config-subif)# ip address 192.168.20.1 255.255.255.0 Router(config-subif)# ip helper-address 172.16.24.2