lab1

1

Lab #1

Lab Instruction

Step 1. On SW1, create 3 VLANs. VLAN 10 with the name Sales, VLAN 20 with the name Development, VLAN 30 with the name Marketing.

To complete this objective using GNS3 you will need to navigate to VLAN Database

configuration mode by using the vlan database command in privileged mode. Once in VLAN

Database configuration mode you can create the VLANs by using the vlan number name vlan_name command.

SW1 con0 is now available

Press RETURN to get started.

SW1>enable

SW1#config terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#vlan 10

SW1(config-vlan)#name Sales

SW1(config-vlan)#vlan 20

SW1(config-vlan)#name Development

SW1(config-vlan)#vlan 30

SW1(config-vlan)#name Marketing

SW1(config-vlan)#end

SW1#

Step 2. Assign Port Fa0/1 to VLAN 10, assign interface Fa0/2 to VLAN 20 and assign interface Fa0/3 to VLAN 30. Afterward, verify your configuration.

To configure switchport interfaces in a specific vlan you will use the switchport access vlan #

command in interface configuration mode. To verify your vlan configuration youll use the show vlan-switch when configuring the NM16-ESW or show vlan on a Cisco Catalyst Series switch in

user or privileged mode as shown below on a Catalyst Series switch.

SW1#configure terminal

SW1(config)#interface Fa0/1

SW1(config-if)#switchport access vlan 10

SW1(config-if)#interface Fa0/2


SW1(config-if)#interface Fa0/3


SW1(config-if)#end

2

SW#show vlan

VLAN Name Status Ports

---- ---------------------------- --------- -------------------------------

1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7

Fa0/8, Fa0/9, Fa0/10, Fa0/11

Fa0/12, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24, Gi0/1, Gi0/2

10 Sales active Fa0/1

20 Development active Fa0/2

30 Marketing active Fa0/3

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

SW1#

Lab #2

Lab Objectives

Create the VLAN number 10 and name it Management. Create the VLAN 10 interface and assign it an IP address of 10.1.1.10/24 Assign the FastEthernet0/1 interface on SW1 to VLAN 10. Verify the management VLAN configuration by using R1 to telnet the IP address of VLAN 10 on

SW1.

Read Me

The Lab instruction is demonstrated using a Cisco Catalyst switch, not the NM-16ESW as used

in GNS3.

Lab Instruction

You should be familiar with the commands required to complete the objectives of this lab from

previous labs in the Free CCNA Workbook.

Step 1. Create the VLAN number 10 and name it Management.



3

SW1>enable

SW1>configure terminal


SW1(config)#vlan 10

SW1(config-vlan)#name Management


SW1#

Step 2. Create the VLAN 10 interface and assign it an IP address of 10.1.1.10/24.

To complete this objective you first need to create the VLAN interface by going into global

configuration and then VLAN interface configuration mode by using the command interface vlan

# Keep in mind that the VLAN interface number is proportional to the vlan number created. So

Interface Vlan10 is used for VLAN 10 whereas interface Vlan20 would be used for VLAN 20.



SW1(config)#interface vlan10

SW1(config-if)#ip address 10.1.1.10 255.255.255.0

SW1(config-if)#no shut

SW1(config-if)#

Step 3. Assign the FastEthernet0/1 interface on SW1 to VLAN 10.

SW1(config-if)#interface FastEthernet0/1



SW1(config-if)#end

SW1#

By this point you should now be able to ping R1s FastEthernet0/0 interface as shown below;

R1#ping 10.1.1.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/39/100 ms

R1#

Step 4. Verify the management VLAN configuration by using R1 to telnet the IP address of VLAN 10 on SW1.

R1#telnet 10.1.1.10

Trying 10.1.1.10 ... Open

User Access Verification

Password:

SW1>

4

Lab #3

Lab Objectives

Shutdown interfaces FastEthernet0/11 and FastEthernet0/12 on both SW1 and SW2 and configure an IEEE 802.1q trunk on interface FastEthernet0/10 of both SW1 and SW2.

Verify your trunk link configuration by using the show interface interfacename#/# trunk command.

Verify that R1 has IP reachability to R2 by using ping command on R1. Change SW1s FastEthernet0/2 interface to be placed into VLAN 5 and verify your verify IP

reachability between R1 and R2 again.

Lab Instruction

Step 1. Shutdown interfaces FastEthernet0/11 and FastEthernet0/12 on both SW1 and SW2 and configure an IEEE 802.1q trunk on interface FastEthernet0/10 of both SW1 and SW2.

To configure an interface as a static trunk youll first need to configure the encapsulation type first as an interface whose trunk encapsulation is Auto can not be configured to trunk mode.



SW1>enable



SW1(config-if)#interface range Fa0/11 - 12

SW1(config-if-range)#shutdown

SW1(config-if-range)#interface fa0/10

SW1(config-if)#switchport trunk encapsulation dot1q

SW1(config-if)#switchport mode trunk


SW1(config-if)#end

SW1#

And now the same configuration on SW2;



SW2>enable

5



SW2(config-if)#interface range Fa0/11 - 02

SW2(config-if-range)#shutdown

SW2(config-if-range)#interface fa0/10

SW2(config-if)#switchport trunk encapsulation dot1q

SW2(config-if)#switchport mode trunk


SW2(config-if)#end

SW2#

Step 2 . Verify your trunk link configuration by using the show interface FastEthernet0/10 trunk command as shown below on both SW1 and SW2;

SW1#show interface FastEthernet0/10 trunk

Port Mode Encapsulation Status Native vlan

Fa0/10 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/10 1-4094

Port Vlans allowed and active in management domain

Fa0/10 1,10

Port Vlans in spanning tree forwarding state and not pruned

Fa0/10 1

SW1#

SW2#show interface FastEthernet0/10 trunk




Fa0/10 1-4094


Fa0/10 1,10


Fa0/10 1

SW2#

Step 3. Verify that R1 has IP reachability to R2 by using ping command on R1.

Now that you have a trunk link between SW1 and SW2, traffic generated on SW1 in VLAN 10

should be able to propagate to VLAN 10 on SW2. To test this, ping R2s FastEthernet 0/1 interface (IP Address 10.1.1.2) From R1 as shown below;

R1#ping 10.1.1.2



.!!!!

6


R1#

When you ping R2s FastEthernet0/1 interface IP address from R1, the router knows that the destination IP address is on the same local subnet therefore it ARPs for the MAC address of host 10.1.1.2, This ARP request is received on SW1 and forwarded to SW2 and onto R2 which

responds Hey Im 10.1.1.2, my MAC address is ABCD.EF12.3456. Now that R1 knows the MAC address for 10.1.1.2 it then fowards the ICMP packet towards SW1 with the correct

destination MAC address. Initially SW1 will not know the location of that MAC address because

the machine is not local to that switch so therefore it will forward the frame out interfaces within

that VLAN except the interface that the frame was received on. When the frame is received by

SW2 it then is switched out the correct port as the MAC exists already in its MAC address table.

When R2 responds to the ICMP packet it will then go the opposite way towards SW1. After

SW1 receives a response from R2 destined to R1 seeing a NEW source MAC address that SW1

has not learned it will then install the MAC address into the CAM Table (Mac Address Table)

for future use.

Step 4. Change SW1s FastEthernet0/2 interface to be placed into VLAN 5 and verify your verify IP reachability between R1 and R2 again.

You can also test this further by placing SW2s interface that is connected to R2 in a different vlan and attempt to ping R2 from R1 and no doubly it will fail as shown below;



SW2(config)#interface FastEthernet0/2


% Access VLAN does not exist. Creating vlan 5

SW2(config-if)#end

SW2#

R1#ping 10.1.1.2



.....

Success rate is 0 percent (0/5)

R1#

As demonstrated in this lab you can use trunk links to pass traffic in multiple VLANs between multiple switches using a single link.

Due to the NM-16ESW and Cisco 2950 not supporting the ISL trunk encapsulation, a

configuration example is given below. Note that the only configuration difference between

Dot1q and ISL is the switchport trunk encapsulation isl | dot1q command option.

c3560-Switch1>enable

c3560-Switch1#configure terminal

c3560-Switch1(config)#interface fa0/10

c3560-Switch1(config-if)#switchport trunk encap isl

c3560-Switch1(config-if)#switchport mode trunk

7

c3560-Switch1(config-if)#end

c3560-Switch1#sh int fa0/10 trunk


Fa0/10 on isl trunking 1


Fa0/10 none


Fa0/10 none


Fa0/10 none

c3560-Switch1#

Lab #4

Lab Objectives

Configure SW1 as the VTP Server and configure SW2 and SW3 as VTP Clients. Set the VTP Domain name to CISCO on all three switches.

Configure VLAN 10 with the name Development on the VTP Server and verify that it propagates to SW2 and SW3 properly.

Set the VTP Version to v2 and secure the VTP Domain by using the password Cisco$123. Verify your configuration.

Lab Instruction

Step 1. Configure SW1 as the VTP Server and configure SW2 and SW3 as VTP Clients. Set the VTP Domain name to CISCO on all three switches.

Configuring the VTP Mode and VTP Domain are done by the use of the vtp mode modetype and

the vtp domain domainname as shown below; Keep in mind when setting the VTP Domain, this

must be set prior to the VTP mode if you are setting the VTP domain on a client switch. If you

need to change the VTP domain you must set it to transparent then change the name and/or

password then set the switch back to VTP mode client.



SW1>enable

8



SW1(config)#vtp mode server

Device mode already VTP SERVER.

SW1(config)#vtp domain CISCO

Changing VTP domain name from NULL to CISCO

SW1(config)#



SW2>enable




Domain name already set to CISCO.

SW2(config)#vtp mode client

Setting device to VTP CLIENT mode.

SW2(config)#



SW3>enable




Domain name already set to CISCO.

SW3(config)#vtp mode client

Setting device to VTP CLIENT mode.

SW3(config)#

Step 2. Configure VLAN 10 with the name Development on the VTP Server and verify that it propagates to SW2 and SW3 properly.

To complete this objective you need to create the VLAN on the VTP Server, which in this case is

SW1. Create the VLAN as you would any other VLAN on a Cisco Catalyst Series switch as

shown below;

SW1(config)#vlan 10

SW1(config-vlan)#name Development


SW1#

Now verify that the VLAN is being propagated properly by using the show vlan on SW2 and

SW3 as shown below;

9

SW2(config)#end

SW2#show vlan

%SYS-5-CONFIG_I: Configured from console by console

SW2#show vlan


---- -------------------------------- --------- -----------------------------

--


Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18,

Fa0/19

Fa0/20, Fa0/21, Fa0/22,

Fa0/23

Fa0/24, Gi0/1, Gi0/2

10 Development active





VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1

Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ -----

-

1 enet 100001 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - srb 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs

-----------------------------------------------------------------------------

-

Primary Secondary Type Ports

------- --------- ----------------- -----------------------------------------

-

SW2#

SW3(config)#end

SW3#show vlan


---- -------------------------------- --------- -----------------------------

--


Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18,

Fa0/19

Fa0/20, Fa0/21, Fa0/22,

Fa0/23

Fa0/24, Gi0/1, Gi0/2

10

10 Development active





VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1

Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ -----

-

1 enet 100001 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - srb 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs

-----------------------------------------------------------------------------

-

Primary Secondary Type Ports

------- --------- ----------------- -----------------------------------------

-

SW3#

Step 3. Set the VTP Version to v2 and secure the VTP Domain by using the password Cisco$123. Verify your configuration.

To set the VTP version to v2, you execute the vtp version 2 command on the VTP Server switch,

this setting is propagated to all switches in the VTP domain.

To set the VTP password, use the vtp password passwordgoeshere command in global

configuration mode as shown below;



SW1(config)#vtp version 2

SW1(config)#vtp password Cisco$123

Setting device VLAN database password to Cisco$123

SW1(config)#end

SW1#





SW2(config)#end

SW2#





11

SW3(config)#end

SW3#

To verify the VTP version mode use the show vtp status command in user or privileged mode as

shown below;

SW2#show vtp status

VTP Version : running VTP2

Configuration Revision : 3

Maximum VLANs supported locally : 1005

Number of existing VLANs : 6

VTP Operating Mode : Client

VTP Domain Name : CISCO

VTP Pruning Mode : Disabled

VTP V2 Mode : Enabled

VTP Traps Generation : Disabled

MD5 digest : 0x96 0xF1 0x2F 0xDD 0x5F 0x1F 0x37 0x53

Configuration last modified by 192.168.255.1 at 3-2-93 15:11:27

SW2#

To verify the VTP Password you must use the show vtp password command in privileged mode

only as shown below;

SW2#show vtp password

VTP Password: Cisco$123

SW2#

Lab #5

Lab Objectives

Configure SW2 as a VTP Transparent switch and use VTP Version 2, verify your configuration. Configure VTP Pruning on the VTP server verify and that the configuration was propagated to

the VTP Client. Verify that VTP Pruning is functioning properly by viewing the pruning list on SW1.

Lab Instruction

Step 1. Configure SW2 as a VTP Transparent switch and use VTP Version 2, verify your configuration.

To configure SW2 as a VTP transparent switch youll use the vtp mode transparent command in global configuration; to verify your configuration change youll use the show vtp status command in user or privileged mode as shown below;


12


SW2>enable



SW2(config)#vtp mode transparent

SW2(config)#vtp version 2

Setting device to VTP TRANSPARENT mode.

SW2(config)#end

SW2#show vtp status

SW2#show vtp status

VTP Version : running VTP2




VTP Operating Mode : Transparent

VTP Domain Name :

VTP Pruning Mode : Disabled



MD5 digest : 0x06 0x97 0x82 0xDA 0x39 0x52 0x1E 0xF2


SW2#

Step 2. Configure VTP Pruning on the VTP server verify and that the configuration was propagated to the VTP Client.

To configure VTP pruning youll use the vtp pruning command in global configuration on the VTP Server only. this setting gets propagated to all VTP clients in the same VTP domain as

shown below;



SW1>enable



SW1(config)#vtp pruning

Pruning switched on

SW1(config)#end

SW1#show vtp status

VTP Version : 2




VTP Operating Mode : Server

13


VTP Pruning Mode : Enabled



MD5 digest : 0x2E 0x9F 0x5E 0x57 0xE3 0x87 0x46 0xFA


Local updater ID is 10.1.5.1 on interface Vl5 (lowest numbered VLAN

interface found)

SW1#

Show below is the verification that VTP Pruning is being properly propagated to SW3 from the

VTP Server (SW1);

SW3#show vtp status

VTP Version : 2




VTP Operating Mode : Client


VTP Pruning Mode : Enabled



MD5 digest : 0x77 0xF2 0x86 0xA4 0x3C 0x21 0x09 0xC0


SW3#

Step 3. Verify that VTP Pruning is functioning properly by viewing the pruning list on SW1.

To view this information you can use the show interface trunk command in user or privileged

mode as shown below;

SW3#show interface trunk




Fa0/13 1-4094


Fa0/13 1,10,20,30


Fa0/13 1,10

SW3#

As shown above from the SW3 show interface trunk output you can see that on port Fa1/13 the

VLANs that are forwarding and not pruned on that trunk link are VLANs 1 and 10.

When having a transparent switch in a VTP Transit path you obviously must have IP

connectivity. Keep in mind for traffic to pass through the transparent switch, the transparent

switch must have the VLAN configure for the traffic. For example, Traffic from SW1 VLAN 10

14

going to SW2 VLAN 20, SW3 must have VLAN10 configured on it or the traffic would get

dropped.

You can verify this by pinging SW3s VLAN 10 interface from SW1 as shown below;

SW1#ping 10.10.13.3



.!!!!


SW1#

The ping is successful because VLAN 10 is already configured on SW2 as per the lab

prerequisites. However if you remove VLAN 10 from SW2 and try to ping SW3s VLAN10 interface from SW1 again it will fail as shown below;


SW2(config)#no vlan 10

SW2(config)#end

SW2#

SW1#ping 10.10.13.3



.....

Success rate is 0 percent (0/5)

SW1#

Lab #6

Lab Objectives

Using only R1, determine which IOS feature set and version is running on SW1. Using only SW1, determine the IP address of R1 learned via CDP. Using only R1, determine the port R1 is connected to on SW1. Using only R1, determine what the Native VLAN and VTP Domain is on the switchport that R1 is

directly connected to. Clear the CDP table on R1 and verify that it has been cleared; afterwards verify that R1 relearns

about SW1. Change the default timers on both R1 and SW1 from 60/180 to 15/45 and verify your

configuration changes.

15

Lab Instruction

Step 1. Using only R1, determine which IOS feature set and version is running on SW1. To determine this information you will execute the show cdp neighbor detail command in user or

privileged mode on R1 as shown below.

R1>show cdp neighbors detail

-------------------------

Device ID: Router

Entry address(es):

Platform: Cisco 3640, Capabilities: Router Switch IGMP

Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1

Holdtime : 134 sec

Version :

Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a),

RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Tue 06-Mar-07 20:25 by prod_rel_team

advertisement version: 2

VTP Management Domain: ''

Duplex: full

R1>

As shown above by the underlined statements; SW1 is running ENTERPRISE/FW/IDS PLUS

IPSEC 3DES Version 12.4(13a).

Step 2. Using only SW1, determine the IP address of R1 learned via CDP. To obtain this information you will use the show cdp neighbors detail command on SW1 in either user or

privileged mode as shown below;

SW1#show cdp neighbors detail

-------------------------

Device ID: R1

Entry address(es):

IP address: 192.168.255.1



Holdtime : 168 sec

Version :

Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version

12.4(15)T14, RELEASE SOFTWARE (fc2)



Compiled Tue 17-Aug-10 12:08 by prod_rel_team



Duplex: full

16

SW1#

As shown above by the underlined statements; R1 has the IP address 192.168.255.1 assigned to

the interface which the CDP frame was sent out.

Step 3. Using only R1, determine the port R1 is connected to on SW1. To obtain this information you can use either the show cdp neighbors or show cdp neighbors detail command.

R1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

SW1 Fas 0/0 125 R S I 3640 Fas 0/1

R1#

As shown above by the underlined statements; R1 FastEthernet0/0 interface is connected to

SW1s FastEthernet0/1 port.

Step 4. Using only R1, determine what the Native VLAN and VTP Domain is on the switchport that R1 is directly connected to. This information is obtained by using the show cdp

neighbors detail command as shown below;

R1>show cdp neighbors detail

-------------------------

Device ID: SW1

Entry address(es):

IP address: 192.168.255.254



Holdtime : 157 sec

Version :

Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a),

RELEASE SOFTWARE (fc1)



Compiled Tue 06-Mar-07 20:25 by prod_rel_team



Duplex: full

R1>

As shown above by the underlined statements; the VTP Domain is blank. This is called NULL which simply means that no VTP domain has been configured on the switch that advertised that

CDP Frame. The native VLAN number on the switchs port that R1 is directly connected to is VLAN 1.

17

Step 5. Clear the CDP table on R1 and verify that it has been cleared; afterwards verify that R1 relearns about SW1. To clear the CDP table, use the clear cdp table command in privileged mode

as shown below followed by the verification;





SW1 Fas 0/0 173 R S I 2650XM Fas 1/0

R1#clear cdp table





R1#

Step 6. Change the default timers on both R1 and SW1 from 60/180 to 15/45 and verify your configuration changes. To make these changes you will use the cdp timer and cdp holdtime

commands in global configuration. To verify the changes made use the show cdp command in

user or privileged mode as shown below;

R1>enable

R1#configure terminal


R1(config)#cdp timer 15

R1(config)#cdp holdtime 45

R1(config)#end

%SYS-5-CONFIG_I: Configured from console by console

R1#show cdp

Global CDP information:

Sending CDP packets every 15 seconds

Sending a holdtime value of 45 seconds

Sending CDPv2 advertisements is enabled

R1#

lab1

Documents