Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Ccna 4 final lab switchi

Más Contenido Relacionado

Audiolibros relacionados

Gratis con una prueba de 30 días de Scribd

Ver todo

Ccna 4 final lab switchi

  1. 1. ESwitching Basic Switching/Wireless PT Practice SBA A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any exam windows during the exam. 2. Do not close Packet Tracer when you are done. It will close automatically. 3. Click the Submit Assessment button to submit your work. Introduction In this practice Packet Tracer Practice Skills Based Assement, you will:  configure VLANs using VTP  configure inter-VLAN routing  modify STP  configure port security  add a wireless LAN
  2. 2. Addressing Table Device Interface Address Subnet Mask Default Gateway Branch Fa0/0.40 10.10.40.1 255.255.255.0 n/a Fa0/0.50 10.10.50.1 255.255.255.0 n/a Fa0/0.55 10.10.55.1 255.255.255.0 n/a Fa0/0.80 10.10.80.1 255.255.255.0 n/a WLAN Internet 10.10.80.10 255.255.255.0 10.10.80.1 Wireless 10.10.100.1 255.255.255.0 n/a S1 VLAN 55 10.10.55.11 255.255.255.0 10.10.55.1 S2 VLAN 55 10.10.55.12 255.255.255.0 10.10.55.1 S3 VLAN 55 10.10.55.13 255.255.255.0 10.10.55.1 Staff 1 NIC 10.10.40.10 255.255.255.0 10.10.40.1 Staff 2 NIC 10.10.40.11 255.255.255.0 10.10.40.1 Admin NIC 10.10.50.10 255.255.255.0 10.10.50.1 WRS PC NIC DHCP assigned 255.255.255.0 10.10.100.1 Note: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class. Step 1: Configure the Switches for Remote Access. Create, enable, and address VLAN 55 as the management interface on all three switches. Use the values found in the addressing table. Step 2: Configure Trunking. Note: Packet Tracer now supports the use of the range argument for the interface command. For interfaces FastEthernet 0/1 through FastEthernet 0/4 on all three switches:  Configure static trunking.  Assign VLAN 55 as the native VLAN.
  3. 3. S3(config)#interface RAnge fastEthernet 0/1-4 S3(config-if-range)#sw S3(config-if-range)#switchport mod S3(config-if-range)#switchport mode tru S3(config-if-range)#switchport mode trunk %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up S3(config-if-range)#sw S3(config-if-range)#switchport tru S3(config-if-range)#switchport trunk S3(config-if-range)#switchport trunk native vl S3(config-if-range)#switchport trunk native vlan 55 S3(config-if-range)#no shu S3(config-if-range)#no shutdown S3(config-if-range)#exit S3(config)# Step 3: Configure VTP and VLANs. a. Configure S1 as VTP server and the following VTP parameters:  S1 is the VTP server.
  4. 4.  VTP domain name: BRANCH  VTP password: vtpbranch S1(config)#vtp mode ser S1(config)#vtp mode server Device mode already VTP SERVER. S1(config)#vt S1(config)#vtp dom S1(config)#vtp domain BRANCH Changing VTP domain name from NULL to BRANCH S1(config)#vtp S1(config)#vtp pass S1(config)#vtp password vtpbranch Setting device VLAN database password to vtpbranch b. Create and name the following VLANs on S1.  VLAN 40: Staff  VLAN 50: Admin  VLAN 55: Management  VLAN 80: Wireless S1(config)#vl S1(config)#vlan 40 S1(config-vlan)#na S1(config-vlan)#name Staff S1(config-vlan)#exit S1(config)#vl S1(config)#vlan 50 S1(config-vlan)#na S1(config-vlan)#name Admin S1(config-vlan)#vl S1(config-vlan)#exit S1(config)#vl S1(config)#vlan 55 %LINK-5-CHANGED: Interface Vlan55, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan55, changed state to up S1(config-vlan)#na S1(config-vlan)#name Management S1(config-vlan)#exit S1(config)#vl S1(config)#vlan 88 S1(config-vlan)#nam S1(config-vlan)#name Wireless S1(config-vlan)#exit S1(config)#exit S1#
  5. 5. c. Configure S2 and S3 as VTP clients to participate in the BRANCH VTP domain. S2(config)#vtp mod S2(config)#vtp mode cli S2(config)#vtp mode client Setting device to VTP CLIENT mode. S2(config)#vt S2(config)#vtp pass S2(config)#vtp dom S2(config)#vtp domain BRANCH Domain name already set to BRANCH. S2(config)#vtp S2(config)#vtp pass S2(config)#vtp password vtpbranch Setting device VLAN database password to vtpbranch S2(config)# %LINK-5-CHANGED: Interface Vlan55, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan55, changed state to up S2(config)#exot ^ % Invalid input detected at '^' marker. S2(config)# S2(config)#exit S2# S3(config)#vtp mod S3(config)#vtp mode cli S3(config)#vtp mode client Setting device to VTP CLIENT mode. S3(config)#vtp S3(config)#vtp bran S3(config)#vtp doma S3(config)#vtp domain BRANCH Domain name already set to BRANCH. S3(config)#vtp S3(config)#vtp pass S3(config)#vtp password vtpbranch Setting device VLAN database password to vtpbranch S3(config)# %LINK-5-CHANGED: Interface Vlan55, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan55, changed state to up
  6. 6. S3(config)#exit S3# %SYS-5-CONFIG_I: Configured from console by console S3# d. Verify that VTP is operational. S3#ping 10.10.55.13 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.55.13, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/2 ms S3#ping 10.10.55.12 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.55.12, timeout is 2 seconds: ..!!! Success rate is 60 percent (3/5), round-trip min/avg/max = 8/8/8 ms S3#ping 10.10.55.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.55.11, timeout is 2 seconds: ..!!! Success rate is 60 percent (3/5), round-trip min/avg/max = 4/4/4 ms S3# Step 4: Configure Interfaces for VLAN Access VLAN port assignments on each switch are as follows:
  7. 7. Device Ports Assignment S2, S3 Fa0/1 – 0/10 40 S2, S3 Fa0/11 – 0/17 50 S3 Fa0/18 80 a. Configure access ports on access layer switches.  Configure the appropriate interfaces on S2 and S3 for access mode.  Assign VLANs according to the port assignments table. b. Verify trunking and VLAN assignments. S3(config)#inter S3(config)#interface fa S3(config)#interface fastEthernet 0/6 S3(config-if)#sw S3(config-if)#switchport mod S3(config-if)#switchport mode acc S3(config-if)#switchport mode access S3(config-if)#swe S3(config-if)#sw S3(config-if)#switchport acc S3(config-if)#switchport access vl S3(config-if)#switchport access vlan 40 S3(config-if)#no shu S3(config-if)#no shutdown S3(config-if)#exit Step 5: Configure Spanning Tree. a. Modify STP root bridge elections.  Using a priority of 12288, set S1 as the root bridge for all VLANs.  Using a priority of 16384, set S2 so that it will become the root for all VLANs if S1 fails. b. Verify the spanning tree election. S1(config)#spanning-tree vlan 1-99 priority 12288 S1(config)#spanning-tree vlan 1-99 prio S1(config)#spanning-tree vlan 1-99 root pri S1(config)#spanning-tree vlan 1-99 root primary S1(config)# S1(config)# S2(config)#spanning-tree vlan 1-99 priority 16384 S2(config)#spanning-tree vlan 1-99 root secondary S2(config)#exit
  8. 8. Step 6: Configure Inter-VLAN Routing.  Use the information in the Addressing Table to configure Branch for inter-VLAN routing. Be sure to designate the native VLAN.  Verify inter-VLAN routing. S1(config)#interface fastEthernet 0/5 S1(config-if)#sw S1(config-if)#switchport mod S1(config-if)#switchport mode trunk S1(config-if)#no shu S1(config-if)#no shutdown S1(config-if)#exit BRANCH(config)#inter BRANCH(config)#interface fa BRANCH(config)#interface fastEthernet 0/0.40 BRANCH(config-subi f)#ip add BRANCH(config-subi f)#ip address 10.10.40.1 255.255.255.0 BRANCH(config-subi f)#encap BRANCH(config-subi f)#encapsulation do BRANCH(config-subi f)#encapsulation dot1Q 40 BRANCH(config-subi f)#no sh BRANCH(config-subi f)#no shutdown BRANCH(config-subi f)#exit BRANCH(config)#interface fastEthernet 0/0.50 BRANCH(config-subi f)#ip add BRANCH(config-subi f)#ip address 10.10.50.1 255.255.255.0 BRANCH(config-subi f)#encap BRANCH(config-subi f)#encapsulation do BRANCH(config-subi f)#encapsulation dot1Q 50 BRANCH(config-subi f)#no shu BRANCH(config-subi f)#no shutdown BRANCH(config-subi f)#exit BRANCH(config)#inter BRANCH(config)#interface fa BRANCH(config)#interface fastEthernet 0/0.55 BRANCH(config-subi f)#ip add BRANCH(config-subi f)#ip address 10.10.55.1 255.255.255.0 BRANCH(config-subi f)#encap BRANCH(config-subi f)#encapsulation do BRANCH(config-subi f)#encapsulation dot1Q 55 BRANCH(config-subi f)#no shu BRANCH(config-subi f)#no shutdown
  9. 9. BRANCH(config-subi f)#exit BRANCH(config)#inter BRANCH(config)#interface fa BRANCH(config)#interface fastEthernet 0/0.80 BRANCH(config-subi f)#ip add BRANCH(config-subi f)#ip address 10.10.80.1 255.255.255.0 BRANCH(config-subi f)#encap BRANCH(config-subi f)#encapsulation do BRANCH(config-subi f)#encapsulation dot1Q 80 BRANCH(config-subi f)#no0 shu BRANCH(config-subi f)#no0 shu Step 7: Configure Port Security. Note: Best practice requires port security on all access ports. However, for this practice exercise you will only configure one port with security. a. Configure S3 with port security on FastEthernet 0/2.  Enable port security.  No more than two MAC addresses are allowed on the FastEthernet 0/2 port for S3.  Once learned, MAC addresses should be automatically added to the running configuration.  If this policy is violated, the port should be automatically disabled. b. Verify that port security is implemented. S2(config-if)#switchport por S2(config-if)#switchport port-security ? mac-address Secure mac address maximum Max secure addresses violation Security violation mode <cr> S2(config-if)#switchport port-security ma S2(config-if)#switchport port-security mac-address sticky S2(config-if)#sw S2(config-if)#switchport por S2(config-if)#switchport port-security max S2(config-if)#switchport port-security maximum 1 S2(config-if)#sw S2(config-if)#switchport por S2(config-if)#switchport port-security vio S2(config-if)#switchport port-security violation ? protect Security violation protect mode restrict Security violation restrict mode shutdown Security violation shutdown mode S2(config-if)#switchport port-security violation sh S2(config-if)#switchport port-security violation shutdown S2(config-if)#no shu S2(config-if)#no shutdown
  10. 10. S2(config-if)#exit S2(config)# S2#show port-security interface fastEthernet 0/5 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0000.0000.0000:0 Security Violation Count : 0 S2# Step 8: Configure the Wireless LAN. Refer to the Addressing Table to configure the wireless LAN. a. Configure WLAN.  Use static addressing on the Internet interface.  Set the router IP and subnet mask.  Use the DHCP Server Settings to configure the router to provide wireless hosts with an IP address.  The starting IP address in the wireless LAN subnet is 10.10.100.15.  The maximum number of users is 75. b. Configure wireless security.  Set the SSID to Branch_WLAN.  Enable WEP security and use 0123456789 as key1. c. Use branch123 as the remote management password. d. Configure WRS PC to access the wireless network that is provided by WLAN. WRS PC uses DHCP to obtain addressing information. Note: It will not be possible for devices to ping WRS PC since WRS PC is behind the WLAN NAT firewall. Step 9: Verify Connectivity. Although these are not scored, the following connectivity tests should be successful.  S1 can ping Branch. S1# S1#ping 10.10.55.1 Type escape sequence to abort.
  11. 11. Sending 5, 100-byte ICMP Echos to 10.10.55.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 3/4/5 ms S1#ping 10.10.50.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.50.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms S1#ping 10.10.40.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.40.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms S1#ping 10.10.80.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.80.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms  S2 can ping Branch. S2>ping 10.10.55.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.55.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 7/7/8 ms S2>ping 10.10.40.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.40.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/9 ms S2>ping 10.10.80.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.80.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/9 ms
  12. 12. S2>ping 10.10.50.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.50.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/9 ms  S3 can ping Branch. S3#ping 10.10.55.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.55.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 7/7/9 ms S3#ping 10.10.50.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.50.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/9 ms S3#ping 10.10.40.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.40.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/9 ms S3#ping 10.10.80.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.80.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/9 ms S3#  Staff 1 can ping Admin. PC>ipconfig IP Address......................: 10.10.40.10 Subnet Mask.....................: 255.255.255.0 Default Gateway.................: 10.10.40.1 PC>ping 10.10.50.10 Pinging 10.10.50.10 with 32 bytes of data:
  13. 13. Reply from 10.10.50.10: bytes=32 time=28ms TTL=127 Reply from 10.10.50.10: bytes=32 time=22ms TTL=127 Reply from 10.10.50.10: bytes=32 time=26ms TTL=127 Reply from 10.10.50.10: bytes=32 time=23ms TTL=127 Ping statistics for 10.10.50.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 22ms, Maximum = 28ms, Average = 24ms PC>10  Admin can ping Staff 2. PC>ipconfig IP Address......................: 10.10.50.10 Subnet Mask.....................: 255.255.255.0 Default Gateway.................: 10.10.50.1 PC>ping 10.10.40.11 Pinging 10.10.40.11 with 32 bytes of data: Request timed out. Reply from 10.10.40.11: bytes=32 time=23ms TTL=127 Reply from 10.10.40.11: bytes=32 time=23ms TTL=127 Reply from 10.10.40.11: bytes=32 time=22ms TTL=127 Ping statistics for 10.10.40.11: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 22ms, Maximum = 23ms, Average = 22ms PC>  WRS PC can ping Staff 1. ROUTER AND SWITCH CONFIGURATION: BRANCH#show startup-config Using 808 bytes !
  14. 14. version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname BRANCH ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.40 encapsulation dot1Q 40 ip address 10.10.40.1 255.255.255.0 ! interface FastEthernet0/0.50 encapsulation dot1Q 50 ip address 10.10.50.1 255.255.255.0 ! interface FastEthernet0/0.55 encapsulation dot1Q 55 ip address 10.10.55.1 255.255.255.0 ! interface FastEthernet0/0.80 encapsulation dot1Q 80 ip address 10.10.80.1 255.255.255.0 ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Vlan1 no ip address shutdown ! ip classless ! ! ! ! ! ! ! line con 0 line vty 0 4 login ! ! ! end
  15. 15. S1#show running-config Building configuration... Current configuration : 1403 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname S1 ! ! spanning-tree vlan 1-99 priority 12288 ! interface FastEthernet0/1 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/2 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/3 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/4 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/5 switchport mode trunk ! interface FastEthernet0/6 switchport mode trunk ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 !
  16. 16. interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 no ip address shutdown ! interface Vlan55 ip address 10.10.55.11 255.255.255.0 ! ip default-gateway 10.10.55.1 ! ! line con 0 ! line vty 0 4 login line vty 5 15 login ! ! end S2#show running-config Building configuration... Current configuration : 1591 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname S2 ! ! spanning-tree vlan 1-99 priority 16384 ! interface FastEthernet0/1
  17. 17. switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/2 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/3 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/4 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/5 switchport access vlan 50 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 000D.BD88.A1E5 ! interface FastEthernet0/6 switchport access vlan 40 switchport mode access ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 !
  18. 18. interface FastEthernet0/24 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 no ip address shutdown ! interface Vlan55 ip address 10.10.55.12 255.255.255.0 ! ip default-gateway 10.10.55.1 ! ! line con 0 ! line vty 0 4 login line vty 5 15 login ! ! end S2# S3#show ru S3#show running-config Building configuration... Current configuration : 1369 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname S3 ! ! ! interface FastEthernet0/1 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/2 switchport trunk native vlan 55 switchport mode trunk
  19. 19. ! interface FastEthernet0/3 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/4 switchport trunk native vlan 55 switchport mode trunk ! interface FastEthernet0/5 ! interface FastEthernet0/6 switchport access vlan 40 switchport mode access ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! interface Vlan1 no ip address shutdown ! interface Vlan55
  20. 20. ip address 10.10.55.13 255.255.255.0 ! ip default-gateway 10.10.55.1 ! ! line con 0 ! line vty 0 4 login line vty 5 15 login ! ! end

×