Lab Cisco Packet Tracer

Lab 1 - Basic switch setupIntroduction

A new switch just purchased from Cisco contains no default configuration in it. You need to configure the switch with setup mode using the setup mode or from scratch using the command line interface (CLI) before connecting it in your network environment. As a Cisco certified technician, it is very important to know the basic Cisco switch configuration commands to improve the performances and the security of your internetwork.

Lab instructions

This lab will test your ability to configure basic settings on a cisco switch.

1. Use the local laptop connect to the switch console.

2. Configure Switch hostname as LOCAL-SWITCH

3. Configure the message of the day as "Unauthorized access is forbidden"

4. Configure the password for privileged mode access as "cisco". The password must be md5 encrypted

5. Configure password encryption on the switch using the global configuration command

6. Configure CONSOLE access with the following settings :- Login enabled- Password : ciscoconsole- History size : 15 commands- Timeout : 6'45''- Synchronous logging

6. Configure TELNET access with the following settings :- Login enabled- Password : ciscotelnet- History size : 15 commands- Timeout : 8'20''- Synchronous logging

7. Configure the IP address of the switch as 192.168.1.2/24 and it's default gateway IP (192.168.1.1).

8. Test telnet connectivity from the Remote Laptop using the telnet client.

Network diagram

Solution

Configure Switch hostname as LOCAL-SWITCH

hostname LOCAL-SWITCH

Configure the message of the day as "Unauthorized access is forbidden"banner motd #Unauthorized access is forbidden#

Configure the password for privileged mode access as "cisco". The password must be md5 encrypted

enable secret cisco

Configure password encryption on the switch using the global configuration command

service password-encryption

Configure CONSOLE access [...]

line con 0

password ciscoconsolelogging synchronousloginhistory size 15

exec-timeout 6 45

Configure TELNET access [...]

line vty 0 15

exec-timeout 8 20password ciscotelnetlogging synchronousloginhistory size 15

Configure the IP address of the switch as 192.168.1.2/24 and it's default gateway IP (192.168.1.1).

interface Vlan1

ip address 192.168.1.2 255.255.255.0

ip default-gateway 192.168.1.1

Lab 2 - Switch interfaces configurationLab instructions

This lab will test your ability to configure speed, duplex, and vlan settings on a cisco switch interfaces.

1. Connect to Switch0 using console interface and configure each Switch0 fastethernet switchport for operation. Correct settings are :- Port type : access port- Speed : 100 Mbit/s- Duplex mode : Full Duplex- Autonegotiation disabled

2. PC "192.168.1.4" seems to be unable to ping other PCs in the network. Check switch configuration.TIP : How many broadcast domains are there in this network ?

3. Choose the right cable to connect :- Switch0 gigabitethernet 1/1 to Switch1 gigabitethernet 1/1- Switch1 gigabitethernet 1/2 to Switch2 gigabitethernet 1/2

4. Configure those two links as trunk lines without using trunk negotiation between switches

Network diagram

Solution

Connect to Switch0 using console interface and configure each Switch0 fastethernet switchport for operation.

Switch(config)#interface FastEthernet0/1

switchport mode accessduplex fullspeed 100


switchport mode accessduplex full

speed 100





PC "192.168.1.4" seems to be unable to ping other PCs in the network. Check switch configuration.Switch(config)#interface FastEthernet0/4

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 1

Choose the right cable to connect :- Switch0 gigabitethernet 1/1 to Switch1 gigabitethernet 1/1- Switch1 gigabitethernet 1/2 to Switch2 gigabitethernet 1/2

Configure those two links as trunk lines without using trunk negotiation between switches

On every interface that has to be configured for trunk operation, configure the following settings

Switch(config)#interface GigabitEthernet1/X

Switch(config-if)#switchport mode trunk

Verify interface operational mode using the "show interface GigabitEthernet1/X switchport

command" :

Name: Gig1/2

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Voice VLAN: none

Another usefull ios command is "show interfaces trunk" :

Switch#sh interfaces trunk Port Mode Encapsulation Status Native vlanGig1/2 on 802.1q trunking 1

Port Vlans allowed on trunkGig1/2 1-1005

Port Vlans allowed and active in management domainGig1/2 1

Port Vlans in spanning tree forwarding state and not prunedGig1/2 1

Lab 3 - VLAN and VTP configurationLab instructions

The aim of this lab is to check your ability to configure VTP and VLAN on a small network of four switches. This lab will help you to prepare your ICND1 exam.

1.Configure the VTP-SERVER switch as a VTP server

2.Connect to the 3 other switches and configure them as VTP clients.All links between swiches must be configured as trunk lines.

3.Configure VTP domain name as "TESTDOMAIN" and VTP password as "cisco"

4.Configure VLAN 10 with name "STUDENTS" and VLAN 50 with name "SERVERS"

5. Check propagation on all switches of the VTP domain.

Network diagram

Solution

Configure the VTP-SERVER switch as a VTP server

VTP-SERVER(config)#vtp mode server

Verify the VTP configuration using the "show vtp status command"

VTP-SERVER#show vtp status VTP Version : 2Configuration Revision : 4Maximum VLANs supported locally : 255Number of existing VLANs : 7VTP Operating Mode : ServerVTP Domain Name : TESTDOMAINVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0xAE 0x4F 0x3F 0xC5 0xD3 0x41 0x9C 0x11 Configuration last modified by 192.168.1.1 at 3-1-93 00:27:41Local updater ID is 192.168.1.1 on interface Vl1 (lowest numbered VLAN interface found)

Connect to the 3 other switches and configure them as VTP clients. All links between swiches must be configured as trunk lines.

VTP-CLIENT3(config)#vtp mode client

Verify the VTP configuration using the "show vtp status command"

VTP-CLIENT3#sh vtp statusVTP Version : 2Configuration Revision : 4Maximum VLANs supported locally : 255Number of existing VLANs : 7VTP Operating Mode : ClientVTP Domain Name : TESTDOMAINVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0xAE 0x4F 0x3F 0xC5 0xD3 0x41 0x9C 0x11 Configuration last modified by 192.168.1.1 at 3-1-93 00:27:41

Configure VTP domain name as "TESTDOMAIN" and VTP password as "cisco"

1. Configure each link between switches as a trunk line

interface GigabitEthernet1/1switchport mode trunk

interface GigabitEthernet1/2switchport mode trunk

2.On the server :

VTP-SERVER(config)#vtp domain TESTDOMAIN

VTP-SERVER(config)#vtp password cisco

3.On each client :

VTP-CLIENT1(config)#vtp password cisco

VTP-CLIENT1(config)#vtp domain TESTDOMAIN

Configure VLAN 10 with name "STUDENTS" and VLAN 50 with name "SERVERS"

On the VTP server switch, configure the following commands

VTP-SERVER(config)#vlan 10

VTP-SERVER(config-vlan)#name STUDENTS

VTP-SERVER(config)#vlan 50

VTP-SERVER(config-vlan)#name SERVERS

Check propagation on all switches of the VTP domain.

Use the "show vlan brief" on each switch to check propagation of the 2 VLANS.

VTP-SERVER#show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, [...]10 STUDENTS active 50 SERVERS active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active

Lab 4 - Port securityIntroduction

A growing challenge for network administrators is to be able to control who is allowed - and who isn't - to access the organization's internal network. This access control is mandatory for critical infrastructure protection in your network. It is not on public parts of the network where guest users should be able to connect.

Port security is a Cisco feature implemented in Catalyst switches which will help network engineers in implementing network security on network boundaries. In its most basic form, the Port Security feature writes the MAC address of the device connected to the switch edge port and allows only that MAC address to be active on that port. If any other MAC address is detected on that port, port security feature shutdown the switch port. The switch can be configured to send a SNMP trap to a network monitoring solution to alert that the port is disabled for security reasons.

Lab instructions

This lab will test your ability to configure port security on CiscoTM 2960 switch interfaces.

1. Configure port security on interface Fa 0/1 of the switch with the following settings :

- Port security enabled

- Mode : restrict

- Allowed mac addresses : 3

- Dynamic mac address learning.



- Mode : shutdown

- Allowed mac addresses : 3

- Dynamic mac address learning.



- Mode : protect

- Static mac address entry : 00E0.A3CE.3236

4. From LAPTOP 1 :

Try to ping 192.168.1.2 and 192.168.1.3. It should work.

Try to ping 192.168.1.4 and 192.168.1.5. It should work.

5. Connect ROGUE laptop to the hub.

Try to ping 192.168.1.1. It should work.

Try to ping 192.168.1.4. It should fail.

Network diagram

Packet Tracer 5.3 - Setting up and managing a DHCP serverIntroduction

DHCP service is a key component of your network infrastructure by allowing centralized ip address management on a single pool of servers. DHCP configuration is also part of CCNA and CCNP Switch certification exams curricula. This skill can be tested in lab environnement during exams ans it's important for students to get used to DHCP configuration before taking the exam.

Packet Tracer 5.3 implements two methods for setting up a DHCP server in your network :

Configuration of DHCP pools on Cisco routers or multlayer switches. Configuration of a standalone DHCP server appliance on the network and usage of the "ip

helper-address" command on network devices for DHCP traffic forwarding outside each local broadcast domain. This tutorial will describe this method for implementing DHCP service in your network.

Tutorial description

This tutorial will show you how to configure dynamic IP address assignment on multiple VLAN with a unique DHCP server appliance on the network.

Two VLANs are configured on Switch0 with Router0 as default gateway :

VLAN 10 - Nework : 192.168.10.0/24 - Gateway : 192.168.10.1 (FA 0/0.10) VLAN 20 - Network : 192.168.20.0/24 - Gateway : 192.168.20.1 (FA 0/0.20)

The unique DHCP server is located on a remote subnet with IP 172.16.24.2.

Learning DHCP : recommended books

DHCP configuration

Declare IP address pools on the DHCP management tab of the server like on the picture below. One pool has to be declared for each VLAN. Don't forget to configure the right network settings and default gateway (Router0 FA 0/0.10 and FA 0.0.20 IP address) for each

VLAN.

Configure router0 for DHCP forwarding

Router(config)# interface FastEthernet0/0.10

Router(config-subif)# encapsulation dot1Q 10

Router(config-subif)# ip address 192.168.10.1 255.255.255.0

Router(config-subif)# ip helper-address 172.16.24.2

Router(config)# interface FastEthernet0/0.20

Router(config-subif)# encapsulation dot1Q 20

Router(config-subif)# ip address 192.168.20.1 255.255.255.0

Router(config-subif)# ip helper-address 172.16.24.2

Lab Cisco Packet Tracer

Documents

Transcript of Lab Cisco Packet Tracer