Scenario2_VLANS_V1.6

8/4/2019 Scenario2_VLANS_V1.6

1/10

Scenario 2 VLANs V1.6Scenario2_VLANS_V1.6.pptx

Kids Gamin Centre

EIGRP

Loopback 0180.20.20.20

255.255.255.255External Web Server

Network Topology

MelbourneRouter

Fa 0/1 is in

Sw/wSx/x

AdelaideRouter

ISPRouter

External

Network Address100.10.1.0/30

Internal Serial

Sz/z

Internal

Corporate Network Address145.35.0.0/16

VLAN 10

Melbourne

Fa 0/1

Switch

Fa 0/2Use LANconnection

Fa 0/24Use Virtualconnection

PC1VLAN10

PC2VLAN20

1

Note: The Scenario should be started in the Lab using the Lab Kits.

The Lab is a Packet Tracer free zone.


2/10

Scenario 2 - Overview

The Kids Gaming Centre wants to set up VLANs to ensure the childrenplaying games are not exposed to material on the web that their parents

.

They also need a VLAN that can access the Web and allow staff to

Each gaming VLAN consists of a Gaming Server and a number of PCs

2


3/10

Scenario 2 -Tasks

- -. , , ,

2. Do not configure enable passwords OR line console passwords on router and switches, unless specified by the task

3. VLSM Design

a) Design IP VLSM Addressing Scheme with subnets: VLAN10 Staff 250 hosts, VLAN20 Warcraft 100 hosts, VLAN30 AgeOfEmpires 60 hosts,

nterna er a n 2 osts

b) Document assignment of ip addresses to router interfaces and PC Hosts

4. Cable Connectiona) Connect Melbourne router to switch port Fa 0/1

b) Check routers are connected via serial link

c) Connect PCs to switch ports according to the network diagram

5. Line Console Configuration

Configure the line console on each router and switch, as shown below:

line console 0

logging synchronous

exec-timeout 0 0

6. Message of the Day (MOTD) Configuration

Configure a MOTD, recording your name and student id, only on the Melbourne router, as shown below:

banner motd &

Welcome to Melbourne

&

7. Network IP Address Configuration

a) Configure router interfaces with ip addresses

b) Configure PC1 Host with specified VLAN10

i) IP address and subnet mask.

ii) Default Gateway IP address.

3


4/10

Scenario 2 -Tasks

8. Switch Configuration

a) Refer: LabC3 3-1_3.5.1 Basic VLAN Configuration P121, LabC3 2-1_2.5.1 Basic Switch configuration P63b) Delete the vlan.dat file to remove old VLANs from the Switch, use - delete vlan.dat

c) Create VLAN10 Staff, VLAN 20 Warcraft, VLAN 30 AgeOfEmpires

d) Assign ports: VLAN 10 ports 1-5, VLAN 20 ports 23-24

e Set default atewa on switch to VLAN10 Melbourne fa0/1 i address

f) Assign Interface VLAN10 an IP address for management purposes

g) Set Port Security mac address sticky on ports 2 to 5, max 1, with violation shutdown

h) Set a static mac address on Fa 0/24 to the MAC address of PC2

.

To check VLANs created, use show vlan brief

10. Trouble Shooting Port SecurityTo check port security is enabled, use - show port-security

11. Trouble Shooting Point-to-Point Single Link Testing

a) This test is to check that each individual link in the network is working.

b) Ping (command) ensure you can ping from one end of each link to the other:

PC to Router in same subnet/VLAN/network.

.

Router to each direct neighbour Router over a serial link.

c) Link NOT working ? - Common problems:

Physical connection not made.

The clock rate is not configured on DCE interface of a serial link.

n ncorrect a ress or su net mas s con gure on one nter ace o a n

The interface is shutdown.

4


5/10

Scenario 2 -Tasks12. Routing Protocol Configuration

Configure the Routing Protocol on the Routers:a) Melbourne

EIGRP, advertise each subnet separately using wildcards

b) Adelaide

EIGRP, do not advertise the external network address

Configure default route to ISP Router

Redistribute default route to Melbourne Router

c) ISP Router

Configure a static route (at default class level) to your internal network

13. Trouble Shooting EIGRP Neighbor Adjacency

a) Verify that the routers have formed an adjacency with each other, use - show ip eigrp neighbors

b) If an adjacency has not formed it could be due to: i) subnet masks on each end of link do not match

ii) routers configured with different EIGRP AS values iii) the directly connected network is not included in the network statements

c) Other trouble shooting commands: show ip protocols, show ip eigrp topology

14. Trouble Shooting End-to-End (Across the Network) Path Testing

a) This test is to check that the routing - static and dynamic, is working.

b) Ping from PC Host in VLAN10 to External Web Server

c) Use traceroute to pin point problems.

d) Check if a subnet is missing from a routing table, use - show ip route

e) Common problems: .

PC connected to incorrect interface.

Incorrect static route on ISP

5


6/10

Scenario 2 -Tasks15. Testing Inter-VLAN Communication

a) Configure PC2 on VLAN 20: Can PC1 ping Web Server ?

Can PC2 ping Web Server?

Can PC1 ping PC2 ?

b) Move PC2 to a VLAN10 port and configure with appropriate IP address:

Can PC1 ping Web Server ?

Can PC2 ping Web Server ?

Can PC1 ping PC2 ?

6


7/10

Scenario 2 - Submission and Completion

1. Scenarios can be completed individually or as a group

2. If a scenario is completed as a group, each member of the group must make a separate submission via Blackboard

3. Scenarios should be started in the lab using the lab kits. The Lab is a Packet Tracer free zone.

4. If you do not complete the scenario in the lab, you can take the configurations and complete the scenario using NetLab or Packet Tracer

.

Submit ONE file ONLY (each member of a group must make a separate submission) via Blackboard by Sunday 11.59pm 28/8/2011

(Please ensure you are using the Internet Explorer Browser when you are submitting !)

Two o tions:

a) Configuration details (as one text file: s.txt)

i) Routers - show run, show ip route, show ip interface brief, show access-lists

ii) Switches show run, show vlan, show port-security, show vtp status

b) Packet Tracer V5.3 file as s.pkt

o e: o su m ss ons w e w e accep e y ema , an on y su m once.

7


8/10

Switch Configuration

interface fa 0/3 (or interface range fa 0/3 6)

sw c por access v an (assigns port to a vlan)

switchport mode access (sets port to access, for PCs)

switchport mode trunk (sets port to trunk, for connection to a router or switch)

switchport port-security (turns security on)

switchport port-security maximum 1

switchport port-security mac-address sticky

switchport port-security violation shutdown (default when turn security on)

OR

switchport port-security violation protect

8


9/10

Switch Commands

show mac address-table (displays entries in table)

show mac address-table dynamic (displays only dynamic entries in table)

c ear mac a ress-ta e (deletes all entries from table)

clear mac address-table dynamic (deletes only dynamic entries from table)

9


10/10

By passing the startup-configuration on boot up

I would ask all students to change the configuration register on each router via:

router(config)# config-register 0x2142

Example:

! Router configured with hostname Athens

Athens#

! To change the router's register so that it bypasses the startup-configure

Athens(config)# config-register 0x2142

Athens(config)#end

! To check that the register will be changed

Athens# show version

! When you turn off the router, the next time it is turned on it will bypass startup-configure an will bootup un-configured eg

router>

! To reload startup-configure from NVRAM, if you DO want to use it

router>enable

router#

router#copy startup-configure running-configure

Athens#

! Changing the config register will ensure that from then on the router will bypass the startup-configuration on boot up.

! This means you will not have to first erase someone else's config or do a password recovery, saving time and hassle.

! However you can still get the startup configuration if you want to use it.

10

Scenario2_VLANS_V1.6

Documents

Transcript of Scenario2_VLANS_V1.6