Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 29 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
29
Dung lượng
172,9 KB
Nội dung
Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. LAB 11 – VLANsandTRUNKING(Catalyst1900Switches) 1. In this lab, you will set up VLANs on the Catalyst 1900 switches and test them by pinging between router4 and PC1. Router4 is connected to e0/1 on switch1 and PC1 is connected to e0/1 on switch2. Switch1 and switch2 are interconnected through their fa0/26 Fast Ethernet ports. 2. Using winipcfg on PC1, configure an IP address of 195.10.1.2/24 and a default gateway of 195.10.1.1 (if not already configured from a previous lab). c:> winipcfg 3. Verify you can presently ping between PC1 and router4. If you cannot ping successfully, check that router4’s Ethernet0 IP address is 195.10.1.1/24 and that the interface is enabled. Also, using the winipcfg utility, check that the PC has a configured IP address of 195.10.1.2/24. c:> ping 195.10.1.1 4. On switch1 and switch2, issue the show vlan command. You should note that, by default, all switch ports are in VLAN1. Because router4, PC1, and the switch-to-switch link are all in VLAN1, should be able to ping between PC1 and router4. 1900swx# show vlan 5. On switch1 and switch2, set up a VTP domain called bigdomain. Verify it has been created with the show vtp command. a. Question: what VTP operating mode are the switches in? 1900swx(config)# vtp domain bigdomain 1900swx(config)# exit 1900swx# show vtp 6. On switch1 and switch2, create VLAN 10, calling it ccnavlan. Issue the show vlan command to verify it was successfully created. a. Question: do you see any ports connected to VLAN 10. If not, why not? 1900swx(config)# vlan 10 name ccnavlan 1900swx(config)# exit 1900swx# show vlan 7. On switch1 and switch2, assign the e0/1 ports to the new VLAN you created. Router4 and PC1 are attached to these ports. Issue the show vlan command on both switches to verify these ports have been moved to VLAN10. Also, issue the show vlan-membership command. This is another command that shows VLAN assignments by port on the 1900. Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. 1900swx(config)# interface e0/1 1900swx(config-if)# vlan-membership static 10 1900swx(config-if)# ctrl-z 1900swx# show vlan 1900swx# show vlan-membership 8. Now that both router4 and PC1 are in VLAN10, try to ping from the PC1 to router4. It should fail. a. Question: if both devices are in the same VLAN, why should the pings fail? c:> ping 195.10.1.1 9. Make the link between switch1 and switch2 a trunk line capable of carrying traffic for any VLAN. Use the show trunk a command to verify trunking is enabled on port fa0/26 on both switches (it should say “Trunking: on”) a. Question: what trunking protocol does the 1900 use – ISL or 802.1Q? 1900swx(config)# interface fa0/26 1900swx(config-if)# trunk on 1900swx(config-if)# ctrl-z 1900swx# show trunk a 10. Now ping between PC1 and router4. The pings should succeed because both devices are in the same VLAN and the inter-switch link is a trunk line capable of carrying traffic for any VLAN. c:> ping 195.10.1.1 Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. LAB 12 - CATALYST 2950 SWITCH CONFIGURATION 1. In this lab, you will configure basic IOS commands on switch3 and switch4 which are Catalyst 2950 switches. 2. From the NetSim tool bar, select Switch3 (Catalyst 2950). Press enter to get into the user prompt mode. Enter enable to get into privileged mode. Type ? to see a list of privileged mode commands. Enter disable to go back to user mode. enter > enable # ? # disable > 3. On switch3, go into privileged mode and then into global configuration mode. Assign Switch3 a host name of 2950sw3. Use exit or ctrl-z to get out of configuration mode. > enable # configure terminal (config)# hostname 2950sw3 2950sw3(config)# exit 2950sw3# 4. On switch3, type show running-config to see the active configuration. a. Question: Do you need to issue copy running-config startup-config on the Catalyst 2950 to save the running configuration? 2950sw3# show running-config 5. On switch3, type copy running-config startup-config to save the active configuration to NVRAM. Display the saved configuration in NVRAM with the show startup-config command. 2950sw3# copy running-config startup-config 2950sw3# show startup-config 6. On switch3, erase the saved configuration and reload the box. 2950sw3# erase startup-config 2950sw3# reload 7. On switch3, go into privileged mode and then into global configuration mode. Reassign the switch a hostname of 2950sw3 and an enable password of ‘cisco’ (unencrypted). Assign the switch an IP address of 197.10.1.99 with a subnet mask of 255.255.255.0. Assign the switch a default gateway of 197.10.1.1 (router3’s Ethernet address). Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. > enable # configure terminal (config)# hostname 2950sw3 2950sw3(config)# enable password cisco 2950sw3(config)# interface vlan1 2950sw3(config-if)# ip address 197.10.1.99 255.255.255.0 2950sw3(config-if)# no shutdown 2950sw3(config-if)# exit 2950sw3(config)# ip default-gateway 197.10.1.1 8. On switch3, issue the show interface vlan1 command to verify that the IP address, mask, and default gateway are correct. 2950sw3# show interface vlan1 9. On switch3, issue the show interfaces command. a. Question: What is the Spanning Tree (802.1D) state of interface fa0/1? b. Question: What is the duplex setting for interface fa0/2? 2950sw3# show interfaces 10. From the NetSim tool bar, select Switch 4 (Catalyst 2950). Configure it with a hostname of 2950sw4 and an enable password of cisco (the enable password should be encrypted when displaying the configuration file). Assign an IP address of 197.10.1.100/24 and a default gateway of 197.10.1.1. > enable # configure terminal (config)# hostname 2950sw4 2950sw4(config)# enable secret cisco 2950sw4(config)# interface vlan1 2950sw4(config-if)# ip address 197.10.1.100 255.255.255.0 2950sw4(config-if)# no shutdown 2950sw4(config-if)# exit 2950sw4(config)# ip default-gateway 197.10.1.1 On switch4, issue the show version command. 2950sw4# show version 11. On switch4, issue the show spantree command. a. Question: what is the address of the root bridge? b. Question: what is the port cost of fa0/1? c. Question: what is the maxage interval? d. Question: what is the hello interval? 2950sw4# show spanning-tree 12. On switch4, issue the show mac-address-table command. This shows which devices are attached to which switch ports. Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. 2950sw4# show mac-address-table 13. On switch4, permanently assign a device with MAC address 4444-4444-4444 to port fa0/5. Issue the show mac-address-table command to verify the device is in the table as a permanent entry. 2950sw4(config)# mac-address-table static 4444-4444-4444 vlan 1 int fa0/5 2950sw4(config)# exit 2950sw4# show mac-address-table 14. On switch4, configure port security for port fa0/9. The switch will ‘sticky-learn’ the MAC address of the device connected to port fa0/9 and will only allow that device to connect to the port in the future. 2950sw4(config)# interface fa0/9 2950sw4(config-if)# switchport port-security 2950sw4(config-if)# switchport port-security maximum 1 Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. LAB 13 – VLANsandTRUNKING(Catalyst 2950 Switches) 1. In this lab, you will set up VLANs on switch3 and switch4 (Catalyst 2950 switches)and test them by pinging between router3 and PC2. Router3 is connected to Fa0/1 on switch3 and PC2 is connected to Fa0/1 on switch4. Switch3 and switch4 are interconnected through their fa0/12 Fast Ethernet ports. 2. On PC2 using winipcfg, configure an IP address of 197.10.1.2/24 and a default gateway of 197.10.1.1. c:> winipcfg 3. Verify you can presently ping between PC2 and router3. If you cannot ping successfully, check that router3’s FastEthernet0 IP address is 197.10.1.1/24 and that the interface is enabled. Also, using the winipcfg utility, check that PC2 has a configured IP address of 197.10.1.2/24. c:> ping 197.10.1.1 4. On switch3 and switch4, issue the show vlan command. You should note that, by default, all switch ports are in VLAN1. Because router3, PC2, and the switch-to-switch link are all in VLAN1, you should be able to ping between PC2 and router3. 2950swx# show vlan 5. On switch3 and switch4, set up a VTP domain called classroom. Verify it has been created with the show vtp status command. 2950swx# vlan database 2950swx(vlan)# vtp domain classroom 2950swx(vlan)# ctrl-z 2950swx# show vtp status 6. On switch3 and switch4, create VLAN 20, calling it 2950vlan. Issue the show vlan command to verify it was successfully created. a. Question: do you see any ports connected to VLAN 20. If not, why not? 2950swx# vlan database 2950swx(vlan)# vlan 20 name 2950vlan 2950swx(vlan)# exit 2950swx# show vlan 7. On switch3 and switch4, assign the fa0/1 ports to the new VLAN you created. Router3 and PC2 are attached to these ports. Issue the show vlan command on both switches to verify these ports have been moved to VLAN20. Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. 2950swx(config)# interface fa0/1 2950swx(config-if)# switchport mode access 2950swx(config-if)# switchport access vlan 20 2950swx(config-if)# ctrl-z 2950swx# show vlan 8. Now that both router3 and PC2 are in VLAN20, try to ping from PC2 to router3. It should fail. a. Question: if both devices are in the same VLAN, why should the pings fail? c:> ping 197.10.1.1 9. Make the link between switch3 and switch4 a trunk line capable of carrying traffic for any VLAN. Use the show interface fa0/12 switchport command to verify trunking is enabled on port fa0/12 on both switches. a. Question: what trunking protocol does the 2950 use – ISL or 802.1Q? 2950swx(config)# interface fa0/12 2950swx(config-if)# switchport mode trunk 2950swx(config-if)# ctrl-z 2950swx# show interface fa0/12 switchport 10. Now ping between PC2 and router3. The pings should succeed because both devices are in the same VLAN and the inter-switch link is a trunk line capable of carrying traffic for any VLAN. c:> ping 197.10.1.1 Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. LAB 14 – IP ACCESS-LISTS 1. In this lab, you will build standard and extended IP access-lists to filter traffic coming inbound on router1’s serial0 interface. 2. Insure you can ping router2 (160.10.1.2) from both router3 and router4. The path to router2 is through router1’s serial0 interface. If you cannot successfully ping router2, check that IP addresses have been assigned, all interfaces are up, and that a dynamic routing protocol (RIP, IGRP, EIGRP, or OSPF) is running on all routers. router3# ping 160.10.1.2 router4# ping 160.10.1.2 3. On router1, build a standard IP access-list that permits traffic from subnet 175.10.1.0, but blocks traffic from all other devices. Apply this access-list to router1’s serial0 interface for inbound traffic. a. Question: is a ‘deny any’ statement required in the access-list? b. Question: what does the mask 0.0.0.255 mean in the access-list? c. Question: can any number be assigned to a standard IP access-list? router1(config)# access-list 1 permit 175.10.1.0 0.0.0.255 router1(config)# interface serial0 router1(config-if)# ip access-group 1 in 4. Test your access-list by ping’ing from router3 and router4 to router2. The pings from router3 (in subnet 175.10.1.0) should succeed while the pings from router4 (in subnet 180.10.1.0) should fail. 5. On router1, build an extended IP access-list that will allow Telnet traffic from host 175.10.1.2 (router3), and ICMP traffic from host 180.10.1.2 (router4), but that will block everything else. Remove the previous access-list and apply this new one to router1’s serial0 interface. a. Question: what are two ways you can specify a host address in an extended IP access- list? b. Question: what is the number range for extended IP access-lists? c. Question: how would you permit RIP routing updates? router1(config)# access-list 100 permit tcp host 175.10.1.2 any eq telnet router1(config)# access-list 100 permit icmp host 180.10.1.2 any router1(config)# interface serial0 router1(config-if)# no ip access-group 1 in router1(config-if)# ip access-group 100 in 6. Test access-list 100 by pinging and telneting from router3 & router4 to router2. Router3 (175.10.1.2) should be able to telnet to router2, but not ping to it. Router4 (180.10.1.2) should be able to ping to router2, but not telnet to it. Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. router3# ping 160.10.1.2 router3# telnet 160.10.1.2 router4# ping 160.10.1.2 rotuer4# telnet 160.10.1.2 Copyright (c) 1998-2004 Boson Software, Inc. All Rights Reserved. LAB 15 - NAT/PAT 1. In this lab, you will configure NAT/PAT function on router1. You will configure three forms of translation: static network address translation, dynamic translation, and overloading (port address translation). Remember to disable the access lists your configured in the previous lab before continuing this lab. 2. On router1, configure NAT to statically translate router2’s Ethernet address 160.10.1.2 to 169.10.1.2. router1(config)# ip nat inside source static 160.10.1.2 169.10.1.2 router1(config)# interface ethernet0 router1(config-if)# ip address 160.10.1.1 255.255.255.0 router1(config-if)# ip nat inside router1(config-if)# interface serial0 router1(config-if)# ip address 175.10.1.1 255.255.255.0 router1(config-if)# ip nat outside router1(config-if)# no shut 3. Test the static NAT translation by telnet’ing from router2 to router3. Once into router3, issue the show users command. The output of this command should show that 169.10.1.2 (the translated IP address) is the logged-in device. router2# telnet 175.10.1.2 router3# show users 4. Display the NAT Translation table on router1. The output of the display should show that the inside local IP address (160.10.1.2) is translated to the inside global IP address (169.10.1.2). a. Question: does the “inside global IP address” normally represent a public or a private IP address? router1# show ip nat translations 5. On router1, remove the previous static NAT commands and configure NAT to translate router2’s Ethernet address to a dynamically assigned address. You will utilize a pool of public addresses in the range of 169.10.1.50 to 169.10.1.100. a. Question: if the pool of dynamically assigned addresses only contains one IP address entry, what’s another term for this form of NAT translation? router1(config)# no ip nat inside source static 160.10.1.2 169.10.1.2 router1(config)# ip nat pool pool1 169.10.1.50 169.10.1.100 netmask 255.255.255.0 router1(config)# ip nat inside source list 1 pool pool1 router1(config)# access-list 1 permit 160.10.1.0 0.0.0.255 6. Test the dynamic NAT translation function by telneting from router2 to router3. Once into router3, issue the show users command. The output of this command should show [...]... Copyright (c) 1998-2004 Boson Software, Inc All Rights Reserved Answer: Answer: Answer: Answer: 000C.1835.8565 100 20 seconds 2 seconds LAB 11 – VLANSandTRUNKING(Catalyst1900Switches) 5a Question: what VTP operating mode are the switches in? • Answer: the Catalyst 1900 switch defaults to ‘server’ mode 6a Question: do you see any ports connected to VLAN 10 If not, why not? • Answer: No Although VLAN 10... command on both router1 and router2 You should see: Layer1: Active Layer2: Multiple Frame Established with spid1 valid routerx# show isdn status 3 Issue the show interfaces bri0 command on router1 This displays the signaling or D Channel It should show ‘Up and Up (spoofing)’ if it is ready to handle a call request Copyright (c) 1998-2004 Boson Software, Inc All Rights Reserved Now issue the command... Reserved 2 Issue the show isdn status command on both router1 and router2 You should see: Layer1: Active Layer2: Multiple Frame Established with spid1 valid routerx# show isdn status 3 Issue the show interfaces bri0 command on router1 This displays the signaling or D Channel It should show ‘Up and Up (spoofing)’ if it is ready to handle a call request Now issue the command show interfaces bri0 1 2 This should... 255.255.255.0 router5(config-subif)# frame-relay interface-dlci 501 9 On both router1 and router5, issue the show ip interface brief command to insure the physical interfaces and sub interfaces are active (status = up and up) Issue a show frame relay pvc command on both routers to insure the PVC with DLCI 105 on router1 and DLCI 501 on router5 is active routerx# show ip interface brief routerx# show frame-relay... and router2 using Legacy Dial on Demand Routing Legacy DDR means all ISDN parameters are configured under the BRI/PRI interface and not under a dialer interface Any IP packet should represent ‘interesting traffic’ and either router should be able to initiate the call PPP encapsulation and CHAP authentication should be used Refer to the table above for ISDN switch-type, IP addresses, subnet masks, and. .. seconds Answer: 2 seconds LAB 13 – VLANsandTRUNKING (Catalyst 2950 Switches) 6a Question: do you see any ports connected to VLAN 20? If not, why not? • Answer: No Although VLAN 20 has been created, no ports have been manually assigned to it, as yet 8a Question: if both devices are in the same VLAN, why should the pings fail? • Answer: The link connecting switch3 and switch4 is still in VLAN 1 It must... up frame relay PVC’s between router1 and router5 using both physical interfaces and point-to-point sub interfaces Both routers will be frame relay DTE devices connected to a frame relay cloud 2 Using physical interfaces (no sub interfaces), configure frame relay on router1’s serial1 interface and router5’s serial0 interface Refer to the chart above for IP addresses and local DLCI’s Both routers will... frame relay router1# show interfaces serial1 router5# show interfaces serial0 4 Issue the show frame-relay map command on router1 and router5 This will show the mapping of local DLCI’s to remote IP addresses routerx# show frame-relay map 5 Issue the show frame-relay pvc command on router1 and router5 This will show the status of the PVC’s connected to the routers You want to see a status of ‘active’... frame-relay lmi command on router1 This will show LMI statistics including how many status inquiries and replies have been exchanged router1# show frame-relay lmi 7 Ping router1 from router5 to verify the frame-relay connection is working correctly router5# ping 215.10.1.1 8 You will now create point-to-point sub interfaces on router1 and router5 You will use the same IP addresses and local DLCI’s as... call to be initiated and the pings should succeed router1# ping 200.10.1.2 6 Issue the show isdn status command on router1 Under the Layer 3 status in the output, it should show one call active router1# show isdn status 7 Issue the show interfaces bri0 1 2 command on router1 This shows the status of the B channels (data channels) One of the B channels should have a status of ‘UP and UP’ indicating a . Reserved. LAB 13 – VLANs and TRUNKING (Catalyst 2950 Switches) 1. In this lab, you will set up VLANs on switch3 and switch4 (Catalyst 2950 switches) and test them. Reserved. LAB 11 – VLANs and TRUNKING (Catalyst 1900 Switches) 1. In this lab, you will set up VLANs on the Catalyst 1900 switches and test them by pinging