Download as pdf or txt
Download as pdf or txt
You are on page 1of 12

Switching, Routing, and Wireless (SRWE) – Semester 1

Week 9 workshop – Revision / Mock Test

Connections

MLS to SW1
• MLS Gig0/1 connects to SW1 Gig0/1

MLS to SW1
• MLS Gig0/2 connects to SW2 Gig0/2

SW1 to SW2
• SW1 Gig0/2 connects to SW2 Gig0/1

SW2 to SW3
• SW2 Fa0/22 connects to SW3 Fa0/22
• SW2 Fa0/23 connects to SW3 Fa0/23
• SW2 Fa0/23 connects to SW3 Fa0/24

MLS to End Devices


• MLS Fa0/1 connects to VLAN 11 PC1
• MLS Fa0/2 connects to VLAN 12 PC1

SW1 to End Devices


• SW1 Fa0/1 connects to VLAN 11 PC2
• SW1 Fa0/2 connects to VLAN 12 PC2

SW2 to End Devices


• SW2 Fa0/1 connects to VLAN 13 PC1
• SW2 Fa0/2 connects to VLAN 11 PC3

SW3 to End Devices


• SW3 Fa0/1 connects to VLAN 11 PC4
• SW3 Fa0/2 connects to VLAN 12 PC3
IP Addressing Table

DEFAULT
DEVICE INTERFACE IP ADDRESS SUBNET MASK
GATEWAY
MLS VLAN 11 192.168.11.1 255.255.255.0 N/A
MLS VLAN 12 192.168.12.1 255.255.255.0 N/A
VLAN 11 PC1 Fa0 192.168.11.2 255.255.255.0 192.168.11.1
VLAN 11 PC2 Fa0 192.168.11.3 255.255.255.0 192.168.11.1
VLAN 11 PC3 Fa0 192.168.11.4 255.255.255.0 192.168.11.1
VLAN 11 PC4 Fa0 192.168.11.5 255.255.255.0 192.168.11.1
VLAN 12 PC1 Fa0 192.168.12.2 255.255.255.0 192.168.12.1
VLAN 12 PC2 Fa0 192.168.12.3 255.255.255.0 192.168.12.1
VLAN 12 PC3 Fa0 192.168.12.3 255.255.255.0 192.168.12.1
VLAN 13 PC1 Fa0 192.168.13.1 255.255.255.0 N/A

Configure the Switches using the PCs connected to them using the console
cable.

a) Basic Device Configuration (CONFIGURE ON ALL THE SWITCHES)

1. Configure the hostname for the switches according to their display name.
Switch (config) #hostname MLS / SW1 / SW2 / SW3

2. Set the line console password for the switches as ‘class’.

MLS (config) #line con 0


MLS (config-line) #password class
MLS (config-line) #login
MLS (config-line) #exit

SW1 (config) #line con 0


SW1 (config-line) #password class
SW1 (config-line) #login
SW1 (config-line) #exit

SW2 (config) #line con 0


SW2 (config-line) #password class
SW2 (config-line) #login
SW2 (config-line) #exit

SW3 (config) #line con 0


SW3 (config-line) #password class
SW3 (config-line) #login
SW3 (config-line) #exit

3. Configure the exec mode secret for the switches as ‘cisco’.

MLS (config) #enable secret cisco

SW1 (config) #enable secret cisco

SW2 (config) #enable secret cisco

SW3 (config) #enable secret cisco

4. Configure the message of the day banner for the switches as ‘Authorized
Access Only.’

MLS (config) #banner motd -Authorized Access Only.-

SW1 (config) #banner motd -Authorized Access Only.-

SW2 (config) #banner motd -Authorized Access Only.-


SW3 (config) #banner motd -Authorized Access Only.-

5. Encrypt all the user passwords.

MLS (config) #service password-encryption

SW1 (config) #service password-encryption

SW2 (config) #service password-encryption

SW3 (config) #service password-encryption

b) Secure Shell (SSH) Configuration (CONFIGURE ONLY ON THE MLS)

VARIABLES VALUES
DNS Domain Name cisco.com
Crypto Key RSA
Modulus 1024 bits
Version 2
Time-out 30 Seconds
Authentication-retries 3
Username admin
Secret sshpass

MLS (config) #ip domain-name cisco.com


MLS (config) #crypto key generate rsa
How many bits in the modulus [512]: 1024
MLS (config) #ip ssh version 2
MLS (config) #ip ssh time-out 60
MLS (config) #ip ssh authentication-retries 3
MLS (config) #username admin secret sshpass

MLS (config) #line vty 0 4


MLS (config-line) #transport input ssh
MLS (config-line) #login local
MLS (config-line) #exit

c) Configure LACP unconditionally (EtherChannel) between the SW2 and SW3


using port channel 5.

SW2 (config) #int port-channel 5


SW2 (config-if) #exit

SW2 (config) #int range fa0/22-24


SW2 (config-if-range) #channel-group 5 mode active
SW2 (config-if-range) #exit

SW3 (config) #int port-channel 5


SW3 (config-if) #exit

SW3 (config) #int range fa0/22-24


SW3 (config-if-range) #channel-group 5 mode active
SW3 (config-if-range) #exit

d) Configure VTP between the switches using the following variables.

VARIABLES VALUES
Version 2
Domain ccna
Password ccnaswitching
Mode AS LISTED BELOW
DEVICE MODE
MLS Server
SW1 Client
SW2 Transparent
SW3 Client

MLS (config) #vtp version 2


MLS (config) #vtp domain ccna
MLS (config) #vtp password ccnaswitching
MLS (config) #vtp mode server

SW1 (config) #vtp version 2


SW1 (config) #vtp domain ccna
SW1 (config) #vtp password ccnaswitching
SW1 (config) #vtp mode client

SW2 (config) #vtp version 2


SW2 (config) #vtp domain ccna
SW2 (config) #vtp password ccnaswitching
SW2 (config) #vtp mode transparent

SW3 (config) #vtp version 2


SW3 (config) #vtp domain ccna
SW3 (config) #vtp password ccnaswitching
SW3 (config) #vtp mode client

e) Create the following VLANs on the Server Switch (MLS)

VLAN ID VLAN NAME


11 Accounts
12 Resources
99 Management
MLS (config) #vlan 11
MLS (config-vlan) #name Accounts
MLS (config-vlan) #vlan 12
MLS (config-vlan) #name Resources
MLS (config-vlan) #vlan 99
MLS (config-vlan) #name Management
MLS (config-vlan) #exit

f) Set the following trunk configurations throughout the Gigabit (Gig) interfaces
in the MLS, SW1, and SW2 and the EtherChannel configured previously.

VARIABLES VALUES
Encapsulation (Only where Appropriate) dot1q
Allowed VLAN 11, 12, 99
Native VLAN 99

MLS (config) #int range g0/1-2


MLS (config-if-range) #switchport trunk encapsulation dot1q
MLS (config-if-range) #switchport trunk allowed vlan 11,12,99
MLS (config-if-range) #switchport trunk native vlan 99
MLS (config-if-range) #exit

SW1 (config) #int range g0/1-2


SW1 (config-if-range) #switchport trunk allowed vlan 11,12,99
SW1 (config-if-range) #switchport trunk native vlan 99
SW1 (config-if-range) #exit

SW2 (config) #int range g0/1-2


SW2 (config-if-range) #switchport trunk allowed vlan 11,12,99
SW2 (config-if-range) #switchport trunk native vlan 99
SW2 (config-if-range) #exit
SW2 (config) #int port-channel 5
SW2 (config-if-range) #switchport trunk allowed vlan 11,12,99
SW2 (config-if-range) #switchport trunk native vlan 99
SW2 (config-if-range) #exit

SW3 (config) #int port-channel 5


SW3 (config-if-range) #switchport trunk allowed vlan 11,12,99
SW3 (config-if-range) #switchport trunk native vlan 99
SW3 (config-if-range) #exit

g) Create the following VLANs on the Transparent Switch (SW2)

VLAN ID VLAN NAME


11 Accounts
13 HR
99 Management

SW2 (config) #vlan 11


SW2 (config-vlan) #name Accounts
SW2 (config-vlan) #vlan 13
SW2 (config-vlan) #name HR
SW2 (config-vlan) #vlan 99
SW2 (config-vlan) #name Management
SW2 (config-vlan) #exit

h) Configure all the interfaces of all the switches connected to the end devices
to work in access mode and in accordance to the appropriate VLANs.

MLS (config) #int fa0/1


MLS (config-if) #switchport mode access
MLS (config-if) #switchport access vlan 11
MLS (config-if) #int fa0/2
MLS (config-if) #switchport mode access
MLS (config-if) #switchport access vlan 12
MLS (config-if) #exit

SW1 (config) #int fa0/1


SW1 (config-if) #switchport mode access
SW1 (config-if) #switchport access vlan 11
SW1 (config-if) #int fa0/2
SW1 (config-if) #switchport mode access
SW1 (config-if) #switchport access vlan 12
SW1 (config-if) #exit

SW2 (config) #int fa0/1


SW2 (config-if) #switchport mode access
SW2 (config-if) #switchport access vlan 13
SW2 (config-if) #int fa0/2
SW2 (config-if) #switchport mode access
SW2 (config-if) #switchport access vlan 11
SW2 (config-if) #exit

SW3 (config) #int fa0/1


SW3 (config-if) #switchport mode access
SW3 (config-if) #switchport access vlan 11
SW3 (config-if) #int fa0/2
SW3 (config-if) #switchport mode access
SW3 (config-if) #switchport access vlan 12
SW3 (config-if) #exit
i) Configure port security on all the access ports of all the switches using the
following variables

VARIABLES VALUES
Aging Time 600 Minutes
Maximum Allowed MAC Address 5
MAC Address Learning Method Sticky
Violation Mode Restrict

MLS (config) #int range fa0/1-2


MLS (config-if-range) #switchport port-security
MLS (config-if-range) #switchport port-security aging time 600
MLS (config-if-range) #switchport port-security max 5
MLS (config-if-range) #switchport port-security mac-address sticky
MLS (config-if-range) #switchport port-security violation restrict
MLS (config-if-range) #exit

SW1 (config) #int range fa0/1-2


SW1 (config-if-range) #switchport port-security
SW1 (config-if-range) #switchport port-security aging time 600
SW1 (config-if-range) #switchport port-security max 5
SW1 (config-if-range) #switchport port-security mac-address sticky
SW1 (config-if-range) #switchport port-security violation restrict
SW1 (config-if-range) #exit

SW2 (config) #int range fa0/1-2


SW2 (config-if-range) #switchport port-security
SW2 (config-if-range) #switchport port-security aging time 600
SW2 (config-if-range) #switchport port-security max 5
SW2 (config-if-range) #switchport port-security mac-address sticky
SW2 (config-if-range) #switchport port-security violation restrict
SW2 (config-if-range) #exit
SW3 (config) #int range fa0/1-2
SW3 (config-if-range) #switchport port-security
SW3 (config-if-range) #switchport port-security aging time 600
SW3 (config-if-range) #switchport port-security max 5
SW3 (config-if-range) #switchport port-security mac-address sticky
SW3 (config-if-range) #switchport port-security violation restrict
SW3 (config-if-range) #exit

j) Configure the MLS for Inter-VLAN routing of VLANs 11 and 12 using the IP
Addresses from the Addressing Scheme provided at the beginning of the
paper.

MLS (config) #ip routing


MLS (config) #int vlan 11
MLS (config-if) #ip address 192.168.11.1 255.255.255.0
MLS (config-if) #int vlan 12
MLS (config-if) #ip address 192.168.12.1 255.255.255.0
MLS (config-if) #exit

k) Configure STP according to the following table.

NOTE: - WHILE CREATING THE PRIMARY ROOT BRIDGE USE PRIORITY 8192
and WHILE CREATING THE SECONDARY ROOT BRIDGE USE THE ‘root’
COMMAND METHOD.

VLAN ID PRIMARY ROOT BRIDGE SECONDARY ROOT BRIDGE


11 MLS SW1
12 SW1 MLS

MLS (config) #spanning-tree vlan 11 priority 8192


MLS (config) #spanning-tree vlan 12 root secondary
SW1 (config) #spanning-tree vlan 12 priority 8192
SW1 (config) #spanning-tree vlan 11 root secondary

l) Enable portfast and BPDU guard on all the access ports of all the switches.

MLS (config) #int range fa0/1-2


MLS (config-if-range) #spanning-tree portfast
MLS (config-if-range) #spanning-tree bpduguard enable
MLS (config-if-range) #exit

SW1 (config) #int range fa0/1-2


SW1 (config-if-range) #spanning-tree portfast
SW1 (config-if-range) #spanning-tree bpduguard enable
SW1 (config-if-range) #exit

SW2 (config) #int range fa0/1-2


SW2 (config-if-range) #spanning-tree portfast
SW2 (config-if-range) #spanning-tree bpduguard enable
SW2 (config-if-range) #exit

SW3 (config) #int range fa0/1-2


SW3 (config-if-range) #spanning-tree portfast
SW3 (config-if-range) #spanning-tree bpduguard enable
SW3 (config-if-range) #exit

m) Assign IP addresses to the PCs referring to the IP addressing table provided


at the beginning of the paper.

End of Paper!!

Regards

Cisco SRWE, Subekshya Pradhan.

You might also like