CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Lab 1: Basic Switch Configuration

Objectives
Investigate the default configuration of a 29xx series switch. Configure a switch with a name and an IP address. Configure passwords to ensure that access to the CLI is secured. Save the active configuration.

Background / Preparation
Cable a network similar to the one in the diagram. We will use this diagram for all next labs. Start a HyperTerminal session.

General Configuration Tips

Using the question mark (?) and arrow keys help to enter commands. Each command mode restricts the set of available commands. If there is difficulty entering a command, check the prompt and then enter the question mark (?) for a list of available commands. The problem might be a wrong command mode or using the wrong syntax. To disable a feature, enter the keyword no before the command; for example, no ip address Before starting labs, erase and reload the switch using following procedure: Switch> enable Switch# delete flash:vlan.dat Delete filename [vlan.dat]?[Enter] Delete flash:vlan.dat? [Confirm] [Enter] If there was no VLAN file, error message is displayed. At the privileged exec mode enter the command erase startup-config as follows: Switch# erase startup-config At the privileged exec mode enter the reload command as follows: Switch(config)# reload System configuration has been modified. Save? [yes/no]: Type n and then press Enter. Proceed with reload? [confirm] [enter] After the switch has reloaded the following line prompt will appear: Would you like to enter the initial configuration dialog? [yes/no]: Type n and then press Enter.

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 1 Examine the switch

a. What indicator lights (LEDs) are on the front of the switch? SYSTEM: Switch is on, led colors: Green all post test passed, there are 13 tests and port led indicates, which test is switch executing Orange, but switch is functional post detected one or more non-fatal failures, switch is forwarding packets, but is operating at degraded fashion Orange + one or more LEDs are orange post detected one or more fatal failures, switch is not operational and management console is not available RPS: Remote/Redundant Power Supply, led colors: Green operational Orange RPS failure

b. What button is on the front of the switch? What is it used for? MODE button changes among these modes: STAT Port Status, led colors: Off no link Green link present Flashing Green port operational Alternating Green / Orange error frames, excessive collisions, CRC error packets Orange port is not forwarding or is disabled in management console, suspended due to MAC address violation or by STP due to loops. During first 30 seconds since the switch boots-up or cable is connected to switch port, the port is not forwarding because switch and host are agreeing on connection parameters UTL Utilization of the switch, led colors: First one third of switch ports indicate low utilization of switch, second indicate medium utilization, third indicate high-to-very high utilization of switch. Might be different from switch to switch. Check the switch manual. FDUP which ports operates at Full Duplex, led colors: Off port is operating at Half Duplex Green port is operating at Full Duplex 100 which ports operates at 100Mbps

Step 2 Enter privileged mode

a. Privileged mode gives access to all the switch commands. Many of the privileged commands configure operating parameters. Therefore, privileged access should be password-protected to prevent unauthorized use. The privileged command set includes those commands contained in user EXEC mode, as well as the configure command through which access to the remaining command modes are gained. Switch>enable Switch# b. Notice the prompt changed in the configuration to reflect privileged exec mode.

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 3 Examine the current switch configuration

a. Examine the current running configuration file. Switch# show running-config b. How many Ethernet or Fast Ethernet interfaces does the switch have? ___________________ c. What is the range of values shown for the VTY lines? _________________________________ d. Examine the current contents of NVRAM as follows: Switch# show startup-config Why does the switch give this response? ______________________________________________________________________________ e. Issue the following to show the current IP address of the switch: Switch# show interface vlan 1

f. Is there an IP address set on the switch? g. What is the MAC address of this virtual switch interface? ______________________________ h. Is this interface up? ___________________________________________________________ i. The IP properties of the interface can be shown by entering following the command: Switch# show ip interface vlan 1 VLAN1 is by default management VLAN of Cisco switches. If you want to configure the switch remotely, you have to be connected to a port that belong to management VLAN.

Step 4 Get IOS information

a. Examine the version information that the switch reports: Switch# show version b. What is the IOS version that the switch is running? ___________________________________ c. What is the system image file name? ______________________________________________ d. What is the base MAC address of this switch? _______________________________________

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 5 Examine the Fast Ethernet interfaces

a. Examine the default properties of the Fast Ethernet interfaces, e.g. fourth port: Switch# show interface fastethernet 0/4 b. Is the interface up or down? _____________________________________________________ c. What event would make the interface go up? ________________________________________ d. What is the MAC address of the interface? _________________________________________ e. What is the speed and duplex setting of the interface? ________________________________

Step 6 Examine VLAN information

a. Examine the default VLAN settings of the switch: Switch# show vlan [brief] b. What is the name of VLAN 1? ___________________________________________________ c. Which ports are in this VLAN? ___________________________________________________ d. Is VLAN 1 active? _____________________________________________________________ e. What medium type is the default VLAN? ___________________________________________

Step 7 Assign a name to the switch

a. Enter the configuration mode: Switch# configure terminal b. Change the hostname of the switch to e.g. Catalyst using: Switch(config)# hostname Catalyst

Step 8 Set the line access and command mode passwords

Catalyst(config)# line con 0 Catalyst(config-line)# login Catalyst(config-line)# password cisco Catalyst(config-line)# exit Catalyst(config)# line vty 0 15 Catalyst(config-line)# login Catalyst(config-line)# password cisco Catalyst(config-line)# exit Catalyst(config)# enable password class Catalyst(config)# enable secret cisco Which password takes precedence, the enable password or enable secret password? _________

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 9 Configure the layer 3 access to the switch

a. Set the IP address of the switch and default-gateway based on information from Windows ipconfig command: Note: This is done on the internal virtual interface VLAN 1. Catalyst(config)# interface VLAN 1 Catalyst(config-if)# ip address <IP address> Catalyst(config-if)# exit Catalyst(config)# ip default-gateway <IP address> Catalyst(config)# exit

Step 10 Verify the management LAN settings

a. Verify the interface settings on VLAN 1 as follows: Catalyst# show interface vlan 1 b. What is the bandwidth on this interface? ___________________________________________ c. What are the VLAN states: VLAN1 is ________________, Line protocol is ________________ d. How would you bring the interface VLAN 1up? ______________________________________ d. What is the queuing strategy? ___________________________________________________

Step 11 Save the configuration

a. The basic configuration of the switch has just been completed. Back up the running configuration file to NVRAM as follows: Catalyst# copy running-config startup-config b. Verify your changes using: Catalyst# show startup-config

c. Are all the changes that were entered recorded in the file? _____________________________

Step 12 Examine the flash memory

a. Issue one of the following to examine the contents of the flash memory: Catalyst# dir flash: or Catalyst# show flash

b. The most important files stored here are: .bin extension vlan.dat config.text - IOS image file - VLAN configuration file - STARTUP configuration file

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Lab 2: Managing the MAC Address Table, Creating and Deleting Static Entries
Objectives
Manage the switch MAC table. Create a static address entry in the switch MAC table and test it. Remove the created static MAC address entry.

Step 1 Verify connectivity to connected computers

a. To verify that hosts and switch are correctly configured, ping the switch IP address from the hosts. Were the pings successful? _______________________________________________ b. If the answer is no, troubleshoot the hosts and switch configurations.

Step 2 Record the MAC addresses of both hosts

Determine and record the layer 2 addresses of the PC network interface cards: PC1: ______________________________________________________________________ PC2: ______________________________________________________________________

Step 3 Determine the MAC addresses that the switch has learned
a. To determine the what MAC addresses the switch has learned use:

Catalyst# show mac-address-table b. How many dynamic addresses are there? __________________________________________ c. How many total MAC addresses are there? _________________________________________ d. Do the MAC addresses match the host MAC addresses? ______________________________

Step 4 Determine the show MAC table options

a. To determine the options the show mac-address-table command has use: Catalyst# show mac-address-table ? b. List the options that are available with the show mac-address-table command:

c. Show only MAC addresses that were learned dynamically. How many are there? _____

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 5 Clear the MAC address table

a. To remove the existing dynamic MAC addresses use: Catalyst# clear mac-address-table dynamic b. Verify that the mac-address-table was cleared as follows: Catalyst# show mac-address-table c. How many total MAC addresses are there now? _____________________________________ d. How many dynamic addresses are there? __________________________________________

Step 6 Determine the clear MAC table options

a. To determine the options the clear mac-address-table command has use: Catalyst# clear mac-address-table ? b. List the options that are available with the clear mac-address-table command:

Step 7 Setup a static MAC address

a. Setup a static MAC address on fastethernet interface 0/4 using (use MAC of PC2): On Catalyst 2950: 2950(config)# mac-address-table static <MAC adr> vlan 1 interface fa0/4

On Catalyst 2900XL (keyword static is not working as expected on Catalyst 2900XL, instead use keyword secure): 2900XL(config)# mac-address-table secure <MAC adr> fa0/4 vlan 1

b. Enter the following to verify the macaddress table entries. Catalyst# show mac-address-table c. How many total MAC addresses are there now? How many of them are static? _____________ d. Clear MAC address table and verify your static MAC is still there. e. Test the static entry pinging to the host

Step 8 Remove the static MAC entry

2950(config)#no mac-address-table static <MAC adr> vlan 1

2900XL(config)# no mac-address-table secure <MAC adr> fa0/4 vlan 1 a. Enter the following to verify that the static MAC address was cleared: Catalyst# show mac-address-table static b. How many total MAC addresses are there now? _____________________________________

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Lab 3: Configuring port security and PortFast mode

Objectives
Configure port security on individual ports. Configure PortFast mode as one feature from rapid Spanning Tree operation.

Step 1 List port security options

a. Determine the options for setting port security on interface FastEthernet 0/4: Catalyst 2950: 2950(config)# interface fastethernet 0/4 2950(config-if)# switchport port-security ? Catalyst 2900XL: 2900XL(config)# interface fastethernet 0/4 2900XL(config-if)# port security ?

Step 2 Limit the number of hosts per port

a. On interface FastEthernet 0/4 set the port security maximum MAC count to 1 as follows: Catalyst 2950: 2950(config)# interface fastethernet 0/4 2950(config-if)# switchport mode access 2950(config-if)# switchport port-security mac-address sticky 2950(config-if)# switchport port-security maximum 1 Catalyst 2900XL: 2900XL(config)# interface fastethernet 0/4 2900XL(config-if)# port security max-mac-count 1 b. Reconnect the PC connected to port 0/4. It may be necessary to generate some traffic. c. Record any observations. _______________________________________________________ ______________________________________________________________________________

Step 3 Verify the results

a. Enter the following to verify the macaddress table entries: Catalyst# show mac-address-table b. How are the address types listed for the two MAC addresses? __________________________ c. Better verification method of port-security configuration is to use following commands: Catalyst 2950: Catalyst 2900XL: show port-security show mac-address-table secure

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 4 Configure the port to Shut down if there is a security violation

a. It has been decided that in the event of a security violation the interface should be shut down. Enter the following to make the port security action to shutdown: Catalyst 2950: 2950(config-if)# switchport port-security violation shutdown Catalyst 2900XL: 2900XL(config-if)# port security action shutdown b. What other action options are available with port security? ____________________________ c. Connect PC1 to FastEthernet 0/4 port. It may be necessary to generate some traffic. d. Record any observations. ______________________________________________________________________________ ______________________________________________________________________________

_________________________________________________________________
Step 5 Show the running configuration file
Are there statements that directly reflect the security implementation in the listing of the running configuration? List them here:

Step 6 Show port 0/4 configuration information

a. To see the configuration information for just FastEthernet port 0/4 use:

Catalyst# show interface fastethernet 0/4 b. What is the state of this interface? FastEthernet0/4 is _________________________, line protocol is ____________________ c. How would port 0/4 be reactivated? d. Before continuing remove port security, e.g. by using:

Catalyst# default interface fa0/4 This command will reset an interface to its default configuration.

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 7 Configure Portfast mode

When a switch port comes up it normally goes through the normal 802.1d Spanning Tree states of Disabled, Blocking, Listening, Learning, and then Forwarding. This process can take up to 50 seconds to occur (20 seconds in Blocking, 15 seconds in Listening, 15 seconds in Learning). When PortFast mode is enabled, the Spanning Tree Protocol (STP) can transition the port's state to Forwarding without going through the intermediate states of Blocking, Listening and Learning. However, PortFast mode should only be enabled on ports connecting single end stations (access links). When connecting to another switches, do not enable PortFast mode on these ports, since the switches will not process BPDUs and you get your network into loops. Do not enable PortFast mode on trunked connections. To configure a port for PortFast operation use (command syntax is the same for both 2900XL and 2950 series switches): Catalyst(config-if)# spanning-tree portfast Now verify your configuration using: Catalyst 2950: Catalyst 2900XL: show spanning-tree detail show spanning-tree [interface <type number>]

In a valid configuration, PortFast enabled ports do not receive BPDUs. Receiving a BPDU on a PortFastenabled port signals an invalid configuration, such as the connection of an unauthorized device.

In the picture, switch A has priority 8192 and is the root for the VLAN. Switch B has priority 16384 and is the backup root for the same VLAN. Switches A and B, connected by a Gigabit Ethernet link, make up a core of the network. Switch C is an access switch and has PortFast configured on the port connected to device D. Given the other STP parameters being default, switch C port that connects to switch B will be in STP Blocking state. Device D (PC) is not participating in STP. The red arrows indicate the flow of STP BPDUs. Now, consider that device D started to participate in STP (for example, a software-based bridge application was launched on a PC). If the priority of software bridge is zero or any value below that of root bridge, the software bridge will take over the root bridge function (as bridge with lowest priority), and the Gigabit link connecting the two core switches will transition into blocking mode, thus causing all the data in that particular VLAN to flow via the 100 Mbps link. If there is more data flowing via the core in the VLAN than the link can accommodate, the dropping of frames will occur, leading to a connectivity outage. STP PortFast BPDU guard feature would prevent such a situation by disabling the port as soon as STP BPDU is received from device D. The BPDU guard feature puts the port in the error-disabled state and error message is printed to the console. The BPDU guard feature provides a secure response to invalid configurations because the port must be manually put back in service. To turn on BPDU guard feature use (issuing this command alone does not turn on PortFast mode on port): Catalyst(config)# spanning-tree portfast bpduguard

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Configure one port on one switch as a trunk and connect this port to other swith port where the BPDU guard has been enabled. Note the displayed error here:

How would you bring up the port disabled by this error? ________________________________________ Now verify that BPDU guard is enabled using: Catalyst 2950: Catalyst 2900XL: show spanning-tree detail show spanning-tree summary

On Catalyst 2950, BPDU guard can be enabled or disabled on particular interfaces using: 2950(config-if)# spanning-tree bpduguard {enable|disable}

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Lab 4: Password Recovery Procedure on a Catalyst 2900 Series Switches

Objective
Gain access to the switch if password is lost

1.) Make sure that a PC is connected to the console port and a HyperTerminal window is open. 2.) Turn the switch off. Turn it back on while holding down the MODE button on the front of the switch at the same time that the switch is powered on. Release the MODE button after the first port LED goes out. 3.) The similar output should be displayed: C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1) Compiled Mon 22-Jul-02 18:57 by antonino WS-C2950-24 starting... Base ethernet MAC Address: 00:0a:b7:72:2b:40 Xmodem file system is available. The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software: Type flash_init Type load_helper Type dir flash: (do not forget to type the : (colon) after the word flash) 4.) Enter the commands required to initialize the flash file system. First type flash_init, then type load_helper. Finally type dir flash: 5.) Type rename flash:config.text flash:config.old to rename the configuration file. This file contains the password definition. 6.). Type boot to boot the system. 7.) Enter N at the following prompt to start the Setup program: Continue with the configuration dialog? [yes/no] : N 8.) Type rename flash:config.old flash:config.text to rename the configuration file with its original name at the privileged exec mode prompt. 9.) Copy the configuration file into memory as follows: Switch# copy flash:config.text system:running-config Source filename [config.text]?[enter] Destination filename [running-config][enter] 10.) The configuration file is now reloaded. Now you may change the old unknown passwords 11.) Power cycle the switch and verify that the passwords are now functional. If not, repeat the procedure.

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

VLAN Configuration
Lab 1: Configuring Static VLANs
Objectives
Determine the switch firmware version. Create two VLANs, name them and assign member ports to them. Delete VLAN information

Background / Preparation
When managing a switch, the Management Domain is by default VLAN 1. The Network Administrator's workstation must have access to a port in the Management Domain in order to manage switch remotely. All ports are assigned to VLAN 1 by default.

Step 1 Look at the VLAN interface information

a. Type the command show vlan at the privileged exec prompt as follows:

Switch# show vlan [brief] b. Which ports belong to the default VLAN? ___________________________________________ c. How many VLANs are set up by default on the switch? ________________________________ d. What does the VLAN 1003 represent? _____________________________________________ e. How many ports are in the 1003 VLAN? ___________________________________________

Step 2 Create and name two VLANs

Enter the following commands to create and name two VLANs: Switch# vlan database Switch(vlan)# vlan 2 name VLAN2 Switch(vlan)# vlan 3 name VLAN3 Switch(vlan)# exit

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 3 Look at the VLAN interface information

a. On Switch_A, type the command show vlan at the privileged exec prompt as follows: Switch# show vlan [brief] b. Are there new VLANs in the listing? _______________________________________________ c. Do they have any ports assigned to them yet? _______________________________________

Step 4 Assign ports 1,2 and 3 to VLAN 2

Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add port 2 to VLAN2: Switch# configure terminal Switch(config)# interface fastethernet 0/2 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 2 Switch(config-if)# end Additionally, assign port 1 and 3 to VLAN 2

Step 5 Look at the VLAN interface information

a. Type following command at the privileged exec prompt: Switch# show vlan [brief] b. Is port 2 assigned to VLAN 2? ___________________________________________________ c. Is the port still listed in the default VLAN? __________________________________________

Step 6 Assign ports 4,5 and 6 to VLAN 3

Unlike the earlier 2900XL switch, the 2950 and 3550 switches have an interface range command that enables a range of interfaces to be identified for a subsequent operation. For example, several ports can be assigned to a VLAN with one switchport command: 2950(config)# interface range fa0/4 6 ! spaces 2950(config-if-range)# switchport mode access 2950(config-if-range)# switchport access vlan 3
are mandatory !

On 2900XL switch, you have to repeat step 4 for each single port to be added to VLAN 3. Verify the proper port-to-VLAN assignment.

Step 7 Look at only VLAN2 information

a. Instead of displaying all of the VLANs type the show vlan id 2 command at the privileged exec mode prompt as follows: Switch# show vlan id 2 or Switch# show vlan name VLAN2

b. Do these command supply any more information than the show VLAN command? __________

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 8 Test the VLANs

a. Ping from the host in port 0/1 to the host in port 0/3. b. Was the ping successful? ______________________ c. Ping from the host in port 0/1 to the host in port 0/4. d. Was the ping successful? ______________________ e. Why? ______________________________________

f. Ping from the host in port 0/1 to the switch IP address. g. Was the ping successful? ______________________ h. Ping from the host in port 0/4 to the switch IP address. i. Was the ping successful? ______________________ j. Why? ______________________________________

Step 9 Change the management VLAN

By default management VLAN is VLAN1. You can change the management VLAN of the switch if you first disable VLAN1 interface. Issue the following commands to make VLAN3 a management VLAN: Switch(config)# interface vlan 1 Switch(config-if)# no ip address Switch(config-if)# shutdown Switch(config-if)# interface vlan 3 Switch(config-if)# ip address ... Switch(config-if)# no shutdown Now try to ping the switch from a host connected to VLAN3 and from the host connected to other VLAN. Which ping works? _______________________________________________________________ ____________________________________________________________________________________

Step 9 Delete a Host from a VLAN

To remove a host from a VLAN, use the no form of the switchport command: Switch# configure terminal Switch(config)# interface fastethernet 0/2 Switch(config-if)# no switchport access vlan 2

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 10 Display the VLAN Interface Information

a. Type following command at the privileged EXEC prompt: Switch# show vlan [brief] c. Is port 0/2 removed from VLAN 2? _______________________________________________

d. Which VLAN does the port belong to now? ________________________________________

Step 12 Delete a VLAN

a. To remove an entire VLAN 2, enter the VLAN database mode and use: Switch# vlan database Switch(vlan)# no vlan 2 Deleting VLAN 2... Switch(vlan)# exit

Step 13 Display the VLAN Interface Information

a. Type following command at the privileged EXEC prompt: Switch# show vlan [brief] b. Is VLAN 2 removed? _______________________________________________________ c. What happened to the ports that were released from the VLANs? ____________________

Step 14 Delete VLAN 1

Try to delete VLAN 1, which is the default VLAN, the same way that you deleted VLAN 2. Switch# vlan database Switch(vlan)# no vlan 1 A default VLAN may not be deleted. Switch(vlan)# exit

When creating and deleting VLANs, keep in mind: A created VLAN remains unused until it is mapped to switch ports. The default configuration has all of the switch ports on VLAN 1.

When a VLAN is deleted, any ports assigned to that VLAN become inactive. They remain associated with the deleted VLAN until they are assigned to a new VLAN. Use caution when deleting VLANs. It is possible to cause a major loss of connectivity by accidentally eliminating a VLAN that still has active users on it. When a VLAN is deleted from a switch that is in the VLAN Trunking Protocol (VTP) server mode, the VLAN is removed from all switches in the VTP domain. When a VLAN is deleted from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch. A VLAN cannot be deleted from a switch that is in VTP client mode. VTP will be practised in next lab.

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Lab 2: Trunking, VTP and Inter-VLAN routing

Objectives
Create a trunk line between the switches Configure VLANs using Virtual Trunking Protocol (VTP) Create a basic configuration on a router. Test the VLAN functionality

Background / Preparation
Trunking changes the formatting of the packets. The ports need to be in agreement as to which format is being used to transmit data on the trunk or no data will be passed. If there is different trunking encapsulation on the two ends of the link they will not able to communicate. A similar situations will occur if one of the ports is configured in trunking mode and the other one as in access mode. Following lab will introduce operation of VTP Catalyst 2900XL will act as VTP server for domain class, other two switches SHOULD NOT create any VLANs they are VTP clients and VLAN information will be automatically propagated to them.

Step 1 Create and name the VLANs

a. Configure topology displayed above. Appropriate IP information should be found out from ipconfig command. Configure switches for VTP operation, with Catalyst 2900XL switch acting as a VTP server for domain class. 2900XL# vlan database 2900XL(vlan)# vtp server 2900XL(vlan)# vtp domain class 2900XL(vlan)# vlan 10 name Management 2900XL(vlan)# vlan 20 name Support 2900XL(vlan)# vlan 30 name Sales 2900XL(vlan)# exit

! name is case sensitive !

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

b. Now assign ports to appropriate VLANs. Set other two switches (2950_A and 2950_B) for VTP client mode, use same vtp domain name, but do not create any VLANs on them just assign right ports to right VLANs. VLAN information will be automatically advertised. c. Verify the VLAN configuration on all switches with the show vlan command.

d. Are VLANs 10, 20 and 30 displayed? Why or why not? ______________________________________________________________________________

Step 2 Create the trunk connection

On Catalyst 2900XL series switches use following commands to configure trunk connections: 2900XL(config)# interface fastethernet 0/11 2900XL(config-if)# switchport trunk encapsulation dot1q 2900XL(config-if)# switchport mode trunk 2900XL(config-if)# interface fastethernet 0/12 2900XL(config-if)# switchport trunk encapsulation dot1q 2900XL(config-if)# switchport mode trunk 2900XL(config-if)# end Because Catalyst 2950 series switches support only 802.1q trunk encapsulation, use following commands to configure trunk connections on switches 2950_A and 2950_B: 2950_A(config)# interface range fastethernet 0/11 12 2950_A(config-if-range)# switchport mode trunk 2950_B(config)# interface fastethernet 0/11 - 12 2950_B(config-if-range)# switchport mode trunk

Step 3 Verify the trunk connection

a. To verify that port fastethernet 0/11 has been established as a trunk port use: Switch# show interface fastethernet 0/11 switchport b. What type of trunking encapsulation is shown on the output results? __________________ c. On the fragment Trunking VLANs Enable from the output, what does the word ALL mean? _________________________________________________________________ d. What would happen if the two ports of the trunk were using different encapsulation?

________________________________________________________________
e. Now turn off DTP message advertising on all access and trunk ports and verify your trunk ports again using above command. What does the fragment Operational mode says? _____________________________________ f. To verify your trunk configuration, Catalyst 2950 supports also following command: 2950# show interfaces trunk

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Step 4 Look at the VLAN interface information

a. Verify your VLAN configuration on every switch using command: Switch# show vlan [brief] b. Are ports assigned correctly? ___________________________________________________

Step 5 Test the VLANs and the trunk

a. Using ping, verify that hosts on the same VLAN can communicate between each other. b. Can they also talk to hosts on different VLANs?

Step 6 Connect and configure routers

a. 2500 series routers that do not support Inter-VLAN routing must use one physical interface per each VLAN to be connected. This interface will be connected to normal access (non-trunking) ports on switch, each to appropriate VLAN. On the router, use the usual configuration steps.

b. For routers that do support Inter-VLAN routing, dividing physical interface into logical subinterfaces is the way. While using just one physical interface, you will create one subinterface per each VLAN to be connected to the router. Remember, as long as at least one of your subinterfaces are connected to default, management VLAN, you can connect to switch remotely through telnet. For this connection to work, router interface must be connected to the switch using trunking connection. The switch should know about all VLANs that will be created on router.

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

2600(config)# interface ethernet 0/0 2600(config-if)# no shutdown 2600(config-if)# duplex full ! Set this also on the switch 2600(config-if)# interface ethernet 0/0.10 2600(config-subif)# encapsulation dot1q 10 2600(config-subif)# ip address <VLAN IP subnet> <subnet mask> 2600(config-subif)# interface ethernet 0/0.20 2600(config-subif)# encapsulation dot1q 20 2600(config-subif)# ip address <VLAN IP subnet> <subnet mask> 2600(config-subif)# interface ethernet 0/0.30 2600(config-subif)# encapsulation dot1q 30 2600(config-subif)# ip address <VLAN IP subnet> <subnet mask> 2600(config-subif)# end

port !

Step 7 Look at the router routing table

a. Type show ip route at the privileged exec mode prompt. b. Are there entries in the routing table? ______________________________________________ c. What interface are they all pointing to? _____________________________________________ d. Why is there not a need to run a routing protocol? ____________________________________

Step 8 Verify the VTP configuration

2900XL# show vtp {counters | status}

Step 9 Test the VLANs and the trunk

All hosts should be able to talk to each other. If not then you must troubleshoot the situation.

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Optional Step 10 Removing VLANs from trunk link

By default, all VLANs are transported across a trunk link when you issue the switchport mode trunk command. However, there are instances where the trunk link should not carry all VLANs. The first is broadcast suppression. All broadcasts are sent to every port in a VLAN. A trunk link acts as a member port of the VLAN and, therefore, must pass all the broadcasts. Bandwidth and processing time are wasted if there is no port at the other end of the trunk link that is a member of that VLAN. VLANs may also be removed from a trunk as a result of a topology change. Changes that occur in the topology must also be propagated across the trunk link. If the VLAN is not used on the other end of the trunk link, there is no need for the overhead of a topology change. By default, a Cisco IOS-based switch trunk port sends to and receives traffic from all VLANs in the VLAN database. All VLANs, 1 to 1005, are allowed on each trunk, but some of those VLANs can be removed from the list of allowed VLANs, preventing traffic from those VLANs from passing over the trunk. To restrict the traffic a trunk carries use command: Switch(config-if)# switchport trunk allowed vlan remove vlan-list Vlan-list can be range of VLAN IDs (eg. 10-100) or string of VLAN IDs (eg. 10,15,20). For example where this is useful look at the following picture:

We can remove VLAN 10 frames from propagating via trunk 2 and VLAN 20 frames from propagating via trunk 1, because VLAN 10 does not extend over trunk 2 and VLAN 20 does not extend over trunk 1. Middle switch is only one which needs to be configured: Middle_Switch(config)# interface f0/11 Middle_Switch(config-if)# switchport mode trunk Middle_Switch(config-if)# switchport trunk allowed vlan remove 20 Middle_Switch(config-if)# interface f0/12 Middle_Switch(config-if)# switchport mode trunk Middle_Switch(config-if)# switchport trunk allowed vlan remove 10

Upper topology has one feature does not contain any physical loops. Under such condition we can disable STP completely for any configured VLAN using the command: Switch(config)# no spanning-tree vlan vlan-id STP is enabled by default on VLAN 1 and on all newly created VLANs up to the spanning-tree limit as specified (by default up to 64 VLANs). Disable STP only if there are no loops in the network topology. When STP is disabled and loops are present in the topology, excessive traffic and indefinite packet duplication can drastically reduce network performance.

CCNA3: Switching Lab Catalyst 29xx series

A U T A N C R A B U T S A N C R A B UB T S AS N C R

Command summary
General switch configuration

Switch> enable Switch# erase startup-config Switch# reload Switch# configure terminal Switch# copy {running-config | tftp} {tftp | running-config} Switch(config)# hostname <name> Switch(config)# line con 0 Switch(config)# line vty 0 15 Switch(config-line)# login Switch(config-line)# password <password> Switch(config)# interface VLAN1 Switch(config-if)# ip address <address> <mask> Switch(config)# ip default-gateway <ip address> Switch(config-if)# duplex {full | half} Switch(config-if)# speed {10 | 100} Switch(config-if)# description <text> Switch(config)# ip http server Switch(config)# ip http port <port number>
Managing MAC address table

Switch# show mac-address-table Switch# clear mac-address-table 2950(config)# mac-address-table static <MAC address> vlan <id> interface <type number> 2900XL(config)# mac-address-table secure <MAC address> <interface type number> vlan <id> Switch(config)# mac-address-table aging-time <max-aging-time> 2950# show port security 2950(config-if)# switchport mode access 2950(config-if)# switchport port-security mac-address sticky 2950(config-if)# switchport port-security maximum <max MAC addresses> 2950(config-if)# switchport port-security violation {protect | restrict | shutdown} 2900XL# show mac-address-table secure 2900XL#(config-if)# port security max-mac-count <max MAC addresses> 2900XL#(config-if)# port security action {shutdown | trap}
Switch monitoring

Switch# Switch# Switch# Switch# Switch# Switch# Switch# Switch#

show version show running-config show startup-config show interface [<interface type number> ] [switchport] show interface status show post show flash dir flash:

CCNA3: Switching Lab Catalyst 29xx series

Spanning-Tree operation

A U T A N C R A B U T S A N C R A B UB T S AS N C R

2950# show spanning-tree [detail | interface <type number>] 2900XL# show spanning-tree [brief | summary | interface <type number>] Switch(config-if)# spanning-tree portfast Switch(config)# spanning-tree portfast bpduguard
VLAN commands

Switch# show vlan [brief | id <vlan number> | name <vlan name>] Switch# delete flash:vlan.dat Switch# vlan database Switch(vlan)# vlan <vlan number> [name <name>] Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan <vlan number> Switch(config-if)# switchport trunk encapsulation {isl | dot1q} Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk allowed <vlan-list> Switch(config-if)# switchport trunk allowed vlan remove <vlan-list> Switch# show port capabilities Switch# show trunk <port> 2950# show interface trunk
VTP VLAN Trunking Protocol

Switch# show vtp {counters | status} Switch# vlan database Switch(vlan)# vtp v2-mode Switch(vlan)# vtp domain <domain name-case sensitive> Switch(vlan)# vtp {client | server | transparent} Switch(vlan)# vtp password <password>
Router-on-a-stick

Router(config)# interface fastethernet <slot/port> Router(config-if)# duplex full Router(config-if)# no shutdown Router(config-if)# interface fastethernet <slot/port>.<subif number> Router(config-subif)# description <text> Router(config-subif)# encapsulation {isl | dot1q} <vlan number> Router(config-subif)# ip address <address-from-VLAN-space> <mask>