Вы находитесь на странице: 1из 21

I.

Global Configuration

1. Assign the appropriate names to each of the devices based on the Layer 2 diagram

Router>enable
Router#conf t
Router(config)#hostname R1_ISP

2. Disable the DNS lookup feature on all devices

R1_ISP(config)#no ip domain-lookup

3. Assign "s" as the secret password

R1_ISP(config)#enable secret s

4. Direct the Cisco IOS to encrypt any passwords stored in clear-text.

R1_ISP(config)#service password-encryption

Console Port

1. Enter line console configuration mode

R1_ISP(config)#line console 0

2. Configure the console port on all devices to log input synchronously

R1_ISP(config-line)#logging synchronous

3. Set the password to "c"

R1_ISP(config-line)#password c

4. Configure idling timeout to No timeout


R1_ISP(config-line)#exec-timeout ?

<0-35791> Timeout in minutes

R1_ISP(config-line)#exec-timeout 0 ?

<0-2147483> Timeout in seconds

<cr>

R1_ISP(config-line)#exec-timeout 0 0

VTY Ports

1. Allow 5 concurrent sessions of remote access to all devices. /Allow 5 telnet sessions at one
time.

R1_ISP(config-line)#exit

R1_ISP(config)#line vty 0 4

2. Configure the vty ports to log input synchronously

R1_ISP(config-line)#logging synchronous

3. Set the password to "v"

R1_ISP(config-line)#password v

4. Configure idling timeout to 40 minutes 20 seconds

R1_ISP(config-line)#exec-timeout 40 20

R1_ISP(config-line)#end

Verify and Save Configs

1. Verify the previous steps using proper "show" command


R1_ISP#show run

2. Save the configuration on R1

R1_ISP#copy running-config startup-config

II.
VTP Configuration

1. Configure RSW1 to VTP Server mode.

RSW1#configure terminal

RSW1(config)#vtp mode server

2. Configure RSW2 and RSW3 to VTP Client mode.

RSW2#conf t

RSW2(config)#vtp mode client

Setting device to VTP CLIENT mode.

RSW3#conf t

RSW3(config)#vtp mode client

Setting device to VTP CLIENT mode.

3. Configure examA for the vtp domain name and passA as the vtp password on all switches.

RSW1(config)#vtp domain examA

Changing VTP domain name from NULL to examA

RSW1(config)#vtp password passA

Setting device VLAN database password to passA

RSW1(config)#exit

RSW2(config)#vtp dom examA


Changing VTP domain name from NULL to examA

RSW2(config)#vtp pass passA

Setting device VLAN database password to passA

RSW2(config)#exit

RSW3(config)#vtp dom examA

Changing VTP domain name from NULL to examA

RSW3(config)#vtp pass passA

Setting device VLAN database password to passA

RSW3(config)#exit

4. Verify previous steps using proper "show" commands.

RSW1#show vtp status

RSW1#sh vtp password

RSW2#show vtp status

RSW2#sh vtp password

RSW3#sh vtp status

RSW3#sh vtp pass


VLAN Trunking

1. Shutdown the following ports:


1. RSW1 Fa1/1
2. RSW2 Fa1/11-12
3. RSW3 Fa1/11-12

RSW1#conf t

RSW1(config)#int f1/1

RSW1(config-if)#shutdown

RSW1(config-if)#end

RSW2#conf t

RSW2(config)#int range f1/11 12

RSW2(config-if-range)#shutdown

RSW2(config-if-range)#end

RSW3#conf t

RSW3(config)#int range f1/11 12

RSW3(config-if-range)#shut

RSW3(config-if-range)#end

2. Verify prior step using the proper "show" command.

RSW1#show ip interface brief

RSW2#show ip interface brief

RSW3#show ip interface brief


3. Configure VLAN trunking using 802.1q on the following ports:
0. RSW1 Fa1/3, Fa1/9-10, Fa1/13-14
1. RSW2 Fa1/9-10
2. RSW3 Fa1/13-14

RSW1#conf t

RSW1(config)#interface range f1/3 , f1/9 10 , f1/13 14

RSW1(config-if-range)#switchport trunk encapsulation dot1q

RSW1(config-if-range)#switchport mode trunk

RSW1(config-if-range)#end

RSW2#conf t

RSW2(config)#int range f1/9 10

RSW2(config-if-range)#switchport trunk encapsulation dot1q

RSW2(config-if-range)#switchport mode trunk

RSW2(config-if-range)#end

RSW3#conf t

RSW3(config)#int range f1/13 14

RSW3(config-if-range)#switchport trunk encapsulation dot1q

RSW3(config-if-range)#switchport mode trunk

RSW3(config-if-range)#end
4. Verify prior step using the proper "show" commands.

RSW1#show interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa1/3 on 802.1q trunking 1

Fa1/9 on 802.1q trunking 1

Fa1/10 on 802.1q trunking 1

Fa1/13 on 802.1q trunking 1

Fa1/14 on 802.1q trunking 1

<output omitted>

RSW2#show interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa1/9 on 802.1q trunking 1

Fa1/10 on 802.1q trunking 1

<output omitted>

RSW3#show interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa1/13 on 802.1q trunking 1

Fa1/14 on 802.1q trunking 1

<output omitted>

III.
VLAN Configuration

1. Create VLANs according to the Layer 2/3 Diagram


2. Name some of the VLANs as follows
1. VLAN 5 = SalesDept
2. VLAN15 = WebServers
3. VLAN25 = FTPServers

RSW1#conf t

RSW1(config)#vlan 5

RSW1(config-vlan)#name SalesDept

RSW1(config-vlan)#vlan 15

RSW1(config-vlan)#name WebServers

RSW1(config-vlan)#vlan 25

RSW1(config-vlan)#name FTPServers

RSW1(config-vlan)#vlan 10,20,30,35,40,45,50,55

RSW1(config-vlan)#end

RSW1#sh vlan-switch

3. Assign VLANs to appropriate switch ports according to the Physical Diagram and Layer 2/3
Diagram

RSW3#conf t

RSW3(config)#int f1/3

RSW3(config-if)#switchport mode access

RSW3(config-if)#switchport access vlan 40

RSW3(config-if)#end

RSW1#conf t

RSW1(config)#int f1/2

RSW1(config-if)#switch mode access

RSW1(config-if)#switch access vlan 10


RSW1(config-if)#int f1/3

RSW1(config-if)#switch trunk encap dot1q

RSW1(config-if)#switch mode trunk

RSW1(config-if)#end

(the f1/3 configuration above should have been configured in the


Checkpoint 2 lab,

but it doesn't hurt to re-enter it)

RSW2#conf t

RSW2(config)#int f1/2

RSW2(config-if)#switchport mode access

RSW2(config-if)#switchport access vlan 45

RSW2(config-if)#end

4. Verify VLAN and port assignments

RSW1#sh vlan-s

RSW2#sh vlan-s

RSW3#sh vlan-s

5. Assign IPv4 addresses for each FastEthernet interface, Switch Virtual Interface (SVI) and
loopback.

Verification

6. Ensure the appropriate devices can ping.

Spanning Tree

7. Configure portfast on the following edge ports


1. RSW1 Fa1/2
2. RSW2 Fa1/2
3. RSW3 Fa1/3

RSW1#conf t

RSW1(config)#int f1/2

RSW1(config-if)#spanning-tree portfast

RSW1(config-if)#end

%Warning: portfast should only be enabled on ports connected to a single


host.

Connecting hubs, concentrators, switches, bridges, and other devices


connecting to

this interface when portfast is enabled, can cause temporary spanning tree
loops.

Use with CAUTION

%Portfast has been configured on FastEthernet1/2 but will only

have effect when the interface is in a non-trunking mode.

RSW2#conf t

RSW2(config)#int f1/2

RSW2(config-if)#span portfast

RSW2(config-if)#end

%Warning: portfast should only be enabled on ports connected to a single


host.

Connecting hubs, concentrators, switches, bridges, and other devices


connecting to

this interface when portfast is enabled, can cause temporary spanning tree
loops.
Use with CAUTION

%Portfast has been configured on FastEthernet1/2 but will only

have effect when the interface is in a non-trunking mode.

RSW3#conf t

RSW3(config)#int f1/3

RSW3(config-if)#span portf

RSW3(config-if)#end

%Warning: portfast should only be enabled on ports connected to a single


host.

Connecting hubs, concentrators, switches, bridges, and other devices


connecting to

this interface when portfast is enabled, can cause temporary spanning tree
loops.

Use with CAUTION

%Portfast has been configured on FastEthernet1/2 but will only

have effect when the interface is in a non-trunking mode.

8. Use the show spanning-tree interface <interface> command at Privilege EXEC mode to verify that the
ports are in the portfast mode.

RSW1#show spanning-tree interface f1/2

Port 43 (FastEthernet1/2) of VLAN10 is forwarding

Port path cost 19, Port priority 128, Port Identifier 128.43.

Designated root has priority 32768, address c298.7929.0004

Designated bridge has priority 32768, address c298.7929.0004

Designated port id is 128.43, designated path cost 0


Timers: message age 0, forward delay 0, hold 0

Number of transitions to forwarding state: 1

BPDU: sent 98, received 0

The port is in the portfast mode

RSW2#show span int f1/2

Port 43 (FastEthernet1/2) of VLAN45 is forwarding

Port path cost 19, Port priority 128, Port Identifier 128.43.

Designated root has priority 32768, address c298.7929.0009

Designated bridge has priority 32768, address c299.0ab4.0009

Designated port id is 128.43, designated path cost 19

Timers: message age 0, forward delay 0, hold 0

Number of transitions to forwarding state: 1

BPDU: sent 113, received 0

The port is in the portfast mode

RSW3#show span int f1/3

Port 44 (FastEthernet1/3) of VLAN40 is forwarding

Port path cost 19, Port priority 128, Port Identifier 128.44.

Designated root has priority 32768, address c298.7929.0008

Designated bridge has priority 32768, address c29a.0aaa.0008

Designated port id is 128.44, designated path cost 19

Timers: message age 0, forward delay 0, hold 0


Number of transitions to forwarding state: 1

BPDU: sent 141, received 0

The port is in the portfast mode

IV.
LAN Interface Configuration

1. Assign IPv4 addresses for each FastEthernet interface, Switch Virtual Interface (SVI) and
loopbacks.

On R2_Gateway

R2_Gateway#conf t

R2_Gateway(config)#int f1/0

R2_Gateway(config-if)#ip add 10.1.1.2 255.255.255.0

R2_Gateway(config-if)#no shut

R2_Gateway(config-if)#int f3/0

R2_Gateway(config-if)#ip add 45.1.1.2 255.255.255.0

R2_Gateway(config-if)#no shut

R2_Gateway(config-if)#end

R2_Gateway#show ip int brief

On R3_DMZ

R3_DMZ#conf t

R3_DMZ(config)#int loopback 1

R3_DMZ(config-if)#ip add 3.3.3.33 255.255.255.255


R3_DMZ(config-if)#int loop2

R3_DMZ(config-if)#ip add 3.3.3.34 255.255.255.255

R3_DMZ(config-if)#int lo3

R3_DMZ(config-if)#ip add 3.3.3.35 255.255.255.255

R3_DMZ(config-if)#int lo4

R3_DMZ(config-if)#ip add 3.3.3.36 255.255.255.255

Let's try this out on R3's F1/0 interface and sub-interfaces. First, bring up the main interface,
F1/0.

R3_DMZ(config-if)#int f1/0

R3_DMZ(config-if)#no shut

Next, create the subinterface f1/0.30

R3_DMZ config-if)#int f1/0.30

R3_DMZ(config-subif)#encapsulation dot1q 30

R3_DMZ(config-subif)#ip add 30.1.1.3 255.255.255.0

Next, create the subinterface f1/0.2

R3_DMZ(config-subif)#int f1/0.20

R3_DMZ(config-subif)#encap dot 20

R3_DMZ(config-subif)#ip add 20.1.1.3 255.255.255.0

Navigate to the configuration mode for R3s F3/0 interface

R3_DMZ(config-subif)#int f3/0
R3_DMZ(config-if)#ip add 40.1.1.3 255.255.255.0

R3_DMZ(config-if)#no shut

R3_DMZ(config-if)#end

R3_DMZ#show ip int brief

on RSW1

RSW1#conf t

RSW1(config)#int vlan 5

RSW1(config-if)#ip add 5.1.1.11 255.255.255.0

RSW1(config-if)#int vlan 10

RSW1(config-if)#ip add 10.1.1.11 255.255.255.0

RSW1(config-if)#int vlan 15

RSW1(config-if)#ip add 15.1.1.11 255.255.255.0

RSW1(config-if)#int vlan 20

RSW1(config-if)#ip add 20.1.1.11 255.255.255.0

RSW1(config-if)#end

RSW1#sh ip int br

Continue with RSW2.

RSW2#conf t
RSW2(config)#int vlan 30

RSW2(config-if)#ip add 30.1.1.12 255.255.255.0

RSW2(config-if)#int vlan 35

RSW2(config-if)#ip add 35.1.1.12 255.255.255.0

RSW2(config-if)#int vlan 45

RSW2(config-if)#ip add 45.1.1.12 255.255.255.0

RSW2(config-if)#int vlan 50

RSW2(config-if)#ip add 50.1.1.12 255.255.255.0

RSW2(config-if)#int vlan 55

RSW2(config-if)#ip add 55.1.1.12 255.255.255.0

RSW2(config-if)#end

RSW2#sh ip int br

Interface IP-Address OK? Method Status Protocol

<output omitted for brevity>

Vlan1 unassigned YES NVRAM up up

Vlan30 30.1.1.12 YES manual up up

Vlan35 35.1.1.12 YES manual up up

Vlan45 45.1.1.12 YES manual up up

Vlan50 50.1.1.12 YES manual up up


Vlan55 55.1.1.12 YES manual up up

On to RSW3.

RSW3#conf t

RSW3(config)#int vlan 25

RSW3(config-if)#ip add 25.1.1.13 255.255.255.0

RSW3(config-if)#int vlan 40

RSW3(config-if)#ip add 40.1.1.13 255.255.255.0

RSW3(config-if)#end

RSW3#sh ip int br

Interface IP-Address OK? Method Status Protocol

<output omitted for brevity>

Vlan1 unassigned YES NVRAM up up

Vlan25 25.1.1.13 YES manual up up

Vlan40 40.1.1.13 YES unset up up

2. Ensure the appropriate devices can ping.

RSW1#ping 20.1.1.3

RSW1#ping 10.1.1.2

R2_Gateway#ping 45.1.1.12

RSW2#ping 30.1.1.3

R3_DMZ#ping 40.1.1.13
Frame-Relay

1. Enable frame encapsulation on serial 0/0 of R1 and R2

R2_Gateway#conf t

R2_Gateway(config)#int s0/0

R2_Gateway(config-if)#encapsulation frame-relay

R2_Gateway(config-if)#no shut

2. Configure point-to-point network (Frame-Relay point-to-point subinterfaces)


between R1 and R2

R2_Gateway(config-if)#int s0/0.1 p

R2_Gateway(config-subif)#ip add 12.1.1.2 255.255.255.252

R2_Gateway(config-subif)#frame-relay interface-dlci 201

R2_Gateway(config-fr-dlci)#end

3. Enable frame encapsulation on the main interface of serial 0/0 on R2 and bring the interface up.

R2_Gateway#conf t

R2_Gateway(config)#int s0/0

R2_Gateway(config-if)#encapsulation frame-relay

R2_Gateway(config-if)#no shut

4. Configure point-to-point network (Frame-Relay point-to-point subinterface) on R2 and assign


the appropriate IP address and DLCI number for the interface.

R2_Gateway(config-if)#int s0/0.1 p

R2_Gateway(config-subif)#ip add 12.1.1.2 255.255.255.252

R2_Gateway(config-subif)#frame-relay interface-dlci 201

R2_Gateway(config-fr-dlci)#end
5. Verify connectivity.

R1_ISP#ping 12.1.1.2

!!!!!

R2_Gateway#ping 12.1.1.1

!!!!!

Point-to-Point Protocol (PPP)

1. Enable PPP encapsulation on serial 0/2 of R1 and R2

R1_ISP#conf t

R1_ISP(config)#interface serial 0/2

R1_ISP(config-if)#encapsulation ppp

2. Assign IP addresses for each PPP encapsulated interface.

R1_ISP(config-if)#ip add 21.1.2.1 255.255.255.252

3. Enable PPP authentication using Challenge-Handshake Authentication Protocol (CHAP)

R1_ISP(config-if)#ppp authentication chap

4. Bring up the serial 0/2 interface on R1 and R2.

R1_ISP(config-if)#no shut

R1_ISP(config-if)#exit

5. Configure username and password for authentication on R1 and R2. Use LWP as the password.

R1_ISP(config)#username R2_Gateway password LWP


R1_ISP(config)#end

On R2

Enable Point-to-Point Protocol encapsulation on serial 0/2 of R2.

R2_Gateway#conf t

R2_Gateway(config)#interface serial 0/2

R2_Gateway(config-if)#encapsulation ppp

Assign IP addresse for R2s PPP encapsulated interface.

R2_Gateway(config-if)#ip add 21.1.2.2 255.255.255.252

Enable PPP authentication using Challenge-Handshake Authentication Protocol (CHAP)

R2_Gateway(config-if)#ppp authentication chap

Bring up the serial 0/2 interface.

R2_Gateway(config-if)#no shut

R2_Gateway(config-if)#exit

Configure username and password for authentication on R2. Use LWP as the password.

R2_Gateway(config)#username R1_ISP password LWP

R2_Gateway(config)#end
6. Verify connectivity

R1_ISP#ping 21.1.2.2

!!!!!

R2_Gateway#ping 21.1.2.1

!!!!!

V.