CCNA 3 V5 Skill Test Exam practice

exam-soultion

List of Area cover :

  • Configuration of initial device settings
  • IPv4 address assignment and configuration
  • Configuration and addressing of device interfaces
  • Configuration of the OSPFv2 routing protocol
  • Configuration of a default route
  • Configuration of ACL to limit device access
  • Configuration of switch management settings including SSH
  • Configuration of port security
  • Configuration of unused switch ports according to security best practices
  • Configuration of RPVST+
  • Configuration of  EtherChannel
  • Configuration of a router as a DHCP server
  • Configuration of VLANs and trunks
  • Configuration of routing between VLANs

Site 1:

  • Configure initial device settings.
  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure and customize OSPFv2.

HQ:

  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure and customize OSPFv2.
  • Configure named and numbered ACLs.
  • Configure and propagate a default route through OSPFv2.

Site 2:

  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure DHCP pools and excluded addresses.
  • Configure routing between VLANs.
  • Configure a standard ACL.
  • Configure OSPFv2.

SW-A:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings.
  • Activate and configure RPVST+.
  • Secure unused switch ports.
  • Configure port security.

SW-B:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings with SSH.
  • Activate RPVST+.

SW-C:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings.
  • Activate and configure RPVST+.
  • Configure switch ports with PortFast and BPDU Guard.

Router>en

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname site-1
site-1(config)#no ip domain ?
lookup Enable IP Domain Name System hostname translation
name Define the default domain name
site-1(config)#no ip domain lookup
site-1(config)#enable secret cisco
site-1(config)#line console 0
site-1(config-line)#password cisco
site-1(config-line)#login
site-1(config-line)#
site-1(config-line)#exit
site-1(config)#line vty 0 4
site-1(config-line)#password cisco
site-1(config-line)#login
site-1(config-line)#exit
site-1(config)#
site-1(config)#line aux 0
site-1(config-line)#password cisco
site-1(config-line)#login
site-1(config-line)#exit
site-1(config)#line console 0
site-1(config-line)#logging sy
site-1(config-line)#logging synchronous
site-1(config-line)#exit
site-1(config)#banner motd “Authorized access only”
site-1(config)#service password en
site-1(config)#service password-en
site-1(config)#service password-encryption
site-1(config)#
site-1(config)#int s0/3/0
site-1(config-if)#bandwid
site-1(config-if)#bandwidth 128
site-1(config-if)#clock rate 64000
site-1(config-if)#ip address 192.168.100.22 255.255.255.252
site-1(config-if)#descripti
site-1(config-if)#description 2-central
site-1(config-if)#ip ospf cost 7500
site-1(config-if)#ip ospf mess
site-1(config-if)#ip ospf message-digest-key 1 md
site-1(config-if)#ip ospf message-digest-key 1 md5 xyz_ospf
site-1(config-if)#ip ospf authentication message-digest
site-1(config-if)#no shut

site-1(config)#int g0/0
site-1(config-if)#ip address 192.168.8.1 255.255.255.0
site-1(config-if)#des
site-1(config-if)#description
site-1(config-if)#description message-1A
site-1(config-if)#no shut

site-1(config-if)#
site-1(config)#int g0/1
site-1(config-if)#ip address 192.168.9.1 255.255.255.0
site-1(config-if)#des
site-1(config-if)#description clerck-1C
site-1(config-if)#no shut

OSPF on Site-1

site-1(config)#router ospf 1
site-1(config-router)#router-id 1.1.1.1
site-1(config-router)#area 0 authentication message-digest
site-1(config-router)#network 192.168.100.20 0.0.0.3 area 0
site-1(config-router)#network 192.168.8.0 0.0.0.255 area 1
site-1(config-router)#network 192.168.9.0 0.0.0.255 area 1
site-1(config-router)#

site-1(config-router)#passive-interface g0/0
site-1(config-router)#passive-interface g0/1
HQ:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain lookup
Router(config)#line console 0
Router(config-line)#logg
Router(config-line)#logging s
Router(config-line)#logging synchronous
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#
Router(config-line)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#
Router(config-line)#line aux 0
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#
Router(config-line)#service pass
Router(config-line)#service password
Router(config-line)#service password-encryption
Router(config)#banner motd “Authorized access only”
Router(config)#

Router(config)#int s0/3/0
Router(config-if)#bandwidth 128
Router(config-if)#ip address 192.168.100.21 255.255.255.252
Router(config-if)#description 2-East
Router(config-if)#ip ospf cost 7500

Router(config-if)#ip ospf message-digest-key 1 md5 xyz_ospf
Router(config-if)#ip ospf authentication message-digest
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface Serial0/3/0, changed state to up

Router(config-if)#exit
Router(config)#

Router(config)#int s0/3/1
Router(config-if)#bandwidth 128
Router(config-if)#ip address 192.168.100.37 255.255.255.252
Router(config-if)#description 2-west
Router(config-if)#clock rate 128000

Router(config-if)#ip ospf message-digest-key 1 md5 xyz_ospf
Router(config-if)#ip ospf authentication mess
Router(config-if)#ip ospf authentication message-digest
Router(config-if)#no shut

%LINK-5-CHANGED: Interface Serial0/3/1, changed state to down
Router(config-if)#exit
Router(config)#

Router(config)#router ospf 1
Router(config-router)#router-id 2.2.2.2
Router(config-router)#area 0 authentication me
Router(config-router)#area 0 authentication message-digest
Router(config-router)#default-i
Router(config-router)#default-information or
Router(config-router)#default-information originate
Router(config-router)#network 192.168.100.20 0.0.0.3 area 0
Router(config-router)#

Router(config-router)#network 192.168.100.36 0.0.0.3 area 0

Site-2 Area 2:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname site-2
site-2(config)#no ip domain lookup
site-2(config)#enable secret cisco

site-2(config)#line console 0
site-2(config-line)#logg
site-2(config-line)#logging s
site-2(config-line)#logging synchronous
site-2(config-line)#password cisco
site-2(config-line)#login
site-2(config-line)#
site-2(config-line)#line aux 0
site-2(config-line)#password cisco
site-2(config-line)#login
site-2(config-line)#
site-2(config-line)#line vty 0 4
site-2(config-line)#password cisco
site-2(config-line)#login
site-2(config-line)#

site-2(config)#service password-encryption
site-2(config)#banner motd “Authorized access only”
site-2(config)#

site-2(config)#int s0/3/1
site-2(config-if)#bandwidth 128
site-2(config-if)#ip address 192.168.100.38 255.255.255.252
site-2(config-if)#description 2-central
site-2(config-if)#ip ospf message-digest-key 1 md5 xyz_ospf
site-2(config-if)#ip ospf authentication message-digest
site-2(config-if)#no shut

site-2(config)#ip dhcp excluded-address 10.10.2.1 10.10.2.5
site-2(config)#ip dhcp excluded-address 10.10.4.1 10.10.4.5
site-2(config)#ip dhcp excluded-address 10.10.8.1 10.10.8.5
site-2(config)#ip dhcp pool vlan2pool
site-2(dhcp-config)#network 10.10.2.0 255.255.255.0
site-2(dhcp-config)#default-router 10.10.2.1
site-2(dhcp-config)#dns-server 192.168.200.225

site-2(config)#ip dhcp pool vlan4pool
site-2(dhcp-config)#network 10.10.4.0 255.255.255.0
site-2(dhcp-config)#default-router 10.10.4.1
site-2(dhcp-config)#dns
site-2(dhcp-config)#dns-server 192.168.200.225
site-2(dhcp-config)#

site-2(config)#ip dhcp pool vlan8pool
site-2(dhcp-config)#network 10.10.8.0 255.255.255.0
site-2(dhcp-config)#default
site-2(dhcp-config)#default-router 10.10.8.1
site-2(dhcp-config)#dns
site-2(dhcp-config)#dns-server 192.168.200.225
site-2(dhcp-config)#exit
site-2(config)#

Inter – Vlan:
site-2(config)#int g0/0.2
site-2(config-subif)#encapsulation do
site-2(config-subif)#encapsulation dot1Q 2
site-2(config-subif)#ip address 10.10.2.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#

site-2(config)#int g0/0.4
site-2(config-subif)#encapsulation dot1Q 4
site-2(config-subif)#ip address 10.10.4.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#

site-2(config)#int g0/0.8
site-2(config-subif)#encapsulation dot1Q 8
site-2(config-subif)#ip address 10.10.8.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#

site-2(config)#int g0/0.15
site-2(config-subif)#en
site-2(config-subif)#encapsulation d
site-2(config-subif)#encapsulation dot1Q 15
site-2(config-subif)#ip address 10.10.15.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#

site-2(config)#int g0/0.25
site-2(config-subif)#encapsulation dot1Q 25
site-2(config-subif)#ip address 10.10.25.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#
Router summarization:
site-2(config)#int s0/3/1
site-2(config-if)#ip summary-address eigrp 100 10.10.0.0 255.255.240.0
site-2(config-if)#exit

Access-list:

site-2(config)#access-list 1 permit 10.10.15.0 0.0.0.255
site-2(config)#int g0/0.25
site-2(config-subif)#ip access-group 1 out
site-2(config-subif)#
OSPF

site-2(config-router)#router-id 3.3.3.3
site-2(config-router)#passive-in
site-2(config-router)#passive-interface g0/0
site-2(config-router)#network 192.168.100.36 0.0.0.3 area 0
site-2(config-router)#
site-2(config-router)#network 10.10.2.0 0.0.0.255 area 2
site-2(config-router)#network 10.10.4.0 0.0.0.255 area 2
site-2(config-router)#network 10.10.8.0 0.0.0.255 area 2
site-2(config-router)#network 10.10.15.0 0.0.0.255 area 2
site-2(config-router)#

SW1:

Switch>
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname Bldg1
Bldg1(config)#no ip domain lookup
Bldg1(config)#enable secret cisco
Bldg1(config)#service pass
Bldg1(config)#service password-encryption
Bldg1(config)#
Bldg1(config)#line console 0
Bldg1(config-line)#lo
Bldg1(config-line)#log
Bldg1(config-line)#logging s
Bldg1(config-line)#logging synchronous
Bldg1(config-line)#password cisco
Bldg1(config-line)#login

Bldg1(config)#line vty 0 5
Bldg1(config-line)#password cisco
Bldg1(config-line)#login
Bldg1(config-line)#exit
Bldg1(config)#banner motd “Authorized access only”
Bldg1(config)#

Bldg1(config)#ip default-gateway 10.10.25.1

Bldg1(config)#vlan 2
Bldg1(config-vlan)#name sales
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 4
Bldg1(config-vlan)#name prod
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 8
Bldg1(config-vlan)#name acct
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 15
Bldg1(config-vlan)#name admin
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 25
Bldg1(config-vlan)#name sv1-net
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 99
Bldg1(config-vlan)#name null
Bldg1(config-vlan)#exit
Bldg1(config)#
Bldg1(config)#int vlan 25
Bldg1(config-if)#

%LINK-5-CHANGED: Interface Vlan25, changed state to up

Bldg1(config-if)#ip address 10.10.25.254 255.255.255.0
Bldg1(config-if)#no shut
Bldg1(config-if)#

Bldg1(config-if)#int fa0/5
Bldg1(config-if)#switchport mode access
Bldg1(config-if)#switchport access vlan 2
Bldg1(config-if)#exit
Bldg1(config)#int fa0/6
Bldg1(config-if)#switchport mode access
Bldg1(config-if)#switchport access vlan 4
Bldg1(config-if)#exit
Bldg1(config)#int fa0/7
Bldg1(config-if)#switchport mode access
Bldg1(config-if)#switchport access vlan 8
Bldg1(config-if)#exit
Bldg1(config)#int fa0/8
Bldg1(config-if)#switchport mode access
Bldg1(config-if)#switchport access vlan 15
Bldg1(config-if)#exit
Bldg1(config)#

Bldg1(config)#int range fa0/9-24
Bldg1(config-if-range)#switchport mode access
Bldg1(config-if-range)#switchport access vlan 99
Bldg1(config-if-range)#shutdown
Ether-channel:
Bldg1(config)#int range fa0/1,fa0/4
Bldg1(config-if-range)#channel-group 1 mode active
Bldg1(config)#int port-channel 1
Bldg1(config-if)#switchport mode trunk

Bldg1(config)#int range fa0/2-3
Bldg1(config-if-range)#channel-group 2 mode active
Bldg1(config-if-range)#int port-channel 2
Bldg1(config-if)#switchport mode trunk
Bldg1(config-if)#
PVST+:

Bldg1(config)#spanning-tree mode rapid-pvst
Bldg1(config)#spanning-tree vlan 2 root primary
Bldg1(config)#s
Bldg1(config)#sp
Bldg1(config)#spanning-tree vlan 4 root primary
Bldg1(config)#sp
Bldg1(config)#spanning-tree vlan 8 root secondary
Bldg1(config)#sp
Bldg1(config)#spanning-tree vlan 15 root secondary
Bldg1(config)#

configure port-Security :

Bldg1(config)#int fa0/5
Bldg1(config-if)#switchport port-security
Bldg1(config-if)#switchport port-security violation restrict
Bldg1(config-if)#switchport port-security maximum 2
Bldg1(config-if)#switchport port-security mac-address sticky
Bldg1(config-if)#exit
Bldg1(config)#

ldg1(config)#int fa0/6
Bldg1(config-if)#switchport port-security
Bldg1(config-if)#switchport port-security violation restrict
Bldg1(config-if)#switchport port-security maximum 2
Bldg1(config-if)#switchport port-security mac-address sticky
Bldg1(config-if)#exit
Bldg1(config)#

Bldg1(config)#int fa0/7
Bldg1(config-if)#switchport port-security
Bldg1(config-if)#switchport port-security violation restrict
Bldg1(config-if)#switchport port-security maximum 2
Bldg1(config-if)#switchport port-security mac-address sticky
Bldg1(config-if)#exit
Bldg1(config)#
Bldg1(config-if)#switchport port-security
Bldg1(config-if)#switchport port-security violation restrict
Bldg1(config-if)#switchport port-security maximum 2
Bldg1(config-if)#switchport port-security mac-address sticky
Bldg1(config-if)#
SW-B:

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname Bldg2
Bldg2(config)#no ip domain lookup
Bldg2(config)#enable secret cisco
Bldg2(config)#service pass
Bldg2(config)#service password-encryption
Bldg2(config)#line console 0
Bldg2(config-line)#password cisco
Bldg2(config-line)#logging s
Bldg2(config-line)#logging synchronous
Bldg2(config-line)#login
Bldg2(config-line)#
Bldg2(config-line)#line vty 0 15
Bldg2(config-line)#password cisco
Bldg2(config-line)#login
Bldg2(config-line)#exit
Bldg2(config)#banner motd “Authorized access only”
Bldg2(config)#

Bldg2(config)#line console 0
Bldg2(config-line)#password cisco
Bldg2(config-line)#logging s
Bldg2(config-line)#logging synchronous
Bldg2(config-line)#login
Bldg2(config-line)#
Bldg2(config-line)#line vty 0 15
Bldg2(config-line)#password cisco
Bldg2(config-line)#login
Bldg2(config-line)#exit
Bldg2(config)#banner motd “Authorized access only”
Bldg2(config)#
Bldg2(config)#
Bldg2(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
Bldg2(config)#ip domain-name ccna.com
Bldg2(config)#crypto key generate rsa
The name for the keys will be: Bldg2.ccna.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
Vlan :
Bldg2(config)#
Bldg2(config-line)#login local
Bldg2(config-line)#transport input ssh
Bldg2(config-line)#exit
Bldg2(config)#line vty 5 15
Bldg2(config-line)#login local
Bldg2(config-line)#transport input ssh
Bldg2(config-line)#ip default-gateway 10.10.25.1
Bldg2(config)#
Bldg2(config)#vlan 2
Bldg2(config-vlan)#name sales
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 4
Bldg2(config-vlan)#name prod
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 8
Bldg2(config-vlan)#name acct
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 15
Bldg2(config-vlan)#name admin
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 25
Bldg2(config-vlan)#name sv1-net
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 99
Bldg2(config-vlan)#name null

Bldg2(config)#int vlan 25
Bldg2(config-if)#
Bldg2(config-if)#ip address 10.10.25.253 255.255.255.0
Bldg2(config-if)#no shut
Bldg2(config)#int fa0/5
Bldg2(config-if)#switchport mode trunk

Ether-channel 1:

Bldg2(config)#int range fa0/1, fa0/4
Bldg2(config-if-range)#channel-group 2 mode active
Bldg2(config-if-range)#int port-channel 2
Bldg2(config-if)#switchport mode trunk
Bldg2(config-if)#
Bldg2(config-vlan)#exit
Bldg2(config)#

Bldg2(config)#int range fa0/2-3
Bldg2(config-if-range)#channel-group 3 mode active
Bldg2(config-if-range)#int port-channel 3
Bldg2(config-if)#switchport mode trunk

-PVST+
Bldg2(config)#spanning-tree mode rapid-pvst
Bldg2(config)#
SW -C:

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname bldg3
bldg3(config)#
bldg3(config)#no ip domain lookup
bldg3(config)#enable secret cisco
bldg3(config)#service pass
bldg3(config)#service password-encryption
bldg3(config)#banner motd “Authorized access only”
bldg3(config)#
bldg3(config)#line console 0
bldg3(config-line)#password cisco
bldg3(config-line)#login
bldg3(config-line)#
bldg3(config-line)#line vty 0 5
bldg3(config-line)#pass cisco
bldg3(config-line)#login
bldg3(config-line)#exit
bldg3(config)#

bldg3(config)#ip default-gateway 10.10.25.1

bldg3(config)#vlan 2
bldg3(config-vlan)#name sales
bldg3(config-vlan)#exit
bldg3(config)#vlan 4
bldg3(config-vlan)#name prod
bldg3(config-vlan)#exit
bldg3(config)#vlan 8
bldg3(config-vlan)#name acct
bldg3(config-vlan)#exit
bldg3(config)#vlan 15
bldg3(config-vlan)#name admin
bldg3(config-vlan)#exit
bldg3(config)#vlan 25
bldg3(config-vlan)#name sv1-net
bldg3(config-vlan)#exit
bldg3(config)#vlan 99
bldg3(config-vlan)#name null
bldg3(config-vlan)#exit
bldg3(config)#

bldg3(config)#int vlan 25
bldg3(config-if)#ip address 10.10.25.252 255.255.255.0
bldg3(config-if)#no shut
bldg3(config-if)#
Ether channel 1:

bldg3(config)#int range fa0/1, fa0/3
bldg3(config-if-range)#channel-group 3 mode active
bldg3(config-if-range)#int port-channel 3
bldg3(config-if)#switchport mode trunk
bldg3(config-if)#
bldg3(config)#int range fa0/2,fa0/4
bldg3(config-if-range)#channel-group 2 mode active
bldg3(config-if-range)#

bldg3(config-if-range)#int port-channel 2
bldg3(config-if)#switchport mode trunk
bldg3(config-if)#exit
bldg3(config)#

PVST+
bldg3(config)#spanning-tree mode rapid-pvst
bldg3(config)#sp
bldg3(config)#spanning-tree vlan 2 root secondary
bldg3(config)#sp
bldg3(config)#spanning-tree vlan 4 root secondary
bldg3(config)#sp
bldg3(config)#spanning-tree vlan 8 root primary
bldg3(config)#sp
bldg3(config)#spanning-tree vlan 15 root primary
bldg3(config)#

port fast BPDU Guard Configure :

bldg3(config)#int range fa0/5-8
bldg3(config-if-range)#sp
bldg3(config-if-range)#spanning-tree portfast

bldg3(config-if-range)#spanning-tree bpduguard enable
bldg3(config-if-range)#no shut
bldg3(config-if-range)#

bldg3(config)#int fa0/5
bldg3(config-if)#switchport mode access
bldg3(config-if)#switchport access vlan 2
bldg3(config-if)#exit

bldg3(config)#int fa0/6
bldg3(config-if)#switchport mode access
bldg3(config-if)#switchport access vlan 4
bldg3(config-if)#exit
bldg3(config)#int fa0/7
bldg3(config-if)#switchport mode access
bldg3(config-if)#switchport access vlan 8
bldg3(config-if)#exit
bldg3(config)#int fa0/8
bldg3(config-if)#switchport mode access
bldg3(config-if)#switchport access vlan 15
bldg3(config-if)#

Thank you

Momataj Momo

Advertisements

Practical : Simple EIGRP Configuration

EIGRP 2

EIGRP Topology

Configuration Command line for EIGRP 

R1(config)#router eigrp 1
R1(config-router)#network 192.168.5.0 0.0.0.127
R1(config-router)#network 192.168.5.224 0.0.0.3
R1(config-router)#network 192.168.5.228 0.0.0.3
R1(config-router)#redistribute static
R1(config-router)#no auto-summary
R1(config-router)#end
R1#show ip eigrp topology
R1#show ip eigrp topology all-links
R1#show ip eigrp neighbors
R0(config)#int s2/0
R0(config-if)#bandwidth 64

network 1: 192.168.5.0 – .127 /25
network 2: 192.168.5.128 – .191 /26
network 3: 192.168.5.192 – .223 /27
network 4: 192.168.5.224 – .227 /30
network 5: 192.168.5.228 – .231 /30
network 6: 192.168.5.232 – .235 /30

wildcard bits subtractor
255.255.255.255
255.255.255.224
———————
0.0.0.31
R1>

interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.128
interface Serial2/0
ip address 192.168.5.229 255.255.255.252
interface Serial3/0
ip address 192.168.5.226 255.255.255.252
clock rate 64000

router eigrp 1
network 192.168.5.0 0.0.0.127
network 192.168.5.224 0.0.0.3
network 192.168.5.228 0.0.0.3
no auto-summary
R2>

interface FastEthernet0/0
ip address 192.168.5.129 255.255.255.192

interface Serial2/0
ip address 192.168.5.225 255.255.255.252

interface Serial3/0
ip address 192.168.5.234 255.255.255.252
clock rate 64000
NO Shutdown

router eigrp 1
network 192.168.5.128 0.0.0.63
network 192.168.5.224 0.0.0.3
network 192.168.5.232 0.0.0.3
NO auto-summary

R3>

interface FastEthernet0/0
ip address 192.168.5.193 255.255.255.224
interface Serial3/0
ip address 192.168.5.230 255.255.255.252
clock rate 64000
router eigrp 1
network 192.168.5.192 0.0.0.31
network 192.168.5.232 0.0.0.3
network 192.168.5.228 0.0.0.3
No auto-summary

Thank you

Momataj Momo

Practical : Simple RIP Configuration

RIP

RIP Topology

RIP Configuration Command Line:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#enable secret cisco
R1(config)#enable password cisco
The enable password you have chosen is the same as your enable secret.
This is not recommended. Re-enter the enable password.
R1(config)#service password-encryption
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#line vty 0 15
R1(config-line)#pass cisco
R1(config-line)#login
R1(config-line)#exit

R1(config)#int fa0/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no shutdown

R1(config-if)#exit
R1(config)#int s0/1/0
R1(config-if)#ip address 10.10.10.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown

%LINK-5-CHANGED: Interface Serial0/1/0, changed state to down
R1(config-if)#
R1(config-if)#

R1(config)#router rip
R1(config-router)#network 192.168.10.0
R1(config-router)#network 10.10.10.0
R1(config-router)#exit
R1(config)#
Switch>
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH1(config)#hostname SWITCH1
SWITCH1(config)#
SWITCH1(config)#enable password cisco
SWITCH1(config)#enable secret cisco
The enable secret you have chosen is the same as your enable password.
This is not recommended. Re-enter the enable secret.
SWITCH1(config)#line console 0
SWITCH1(config-line)#password cisco
SWITCH1(config-line)#login
SWITCH1(config-line)#exit
SWITCH1(config)#line vty 0 15
SWITCH1(config-line)#password cisco
SWITCH1(config-line)#login
SWITCH1(config-line)#exit
SWITCH1(config)#banner motd “HELLO WORLD”
SWITCH1(config)#

SWITCH1(config)#vlan 30
SWITCH1(config-vlan)#int vlan 30
SWITCH1(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
SWITCH1(config-if)#ip address 192.168.10.2 255.255.255.0
SWITCH1(config-if)#no shutdown
SWITCH1(config-if)#exit
SWITCH1(config)#
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#enable password cisco
SWITCH(config)#hostname SWITCH2
Switch2(config)#enable secret cisco
The enable secret you have chosen is the same as your enable password.
This is not recommended. Re-enter the enable secret.
Switch2(config)#
Switch2(config)#service password-encryption
Switch2(config)#line console 0
Switch2(config-line)#password cisco
Switch2(config-line)#login
Switch2(config-line)#exit
Switch2(config)#line vty 0 15
Switch2(config-line)#password cisco
Switch2(config-line)#login
Switch2(config-line)#exit
Switch2(config)#banner motd “HELLO WORLD”
Switch2(config)#

Switch2(config)#vlan 30
Switch2(config-vlan)#int vlan 30
Switch2(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up

Switch2(config-if)#ip address 172.16.0.2 255.255.0.0
Switch2(config-if)#no shutdown
Switch2(config-if)#exit
Switch2(config)#
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#
Router(config)#hostname R2
R2(config)#enable password cisco
R2(config)#enable secret cisco
The enable secret you have chosen is the same as your enable password.
This is not recommended. Re-enter the enable secret.
R2(config)#service password-encryption
R2(config)#line console 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#line vty 0 15
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#

R2(config)#int fa0/0
R2(config-if)#ip address 172.16.0.1 255.255.0.0
R2(config-if)#no shutdown

R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R2(config-if)#

R2(config-if)#exit
R2(config)#int s0/1/0
R2(config-if)#ip address 10.10.10.2 255.0.0.0
R2(config-if)#no shutdown

R2(config-if)#
%LINK-5-CHANGED: Interface Serial0/1/0, changed state to up

R2(config-if)#
R2(config)#router rip
R2(config-router)#network 172.16.0.0

R2(config-router)#network 10.10.10.0
R2(config-router)#exit
R2(config)#

PC>ping 192.168.10.5

Thank you

Momataj Momo

Practical : Simple OSPF Configuration

OSPF SIMPLE PRACTICS

OSPF Ttopology

Configuration Command on Router 0:
NETA>
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
NO shutdown
interface Serial0/3/0
ip address 172.16.1.1 255.255.255.252
clock rate 64000
NO shutdown
router ospf 10
network 192.168.1.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.3 area 0
Configuration Command on Router 1:
NETC>
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
NO shutdown

interface Serial0/3/0
ip address 172.16.1.2 255.255.255.252
NO shutdown

interface Serial0/3/1
ip address 200.100.50.1 255.255.255.252
clock rate 64000
NO shutdown

router ospf 20

network 172.16.1.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
network 200.100.50.0 0.0.0.3 area 0

Configurations Command on Router 3:
NETC>

interface FastEthernet0/0
ip address 192.168.3.1 255.255.255.0
NO SHUTDOWN
interface Serial0/3/0
ip address 200.100.50.2 255.255.255.252
NO SHUTDOWN

router ospf 30
network 198.168.3.0 0.0.0.255 area 0
network 200.100.50.0 0.0.0.3 area 0
network 192.168.3.0 0.0.0.255 area 0

Thank you

Momataj Momo

How to Configure OSPF in CISCO

OSPF Tropology

OSPF Tropology

Configuration Command Line on R2:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int g0/0
Router(config-if)#ip address 172.16.0.193 255.255.255.224
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

Router(config-if)#
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int s0/3/0
Router(config-if)#ip address 172.16.0.226 255.255.255.252
Router(config-if)#no shutdown

%LINK-5-CHANGED: Interface Serial0/3/0, changed state to down
Router(config-if)#exit
Router(config)#int s0/3/1
Router(config-if)#ip address 172.16.0.229 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#no shutdown

%LINK-5-CHANGED: Interface Serial0/3/1, changed state to down
Router(config-if)#
Router(config-if)#
Router(config-if)#exit

Router(config)#router ospf 1
Router(config-router)#network 172.16.0.192 0.0.0.31 area 0
Router(config-router)#network 172.16.0.224 0.0.0.3 area 0
Router(config-router)#network 172.16.0.228 0.0.0.3 area 0
Router(config-router)#passive-interface g0/0

Router#show ip ospf int g0/0
Router#show ip ospf

Configuration Command Line on R1:

Router(config)#hostname R1
R1(config)#
R1(config-if)#int g0/0
R1(config-if)#ip address 172.16.0.1 255.255.255.128
R1(config-if)#no shutdown

R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

R1(config-if)#exit
R1(config-if)#exit
R1(config)#int s0/1/0
R1(config-if)#ip address 172.16.0.225 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown

R1(config-if)#
%LINK-5-CHANGED: Interface Serial0/1/0, changed state to up

R1(config-if)#exit
R1(config)#int s0/1/1
R1(config-if)#ip address 172.16.0.234 255.255.255.252
R1(config-if)#no shutdown

R1(config-if)#router ospf 1
R1(config-router)#network 172.16.0.0 0.0.0.127
% Incomplete command.
R1(config-router)#network 172.16.0.0 0.0.0.127 area 0
R1(config-router)#network 172.16.0.224 0.0.0.3 area 0
R1(config-router)#network 172.16.0.232 0.0.0.3 area 0
R1(config-router)#exit
Router(config-router)#

Configuration Command Line on R3:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R3
R3#config t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int g0/0
R3(config-if)#ip address 172.16.0.129 255.255.255.192
R3(config-if)#no shutdown
R3(config-if)#
R3(config-if)#

R3(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

R3(config-if)#exit
R3(config)#int s0/3/1
R3(config-if)#ip address 172.16.0.230 255.255.255.252
R3(config-if)#no shutdown

R3(config-if)#
%LINK-5-CHANGED: Interface Serial0/3/1, changed state to up
R3(config-if)#exit
R3(config)#int
% Incomplete command.
R3(config)#int s0/3/0
R3(config-if)#ip address 172.16.0.233 255.255.255.252
R3(config-if)#clock rate 64000
R3(config-if)#no shutdown

R3(config-if)#
%LINK-5-CHANGED: Interface Serial0/3/0, changed state to up

R3(config-if)#exit
R3(config)#

R3(config)#router ospf 1
R3(config-router)#network 172.16.0.128 0.0.0.63 area 0
R3(config-router)#network 172.16.0.228 0.0.0.3 area 0

R3(config-router)#network 172.16.0.232 0.0.0.3 area 0
R3(config-router)#exit

Now Test the connection through PC: 

PC>ping 172.16.0.194

Pinging 172.16.0.194 with 32 bytes of data:

Request timed out.
Reply from 172.16.0.194: bytes=32 time=1ms TTL=126
Reply from 172.16.0.194: bytes=32 time=2ms TTL=126
Reply from 172.16.0.194: bytes=32 time=1ms TTL=126

ping test

Ping Testing

Thank you

Momataj Momo

Skill Test : VLANs and Trunks configuration for Beginners

VOIP

Fig : VLans, trunk and VOIP setup

Configuration command for :

  • Default Vlan
  • Native Vlan
  • Data Vlan
  • Management Vlan
  • Voice Vlan

SWITCH 0 CL1:

Switch#show vlan
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 50
Switch(config-vlan)#name student                       (VLAN ASSIGN ON SWITCH 1)
Switch(config-vlan)#exit
Switch(config)#vlan 99
Switch(config-vlan)#name mgt
Switch(config-vlan)#exit
Switch#
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fa0/10
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 50
Switch(config-if)#end
Switch#Switch#show run

For Display Configuration Setup: 

Switch#show running-config
interface FastEthernet0/10
switchport access vlan 50
switchport mode access
!

Management Vlan setup: 

Switch(config)#int fa0/24

Switch(config-if)#switchport access vlan 99

Switch#show vlan

Switch(config)#int vlan 99

Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan99, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up

Switch(config-if)#ip address 192.168.99.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#exit
Switch#

For Remote access Switch o though management Vlan: 

Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line vty 0 15
Switch(config-line)#password cisco
Switch(config-line)#login
Switch(config-line)#
SWITCH 1 on CL1:

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 50
Switch(config-vlan)#name student
Switch(config-vlan)#exit
Switch(config)#int fa0/10
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 50
Switch(config-if)#exit
Switch(config)#
SWITCH 0 on CL1 for trunk mode allowed:
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk

Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Switch(config-if)#switchport trunk allowed vlan 1-99
Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console

Check Running-configuration :

Switch#show run
Switch#show running-config
interface FastEthernet0/1
switchport trunk allowed vlan 1-99
switchport mode trunk

interface FastEthernet0/10
switchport access vlan 50
switchport mode access

interface Vlan99
ip address 192.168.99.2 255.255.255.0

line vty 5 15
password cisco
login

SWITCH 1 ON CL1 for trunk allowed:

Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fa0/1
Switch(config-if)#switch mode trunk
Switch(config-if)#switchport trunk allowed vlan 1-99
Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console

For Check trunk Interface :

Switch#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-99

Port Vlans allowed and active in management domain
Fa0/1 1,50

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,50
Switch#
SWITCH 1 ON CL1 for Native VLAN assign:
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 80
Switch(config-vlan)#name native
Switch(config-vlan)#exit
Switch(config)#

For Show interface fa0/1 switchport :
Switch#show interface fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)

For Native Vlan Configuration :

Switch#
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fa0/1
Switch(config-if)#switchport trunk native vlan 80
Switch(config-if)#
Switch#

Switch#show interface fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 80 (native)
Voice VLAN: none
Switch#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 80

Port Vlans allowed on trunk
Fa0/1 1-99

Port Vlans allowed and active in management domain
Fa0/1 1,50,80

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,50,80
Switch#
Switch0 on CL1 comamand Line for setup native vlan 80 :

Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 80
Switch(config-vlan)#exit
Switch(config)#int fa 0/1
Switch(config-if)#switchport trunk native vlan 80
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (1), with Switch FastEthernet0/1 (80).

Switch(config-if)#%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on VLAN0080. Port consistency restored.

%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on VLAN0001. Port consistency restored.

PC4 Testing connection :
C>ping 192.168.50.101

Pinging 192.168.50.101 with 32 bytes of data:

Reply from 192.168.50.101: bytes=32 time=1ms TTL=128
Reply from 192.168.50.101: bytes=32 time=5ms TTL=128
Reply from 192.168.50.101: bytes=32 time=0ms TTL=128
Reply from 192.168.50.101: bytes=32 time=0ms TTL=128

Ping statistics for 192.168.50.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 5ms, Average = 1ms

PC>

Connection Established : 

  • default vlan to default vlan  (192.168.1.100 – 192.168.1.101)
  • vlan 50 to vlan 50 (192.168.50.102- 192.168.50.101)

Switch 1 on CL1 for voice vlan 150 setup:

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 150
Switch(config-vlan)#name voice
Switch(config-vlan)#exit
Switch(config)#
Switch(config)#int fa0/20
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 150
Switch(config-if)#exit
Switch(config)#
Switch(config)#int fa0/2
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan 1-99,150
Switch(config-if)#switchport trunk native vlan 80
Switch(config-if)#

Router Configuration on CL1:

Encapsulation: Allows you to use a router interface as a trunk port to a switch. This is also known as “Router on a stick” because the switch uses the router to route between VLANs.

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#exit
Router(config)#
Router(config)#int fa0/0.1
Router(config-subif)#ip address 192.168.1.1 255.255.255.0

% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.
Router(config-subif)#encapsulation dot1q 1
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-subif)#int fa0/0.50
Router(config-subif)#encapsulation dot1q 50
Router(config-subif)#ip address 192.168.50.1 255.255.255.0
Router(config-subif)#
Router(config-subif)#int fa0/0.80
Router(config-subif)#encapsulation dot1q 80
Router(config-subif)#ip address 192.168.80.1 255.255.255.0
Router(config-subif)#
Router(config-subif)#int fa0/0.99
Router(config-subif)#encapsulation dot1q 99
Router(config-subif)#ip address 192.168.99.1 255.255.255.0
Router(config-subif)#
Router(config-subif)#int fa0/0.150
Router(config-subif)#encapsulation dot1q 150
Router(config-subif)#ip address 192.168.150.1 255.255.255.0
Router(config-subif)#
Router(config)#int fa0/0
Router(config-if)#no shutdown

DHCP IP Assign for VOIP : 
Router(config)#ip dhcp pool VOIP
Router(dhcp-config)#network 192.168.150.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.150.1
Router(dhcp-config)#?
Router(dhcp-config)#
Router(dhcp-config)#option 150 ip 192.168.150.1
Router(config)#telephony-service
Router(config-telephony)#max?
max-dn max-ephones
Router(config-telephony)#max-dn 10
Router(config-telephony)#max-ephones 10
Router(config-telephony)#
Router(config-telephony)#ip source-address 192.168.150.1 port 2000
Router(config-telephony)#
Router(config-telephony)#auto assign 1 to 9
Router(config-telephony)#
SWITCH 1 on CL1 for configure  voice vlan:
Switch(config-if)#int fa 0/20
Switch(config-if)#switchport mode access
Switch(config-if)#no switchport access vlan 150
Switch(config-if)#switchport voice vlan 150
Switch(config-if)#int fa0/21
Switch(config-if)#switchport mode access
Switch(config-if)#switchport voice vlan 150
Switch(config-if)#

Router 0 command line for telephone number assign:
Router(config)#ephone-dn 1
Router(config-ephone-dn)#%LINK-3-UPDOWN: Interface ephone_dsp DN 1.1, changed state to up

Router(config-ephone-dn)#number 62001
Router(config-ephone-dn)#
%IPPHONE-6-REGISTER: ephone-1 IP:192.168.150.3 Socket:2 DeviceType:Phone has registered.

Router(config-ephone-dn)#ephone-dn 2
Router(config-ephone-dn)#%LINK-3-UPDOWN: Interface ephone_dsp DN 2.1, changed state to up

Router(config-ephone-dn)#number 62002
Router(config-ephone-dn)#
%IPPHONE-6-REGISTER: ephone-2 IP:192.168.150.2 Socket:2 DeviceType:Phone has registered.

Router(config-ephone-dn)#exit
Router(config)#
Router(config)#

Thank you

Momataj momo

Virtual local area networks (Vlans) Concepts

A VLAN is a group of logically network devices. such as a set of networked computers and printers for a department or building floor.and can seperate networks “guests” and trusted users traffic. A logically separate subnetwork which device on vlan 20 and Vlan 30 can not communicate without a layer 3 device.

The term VLAN stands for ‘Virtual LAN’ and Cisco defines a VLAN as a broadcast domain. Basically, what that means is that you can segregate certain ports on a single physical switch into logical switches (VLANs).VLAN’s allow a network manager to logically segment a LAN into different broadcast domains. Since this is a logical segmentation and not a physical one, workstations do not have to be physically located together. Users on different floors of the same building, or even in different buildings can now belong to the same LAN.VLAN’s also allow broadcast domains to be defined without using routers. Bridging software is used instead to define which workstations are to be included in the broadcast domain. Routers would only have to be used to communicate between two VLAN’s.Moreover , Virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

20070725_120904_image001_207817_1285_0 16751

VLAN can do :

-Create smaller broadcast domains, and therefore less wasted bandwidth.
-Increase security, as VLANS are not visible to outside traffice
-Decrease Costs: Building with multile companies can use a single network infrastructure.
-Effecient use of bandwidth (2 trunks for a high traffic VlAN)
-Simplify management
– VLANs can also be used to help route traffice. A seperate VLAN can used for VoIP phones.
-It is also possible to seperate Wireless traffic using Wireless VLANs
– Unsecured traffic could be on a ” guest” VLAN
– Secure traffic could be on nn”Staff” VLAN

Types of Connections : 

Devices on a VLAN can be connected in three ways based on whether the connected devices are VLAN-aware or VLAN-unaware. Recall that a VLAN-aware device is one which understands VLAN memberships (i.e. which users belong to a VLAN) and VLAN formats.

1) Trunk Link: All the devices connected to a trunk link, including workstations, must be VLAN-aware. All frames on a trunk link must have a special header attached. These special frames are called tagged frames.

pic3

2) Access Link

An access link connects a VLAN-unaware device to the port of a VLAN-aware bridge. All frames on access links must be implicitly tagged (untagged).The VLAN-unaware device can be a LAN segment with VLAN-unaware workstations or it can be a number of LAN segments containing VLAN-unaware devices

pic4

3) Hybrid Link

This is a combination of the previous two links. This is a link where both VLAN-aware and VLAN-unaware devices are attached. A hybrid link can have both tagged and untagged frames, but allthe frames for a specific VLAN must be either tagged or untagged.

pic5

How to Add VLAN TO network:
Using the CL1, we enter the following on Switch: Lets it CORE1 Switch
CORE1(config) # vlan 10
CORE1(config-vlan) # name student
CORE1(config-vlan) #exit
CORE1(config) #vlan 20
CORE1(config-vlan) # name Faculty
CORE1(config-vlan) #exit
CORE1(config) #vlan 30
CORE1(config-vlan) #name struff
CORE1(config-vlan) #exit
CORE1(config) #vlan40
CORE1(config-vlan) #name guest
CORE1(config-vlan) # exit

VLANs Configuring Ports:
On each switch, identify which device is supposed to be on which VLAN. Suppose,  Student_server_core needs to be on VLAN 10. It is connected to fast ethernet interface 0/2

SWITCH(config)# int fa0/2
SWITCH(config-if)# switchport mode access
SWITCH(config-if)# switchport access vlan 20
SWITCH(config-if)# exit

* Do the same on all switches , setting the correct ports to the correct VLAN. On the device end, the only note is that all devices on a VLAN must be on the same subnet.

Trunk Link: A trunk is a point to point link between the device and another networking device. Trunk carry the traffic of multiple VLANs over single link and allow user to extend VLAN access on entire network. By default, A trunk port send traffic to add receives from all VLANS. All VLAN IDs are allowed on each trunk.

Configuration syntax for Trunk link:

Switch(config)#vlan 99

Switch(config -vlan)#exit

Switch#config t

SWITCH(config) # Interface fa0/1

Switch(config -if)# switchport mode trunk

Switch(config -if)# Switchport access trunk native vlan 99

Native VLAN: A native vlan is the untagged vlan on an 802.1q trunked switchport.  The native vlan and management vlan could be the same, but it is better security practice that they aren’t.  Basically if a switch receives untagged frames on a trunkport, they are assumed to be part of the vlan that are designated on the switchport as the native vlan.  Frames egressing a switchport on the native vlan are not tagged.

Thank you

Momataj Momo