CCNA 3 V5 Skill Test Exam practice

exam-soultion

List of Area cover :

  • Configuration of initial device settings
  • IPv4 address assignment and configuration
  • Configuration and addressing of device interfaces
  • Configuration of the OSPFv2 routing protocol
  • Configuration of a default route
  • Configuration of ACL to limit device access
  • Configuration of switch management settings including SSH
  • Configuration of port security
  • Configuration of unused switch ports according to security best practices
  • Configuration of RPVST+
  • Configuration of  EtherChannel
  • Configuration of a router as a DHCP server
  • Configuration of VLANs and trunks
  • Configuration of routing between VLANs

Site 1:

  • Configure initial device settings.
  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure and customize OSPFv2.

HQ:

  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure and customize OSPFv2.
  • Configure named and numbered ACLs.
  • Configure and propagate a default route through OSPFv2.

Site 2:

  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure DHCP pools and excluded addresses.
  • Configure routing between VLANs.
  • Configure a standard ACL.
  • Configure OSPFv2.

SW-A:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings.
  • Activate and configure RPVST+.
  • Secure unused switch ports.
  • Configure port security.

SW-B:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings with SSH.
  • Activate RPVST+.

SW-C:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings.
  • Activate and configure RPVST+.
  • Configure switch ports with PortFast and BPDU Guard.

Router>en

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname site-1
site-1(config)#no ip domain ?
lookup Enable IP Domain Name System hostname translation
name Define the default domain name
site-1(config)#no ip domain lookup
site-1(config)#enable secret cisco
site-1(config)#line console 0
site-1(config-line)#password cisco
site-1(config-line)#login
site-1(config-line)#
site-1(config-line)#exit
site-1(config)#line vty 0 4
site-1(config-line)#password cisco
site-1(config-line)#login
site-1(config-line)#exit
site-1(config)#
site-1(config)#line aux 0
site-1(config-line)#password cisco
site-1(config-line)#login
site-1(config-line)#exit
site-1(config)#line console 0
site-1(config-line)#logging sy
site-1(config-line)#logging synchronous
site-1(config-line)#exit
site-1(config)#banner motd “Authorized access only”
site-1(config)#service password en
site-1(config)#service password-en
site-1(config)#service password-encryption
site-1(config)#
site-1(config)#int s0/3/0
site-1(config-if)#bandwid
site-1(config-if)#bandwidth 128
site-1(config-if)#clock rate 64000
site-1(config-if)#ip address 192.168.100.22 255.255.255.252
site-1(config-if)#descripti
site-1(config-if)#description 2-central
site-1(config-if)#ip ospf cost 7500
site-1(config-if)#ip ospf mess
site-1(config-if)#ip ospf message-digest-key 1 md
site-1(config-if)#ip ospf message-digest-key 1 md5 xyz_ospf
site-1(config-if)#ip ospf authentication message-digest
site-1(config-if)#no shut

site-1(config)#int g0/0
site-1(config-if)#ip address 192.168.8.1 255.255.255.0
site-1(config-if)#des
site-1(config-if)#description
site-1(config-if)#description message-1A
site-1(config-if)#no shut

site-1(config-if)#
site-1(config)#int g0/1
site-1(config-if)#ip address 192.168.9.1 255.255.255.0
site-1(config-if)#des
site-1(config-if)#description clerck-1C
site-1(config-if)#no shut

OSPF on Site-1

site-1(config)#router ospf 1
site-1(config-router)#router-id 1.1.1.1
site-1(config-router)#area 0 authentication message-digest
site-1(config-router)#network 192.168.100.20 0.0.0.3 area 0
site-1(config-router)#network 192.168.8.0 0.0.0.255 area 1
site-1(config-router)#network 192.168.9.0 0.0.0.255 area 1
site-1(config-router)#

site-1(config-router)#passive-interface g0/0
site-1(config-router)#passive-interface g0/1
HQ:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain lookup
Router(config)#line console 0
Router(config-line)#logg
Router(config-line)#logging s
Router(config-line)#logging synchronous
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#
Router(config-line)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#
Router(config-line)#line aux 0
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#
Router(config-line)#service pass
Router(config-line)#service password
Router(config-line)#service password-encryption
Router(config)#banner motd “Authorized access only”
Router(config)#

Router(config)#int s0/3/0
Router(config-if)#bandwidth 128
Router(config-if)#ip address 192.168.100.21 255.255.255.252
Router(config-if)#description 2-East
Router(config-if)#ip ospf cost 7500

Router(config-if)#ip ospf message-digest-key 1 md5 xyz_ospf
Router(config-if)#ip ospf authentication message-digest
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface Serial0/3/0, changed state to up

Router(config-if)#exit
Router(config)#

Router(config)#int s0/3/1
Router(config-if)#bandwidth 128
Router(config-if)#ip address 192.168.100.37 255.255.255.252
Router(config-if)#description 2-west
Router(config-if)#clock rate 128000

Router(config-if)#ip ospf message-digest-key 1 md5 xyz_ospf
Router(config-if)#ip ospf authentication mess
Router(config-if)#ip ospf authentication message-digest
Router(config-if)#no shut

%LINK-5-CHANGED: Interface Serial0/3/1, changed state to down
Router(config-if)#exit
Router(config)#

Router(config)#router ospf 1
Router(config-router)#router-id 2.2.2.2
Router(config-router)#area 0 authentication me
Router(config-router)#area 0 authentication message-digest
Router(config-router)#default-i
Router(config-router)#default-information or
Router(config-router)#default-information originate
Router(config-router)#network 192.168.100.20 0.0.0.3 area 0
Router(config-router)#

Router(config-router)#network 192.168.100.36 0.0.0.3 area 0

Site-2 Area 2:

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname site-2
site-2(config)#no ip domain lookup
site-2(config)#enable secret cisco

site-2(config)#line console 0
site-2(config-line)#logg
site-2(config-line)#logging s
site-2(config-line)#logging synchronous
site-2(config-line)#password cisco
site-2(config-line)#login
site-2(config-line)#
site-2(config-line)#line aux 0
site-2(config-line)#password cisco
site-2(config-line)#login
site-2(config-line)#
site-2(config-line)#line vty 0 4
site-2(config-line)#password cisco
site-2(config-line)#login
site-2(config-line)#

site-2(config)#service password-encryption
site-2(config)#banner motd “Authorized access only”
site-2(config)#

site-2(config)#int s0/3/1
site-2(config-if)#bandwidth 128
site-2(config-if)#ip address 192.168.100.38 255.255.255.252
site-2(config-if)#description 2-central
site-2(config-if)#ip ospf message-digest-key 1 md5 xyz_ospf
site-2(config-if)#ip ospf authentication message-digest
site-2(config-if)#no shut

site-2(config)#ip dhcp excluded-address 10.10.2.1 10.10.2.5
site-2(config)#ip dhcp excluded-address 10.10.4.1 10.10.4.5
site-2(config)#ip dhcp excluded-address 10.10.8.1 10.10.8.5
site-2(config)#ip dhcp pool vlan2pool
site-2(dhcp-config)#network 10.10.2.0 255.255.255.0
site-2(dhcp-config)#default-router 10.10.2.1
site-2(dhcp-config)#dns-server 192.168.200.225

site-2(config)#ip dhcp pool vlan4pool
site-2(dhcp-config)#network 10.10.4.0 255.255.255.0
site-2(dhcp-config)#default-router 10.10.4.1
site-2(dhcp-config)#dns
site-2(dhcp-config)#dns-server 192.168.200.225
site-2(dhcp-config)#

site-2(config)#ip dhcp pool vlan8pool
site-2(dhcp-config)#network 10.10.8.0 255.255.255.0
site-2(dhcp-config)#default
site-2(dhcp-config)#default-router 10.10.8.1
site-2(dhcp-config)#dns
site-2(dhcp-config)#dns-server 192.168.200.225
site-2(dhcp-config)#exit
site-2(config)#

Inter – Vlan:
site-2(config)#int g0/0.2
site-2(config-subif)#encapsulation do
site-2(config-subif)#encapsulation dot1Q 2
site-2(config-subif)#ip address 10.10.2.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#

site-2(config)#int g0/0.4
site-2(config-subif)#encapsulation dot1Q 4
site-2(config-subif)#ip address 10.10.4.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#

site-2(config)#int g0/0.8
site-2(config-subif)#encapsulation dot1Q 8
site-2(config-subif)#ip address 10.10.8.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#

site-2(config)#int g0/0.15
site-2(config-subif)#en
site-2(config-subif)#encapsulation d
site-2(config-subif)#encapsulation dot1Q 15
site-2(config-subif)#ip address 10.10.15.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#

site-2(config)#int g0/0.25
site-2(config-subif)#encapsulation dot1Q 25
site-2(config-subif)#ip address 10.10.25.1 255.255.255.0
site-2(config-subif)#exit
site-2(config)#
Router summarization:
site-2(config)#int s0/3/1
site-2(config-if)#ip summary-address eigrp 100 10.10.0.0 255.255.240.0
site-2(config-if)#exit

Access-list:

site-2(config)#access-list 1 permit 10.10.15.0 0.0.0.255
site-2(config)#int g0/0.25
site-2(config-subif)#ip access-group 1 out
site-2(config-subif)#
OSPF

site-2(config-router)#router-id 3.3.3.3
site-2(config-router)#passive-in
site-2(config-router)#passive-interface g0/0
site-2(config-router)#network 192.168.100.36 0.0.0.3 area 0
site-2(config-router)#
site-2(config-router)#network 10.10.2.0 0.0.0.255 area 2
site-2(config-router)#network 10.10.4.0 0.0.0.255 area 2
site-2(config-router)#network 10.10.8.0 0.0.0.255 area 2
site-2(config-router)#network 10.10.15.0 0.0.0.255 area 2
site-2(config-router)#

SW1:

Switch>
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname Bldg1
Bldg1(config)#no ip domain lookup
Bldg1(config)#enable secret cisco
Bldg1(config)#service pass
Bldg1(config)#service password-encryption
Bldg1(config)#
Bldg1(config)#line console 0
Bldg1(config-line)#lo
Bldg1(config-line)#log
Bldg1(config-line)#logging s
Bldg1(config-line)#logging synchronous
Bldg1(config-line)#password cisco
Bldg1(config-line)#login

Bldg1(config)#line vty 0 5
Bldg1(config-line)#password cisco
Bldg1(config-line)#login
Bldg1(config-line)#exit
Bldg1(config)#banner motd “Authorized access only”
Bldg1(config)#

Bldg1(config)#ip default-gateway 10.10.25.1

Bldg1(config)#vlan 2
Bldg1(config-vlan)#name sales
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 4
Bldg1(config-vlan)#name prod
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 8
Bldg1(config-vlan)#name acct
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 15
Bldg1(config-vlan)#name admin
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 25
Bldg1(config-vlan)#name sv1-net
Bldg1(config-vlan)#exit
Bldg1(config)#vlan 99
Bldg1(config-vlan)#name null
Bldg1(config-vlan)#exit
Bldg1(config)#
Bldg1(config)#int vlan 25
Bldg1(config-if)#

%LINK-5-CHANGED: Interface Vlan25, changed state to up

Bldg1(config-if)#ip address 10.10.25.254 255.255.255.0
Bldg1(config-if)#no shut
Bldg1(config-if)#

Bldg1(config-if)#int fa0/5
Bldg1(config-if)#switchport mode access
Bldg1(config-if)#switchport access vlan 2
Bldg1(config-if)#exit
Bldg1(config)#int fa0/6
Bldg1(config-if)#switchport mode access
Bldg1(config-if)#switchport access vlan 4
Bldg1(config-if)#exit
Bldg1(config)#int fa0/7
Bldg1(config-if)#switchport mode access
Bldg1(config-if)#switchport access vlan 8
Bldg1(config-if)#exit
Bldg1(config)#int fa0/8
Bldg1(config-if)#switchport mode access
Bldg1(config-if)#switchport access vlan 15
Bldg1(config-if)#exit
Bldg1(config)#

Bldg1(config)#int range fa0/9-24
Bldg1(config-if-range)#switchport mode access
Bldg1(config-if-range)#switchport access vlan 99
Bldg1(config-if-range)#shutdown
Ether-channel:
Bldg1(config)#int range fa0/1,fa0/4
Bldg1(config-if-range)#channel-group 1 mode active
Bldg1(config)#int port-channel 1
Bldg1(config-if)#switchport mode trunk

Bldg1(config)#int range fa0/2-3
Bldg1(config-if-range)#channel-group 2 mode active
Bldg1(config-if-range)#int port-channel 2
Bldg1(config-if)#switchport mode trunk
Bldg1(config-if)#
PVST+:

Bldg1(config)#spanning-tree mode rapid-pvst
Bldg1(config)#spanning-tree vlan 2 root primary
Bldg1(config)#s
Bldg1(config)#sp
Bldg1(config)#spanning-tree vlan 4 root primary
Bldg1(config)#sp
Bldg1(config)#spanning-tree vlan 8 root secondary
Bldg1(config)#sp
Bldg1(config)#spanning-tree vlan 15 root secondary
Bldg1(config)#

configure port-Security :

Bldg1(config)#int fa0/5
Bldg1(config-if)#switchport port-security
Bldg1(config-if)#switchport port-security violation restrict
Bldg1(config-if)#switchport port-security maximum 2
Bldg1(config-if)#switchport port-security mac-address sticky
Bldg1(config-if)#exit
Bldg1(config)#

ldg1(config)#int fa0/6
Bldg1(config-if)#switchport port-security
Bldg1(config-if)#switchport port-security violation restrict
Bldg1(config-if)#switchport port-security maximum 2
Bldg1(config-if)#switchport port-security mac-address sticky
Bldg1(config-if)#exit
Bldg1(config)#

Bldg1(config)#int fa0/7
Bldg1(config-if)#switchport port-security
Bldg1(config-if)#switchport port-security violation restrict
Bldg1(config-if)#switchport port-security maximum 2
Bldg1(config-if)#switchport port-security mac-address sticky
Bldg1(config-if)#exit
Bldg1(config)#
Bldg1(config-if)#switchport port-security
Bldg1(config-if)#switchport port-security violation restrict
Bldg1(config-if)#switchport port-security maximum 2
Bldg1(config-if)#switchport port-security mac-address sticky
Bldg1(config-if)#
SW-B:

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname Bldg2
Bldg2(config)#no ip domain lookup
Bldg2(config)#enable secret cisco
Bldg2(config)#service pass
Bldg2(config)#service password-encryption
Bldg2(config)#line console 0
Bldg2(config-line)#password cisco
Bldg2(config-line)#logging s
Bldg2(config-line)#logging synchronous
Bldg2(config-line)#login
Bldg2(config-line)#
Bldg2(config-line)#line vty 0 15
Bldg2(config-line)#password cisco
Bldg2(config-line)#login
Bldg2(config-line)#exit
Bldg2(config)#banner motd “Authorized access only”
Bldg2(config)#

Bldg2(config)#line console 0
Bldg2(config-line)#password cisco
Bldg2(config-line)#logging s
Bldg2(config-line)#logging synchronous
Bldg2(config-line)#login
Bldg2(config-line)#
Bldg2(config-line)#line vty 0 15
Bldg2(config-line)#password cisco
Bldg2(config-line)#login
Bldg2(config-line)#exit
Bldg2(config)#banner motd “Authorized access only”
Bldg2(config)#
Bldg2(config)#
Bldg2(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
Bldg2(config)#ip domain-name ccna.com
Bldg2(config)#crypto key generate rsa
The name for the keys will be: Bldg2.ccna.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
Vlan :
Bldg2(config)#
Bldg2(config-line)#login local
Bldg2(config-line)#transport input ssh
Bldg2(config-line)#exit
Bldg2(config)#line vty 5 15
Bldg2(config-line)#login local
Bldg2(config-line)#transport input ssh
Bldg2(config-line)#ip default-gateway 10.10.25.1
Bldg2(config)#
Bldg2(config)#vlan 2
Bldg2(config-vlan)#name sales
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 4
Bldg2(config-vlan)#name prod
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 8
Bldg2(config-vlan)#name acct
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 15
Bldg2(config-vlan)#name admin
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 25
Bldg2(config-vlan)#name sv1-net
Bldg2(config-vlan)#exit
Bldg2(config)#vlan 99
Bldg2(config-vlan)#name null

Bldg2(config)#int vlan 25
Bldg2(config-if)#
Bldg2(config-if)#ip address 10.10.25.253 255.255.255.0
Bldg2(config-if)#no shut
Bldg2(config)#int fa0/5
Bldg2(config-if)#switchport mode trunk

Ether-channel 1:

Bldg2(config)#int range fa0/1, fa0/4
Bldg2(config-if-range)#channel-group 2 mode active
Bldg2(config-if-range)#int port-channel 2
Bldg2(config-if)#switchport mode trunk
Bldg2(config-if)#
Bldg2(config-vlan)#exit
Bldg2(config)#

Bldg2(config)#int range fa0/2-3
Bldg2(config-if-range)#channel-group 3 mode active
Bldg2(config-if-range)#int port-channel 3
Bldg2(config-if)#switchport mode trunk

-PVST+
Bldg2(config)#spanning-tree mode rapid-pvst
Bldg2(config)#
SW -C:

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname bldg3
bldg3(config)#
bldg3(config)#no ip domain lookup
bldg3(config)#enable secret cisco
bldg3(config)#service pass
bldg3(config)#service password-encryption
bldg3(config)#banner motd “Authorized access only”
bldg3(config)#
bldg3(config)#line console 0
bldg3(config-line)#password cisco
bldg3(config-line)#login
bldg3(config-line)#
bldg3(config-line)#line vty 0 5
bldg3(config-line)#pass cisco
bldg3(config-line)#login
bldg3(config-line)#exit
bldg3(config)#

bldg3(config)#ip default-gateway 10.10.25.1

bldg3(config)#vlan 2
bldg3(config-vlan)#name sales
bldg3(config-vlan)#exit
bldg3(config)#vlan 4
bldg3(config-vlan)#name prod
bldg3(config-vlan)#exit
bldg3(config)#vlan 8
bldg3(config-vlan)#name acct
bldg3(config-vlan)#exit
bldg3(config)#vlan 15
bldg3(config-vlan)#name admin
bldg3(config-vlan)#exit
bldg3(config)#vlan 25
bldg3(config-vlan)#name sv1-net
bldg3(config-vlan)#exit
bldg3(config)#vlan 99
bldg3(config-vlan)#name null
bldg3(config-vlan)#exit
bldg3(config)#

bldg3(config)#int vlan 25
bldg3(config-if)#ip address 10.10.25.252 255.255.255.0
bldg3(config-if)#no shut
bldg3(config-if)#
Ether channel 1:

bldg3(config)#int range fa0/1, fa0/3
bldg3(config-if-range)#channel-group 3 mode active
bldg3(config-if-range)#int port-channel 3
bldg3(config-if)#switchport mode trunk
bldg3(config-if)#
bldg3(config)#int range fa0/2,fa0/4
bldg3(config-if-range)#channel-group 2 mode active
bldg3(config-if-range)#

bldg3(config-if-range)#int port-channel 2
bldg3(config-if)#switchport mode trunk
bldg3(config-if)#exit
bldg3(config)#

PVST+
bldg3(config)#spanning-tree mode rapid-pvst
bldg3(config)#sp
bldg3(config)#spanning-tree vlan 2 root secondary
bldg3(config)#sp
bldg3(config)#spanning-tree vlan 4 root secondary
bldg3(config)#sp
bldg3(config)#spanning-tree vlan 8 root primary
bldg3(config)#sp
bldg3(config)#spanning-tree vlan 15 root primary
bldg3(config)#

port fast BPDU Guard Configure :

bldg3(config)#int range fa0/5-8
bldg3(config-if-range)#sp
bldg3(config-if-range)#spanning-tree portfast

bldg3(config-if-range)#spanning-tree bpduguard enable
bldg3(config-if-range)#no shut
bldg3(config-if-range)#

bldg3(config)#int fa0/5
bldg3(config-if)#switchport mode access
bldg3(config-if)#switchport access vlan 2
bldg3(config-if)#exit

bldg3(config)#int fa0/6
bldg3(config-if)#switchport mode access
bldg3(config-if)#switchport access vlan 4
bldg3(config-if)#exit
bldg3(config)#int fa0/7
bldg3(config-if)#switchport mode access
bldg3(config-if)#switchport access vlan 8
bldg3(config-if)#exit
bldg3(config)#int fa0/8
bldg3(config-if)#switchport mode access
bldg3(config-if)#switchport access vlan 15
bldg3(config-if)#

Thank you

Momataj Momo

Advertisements

Inter vlan Routing (router on a stick ) configuration

Ro

Router on a stick (inter vlan routing)

Inter Vlan Routing Configuration  :

I have showed here how to configure Inter vlan router on a stick with all command for switch and router .
Switch ()
1. Vlans , name
2. Ip address on interface management vlan
3.default gateway setup
4.trunk
5. native vlan
6.switchports + vlans
Router ()
1. Sub interfaces
2. encapsulation dot1q
3.native vlan

For Switch CL1 command line ():

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.

Vlan Assign on Switch : 

Switch(config)#vlan 10
Switch(config-vlan)#name students
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name faculty
Switch(config-vlan)#exit
Switch(config)#vlan 30
Switch(config-vlan)#name administration
Switch(config-vlan)#exit
Switch(config)#vlan 55
Switch(config-vlan)#name native
Switch(config-vlan)#exit
Switch(config)#vlan 77
Switch(config-vlan)#name mgt
Switch(config-vlan)#exit
Switch(config)#

Switch(config)#do show vlan

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 students active
20 faculty active
30 administration active
55 native active
77 mgt active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1 enet 100001 1500 – – – – – 0 0
–More–
Management Vlan setup and IP  address assign for remote access : 

Switch(config)#int fa0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 77
Switch(config-if)#int vlan 77
Switch(config-if)#ip address 192.168.77.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit

Switch# show run

interface Vlan77
ip address 192.168.77.2 255.255.255.0

Default gateway Setup:

Switch(config)#ip default-gateway 192.168.77.1

Trunk mode command on interface fa0/0: 
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk

Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan77, changed state to up

Switch(config-if)#switchport trunk allowed vlan 1-1005
Switch(config-if)#switchport trunk native vlan 55

Access mode command : 

Switch(config)#int fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#int fa0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#int fa0/4
Switch(config-if)#switchport access vlan 30
Switch(config-if)#
Switch(config-if)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan 1,10,20,30,55,77
Switch(config-if)#switchport trunk native vlan 55

For Router command line CL1(): 
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#

Sub Interfaces IP address Configure Command: 

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa0/0.10
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.10, changed state to up

Router(config-subif)#encapsulation ?
dot1Q IEEE 802.1Q Virtual LAN
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#

Router(config-subif)#int fa0/0.20
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.20, changed state to up

Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.20.1 255.255.255.0
Router(config-subif)#

Router(config)#int fa0/0.30
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.30, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.30, changed state to up

Router(config-subif)#encapsulation dot1q 30
Router(config-subif)#ip address 192.168.30.1 255.255.255.0
Router(config-subif)#exit
Router(config)#int fa0/0.55
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.55, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.55, changed state to up

Router(config-subif)#encapsulation dot1q 55 native
Router(config-subif)#ip address 192.168.55.1 255.255.255.0
Router(config-subif)#

Router(config-subif)#int fa0/0.77
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.77, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.77, changed state to up

Router(config-subif)#encapsulation dot1q 77
Router(config-subif)#ip address 192.168.77.1 255.255.255.0
Router(config-subif)#

Router#show run
Building configuration…

interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0/0.55
encapsulation dot1Q 55 native
ip address 192.168.55.1 255.255.255.0
!
interface FastEthernet0/0.77
encapsulation dot1Q 77
ip address 192.168.77.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
–More–

Router#show ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area
* – candidate default, U – per-user static route, o – ODR
P – periodic downloaded static route

Gateway of last resort is not set

C 192.168.10.0/24 is directly connected, FastEthernet0/0.10
C 192.168.20.0/24 is directly connected, FastEthernet0/0.20
C 192.168.30.0/24 is directly connected, FastEthernet0/0.30
C 192.168.55.0/24 is directly connected, FastEthernet0/0.55
C 192.168.77.0/24 is directly connected, FastEthernet0/0.77
Router#

Now go to  PC  command prompt and ping IP address, check connection.

PC> ping 192.168.77.2

 Important to know about configuring a Cisco IOS switch

#1: What’s the default VLAN?

The default VLAN on all switches is VLAN 1. By default, all ports on the switch are VLAN 1. With all ports in VLAN 1, all ports can communicate. As soon as you change the VLAN assignment for a switch port to another VLAN, that switch port won’t be able to communicate with the rest of the devices on other ports.

#2: Why do I need to configure interface “vlan 1”?

If you want to be able to manage your switch remotely over the network, your switch needs an IP address. If your switch has multiple VLANs configured, and you want to be able to manage the switch from each VLAN, the switch requires an IP address on a VLAN interface in each VLAN

#3: Why does my switch need a default gateway?

Actually, your switch doesn’t have to have a default gateway configured. However, if you want to be able to communicate with your switch from another subnet, you need to configure a default gateway on the switch so it knows how to get to its local LAN switch.

#4: How do I get switch ports up fast?

Cisco switches can do a lot of things besides just connect regular PCs to the network. That’s why you should use the switch ports optimally — they need a little extra configuration.

To bring up a switch port for use and tell the switch that there will always be “access devices” (such as PCs) on that switch port.

#5 How important are speed and duplex on switch ports?

Speed and duplex are very important on switch ports. That’s not to say that speed and duplex aren’t important on switch Ethernet ports (which they are).

However, switches are all about connecting a device to the LAN, and there are many devices that need connecting, so you’re much more likely to run into speed and duplex issues on switch ports. There are always old and slow devices somewhere on the network that aren’t quite compatible with your switch, and they don’t quite negotiate the speed and duplex correctly.

Thank you

Momataj momo

Skill Test : VLANs and Trunks configuration for Beginners

VOIP

Fig : VLans, trunk and VOIP setup

Configuration command for :

  • Default Vlan
  • Native Vlan
  • Data Vlan
  • Management Vlan
  • Voice Vlan

SWITCH 0 CL1:

Switch#show vlan
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 50
Switch(config-vlan)#name student                       (VLAN ASSIGN ON SWITCH 1)
Switch(config-vlan)#exit
Switch(config)#vlan 99
Switch(config-vlan)#name mgt
Switch(config-vlan)#exit
Switch#
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fa0/10
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 50
Switch(config-if)#end
Switch#Switch#show run

For Display Configuration Setup: 

Switch#show running-config
interface FastEthernet0/10
switchport access vlan 50
switchport mode access
!

Management Vlan setup: 

Switch(config)#int fa0/24

Switch(config-if)#switchport access vlan 99

Switch#show vlan

Switch(config)#int vlan 99

Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan99, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up

Switch(config-if)#ip address 192.168.99.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#exit
Switch#

For Remote access Switch o though management Vlan: 

Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line vty 0 15
Switch(config-line)#password cisco
Switch(config-line)#login
Switch(config-line)#
SWITCH 1 on CL1:

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 50
Switch(config-vlan)#name student
Switch(config-vlan)#exit
Switch(config)#int fa0/10
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 50
Switch(config-if)#exit
Switch(config)#
SWITCH 0 on CL1 for trunk mode allowed:
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk

Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Switch(config-if)#switchport trunk allowed vlan 1-99
Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console

Check Running-configuration :

Switch#show run
Switch#show running-config
interface FastEthernet0/1
switchport trunk allowed vlan 1-99
switchport mode trunk

interface FastEthernet0/10
switchport access vlan 50
switchport mode access

interface Vlan99
ip address 192.168.99.2 255.255.255.0

line vty 5 15
password cisco
login

SWITCH 1 ON CL1 for trunk allowed:

Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fa0/1
Switch(config-if)#switch mode trunk
Switch(config-if)#switchport trunk allowed vlan 1-99
Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console

For Check trunk Interface :

Switch#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-99

Port Vlans allowed and active in management domain
Fa0/1 1,50

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,50
Switch#
SWITCH 1 ON CL1 for Native VLAN assign:
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 80
Switch(config-vlan)#name native
Switch(config-vlan)#exit
Switch(config)#

For Show interface fa0/1 switchport :
Switch#show interface fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)

For Native Vlan Configuration :

Switch#
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fa0/1
Switch(config-if)#switchport trunk native vlan 80
Switch(config-if)#
Switch#

Switch#show interface fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 80 (native)
Voice VLAN: none
Switch#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 80

Port Vlans allowed on trunk
Fa0/1 1-99

Port Vlans allowed and active in management domain
Fa0/1 1,50,80

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,50,80
Switch#
Switch0 on CL1 comamand Line for setup native vlan 80 :

Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 80
Switch(config-vlan)#exit
Switch(config)#int fa 0/1
Switch(config-if)#switchport trunk native vlan 80
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (1), with Switch FastEthernet0/1 (80).

Switch(config-if)#%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on VLAN0080. Port consistency restored.

%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on VLAN0001. Port consistency restored.

PC4 Testing connection :
C>ping 192.168.50.101

Pinging 192.168.50.101 with 32 bytes of data:

Reply from 192.168.50.101: bytes=32 time=1ms TTL=128
Reply from 192.168.50.101: bytes=32 time=5ms TTL=128
Reply from 192.168.50.101: bytes=32 time=0ms TTL=128
Reply from 192.168.50.101: bytes=32 time=0ms TTL=128

Ping statistics for 192.168.50.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 5ms, Average = 1ms

PC>

Connection Established : 

  • default vlan to default vlan  (192.168.1.100 – 192.168.1.101)
  • vlan 50 to vlan 50 (192.168.50.102- 192.168.50.101)

Switch 1 on CL1 for voice vlan 150 setup:

Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 150
Switch(config-vlan)#name voice
Switch(config-vlan)#exit
Switch(config)#
Switch(config)#int fa0/20
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 150
Switch(config-if)#exit
Switch(config)#
Switch(config)#int fa0/2
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan 1-99,150
Switch(config-if)#switchport trunk native vlan 80
Switch(config-if)#

Router Configuration on CL1:

Encapsulation: Allows you to use a router interface as a trunk port to a switch. This is also known as “Router on a stick” because the switch uses the router to route between VLANs.

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#exit
Router(config)#
Router(config)#int fa0/0.1
Router(config-subif)#ip address 192.168.1.1 255.255.255.0

% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.
Router(config-subif)#encapsulation dot1q 1
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-subif)#int fa0/0.50
Router(config-subif)#encapsulation dot1q 50
Router(config-subif)#ip address 192.168.50.1 255.255.255.0
Router(config-subif)#
Router(config-subif)#int fa0/0.80
Router(config-subif)#encapsulation dot1q 80
Router(config-subif)#ip address 192.168.80.1 255.255.255.0
Router(config-subif)#
Router(config-subif)#int fa0/0.99
Router(config-subif)#encapsulation dot1q 99
Router(config-subif)#ip address 192.168.99.1 255.255.255.0
Router(config-subif)#
Router(config-subif)#int fa0/0.150
Router(config-subif)#encapsulation dot1q 150
Router(config-subif)#ip address 192.168.150.1 255.255.255.0
Router(config-subif)#
Router(config)#int fa0/0
Router(config-if)#no shutdown

DHCP IP Assign for VOIP : 
Router(config)#ip dhcp pool VOIP
Router(dhcp-config)#network 192.168.150.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.150.1
Router(dhcp-config)#?
Router(dhcp-config)#
Router(dhcp-config)#option 150 ip 192.168.150.1
Router(config)#telephony-service
Router(config-telephony)#max?
max-dn max-ephones
Router(config-telephony)#max-dn 10
Router(config-telephony)#max-ephones 10
Router(config-telephony)#
Router(config-telephony)#ip source-address 192.168.150.1 port 2000
Router(config-telephony)#
Router(config-telephony)#auto assign 1 to 9
Router(config-telephony)#
SWITCH 1 on CL1 for configure  voice vlan:
Switch(config-if)#int fa 0/20
Switch(config-if)#switchport mode access
Switch(config-if)#no switchport access vlan 150
Switch(config-if)#switchport voice vlan 150
Switch(config-if)#int fa0/21
Switch(config-if)#switchport mode access
Switch(config-if)#switchport voice vlan 150
Switch(config-if)#

Router 0 command line for telephone number assign:
Router(config)#ephone-dn 1
Router(config-ephone-dn)#%LINK-3-UPDOWN: Interface ephone_dsp DN 1.1, changed state to up

Router(config-ephone-dn)#number 62001
Router(config-ephone-dn)#
%IPPHONE-6-REGISTER: ephone-1 IP:192.168.150.3 Socket:2 DeviceType:Phone has registered.

Router(config-ephone-dn)#ephone-dn 2
Router(config-ephone-dn)#%LINK-3-UPDOWN: Interface ephone_dsp DN 2.1, changed state to up

Router(config-ephone-dn)#number 62002
Router(config-ephone-dn)#
%IPPHONE-6-REGISTER: ephone-2 IP:192.168.150.2 Socket:2 DeviceType:Phone has registered.

Router(config-ephone-dn)#exit
Router(config)#
Router(config)#

Thank you

Momataj momo

Virtual local area networks (Vlans) Concepts

A VLAN is a group of logically network devices. such as a set of networked computers and printers for a department or building floor.and can seperate networks “guests” and trusted users traffic. A logically separate subnetwork which device on vlan 20 and Vlan 30 can not communicate without a layer 3 device.

The term VLAN stands for ‘Virtual LAN’ and Cisco defines a VLAN as a broadcast domain. Basically, what that means is that you can segregate certain ports on a single physical switch into logical switches (VLANs).VLAN’s allow a network manager to logically segment a LAN into different broadcast domains. Since this is a logical segmentation and not a physical one, workstations do not have to be physically located together. Users on different floors of the same building, or even in different buildings can now belong to the same LAN.VLAN’s also allow broadcast domains to be defined without using routers. Bridging software is used instead to define which workstations are to be included in the broadcast domain. Routers would only have to be used to communicate between two VLAN’s.Moreover , Virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

20070725_120904_image001_207817_1285_0 16751

VLAN can do :

-Create smaller broadcast domains, and therefore less wasted bandwidth.
-Increase security, as VLANS are not visible to outside traffice
-Decrease Costs: Building with multile companies can use a single network infrastructure.
-Effecient use of bandwidth (2 trunks for a high traffic VlAN)
-Simplify management
– VLANs can also be used to help route traffice. A seperate VLAN can used for VoIP phones.
-It is also possible to seperate Wireless traffic using Wireless VLANs
– Unsecured traffic could be on a ” guest” VLAN
– Secure traffic could be on nn”Staff” VLAN

Types of Connections : 

Devices on a VLAN can be connected in three ways based on whether the connected devices are VLAN-aware or VLAN-unaware. Recall that a VLAN-aware device is one which understands VLAN memberships (i.e. which users belong to a VLAN) and VLAN formats.

1) Trunk Link: All the devices connected to a trunk link, including workstations, must be VLAN-aware. All frames on a trunk link must have a special header attached. These special frames are called tagged frames.

pic3

2) Access Link

An access link connects a VLAN-unaware device to the port of a VLAN-aware bridge. All frames on access links must be implicitly tagged (untagged).The VLAN-unaware device can be a LAN segment with VLAN-unaware workstations or it can be a number of LAN segments containing VLAN-unaware devices

pic4

3) Hybrid Link

This is a combination of the previous two links. This is a link where both VLAN-aware and VLAN-unaware devices are attached. A hybrid link can have both tagged and untagged frames, but allthe frames for a specific VLAN must be either tagged or untagged.

pic5

How to Add VLAN TO network:
Using the CL1, we enter the following on Switch: Lets it CORE1 Switch
CORE1(config) # vlan 10
CORE1(config-vlan) # name student
CORE1(config-vlan) #exit
CORE1(config) #vlan 20
CORE1(config-vlan) # name Faculty
CORE1(config-vlan) #exit
CORE1(config) #vlan 30
CORE1(config-vlan) #name struff
CORE1(config-vlan) #exit
CORE1(config) #vlan40
CORE1(config-vlan) #name guest
CORE1(config-vlan) # exit

VLANs Configuring Ports:
On each switch, identify which device is supposed to be on which VLAN. Suppose,  Student_server_core needs to be on VLAN 10. It is connected to fast ethernet interface 0/2

SWITCH(config)# int fa0/2
SWITCH(config-if)# switchport mode access
SWITCH(config-if)# switchport access vlan 20
SWITCH(config-if)# exit

* Do the same on all switches , setting the correct ports to the correct VLAN. On the device end, the only note is that all devices on a VLAN must be on the same subnet.

Trunk Link: A trunk is a point to point link between the device and another networking device. Trunk carry the traffic of multiple VLANs over single link and allow user to extend VLAN access on entire network. By default, A trunk port send traffic to add receives from all VLANS. All VLAN IDs are allowed on each trunk.

Configuration syntax for Trunk link:

Switch(config)#vlan 99

Switch(config -vlan)#exit

Switch#config t

SWITCH(config) # Interface fa0/1

Switch(config -if)# switchport mode trunk

Switch(config -if)# Switchport access trunk native vlan 99

Native VLAN: A native vlan is the untagged vlan on an 802.1q trunked switchport.  The native vlan and management vlan could be the same, but it is better security practice that they aren’t.  Basically if a switch receives untagged frames on a trunkport, they are assumed to be part of the vlan that are designated on the switchport as the native vlan.  Frames egressing a switchport on the native vlan are not tagged.

Thank you

Momataj Momo