XVVBcNNR

1EXPERIMENT 1
2
3ACTIVITY 1.1.4.6
4
5OBJECTIVE: Configuring Basic Router Settings with IOS CLI.
6
7Step 1: Applying basic configurations to RTA.
8Router>en
9Router#config t
10Router(config)#hostname Router
11Router(config)#banner motd $Authorised Personnel Only$
12Router(config)#enable secret class
13Router(config)#line vty 0 15
14Router(config-line)#password cisco
15Router(config-line)#login
16Router(config-line)#logging synchronous
17Router(config-line)#exit
18Router(config)#line console 0
19Router(config-line)#password cisco
20Router(config-line)#login
21Router(config-line)#logging synchronous
22Router(config-line)#exit
23Router(config)#service password-encryption
24Router(config)#int g0/0
25Router(config-if)#ip add 10.10.10.1 255.255.255.0
26Router(config-if)#desc Interface 1
27Router(config-if)#no shut
28Router(config-if)#
29%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
30%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
31Router(config-if)#exit
32Router(config)#int g0/1
33Router(config-if)#ip add 10.10.20.1 255.255.255.0
34Router(config-if)#desc Interface 2
35Router(config-if)#no shut
36Router(config-if)#
37%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
38%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
39Router(config-if)#exit
40Router(config)#exit
41Router#
42%SYS-5-CONFIG_I: Configured from console by console
43Router#copy running-config startup-config
44Destination filename [startup-config]?
45Building configuration...
46[OK]
47Router#
48
49
50Step 2: Configuring addressing on PC1 and PC2.
51
52
53Step 3: Configuring SW1 for remote management.
54
55User Access Verification
56Password:
57Password:
58SW1>en
59Password:
60SW1#
61SW1#config t
62SW1(config)#int vlan 1
63SW1(config-if)#ip add 10.10.10.2 255.255.255.0
64SW1(config-if)#no shut
65SW1(config-if)#
66%LINK-5-CHANGED: Interface Vlan1, changed state to up
67%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
68SW1(config-if)#desc VLAN1
69SW1(config-if)#exit
70SW1(config)#ip default-gateway 10.10.10.1
71SW1(config)#do copy running-config startup-config
72Destination filename [startup-config]?
73Building configuration...
74[OK]
75SW1(config)#
76SW1(config)#exit
77================================================================================
78================================================================================
79================================================================================
80================================================================================
81================================================================================
82EXPERIMENT 2
83
84ACTIVITY 2.3.2.4
85
86OBJECTIVE: Configuring IPv4 Static and Default Routes.
87HQ:
88Router>enable
89Router#configure terminal
90Router(config)#hostname HQ
91HQ(config)#no ip domain-lookup
92HQ(config)#enable secret class
93HQ(config)#line vty 0 15
94HQ(config-line)#password cisco
95HQ(config-line)#login
96HQ(config-line)#logging synchronous
97HQ(config-line)#exit 
98HQ(config)#line console 0
99HQ(config-line)#password cisco
100HQ(config-line)#login
101HQ(config-line)#logging synchronous
102HQ(config-line)#exit
103HQ(config)#service password-encryption
104HQ(config)#ipv6 unicast-routing
105HQ(config)#int g0/1
106HQ(config-if)#ipv6 address 2001:DB8:ACAD::1/64
107HQ(config-if)#ip address 192.168.0.1 255.255.255.128
108HQ(config-if)#ipv6 address FE80::1 link-local
109HQ(config-if)#no shut
110%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
111%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
112HQ(config-if)#exit
113HQ(config)#int s0/0/0
114HQ(config-if)#ipv6 address 2001:DB8:ACAD:20::2/64
115HQ(config-if)#ip address 10.1.1.2 255.255.255.252
116HQ(config-if)#clock rate 800000
117HQ(config-if)#no shutdown
118%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down HQ(config-if)#exit
119HQ(config)#int s0/0/1
120HQ(config-if)#ipv6 address 2001:DB8:ACAD:2::3/64
121HQ(config-if)#ip address 192.168.0.253 255.255.255.252
122HQ(config-if)#no shut
123%LINK-5-CHANGED: Interface Serial0/0/1, changed state to down HQ(config-if)#exit
124HQ(config)#ip route 172.16.3.0 255.255.255.0 10.1.1.1
125HQ(config)#ip route 192.168.1.0 255.255.255.0 192.16.0.254 HQ(config)#ipv6 route 2001:DB8:ACAD:1::/64 2001:DB8:ACAD:2::2 HQ(config)#ipv6 route 2001:DB8:ACAD:30::/64 2001:DB8:ACAD::20:1
126HQ(config)#exit
127HQ#
128%SYS-5-CONFIG_I: Configured from console by console
129HQ#copy running-config startup-config
130 Destination filename [startup-config]? Building configuration...
131[OK]
132HQ#
133
134ISP:
135Router>enable
136Router#configure terminal
137Router(config)#hostname ISP
138ISP(config)#no ip domain-lookup
139ISP(config)#enable secret class
140ISP(config)#line vty 0 15
141ISP(config-line)#password cisco
142ISP(config-line)#login
143ISP(config-line)#logging synchronous
144ISP(config-line)#exit
145ISP(config)#line console 0
146ISP(config-line)#password cisco
147ISP(config-line)#login
148ISP(config-line)#logging synchronous
149ISP(config-line)#exit
150ISP(config)#service password-encryption
151ISP(config)#ipv6 unicast-routing
152ISP(config)#int g0/0
153ISP(config-if)#ipv6 address 2001:DB8:ACAD:30::1/64
154ISP(config-if)#ip address 172.16.3.11 255.255.255.0
155ISP(config-if)#ipv6 address FE80::1 link-local
156ISP(config-if)#no shutdown
157%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
158%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
159ISP(config-if)#exit
160ISP(config)#interface Serial0/0/0
161ISP(config-if)#ipv6 address 2001:DB8::ACAD:20:1/64
162ISP(config-if)#ip address 10.1.1.1 255.255.255.252
163ISP(config-if)#no shutdown
164%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
165%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up
166ISP(config-if)#exit
167ISP(config)#ip route 192.168.1.0 255.255.255.0 10.1.1.2 ISP(config)#ipv6 route 2001:DB8:ACAD::/62 2001:DB8:ACAD:20::2
168ISP(config)#exit
169%SYS-5-CONFIG_I: Configured from console by console
170ISP#copy running-config startup-config
171Destination filename [startup-config]?
172Building configuration...
173[OK]
174ISP#
175
176
177BRANCH:
178Router>enable
179Router#configure terminal
180Router(config)#hostname Branch
181Branch(config)#enable secret class
182Branch(config)#line vty 0 15
183Branch(config-line)#password cisco
184Branch(config-line)#login
185Branch(config-line)#logging synchronous
186Branch(config-line)#exit
187Branch(config)#line console 0
188Branch(config-line)#password cisco
189Branch(config-line)#login
190Branch(config-line)#logging synchronous
191Branch(config-line)#exit
192Branch(config)#service password-encryption
193Branch(config)#no ip domain-lookup
194Branch(config)#ipv6 unicast-routing
195Branch(config)#interface GigabitEthernet0/1
196Branch(config-if)#ipv6 address 2001:DB8:ACAD:1::1/64
197Branch(config-if)#ip address 192.168.1.1 255.255.255.0
198Branch(config-if)#ipv6 address FE80::1 link-local
199Branch(config-if)#no shutdown
200%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
201%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
202Branch(config-if)#exit
203Branch(config)#interface Serial0/0/0
204Branch(config-if)#ipv6 address 2001:DB8:ACAD:2::2/64
205Branch(config-if)#clock rate 128000
206Branch(config-if)#ip address 192.168.0.249 255.255.255.252
207Branch(config-if)#clock rate 128000
208Branch(config-if)#no shutdown
209%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
210%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up
211Branch(config-if)#exit
212Branch(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
213Branch(config)#ipv6 route ::/0 2001:DB8:ACAD::1
214Branch(config)#exit
215%SYS-5-CONFIG_I: Configured from console by console
216Branch#copy running-config startup-config
217Destination filename [startup-config]?
218Building configuration...
219[OK]
220
221S1:
222S1>en
223S1#config t
224Enter configuration commands, one per line. End with CNTL/Z. S1(config)#int vlan 1
225S1(config-if)#ip add 192.168.0.11 255.255.255.128
226S1(config-if)#no shut
227%LINK-5-CHANGED: Interface Vlan1, changed state to up
228%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
229S1(config-if)#exit
230S1(config)#ip default-gateway 192.168.0.1
231S1(config)#exit
232%SYS-5-CONFIG_I: Configured from console by console
233S1#copy running-config startup-config
234Destination filename [startup-config]?
235Building configuration...
236[OK]
237S1#
238
239S3:
240S3>en
241S3#config t
242Enter configuration commands, one per line. End with CNTL/Z. S3(config)#int vlan 1
243S3(config-if)#ip add 192.168.1.11 255.255.255.0
244 
245S3(config-if)#no shut
246%LINK-5-CHANGED: Interface Vlan1, changed state to up
247%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
248S3(config-if)#exit
249S3(config)#ip default-gateway 192.168.1.1
250S3(config)#exit
251%SYS-5-CONFIG_I: Configured from console by console
252S3#copy running-config startup-config
253Destination filename [startup-config]?
254Building configuration...
255[OK]
256S3#
257
258
259Step 4: Verify connectivity of the LANs.
260a. Test connectivity by pinging from each PC to the default gateway that has been configured for that host.
261From PC-A, is it possible to ping the default gateway?__________Yes
262From PC-C, is it possible to ping the default gateway?__________Yes
263
264
265b. Test connectivity by pinging between the directly connected routers.
266From R1, is it possible to ping the S0/0/0 interface of R3?_______Yes
267If the answer is no to any of these questions, troubleshoot the configurations and correct the error.
268
269
270c. Test connectivity between devices that are not directly connected.
271From PC-A, is it possible to ping PC-C?_____________________No
272From PC-A, is it possible to ping Lo0?______________________No
273From PC-A, is it possible to ping Lo1?______________________No
274
275
276Were these pings successful? Why or why not?
277No, the router does not contain routes to the distant networks.
278 
279Step 5: Gather information.
280
281a. Check the status of the interfaces on R1 with the show ip interface brief command.
282
283
284How many interfaces are activated on R1?__________________Two
285
286Check the status of the interfaces on R3.
287
288
289How many interfaces are activated on R3?__________________Four
290
291
292What networks are present in the Addressing Table of this lab, but not in the routing table for R1?
293192.168.1.0, 198.133.219.0, 209.165.200.224
294
295
296What networks are present in the Addressing Table in this lab, but not in the routing table for R3?
297192.168.0.0
298 
299Why are all the networks not in the routing tables for each of the routers?
300The routers are not configured with static or dynamic routing; therefore, the routers only know about the directly connected networks.
301
302
303How is this new route listed in the routing table?
304S 192.168.1.0/24 [1/0] via 10.1.1.2
305
306
307From host PC-A, is it possible to ping the host PC-C?_________No
308These pings should fail. If the recursive static route is correctly configured, the ping arrives at PC-C. PC-C sends a ping reply back to PC-A. However, the ping reply is discarded at R3 because R3 does not have a return route to the 192.168.0.0 network in the routing table.
309
310
311How is this new route listed in the routing table?
312S 192.168.0.0/24 is directly connected, Serial0/0/0
313
314
315c. From host PC-A, is it possible to ping the host PC-C?_______Yes
316This ping should be successful.
317
318
319d. From host PC-A, is it possible to ping the R1 address 198.133.219.1?______Yes
320This ping should be successful.
321
322
323How many network routes are listed in the routing table on R1?__________Three
324Is the Gateway of last resort set?__________No
325
326
327How is this new route listed in the routing table?
328S* 0.0.0.0/0 is directly connected, Serial0/0/1
329
330
331What is the Gateway of last resort?
332Gateway of last resort is 0.0.0.0 to network 0.0.0.0
333
334
335c. From host PC-A, is it possible to ping the 209.165.200.225?__________Yes
336
337
338d. From host PC-A, is it possible to ping the 198.133.219.1?____________Yes ,These pings should be successful.
339
340
3411. A new network 192.168.3.0/24 is connected to interface G0/0 on R1. What commands could be used to configure a static route to that network from R3?
342Answers will vary. ip route 192.168.3.0 255.255.255.0 10.1.1.1, ip route192.168.3.0 255.255.255.0 s0/0/0, or ip route 0.0.0.0
3430.0.0.0 s0/0/0.
344
345
3462. Is there a benefit to configuring a directly connected static route instead of a recursive static route?
347Configuring a directly attached static route allows the routing table to resolve the exit interface in a single search instead of in two searches as needed for recursive static routes.
348
349
3503. Why is it important to configure a default route on a router?
351A default route prevents the router from dropping packets to unknown destinations.
352================================================================================
353================================================================================
354================================================================================
355================================================================================
356================================================================================
357EXPERIMENT 3
358
359ACTIVITY 3.2.1.9
360
361OBJECTIVE: Configuring Basic RIPv2.
362R1:
363
364Router>enable
365Router#configure terminal
366Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1
367R1(config)#banner motd $auth. personnel only$
368R1(config)#enable secret class
369R1(config)#line vty 0 15
370R1(config-line)#password cisco
371R1(config-line)#login
372R1(config-line)#logging synchronous
373R1(config-line)#exit
374R1(config)#line console 0
375R1(config-line)#password cisco
376R1(config-line)#login
377R1(config-line)#logging synchronous
378R1(config-line)#exit
379 
380R1(config)#service password-encryption
381R1(config)#int g0/1
382R1(config-if)#ip add 172.30.10.1 255.255.255.0
383R1(config-if)#desc interface 1
384R1(config-if)#exit
385R1(config)#int g0/1
386R1(config-if)#no shut
387%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
388%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
389R1(config-if)#exit
390R1(config)#no ip domain-lookup
391R1(config)#int s0/0/0
392R1(config-if)#ip add 10.1.1.1 255.255.255.252
393R1(config-if)#desc interface 2
394R1(config-if)#no shut
395%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down R1(config-if)#exit
396R1(config)#router rip
397R1(config-router)#version 2
398R1(config-router)#passive-interface g0/1
399R1(config-router)#network 172.30.0.0
400R1(config-router)#network 10.0.0.0
401R1(config-router)#no auto-summary
402R1(config-router)#exit
403R1(config)#exit
404R1#
405%SYS-5-CONFIG_I: Configured from console by console
406R1#copy running-config startup-config
407Destination filename [startup-config]?
408Building configuration...
409[OK]
410
411
412R2:
413
414Router>enable
415Router#configure terminal
416Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R2
417R2(config)#banner motd $auth. persons only$
418R2(config)#no ip domain-lookup
419R2(config)#enable secret class
420R2(config)#line vty 0 15
421R2(config-line)#password cisco
422R2(config-line)#login
423R2(config-line)#logging synchronous
424R2(config-line)#exit
425R2(config)#line console 0
426R2(config-line)#password cisco
427R2(config-line)#login
428R2(config-line)#logging synchronous
429R2(config-line)#exit
430R2(config)#service password-encryption
431R2(config)#int g0/0
432R2(config-if)#ip add 209.165.201.1 255.255.255.0
433R2(config-if)#desc int 1
434R2(config-if)#no shut
435%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
436
437%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
438R2(config-if)#exit
439R2(config)#int s0/0/0
440R2(config-if)#ip add 10.1.1.2 255.255.255.252
441R2(config-if)#desc int 2
442R2(config-if)#no shut
443%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
444R2(config-if)#exit
445%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up
446R2(config)#int s0/0/1
447R2(config-if)#ip add 10.2.2.1 255.255.255.252
448R2(config-if)#desc int 3
449R2(config-if)#no shut
450%LINK-5-CHANGED: Interface Serial0/0/1, changed state to down R2(config-if)#exit
451%LINK-5-CHANGED: Interface Serial0/0/1, changed state to up
452%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up
453R2(config)#router rip
454R2(config-router)#version 2
455R2(config-router)#passive-interface g0/0
456R2(config-router)#network 209.165.0.0
457R2(config-router)#network 10.0.0.0
458R2(config-router)#no auto-summary
459R2(config-router)#exit
460R2(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.2
461R2(config)#router rip
462R2(config-router)#default-information originate
463R2(config-router)#exit
464R2(config)#exit
465%SYS-5-CONFIG_I: Configured from console by console
466R2#copy running-config startup-config
467Destination filename [startup-config]?
468Building configuration...
469[OK]
470
471
472R3:
473
474Router>enable
475Router#configure terminal
476Router(config)#hostname R3
477R3(config)#no ip domain-lookup
478R3(config)#enable secret class
479R3(config)#line vty 0 15
480R3(config-line)#password cisco
481R3(config-line)#login
482R3(config-line)#logging synchronous
483R3(config-line)#exit
484R3(config)#line console 0
485R3(config-line)#password cisco
486R3(config-line)#login
487R3(config-line)#logging synchronous
488R3(config-line)#exit
489R3(config)#service password-encryption
490R3(config)#int g0/1
491R3(config-if)#ip add 172.30.30.1 255.255.255.0
492R3(config-if)#desc int 1
493R3(config-if)#no shut
494%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
495%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
496R3(config-if)#exit
497R3(config)#int s0/0/1
498R3(config-if)#ip add 10.2.2.1 255.255.255.252
499R3(config-if)#desc int 2
500R3(config-if)#no shut
501%LINK-5-CHANGED: Interface Serial0/0/1, changed state to up
502R3(config-if)#exit
503%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up
504R3(config-if)#exit
505R3(config)#router rip
506R3(config-router)#version 2
507R3(config-router)#passive-interface g0/1
508R3(config-router)#network 172.30.0.0
509R3(config-router)#network 10.0.0.0
510R3(config-router)#no auto-summary
511R3(config-router)#exit
512R3(config)#exit
513%SYS-5-CONFIG_I: Configured from console by console
514R3#copy running-config startup-config
515Destination filename [startup-config]?
516Building configuration...
517[OK]
518
519From PC-A, is it possible to ping PC-B? Why?
520No, R2 is not advertising the route to PC-B.
521
522
523From PC-A, is it possible to ping PC-C? Why?
524No, R1 and R3 do not have routes to the remote networks, and R2, incorrectly has two equal cost load balancing routes to the 172.30.0.0/16 subnet.
525
526
527From PC-C, is it possible to ping PC-B? Why?
528No, R2 is not advertising the route to PC-B.
529
530
531From PC-C, is it possible to ping PC-A? Why?
532No, R1 and R3 do not have routes to the remote networks, and R2, incorrectly has two equal cost load balancing routes to the 172.30.0.0/16 subnet.
533
534
535When issuing the debug ip rip command on R2, what information is provided that confirms RIPv2 is running?
536RIP: sending v2 updates to 224.0.0.9 via Serial 0/0/0 (10.1.1.2).
537
538
539When you are finished observing the debugging outputs, issue the undebug all command at the privileged EXEC prompt.
540
541
542When issuing the show run command on R3, what information is provided that confirms RIPv2 is running?
543router rip
544version 2
545
546
547What routes are in the RIP updates that are received from R3?
548172.30.30.0/24
549
550Are the subnet masks included in the routing updates?__________Yes
551
552
553How can you tell from the routing table that the subnetted network shared by R1 and R3 has a pathway for Internet traffic?
554There is a Gateway of Last Resort, and the default route shows up in the table as being learned via RIP.
555
556
557How is the pathway for Internet traffic provided in its routing table?
558R2 has a default static route to 0.0.0.0 via 209.165.201.2, which is directly connected to G0/0.
559
560
561a. Simulate sending traffic to the Internet by pinging from PC-A and PC-C to 209.165.201.2.
562Were the pings successful?__________Yes
563
564
565b. Verify that hosts within the subnetted network can reach each other by pinging between PC-A and PC-C. Were the pings successful?__________Yes
566
567
5681. Why would you turn off automatic summarization for RIPv2?
569So, the routers will no longer summarize routes at major classful network boundaries.
570
571
5722. How did R1 and R3 learn the pathway to the Internet?
573From RIP routing updates received from the router where the default route was configured (R2).
574================================================================================
575================================================================================
576================================================================================
577================================================================================
578================================================================================
579EXPERIMENT 4
580
581ACTIVITY 5.2.2.9
582
583OBJECTIVE: Configuring Switch Security Features.
584R1:
585
586Router>en
587Router#config t
588Router(config)#no ip domain-lookup
589Router(config)#hostname R1
590R1(config)#service password-encryption
591R1(config)#enable secret class
592R1(config)#banner motd #
593Enter TEXT message. End with the character '#'.
594Unauthorized access is strictly prohibited. #
595R1(config)#line con 0
596R1(config-line)#password cisco
597R1(config-line)#login
598R1(config-line)#logging synchronous
599R1(config-line)#line vty 0 4
600R1(config-line)#password cisco
601R1(config-line)#login
602R1(config-line)#interface g0/1
603R1(config-if)#ip address 172.16.99.1 255.255.255.0
604R1(config-if)#no shutdown
605%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
606%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
607R1(config-if)#exit
608R1(config)#exit
609R1#
610%SYS-5-CONFIG_I: Configured from console by console
611R1#copy running-config startup-config
612Destination filename [startup-config]?
613Building configuration...
614[OK]
615 
616S1:
617
618Switch>en
619Switch#config t
620Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#no ip domain-lookup
621Switch(config)#hostname S1
622S1(config)#service password-encryption
623S1(config)#enable secret class
624S1(config)#banner motd #
625Enter TEXT message. End with the character '#'.
626Unauthorized access is strictly prohibited. #
627S1(config)#line con 0
628S1(config-line)#password cisco
629S1(config-line)#login
630S1(config-line)#logging synchronous
631S1(config-line)#line vty 0 15
632S1(config-line)#password cisco
633S1(config-line)#login
634S1(config-line)#exit
635S1(config)#exit S1#config t
636S1(config)#vlan 99
637S1(config-vlan)#name management
638S1(config-vlan)#exit
639S1(config)#int vlan 99
640S1(config-if)#
641%LINK-5-CHANGED: Interface Vlan99, changed state to up
642S1(config-if)#ip add 172.16.99.11 255.255.255.0
643S1(config-if)#no shut
644S1(config-if)#end
645S1#
646%SYS-5-CONFIG_I: Configured from console by console
647S1#config t
648S1(config)#interface f0/5
649S1(config-if)#switchport mode access
650S1(config-if)#switchport access vlan 99
651S1(config-if)#
652%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up
653S1(config-if)#interface f0/6
654S1(config-if)#switchport mode access
655S1(config-if)#switchport access vlan 99
656S1(config-if)#end
657S1#
658S1#config t
659S1(config)#ip default-gateway 172.16.99.1
660S1(config)#exit
661S1#
662%SYS-5-CONFIG_I: Configured from console by console
663S1#config t
664S1(config)#ip domain-name CCNA-Lab.com
665S1(config)#username admin privilege 15 secret sshadmin
666S1(config)#line vty 0 15
667S1(config-line)#transport input ssh
668S1(config-line)#login local
669S1(config-line)#exit
670S1(config)#crypto key generate rsa
671The name for the keys will be: S1.CCNA-Lab.com
672Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
673 
674How many bits in the modulus [512]: 1024
675% Generating 1024 bit RSA keys, keys will be non-exportable...[OK] S1(config)#
676*Mar 1 0:18:36.877: %SSH-5-ENABLED: SSH 1.99 has been enabled S1(config)#end
677S1#
678%SYS-5-CONFIG_I: Configured from console by console S1#show ip ssh
679SSH Enabled - version 1.99
680Authentication timeout: 120 secs; Authentication retries: 3
681S1#
682S1#config t
683S1(config)#ip ssh time-out 75
684S1(config)#ip ssh authentication-retries 2
685S1(config)#
686S1(config)#exit
687S1#
688%SYS-5-CONFIG_I: Configured from console by console
689S1#show ip ssh
690SSH Enabled - version 1.99
691Authentication timeout: 75 secs; Authentication retries: 2 S1#
692S1#config t
693S1(config)#int range f0/1 – 4
694S1(config-if-range)#shutdown
695%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
696%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
697%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down
698%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively down S1(config-if-range)#int range f0/7 - 24
699S1(config-if-range)#shutdown
700%LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down
701%LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down
702%LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down
703%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down
704%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down
705%LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down
706%LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down
707%LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administratively down
708%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down
709%LINK-5-CHANGED: Interface FastEthernet0/16, changed state to administratively down
710%LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down
711%LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down
712%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administratively down
713%LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administratively down
714%LINK-5-CHANGED: Interface FastEthernet0/21, changed state to administratively down
715%LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administratively down
716%LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administratively down
717%LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administratively down
718S1(config-if-range)#int range g0/1 - 2
719S1(config-if-range)#shutdown
720%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
721%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
722S1(config-if-range)#end
723S1#
724S1#copy running-config startup-config
725Destination filename [startup-config]?
726Building configuration...
727[OK]
728
729
730What is the status of VLAN 99?__________Active
731
732
733What is the status and protocol for management interface VLAN 99?
734Status is up, and protocol is down.
735
736
737Why is the protocol down, even though you issued the no shutdown command for interface VLAN 99?
738No physical ports on the switch have been assigned to VLAN 99.
739
740
741a. From pc-a, ping the default gateway address on r1. Were your pings successful?_Yes
742b. From pc-a, ping the management address of s1. Were your pings successful?____Yes
743c. From s1, ping the default gateway address on r1. Were your pings successful?___Yes
744d. From pc-a, open a web browser and go to http://172.16.99.11 . If you are prompted for a username and password, leave the username blank and use class for the password. If you are prompted for a secured connection, answer no. Were you able to access the web interface on s1?__________Yes
745 
746What version of SSH is the switch using?____________________1.99
747How many authentication attempts does SSH allow?__________3
748What is the default timeout setting for SSH?_________________120 seconds
749
750
751How many authentication attempts does SSH allow?__________2
752What is the timeout setting for SSH?_______________________75 seconds
753
754
755What prompt was displayed on S1? Why?
756S1 is showing the prompt at privileged EXEC mode because the privilege 15 option was used when configuring username and password.
757
758
759What is the HTTP server status?__________Enabled
760What server port is it using?_____________80
761What is the HTTP secure server status?____Enabled
762What secure server port is it using?________443
763
764
765From PC-A, open a web browser and go to http://172.16.99.11 . What was your result?
766The web page could not open. HTTP connections are now refused by S1.
767
768
769What is the port status of F0/5?
770The status is Secure-up, which indicates that the port is secure, but the status and protocol are up.
771
772
773From R1 privileged EXEC mode, ping PC-A. Was the ping successful? Why or why not?
774No, the F0/5 port on S1 is shut down because of the security violation.
775
776
777From R1, ping PC-A again at 172.16.99.3. Was the ping successful?__________No
778
779
7801. Why would you enable port security on a switch?
781It would help prevent unauthorized devices from accessing your network if they plugged into a switch on your network.
782
783
7842. Why should unused ports on a switch be disabled?
785One excellent reason is that a user could not connect a device to the switch on an unused port and access the LAN.
786================================================================================
787================================================================================
788================================================================================
789================================================================================
790================================================================================
791EXPERIMENT 5
792
793ACTIVITY 6.2.2.5
794
795OBJECTIVE: Configuring VLANs and Trunking 
796Part 1: Build the Network and Configure Basic Device Settings 
797Part 2: Create VLANs and Assign Switch Ports
798Part 3: Maintain VLAN Port Assignments and the VLAN Database
799Part 4: Configure an 802.1Q Trunk between the Switches
800Part 5: Delete the VLAN Database
801
802Part 1: Build the Network and Configure Basic Device Settings
803Step 1: Configure basic settings for each switch
804
805SWITCH S1:
806Switch>en
807Switch#conf t
808Enter configuration commands, one per line. End with CNTL/Z.
809Switch(config)#hostname S1
810S1(config)#no ip domain-lookup
811S1(config)#service password-encryption
812S1(config)#enable secret class
813S1(config)#banner motd #
814Enter TEXT message. End with the character '#'.
815Unauthorized access is strictly prohibited. #
816S1(config)#line con 0
817S1(config-line)#password cisco
818S1(config-line)#login
819S1(config-line)#logging synchronous
820S1(config-line)#line vty 0 15
821S1(config-line)#password cisco
822S1(config-line)#logging synchronous
823S1(config-line)#login
824S1(config)#int vlan 1
825S1(config-if)#ip address 192.168.1.11 255.255.255.0
826S1(config-if)#no shutdown
827S1(config-if)#
828%LINK-5-CHANGED: Interface Vlan1, changed state to up
829%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up S1(config-if)#exit
830
831
832SWITCH S2:
833Switch>en
834Switch#conf t
835Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S2
836S2(config)#no ip domain-lookup
837S2(config)#service password-encryption
838S2(config)#enable secret class
839S2(config)#banner motd #
840Enter TEXT message. End with the character '#'.
841Unauthorized access is strictly prohibited. #
842S2(config)#line con 0
843S2(config-line)#password cisco
844S2(config-line)#login
845S2(config-line)#logging synchronous
846S2(config-line)#line vty 0 15
847S2(config-line)#password cisco
848S2(config-line)#logging synchronous
849S2(config-line)#login
850S2(config-line)#
851S2(config-line)#int vlan 1
852S2(config-if)#ip address 192.168.1.12 255.255.255.0
853S2(config-if)#no shutdown
854S2(config-if)#
855%LINK-5-CHANGED: Interface Vlan1, changed state to up
856%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
857S2(config-if)#exit
858
859Step 2: Configure PC hosts
860Step 3: Test connectivity
861Verify that the PC hosts can ping one another.
862Can PC-A ping PC-B?__________Yes
863Can PC-A ping PC-C?__________No
864Can PC-A ping S1?____________No
865Can PC-B ping PC-C?__________No
866Can PC-B ping S2?____________No
867Can PC-C ping S2?____________No
868Can S1 ping S2?______________Yes
869If you answered no to any of the above questions, why were the pings unsuccessful?
870Pings were unsuccessful when trying to ping a device on a different subnet. For those pings to be successful, a default gateway must exist to route traffic from one subnet to another.
871
872Part 2: Create VLANs and Assign Switch Ports
873Step 1: Create VLANs on the switches
874a. Create the VLANs on S1.
875S1(config)# vlan 10
876S1(config-vlan)# name Student
877S1(config-vlan)# vlan 20
878S1(config-vlan)# name Faculty
879S1(config-vlan)# vlan 99
880S1(config-vlan)# name Management
881
882b. Create the same VLANs on S2.
883S2(config)#vlan 10
884S2(config-vlan)#name Student
885S2(config-vlan)#vlan 20
886S2(config-vlan)#name Faculty
887S2(config-vlan)#vlan 99
888S2(config-vlan)#name Management
889S2(config-vlan)#end
890
891
892c. Issue the show vlan command to view the list of VLANs on S1.
893What is the default VLAN?
894VLAN 1
895
896What ports are assigned to the default VLAN?
897All switch ports are assigned to VLAN 1 by default.
898
899
900Step 2: Assign VLANs to the correct switch interfaces
901
902a. Assign VLANs to the interfaces on S1
903S1(config)#int f0/6
904S1(config-if)#switchport mode access
905S1(config-if)#switchport access vlan 10
906S1(config-if)#int vlan 1
907S1(config-if)#no ip address
908S1(config-if)#int vlan 99
909S1(config-if)#
910%LINK-5-CHANGED: Interface Vlan99, changed state to up
911S1(config-if)#ip address 192.168.1.11 255.255.255.0
912S1(config-if)#end
913S1#
914%SYS-5-CONFIG_I: Configured from console by console
915 
916b. Issue the show vlan brief command and verify that the VLANs are assigned to the correct interfaces
917 
918
919c. Issue the show ip interface brief command.
920
921What is the status of VLAN 99? Why?
922The status of VLAN 99 is up/down, because it has not been assigned to an active port yet.
923
924
925d. Use the Topology to assign VLANs to the appropriate ports on S2.
926e. Remove the IP address for VLAN 1 on S2.
927f. Configure an IP address for VLAN 99 on S2 according to the Addressing Table S2(config)#int f0/11
928S2(config-if)#switchport mode access
929S2(config-if)#switchport access vlan 10
930S2(config-if)#int f0/18
931S2(config-if)#switchport mode access
932S2(config-if)#switchport access vlan 20
933S2(config-if)#int vlan 1
934S2(config-if)#no ip address
935S2(config-if)#int vlan 99
936S2(config-if)#
937%LINK-5-CHANGED: Interface Vlan99, changed state to up
938S2(config-if)#ip address 192.168.1.12 255.255.255.0
939S2(config-if)#end
940 
941g. Use the show vlan brief command to verify that the VLANs are assigned to the correct interfaces
942 
943
944Is PC-A able to ping PC-B? Why?
945No. Interface F0/1 is not assigned to VLAN 10, so VLAN 10 traffic will not be sent over it.
946
947Is S1 able to ping S2? Why?
948No. The IP addresses for the switches now reside in VLAN 99. VLAN 99 traffic will not be sent over interface F0/1.
949
950
951
952Part 3: Maintain VLAN Port Assignments and the VLAN Database
953Step 1: Assign a VLAN to multiple interfaces.
954a. On S1, assign interfaces F0/11 – 24 to VLAN 10.
955S1(config)#int range f0/11-24
956S1(config-if-range)#switchport mode access
957S1(config-if-range)#switchport access vlan 10
958S1(config-if-range)#int range f0/11,f0/21
959S1(config-if-range)#switchport access vlan 20
960 
961Step 2: Remove a VLAN assignment from an interface
962a. Use the no switchport access vlan command to remove the VLAN 10 assignment to F0/24. S1(config)# interface f0/24
963S1(config-if)# no switchport access vlan
964S1(config-if)# end
965 
966b.	Verify that the VLAN change was made. Which VLAN is F0/24 now associated with? VLAN 1, the default VLAN.
967 
968
969Step 3: Remove a VLAN ID from the VLAN database
970a. Add VLAN 30 to interface F0/24 without issuing the VLAN command.
971S1(config-if)#switchport access vlan 30
972% Access VLAN does not exist. Creating vlan 30
973S1(config-if)#no vlan 30
974S1(config)#end
975
976
977b. Verify that the new VLAN is displayed in the VLAN table. What is the default name of VLAN 30?
978VLAN0030
979
980 
981
982
983c. Use the no vlan 30 command to remove VLAN 30 from the VLAN database.
984S1(config)# no vlan 30
985S1(config)# end
986
987
988d. Issue the show vlan brief command. F0/24 was assigned to VLAN 30.
989After deleting VLAN 30, what VLAN is port F0/24 assigned to? What happens to the traffic destined to the host attached to F0/24?
990Port F0/24 is not assigned to any VLAN. This port will not transfer any traffic.
991
992 
993
994
995e. Issue the no switchport access vlan command on interface F0/24 To which VLAN is F0/24 assigned?
996VLAN 1
997
998 
999
1000Why should you reassign a port to another VLAN before removing the VLAN from the VLAN database?
1001The interfaces assigned to a VLAN that is the removed from the VLAN database are unavailable for use until they are reassigned to another VLAN. This can be a tricky thing to troubleshoot as trunked interfaces do not show up in the port list as well.
1002
1003Part 4: Configure an 802.1Q Trunk Between the Switches
1004Step 1: Use DTP to initiate trunking on F0/1.
1005a. Set F0/1 on S1 to negotiate trunk mode.
1006S1(config)#int f0/1
1007S1(config-if)#switchport mode dynamic desirable
1008S1(config-if)#
1009%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
1010%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
1011%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
1012%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
1013%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
1014%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up On S2
1015%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
1016%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
1017%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
1018%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
1019%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up
1020
1021
1022b. Issue the show vlan brief command on S1 and S2. Interface F0/1 is no longer assigned to VLAN 1. Trunked interfaces are not listed in the VLAN table.
1023 
1024
1025
1026c. Issue the show interfaces trunk command to view trunked interfaces. Notice that the mode on S1 is set to desirable, and the mode on S2 is set to auto.
1027 
1028
1029 
1030
1031d. Verify that VLAN traffic is traveling over trunk interface F0/1.
1032Can S1 ping S2?__________Yes
1033Can PC-A ping PC-B?_____Yes
1034Can PC-A ping PC-C?______No
1035Can PC-B ping PC-C?______No
1036Can PC-A ping S1?________No
1037Can PC-B ping S2?________No
1038Can PC-C ping S2?________No
1039
1040
1041If you answered no to any of the above questions, explain below.
1042PC-C cannot ping PC-A or PC-B because PC-C is in a different VLAN. The switches are in different VLANs than the PCs; therefore, the pings were unsuccessful.
1043
1044
1045Step 2: Manually configure trunk interface F0/1.
1046 
1047a. Change the switchport mode on interface F0/1 to force trunking. Make sure to do this on both switches.
1048S1(config)#int f0/1
1049S1(config-if)#switchport mode trunk
1050
1051b. Issue the show interfaces trunk command to view the trunk mode. Notice that the mode changed from desirable to on.
1052 
1053
1054Why might you want to manually configure an interface to trunk mode instead of using DTP?
1055Not all equipment uses DTP. Using the switchport mode trunk command ensures that the port will become a trunk no matter what type of equipment is connected to the other end of the link.
1056================================================================================
1057================================================================================
1058================================================================================
1059================================================================================
1060================================================================================
1061EXPERIMENT 6
1062
1063ACTIVITY 6.3.2.4
1064
1065OBJECTIVE: Configuring Per-Interface Inter-VLAN Routing
1066Part 1: Build the Network and Configure Basic Device Settings
1067Part 2: Configure Switches with VLANs and Trunking
1068Part 3: Verify Trunking, VLANs, Routing, and Connectivity
1069
1070TOPOLOGY:
1071 
1072IP ADDRESS TABLE:
1073 
1074
1075 
1076Part 1: Build the Network and Configure Basic Device Settings
1077Step 1: Configure basic settings for R1
1078
1079ROUTER R1:
1080Router>en
1081Router#conf t
1082Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1
1083R1(config)#no ip domain-lookup
1084R1(config)#hostname R1
1085R1(config)#service password-encryption
1086R1(config)#enable secret class
1087R1(config)#banner motd #
1088Enter TEXT message. End with the character '#'. Unauthorized access is strictly prohibited. #
1089R1(config)#line con 0
1090R1(config-line)#password cisco
1091R1(config-line)#login
1092R1(config-line)#logging synchronous
1093R1(config-line)#line vty 0 4
1094R1(config-line)#password cisco
1095R1(config-line)#login
1096R1(config-line)#int g0/0
1097R1(config-if)#ip address 192.168.20.1 255.255.255.0
1098R1(config-if)#desc PC-A connection
1099R1(config-if)#no shutdown
1100R1(config-if)#
1101%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
1102%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
1103R1(config-if)#int g0/1
1104R1(config-if)#ip address 192.168.10.1 255.255.255.0
1105R1(config-if)#desc PC-B connection
1106R1(config-if)#no shutdown
1107R1(config-if)#
1108%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
1109%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
1110
1111Step 2: Configure basic settings on both switches
1112
1113Switch S1:
1114Switch>en
1115Switch#conf t
1116Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S1
1117S1(config)#no ip domain-lookup
1118S1(config)#service password-encryption
1119S1(config)#enable secret class
1120S1(config)#banner motd #
1121Enter TEXT message. End with the character '#'.
1122Unauthorized access is strictly prohibited. #
1123S1(config)#Line con 0
1124S1(config-line)#password cisco
1125S1(config-line)#login
1126S1(config-line)#logging synchronous
1127S1(config-line)#line vty 0 15
1128S1(config-line)#password cisco
1129S1(config-line)#login
1130S1(config-line)#exit
1131
1132
1133Switch S2: 
1134Switch>en
1135Switch#conf t
1136Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S2
1137S2(config)#no ip domain-lookup
1138S2(config)#service password-encryption
1139S2(config)#enable secret class
1140S2(config)#banner motd #
1141Enter TEXT message. End with the character '#'.
1142Unauthorized access is strictly prohibited. #
1143S2(config)#Line con 0
1144S2(config-line)#password cisco
1145S2(config-line)#login
1146S2(config-line)#logging synchronous
1147S2(config-line)#line vty 0 15
1148S2(config-line)#password cisco
1149S2(config-line)#login
1150S2(config-line)#exit
1151
1152
1153Step 3: Configure basic settings on PC-A and PC-B
1154 
1155 
1156
1157Part 2: Configure Switches with VLANs and Trunking
1158Step 1: Configure VLANs on S1
1159S1(config)#vlan 10
1160S1(config-vlan)#name Student
1161S1(config-vlan)#vlan 20
1162S1(config-vlan)#name Faculty-Admin
1163S1(config-vlan)#int f0/1
1164S1(config-if)#switchport mode trunk
1165S1(config-if)#
1166%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
1167%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
1168S1(config-if)#int range f0/5,f0/6
1169S1(config-if-range)#switchport mode access
1170S1(config-if-range)#switchport access vlan 10
1171S1(config-if-range)#exit
1172S1(config)#int vlan 10
1173S1(config-if)#
1174%LINK-5-CHANGED: Interface Vlan10, changed state to up
1175%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
1176S1(config-if)#ip address 192.168.10.11 255.255.255.0
1177S1(config-if)#ip default-gateway 192.168.10.1
1178
1179
1180Step 2: Configure VLANs on S2
1181
1182S2(config-if)#vlan 10
1183S2(config-vlan)#
1184%LINK-5-CHANGED: Interface Vlan10, changed state to up
1185%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
1186S2(config-vlan)#name Student
1187S2(config-vlan)#vlan 20
1188S2(config-vlan)#name Faculty-Admin
1189S2(config-vlan)#int f0/1
1190S2(config-if)#switchport mode trunk
1191S2(config-if)#int range f0/11,f0/18
1192S2(config-if-range)#switchport mode access
1193S2(config-if-range)#switchport access vlan 20
1194S2(config-if-range)#exit
1195S2(config-vlan)#int vlan 10
1196S2(config-if)#ip address 192.168.10.12 255.255.255.0
1197S2(config-ifn)#ip default-gateway 192.168.10.1
1198S2(config)#exit
1199S2#
1200%SYS-5-CONFIG_I: Configured from console by console
1201S2#
1202
1203
1204Part 3: Verify Trunking, VLANs, Routing, and Connectivity
1205Step 1: Verify the R1 routing table.
1206a.	On R1, issue the show ip route command. What routes are listed on R1? The 192.168.10.0/24 and 192.168.20.0/24 networks are listed on R1.
1207 
1208
1209
1210b. On both S1 and S2, issue the show interface trunk command. Is the F0/1 port on both switches set to trunk?__________Yes
1211 
1212
1213c. Issue a show vlan brief command on both S1 and S2. Verify that VLANs 10 and 20 are active and that the proper ports on the switches are in the correct VLANs. Why is F0/1 not listed in any of the active VLANs?
1214It is a trunk port and is not assigned to a VLAN.
1215 
1216
1217d. Ping from PC-A in VLAN 10 to PC-B in VLAN 20. If Inter-VLAN routing is functioning correctly, the pings between the 192.168.10.0 network and the 192.168.20.0 should be successful.
1218
1219 
1220 
1221Reflection
1222What is an advantage of using legacy inter-VLAN routing?
1223Answers may vary. Configuration of both the router and switches is relatively easy and straightforward. No sub interfaces are required on the router and trunking does NOT have to be configured between the router and switch.
1224================================================================================
1225================================================================================
1226================================================================================
1227================================================================================
1228================================================================================
1229EXPERIMENT 7
1230
1231ACTIVITY 6.3.3.7
1232
1233OBJECTIVE: Configuring 802.1Q Trunk-Based Inter-VLAN Routing.
1234
1235TOPOLOGY:
1236 
1237
1238Part 1: Build the Network and Configure Basic Device Settings
1239Step 1: Configure basic settings for each switch
1240
1241ROUTER R1:
1242Router>en
1243Router#config t
1244Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1
1245R1(config)#enable secret cisco
1246R1(config)#service password-encryption
1247R1(config)#no ip domain lookup
1248R1(config)#banner motd #No authorized Access#
1249R1(config-subif)#line con 0
1250R1(config-line)#password cisco
1251R1(config-line)#logging synchronous
1252R1(config-line)#login
1253R1(config-line)#line vty 0 4
1254R1(config-line)#password cisco
1255R1(config-line)#login
1256R1(config-line)#exit
1257R1(config)#exit
1258 
1259SWITCH S1:
1260Switch>en
1261Switch#config t
1262Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S1
1263S1(config)#enable secret cisco
1264S1(config)#service password-encryption
1265S1(config)#no ip domain-lookup
1266S1(config)#line con 0
1267S1(config-line)#password cisco
1268S1(config-line)#logging synchronous
1269S1(config-line)#login
1270S1(config-line)#line vty 0 4
1271S1(config-line)#password cisco
1272S1(config-line)#login
1273S1(config-line)#line vty 5 15
1274S1(config-line)#password cisco
1275S1(config-line)#login
1276S1(config-line)#exit
1277
1278SWITCH S2:
1279Switch>en
1280Switch#config t
1281Switch(config)#hostname S2
1282S2(config)#enable secret cisco
1283S2(config)#no ip domain-lookup
1284S2(config)#line con 0
1285S2(config-line)#password cisco
1286S2(config-line)#logging synchronous
1287S2(config-line)#login
1288S2(config-line)#line vty 0 15
1289S2(config-line)#password cisco
1290S2(config-line)#login
1291S2(config-line)#exit
1292 
1293Part 2: Configure Switches with VLANs and Trunking
1294
1295SWITCH S1:
1296
1297S1(config)#interface Vlan1
1298S1(config-if)#ip address 192.168.1.11 255.255.255.0
1299S1(config-if)#no shutdown
1300S1(config-if)#exit
1301S1(config)#ip default-gateway 192.168.1.1
1302S1(config)#interface range fastethernet 0/2-4, f0/7-24, g0/1-2 S1(config-if-range)#shutdown
1303S1(config-if)#interface FastEthernet0/6
1304S1(config-if)#switchport access vlan 10
1305S1(config-if)#switchport mode access
1306S1(config-if)#vlan 10
1307S1(config-vlan)#name students
1308S1(config-vlan)#vlan 20
1309S1(config-vlan)#name faculty
1310S1(config-vlan)#exit
1311S1(config)#interface Vlan1
1312S1(config)#ip default-gateway 192.168.1.1
1313
1314SWITCH S2:
1315
1316S2(config)#interface FastEthernet0/1
1317S2(config-if)#switchport mode trunk
1318S2(config-if)#interface FastEthernet0/18
1319S2(config-if)#switchport access vlan 20
1320% Access VLAN does not exist. Creating vlan 20
1321S2(config-if)#switchport mode access
1322S2(config-if)#vlan 10
1323S2(config-vlan)#name students
1324S2(config-vlan)#vlan 20
1325S2(config-vlan)#name faculty
1326S2(config-vlan)#exit
1327S2(config)#interface Vlan1
1328S2(config-if)#ip address 192.168.1.12 255.255.255.0
1329S2(config-if)#ip default-gateway 192.168.1.1
1330 
1331Part 3: Configure Trunk-Based Inter-VLAN Routing
1332
1333SWITCH S1:
1334
1335S1(config)#interface FastEthernet0/1
1336S1(config-if)#switchport mode trunk
1337S1(config-if)#interface FastEthernet0/5
1338S1(config-if)#switchport mode trunk
1339
1340SWITCH S2:
1341
1342S2(config)#interface FastEthernet0/1 S2(config-if)#switchport mode trunk S2(config-if)#interface FastEthernet0/18 S2(config-if)#switchport access vlan 20
1343% Access VLAN does not exist. Creating vlan 20 S2(config-if)#switchport mode access
1344
1345ROUTER R1:
1346
1347R1(config)#interface g0/1
1348R1(config-if)#no shutdown
1349================================================================================
1350================================================================================
1351================================================================================
1352================================================================================
1353================================================================================
1354EXPERIMENT 8
1355
1356ACTIVITY 7.2.2.6
1357
1358OBJECTIVE: Configuring and Modifying Standard IPv4 ACLs
1359  
1360Part 1: Set Up the Topology and Initialize Devices
1361Part 2: Configure Devices and Verify Connectivity
1362Part 3: Configure and Verify Standard Numbered and Named ACLs
1363Part 4: Modify a Standard ACL
1364 
1365R1:
1366Router>en
1367Router#config t
1368Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain lookup
1369Router(config)#hostname R1
1370R1(config)#service password-encryption
1371R1(config)#enable secret cisco
1372R1(config)#banner motd #Authorised access#
1373R1(config)#line console 0
1374R1(config-line)#password cisco
1375R1(config-line)#login
1376R1(config-line)#logging synchronous
1377R1(config-line)#line vty 0 15
1378R1(config-line)#password cisco
1379R1(config-line)#login
1380R1(config-line)#exit
1381R1(config)#interface g0/1
1382R1(config-if)#ip address 1ip address 192.168.10.1 255.255.255.0 R1(config-if)#ip access-group BRANCH-OFFICE-POLICY out
1383R1(config-if)#no shutdown
1384R1(config)#interface s0/0/0
1385R1(config-if)#ip address 10.1.1.1 255.255.255.252
1386R1(config-if)#no shutdown
1387R1(config-if)#exit
1388R1(config)#interface lo0
1389R1(config-if)#ip address 192.168.20.1 255.255.255.0
1390R1(config-if)#exit
1391R1(config)#router rip
1392R1(config-router)#version 2
1393R1(config-router)#network 192.168.10.0
1394R1(config-router)#network 192.168.20.0
1395R1(config-router)#network 10.1.1.0
1396R1(config-router)#exit
1397R1(config)#ip access-list standard BRANCH-OFFICE-POLICY
1398R1(config-std-nacl)#permit host 192.168.30.3
1399R1(config-std-nacl)#permit 192.168.40.0 0.0.0.255
1400R1(config-std-nacl)#end
1401R1#copy running-config startup-config
1402
1403
1404ISP:
1405Router>en
1406Router#config t
1407Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain lookup
1408Router(config)#enable secret password
1409Router(config)#enable secret cisco
1410Router(config)#service password-encryption
1411Router(config)#line con 0
1412Router(config-line)#password cisco
1413Router(config-line)#login
1414Router(config-line)#logging synchronous
1415Router(config-line)#exit
1416Router(config)#line vty 0 15
1417Router(config-line)#password cisco
1418Router(config-line)#login
1419Router(config-line)#exit
1420Router(config)#interface s0/0/0
1421Router(config-if)#ip address 10.1.1.2 255.255.255.252
1422Router(config-if)#no shut
1423Router(config-if)#interface s0/0/1
1424Router(config-if)#ip address 10.2.2.2 255.255.255.252
1425Router(config-if)#no shut
1426Router(config-if)#interface lo0
1427Router(config-if)#ip address 209.165.200.225 255.255.255.224 Router(config-if)#no shut
1428Router(config-if)#exit
1429Router(config)#router rip
1430Router(config-router)#version 2
1431Router(config-router)# network 209.165.200.224
1432Router(config-router)# network 10.1.1.0
1433Router(config-router)# network 10.2.2.0 Router(config-router)#exit
1434
1435
1436R3:
1437Router>en
1438Router#config t
1439Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain lookup
1440Router(config)#hostname R3
1441R3(config)#service password-encryption
1442R3(config)#enable secret cisco
1443R3(config)#banner motd #Authorised access#
1444R3(config)#line con 0
1445R3(config-line)#password cisco
1446R3(config-line)#login
1447R3(config-line)#logging synchronous
1448R3(config-line)#line vty 0 15
1449R3(config-line)#password cisco
1450R3(config-line)#login
1451R3(config-line)#exit
1452R3(config)#interface g0/1
1453R3(config-if)#ip address 192.168.30.1 255.255.255.0
1454R3(config-if)#no shut
1455R3(config-if)#interface s0/0/1
1456R3(config-if)#ip address 10.2.2.1 255.255.255.252
1457R3(config-if)#no shut
1458R3(config-if)#interface lo0
1459R3(config-if)#ip address 192.168.40.1 255.255.255.0
1460R3(config-if)#no shut
1461R3(config-if)#exit
1462R3(config)#router rip
1463R3(config-router)#version 2
1464R3(config-router)#network 192.168.30.0
1465R3(config-router)#network 192.168.40.0
1466R3(config-router)#network 10.2.2.0
1467R3(config-router)#exit
1468R3(config)#access-list 1 remark Allow R1 LANs Access R3(config)#access-list 1 permit 192.168.10.0 0.0.0.255
1469R3(config)#access-list 1 permit 192.168.20.0 0.0.0.255 R3(config)#access-list 1 deny any
1470R3(config)#interface g0/1
1471R3(config-if)#ip access-group 1 out
1472R3(config-if)#end
1473 
1474S1:
1475Switch>en
1476Switch#config terminal
1477Switch(config)#no ip domain-lookup
1478Switch(config)#service password-encryption
1479Switch(config)#enable secret class
1480Switch(config)#banner motd # Unauthorized access is strictly prohibited. #
1481Switch(config)#Line con 0
1482Switch(config-line)#password cisco
1483Switch(config-line)#login
1484Switch(config-line)#logging synchronous
1485Switch(config-line)#line vty 0 15
1486Switch(config-line)#password cisco
1487Switch(config-line)#login
1488Switch(config-line)#exit
1489S1(config)#interface vlan1
1490S1(config-if)#ip address 192.168.10.11 255.255.255.0
1491S1(config-if)#ip default-gateway 192.168.10.1
1492S1#copy running-config startup-config
1493
1494
1495S3:
1496Switch>enable
1497Switch#configure terminal
1498Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S3
1499S3(config)#enable secret cisco
1500S3(config)#service password-encryption
1501S3(config)#no ip domain lookup
1502S3(config)#banner motd #Authorised access#
1503S3(config)#line con 0
1504S3(config-line)#password cisco
1505S3(config-line)#login
1506S3(config-line)#logging synchronous
1507S3(config-line)#line vty 0 15
1508S3(config-line)#password cisco
1509S3(config-line)#login
1510S3(config-line)#exit
1511S3(config)#interface vlan1
1512S3(config-if)#ip address 192.168.30.11 255.255.255.0
1513S3(config-if)#ip default-gateway 192.168.30.1
1514S3(config)#exit
1515S3#copy running-config startup-config