Lab 3.1.4 Applying Basic Switch Security
Step 1: Connect PC1 to the switch
Step 2: Connect PC2 to the switch
Step 3: Configure PC3 but do not connect
Step 4: Perform an initial configuration on the switch
a. Configure the hostname of the switch as Switch1
b. Set the privileged EXEC mode password to cisco.
c. Set the privileged EXEC mode secret password to class.
d. Configure the console and virtual terminal lines to use a password and require it at login.
e. Exit from the console session and log in again.
Which password was required to enter privileged EXEC mode?
Why?
Step 5: Configure the switch management interface on VLAN 1
a. Enter the interface configuration mode for VLAN 1.
b. Set the IP address, subnet mask, and default gateway for the management interface.
Why does interface VLAN 1 require an IP address in this LAN?
What is the purpose of the default gateway?
Step 6: Verify the management LANs settings
a. Verify that the IP address of the management interface on the switch VLAN 1 and the IP address of PC1 and PC2 are on the same local network. Use theshow running-config command to check the IP address configuration of the switch.
b. Verify the interface settings on VLAN 1.
What is the bandwidth on this interface?
What are the VLAN states?
VLAN 1 is __________ and line protocol is __________.
Step 7: Disable the switch from being an http server
Step 8: Verify connectivity
a. To verify that hosts and switch are correctly configured, ping the switch IP address from the hosts. Were the pings successful?
If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the host and switch configurations.
b. Save the configuration.
Step 9: Record the host MAC addresses
Determine and record the Layer 2 addresses of the PC network interface cards. From the command prompt of each PC, enter ipconfig /all.
PC1 __________________________________________________
PC2 __________________________________________________
PC3 __________________________________________________
Step 10: Determine what MAC addresses the switch has learned
Determine what MAC addresses the switch has learned by using the show mac-address-table command at the privileged EXEC mode prompt.
How many dynamic addresses are there?
How many total MAC addresses are there?
Do the MAC addresses match the host MAC addresses?
Step 11: View the show mac-address-table options
View the options that the show mac-address-table command has available.
Switch1(config)#show mac-address-table ?
What options are available?
Step 12: Set up a static MAC address
Step 13: Verify the results
a. Verify the MAC address table entries.
Switch1#show mac-address-table
How many dynamic MAC addresses are there now?
How many static MAC addresses are there now?
b. Remove the static entry from the MAC Address Table.
Step 14: List port security options
a. Determine the options for setting port security on interface FastEthernet 0/4.
What are some available options?
b. To allow the switch port FastEthernet 0/4 to accept only one device, configure port security.
c. Exit configuration mode and check the port security settings.
If a host other than PC2 attempts to connect to Fa0/4, what will happen?
Step 15: Limit the number of hosts per port
a. On interface FastEthernet 0/4, set the port security maximum MAC count to 1.
b. Disconnect the PC attached to FastEthernet 0/4. Connect PC3 to FastEthernet 0/4. PC3 has been given the IP address of 192.168.1.5 and has not yet been attached to the switch. It may be necessary to ping the switch address 192.168.1.2 to generate some traffic. Record any observations. _____________________________________
Step 16: Configure the port to shut down if there is a security violation
a. In the event of a security violation, the interface should be shut down. To make the port security shut down, enter the following command: Switch1(config-if)#switchport port-security violation shutdown
What other action options are available with port security?
b. If necessary, ping the switch address 192.168.1.2 from the PC3 192.168.1.5. This PC is now connected to interface FastEthernet 0/4. This ensures that there is traffic from the PC to the switch.
c. Record any observations. _____________________________________________________________________________
d. Check the port security settings
Step 17: Show port 0/4 configuration information
FastEthernet0/4 is __________ and line protocol is __________.
Step 18: Reactivate the port
Step 19: Disable unused ports
Step 20: Reflection
a. Why would port security be enabled on a switch?
b. Why should unused ports on a switch be disabled?
Lab 3.2.3 Building a Switched Network with Redundant Links
Step 1: Cable the network
a. Connect Host 1 to Switch 1 Fast Ethernet port Fa0/7, using a straight-through Ethernet cable.
b. Connect Host 2 to Switch 2 Fast Ethernet port Fa0/8, using a straight-through Ethernet cable.
c. Connect Switch 1 Fast Ethernet port Fa0/1 to Switch 2 Fast Ethernet port Fa0/1, using a crossover Ethernet cable.
d. Create a redundant link between the switches by connecting Switch 1 Fast Ethernet port Fa0/4 to Switch 2 Fast Ethernet port Fa0/4, using a crossover Ethernet cable. What typically undesirable traffic pattern have you created by using the two crossover cables between the two switches?
Predict: What do you think the switches will do to keep this from becoming a problem?
Step 2: Configure the switches
Step 3: Configure the hosts
a. Configure each host to use an IP address in the same network as the switches.
b. Configure each host to use the same subnet mask as the switches. Why is no default gateway specified for this network?
Step 4: Verify connectivity
a. To verify that the network is set up successfully, ping from Host 1 to Host 2. Was the ping successful?
b. If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. If the ping is not successful, what utility could you use to determine where the connection is failing?
Step 5: Examine interface VLAN 1 information
a. From the terminal emulation session on either switch, enter the command show interface vlan1 ? at the privileged EXEC mode prompt.
SwitchA#show interface vlan1 ?
List some of the options that are available
b. On SwitchA, enter the command show interface vlan1 at the privileged EXEC mode prompt. SwitchA#show interface vlan1
What is the MAC address of the switch?
What other term for MAC address is used?
c. On SwitchB, enter the command show interface vlan1 at the privileged EXEC mode prompt. What is the MAC address of the switch?
Which switch should be the root of the spanning tree for this network?
Step 6: Examine the spanning-tree tables on each switch
a. On SwitchA, enter the command show spanning-tree at the privileged EXEC mode prompt.
b. On SwitchB, enter the command show spanning-tree at the privileged EXEC mode prompt.
c. Examine the outputs and answer the following questions:
Which switch is the root bridge?
What is the priority of the root bridge?
What is the bridge ID of the root bridge?
Which ports are forwarding on the root bridge?
Which ports are blocking on the root bridge?
What is the priority of the non-root bridge?
What is the bridge ID of the non-root bridge?
Which ports are forwarding on the non-root bridge?
Which ports are blocking on the non-root bridge?
d. Examine the link lights on both switches.
Can you tell which port is in blocking state?
Why is there no change in the link lights?
Step 7: Reassign the root bridge
What would you do if you wanted a different switch to be the root bridge for this network?
Why might you want to do this?
For the purposes of this lab, assume that the switch that is currently the root bridge is undesirable. The example assumes that SwitchB is preferred as the root switch. To “force” SwitchB to become the new root bridge, you need to configure a new priority for it.
a. Go to the console and enter configuration mode on SwitchB.
b. Determine the options that can be configured for the Spanning Tree Protocol by issuing this command: SwitchB(config)#spanning-tree ?
c. List the options that are available: _____________________
d. Set the priority of the switch to 4096.
SwitchB(config)#spanning-tree vlan 1 priority 4096
SwitchB(config)#exit
Step 8: Look at the spanning-tree table
a. On SwitchA, enter show spanning-tree at the privileged EXEC mode prompt.
b. On SwitchB, enter show spanning-tree at the privileged EXEC mode prompt.
c. Examine the outputs and answer the following questions:
Which switch is the root bridge?
What is the priority of the root bridge?
What is the bridge ID of the root bridge?
Which ports are forwarding on the root bridge?
Which ports are blocking on the root bridge?
What is the priority of the non-root bridge?
What is the bridge ID of the non-root bridge?
Which ports are forwarding on the non-root bridge?
Which ports are blocking on the non-root bridge?
Step 9: Verify the running configuration file on the root bridge
a. On the switch that was changed to be the root bridge, enter the show running-config command at the privileged EXEC mode prompt.
b. Locate the spanning-tree priority information for this switch.
c. How can you tell from the information given that this switch is the root bridge?
Step 10: Reflection
Suppose that you are adding new switches to a company’s network. Why should you plan the physical design carefully? Why should you be prepared to make adjustments to factory default settings?
Lab 3.2.4 Verifying STP with Show Commands
Step 1: Cable the network
What is the advantage of providing redundant links in a network like this one?
Step 2: Configure the switches
Step 3: Configure the hosts
Step 4: Verify connectivity
To verify that the network is set up successfully, ping from Host 1 to Host 2.
Was the ping successful?
Step 5: Examine interface VLAN 1 information
a. On SwitchA, enter the command show interface vlan1 at the privileged EXEC mode prompt. What is the MAC address of SwitchA?
b. On SwitchB, enter the command show interface vlan1 at the privileged EXEC mode prompt. What is the MAC address of SwitchB?
Which switch should be the root of the spanning tree for this network?
Step 6: Determine the roles of ports participating in the spanning tree on each switch
On SwitchB, enter the command show spanning-tree at the privileged EXEC mode prompt. Which switch is the root bridge?
The spanning tree is using three ports on each switch. Complete this chart indicating the port state and role for each port.
Step 7: Create a change in the network topology
a. Remove the crossover cable from the forwarding port on the non-root bridge.
b. Wait a few seconds, and then enter the show spanning-tree command again on the non-root bridge. What changes do you see in the spanning tree?
c. Check the spanning tree on the root bridge.
What changes have occurred there?
d. Continue to check the spanning tree on both switches until a new tree has been calculated and all ports are either forwarding or blocking. How long does it take for this to happen?
e. Replace the cable that was removed in Step 7a.
f. Wait again until both switches have recalculated their tables. How much time has passed since you first removed the crossover cable?
What effect did these topology changes have on network uptime?
Step 8: Examine the spanning tree on each switch
a. On each switch, enter the command show spanning-tree detail.
b. Examine the information for port Fa0/1. The output shows the interface, role, and state for each switch. It also provides details about port activity and characteristics.
How might the following information help you to verify the status of the network and troubleshoot network problems?
1) Number of transitions to forwarding state:
2) Number of BPDUs that have been sent and received:
c. On each switch, enter the following commands. Determine the type of information that each command provides:
show spanning-tree bridge
jawab:
show spanning-tree summary
jawab:
Step 9: Reflection
Your networking team is deciding whether to disable Spanning Tree Protocol on the switches in your corporate network. Explain how you would feel about this decision. What are the advantages and disadvantages? How would this decision affect your network design?
Lab 3.3.2 Configuring, Verifying, and Troubleshooting VLANs
Step 1: Connect the equipment
Step 2: Perform basic configuration on the router
Step 3: Configure Switch 1
Step 4: Verify connectivity and default VLAN configuration
Are all switch ports assigned to VLAN 1?
Step 5: Configure VLANs on S1
Do the new VLANs appear in the output?
What interfaces belong to the new VLANs?
Which interfaces now belong to VLAN 1?
Which interfaces belong to VLAN 20?
Which interfaces belong to VLAN 30?
Other commands can be used to show different amounts of information or specific pieces of information. Enter the following commands on S1 and observe the output: S1#show vlan brief
Is all of the basic VLAN membership information shown?
S1#show vlan id 30
What information is shown?
S1#show vlan name fred
What information is shown?
Step 6: Verify VLAN segmentation
a. Ping from Host 1b to R1. Were the pings successful?
b. Ping from Host 1b to Host 1a.
Were the pings successful?
c. Ping from Host 1b to R1.
Were the pings successful?
Why were some pings successful and others not?
How could Host 1b communicate with Host 1a in different VLAN?
Step 7: Change and delete VLAN configurations
a. Reassign S1 port Fa0/3 to VLAN 20.
Does the output reflect the VLAN membership change?
b. Remove VLAN 30.
Which two commands would be used to delete all VLAN configuration and return to the default configuration?
Step 8: Reflection
a. Why would VLANs be configured in a network?
b. What must be set up to communicate between VLANS?
c. With no configuration, what VLAN are all ports a member of?
Lab 3.4.1 Creating VLANs and Assigning Ports
Step 1: Connect the equipment
Step 2: Perform basic PC configuration
Step 3: Configure Switch 1
Are all other switch ports in VLAN 1?
Which switch ports are in VLAN 10?
Which switch ports are in VLAN 20?
Issue the command show vlan.
What difference is noticed between the two commands show vlan brief and show vlan?
Step 4: Verify connectivity
a. Ping from each PC to Switch1 address of 172.16.1.2. Are PC1 pings successful?
Are PC2 pings successful?
Are PC3 pings successful?
b. Ping from PC1 to PC2 and PC3.
Can PC1 ping PC2?
Can PC1 ping PC3?
Step 5: Reflection
a. Why can PC1 ping Switch1 when PC2 and PC3 cannot?
b. The PCs cannot ping each other. Why?
Lab 3.4.2 Configuring a Trunk Port to Connect Switches
Step 1: Connect the equipment
Step 2: Perform basic configuration of Switch 1 and Switch 2
Step 3: Configure host PCs
Step 4: Verify default VLAN configuration and connectivity
Is every switch port assigned to a VLAN?
Which VLAN do the ports appear in?
Should any host or switch be able to ping any other host or switch at this time?
Verify this by pinging from Host 1a to all the other hosts and switches.
Are all the pings successful?
Step 5: Create and verify VLAN configuration
Test connectivity between devices.
1) Ping from S1 to S2.
Are the pings successful?
To what VLAN do the management interfaces of S1 and S2 belong?
2) Ping from Host 1a to Host 2.
Are the pings successful?
To what VLAN do Hosts 1a and 2 belong?
To what VLAN do the Fa0/1 interfaces of the switches belong?
If Hosts 1a and 2 belong to the same VLAN, why can’t they ping each other?
3) Ping from host 1a to S1.
Are the pings successful?
Why can’t Host 1a ping S1?
Step 6: Configure and verify trunking
Do the trunk interfaces appear in the output?
What VLAN is set as the native VLAN?
What VLANs are allowed to communicate over the trunk?
View the VLAN configuration on both switches with the show vlan command.S1#show vlan
S2#show vlan
Do the S1 and S2 Fa0/1 interfaces appear in a VLAN? Why or why not?
Retest the connectivity between devices.
1) Ping from S1 to S2.
Are the pings successful?
2) Ping from Host 1a to Host 2.
Are the pings successful?
3) Ping from Host 1b to Host 2.
Are the pings successful?
4) Ping from Host 1a to S1.
Are the pings successful?
The ping test should show that devices that belong to the same VLAN can now communicate with each other across switches, but devices in different VLANs cannot communicate with each other.
What would have to be configured to allow devices in different VLANs to communicate with each other?
Step 7: Observe the default trunking behavior of switches
Are Fa0/1 on S1 and S2 in trunking mode?
What trunking mode did they default to?
What trunking encapsulation did they default to?
Step 8: Reflection
a. Why would trunking be configured in a network?
b. Does trunking allow for communication between VLANS?
c. With no configuration, from which VLAN are frames forwarded across the trunk without VLAN tagging added?
Lab 3.4.3 Part A: Configuring Inter-VLAN Routing
Step 1: Connect the equipment
Step 2: Perform basic configurations on the router
Step 3: Configure Fast Ethernet connections for each VLAN on the router
Step 4: Configure Switch 1
Step 5: Configure Switch 2
Step 6: Configure Switch 3
Step 7: Configure Host 1
Step 8: Configure Host 2
Step 9: Configure Host 3
Step 10: Configure the server
Step 11: Verify connectivity
The router should be able to ping the interfaces of the other devices.
a. From the router, issue a ping to Host 1.
Is the ping successful?
b. From the router, issue a ping to Host 2.
Is the ping successful?
c. From the router, issue a ping to Host 3.
Is the ping successful?
d. From the router, issue a ping to the server.
Is the ping successful?
Host 1 should be able to ping all other devices.
a. From Host 1, ping Host 2.
Is the ping successful?
b. From Host 1, ping the server.
Is the ping successful?
Why can Host 1 ping the server?
c. From the server, ping Host 1.
Is the ping successful?
d. From Switch 3, issue the command show spanning-tree.
Which ports are being used on Switch 3?
What is the role of each of these ports?
Which switch is acting as the root?
What is the protocol that allows VLANs to communicate without switching loops?
Step 12: Reflection
a. Why does this topology not scale well?
b. Why would a VLAN benefit from trunking?
c. Which device provides connectivity between different VLANs?
Lab 3.4.3 Part B: Configuring Inter-VLAN Routing
Step 1: Connect the equipment
Step 2: Perform basic configurations on the router
Step 3: Configure VLAN trunking on the router
Step 4: .Configure Switch 1
Are all other switch ports in VLAN 1?
Which switch ports are in VLAN 10?
Which switch ports are in VLAN 20?
Issue the command show vlan.
What difference is noticed between the two commands show vlan brief and show vlan?
Step 5: Configure VLAN trunking on Switch 1
Which interfaces on Switch 1 are in trunk mode?
Which VLANs are allowed and active in the management domain?
Step 6: Configure VTP on Switch 1
Step 7: Configure Switch 2
Step 8: Configure VLAN trunking on Switch 2
Step 9: Configure VTP on Switch 2
Switch2(config)#vtp mode client
From Switch 2, verify that all VLANs have been propagated across the domain by issuing the command show vtp status.
What is the VTP version used on Switch 2?
What is the maximum VLANs supported locally?
What VTP operating mode is used on Switch 2?
What is the VTP domain name?
How did Switch 2 learn the domain name and VLAN information?
Step 10: Verify connectivity
The router and switches should be able to ping the interfaces of the other devices.
a. From each device, issue a ping to all interfaces.
Are the router pings successful?
b. From Switch 1, ping to all other devices.
Are Switch 1 pings successful?
From Switch 2, ping to all other devices.
Are Switch 2 pings successful? __________ If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the router and switch configurations.
Step 11: Reflection
a. Why would VLANs be configured in a network?
b. Why would a VLAN benefit from trunking?
c. Why should VTP be used?
d. Which device provides connectivity between different VLANs?
e. What are some benefits of VLANs?
CCNA3 Lab 4.2.3.2
Lab 4.2.3.2 Designing and Applying an IP Addressing Scheme
Step 1: Cable the network
a. Connect Host1 to Switch1 port Fa0/2, using a straight-through Ethernet cable.
b. Connect Host2 to Switch2 port Fa0/2, using a straight-through Ethernet cable.
c. Connect Switch1 port Fa0/1 to Router1 port Fa0/0, using a straight-through Ethernet cable.
d. Connect Switch2 port Fa0/1 to Router1 port Fa0/1, using a straight-through Ethernet cable.
Step 2: Configure the router
a. Establish a terminal emulation session from either host to Router1.
b. Configure the router hostname, passwords, interface IP addresses, and subnet mask. Also configure RIP as the routing protocol.
c. Save the configuration
Step 3: Configure the switches
a. Establish a terminal emulation session to Switch1 from Host1.
b. Configure the switch hostname, passwords, interface VLAN 1 IP address, subnet mask, and default gateway on Switch1.
c. Save the configuration
d. Establish a terminal emulation session to Switch2 from Host2.
e. Configure the switch hostname, passwords, interface VLAN 1 IP address, subnet mask, and default gateway on Switch2.
f. Save the configuration
Step 4: Configure the hosts
a. Configure Host1 using the IP address, subnet mask, and default gateway from the table.
b. Configure Host2 using the IP address, subnet mask, and default gateway from the table.
Step 5: Verify connectivity
To verify that the network is set up successfully, ping from Host 1 to Host 2.
Was the ping successful? Ya berhasil
To verify that the network is set up successfully, ping from Host 2 to Host 1.
Was the ping successful? Ya berhasil
If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated.
Step 6: Reflection
Subnetting allows the addresses in a network range to be split into smaller groups. This lab split the total number of addresses, 256, into smaller groups of equal size.
How many address are in each subnet? 32 alamat
How many total subnets were created? 8 subnet
The subnet mask is 255.255.255.224. How many host bits were “borrowed” for subnetting?
What is the total number of network and subnet bits in each address?
Host bit yang dipinjam adalah: 3
225.255.255.224/27
11111111. 11111111.11111111.11111111.11100000Total number network adalah dan bits subnet :
nnnnnnnn. nnnnnnnn. nnnnnnnn. nnnhhhhh
n = network
h = host
n = network
n = 27 network
25-2= 32-2 = 30 host
23= 8 subnet
Jumlah subnet bits = 19
Tidak ada komentar:
Posting Komentar