Practica eSwitching

ESwitching Basic Switching/Wireless PT Practice SBA

A few things to keep in mind while completing this activity:

1. Do not use the browser Back button or close or reload any exam windows during the exam.

2. Do not close Packet Tracer when you are done. It will close automatically.

3. Click the Submit Assessment button to submit your work.

Introduction

In this practice Packet Tracer Skills Exam, you will:

configure VLANs using VTP

configure inter-VLAN routing

modify STP

configure port security

add a wireless LAN

Addressing Table

Device Interface Address Subnet Mask Default Gateway

Router1

Fa0/0.10 172.16.10.1 255.255.255.0 n/a

Fa0/0.20 172.16.20.1 255.255.255.0 n/a

Fa0/0.43 172.16.43.1 255.255.255.0 n/a

Fa0/0.67 172.16.67.1 255.255.255.0 n/a

WRS Internet 172.16.67.10 255.255.255.0 172.16.67.1

Wireless 172.16.100.1 255.255.255.0 n/a

SW_DS1 VLAN 43 172.16.43.11 255.255.255.0 172.16.43.1

SW_AC2 VLAN 43 172.16.43.12 255.255.255.0 172.16.43.1

SW_AC3 VLAN 43 172.16.43.13 255.255.255.0 172.16.43.1

PC1 NIC 172.16.10.10 255.255.255.0 172.16.10.1

PC2 NIC 172.16.20.10 255.255.255.0 172.16.20.1

PC3 NIC 172.16.10.11 255.255.255.0 172.16.10.1

PC4 NIC DHCP assigned 255.255.255.0 172.16.100.1

Note: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.

Step 1: Configure the Switches for Remote Access.

Create, enable, and address VLAN43 as the management interface on all three switches. Use the values found in the addressing table.

SW_DS1(conf)#interface vlan 43 SW_DS1(conf-if)# ip address 172.16.43.11 255.255.255.0 SW_DS1(conf-if)#no shutdown

SW_AC2(conf)#interface vlan 43 SW_AC2(conf-if)# ip address 172.16.43.12 255.255.255.0 SW_AC2(conf-if)#no shutdown

SW_AC3(conf)#interface vlan 43 SW_AC3(conf-if)# ip address 172.16.43.13 255.255.255.0 SW_AC3(conf-if)#no shutdown

Ademas añadiremos en la configuración global la puerta de enlace con el siguiente comando:

(conf)# ip default-gateway 172.16.43.1

Step 2: Configure Trunking.

Note: Packet Tracer now supports the use of the range argument for the interface command.

For interfaces FastEthernet 0/19 through FastEthernet 0/24 on all three switches:

Configure static trunking.

Assign VLAN 43 as the native VLAN.

Para configurar el trunking, tendremos que introducir estos comandos en los tres switches: (conf)#interface range fa0/19-24 (conf-if range)#switchport mode trunk (conf-if range)#switchport trunk native vlan 43 (conf-if range)#no shutdown (conf-if range)#end Step 3: Configure VTP and VLANs.

a. Configure SW_DS1 as VTP server and the following VTP parameters:

· SW_DS1 is the VTP server.

· VTP domain name: CCNA

· VTP password: cisco

SW_DS1(conf)#vtp mode server SW_DS1(conf-if)#vtp domain CCNA SW_DS1(conf-if)#vtp password cisco SW_DS1(conf-if)#end

b. Create and name the following VLANs on SW_DS1.

· VLAN 10: Student

· VLAN 20: Faculty

· VLAN 43: Management

· VLAN 67: Wireless

SW_DS1# conf t SW_DS1(conf)# vlan 10 SW_DS1(conf-vlan)# name Student SW_DS1(conf-vlan)#end SW_DS1# conf t SW_DS1(conf)# vlan 20 SW_DS1(conf-vlan)# name Faculty SW_DS1(conf-vlan)#end

SW_DS1# conf t SW_DS1(conf)# vlan 43 SW_DS1(conf-vlan)# name Management SW_DS1(conf-vlan)#end SW_DS1# conf t SW_DS1(conf)# vlan 67 SW_DS1(conf-vlan)# name Wireless SW_DS1(conf-vlan)#end

c. Configure SW_AC2 and SW_AC3 as VTP clients to participate in the CCNA VTP domain.

En este paso tendremos que poner los dos switches restantes, de la siguiente manera:

(conf)#vtp mode client (conf-if)#vtp domain CCNA (conf-if)#vtp password cisco (conf-if)#end

d. Verify that VTP is operational.

sh vtp status

Step 4: Configure Interfaces for VLAN Access

VLAN port assignments on each switch are as follows:

Device Ports Assignment

SW_AC2, SW_AC3 Fa0/1 – 0/10 10

SW_AC2, SW_AC3 Fa0/11 – 0/17 20

SW_AC3 Fa0/18 67

a. Configure access ports on access layer switches.

· Configure the appropriate interfaces on SW_AC2 and SW_AC3 for access mode.

· Assign VLANs according to the port assignments table.

Tendremos que introducir los siguientes comandos en los switches: (conf)# interface range fa0/1-10 (conf-if-range)# switchport mode access (conf-if-range)# switchport access vlan 10 (conf-if-range)# end (conf)# interface range fa0/11-17 (conf-if-range)# switchport mode access (conf-if-range)# switchport access vlan 20 (conf-if-range)# end Y este comando solo para el switch SW_AC3: (conf)# interface FA0/18 (conf-if-range)# switchport mode access (conf-if-range)# switchport access vlan 67 (conf-if-range)# end

b. Verify trunking and VLAN assignments.

Step 5: Configure Spanning Tree.

a. Modify STP root bridge elections.

· Using a priority of 4096, set SW_DS1 as the root bridge for all VLANs.

SW_DS1# conf t SW_DS1(conf)#spanning-tree vlan 10 priority 4096 SW_DS1(conf)#spanning-tree vlan 20 priority 4096 SW_DS1(conf)#spanning-tree vlan 43 priority 4096 SW_DS1(conf)#spanning-tree vlan 67 priority 4096

· Using a priority of 8192, set SW_AC2 so that it will become the root for all VLANs if SW_DS1 fails.

SW_DS2# conf t SW_DS2(conf)#spanning-tree vlan 10 priority 8192 SW_DS2(conf)#spanning-tree vlan 20 priority 8192 SW_DS2(conf)#spanning-tree vlan 43 priority 8192 SW_DS2(conf)#spanning-tree vlan 67 priority 8192

b. Verify the spanning tree election.

Step 6: Configure Inter-VLAN Routing.

Use the information in the Addressing Table to configure Router1 for inter-VLAN routing. Be sure to designate the native VLAN.

Verify inter-VLAN routing.

Router1(config)#interface fa0/0 Router1(config-if)#no shutdown Router1(config-if)#interface fa0/0.10 Router1(config-if)#encapsulation dot1q 10 Router1(config-if)#ip address 172.16.10.1 255.255.255.0 Router1(config-if)#no shutdown Router1(config-if)#interface fa0/0.20 Router1(config-if)#encapsulation dot1q 20 Router1(config-if)#ip address 172.16.20.1 255.255.255.0 Router1(config-if)#no shutdown Router1(config-if)#interface fa0/0.43 Router1(config-if)#encapsulation dot1q 43 native Router1(config-if)#ip address 172.16.43.1 255.255.255.0 Router1(config-if)#no shutdown Router1(config-if)#interface fa0/0.67 Router1(config-if)#encapsulation dot1q 67 Router1(config-if)#ip address 172.16.67.1 255.255.255.0 Router1(config-if)#no shutdown Step 7: Configure Port Security.

Note: Best practice requires port security on all access ports. However, for this practice exercise you will only configure one port with security.

a. Configure SW_AC3 with port security on FastEthernet 0/2.

· Enable port security.

· No more than two MAC addresses are allowed on the FastEthernet 0/2 port for SW_AC3.

· Once learned, MAC addresses should be automatically added to the running configuration.

· If this policy is violated, the port should be automatically disabled.

b. Verify that port security is implemented.

SW_AC3#conf t SW_AC3(config)#interface fastethernet 0/2 SW_AC3(config-if)#switchport mode access SW_AC3(config-if)#switchport security maximun 2 SW_AC3(config-if)#switchport security mac_address sticky SW_AC3(config-if)#switchport security violation protect Step 8: Configure the Wireless LAN.

Refer to the Addressing Table to configure the wireless LAN.

a. Configure WRS.

· Use static addressing on the Internet interface.

· Set the router IP and subnet mask.

· Use the DHCP Server Settings to configure the router to provide wireless hosts with an IP address.

· The starting IP address in the wireless LAN subnet is 172.16.100.10.

· The maximum number of users is 25.

b. Configure wireless security.

· Set the SSID to WRS_LAN.

· Enable WEP security and use 12345ABCDE as key1.

c. Use cisco123 as the remote management password.

d. Configure PC4 to access the wireless network that is provided by WRS. PC4 uses DHCP to obtain addressing information.

Note: It will not be possible for devices to ping PC4 since PC4 is behind the WRS NAT firewall.

Step 9: Verify Connectivity.

Although these are not scored, the following connectivity tests should be successful.

SW_DS1 can ping Router1.

SW_AC2 can ping Router1.

SW_AC3 can ping Router1.

PC1 can ping PC2.

PC2 can ping PC3.

PC4 can ping PC1.